Architecture

Niuton follows a clean layered architecture with strict separation between environments, users, and components.

Infrastructure Overview

Internet
    │
    ▼
┌──────────────────────┐
│  Nginx Reverse Proxy │  (Container 102)
│  SSL Termination     │  Port 443
│  HTTP Basic Auth     │
└──────────┬───────────┘
           │ proxy_pass :80
           ▼
┌──────────────────────┐
│  Apache 2.4          │  (Container 114)
│  PHP 8.1 (mod_php)   │
│  VirtualHosts        │
├──────────────────────┤
│  /var/www/niuton-e2e  │  → e2e.niuton.net
│  /var/www/niuton-prod │  → www.niuton.net
└──────────┬───────────┘
           │
           ▼
┌──────────────────────┐
│  PostgreSQL 15       │
│  niuton_db (E2E)     │
│  niuton_prod (PROD)  │
└──────────────────────┘

E2E / PROD Separation

Niuton maintains two physically separated environments on the same server:

Aspect	E2E (Development)	PROD (Production)
URL	e2e.niuton.net	www.niuton.net
Directory	`/var/www/niuton-e2e/`	`/var/www/niuton-prod/`
Database	`niuton_db`	`niuton_prod`
DB User	`niuton_user`	`niuton_prod_user`
Debug	Enabled	Disabled
Admin Panel	Available at `/admin/`	Not deployed
Sessions	Separate session directory	Separate session directory
Logs	Verbose logging	Error-only logging

Deployment Flow

E2E (develop & test)
    │
    ▼  admin/deploy.php
PROD (live users)

The deployment script (admin/deploy.php):

Rsyncs code from E2E to PROD (excluding config, sessions, logs, cache, userdata)
Syncs database schema (new tables, columns, indexes)
Syncs app registrations
Preserves PROD-specific configuration

Directory Structure

/var/www/niuton-e2e/
├── index.php              # Entry point (redirect to login/desktop)
├── login.php              # Login page
├── login-2fa.php          # 2FA verification
├── desktop.php            # Main desktop UI
├── config.php             # Environment configuration
├── api/                   # REST API endpoints
│   ├── login.php          # Authentication
│   ├── filesystem.php     # File operations
│   ├── sync.php           # Sync protocol
│   ├── team-chat.php      # Team chat
│   ├── assistant.php      # Aurora AI
│   ├── apps.php           # App management
│   ├── desktop-components.php  # Desktop vibe-coding API (v3.8)
│   ├── trash.php          # Trash operations
│   ├── settings.php       # User settings
│   └── system-config.php  # Admin configuration
├── lib/                   # Shared libraries
│   ├── auth.php           # Authentication helpers
│   ├── filesystem.php     # Filesystem operations
│   ├── tools.php          # Aurora AI tools
│   ├── tool-executor.php  # Tool execution engine
│   ├── ai-providers.php   # AI model providers
│   ├── app-sync.php       # App data → filesystem sync
│   ├── shared-filesystem.php  # Shared room files
│   ├── system-config.php  # System configuration
│   └── totp.php           # 2FA implementation
├── apps/                  # Built-in applications (23 apps)
│   ├── app-builder/
│   ├── aufgaben/
│   ├── bildschirmfoto/
│   ├── chess/
│   ├── dokumente/
│   ├── files/
│   ├── finanzen/
│   ├── kalender/
│   ├── karten/
│   ├── kontakte/
│   ├── lesezeichen/
│   ├── notes/
│   ├── passwords/
│   ├── pdf-viewer/
│   ├── rechner/
│   ├── routines/
│   ├── settings/
│   ├── sprachmemos/
│   ├── team-chat/
│   ├── terminal/
│   ├── trash/
│   ├── wetter/
│   └── zeichnen/
├── assets/                # Static assets
│   ├── css/
│   ├── js/
│   │   ├── desktop-shell.js   # Vibe-coding runtime (v3.8)
│   ├── icons/
│   └── chess/
├── admin/                 # Admin tools (E2E only)
│   └── deploy.php
├── userdata/              # Per-user file storage
│   ├── user_1/
│   ├── user_2/
│   └── shared/            # Shared team chat files
│       └── room_{ID}/
├── sessions/
├── logs/
├── cache/
└── temp/

Request Flow

1. Browser → HTTPS request
2. Nginx (CT102) → SSL termination, proxy to Apache
3. Apache (CT114) → Route to VirtualHost
4. PHP → requireLogin() → session check
5. PHP → Process request → DB query → Response
6. Response → JSON (API) or HTML (pages)

Authentication Flow

Login Request
    │
    ▼
┌─────────────┐     ┌──────────────┐
│ Check creds  │────▶│ Rate Limiter  │
│ (bcrypt)     │     │ (5 attempts)  │
└──────┬──────┘     └──────────────┘
       │
       ▼
┌─────────────┐
│ 2FA Enabled?│
│             │
└──┬──────┬───┘
   │Yes   │No
   ▼      ▼
┌──────┐ ┌──────────┐
│ TOTP │ │ Session   │
│ Check│ │ Created   │
└──┬───┘ └──────────┘
   │
   ▼
┌──────────┐
│ Session   │
│ Created   │
└──────────┘

AI Provider Architecture

Aurora supports multiple AI providers simultaneously:

Provider	Models	Use Case
Anthropic	Claude 4.5/4.6	Primary AI, tools, vision
OpenAI	GPT-4o, o1	Alternative chat model
Google	Gemini 2.0	Alternative + vision
Local (LM Studio)	Qwen, Llama	Code generation, privacy

The ai-providers.php library handles model discovery, capability detection, and API normalization across all providers.

Architecture ​

Infrastructure Overview ​

E2E / PROD Separation ​

Deployment Flow ​

Directory Structure ​

Request Flow ​

Authentication Flow ​

AI Provider Architecture ​