# Gemini Project Context - Baron SSO

## Project Identity
- **Name**: Baron SSO
- **Organization**: `kr.co.baroncs`
- **Type**: User Authentication Hub & Unified Launcher
- **Core Philosophy**: Secure, Seamless, White-labeled.

## Technical Preferences
- **Language (Backend)**: Go (Golang) 1.25+
- **Framework (Backend)**: Fiber (v2.25+)
- **Database**:
    - PostgreSQL (Primary/Meta)
    - ClickHouse (Audit Logs - Local/Production)
- **Language (Frontend)**: Dart (Flutter 3.32+)
- **Platforms**: Web (PoC), iOS, Android.
- **Auth Provider**: Descope
    - **Method**: Enchanted Link only (No Magic Link).
    - **Requirement**: Invisible to end-users (White-labeling).

## Core Scenarios
1. **Same Browser SSO**: Access apps from Baron SSO launcher (logged in state).
2. **Cross-Device Auth**: Approve PC login via Mobile Baron SSO app (Enchanted Link required).
3. **Clean Login**: Email/SMS initial login. Future: OTP, MFA.

## Future Milestones
- **Passkey Support**: Expanded seamless auth for Scenario 2 & 3.
- **MFA Expansion**: OTP integration.

## Coding Standards
- **Go**: Follow standard Go project layout (`cmd`, `internal`, `pkg`). Use Clean Architecture principles where appropriate. Handle errors explicitly.
- **Flutter**: Use Riverpod for state management. Separate UI (Widgets) from Business Logic (Providers/Repositories).
- **General**: Comments in Korean or English (User is Korean speaker).

## Workspace Structure
Root: `/home/lectom/.gemini/antigravity/scratch/baron_sso`
- `/backend`: Go Fiber Application
- `/userfront`: Flutter Application
- `/docs`: Documentation (PRD, API Specs)

## Current Status
- **Planning Phase**: Completed PRD & Architecture.
- **Next**: Backend Setup (Go/Fiber).

## Reference Analysis (Descope Sample App)
- **Source**: `descope-sample-apps/flutter_sample_app_auth_func`
- **Findings**:
    - **Auth Check**: Checks `Descope.sessionManager.session?.refreshToken.isExpired`.
    - **Note**: Sample focuses on OAuth/OTP. Baron SSO requires **Enchanted Link**, which will use `Descope.auth.enchantedLink.signUpOrIn(...)` (inference based on SDK capability).
    - **Architecture**: Simple Provider/State management recommended (Riverpod chosen for Baron SSO).