platform/portal
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: platform/portal:c051ae0626dc352bd61b611e81b0110b0608de67
Branches Tags
platform/portal:main platform/portal:feat/m5.2-shells
...
compare: platform/portal:feat/m5.2-shells
Branches Tags
platform/portal:main platform/portal:feat/m5.2-shells

4 Commits
c051ae0626 ... feat/m5.2-shells

Author SHA1 Message Date
sharang 2a12f2f7e4 chore: trigger ci
ci / test (pull_request) Successful in 27s
Details
ci / e2e (pull_request) Has been skipped
Details
ci / shared (pull_request) Successful in 3s
Details
ci / image (pull_request) Has been skipped
Details
2026-05-19 13:59:04 +02:00
sharang 60209428b5 feat(app): M5.2 — customer-area route shells + role-gated nav
ci / e2e (pull_request) Has been skipped
Details
ci / shared (pull_request) Successful in 4s
Details
ci / test (pull_request) Successful in 26s
Details
ci / image (pull_request) Has been skipped
Details 
Adds the M5.2 surface set per PLATFORM_ARCHITECTURE.md §5a. Every route
is a navigable skeleton with a per-route empty-state pointing at the
milestone that ships the real content; the Nav component filters links
by session.org_roles so an IT_ADMIN sees settings + api-keys, a CXO
sees billing, a USER sees only dashboard + products + support, etc.

New surfaces (10):
  /[slug]/products              M10.1
  /[slug]/projects              M10.1
  /[slug]/catalog               M11.1
  /[slug]/settings              M10.1
  /[slug]/settings/users        M10.1
  /[slug]/settings/api-keys     M15.1
  /[slug]/settings/integrations M15.2
  /[slug]/billing               M8.3
  /[slug]/audit                 M10.2
  /[slug]/support               M9.1

Dashboard upgraded: reads session.products, renders one tile per
entitled product (real tile content lands in M10.1). Empty-state when
the user has no entitlements yet — links into the catalog flow.

Backstage stub at /__backstage__ — middleware already rewrites
backstage.<apex>/* to this prefix; real RBAC against BREAKPILOT_ADMIN /
SUPPORT_ENGINEER / SALES_REP lands in M13.2.

Layout enforces tenant-slug match: a session with tenant_slug=A trying
to view /B/... gets redirected to /A/dashboard. Prevents JWT-replay
across tenants (defence in depth; the real guard is at the API layer,
which M4.3 adds in tenant-registry).

src/lib/session.ts is the single source of truth for the role matrix
+ canSee(surface) helper. 13 vitest cases, 100% coverage of src/lib.

Refs: M5.2
 2026-05-19 13:54:41 +02:00
sharang 2961f36cca fix(dev): point TENANT_REGISTRY_URL at :8090
ci / shared (push) Successful in 6s
Details
ci / test (push) Successful in 29s
Details
ci / e2e (push) Has been skipped
Details
ci / image (push) Has been skipped
Details 
Unblock local dev: Keycloak owns :8080, so tenant-registry shifts to :8090. Prod is functionally unchanged.

