Local Stack
Run the full reference stack from Docker Compose and verify seeded access.
Local Stack
Run the full local stack from the repository root:
docker compose up --build
The root compose file builds the backend and both SvelteKit portals, then starts PostgreSQL with PGMQ, Keycloak, MinIO, Mailpit, OpenTelemetry Collector, Prometheus, Loki, Tempo, Grafana, API, workers, dashboard, and frontend.
Service URLs
| Service | URL | Notes |
|---|---|---|
| API | http://localhost:8080 | Backend API, /healthz, /readyz, Swagger. |
| Swagger UI | http://localhost:8080/swagger/index.html | Generated from backend annotations. |
| Frontend BFF | http://localhost:5174 | New SvelteKit portal; OIDC tokens stay server-side. |
| Admin docs | http://localhost:5175 | Static Hugo/LotusDocs administrator handbook. |
| Dashboard | http://localhost:5173 | Existing dashboard/test console. |
| Keycloak | http://localhost:8081 | admin / admin. |
| PostgreSQL | localhost:5432 | wipe / wipe, database wipe. |
| MinIO console | http://localhost:9001 | minioadmin / minioadmin. |
| Mailpit | http://localhost:8025 | Captured SMTP messages. |
| Grafana | http://localhost:3000 | admin / admin. |
| Prometheus | http://localhost:9090 | Scrapes OTel Collector exporter. |
| Loki | http://localhost:3100 | Logs. |
| Tempo | http://localhost:3200 | Traces. |
| OTLP gRPC/HTTP | localhost:4317, localhost:4318 | Telemetry ingest. |
Seeded Accounts
| Realm | Username | Password | Role |
|---|---|---|---|
master | platform-admin | admin | PLATFORM_ADMIN |
master | billing-operator | admin | BILLING_OPERATOR |
exawipe | client-admin | admin | CLIENT_ADMIN |
exawipe | client-tech | admin | CLIENT_TECH |
exawipe | auditor | admin | AUDITOR |
The seeded direct-access clients are wipe-admin-cli for the master realm and
wipe-dev-cli for the exawipe realm. The newer frontend BFF requires
standard-flow web clients with PKCE: wipe-portal-admin in master and
wipe-portal in exawipe.
Smoke Checks
Check liveness and readiness:
curl -fsS http://localhost:8080/healthz
curl -fsS http://localhost:8080/readyz
Request an exawipe token:
curl -s \
-d grant_type=password \
-d client_id=wipe-dev-cli \
-d username=client-tech \
-d password=admin \
http://localhost:8081/realms/exawipe/protocol/openid-connect/token
Request a master token for admin smoke tests:
curl -s \
-d grant_type=password \
-d client_id=wipe-admin-cli \
-d username=platform-admin \
-d password=admin \
http://localhost:8081/realms/master/protocol/openid-connect/token
Dev Automation Secrets
Only use these in the local stack:
| Secret | Purpose |
|---|---|
wipe_dev_agent.0123456789abcdef0123456789abcdef | Seeded proof automation API key with proofs:write and proofs:read. |
wipe_dev_enroll.0123456789abcdef0123456789abcdef | Seeded one-time agent enrollment code when dev seeding is enabled. |
Local signing uses SIGNER_MODE=test with deterministic test keys. It is not a
custody boundary and must not be used for production.
Stop And Reset
Stop the stack:
docker compose down
Reset local state by removing volumes:
docker compose down -v
Do this only for local development. A shared or production environment requires backup and change approval before data deletion.