Beaver/beaver_project
6
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
KEYCLOAK_LOGIN
beaver_project/docs/product-discovery/beaver/README.md

1.4 KiB
Raw Permalink Blame History

Beaver Standalone App Instance

This branch narrows Beaver to a clean standalone app instance that an external orchestrator can deploy.

Product Boundary

The app instance provides:

  • Chat and task workspace
  • Files, tools, skills, memory, schedules, and runtime pages
  • Backend API and WebSocket access behind the same origin
  • Keycloak SSO login with Authorization Code Flow + PKCE
  • JWT-based user identity using Keycloak sub

The app instance does not provide:

  • Local registration or password login
  • User ID lifecycle management
  • Per-user instance creation
  • Hostname routing
  • Deployment control-plane APIs
  • Keycloak client provisioning

External Responsibilities

The external orchestrator owns:

  • Container lifecycle
  • Public URL, TLS, reverse proxy, and port mapping
  • Data volume provisioning
  • config.json provisioning
  • Keycloak redirect URI and web origin registration
  • Multi-instance or tenant mapping, if needed later

Current SSO Values

issuer:       https://keycloak.bwgdi.com/realms/beaver
client_id:    beaver-agnet
web_origin:   http://172.19.0.245:18080
redirect_uri: http://172.19.0.245:18080/auth/callback
post_logout_redirect_uri: http://172.19.0.245:18080/logout/callback

Source Material