Resolving locale, route permissions, and workspace projection.
Current scope: Guest
Category: 90_stabilization | Version: v1.0.0
Owner: DOCUMENT_CUSTODIAN | Review cycle: 90 days
Approval authority: Unspecified
Documentation portal is read-only. Editing and mutation endpoints are disabled.
Kvary platform is originally created in Georgian. Where a Georgian version exists, Georgian is authoritative for platform UI, documentation, and legal interpretation.
Translations into other languages are provided for convenience. Some records may originate in other languages and carry their own source or legal locale for a specific flow, but where a Georgian version is available, the Georgian version prevails for platform-level wording and interpretation.
Metadata incomplete: Document ID, Version, Status, Owner Role, Last Review Date, Next Review Date, Change Log
Date: 2026-03-06
Scope: duplication inventory + runtime usage detection + safe consolidation plan
Mode: non-destructive (no runtime entrypoint removals)
295 (workspace-wide, excluding dist/, node_modules/, .next/, archive/)[locale]/(portal) vs [locale]/[country]/(portal)): 70 files with matching relative pathstenders, auctions, stakeholder-applicationssvc-auth vs identity-infra (auth + stakeholder onboarding/reviewer flow)| Category | File A | File B | Used in runtime? | Import graph | Risk |
| --- | --- | --- | --- | --- | --- |
| TS/JS duplicate | services/svc-auth/src/security/jwt.ts | services/svc-auth/src/security/jwt.js | Yes (service runtime path is active) | services/svc-auth/src/server.ts imports ./security/jwt (extensionless) | High |
| TS/JS duplicate | services/svc-auth/src/security/password.ts | services/svc-auth/src/security/password.js | Yes | services/svc-auth/src/server.ts imports ./security/password | High |
| TS/JS duplicate | services/api/src/routes/tenders.ts | services/api/src/routes/tenders.js | Yes | services/api/src/server.ts mounts tendersRouter from ./routes/tenders | High |
| TS/JS duplicate | services/api/src/routes/auctions.ts | services/api/src/routes/auctions.js | Yes | services/api/src/server.ts mounts auctionsRouter | High |
| TS/JS duplicate | packages/ai-layer/src/index.ts | packages/ai-layer/src/index.js | Yes (used from web API routes) | apps/web/src/app/api/ai/ask/route.ts imports @kvary/ai-layer | High |
| TS/JS duplicate | packages/memory-layer/src/index.ts | packages/memory-layer/src/index.js | Yes | apps/web/src/app/api/ai/ask/route.ts imports @kvary/memory-layer | High |
| TS/JS duplicate | packages/core/index.ts | packages/core/index.js | Yes | referenced via @kvary/core and internal compat modules | Medium |
| Duplicate route tree | apps/web/src/app/[locale]/(portal)/tenders/page.tsx | apps/web/src/app/[locale]/[country]/(portal)/tenders/page.tsx | Yes (both routes active by URL design) | Next.js file-system router entrypoints | Medium |
| Duplicate route tree | apps/web/src/app/[locale]/(portal)/auctions/page.tsx | apps/web/src/app/[locale]/[country]/(portal)/auctions/page.tsx | Yes | Next.js file-system router entrypoints | Medium |
| Duplicate route tree | apps/web/src/app/[locale]/(portal)/vacancies/page.tsx | apps/web/src/app/[locale]/[country]/(portal)/vacancies/page.tsx | Yes | Next.js file-system router entrypoints | Medium |
| Duplicate route tree | apps/web/src/app/[locale]/(portal)/accommodations/page.tsx | apps/web/src/app/[locale]/[country]/(portal)/accommodations/page.tsx | Yes | Next.js file-system router entrypoints | Medium |
| Duplicate service logic | services/svc-auth/src/server.ts (/auth/signup, /auth/login, /auth/me) | packages/identity-infra/src/server.ts (/auth/signup, /auth/login, /auth/me) | Yes | gateway auth route proxies to AUTH_SERVICE_URL; identity-infra can run directly on separate port | High |
| Duplicate service logic | packages/identity-infra/src/server.ts reviewer actions | services/api/src/routes/stakeholder-applications.ts reviewer actions return 501 | Partially | gateway path currently blocks reviewer flow though backend logic exists in identity-infra | High |
