Apollo Map Studio

English

简体中文

English

简体中文

Architecture Overview

Apollo Map Studio is a TypeScript editor for Apollo HD-map data. It ships in two surface forms — a standalone web build and an Electron desktop bundle — sharing a single React 19 codebase. This page is the project's topographic map: every layer, every worker, every Electron process appears in one diagram, with module counts and the invariants that hold the system together. When this page disagrees with /ARCHITECTURE.md, the root summary wins; this document is its clickable index.

Reading order

  • Skim the mermaid diagram first to build a spatial sense of the system.
  • Follow "See also" cross-links to drill into a subsystem.
  • The invariants list is your audit checklist — any PR that breaks one must be defended explicitly in review.

1. Purpose and positioning

This project is not a traditional Web GIS annotation page. It is a lightweight CAD rendering engine plus relational spatial database running inside the browser. Goals (DESIGN.md §1):

  • 60 fps interaction at 100 000+ features. Roads, lanes, signals, stop lines, parking spaces, crosswalks, speed bumps, PNC junctions and overlaps all live in the GPU pipeline of the main thread.
  • Parametric geometry. No hard-coded shapes — every entity is compiled to GeoJSON in real time from a minimal parameter set (origin, dimensions, rotation, control points).
  • Strict decoupling. UI views, render canvas, spatial compute and state reference one another only by ID; deep object nesting is forbidden.
  • Protocol fidelity. TypeScript types map 1:1 to Apollo map_*.proto so protobuf round-trips lose no fields.

Design intent

We are building a CAD that can evolve down to a Rust/WebAssembly compute layer. Every module must therefore be replaceable, relocatable, and parallelisable — that is the root cause of the layering, the anti-corruption layer, and the worker boundaries.

2. Top-level system view

3. Module count by layer

LayerFiles (≈)Representative modules
components/~70WorkspaceLayout, MapCanvas, InspectorForms, SidebarPanel
hooks/~25useMapEventRouter, useColdLayer, useHotLayer, useActionDispatcher, useDrawCommit
store/7mapStore, uiStore, settingsStore, licenseStore, taskProgressStore, projDialogStore, apolloMapStore
lib/~12entityOps.ts and submodules, schemas.ts, geoJsonHelpers.ts, editable-guard.ts
core/~50actions/registry, elements/, fsm/editorMachine, geometry/, workers/, spatial/
types/4apollo.ts, editor.ts, entities.ts, inspectorSchema.ts
electron/3main.cts, preload.cts, license/

Counts drift with refactors; the figures above reflect the 2026-04 architecture audit. Use git ls-files | wc -l for the live number.

4. Load-bearing invariants

This is where audits start. Every invariant maps to a fact you can reproduce with git grep.

1. Unidirectional imports

components → hooks → store → lib → core. Reverse arrows are bugs. Audit: git grep -nE "from '@/(components|hooks)/" -- src/core src/lib src/store.

2. Apollo proto anti-corruption

UI may not import @/core/geometry/apolloCompile or specific @/types/apollo fields directly; everything flows through @/lib/entityOps. Audit: git grep "from '@/core/geometry/apolloCompile'" -- 'src/components/**' 'src/hooks/**'.

3. FSM as the single source of truth

Editor macro-state lives only in editorMachine (src/core/fsm/editorMachine.ts:130). Components must not maintain shadow "am-I-currently-drawing" booleans.

4. CANCEL before undo

useActionDispatcher.ts:76-82 sends CANCEL to the FSM before invoking temporal.undo(). Without this, mid-draw Ctrl+Z desyncs FSM drawPoints from mapStore.entities (R1 closure). Regression test: src/hooks/__tests__/undoCancel.test.ts.

5. Cold/hot separation

Committed entities → cold layer (worker compiles, single setData). Currently edited / dragged entity → hot layer (main thread, setData per frame). Sharing a GeoJSONSource between the two is a flaky-test factory.

6. Input-layer dedup is canonical

useMapEventRouter's isDuplicateInput already swallows the second click of a dblclick — the FSM must not perform compensatory slice(-1). The historical "polyline missing its last point" bug was double-compensation. See the comment block at editorMachine.ts:83-87.

7. Single zundo transaction per import

mapStore.batchImport collapses "write entities → reconcile topology → reconcile overlaps" into one immer producer, producing exactly one zundo history entry. Per-entity addEntity calls would blow up the history stack and exceed the limit configured by settingsStore.historyLimit.

5. Top-level public surface

EntryFileRole
WorkspaceLayoutsrc/components/layout/WorkspaceLayout.tsx:186Root layout — Dockview, FSM provider, license hooks
editorMachinesrc/core/fsm/editorMachine.ts:130XState 5 machine definition
ACTION_DEFSsrc/core/actions/registry/definitions.ts:22Global action table
useMapStoresrc/store/mapStore.ts:86Entity store + zundo undo
entityOpssrc/lib/entityOps.ts:1Apollo anti-corruption facade

6. Cross-subsystem interaction

7. Three-axis decomposition

Every file participates in three hierarchies at once:

Axis 1 — State 

mapStore (entities + zundo)
  └─ FSM (editorMachine drawing / selection state)
       └─ uiStore (preferences, layer visibility)
            └─ derived caches (spatial.worker, overlap.worker)

State flows downward: a mapStore mutation triggers FSM cleanup (src/hooks/useActionDispatcher.ts:104-110) which triggers worker re-decoration (src/hooks/useColdLayer.ts:236-275).

