SparkyFitness follows a client-server model with a clear separation of concerns between the frontend, backend, and database. The React frontend communicates with a Node.js/Express API over HTTP, which in turn reads and writes to PostgreSQL — enforcing per-user data isolation through Row-Level Security policies — and fans out to AI providers and external data sources such as food databases and device integrations.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/CodeWithCJ/SparkyFitness/llms.txt
Use this file to discover all available pages before exploring further.
Architecture Diagram
Technology Stack
Frontend
- React 19 with TypeScript
- Vite for fast dev builds and HMR
- Tailwind CSS + shadcn/ui component library
- TanStack Query for server-state management
- React Router v7 for client-side routing
- Fetch API as the HTTP client
Backend
- Node.js runtime with Express 5 framework
- PostgreSQL 15+ with Row-Level Security
- Better Auth library for authentication
- JWT token-based session management
- Zod for runtime request/response validation
- Repository pattern for all database access
AI Integration
- Multi-provider routing: OpenAI, Anthropic, Google Gemini
- Any OpenAI-compatible endpoint
- Natural-language food logging and image analysis
- AI-assisted goal setting and progress tracking
Deployment
- Docker with multi-stage builds
- Docker Compose for dev and prod environments
- Kubernetes / Helm charts for cluster deployments
- Nginx reverse proxy for static serving and SSL termination
Directory Structure
The repository is a pnpm monorepo (pnpm-workspace.yaml) containing the following packages:
SparkyFitnessGarmin/ is outside the pnpm workspace. Inspect its own requirements.txt and scripts before working there. The root package.json is tooling-only (husky, lint-staged, prettier) — it is not an app entrypoint.Frontend Architecture
TheSparkyFitnessFrontend/src/ directory follows a feature-oriented, component-driven structure:
TanStack Query data-fetching pattern
SparkyFitness uses TanStack Query (formerly React Query) throughout the frontend for server-state management. The pattern is consistent across all feature areas:Backend Architecture
TheSparkyFitnessServer/ directory uses a layered architecture:
Repository pattern example
All database operations are wrapped in repository objects with explicit transaction management:Database Security Tiers
Every user-specific table is classified into one of three security tiers enforced through PostgreSQL Row-Level Security policies (SparkyFitnessServer/db/rls_policies.sql). Two PostgreSQL session functions drive access decisions:
current_user_id()— the active profile context being viewed (changes during family delegation).authenticated_user_id()— the true logged-in actor (never changes).
Tier 1 — Strictly Private (owner-only read & write)
Tier 1 — Strictly Private (owner-only read & write)
These tables contain highly sensitive credentials, authentication secrets, and private logs. Only the account owner (
authenticated_user_id()) can read or modify these records. Family delegates and context-switched API keys have zero access.Key tables in this tier include:| Table | Description |
|---|---|
user | Account identity, password hash, role, email status |
two_factor | 2FA recovery codes and secrets |
api_key | User-generated API keys for external access |
user_oidc_links | OpenID Connect SSO credential links |
passkey | Passkey credentials for passwordless login |
session | Active authentication sessions |
sparky_chat_history | AI Assistant chat messages and history |
cycle_settings | Cycle & pregnancy hub settings |
cycle_daily_entries | Per-day cycle logs (flow, BBT, cervical mucus, moods) |
pregnancies | Pregnancy records |
health_appointments | Prenatal and other health appointments |
Tier 2 — View-Only Shared (owner write, delegate read)
Tier 2 — View-Only Shared (owner write, delegate read)
Tier 3 — Delegate-Writable (daily logs & schedules)
Tier 3 — Delegate-Writable (daily logs & schedules)
These tables contain daily diary entries, wellness logs, and scheduler items. Caregivers and delegates with active delegation permissions can read and write on behalf of the owner.Sub-tiers within Tier 3:
- Diary logs (
can_manage_diary):food_entries,exercise_entries,water_intake,meal_plan_template_assignments, etc. - Medication & symptom logs (
can_manage_medications):medications,medication_entries,injection_entries,symptom_entries, etc. - Check-in & wellness logs (
can_manage_checkin):check_in_measurements,sleep_entries,fasting_logs,mood_entries, etc.
Authentication
SparkyFitness uses the Better Auth library to handle authentication flows:Session methods
- Email + password with JWT sessions
- OIDC / SSO via configured providers (Google, Apple, etc.)
- Passkeys for passwordless login
- TOTP two-factor authentication
Access control
- JWT tokens with configurable expiration
- Family delegation via
family_accesstable current_user_id()/authenticated_user_id()context functions- Per-permission role flags (
can_manage_diary,can_view_reports, etc.)
AI Integration
SparkyFitness routes AI requests to multiple providers through a unified router, persisting chat history exclusively for the authenticated owner (Tier 1).- Natural-language food entry and nutrition analysis
- Photo-based food recognition and logging
- Intelligent progress analysis and recommendations
- AI-assisted goal setting and tracking
- Conversational body measurement entry
- Unit conversion assistance
ai_service_settings).