Local Stack

Run the full local stack from the repository root:

  docker compose up --build
  

The root compose file builds the backend and both SvelteKit portals, then starts PostgreSQL with PGMQ, Keycloak, MinIO, Mailpit, OpenTelemetry Collector, Prometheus, Loki, Tempo, Grafana, API, workers, dashboard, and frontend.

Service URLs

ServiceURLNotes
APIhttp://localhost:8080Backend API, /healthz, /readyz, Swagger.
Swagger UIhttp://localhost:8080/swagger/index.htmlGenerated from backend annotations.
Frontend BFFhttp://localhost:5174New SvelteKit portal; OIDC tokens stay server-side.
Admin docshttp://localhost:5175Static Hugo/LotusDocs administrator handbook.
Dashboardhttp://localhost:5173Existing dashboard/test console.
Keycloakhttp://localhost:8081admin / admin.
PostgreSQLlocalhost:5432wipe / wipe, database wipe.
MinIO consolehttp://localhost:9001minioadmin / minioadmin.
Mailpithttp://localhost:8025Captured SMTP messages.
Grafanahttp://localhost:3000admin / admin.
Prometheushttp://localhost:9090Scrapes OTel Collector exporter.
Lokihttp://localhost:3100Logs.
Tempohttp://localhost:3200Traces.
OTLP gRPC/HTTPlocalhost:4317, localhost:4318Telemetry ingest.

Seeded Accounts

RealmUsernamePasswordRole
masterplatform-adminadminPLATFORM_ADMIN
masterbilling-operatoradminBILLING_OPERATOR
exawipeclient-adminadminCLIENT_ADMIN
exawipeclient-techadminCLIENT_TECH
exawipeauditoradminAUDITOR

The seeded direct-access clients are wipe-admin-cli for the master realm and wipe-dev-cli for the exawipe realm. The newer frontend BFF requires standard-flow web clients with PKCE: wipe-portal-admin in master and wipe-portal in exawipe.

Smoke Checks

Check liveness and readiness:

  curl -fsS http://localhost:8080/healthz
curl -fsS http://localhost:8080/readyz
  

Request an exawipe token:

  curl -s \
  -d grant_type=password \
  -d client_id=wipe-dev-cli \
  -d username=client-tech \
  -d password=admin \
  http://localhost:8081/realms/exawipe/protocol/openid-connect/token
  

Request a master token for admin smoke tests:

  curl -s \
  -d grant_type=password \
  -d client_id=wipe-admin-cli \
  -d username=platform-admin \
  -d password=admin \
  http://localhost:8081/realms/master/protocol/openid-connect/token
  

Dev Automation Secrets

Only use these in the local stack:

SecretPurpose
wipe_dev_agent.0123456789abcdef0123456789abcdefSeeded proof automation API key with proofs:write and proofs:read.
wipe_dev_enroll.0123456789abcdef0123456789abcdefSeeded one-time agent enrollment code when dev seeding is enabled.

Local signing uses SIGNER_MODE=test with deterministic test keys. It is not a custody boundary and must not be used for production.

Stop And Reset

Stop the stack:

  docker compose down
  

Reset local state by removing volumes:

  docker compose down -v
  

Do this only for local development. A shared or production environment requires backup and change approval before data deletion.