ADR-001: Django + React Hybrid Architecture for License Management Platform
Status: APPROVED ✅ Date: November 24, 2025 Decision Makers: CODITECT Infrastructure Team, Hal Casteel (CTO) Related Documents: ARCHITECTURE-DECISION-DJANGO-REACT.md, project-plan.md V4.0
Context
The CODITECT License Management Platform requires a robust, scalable, multi-tenant architecture to support:
- Multi-tenant data isolation - Complete separation between customer organizations
- Staff administration - Internal operations for user/tenant/license management
- Customer self-service - Professional dashboard for end-user management
- License API - High-performance API for CODITECT client authentication
- OAuth2 authentication - Secure identity management via Google Cloud Identity Platform
Technology Constraint
The requirements.txt file specified Django 5.2.8 and django-multitenant 3.2.1, indicating a previous architectural decision had been made. However, all documentation referenced FastAPI, creating a mismatch.
Decision
We will use a Django + React Hybrid Architecture with three distinct deployments:
┌─────────────────────────────────────────────────────────────┐
│ GCP Load Balancer │
│ (SSL Termination + Path-Based Routing) │
└─────────────┬──────────────┬──────────────┬─────────────────┘
│ │ │
┌────────▼────────┐ ┌──▼──────────┐ ┌─▼──────────────┐
│ Django Admin │ │ Django REST │ │ React Frontend │
│ (Staff Portal) │ │ API │ │ (Customer) │
│ │ │ │ │ │
│ admin. │ │ api. │ │ app. │
│ coditect.ai │ │ coditect.ai │ │ coditect.ai │
└─────────────────┘ └─────────────┘ └────────────────┘
│ │ │
└──────────────┴──────────────┘
│
┌─────────────▼──────────────┐
│ PostgreSQL 16 (Cloud SQL) │
│ + Redis Memorystore │
└────────────────────────────┘
Component Responsibilities
1. Django Admin (admin.coditect.ai)
Purpose: Internal staff operations
Access: Staff-only (Django is_staff flag)
Features:
- User management (create, edit, delete, permissions)
- Tenant CRUD (organizations, seat limits, pricing tiers)
- License provisioning (generate, revoke, transfer)
- Audit logs (django-simple-history)
- System configuration
Why Django Admin:
- ✅ Auto-generated from models (zero frontend code)
- ✅ Built-in security (CSRF, XSS protection, staff-only)
- ✅ Scalable (millions of records with pagination)
- ✅ Fast development (days instead of weeks)
- ✅ Modern UI available (django-admin-interface)
2. Django REST API (api.coditect.ai)
Purpose: External integrations and client authentication Access: Public (with authentication) Features:
- License acquisition endpoint (
POST /api/v1/licenses/acquire) - License heartbeat (
POST /api/v1/licenses/heartbeat) - License release (
POST /api/v1/licenses/release) - Stripe webhooks (
POST /api/v1/webhooks/stripe) - Public documentation (drf-spectacular)
Why Django REST Framework:
- ✅ Automatic serialization from models
- ✅ Built-in permissions system
- ✅ Auto-generated OpenAPI documentation
- ✅ Mature ecosystem (10+ years)
3. React Dashboard (app.coditect.ai)
Purpose: Customer self-service portal Access: Authenticated tenants/users Features:
- Tenant dashboard (usage metrics, active sessions)
- Team management (invite users, assign roles)
- Usage analytics (historical usage, forecasting)
- Billing portal (Stripe integration)
- Profile settings
Why React + TypeScript:
- ✅ Modern, professional user experience
- ✅ Type-safe development (TypeScript strict mode)
- ✅ Real-time updates (TanStack Query)
- ✅ Mobile-responsive (Tailwind CSS)
- ✅ Consistent with workflow.coditect.ai design system
Technology Stack
Backend: Django 5.2.8
Core Framework:
Django==5.2.8 # Latest stable (Nov 2025)
