Skip to main content

apps/gateway/README.md

Source: apps/gateway/README.md

Imported Content

Anchor Gateway

Gateway service for Anchor MSP PSA.

Responsibilities

Authentication and workspace tenancy guard rails
Correlation ID and idempotency enforcement
REST API surface for core PSA entities
Telemetry ingest to workflow routing
Strict AgentField execution dispatch (no local fallback)
PostgreSQL-backed resource and workflow persistence

Run locally

pnpm --filter @anchor/gateway dev

Required env vars:

DATABASE_URL
AGENTFIELD_URL
AUTH_MODE + JWT settings when auth is enabled (AUTH_JWKS_URL supported for OIDC/JWKS validation)
AUDIT_SIGNING_SECRET
RESOURCE_ENCRYPTION_KEY_B64 for encrypted resource payloads (required in staging/prod)
ENGINE_ID + ENGINE_SKU for status/telemetry identity
EGI_CONTROL_CENTER_URL and optional EGI_TELEMETRY_TOKEN when telemetry is enabled

JWT auth expects sub, roles, and workspaceIds claims.

Required migrations:

infra/sql/0001_init.sql
infra/sql/0002_psa_resources.sql
infra/sql/0003_idempotency.sql
infra/sql/0004_event_pipeline.sql
infra/sql/0005_job_queue.sql
infra/sql/0006_security_hardening.sql
infra/sql/0007_configuration_plane.sql
infra/sql/0008_job_metadata.sql

Run outbox worker:

pnpm --filter @anchor/gateway worker:outbox

Run job processor worker:

pnpm --filter @anchor/gateway worker:jobs

Status compatibility endpoints:

GET /health
GET /api/v1/health
GET /.well-known/engine-status

Aggregation endpoints:

GET /api/v1/dashboard/summary
GET /api/v1/portal/summary
GET /api/v1/ops/summary

Imported Content
Responsibilities
Run locally