Architecture and data flow

Package Ninja separates governance control from local command execution.

Control plane components

• dashboard web app (workspace operations UI)
• backend functions (auth bridge, policy APIs, billing/event handling)
• firestore data model (orgs, teams, policies, memberships, events, sessions)

Data plane components

• CLI/runtime (package-ninja canonical command name)
• local runtime process and session manager
• package-manager passthrough (npm, pnpm, yarn)

Command data flow

1. developer runs command in local terminal
2. CLI resolves local auth session and active workspace identity
3. CLI requests effective policy
4. CLI evaluates preflight and produces verdict
5. audit event is emitted
6. command executes or blocks based on verdict

Security design principles

• do not trust client-provided org/team identifiers
• derive effective org/team from verified auth context server-side
• enforce deny-first semantics for ambiguous policy conflicts
• rotate and revoke tokens aggressively for stolen-device resilience