On this page
account_tree
Runtime Services
Understand the API, ingest gateway, workers, portals, and external dependencies.
Runtime Services
The platform is a modular Go backend plus SvelteKit frontends. Runtime state is externalized to PostgreSQL and object storage.
Backend Binaries
| Binary | Compose service | Command | Purpose |
|---|---|---|---|
api | api | /app/api | Main HTTP API, admin API, public verification, embedded ingest in dev. |
ingest | Optional standalone | /app/ingest | Agent-only /ingest/v1 gateway with dedicated least-privilege DB role. |
worker-proof | proof-worker | /app/worker-proof | Consumes proofs.validated; validates .der, decrypts, signs, creates certificates. |
worker | anchor-worker | /app/worker anchor | Consumes certificates.to_anchor; submits/updates anchors and regenerates PDFs after anchoring. |
worker | notification-worker | /app/worker notifications | Consumes notifications.to_send; sends SMTP/webhook deliveries and records retries/DLQ. |
worker | report-worker | /app/worker reports | Schedules and creates monthly billing reports and billing export artifacts. |
worker | retry-worker | /app/worker retry | Enqueues due proof retries and re-tests recoverable proof states. |
worker | maintenance-worker | /app/worker maintenance | Applies retention/anonymization and verifies audit/receipt chains. |
migrator | db-migrate profile | /app/migrator | Runs embedded SQL migrations. |
verifier | CLI image target | /app/verifier | Offline verification CLI foundation. |
The worker binary chooses its kind from the first argument or WORKER_KIND.
WORKER_ONCE=true runs one claim pass and exits, which is useful for controlled
maintenance or release validation.
External Dependencies
| Dependency | Current local implementation | Production expectation |
|---|---|---|
| PostgreSQL | pg17-pgmq image with migrations and dev seed data. | Managed PostgreSQL 17-compatible cluster, backups, monitoring, least-privilege roles. |
| Queue | Table-backed jobs and jobs_dlq. | Same table-backed queue unless product changes. |
| Object storage | MinIO buckets. | S3-compatible storage, bucket policy, optional filesystem backend for air-gapped installs. |
| Keycloak | Imported realms and seeded users. | Per-instance realms, web clients, service account, JWKS, optional federation. |
| Signer | In-process test signer. | Dedicated remote signer with mTLS, key IDs, HMAC, decrypt, PAdES/TSA, receipt signing, transaction signing. |
| Blockchain | noop chain. | Hedera adapter and deployed contracts once final inputs are available. |
| Notifications | Mailpit SMTP in local compose. | SMTP relay plus webhook delivery with SSRF policy. |
| Observability | OTel Collector, Prometheus, Loki, Tempo, Grafana. | Same signal path or compatible managed backend. |
Frontend Services
| App | Compose service | Purpose |
|---|---|---|
frontend | wipe-frontend | New SvelteKit BFF. OIDC tokens stay encrypted server-side in an HttpOnly session cookie. |
dashboard | wipe-dashboard | Existing dashboard/test console using proxy routes and generated HeyAPI client. |
admin-docs | wipe-admin-docs | Static Hugo/LotusDocs administrator handbook served by unprivileged Nginx. |
Both consume the backend OpenAPI-generated TypeScript client. After backend API
changes, regenerate from backend/docs/swagger/swagger.json and run frontend
type checks.
Data Flow
- A user or automation submits a
.derproof through/api/v1/proofs,/api/v1/proofs/bulk, or enrolled-agent/ingest/v1/proofs. - The API stores the proof object before processing and publishes a table-backed job in the same transaction.
- The proof worker validates the payload, uses the signer for decrypt/HMAC/PAdES operations, consumes license allocation, creates a certificate, and emits report/notification/anchor work as needed.
- The anchor worker updates on-chain metadata when a real chain is configured.
With the local
noopchain, certificates are finalized asCERTIFIED_NO_ANCHOR. - The public
/verifyendpoint validates public identifiers without exposing tenant, organization, proof, or certificate internal IDs in the response.