AETHEX Project - Complete Technical Stack Analysis

Executive Summary

This document provides a comprehensive analysis of the AETHEX project's actual technical stack, comparing it against the development plan and identifying implementation status for all components.

1. FRONTEND STACK (Vercel)

Current Implementation

Framework: Vite + React (Custom architecture)
NOT Next.js - This is a significant difference from the development plan
Build Tool: Vite for fast development and optimized production builds
Hosting: Vercel
UI Builder Integration: Builder.io visual editor
Authentication Client: Custom Supabase client (NOT @supabase/ssr)

Architecture Components

Page Structure

code/client/pages/
├── Auth Pages
│   ├── Login.tsx (Email, GitHub, Google, Roblox, Discord OAuth)
│   ├── Onboarding.tsx (Multi-step creator setup)
│   └── ResetPassword.tsx
│
├── Main Application
│   ├── Dashboard.tsx
│   ├── Profile.tsx
│   └── Admin.tsx (Discord management, role mappings, metrics)
│
├── ARM Pages (6 arms)
│   ├── Labs.tsx (Yellow - Research & Development)
│   ├── GameForge.tsx (Green - Game Development)
│   ├── Corp.tsx (Blue - Enterprise Solutions)
│   ├── Foundation.tsx (Red - Community & Education)
│   ├── DevLink.tsx (Cyan - Roblox Professional Network)
│   └── Nexus.tsx (Purple - Talent Marketplace)
│
├���─ Creator Network
│   ├── creators/CreatorDirectory.tsx (Browse creators by arm)
│   ├── creators/CreatorProfile.tsx (Individual creator page)
│   ├── opportunities/OpportunitiesHub.tsx (Job board)
│   └── opportunities/OpportunityDetail.tsx (Individual opportunity)
│
└── Discord Integration
    ├── DiscordVerify.tsx (Verification code linking)
    ├── DiscordActivity.tsx (Activity page - WIP)
    └── Activity.tsx (Activity dashboard - WIP)

Context Providers

code/client/contexts/
├── AuthContext.tsx (User authentication state)
├── Web3Context.tsx (Metamask/wallet integration)
├── DiscordContext.tsx (Discord bot context)
└── DiscordActivityContext.tsx (Discord Embedded App SDK)

Key Components

code/client/components/
├── Layout.tsx (Main layout with header, navigation, footer)
├── ArmSwitcher.tsx (Arm selector - desktop horizontal, mobile full-screen)
├── ArmSwitcherModal.tsx (Full-screen mobile modal)
│
├── Admin Components
│   ├── AdminDiscordManagement.tsx (Discord role mappings CRUD)
│   ├── AdminDiscordDiagnostic.tsx (Token & configuration diagnostics)
│   └── [Other admin panels]
│
├── Creator Network Components
│   ├── CreatorCard.tsx
│   ├── OpportunityCard.tsx
│   └── ArmFilter.tsx (Sidebar arm filter)
│
└── UI Components (shadcn/ui)
    ├── accordion.tsx
    ├── alert.tsx
    ├── button.tsx
    ├── card.tsx
    ├── dialog.tsx
    └── [40+ other UI primitives]

Authentication Methods Supported

Email/Password (Native Supabase)
GitHub OAuth (Supabase)
Google OAuth (Supabase)
Roblox OAuth (Custom implementation)
Discord OAuth (New - just implemented)
Web3/Ethereum (Metamask signature verification)

Critical Notes on Frontend

✅ Uses custom Supabase client (NOT the new @supabase/ssr package)
⚠️ Does NOT use Next.js App Router or middleware
⚠️ CSP headers need configuration in Vite for Discord Activity
✅ Builder.io visual editor integration working
✅ Mobile-responsive with full-screen modal arm switcher

2. BACKEND STACK (Supabase + Vercel Functions)

Database (PostgreSQL via Supabase)

Core Tables

public.user_profiles
├── id (UUID, PK)
├── email (TEXT)
├── full_name (TEXT)
├── avatar_url (TEXT)
├── experience_level (TEXT)
├── primary_arm (TEXT: labs|gameforge|corp|foundation|devlink|nexus)
├── user_type (TEXT: game_developer|community_member|pro_supporter)
└── [other profile fields]

auth.users (Managed by Supabase Auth)
├── id (UUID)
├── email (TEXT)
├── encrypted_password (BYTEA)
├── email_confirmed_at (TIMESTAMPTZ)
├── last_sign_in_at (TIMESTAMPTZ)
└── [OAuth metadata]

