51 lines
1.4 KiB
Markdown
51 lines
1.4 KiB
Markdown
# Beaver Standalone App Instance
|
|
|
|
This branch narrows Beaver to a clean standalone app instance that an external orchestrator can deploy.
|
|
|
|
## Product Boundary
|
|
|
|
The app instance provides:
|
|
|
|
- Chat and task workspace
|
|
- Files, tools, skills, memory, schedules, and runtime pages
|
|
- Backend API and WebSocket access behind the same origin
|
|
- Keycloak SSO login with Authorization Code Flow + PKCE
|
|
- JWT-based user identity using Keycloak `sub`
|
|
|
|
The app instance does not provide:
|
|
|
|
- Local registration or password login
|
|
- User ID lifecycle management
|
|
- Per-user instance creation
|
|
- Hostname routing
|
|
- Deployment control-plane APIs
|
|
- Keycloak client provisioning
|
|
|
|
## External Responsibilities
|
|
|
|
The external orchestrator owns:
|
|
|
|
- Container lifecycle
|
|
- Public URL, TLS, reverse proxy, and port mapping
|
|
- Data volume provisioning
|
|
- `config.json` provisioning
|
|
- Keycloak redirect URI and web origin registration
|
|
- Multi-instance or tenant mapping, if needed later
|
|
|
|
## Current SSO Values
|
|
|
|
```text
|
|
issuer: https://keycloak.bwgdi.com/realms/beaver
|
|
client_id: beaver-agnet
|
|
web_origin: http://172.19.0.245:18080
|
|
redirect_uri: http://172.19.0.245:18080/auth/callback
|
|
post_logout_redirect_uri: http://172.19.0.245:18080/logout/callback
|
|
```
|
|
|
|
## Source Material
|
|
|
|
- [Project README](../../../README.md)
|
|
- [App Instance README](../../../app-instance/README.md)
|
|
- [Backend README](../../../app-instance/backend/README.md)
|
|
- [UI/UX Page Docs](../../ui-ux/README.md)
|