Architecture Summary
The EXG hub platform is a collection of purpose-built internal tools connected by a central partner portal at exgpro.partners. Each hub is independently deployed and serves a distinct operational function. All hubs sit inside The Oasis — accessible through the Partner Portal with role-based access managed via Microsoft Azure AD.
Access hierarchy:
- Partner Portal (
exgpro.partners) — single access point for all staff, partners, and board - EXG Systems (
systems.exgpro.partners) — internal directory, policies, docs, and leadership tools - Department hubs — each hub is independently accessible from within The Oasis
Hub Inventory
| Hub | Purpose | Framework | Hosting | Has Database? |
|---|---|---|---|---|
| Compliance Hub | EPR reporting, packaging review, AI compliance assistant | React 19 + Vite | Vercel | No |
| E-commerce Hub | Channel management, OMS map, forecasts, strategy | React 19 + Vite | Netlify | No |
| Marketing Hub | Brand planning, launch roadmap, KPI framework | React 19 + Vite | Netlify | No |
| Linelist Hub | Product linelist, specs, distribution, marketing beats | React 19 + Vite | Netlify | No |
| Recon Hub | Financial reconciliation across Zoho and Xero | Next.js 14 | Netlify | Yes (PostgreSQL + Redis) |
| EXG Systems | Internal portal — docs, policies, hub directory, board | Next.js 14 | Netlify | Planned (PostgreSQL) |
| Licensing Hub | Licensing management, partner agreements, royalty tracking and payouts (planned) | React 19 + Vite | Netlify | TBC |
Technology Stack
Static SPA Hubs
(Compliance, E-commerce, Marketing, Linelist, Peek Site, The Vault)
- React 19 + TypeScript — UI layer
- Vite — build tooling and dev server
- Tailwind CSS — styling
- React Router — client-side routing
- Netlify — hosting (CDN-served static files + serverless functions)
- Netlify Functions — server-side API proxying (secrets never in client bundle)
SPA redirect rule (/* → /index.html) enables client-side routing on all Netlify deployments.
Dev vs production API routing: In development, Vite's proxy middleware forwards API calls to avoid CORS. In production, Netlify Functions act as the secure server-side proxy.
Full-Stack Hubs
(Recon Hub, EXG Systems, future Finance hubs)
- Next.js 14 + TypeScript — SSR and API routes
- Prisma ORM + PostgreSQL — relational data persistence
- Redis (Recon only) — session storage and background job queue (BullMQ)
- NextAuth.js — OAuth session management
- Tailwind CSS — styling
- Netlify — hosting
API Integrations
| API | Used By | Auth Method | Where Credentials Live |
|---|---|---|---|
| Claude / Anthropic | Compliance Hub | API Key | Netlify env var |
| Zoho Inventory | Compliance, E-commerce, Recon | OAuth 2.0 | Netlify env var |
| Shopify Admin API | E-commerce Hub | Access Token | Netlify env var via function |
| Amazon SP-API | E-commerce Hub | LWA OAuth | Netlify env var via function |
| Amazon Advertising API | E-commerce Hub | LWA OAuth | Netlify env var via function |
| Xero Accounting API | Recon Hub | OAuth 2.0 | Netlify env var |
| Azure AD | EXG Systems | OAuth 2.0 / OIDC | Netlify env var |
Rule: All API secrets live in hosting platform environment variables. Secrets are never bundled into client-side JavaScript and never hardcoded in source code. All credentials are also documented in the shared secrets manager (1Password / Bitwarden).
Security Model
Static SPA Hubs
| Risk | Mitigation |
|---|---|
| Secrets in client bundle | All API calls go through Netlify Functions — secrets are server-side only |
| No database to breach | These hubs hold zero persistent data; read from third-party APIs at runtime |
| XSS / injection | React's virtual DOM escapes output by default; TypeScript enforces type safety at build |
| CORS | Netlify Functions act as same-origin proxy — third-party APIs never called directly from browser in production |
Key point: Static hubs contain no user data and no server infrastructure. Worst-case incident is a temporary outage, not a data breach.
Full-Stack Hubs
| Risk | Mitigation |
|---|---|
| Database credentials exposed | Stored in server-side env vars only — never client-visible |
| OAuth token leakage | Tokens persisted to server-side storage — not exposed to browser |
| Session hijacking | NextAuth.js manages sessions with signed JWTs + NEXTAUTH_SECRET |
| SQL injection | Prisma ORM uses parameterised queries by default |
| Redis exposure | Redis runs on private network — not publicly accessible |
Ports & Domains
| Hub | Dev Port | Production Domain | Hosting |
|---|---|---|---|
| Compliance Hub | 5173 | TBC | Netlify |
| E-commerce Hub | 5174 | TBC | Netlify |
| Recon Hub | 5175 | TBC | Netlify |
| Peek Site | 5176 | peekos.exgpro.com | Netlify |
| The Vault | 5177 | vault.exgpro.com | Netlify |
| EXG Systems | 5178 | systems.exgpro.partners | Netlify |
| Marketing Hub | 5179 | TBC | Netlify |
| Linelist Hub | 5180 | TBC | Netlify |
| Partner Portal | — | exgpro.partners | — |
Future Hub Standards
Read-only / analytics hubs (no user-generated data):
- Use React 19 + Vite + Netlify pattern
- No database required; data read from third-party APIs at runtime
- API credentials in Netlify env vars + documented in secrets manager
Hubs that store processed/calculated data:
- Use Next.js 14 + PostgreSQL pattern (matching Recon Hub)
- Provision a managed PostgreSQL service (Railway / Supabase / Render) with automated backups from day one
- Document all OAuth tokens and env vars in the shared secrets manager immediately
Common to all hubs:
- Source code in Git (GitHub) — version controlled, no secrets in repo
- All API secrets in environment variables — never hardcoded, never in client bundle
- SPA redirect rules configured for all Vite hubs
- Follow the indigo-600 accent colour convention for EXG Systems; each hub uses its own accent (see Brand Guidelines)
For backup schedules, RTO/RPO targets, and disaster recovery procedures, see the Backup & Disaster Recovery Policy.
Document maintained by EXG Engineering. Review when new hubs are added or hosting configuration changes.