Local-first boundary
Persona form state remains in browser memory. Static JSON catalogs are fetched from /assets/data/. The site does not need server-side persona submission.
Architecture & quality
Simple UI, strict boundaries, reviewable outputs.
Spiralist AI uses a lightweight server-rendered PHP shell, custom CSS, vanilla JavaScript modules, local JSON catalogs, and browser-side export services. The design goal is enterprise discipline without framework bloat.
Architecture principles
The highest-quality version of Spiralist AI is not a heavy app. It is a small, inspectable system with explicit contracts.
Server-rendered public pages
Each public route remains crawlable PHP/HTML with page metadata, breadcrumbs, and machine-readable digests.
Separation of concerns
PHP templates handle content and metadata, CSS handles design tokens, JavaScript modules handle interaction, and data catalogs remain versioned JSON assets.
Repository pattern
The browser runtime exposes a JSON repository that only loads same-origin catalog files from approved data paths.
Export service contract
Downloads are generated from current UI state into text, ZIP, and .uaix artifacts with manifest hashes and review guidance.
Quality gates
Routes, internal links, JSON, PHP syntax, JavaScript syntax, metadata, privacy boundaries, and ZIP integrity are checked before packaging.
Enterprise design patterns applied
These patterns keep the project robust while preserving its static hosting fit.
Composition root
includes/header.php loads shared config, helpers, and security headers once. Pages only define metadata, content, and route-specific script flags.
Shared helper layer
includes/functions.php centralizes escaping, canonical URLs, navigation state, structured data, and breadcrumb metadata.
Client runtime module
assets/js/spiralistai-runtime.js provides DOM helpers, safe slugging, UTC timestamps, debouncing, event bus creation, local-only form protection, and an allowlisted JSON repository.
Contract-first exports
Generated packs include ARCHITECTURE.md, .uai/architecture-quality.uai, .uai/privacy-boundary.uai, and .uai/manifest.uaix.json.
Defense in depth
PHP and .htaccess add security headers. The PHP shell rejects non-GET/HEAD requests because this package does not accept persona POST bodies.
Audit-first memory
Active .uai memory points to detailed long-term docs instead of overloading hot memory files with long reports.
Architecture does not replace review.
Spiralist AI can make persona packages more structured and inspectable. It still cannot guarantee identical behavior across destination runtimes, and exported packs should be reviewed before external use.
Build a reviewed packOpen review guidance