# Navi Application Boundaries

Date: 2026-05-04

## Rule

`apps/mobile`, `apps/website`, `apps/dashboard`, and `apps/api` are separate applications.

They may communicate only through:

- Secure HTTP APIs from `apps/api`.
- `packages/types`
- `packages/validators`
- `packages/config`
- `packages/ui`
- `packages/api-client`

## Forbidden

- Mobile importing dashboard, website, or API source files.
- Dashboard importing mobile, website, or API source files.
- Website importing mobile, dashboard, or API source files.
- Business logic for bookings, payments, RBAC, partner scope, refunds, provider webhooks, or pricing outside `apps/api`.

## Required Pattern

- API owns business rules and persistence.
- Shared packages define contracts and reusable presentation utilities only.
- Apps render state, call API clients, and handle local navigation/session UX.
- Every new endpoint should update validators, shared types, API client, route permissions, and QA notes when applicable.