Axis 2 — Pipeline 

input → FSM event → store mutation → worker SYNC/INCREMENTAL → MapLibre setData

Hot edits run every frame; cold commits coalesce on RAF.

Axis 3 — Shell 

electron main ↔ contextBridge IPC ↔ renderer ↔ web workers

Only the desktop surface populates the leftmost link; everything to the right of renderer is identical between web and desktop builds.

8. Execution boundaries

BoundaryImplementationWhat crosses
Renderer ↔ Web WorkerpostMessage + structuredCloneWorkerRequest / WorkerResponse (src/core/workers/protocol.ts)
Renderer ↔ Electron maincontextBridge + ipcRenderer.invoketyped license payloads only — no Map, no Buffer, no DOM
Cold layer ↔ MapLibreGeoJSONSource.setData / updateDatafeature collections, never raw entities
FSM ↔ storeactor subscribe + manual sendevents (SELECT_TOOL, MOUSE_DOWN, CONFIRM, CANCEL, …)

Worker boundary cost

structuredClone is the dominant cost above ~5 000 entities. Two mitigations: chunked SYNC_BEGIN / SYNC_CHUNK / SYNC_FINISH (src/core/workers/spatialRequests.ts:82-115) and COLD_DELTA responses that ship only the changed entity groups (src/core/workers/spatialRequests.ts:117-137).

9. Common pitfalls

Cross-layer imports

components/ reaching for import x from '@/types/apollo' is the first sign of an anti-corruption breach. Apollo field access must travel through entityOps's MapEntity shape.

Double compensation

Be wary of drawPoints.slice(0, -1) inside the FSM. Input dedup already removed the duplicate click; another slice deletes a real point. See the comment at editorMachine.ts:83-87.

Drift during undo

Calling temporal.undo() while the FSM is still in a draw state breaks the R1 closure. Always CANCEL first.

Mutating entities outside an immer producer

zundo snapshots at the close of set((state) => ...). Side effects outside the producer never enter the history stack.

10. Source map (file:line refs)

  • src/components/layout/WorkspaceLayout.tsx:186WorkspaceLayout entry
  • src/core/fsm/editorMachine.ts:130setup({...}).createMachine body
  • src/core/fsm/editorMachine.ts:18-25DRAW_STATES single source of truth
  • src/core/actions/registry.ts:1-22ACTION_DEFS re-export
  • src/store/mapStore.ts:86-263useMapStore + zundo middleware
  • src/store/mapStore.ts:184-198batchImport single transaction
  • src/lib/entityOps.ts:12-39 — entityOps facade exports
  • src/lib/entityOps/edit.ts:76-85createEntity + applyDerive
  • src/hooks/useActionDispatcher.ts:76-82 — R1 CANCEL closure
  • ARCHITECTURE.md — single-page authoritative summary

11. Surfaces: web vs desktop

SurfaceEntryLicenseFile I/OProcess boundary
Webindex.htmlsrc/main.tsxnone — licenseBridge falls back to a permissive trial state (src/lib/license-bridge.ts:62-75)browser File API + downloadssingle renderer + workers
DesktopElectron BrowserWindow boots from electron/main.cts:18-54LicenseManager enforces Ed25519 + machine binding (electron/license/manager.cts:31-313)same browser-style API; main process never touches user mapsrenderer + workers + Electron main + license process

The renderer code is identical in both modes. The single seam is window.apolloMapStudioLicense, wired in electron/preload.cts:13-47 and read by src/lib/license-bridge.ts:77-101. When the bridge is absent (isDesktopBuild() === false), every license call resolves to the permissive fallbackState().

12. Performance budgets

MetricThresholdSource
50 000 entity import≤500 msbench-budgets.json
Cold layer setData (50k)≤180 msbench-budgets.json
Incremental overlap reconcile≤8 ms per mutationbench-budgets.json
pnpm bench in CIfails if any budget regressesscripts/check-bench-budget.mjs

Performance gating

Any PR that bumps bench-results.json above the budget fails CI without human review.

13. Security and threat model

ThreatMitigation
License bypassDesktop LicenseManager checks Ed25519 signature + machine ID binding (electron/license/manager.cts:31-313)
Debugger tampering with React stateRenderer only receives typed IPC payloads from the main process via contextBridge
Worker XSSWorkers have no DOM access; postMessage payloads are structured data
Third-party proto field churnThe anti-corruption layer (R2); UI never reads proto fields

14. See also

Contributors

The avatar of contributor named as kent kent

Changelog

Released under the CC BY-NC 4.0 License.

Copyright © 2024-present ShuYingJiYu