djangorestframework==3.16.1 # REST API framework
django-multitenant==3.2.1 # Tenant isolation
Why Django 5.2.8:
- ✅ Security patches for CVE-2025-64459 (SQL injection)
- ✅ Enhanced ASGI support (async views)
- ✅ Improved multi-database support
- ✅ Better admin interface
Database & Caching:
psycopg[binary]==3.2.13 # PostgreSQL adapter
redis==5.2.0 # Redis client
django-redis==5.4.0 # Django cache backend
Task Queue:
celery[redis]==5.4.0 # Async task queue
django-celery-beat==2.7.0 # Periodic tasks
Authentication:
authlib==1.4.0 # OAuth2/OIDC client
Payments:
stripe==11.2.0 # Stripe integration
Frontend: React 18 + TypeScript
Core Framework:
{
"react": "^18.3.1",
"typescript": "^5.3.3",
"vite": "^5.0.0"
}
State Management & Routing:
{
"@tanstack/react-query": "^5.18.0",
"@tanstack/react-router": "^1.15.0",
"zustand": "^4.5.0"
}
UI Components:
{
"tailwindcss": "^3.4.0",
"@radix-ui/react-*": "latest",
"lucide-react": "^0.309.0"
}
Why This Stack:
- ✅ TypeScript strict mode catches errors at compile-time
- ✅ TanStack Query manages server state elegantly
- ✅ TanStack Router provides type-safe routing
- ✅ Shadcn/ui provides professional, accessible components
- ✅ Vite offers instant hot module replacement
Infrastructure: GCP + GKE
Deployed Infrastructure:
✅ GKE Cluster: coditect-cluster (3 nodes, us-central1)
✅ Cloud SQL: coditect-db (PostgreSQL 16, db-custom-2-8192)
✅ Redis Memorystore: (to be deployed)
✅ VPC Networking: Configured
✅ Secret Manager: Configured
Why GKE:
- ✅ Container orchestration (auto-scaling, self-healing)
- ✅ Zero-downtime deployments (rolling updates)
- ✅ Native GCP integration (Cloud SQL, Secret Manager)
Rationale
1. Multi-Tenant Isolation
django-multitenant 3.2.1 provides automatic tenant isolation:
# models.py
from django_multitenant.models import TenantModel
class License(TenantModel):
tenant_id = models.CharField(max_length=255, db_index=True)
seats_total = models.IntegerField()
seats_used = models.IntegerField(default=0)
class Meta:
tenant_id = 'tenant_id' # Automatic filtering
# views.py
from django_multitenant.utils import set_current_tenant
# Middleware sets tenant context from JWT
set_current_tenant(tenant)
# ALL queries automatically filtered by tenant_id
licenses = License.objects.all() # Returns ONLY current tenant's licenses
Benefits:
- ✅ Zero manual filtering (eliminates bugs)
- ✅ Impossible to access other tenant's data
- ✅ Row-level security at ORM level
- ✅ Battle-tested (millions of tenants in production)
2. Django Admin for Staff Operations
Time Savings: 2-3 weeks of development avoided
Auto-Generated Features:
- User list/detail/edit/delete
- Tenant CRUD operations
- License provisioning with custom actions
- Audit log viewer (django-simple-history)
Security:
- Staff-only by default (
is_staff=Truerequired) - CSRF protection enabled
- XSS prevention built-in
- Automatic SQL injection prevention
Modern UI:
pip install django-admin-interface
- Beautiful, responsive design
- Dark mode support
- Customizable colors and branding
- Mobile-friendly
3. React for Customer Experience
Professional UI:
- Matches workflow.coditect.ai design system
- Consistent header/footer across all CODITECT apps
- AZ1.AI branding (logo, colors, typography)
- Light/dark mode toggle
Real-Time Features:
// Automatic refetching with TanStack Query
const { data: usage } = useQuery({
queryKey: ['usage', tenantId],
queryFn: fetchUsage,
refetchInterval: 30000 // Refresh every 30s
})
Type Safety:
// TypeScript prevents runtime errors
interface License {
id: string
seats_total: number
seats_used: number
expires_at: Date
}
// Compiler catches errors
const license: License = await api.getLicense(id)