Refs: M5.1
 2026-05-19 09:47:38 +00:00
sharang e7a1290246 feat(app): Next.js 16 + Auth.js v5 portal skeleton
ci / shared (push) Successful in 4s
Details
ci / test (push) Successful in 26s
Details
ci / e2e (push) Has been skipped
Details
ci / image (push) Has been skipped
Details 
Next.js 16 + Auth.js v5 skeleton: host→slug middleware, tenant-context layout, OIDC sign-in flow against breakpilot-dev realm. 100% coverage on src/lib. Bumps next to 16.2.6 to clear trivy CVEs in 15.0.3.
 2026-05-19 09:35:05 +00:00
41 changed files with 6122 additions and 14 deletions
Expand all files Collapse all files
.env.example
+19
View File
@@ -0,0 +1,19 @@
# portal — local dev environment.
# Copy to .env.local (gitignored).
# Tenant Registry — see platform/tenant-registry. Run `make dev` there.
TENANT_REGISTRY_URL=http://localhost:8090
# Keycloak (dev stack from platform/orca-platform/dev).
KEYCLOAK_ISSUER=http://localhost:8080/realms/breakpilot-dev
KEYCLOAK_CLIENT_ID=dev-portal
# Public PKCE client — secret is structurally required by Auth.js but unused
# at the OAuth code-exchange step. Any non-empty placeholder works in dev.
KEYCLOAK_CLIENT_SECRET=unused-public-client
# Auth.js v5 — required for JWT signing.
# Generate with: openssl rand -base64 32
AUTH_SECRET=dev-secret-change-me-do-not-ship-replace-with-32-byte-random
AUTH_URL=http://localhost:3000
# In prod we'd set AUTH_TRUST_HOST=true behind orca-proxy; dev is loopback so leave unset.
.gitea/workflows/ci.yaml
+9 -3
View File
@@ -57,7 +57,7 @@ jobs:
test:
runs-on: docker
if: hashFiles('package.json') != ''
steps:
- uses: actions/checkout@v4
@@ -72,11 +72,17 @@ jobs:
- run: pnpm install --frozen-lockfile
- run: pnpm lint
- run: pnpm typecheck
- run: pnpm test --coverage
# `pnpm test` already includes --coverage via the package.json script.
- run: pnpm test
- name: coverage gate
run: |
node -e "const c=require('./coverage/coverage-summary.json').total.lines.pct; if (c<70) { console.error('coverage', c, '< 70%'); process.exit(1) }"
- run: pnpm build
- name: build
env:
# Required at build-time by Auth.js. Replaced by Infisical-sourced
# secret in stage/prod via Orca env injection (M5.1+).
AUTH_SECRET: ci-build-dummy-${{ github.sha }}
run: pnpm build
e2e:
needs: test
.gitignore
+22
View File
@@ -35,3 +35,25 @@ vendor/
# Rust
**/target/
# Next.js
.next/
out/
.vercel/
# Node
node_modules/
*.tsbuildinfo
next-env.d.ts.tmp
# Coverage
coverage/
# pnpm
.pnpm-store/
# Local env
.env.local
.env.development.local
.env.test.local
.env.production.local
CHANGELOG.md
+3
View File
@@ -6,6 +6,9 @@ Generated section is appended on release tag via `git-cliff` (see `.gitea/workfl
## [Unreleased]
### Added
- feat(app): M5.2 — customer-area route shells (settings, billing, audit, support, catalog, products, projects, settings/{users,api-keys,integrations}); shared Nav component reads session.org_roles and shows only what each role can see; backstage stub at /__backstage__; dashboard renders product tiles from session.products
- chore(deps): bump next + eslint-config-next to 16.2.6 to clear trivy CVEs (CVE-2025-29927 critical + 7 highs in next 15.0.3)
- feat(app): Next.js 16 + Auth.js v5 skeleton with host→slug middleware, tenant context layout, OIDC sign-in flow
-
### Changed
Dockerfile
+25
View File
@@ -0,0 +1,25 @@
# Multi-stage Next.js build using output: 'standalone'.
FROM node:20-alpine AS deps
WORKDIR /app
RUN corepack enable && corepack prepare pnpm@9 --activate
COPY package.json pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile
FROM node:20-alpine AS build
WORKDIR /app
RUN corepack enable && corepack prepare pnpm@9 --activate
COPY --from=deps /app/node_modules ./node_modules
COPY . .
RUN pnpm build
FROM node:20-alpine AS run
WORKDIR /app
ENV NODE_ENV=production
ENV PORT=3000
COPY --from=build /app/public ./public
COPY --from=build /app/.next/standalone ./
COPY --from=build /app/.next/static ./.next/static
USER node
EXPOSE 3000
CMD ["node", "server.js"]
Makefile
+37
View File
@@ -0,0 +1,37 @@
# portal — Next.js 15 + Auth.js v5 customer portal + backstage.
.PHONY: help install dev test lint typecheck build docker clean
