discadmin/disclosure-bureau
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
disclosure-bureau/infra/disclosure-stack/kong.yml

132 lines
3.4 KiB
YAML
Raw Normal View History

baseline: Disclosure Bureau pipeline + Next.js UI + Supabase stack
2026-05-18 01:44:36 +00:00
# Kong declarative config — Supabase API gateway.
# Routes:
# /auth/v1/* → GoTrue
# /rest/v1/* → PostgREST
# /realtime/v1/* → Realtime
# /storage/v1/* → Storage API
# /pg/* → postgres-meta (Studio backend)
_format_version: "2.1"
_transform: true
consumers:
- username: anon
keyauth_credentials:
- key: ${SUPABASE_ANON_KEY}
- username: service_role
keyauth_credentials:
- key: ${SUPABASE_SERVICE_KEY}
acls:
- consumer: anon
group: anon
- consumer: service_role
group: admin
services:
ship: synthesize 158 entities, AG-UI artifacts, chat persistence, auth flow Fase 3 onda 2 — entity synthesis at scale: - scripts/synthesize/20_entity_summary.py: queries DB for entities with total_mentions ≥ threshold + top-K verbatim chunk snippets via entity_mentions JOIN, prompts Sonnet (Holmes-Watson voice, bilingual), writes narrative_summary EN+PT-BR + summary_status=synthesized. Ran on 187 candidates (mentions ≥ 20) → 158 OK · 1 err · 29 skipped (no snippets). Combined with anchor curation: 20 curated + 158 synthesized = 178 entities with real narrative (vs 0 a day ago). Fase 4 — chat with typed artifacts + persistence: - lib/chat/agui.ts: AG-UI v1 typed Artifact union (citation, crop_image, entity_card, evidence_card, hypothesis_card, case_card, navigation_offer) alongside the existing event types. - lib/chat/tools.ts + openrouter.ts: hybrid_search emits up to 6 citation + crop_image artifacts per query. Provider collects them and returns in done.artifacts so the route can persist. - api/sessions/[id]/messages: persist artifacts to messages.citations. - components/chat-bubble.tsx: ArtifactCard renders inline cards (citation, crop_image, entity_card, navigation_offer) for streamed and persisted messages. activeId now persisted in localStorage so navigation between pages keeps the same conversation. New sessions are lazy (only when user has zero). loadMessages hydrates tools + artifacts from server. CRUD UI: rename (✎) + archive (🗑) buttons per session in the list. Home search: - doc-list-filters: input now fires hybrid_search (rerank=0 for speed) in parallel with the local title filter; chunk hits render above the doc grid with snippet + score + classification. - api/search/hybrid: accept ?rerank=0 to skip the cross-encoder (1.3s vs 60s). Auth flow: - infra: SMTP_HOST=mail.spacemail.com:587 + DMARC published; mail now lands in inbox. GOTRUE_MAILER_AUTOCONFIRM=false (real email verification). - kong.yml: proxy /auth/callback on api.disclosure.top → web:3000 so PKCE email links don't 404 at the gateway. - web/app/auth/callback: handle both ?code= (OAuth) and ?token=&type= (PKCE); redirect to the public site host before verifyOtp so the session cookie lands on the right domain. Audit deliverables: - .nirvana/outputs/disclosure-bureau/.../systems-atelier/: 5 docs (code analysis, tech debt, discovery brief, system arch, 5 ADRs) authored by sa-principal that produced this roadmap. Kept in-tree for traceability.
2026-05-18 06:52:59 +00:00
# GoTrue (Supabase v2.x) bakes the API_EXTERNAL_URL host into PKCE email
# confirmation links. Since our API gateway is api.disclosure.top but the
# /auth/callback handler lives on the Next.js site disclosure.top, emails
# would 404 at Kong. We catch the bare /auth/callback path on the api host
# and proxy it to the Next.js web service — the browser stays on the api
# subdomain but the Next.js handler still runs.
- name: auth-callback-proxy
url: http://web:3000
routes:
- name: auth-callback-proxy
paths: [/auth/callback]
strip_path: false
plugins:
- name: cors
baseline: Disclosure Bureau pipeline + Next.js UI + Supabase stack
2026-05-18 01:44:36 +00:00
- name: auth-v1-open
url: http://auth:9999/verify
routes:
- name: auth-v1-open
strip_path: true
paths: [/auth/v1/verify]
plugins:
- name: cors
- name: auth-v1-open-callback
url: http://auth:9999/callback
routes:
- name: auth-v1-open-callback
strip_path: true
paths: [/auth/v1/callback]
plugins:
- name: cors
- name: auth-v1-open-authorize
url: http://auth:9999/authorize
routes:
- name: auth-v1-open-authorize
strip_path: true
paths: [/auth/v1/authorize]
plugins:
- name: cors
- name: auth-v1
_comment: "GoTrue: /auth/v1/* -> http://auth:9999/*"
url: http://auth:9999/
routes:
- name: auth-v1-all
strip_path: true
paths: [/auth/v1/]
plugins:
- name: cors
- name: key-auth
config: { hide_credentials: false }
- name: acl
config: { hide_groups_header: true, allow: [admin, anon] }
- name: rest-v1
_comment: "PostgREST: /rest/v1/* -> http://rest:3000/*"
url: http://rest:3000/
routes:
- name: rest-v1-all
strip_path: true
paths: [/rest/v1/]
plugins:
- name: cors
- name: key-auth
config: { hide_credentials: true }
- name: acl
config: { hide_groups_header: true, allow: [admin, anon] }
- name: realtime-v1
_comment: "Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*"
url: http://realtime:4000/socket/
routes:
- name: realtime-v1-all
strip_path: true
paths: [/realtime/v1/]
plugins:
- name: cors
- name: key-auth
config: { hide_credentials: false }
- name: acl
config: { hide_groups_header: true, allow: [admin, anon] }
- name: storage-v1
_comment: "Storage: /storage/v1/* -> http://storage:5000/*"
url: http://storage:5000/
routes:
- name: storage-v1-all
strip_path: true
paths: [/storage/v1/]
plugins:
- name: cors
- name: meta
_comment: "pg-meta: /pg/* -> http://meta:8080/*"
url: http://meta:8080/
routes:
- name: meta-all
strip_path: true
paths: [/pg/]
plugins:
- name: key-auth
- name: acl
config: { hide_groups_header: true, allow: [admin] }
Reference in a new issue Copy permalink