console.log(license.seats_total) // ✅ Valid
console.log(license.invalid_field) // ❌ Compile error
4. Separation of Concerns
Django Admin vs React Dashboard:
| Feature | Django Admin (Staff) | React Dashboard (Customer) |
|---|---|---|
| Audience | Internal staff | External customers |
| Access | is_staff=True | Tenant membership |
| Purpose | Management & ops | Self-service |
| UI | Functional, efficient | Beautiful, modern |
| Features | All models, system config | Limited to tenant data |
| Examples | Create tenant, configure pricing | View usage, invite team |
This is the industry standard pattern:
- Stripe: Django Admin (staff) + React (customers)
- Instagram: Django Admin (moderation) + React (app)
- Spotify: Django backend + React frontend
Alternatives Considered
Alternative 1: FastAPI + React
Pros:
- Native async/await support
- Excellent performance (Uvicorn/ASGI)
- Modern Python patterns
Cons:
- ❌ No built-in admin interface (must build from scratch = 2-3 weeks)
- ❌ Multi-tenancy requires custom implementation
- ❌ Smaller ecosystem than Django
- ❌ No battle-tested multi-tenant solution
- ❌ Mismatch with requirements.txt (Django already specified)
Decision: Rejected due to development time and lack of admin interface
Alternative 2: Django + Django Templates (No React)
Pros:
- Simpler deployment (single service)
- Django templates for both staff and customer
Cons:
- ❌ Poor customer experience (server-side rendering)
- ❌ No real-time updates without complex WebSocket setup
- ❌ Inconsistent with workflow.coditect.ai (React)
- ❌ Limited interactivity
- ❌ Mobile experience suffers
Decision: Rejected due to poor UX for customers
Alternative 3: Full React Admin (No Django Admin)
Pros:
- Consistent React codebase
- Modern admin UI
Cons:
- ❌ 2-3 weeks development time for admin
- ❌ Must build all CRUD operations manually
- ❌ Security risks (easier to make mistakes)
- ❌ Loses Django Admin's maturity
Decision: Rejected due to development time and security concerns
Implementation Phases
Phase 0: Infrastructure ✅ COMPLETE
- GKE, Cloud SQL, Redis deployed
- Duration: Complete
- Status: 100%
Phase 1: Django Backend Foundation (4-5 days)
- Django project setup with multi-tenant models
- Django Admin configuration
- Django REST Framework API
- Celery task queue setup
- Output: admin.coditect.ai + api.coditect.ai working locally
Phase 2: React Frontend (3-4 days)
- React + TypeScript strict project with Vite
- OAuth2 authentication flow (Identity Platform)
- Tenant dashboard UI
- Team management interface
- Output: app.coditect.ai working locally
Phase 3: Identity Platform & Multi-Tenant (2-3 days)
- Cloud KMS deployment for license signing
- Identity Platform OAuth2 setup
- JWT middleware integration
- Output: End-to-end authentication working
Phase 4: License Management API (4-5 days)
- License acquire/heartbeat/release endpoints
- Redis atomic seat counting (Lua scripts)
- Cloud KMS license signing integration
- Output: CODITECT client can acquire licenses
Phase 5: Deployment & Testing (3-4 days)
- Dockerfiles for Django + React
- Deploy to GKE with ingress routing
- SSL certificates (Let's Encrypt or Google-managed)
- E2E testing + load testing
- Output: Production deployment live
Phase 6: Production Hardening (2 days)
- Monitoring (Prometheus + Grafana)
- Alerting (PagerDuty or Cloud Monitoring)
- Runbooks and documentation
- Output: Production-ready system
Total Estimated Duration: 18-23 days
Consequences
Positive
- Fast Development: Django Admin saves 2-3 weeks
- Proven Multi-Tenancy: django-multitenant is battle-tested
- Professional UX: React provides modern customer experience