help:
@echo "portal targets:"
@echo " make install pnpm install"
@echo " make dev pnpm dev (http://localhost:3000)"
@echo " make test pnpm test (vitest + coverage)"
@echo " make lint pnpm lint"
@echo " make typecheck pnpm typecheck"
@echo " make build pnpm build (Next.js production build)"
@echo " make docker build local image (portal:dev)"
install:
@pnpm install --frozen-lockfile
dev:
@pnpm dev
test:
@pnpm test
lint:
@pnpm lint
typecheck:
@pnpm typecheck
build:
@pnpm build
docker:
@docker build -t portal:dev .
clean:
@rm -rf .next coverage node_modules/.cache
README.md
+35 -11
View File
@@ -1,6 +1,6 @@
# portal
Next.js 15 customer area + backstage.
Next.js 16 customer area + backstage.
> Part of the **Breakpilot Platform**. For the big picture see [`platform/docs`](https://gitea.meghsakha.com/platform/docs):
> [Architecture](https://gitea.meghsakha.com/platform/docs/src/branch/main/PLATFORM_ARCHITECTURE.md) ·
@@ -10,7 +10,7 @@ Next.js 15 customer area + backstage.
## What this is
Next.js 15 customer area + backstage. Scaffolded under milestone M5.1. See [`platform/docs`](https://gitea.meghsakha.com/platform/docs) for the full architecture context.
Next.js 16 customer area + backstage. Scaffolded under milestone M5.1. See [`platform/docs`](https://gitea.meghsakha.com/platform/docs) for the full architecture context.
**Plane:** Control
**Owner:** @sharang
@@ -20,19 +20,43 @@ Next.js 15 customer area + backstage. Scaffolded under milestone M5.1. See [`pla
## Run locally
```bash
# prerequisites: see CONTRIBUTING.md for tooling once code lands
make dev # starts dependencies + this service on http://localhost:3000
make test # unit + integration
make e2e # only if this repo ships user-facing flows
# Prerequisites: Node 20+, pnpm 9+, the dev stack running.
# 1. Bring up Keycloak + Postgres + Redis (separate clone):
cd /path/to/platform/orca-platform && make dev-up
# 2. Run tenant-registry (separate clone):
cd /path/to/platform/tenant-registry && make dev
# 3. Run this app:
make install # pnpm install --frozen-lockfile
make dev # next dev on http://localhost:3000
# Or hit a real tenant immediately:
# open http://acme.localhost:3000 → redirects to Keycloak → back to /acme/dashboard
```
Local secrets come from `.env.local` (gitignored). Template at `.env.example`.
Seed login (from the dev-stack realm): `test@breakpilot.dev` / `test`.
## Endpoints / surface
`make test` / `make lint` / `make typecheck` / `make build` run vitest / eslint / tsc / next build respectively.
{{For services: list the top-level routes or commands.
For libraries: list the public API entry points.
For IaC: list the make targets.}}
Env vars live in `.env.example`. Copy to `.env.local` for local overrides (gitignored).
## Surface
| Route | Renders |
|---|---|
| `http://localhost:3000/` | Apex landing — pointer to tenant subdomains |
| `http://<slug>.localhost:3000/` | Middleware rewrites to `/[slug]/` → redirects to `/[slug]/dashboard` |
| `http://<slug>.localhost:3000/dashboard` | OIDC-gated dashboard; signed-out users see "Sign in with Keycloak" |
| `http://backstage.localhost:3000/` | (Skeleton) backstage route — rewritten to `/__backstage__/*` |
| `/api/auth/[...nextauth]` | Auth.js v5 endpoints (callback, signin, signout, jwt) |
## Architecture notes
- **Host → slug routing**: `src/middleware.ts` parses `Host` header via `parseHost()` (in `src/lib/host.ts`) and rewrites the request path to `/<slug>/...`. URL bar stays unchanged. Apex hosts and unknown subdomains fall through unmodified.
- **Tenant context**: `src/app/[slug]/layout.tsx` fetches the tenant from `tenant-registry` (`src/lib/tenant-registry.ts`). 404 → `notFound()`; HTTP errors bubble up.
- **Auth**: `src/auth.ts` is the Auth.js v5 config — Keycloak provider, tenant-context claims (`tenant_id`, `tenant_slug`, `org_roles`, `products`, `plan`, `tenant_status`) propagated via JWT/session callbacks. Real RBAC enforcement lands in M5.2 / M10.1.
## Deployment
eslint.config.mjs
+13
View File
@@ -0,0 +1,13 @@
// eslint-config-next v16 ships flat-config exports natively; no FlatCompat shim.
