A full-stack task management application built with Bun, Hono, React, and shared TypeScript types.
This project focuses on end-to-end application architecture using the BHVR stack, emphasizing shared types, clean API boundaries, authentication flows, and pragmatic UI state management.
This project exists to demonstrate:
- End-to-end type safety between client and server
- Clean API design with predictable request/response flows
- Practical authentication patterns
- Shared domain models across frontend and backend
- A modern full-stack setup without framework lock-in
- Runtime: Bun
- Backend: Hono
- Frontend: React + Vite
- Type Sharing: Shared workspace package
- Monorepo Tooling: Turbo
This app is built on top of the BHVR stack, which provides a lightweight full-stack monorepo with shared types and flexible deployment options.
- User authentication flow suitable for local development and demos
- Task creation, completion, and deletion
- Client-side state synchronized with backend APIs using explicit request/response flows
- Shared task and user types across frontend and backend
- Clear separation of API, UI, and shared domain logic
Core functionality is complete and stable.
Planned follow-ups include:
- Database-backed persistence
- Production-grade authentication
- Deployment configuration
This project is intentionally scoped for architectural clarity rather than production completeness:
-
Authentication
- Uses a simplified token-based flow suitable for demos and local development.
- Tokens are stored client-side and are not persisted across server restarts.
- No password hashing or OAuth flows are implemented in this version.
-
Persistence
- Tasks are stored in memory on the server.
- Data resets on server restart; no database is currently configured.
- Persistence is a planned follow-up to demonstrate database integration.
-
Deployment
- The app is structured for flexible deployment, but is currently intended to run locally.
- Client and server can be deployed independently once persistence is added.
These constraints are deliberate to keep the focus on type sharing, API boundaries, and full-stack structure rather than infrastructure complexity.
If this application were being prepared for production use, I would make the following changes:
-
Authentication
- Replace the demo token flow with secure, hashed credentials and refresh-token rotation.
- Store auth tokens in HttpOnly cookies instead of localStorage.
- Add proper error handling, rate limiting, and account lockout protections.
-
Persistence
- Introduce a relational database (e.g. PostgreSQL or SQLite) for task and user data.
- Add migrations and explicit data access layers.
- Persist user sessions and task state across restarts.
-
API & Security
- Validate all request payloads using a schema validation layer.
- Harden headers and CORS configuration for production environments.
- Add structured logging and error monitoring.
-
Frontend
- Improve loading and error states for slower or unreliable networks.
- Add optimistic updates with rollback for a smoother UX.
- Improve accessibility auditing and keyboard flows across all views.
-
Deployment
- Deploy the API and client independently.
- Add environment-specific configuration and secrets management.
- Configure CI for linting, type-checking, and builds.
These changes are intentionally deferred in this version to keep the project focused on full-stack structure, type sharing, and API clarity rather than infrastructure complexity.
- ├── client/ # React frontend
- ├── server/ # Hono API
- ├── shared/ # Shared TypeScript types
bun install
bun run dev