Server (apps/server)
The single Django service that hosts every business decision. Client surfaces are thin; this is where the real logic, the database, and the LLM calls live.
Django apps
| App | Purpose | URL prefix |
|---|---|---|
recording | Idempotent ingest of CloneEvent rows; sessions and event detail. | /api/recording/ |
memories | Profile, semantic facts, episodes, raw memory; promotion pipeline. | /api/memory/ |
predictions | Predict, batch-predict, feedback, list, stats. | /api/predictions/ |
accounts | Signup, login, JWT refresh, invite/waitlist, API keys. | /api/auth/ |
access | Per-account member list, invite/approve/decline. | /api/access/ |
voice | ElevenLabs voice synthesis endpoints. | /api/voice/ |
sources | Source connectors (per-integration adapter scaffolding). | /api/sources/ |
news | Curated news feed for the marketing site. | /api/news/ |
monitoring | Read-only health and stats endpoints. | /api/monitoring/ |
jobs | Background-job records (one row per LLM call etc.). | /api/jobs/ |
config | Project URL conf. | N/A |
Stack
- Django 6 + Django REST Framework
djangorestframework-simplejwtfor JWT (60-min access, longer-lived refresh)- Postgres 16 in production (
DATABASE_URL), SQLite in development anthropicPython SDK for prediction and memory promotionjsonschemafor validatingCloneEventpayloads againstpackages/schema/events.schema.jsonuvfor dependency management (pyproject.toml+uv.lock)
Run it
cd apps/server
uv sync
uv run python manage.py migrate
uv run python manage.py runserver 0.0.0.0:8001
uv run python manage.py test # required before merging
Authentication
Every endpoint above requires IsAuthenticated. Two credentials are accepted:
- JWT —
Authorization: Bearer <access>(60-min lifetime; refresh viaPOST /api/auth/token/refresh/). - API key —
X-Clone-API-Key: clone_…(long-lived; rotate fromPOST /api/auth/keys/).
Per-user data is filtered server-side on request.user — clients cannot see other users' rows even with a valid token. See Authentication.
Anthropic integration
Prediction (predictions/llm.py) and memory promotion (memories/promotion.py) are the only paths that call Anthropic. Both share the same SUPPORTED_MODELS allow-list and the same DRF error mapping (APIKeyMissing → 503, RateLimitError → 429, AuthenticationError → 503, APIConnectionError → 503, APIStatusError → 502). The default model is claude-sonnet-4-6.