mizan/docs/PRODUCT_ARCHITECTURE.md

# Product Architecture

*Revised April 2026.*

## Launch product: Mizan Render

**$20/seat/month.**

Protocol-aware Edge caching + PSR delivery via Cloudflare + render
Workers + TS backend hosting via Workers for Platforms.

Developer's stack = their backend + database. Cloudflare handles
read traffic, rendering, and caching.

## Deferred: Mizan Deploy

Django hosting requires IaaS compliance: gVisor, KMS, NIS2,
multi-state privacy. ~$5–8K legal costs.

**Deferred until Render revenue funds it.**

TS "Deploy" exists via Workers for Platforms at no additional
compliance cost.

## Free framework: origin-side cache (`mizan.cache`)

Shipped in `mizan_core.cache` (re-exported as `mizan.cache` from the
Django adapter) implementing the **full cache protocol locally** —
same HMAC key derivation and purge semantics as Edge.

Two backends behind a `CacheBackend` protocol:

- `MemoryCache` — in-memory dict (testing)
- `RedisCache` — production

### Dual purpose

1. Makes the free framework genuinely powerful (PSR + typed hooks +
   invalidation + caching with zero cost).
2. Provides a unit-testable surface for all cache mechanics without
   Cloudflare.

## Spec additions

- `@client(cache=False)` — uncacheable; emits `Cache-Control: no-store`.
- Cache ABI (`mizan.cache`): `cache_get(secret, backend, context, params)`,
  `cache_put(...)`, `cache_purge(backend, context, params=…, secret=…)`.

## Launch compliance (Render only)

Entirely Cloudflare Workers + management API (Django/Postgres):

- GDPR DPA + privacy policy + subprocessor list — ~$500–1K legal
- DMCA — $6
- No NIS2, no gVisor, no KMS

## Invariant

All architecture decisions target the Render-only launch posture.
Don't build Deploy infrastructure prematurely.