Skip to main content

Completed Route Architecture Note

Scenario

Atlas is launching /reports/revenue, a high-traffic revenue dashboard for managers. Users filter by date range, region, segment, and product line. The route has charts, a table, exports, saved views, role-based fields, analytics events, and mobile usage from field teams.

1. User contract

Users must be able to:

  • load the dashboard on slow mobile networks
  • understand whether data is loading, stale, empty, or failed
  • share a filtered URL with another authorized user
  • change filters without stale responses overwriting fresh results
  • export data only when permitted
  • recover from export failure without losing current filters

Non-goals:

  • real-time collaborative editing
  • sub-second freshness for all metrics
  • offline export creation

2. Business and risk context

RiskImpact
Slow first loadmanagers abandon dashboard and ask analysts manually
stale data shown as freshbad operational decisions
unauthorized field exposurecustomer/account privacy incident
broken exportsupport burden and lost trust
inaccessible filtersusers cannot complete primary workflow

3. Rendering decision

Decision: server-render the route shell and initial summary, stream lower-priority panels, hydrate filter controls, table interactions, and chart tooltips.

Rejected alternatives:

AlternativeRejected because
Full client-side renderingdelays first useful state and pushes too much data orchestration into the browser
Fully static routereport data and permissions are user-specific
Fully interactive client dashboardincreases JavaScript and hydration cost for non-interactive chrome

Verification:

  • LCP on mobile p75 below route budget
  • INP for filter apply below interaction budget
  • JavaScript shipped per route tracked in CI
  • field metrics segmented by device class

4. Data and state ownership

State/dataOwner/locationNotes
date range, region, segment, product lineURLshareable and restorable
report result dataserver/BFF cachekeyed by user permissions and filters
visible table sortURL if shareable; component state if temporaryproduct decision per view
saved view nameserverauditable user setting
export jobserverside-effecting operation with idempotency key
chart hover statecomponenttransient interaction
density preferencepreference storecross-session but not product truth

Freshness:

  • summary cards: tolerate 5 minutes stale
  • permissions: near-immediate, no browser-side authority
  • export job status: poll or subscribe until terminal state
  • AI-generated insight panel, if enabled later: must show source freshness

5. Mutation contract

Export action:

  • server enforces authorization
  • input schema accepts only report id, filters, format, and idempotency key
  • duplicate idempotency key returns existing job
  • pending state disables duplicate submit
  • failure preserves filters and explains retry
  • audit event records user, report id, filters hash, format, and outcome

6. Accessibility contract

  • filters have visible labels and programmatic names
  • keyboard users can reach and apply all filters
  • result updates announce through polite live region
  • loading does not steal focus
  • export success/failure moves focus to an actionable status region
  • charts have table or text alternative for key values
  • target sizes and spacing support touch usage

7. Security and privacy contract

  • no sensitive filters in analytics payloads
  • role-restricted fields excluded on server before payload reaches browser
  • export endpoint checks authorization server-side
  • third-party analytics script loads after consent where required
  • CSP/reporting configured for route shell
  • errors redact query payload and account identifiers

8. Failure matrix

FailureUser experienceDetectionRecovery
report API timeoutpanel-level error; other panels remain usablepanel error metric and traceretry panel
stale datafreshness timestamp visiblestale age metricrefresh action
filter racelatest request winsrequest sequence testabort/ignore stale responses
export failsstatus shows failure and retryexport job failure metricretry same idempotency key or create new job
analytics blockeduser workflow unaffectedevent delivery metricno user action
unauthorized exportclear permission errorauthorization denial metricrequest access or remove action

9. Performance budget

BudgetTarget
p75 mobile LCPbelow product threshold for dashboard routes
p75 filter INPbelow interaction threshold
initial route JScapped and tracked in CI
chart render costmeasured with trace on representative dataset
third-party script costregistered and budgeted

10. Observability

Events and metrics:

  • route loaded with release, cohort, device class
  • filter applied with non-sensitive filter categories
  • report API latency by panel
  • cache hit/miss by route and filter hash
  • export started/completed/failed
  • accessibility error reports from automated and manual testing
  • Core Web Vitals by route
  • client error boundary activation by panel

11. Rollout

  • feature flag by tenant and role
  • start with internal managers
  • then 10% cohort for target customers
  • kill switch for export only
  • kill switch for chart enhancement only
  • rollback route to previous dashboard link if critical path fails

12. Open risks

RiskOwnerExpiry
chart text alternative is manual for v1design system ownerbefore GA
export retry UX needs support reviewreports teamtwo weeks after beta
analytics schema still missing saved view eventsdata platformbefore experiment launch

13. Decision summary

The route uses a hybrid rendering strategy because the shell and initial summary need fast first useful paint while filters, charts, and exports need client interactivity. Data ownership remains server/BFF-led, URL owns shareable filters, and side effects use server-enforced authorization and idempotency. The primary architectural risks are stale data, mobile performance, authorization leakage, and export reliability.

Source lens

This example combines Part 0 production readiness, Part III rendering/data architecture, Part VI performance budgets, Part VIII security/privacy, and Part XII review packet practices.