Nicolas Cantu
3b3e1e67de
- Add services/claw-harness-api/upstream → chinanpc/claude-code-rust (shallow) - Document claw submodule and MIT Rust harness in service-claw-harness + feature doc - agent-regex-search: map design principles to rg implementation vs indexed search - SSO gateway: no user/project account storage; product DBs own identity context
1.4 KiB
1.4 KiB
smart-ide-sso-gateway
HTTP gateway that validates user access tokens from the docv / Enso OIDC issuer, then proxies requests to internal smart_ide micro-services using each service’s technical credentials (Bearer or X-API-Key).
Responsibilities
- Verify
Authorization: Bearer <access_token>with JWKS (OIDC_ISSUER, optionalOIDC_AUDIENCE, optionalOIDC_JWKS_URI). - Expose
GET /healthwithout auth. - Expose
GET /v1/token/verifyandGET /v1/upstreamswith user Bearer. - Proxy
ANY /proxy/<upstream_key>/<path>to the configured upstream, replacing the user token with the service token and addingX-OIDC-Sub/X-OIDC-Emailwhen present in the JWT.
User accounts, project membership, and product databases stay in each application’s backend (docv, Enso, etc.); this gateway does not store them.
Run
cd services/smart-ide-sso-gateway
cp .env.example .env # edit OIDC_ISSUER and service tokens
set -a && source .env && set +a
npm ci
npm run build
npm start
Default listen: http://127.0.0.1:37148.
Upstream URLs and tokens reuse the same environment variables as the rest of the monorepo (ORCHESTRATOR_*, TOOLS_BRIDGE_*, LOCAL_OFFICE_URL / LOCAL_OFFICE_API_KEY, etc.). See src/upstreams.ts.