feat(runtime-control): 注册流程改为通过AuthZ服务

注册现在通过AuthZ进行处理，而登录/运行时查找仍然使用deploy-control。
更新了API调用逻辑，将注册请求从直接调用deploy-control和instance-api
改为统一调用AuthZ服务。

- 修改了注册API路由(/api/runtime/register)以使用callAuthzService
- 更新README.md文档说明新的架构流程
- 添加AUTHZ_API_BASE_URL环境变量配置
- 更新注册页面描述信息
- 移除了不再使用的callDeployControl和callInstanceApi相关代码

auth-portal/src/.gitignore

@@ -0,0 +1,4 @@
+node_modules/
+.next/
+*.tsbuildinfo
+npm-debug.log*

auth-portal/src/README.md

@@ -8,9 +8,10 @@ Dedicated login/register frontend for nanobot containers.
 
 ## Env
 
-The portal now talks to the deployment control API on the server side:
+Registration now goes through AuthZ, while login/runtime lookup still uses deploy-control:
 
 ```bash
+AUTHZ_API_BASE_URL=http://127.0.0.1:19090
 DEPLOY_API_BASE_URL=http://127.0.0.1:8090
 DEPLOY_API_TOKEN=change-me
 ```

auth-portal/src/app/api/runtime/register/route.ts

@@ -1,7 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 
 import type { TokenResponse } from '@/types/auth';
-import { HttpError, callDeployControl, callInstanceApi, normalizeTokenResponse } from '@/lib/runtime-control';
+import { HttpError, callAuthzService } from '@/lib/runtime-control';
 
 function errorStatus(error: unknown): number {
   if (error instanceof HttpError) {
@@ -32,23 +32,13 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ detail: 'username and password are required' }, { status: 400 });
     }
 
-    const routing = await callDeployControl<{
-      api_base_url?: string;
-      frontend_base_url?: string;
-      public_url?: string;
-    }>('/api/instances/register', {
+    const response = await callAuthzService<TokenResponse>('/portal/register', {
       username,
       email,
       password,
     });
 
-    const response = await callInstanceApi<TokenResponse>(routing.api_base_url || '', '/api/auth/register', {
-      username,
-      email,
-      password,
-    });
-
-    return NextResponse.json(normalizeTokenResponse(response, routing));
+    return NextResponse.json(response);
   } catch (error) {
     return NextResponse.json({ detail: errorDetail(error) }, { status: errorStatus(error) });
   }

auth-portal/src/app/register/page.tsx

@@ -47,7 +47,7 @@ export default function RegisterPage() {
           <div className="portal-notes">
             <div className="portal-note">
               <strong>注册结果</strong>
-              deploy-control 会创建实例，AuthZ 再补齐 backend 身份，auth portal 最后把你转交到该实例前端。
+              AuthZ 会编排 deploy-control 创建实例，并完成 backend 身份初始化，auth portal 最后把你转交到该实例前端。
             </div>
             <div className="portal-note">
               <strong>目标页面</strong>

auth-portal/src/env_template

@@ -1,2 +1,3 @@
+AUTHZ_API_BASE_URL=http://127.0.0.1:19090
 DEPLOY_API_BASE_URL=http://127.0.0.1:8090
 DEPLOY_API_TOKEN=change-me

auth-portal/src/lib/runtime-control.ts

@@ -1,5 +1,6 @@
 import type { TokenResponse } from '@/types/auth';
 
+const AUTHZ_API_BASE_URL = (process.env.AUTHZ_API_BASE_URL || 'http://127.0.0.1:19090').trim().replace(/\/+$/, '');
 const DEPLOY_API_BASE_URL = (process.env.DEPLOY_API_BASE_URL || 'http://127.0.0.1:8090').trim().replace(/\/+$/, '');
 const DEPLOY_API_TOKEN = (process.env.DEPLOY_API_TOKEN || '').trim();
 const REQUEST_TIMEOUT_MS = 15000;
@@ -79,6 +80,13 @@ export async function callDeployControl<T>(path: string, payload: JsonObject): P
   });
 }
 
+export async function callAuthzService<T>(path: string, payload: JsonObject): Promise<T> {
+  return fetchJson<T>(`${AUTHZ_API_BASE_URL}${path}`, {
+    method: 'POST',
+    body: JSON.stringify(payload),
+  });
+}
+
 export async function callInstanceApi<T>(apiBaseUrl: string, path: string, payload: JsonObject): Promise<T> {
   const baseUrl = apiBaseUrl.trim().replace(/\/+$/, '');
   if (!baseUrl) {