- Separation of Concerns: Staff tools vs customer tools cleanly separated
- Security: Django's built-in security features reduce risk
- Consistency: Matches workflow.coditect.ai design system
- Scalability: Proven to scale to millions of users
Negative
- Two Frameworks: Django + React requires expertise in both
- Deployment Complexity: Three separate deployments (admin, api, app)
- CORS Configuration: Must carefully configure cross-origin requests
- State Synchronization: React must stay in sync with Django backend
Mitigation
- Two Frameworks: Team has expertise in both; separation simplifies development
- Deployment Complexity: GKE ingress handles routing elegantly
- CORS: Django CORS middleware handles this automatically
- State Sync: TanStack Query provides automatic cache invalidation
Success Metrics
Technical KPIs
| Metric | Target | Measurement |
|---|---|---|
| API Latency (p99) | < 500ms | Prometheus metrics |
| API Error Rate | < 1% | Application logs |
| Uptime | 99.9% | GCP monitoring |
| Test Coverage (Backend) | ≥ 80% | pytest --cov |
| Test Coverage (Frontend) | ≥ 70% | vitest coverage |
Business KPIs
| Metric | Target | Measurement |
|---|---|---|
| License Acquisition Success Rate | ≥ 99% | API logs |
| Heartbeat Reliability | ≥ 99.9% | Redis monitoring |
| Active Sessions per Tenant | 100-1000 | Dashboard analytics |
| Staff Productivity (admin) | 10+ tasks/hour | Admin usage logs |
Design System Consistency
Colors (from workflow.coditect.ai)
Primary Blue:
--primary-50: #f0f9ff;
--primary-100: #e0f2fe;
--primary-200: #bae6fd;
--primary-300: #7dd3fc;
--primary-400: #38bdf8;
--primary-500: #0ea5e9; /* Primary brand color */
--primary-600: #0284c7;
--primary-700: #0369a1;
--primary-800: #075985;
--primary-900: #0c4a6e;
Typography
Font Stack:
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto',
'Oxygen', 'Ubuntu', 'Cantarell', 'Fira Sans',
'Droid Sans', 'Helvetica Neue', sans-serif;
Dark Mode
Strategy: CSS class-based (class)
// Tailwind config
darkMode: 'class'
// Toggle implementation
<html className={isDark ? 'dark' : ''}>
Standardized Header/Footer
All CODITECT applications must include:
- AZ1.AI logo (top-left)
- Consistent navigation (Home, Products, About, Contact)
- User profile dropdown (top-right)
- Footer with links (Privacy, Terms, Support, Documentation)
See ui-design-system.md for complete specifications.
Compliance & Security
Multi-Tenant Isolation
Row-Level Security: Enforced at ORM level via django-multitenant Zero Manual Filtering: Automatic tenant_id filtering prevents data leakage Audit Logging: django-simple-history tracks all changes
Authentication & Authorization
Identity Platform: Google Cloud OAuth2/OIDC JWT Tokens: Signed with Cloud KMS (RSA-4096) Role-Based Access Control: Django permissions system
Data Protection
Encryption at Rest: Cloud SQL automatic encryption Encryption in Transit: HTTPS/TLS 1.3 only Secrets Management: Google Cloud Secret Manager
References
- Django 5.2 Release Notes
- Django REST Framework Documentation
- django-multitenant Documentation
- React 18 Documentation
- TanStack Query Documentation
- workflow.coditect.ai Deployment Report
Approval
Decision: APPROVED ✅ Date: November 24, 2025 Approved By: Hal Casteel, Founder/CEO/CTO Next Steps:
- Update project-plan.md with Django + React architecture ✅
- Update tasklist-with-checkboxes.md with implementation tasks
- Create ui-design-system.md with detailed specifications
- Create FRONTEND-IMPLEMENTATION-GUIDE.md
- Begin Phase 1 implementation
Document Version: 1.0 Last Updated: November 24, 2025 Status: APPROVED ✅ Related ADRs: None (this is ADR-001)