Architecture

The Sovereign Bridge: Rescuing Legacy via Context Impersonation

How we solved the infinite redirection trap in Post-Venta by engineering a safe bridging protocol between Legacy V4 and VENA V5.

The Sovereign Bridge: Rescuing Legacy via Context Impersonation

The Trap of the Global View

In the evolution of complex systems, there is a dangerous moment: when the new architecture (V5) tries to orchestrate the old one (V4). In our erpbsg-legado ecosystem, this tension manifested as a silent, infinite redirection loop that paralyzed the Post-Venta printing system.

This is the story of how we built The Sovereign Bridge to rescue legacy scripts without compromising modern security.

The Mess: The Infinite Redirection

The failure was subtle. When a user accessed the “Global View” of Post-Venta—a multi-tenant dashboard—the session was intentionally sanitized to prevent data leakage between brands. However, when the user tried to print a ticket, a legacy script (app-ticketprint.php) was invoked.

This old guardian, protected by a strict single-tenant lock (app-lock.php), saw the clean session and panicked. Not finding a brand context, it redirected to the Portal, which sent the user back to the Hub, starting the cycle again.

// The Legacy Guard (app-lock.php)
if (!isset($_SESSION['marca_apodo'])) {
    header("Location: portal.php"); // The infinite trap
    exit;
}

The system was technically safe, but functionally dead.

The Strategy: Controlled Impersonation

We refused to “fix” it by relaxing security. Instead, we applied the Strangler Pattern through a temporary bridge. The strategy was clear:

  1. Transmit Intent: Pass the target branch ID explicitly to the legacy script.
  2. The Guardian of the Gate: Before the legacy lock fires, the Kernel must validate the request.
  3. Impersonation: If and only if the user has legitimate access, the Kernel “impersonates” the tenant just long enough for the script to finish.

The Craft: Kernel->impersonateTenant()

We elevated the logic into the Kernel. Now, legacy scripts don’t need to know how to authenticate; they just ask the Kernel to prepare the context.

// src/Kernel.php (Simplified implementation)
public function impersonateTenant(int $branchId): bool {
    // Security by design: Check existing permissions
    if (!$this->userHasAccess($branchId)) {
        return false;
    }
    
    // Preparation of the Legacy Environment
    $context = $this->loadBranchContext($branchId);
    $_SESSION['marca_apodo'] = $context['nickname'];
    
    // Close session writing to prevent cross-tab contamination
    session_write_close();
    return true;
}

By adding three lines of code to the legacy script, we effectively “bridged” two eras of engineering.

The Result: Architectural Sovereignty

The result is more than a bug fix. We now have a standardized Legacy Bridging Protocol.

We didn’t just stop the redirection; we established a path to slowly decommission the legacy system piece by piece. The Printing System now works flawlessly from the Global View, and we gained the sovereignty to move forward without looking back at the ghosts of V4.

dammgo labs - Engineering as Art.