Discord Integration Tables

public.discord_links
├── discord_id (TEXT, PK)
├── user_id (UUID, FK -> user_profiles)
├── primary_arm (TEXT)
├── linked_at (TIMESTAMPTZ)

public.discord_verifications
├── id (UUID, PK)
├── discord_id (TEXT)
├── verification_code (TEXT, unique)
├── expires_at (TIMESTAMPTZ)
├── created_at (TIMESTAMPTZ)

public.discord_role_mappings
├── id (UUID, PK)
├── arm (TEXT: labs|gameforge|corp|foundation|devlink|nexus)
├── user_type (TEXT)
├── discord_role_id (TEXT)
├── discord_role (TEXT)
├── server_id (TEXT, optional)
├── created_at (TIMESTAMPTZ)

public.discord_user_roles
├── id (UUID, PK)
├── discord_id (TEXT)
├── server_id (TEXT)
├── role_id (TEXT)
├── assigned_at (TIMESTAMPTZ)

Creator Network Tables

public.aethex_creators
├── user_id (UUID, FK)
├── bio (TEXT)
├── skills (TEXT[])
├── avatar_url (TEXT)
├── experience_level (TEXT)
├── arm_affiliations (TEXT[])

public.aethex_opportunities
├─�� id (UUID, PK)
├── title (TEXT)
├── description (TEXT)
├── job_type (TEXT)
├── arm_affiliation (TEXT)
├── salary_range (TEXT)
├── posted_by_id (UUID)
├── created_at (TIMESTAMPTZ)

public.aethex_applications
├── id (UUID, PK)
├── creator_id (UUID)
├── opportunity_id (UUID)
├── status (TEXT)
├── cover_letter (TEXT)
├── applied_at (TIMESTAMPTZ)

public.aethex_endorsements
├── user_id (UUID)
├── endorsed_by_id (UUID)
├── skill (TEXT)
├── count (INT)

Web3 Integration

public.web3_nonces
├── wallet_address (TEXT, PK)
├── nonce (TEXT)
├── created_at (TIMESTAMPTZ)
├── used_at (TIMESTAMPTZ)

user_profiles extensions:
├── wallet_address (TEXT)
├── roblox_user_id (TEXT)
├── game_player_ids (JSONB)

Game Integration

public.game_auth_tokens
├── id (UUID, PK)
├── user_id (UUID)
├── game_type (TEXT: unity|unreal|godot|roblox)
├── auth_token (TEXT)
├── created_at (TIMESTAMPTZ)

public.game_sessions
├── id (UUID, PK)
├── user_id (UUID)
├── game_type (TEXT)
├── session_data (JSONB)
└── created_at (TIMESTAMPTZ)

Row Level Security (RLS) Status

Current State: Basic RLS policies implemented

-- Example: Users can see their own profile
CREATE POLICY "User can see their own profile"
  ON public.user_profiles FOR SELECT
  USING (auth.uid() = id);

-- Users can update their own profile
CREATE POLICY "User can update their own profile"
  ON public.user_profiles FOR UPDATE
  USING (auth.uid() = id);

Status: ⚠️ NOT YET OPTIMIZED (Plan recommends performance optimization)

-- Should be optimized to:
CREATE POLICY "User can see their own profile"
  ON public.user_profiles FOR SELECT
  USING ((select auth.uid()) = id);  -- Wrapping in sub-select for performance

API Endpoints (Code in Vercel Functions)

Location: `code/api/` directory

Discord OAuth

code/api/discord/oauth/start.ts - GET endpoint, redirects to Discord
code/api/discord/oauth/callback.ts - GET endpoint, handles OAuth callback

Discord Linking & Verification

code/api/discord/verify-code.ts - POST, verifies 6-digit code from /verify command
code/api/discord/link.ts - POST, links Discord account to user

Discord Management

code/api/discord/role-mappings.ts - GET/POST/PUT/DELETE role mapping CRUD
code/api/discord/sync-roles.ts - POST, assigns Discord roles based on arm + user_type
code/api/discord/admin-register-commands.ts - POST, registers slash commands (requires admin token)
code/api/discord/interactions.ts - POST, handles Discord slash command interactions
code/api/discord/verify.ts - POST, checks if user is linked to Discord

