Beaver/beaver_project
6
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Refactor app instance to Keycloak SSO

Browse Source
This commit is contained in:
steven_li
2026-06-15 15:54:39 +08:00
parent fc9fd93c36
commit 461d1300ad
246 changed files with 1350 additions and 52721 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
docs/product-discovery/beaver/README.md
View File

@ -1,30 +1,50 @@
# Beaver Product Discovery
# Beaver Standalone App Instance
This folder covers Beaver as the whole product, not only one feature.
This branch narrows Beaver to a clean standalone app instance that an external orchestrator can deploy.
Beaver is an enterprise Agent sandbox and execution platform. It combines private deployment, per-user app instances, chat-to-task execution, task evidence, user acceptance, files, tools, skills, memory, connectors, scheduled work, and governance.
## Product Boundary
## Documents
The app instance provides:
- [Business Strategy HTML](./index.html): business-style product discovery, strategy canvas, target users, segmentation, and competitors.
- [Product PRD HTML](./product-prd.html): product PRD, outcome roadmap, module job stories, WWA backlog items, and test scenarios.
- [Product Discovery Report](./product-discovery-report.md): product understanding, users, JTBD, opportunities, assumptions, experiments, priorities, metrics, and 30/90 day recommendations.
- [Product Architecture Brief](./product-architecture-brief.md): product-facing architecture across auth, deployment control, routing, app instances, frontend, backend, Agent runtime, tools, skills, memory, files, connectors, and operations.
- [PRD](./PRD-beaver-agent-sandbox.md): full-product PRD for the Beaver Agent Sandbox.
- [Validation Plan](./validation-plan.md): customer, product, technical, security, usability, and business validation plan.
- [Launch And Maintenance Runbook](./launch-maintenance-runbook.md): launch phases, readiness checks, monitoring, incident response, maintenance cadence, and rollback.
- Chat and task workspace
- Files, tools, skills, memory, schedules, and runtime pages
- Backend API and WebSocket access behind the same origin
- Keycloak SSO login with Authorization Code Flow + PKCE
- JWT-based user identity using Keycloak `sub`
The app instance does not provide:
- Local registration or password login
- User ID lifecycle management
- Per-user instance creation
- Hostname routing
- Deployment control-plane APIs
- Keycloak client provisioning
## External Responsibilities
The external orchestrator owns:
- Container lifecycle
- Public URL, TLS, reverse proxy, and port mapping
- Data volume provisioning
- `config.json` provisioning
- Keycloak redirect URI and web origin registration
- Multi-instance or tenant mapping, if needed later
## Current SSO Values
```text
issuer: https://keycloak.bwgdi.com/realms/beaver
client_id: beaver-agnet
web_origin: http://172.19.0.245:18080
redirect_uri: http://172.19.0.245:18080/auth/callback
post_logout_redirect_uri: http://172.19.0.245:18080/logout/callback
```
## Source Material
- [Project README](../../../README.md)
- [Deployment Guide](../../../部署指南.md)
- [Domain Guide](../../../域名配置指引.md)
- [App Instance README](../../../app-instance/README.md)
- [Backend README](../../../app-instance/backend/README.md)
- [Recent Backend Features](../../../projcet_review/backend_recent_completed_features.md)
- [UI/UX Page Docs](../../ui-ux/README.md)
- [Customer Presentation](../../presentations/skill-replay-eval/index.html)
## Related Feature Discovery
- [Skill Replay Eval Discovery](../skill-replay-eval/README.md)