# Target project structure for the next phase

This is the desired direction, not necessarily the current exact repo state.

## Root
- `backend/`
- `workers/rdp-worker/`
- `clients/windows/`
- `clients/linux/`
- `web-admin/`
- `scripts/`
- `docs/`
- `deploy/`
- `CODEX_CONTEXT.md`

## Backend suggested evolution
- `internal/platform/`
  - config
  - runtime
  - logging
  - postgres
  - redis
  - module
  - authn middleware
  - authz middleware
- `internal/modules/`
  - auth
  - organization
  - membership
  - identitysource
  - group
  - resource
  - sessionbroker
  - sessiongateway
  - worker
  - node
  - nodeagent
  - connector
  - audit
  - policy
- `pkg/contracts/`
  - session
  - worker
  - node
  - connector

## New modules to add in next phase
- `organization`
- `membership`
- `identitysource`
- `node`
- `nodeagent`
- `policy` (if policy logic is currently too scattered)

## DB evolution direction
New tables/entities should include:
- organizations
- organization_memberships
- organization_roles
- identity_sources
- identity_mappings
- groups
- group_memberships / external_group_bindings
- nodes
- node_services
- node_capabilities
- node_update_policies
- node_partition_states
- connectors
- connector_bindings
- organization_feature_scopes

Keep existing proven session tables intact unless migration is very deliberate.

## Worker
Keep worker independent.
Do not move node-agent responsibilities into the RDP worker.
The worker is one service workload. The node-agent is the supervisor/orchestrator on the node.

## Clients
Do not start final client implementation before the new platform-core backend model is established.