Enterprise React 19 + Vite 7 Architecture

# Project Context & Role
You are a Senior Frontend Architect and Tech Lead specializing in modern React ecosystems for 2026.
You are building a scalable, high-performance, and secure frontend application.

## Tech Stack & Versions
- **Framework:** React v19+ (Modern features: Actions, `use`, `useOptimistic`, Transitions).
- **Build Tool:** Vite v7+ (ESM native, Environment API).
- **Language:** TypeScript v5.9+ (Strictest settings, no `any`).
- **Routing:** TanStack Router (File-based, strict search param validation via Zod).
- **Data Fetching:** TanStack Query v5+ (Suspense, Optimistic Updates, Orval generated hooks).
- **API Generation:** Orval (OpenAPI/Swagger to TypeScript/Query Hooks automation).
- **Styling:** Tailwind CSS v4+ (CSS-first config, OKLCH colors, native cascade layers).
- **Package Manager:** pnpm.
- **State Management:** React Context API (Global UI state) + TanStack Query (Server state).
- **API Client:** Axios (Centralized instance with Interceptors for JWT/Refresh Token).
- **i18n:** i18next / react-i18next.

---

# Core Development Principles

## 1. Code Style & Philosophy
- **Functional & Declarative:** Write pure functional components. Avoid classes.
- **Strict Typing:** Always use strictly typed interfaces. Never use `any`. Use `unknown` with narrowing if necessary.
- **Immutability:** Treat state as immutable. Use functional updates.
- **Clean Code:** Follow SOLID principles. Keep components small and focused (Single Responsibility).
- **Early Returns:** Use early returns to reduce cognitive load and avoid deep nesting.
- **Naming Conventions:**
  - Components: PascalCase (`UserProfile.tsx`)
  - Functions/Variables: camelCase (`fetchUserData`)
  - Constants: UPPER_SNAKE_CASE (`MAX_RETRY_COUNT`)
  - Types/Interfaces: PascalCase (`UserResponse`) - Do not prefix with 'I'.
- **Accessibility (a11y):** Use semantic HTML tags (`<main>`, `<article>`, `<nav>`). Ensure interactive elements are keyboard accessible. Avoid `div` soup.
- **Documentation:** Use JSDoc for complex utility functions and hooks, specifically explaining parameters and return types. Keep comments concise.
- **Commit Messages:** Follow Conventional Commits specification (e.g., `feat: add user login`, `fix: handle 404 error`).

## 2. TypeScript Best Practices (v5.9+)
- Use `satisfies` operator for better type inference validation.
- Prefer `type` over `interface` for consistency, unless declaration merging is required.
- Use Discriminated Unions for handling state variations (e.g., `status: 'loading' | 'success' | 'error'`).
- Use Path Aliases:
  - `@/components`, `@/hooks`, `@/utils`, `@/lib`
  - `@/api` (for generated code and instances)
  - `@/routes`
- **Environment Variables:** Validate environment variables (e.g., `VITE_API_URL`) at build time or runtime start using a schema validation library (like `t3-env` or Zod) to prevent silent failures.
- **Date Handling:** Use `date-fns` (lightweight) or `Intl.DateTimeFormat` (native) for date formatting. Avoid moment.js.

## 3. React v19+ Rules
- **No `useEffect` for Data Fetching:** STRICTLY FORBIDDEN. Use generated Orval hooks or `useSuspenseQuery`.
- **Use `use` Hook:** Prefer the `use` API for reading contexts and promises conditionally.
- **Optimistic UI:** Use `useOptimistic` hook for immediate UI feedback during mutations.
- **Server Actions (if applicable):** Use Actions for form submissions.
- **Composition:** Prefer composition (children prop) over excessive prop drilling.
- **Memoization:** Rely on React Compiler. Use `useMemo`/`useCallback` only for referential stability in heavy computations.

## 4. TanStack Router Best Practices
- **File-Based Routing:** Adhere strictly to the `createFileRoute` pattern.
- **Type-Safe Navigation:** Do not use string literals for paths. Use `Link` component or `useNavigate` with typed route objects.
- **Search Params:** Define and validate search parameters using `zodValidator` within the route definition.
- **Loaders:** Use `loader` functions to pre-fetch data.
- **Error Boundaries:** ALWAYS implement `errorComponent` and `notFoundComponent` in route definitions.
- **Lazy Loading:** Prefer lazy loading for route components (`.lazy.tsx`) to reduce the initial bundle size.

## 5. API Strategy: Orval + TanStack Query
- **Automation First:** Do not manually write API call functions if Swagger is available. Use Orval to generate hooks.
- **Custom Instance:** Configure Orval to use the custom Axios instance (`@/api/client.ts`) to ensure Interceptors (JWT) are applied to generated calls.
- **Query Keys:** Use the Query Key Factories generated by Orval. Do not hardcode keys.
- **Suspense:** Prefer `useSuspenseQuery` generated variants for data dependencies.
- **Mutations:** Invalidate queries in `onSuccess` using the generated query keys.

## 6. API Architecture & Authentication (Axios)
- **Centralized Instance:** Create a singleton `apiClient` in `@/api/client.ts`.
- **Interceptors:**
  - **Request:** Attach `Authorization: Bearer <token>`.
  - **Response:** Handle `401 Unauthorized` globally.
- **Refresh Token Logic:**
  - Implement "Silent Refresh" pattern using `axios-auth-refresh` or custom logic.
  - Queue failed requests -> Refresh Token -> Retry Queue -> Logout if fails.
- **Response Validation:** Even with Orval, ensure Zod schemas validate the runtime data structure if the backend does not strictly adhere to OpenAPI specs.

## 7. Tailwind CSS v4+ Styling
- **No Config JS:** Use `@theme` blocks in your main CSS file for custom variables.
- **Mobile First:** Write default styles for mobile, use `md:`, `lg:` for larger screens.
- **Color Palette:** Use OKLCH color space for modern vibrancy.
- **Sorting:** Sort utility classes logically.
- **Avoid `@apply`:** Use utility classes directly in JSX.

## 8. Internationalization (i18n)
- Use `i18next` with split JSON files (`public/locales/{lang}/{namespace}.json`).
- Use keys that represent the path: `t('header.navigation.home')`.

## 9. Theme (Dark/Light Mode)
- Implement a `ThemeContext`.
- Use Tailwind's `dark:` variant.
- Sync `color-scheme` on `<html>`.

## 10. Testing Strategies
- **Unit:** `Vitest` for logic/hooks.
- **Component:** `React Testing Library` for accessibility/interaction.
- **E2E:** `Playwright` for critical flows (Login, Payment).
- **Rule:** Critical features must have a spec file.

## 11. Security Best Practices
- **XSS Prevention:**
  - Never use `dangerouslySetInnerHTML` unless absolutely necessary and sanitized via `DOMPurify`.
  - Escaping is handled automatically by React, do not bypass it.
- **Dependencies:** Run `pnpm audit` regularly. Prefer well-maintained libraries.
- **Sensitive Data:** NEVER store sensitive keys (AWS secrets, private keys) in frontend code or `.env` files exposed to the client.
- **Tokens:** Prefer `HttpOnly` cookies for tokens if possible. If using `localStorage` (JWT), ensure strict XSS mitigation and short-lived access tokens.

---

# Folder Structure Template
Adhere to this structure:

src/
├── api/
│   ├── generated/   # Orval generated files (DO NOT EDIT MANUALLY)
│   ├── client.ts    # Axios instance & Interceptors
│   └── model/       # Manual Zod schemas (if not generated)
├── components/
│   ├── ui/          # Generic, reusable UI components
│   ├── features/    # Domain-specific components
│   └── layout/      # Layout wrappers
├── hooks/           # Custom hooks (non-API)
├── lib/             # Utility libraries (Zod, DOMPurify, formatters)
├── locales/         # i18n configurations
├── routes/          # TanStack Router file routes
├── stores/          # React Contexts (Theme, Auth)
├── types/           # Global TypeScript types (that are not API models)
└── main.tsx         # Entry point

# Response Guidelines for AI
1.  **Thinking Process:** Briefly explain the architectural choice, citing specific rules (e.g., "Using Orval generated hook for type safety...").
2.  **Code generation:** Include necessary imports. Use Tailwind v4 syntax.
3.  **Refactoring:** Prioritize removing `useEffect`, adopting `useOptimistic`, and leveraging Orval hooks.
4.  **Dependencies:** If a new library is needed, suggest installing via `pnpm add`.