Creator Network

code/api/creators.ts - GET/POST/PUT, manage creator profiles
code/api/opportunities.ts - GET/POST/PUT, manage job opportunities
code/api/applications.ts - GET/POST/PUT/DELETE, manage job applications

Game Integration

code/api/games/game-auth.ts - POST, unified game authentication (Unity/Unreal/Godot/Roblox)
code/api/games/roblox-auth.ts - POST, Roblox-specific authentication
code/api/games/verify-token.ts - POST, verify game session tokens

Other

code/api/user/link-roblox.ts - POST, link Roblox account
code/api/user/link-web3.ts - POST, link Ethereum wallet
code/api/web3/nonce.ts - POST, generate Web3 nonce
code/api/web3/verify.ts - POST, verify Web3 signature

Backend Server (Express.js)

Location: code/server/index.ts

Responsibilities:

Discord slash command handlers (/creators, /opportunities, /nexus)
Discord interactions endpoint (signature verification)
Health check endpoints
Site settings management
Admin functions

Key Features:

ED25519 signature verification for Discord requests
Slash command routing
Admin token validation (DISCORD_ADMIN_REGISTER_TOKEN)
Token diagnostic endpoint (/api/discord/diagnostic)

3. DISCORD BOT STACK (Railway)

Current Deployment

Platform: Railway (PaaS)
Language: Node.js with discord.js v14
Hosting Status: ✅ Successfully deployed and running
Repository: code/discord-bot/ directory

Bot Configuration

// Bot Client Setup (code/discord-bot/bot.js)
{
  token: process.env.DISCORD_BOT_TOKEN,
  intents: [
    GatewayIntentBits.Guilds,
    GatewayIntentBits.GuildMembers,
    GatewayIntentBits.MessageContent,
  ]
}

Implemented Slash Commands

1. `/verify` (Account Linking)

File: code/discord-bot/commands/verify.js
Function: Generates 15-minute verification code
Flow:
1. User runs /verify
2. Bot generates code and stores in discord_verifications table
3. User receives code + link to /profile/link-discord?code=XXX
4. User verifies code on website
5. discord_links record created

2. `/set-realm` (Choose Primary Arm)

File: code/discord-bot/commands/set-realm.js
Function: Dropdown menu to select primary arm
Options: labs, gameforge, corp, foundation, devlink, nexus
Flow:
1. Updates discord_links.primary_arm
2. Triggers role assignment via roleManager.js

3. `/profile` (Show Profile)

File: code/discord-bot/commands/profile.js
Function: Displays linked AeThex profile in Discord
Shows: Username, bio, avatar, primary realm, link to full profile

4. `/unlink` (Disconnect Account)

File: code/discord-bot/commands/unlink.js
Function: Removes Discord link and revokes roles

5. `/verify-role` (Check Assigned Roles)

File: code/discord-bot/commands/verify-role.js
Function: Shows current Discord roles and expected roles from mappings

Supporting Utilities

// code/discord-bot/utils/roleManager.js
{
  assignRoleByArm(discord_id, arm, server_id); // Assign role based on arm
  getUserArm(discord_id); // Get user's primary arm
  syncRolesAcrossGuilds(discord_id); // Sync roles in all servers
}

Dependencies

{
  "discord.js": "^14.13.0",
  "@supabase/supabase-js": "^2.38.0",
  "dotenv": "^16.3.1"
}

Environment Variables

DISCORD_BOT_TOKEN=<bot token>
DISCORD_CLIENT_ID=578971245454950421
DISCORD_PUBLIC_KEY=<public key>
SUPABASE_URL=https://kmdeisowhtsalsekkzqd.supabase.co
SUPABASE_SERVICE_ROLE=<service role key>
NODE_ENV=production
BOT_PORT=3000

Bot Health Check

Endpoint: POST /health
Returns: { status, guilds, commands, uptime, timestamp }
Used by: Frontend /api/discord/bot-health proxy

4. DISCORD INTEGRATION LAYER

User clicks "Continue with Discord" on /login
  ↓
Redirects to /api/discord/oauth/start
  ↓
Redirects to Discord OAuth authorize endpoint
  ↓
User authorizes on Discord
  ↓
Discord redirects to /api/discord/oauth/callback?code=...&state=...
  ↓
Backend exchanges code for access token
  ↓
Fetch Discord user (id, username, email, avatar)
  ↓
Check if discord_id exists in discord_links
  ├─ YES: Use linked user_id
  ├─ NO: Check if email exists in user_profiles
  │   ├─ YES: Link Discord to that email
  │   └─ NO: Create new auth user + profile + link Discord
  ↓
Generate session cookie (sb-access-token, sb-refresh-token)
  ↓
Redirect to /dashboard (or /onboarding if new)