| Mock vs live duplicate | services/api/src/routes/tenders.ts local legacy engine | services/svc-tenders/src/server.ts canonical tender APIs | Yes | gateway has proxy + local fallback + local legacy actions | High |
| Mock vs live duplicate | services/api/src/routes/auctions.ts local engine mutations | services/svc-tenders/src/server.ts auctions persistence APIs | Yes | gateway reads may proxy but writes are local engine | High |
| Mock vs live duplicate | services/api/src/routes/map.ts fixture-driven map/overview | no live map backend in mounted gateway routes | Yes (mock only) | gateway serves static/fixture map view | Medium |
services/api/src/server.tsservices/svc-auth/src/server.tsservices/svc-tenders/src/server.tsservices/svc-risk/src/server.tsservices/svc-kyc/src/server.tsservices/svc-carbon/src/server.tspackages/identity-infra/src/index.ts (via tsx)apps/web/src/app/**dist/* (safer)src/index.ts directly (runtime ambiguity when .ts + .js coexist in same folder)| Duplicate cluster | Classification | Reason |
| --- | --- | --- |
| services/*/src/*.ts + services/*/src/*.js pairs | ACTIVE (TS source), LEGACY (JS sibling) | dev scripts run TypeScript entrypoints; .js siblings are transitional artifacts and increase resolution ambiguity |
| packages/* that export dist/* but keep src/*.js siblings | LEGACY | runtime consumers should resolve dist; src .js files are not canonical output path |
| packages/ai-layer, packages/memory-layer, packages/identity-infra (export/run from src/*.ts) with src/*.js siblings | UNKNOWN/HIGH-RISK | active runtime from src, extensionless resolution may accidentally pick .js depending toolchain |
| [locale]/(portal) and [locale]/[country]/(portal) duplicate files | ACTIVE | both URL trees are active intentionally |
| Gateway local mock/fallback handlers for tenders/auctions | ACTIVE | currently reachable at runtime and used when upstream unavailable or for legacy mutation path |
| Gateway stakeholder reviewer 501 stubs vs identity-infra reviewer handlers | ACTIVE (stub), ACTIVE (implementation elsewhere) | contradictory active paths |
Rule applied: UNKNOWN duplicates are not deletion candidates.
Current:
.ts + .js siblingsPlan:
dist/ only in each package/service.src/*.js siblings for TypeScript modules (allowlist temporary exceptions).Current:
Plan:
x-kvary-source) when local engine/fallback is serving response.false and use service proxy path only.Current:
[locale]/(portal) and [locale]/[country]/(portal)Plan:
Current:
svc-auth and identity-infraPlan:
Applied only in gateway domain:
services/api/src/routes/auctions.ts
AUCTIONS_LOCAL_ENGINE_ENABLED flag (default true)x-kvary-source: gateway-local-engine503 + reasonCode without crashingservices/api/src/routes/tenders.ts
LEGACY_TENDERS_LOCAL_ENGINE_ENABLED flag (default true)x-kvary-source: gateway-legacy-local-engineNo runtime entrypoint was removed.
truefalseOrder:
Pattern:
Completed:
Pending (environment limitation):
node binary is unavailable in the current execution environment.Suggested commit sequence:
chore(stabilization): add safe duplication inventory and runtime classification reportrefactor(api-gateway): gate local auctions engine behind feature flag and tag response sourcerefactor(api-gateway): gate legacy tender local engine behind feature flag and tag response sourcechore(stabilization): add src-js-duplicate CI guard (allowlist mode)refactor(web): extract shared tenders portal page logic for locale/country wrappers (separate PR)Do not modify in this stabilization batch:
services/svc-tenders/src/server.ts business transitions (submit/approve/reject + KES flow)services/svc-auth/src/server.ts auth token/session/oidc flowpackages/core/** deterministic governance/ledger logicdocs/80_chain/** event contract docs (except explicit version updates when behavior changes)Current stabilized state: