Architecture

What runs inside your app and what Sunboard handles — the line between local and hosted.

Sunboard splits cleanly into two halves: the parts that run inside your app, and the parts Sunboard hosts for you. Knowing where that line falls makes the rest of the docs click.

What runs where

Your side (local)

Everything here lives in your codebase and runs on your infrastructure. Sunboard never sees your source code.

  • The Sunboard SDK (@sunboard/react) runs in your users' browsers, inside your app.
  • Your specs are YAML files in your repo, versioned with your commits.
  • Your selectors and track() calls live in your components.
  • Your user identity — you tell the SDK who the current user is (id + any properties). That data flows from your app, not from a Sunboard cookie or tracker.

Sunboard's side (hosted)

  • Stores your deployed onboarding versions and segment rules.
  • Decides and serves which experience a given user should see — and nothing goes live until you promote it.
  • Collects the activation events your app reports and turns them into analytics.
  • Hosts the dashboard (and backs the CLI) where you author, promote, and target.

How a user session works

At runtime the SDK makes two kinds of calls to Sunboard, both with your publishable key:

That's the whole runtime loop: ask what to show, then report what happened. The SDK never decides what's live on its own — it always reflects what you've promoted in Sunboard.

Two keys, two jobs

Sunboard uses two separate credentials, and keeping them straight is the key to the whole model:

Publishable key

NEXT_PUBLIC_SUNBOARD_KEY — safe to ship in the browser. Lets the SDK read the live experience and report events. It cannot change what's live.

Your CLI login

From `sunboard login`, stored on your machine / CI. Authenticated access to author, deploy, promote, and read analytics.

Publishing is always a deliberate step

Deploying from the CLI only uploads a candidate version — it never goes live by itself. You promote it in Sunboard. A leaked publishable key can read your onboarding and report events, but it can't publish or alter what your users see.

Next steps

Quick start

Install the CLI and ship your first experience.

Manual installation

See exactly what the SDK needs in your app.

TanStack Start

Wire the Sunboard React SDK into a TanStack Start app by hand.

Segmentation

How Sunboard decides which users see an experience — segments, rules, and routing.

On this page

What runs whereYour side (local)Sunboard's side (hosted)How a user session worksTwo keys, two jobsNext steps