Verification Code Flow (Link Existing Account)

User authenticated, goes to /profile/link-discord
  ↓
Runs /verify in Discord bot
  ↓
Bot generates 6-digit code (15 min expiry)
  ↓
User copies code from Discord
  ↓
Enters code at /profile/link-discord
  ↓
Frontend calls POST /api/discord/verify-code
  ↓
Backend validates code in discord_verifications table
  ↓
Creates/updates discord_links record
  ↓
Shows success message
  ���
Redirects to /profile/settings

Discord Manifest

Location: code/public/discord-manifest.json

{
  "id": "578971245454950421",
  "version": "1",
  "name": "AeThex",
  "description": "AeThex Creator Network & Talent Platform",
  "rpc_origins": ["https://aethex.dev"],
  "interactions": {
    "request_url": "https://aethex.dev/api/discord/interactions"
  }
}

5. PLANNED vs. ACTUAL - KEY DIFFERENCES

Development Plan Says... | Actually Have... | Status

┌───────────��─────────────────────────────────────────────────────┐
│ FRONTEND                                                         │
├─────────────────────────────────────────────────────────────────┤
│ Plan: Next.js App Router + @supabase/ssr                        │
│ Actual: Vite + React + Custom Supabase client                   │
│ Status: ❌ DIFFERENT - Works but not as planned                 │
├─────────────────────────────────────────────────────────────────┤
│ Plan: CSP headers in next.config.js                             │
│ Actual: Not implemented (Vite doesn't use next.config)          │
│ Status: ⚠️ NEEDS FIX - Add to vite.config.ts                    │
├─────────────────────────────────────────────────────────────────┤
│ Plan: Middleware for session refresh                            │
│ Actual: No middleware (not applicable to Vite+React)            │
│ Status: ⚠️ SESSION HANDLING - Handled by useAuth hook           │
├──────────��──────────────────────────────────────────────────────┤
│ Plan: Discord Embedded App SDK integration                      │
│ Actual: Not yet implemented (DiscordActivity.tsx exists)        │
│ Status: ⏳ IN PROGRESS                                          │
├─────���───────────────────────────────────────────��───────────────┤
│ BACKEND                                                         │
├─────────────────────────────────────────────────────────────────┤
│ Plan: PostgreSQL + RLS with optimized policies                  │
│ Actual: PostgreSQL + RLS (NOT optimized)                        │
│ Status: ✅ EXISTS - Can optimize with (select auth.uid())       │
├─────────────────────────────────────────────────────────────────┤
│ Plan: GitHub Actions CI/CD for migrations                       │
│ Actual: Manual supabase migration up                            │
│ Status: ⏳ NOT YET AUTOMATED                                    │
├─────────────────────────────────────────────────────────────────┤
│ BOT                                                             │
├────────────────────────────────���────────────────────────────────┤
│ Plan: discord.js + Railway + direct Supabase                    │
│ Actual: ✅ EXACTLY AS PLANNED                                   │
│ Status: ✅ READY                                                │
├─────────────────────────────────────────────────────────────────┤
│ Plan: 5+ slash commands                                         │
│ Actual: 5 commands (/verify, /set-realm, /profile, /unlink,   │
│        /verify-role)                                            │
│ Status: ✅ COMPLETE                                             │
├─────────────────────────────────────────────────────────────────┤
│ DISCORD INTEGRATION                                             │
├──────────────────────────────────────��──────────────────────────┤
│ Plan: OAuth PKCE flow with callback                             │
│ Actual: ✅ IMPLEMENTED                                          │
│ Status: ✅ WORKING                                              │
├─────────────────────────────────────────────────────────────────┤
│ Plan: Dual auth (Discord SDK + Supabase)                        │
│ Actual: Single auth implemented (OAuth)                         │
│ Status: ⏳ Dual auth needed for Activity                        │
└───────────────────────────────────────────────────────────────���─┘

6. ENVIRONMENT VARIABLES (All Set)

Supabase

VITE_SUPABASE_URL=https://kmdeisowhtsalsekkzqd.supabase.co
VITE_SUPABASE_ANON_KEY=sb_publishable_DfTB6qME8BkTmHNJ3dCBew_t1NLATEq
SUPABASE_SERVICE_ROLE=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
SUPABASE_URL=https://supabase.aethex.tech

Discord OAuth

DISCORD_CLIENT_ID=<from Discord Developer Portal>
DISCORD_CLIENT_SECRET=<REDACTED - from Discord Developer Portal>
DISCORD_BOT_TOKEN=<REDACTED - from Discord Developer Portal Bot section>
DISCORD_PUBLIC_KEY=<REDACTED - from Discord Developer Portal>
DISCORD_ADMIN_REGISTER_TOKEN=<secure random token>

Roblox OAuth

ROBLOX_OAUTH_CLIENT_ID=<from Roblox Developer Console>
ROBLOX_OAUTH_CLIENT_SECRET=<REDACTED - from Roblox Developer Console>
ROBLOX_OAUTH_REDIRECT_URI=https://aethex.dev/roblox-callback

Web3

(No env vars needed - signature verification is client-side)

API Base

VITE_API_BASE=https://aethex.dev

7. WHAT'S PRODUCTION-READY ✅

✅ Supabase backend with 15+ tables and RLS
✅ Vite + React frontend on Vercel
✅ 6 arm pages with full styling
✅ Creator network (creators, opportunities, applications)
✅ Discord OAuth login
✅ Discord account linking (verification code)
✅ Discord bot on Railway (5 slash commands)
✅ Admin panel with Discord role mappings
✅ Mobile responsive (full-screen arm switcher)
✅ Web3/Ethereum wallet linking
✅ Roblox OAuth integration
✅ Game integration APIs (Unity/Unreal/Godot/Roblox)

8. WHAT NEEDS WORK ⏳

CSP Headers for Discord Activity
- Status: ⏳ NEEDS FIX
- Action: Add to vite.config.ts and vercel.json
- Priority: HIGH
Discord Embedded App SDK (Dual Auth)
- Status: ⏳ PARTIALLY DONE
- Action: Implement full dual-auth flow in DiscordActivity.tsx
- Priority: MEDIUM
RLS Policy Optimization
- Status: ✅ WORKS, CAN OPTIMIZE
- Action: Wrap auth.uid() in (select auth.uid()) for performance
- Priority: LOW
GitHub Actions CI/CD
- Status: ⏳ NOT IMPLEMENTED
- Action: Create .github/workflows/deploy-supabase.yml
- Priority: MEDIUM
Mobile Arm Switcher Modal
- Status: ✅ COMPLETED
- Shows full-screen modal on mobile < 768px width
- Back button and Proceed button functional

9. QUICK REFERENCE - FILE LOCATIONS

Frontend:
  code/client/pages/       - All pages
  code/client/contexts/    - Auth, Web3, Discord contexts
  code/client/components/  - All UI components

Backend:
  code/api/                - All API endpoints
  code/server/index.ts     - Express server + Discord handlers

Database:
  code/supabase/migrations/ - All SQL migrations

Discord Bot:
  code/discord-bot/        - All bot code
  code/discord-bot/commands/ - Slash commands

Documentation:
  code/docs/               - All guides and documentation

10. DEPLOYMENT CHECKLIST

Frontend (Vercel)

Environment variables set in Vercel dashboard
CSP headers configured in vercel.json
Branch deployments working
Discord OAuth redirect URI set in Discord portal

Backend (Supabase)

All migrations applied
RLS policies enabled on all tables
Service role key securely stored

Bot (Railway)

Environment variables set
Bot token valid and bot is online
Slash commands registered
Database connection working

Discord Developer Portal

OAuth2 redirect URI: https://aethex.dev/api/discord/oauth/callback
Bot invited to test servers
Slash commands enabled
Activity features enabled (if using Embedded App SDK)

CONCLUSION

The AETHEX project is ~75% production-ready. The core architecture differs from the development plan (Vite+React instead of Next.js), but the implementation is solid and functional. The main work ahead is:

Configuring CSP headers for Discord Activity
Implementing the full Embedded App SDK dual-auth flow
Setting up CI/CD automation
Minor performance optimizations to RLS policies

All critical functionality (auth, Discord, creator network, bot) is working and tested.

PreviousPhase 3 Testing Plan NextTerms of Service & Privacy Policy Updates - 2025

Last updated 1 month ago

Good afternoon