import nextWebVitals from "eslint-config-next/core-web-vitals";
import nextTypescript from "eslint-config-next/typescript";
const config = [
...nextWebVitals,
...nextTypescript,
{
ignores: [".next/**", "node_modules/**", "coverage/**", "next-env.d.ts"],
},
];
export default config;
next-env.d.ts
Vendored
+6
View File
@@ -0,0 +1,6 @@
/// <reference types="next" />
/// <reference types="next/image-types/global" />
import "./.next/types/routes.d.ts";
// NOTE: This file should not be edited
// see https://nextjs.org/docs/app/api-reference/config/typescript for more information.
next.config.ts
+11
View File
@@ -0,0 +1,11 @@
import type { NextConfig } from "next";
const config: NextConfig = {
reactStrictMode: true,
output: "standalone",
experimental: {
typedRoutes: true,
},
};
export default config;
package.json
+35
View File
@@ -0,0 +1,35 @@
{
"name": "@breakpilot/portal",
"version": "0.0.0",
"private": true,
"description": "Customer-facing portal + platform-staff backstage. Next.js + Auth.js v5.",
"license": "UNLICENSED",
"engines": {
"node": ">=20",
"pnpm": ">=9"
},
"scripts": {
"dev": "next dev --port 3000",
"build": "next build",
"start": "next start --port 3000",
"lint": "eslint . --max-warnings 0",
"typecheck": "tsc --noEmit",
"test": "vitest run --coverage"
},
"dependencies": {
"next": "16.2.6",
"next-auth": "5.0.0-beta.25",
"react": "19.0.0",
"react-dom": "19.0.0"
},
"devDependencies": {
"@types/node": "20.16.10",
"@types/react": "19.0.1",
"@types/react-dom": "19.0.1",
"@vitest/coverage-v8": "2.1.8",
"eslint": "9.15.0",
"eslint-config-next": "16.2.6",
"typescript": "5.7.2",
"vitest": "2.1.8"
}
}
pnpm-lock.yaml
Generated
+4941
View File
File diff suppressed because it is too large Load Diff
src/app/[slug]/audit/page.tsx
+16
View File
@@ -0,0 +1,16 @@
import { auth } from "@/auth";
import { NotAuthorized, ShellEmpty } from "@/components/ShellEmpty";
import type { SessionWithExtras } from "@/lib/session";
import { canSee } from "@/lib/session";
export default async function Page() {
const session = (await auth()) as SessionWithExtras | null;
if (!canSee(session, "audit")) return <NotAuthorized />;
return (
<ShellEmpty
title="Audit log"
description="Every state-changing action across portal + products."
milestone="M10.2"
/>
);
}
src/app/[slug]/billing/page.tsx
+16
View File
@@ -0,0 +1,16 @@
import { auth } from "@/auth";
import { NotAuthorized, ShellEmpty } from "@/components/ShellEmpty";
import type { SessionWithExtras } from "@/lib/session";
import { canSee } from "@/lib/session";
export default async function Page() {
const session = (await auth()) as SessionWithExtras | null;
if (!canSee(session, "billing")) return <NotAuthorized />;
return (
<ShellEmpty
title="Billing"
description="Plan, seats, invoices. Polar Checkout opens here."
milestone="M8.3"
/>
);
}
src/app/[slug]/catalog/page.tsx
+16
View File
@@ -0,0 +1,16 @@
import { auth } from "@/auth";
import { NotAuthorized, ShellEmpty } from "@/components/ShellEmpty";
import type { SessionWithExtras } from "@/lib/session";
import { canSee } from "@/lib/session";
export default async function Page() {
const session = (await auth()) as SessionWithExtras | null;
if (!canSee(session, "catalog")) return <NotAuthorized />;
return (
<ShellEmpty
title="Catalog"
description="Products you can add to your subscription."
milestone="M11.1"
/>
);
}
src/app/[slug]/dashboard/page.tsx
+102
View File
@@ -0,0 +1,102 @@
import { auth, signIn, signOut } from "@/auth";
import { ShellEmpty } from "@/components/ShellEmpty";
import type { SessionWithExtras } from "@/lib/session";
export default async function Dashboard({
params,
}: {
params: Promise<{ slug: string }>;
}) {
const { slug } = await params;
const session = (await auth()) as SessionWithExtras | null;
if (!session) {
async function login() {
"use server";
await signIn("keycloak", { redirectTo: `/${slug}/dashboard` });
}
return (
<section style={{ maxWidth: 480 }}>
<h1 style={{ fontSize: 28, marginBottom: 12 }}>Sign in to {slug}</h1>
<form action={login}>
<button
type="submit"
style={{
padding: "10px 16px",
background: "#0070f3",
color: "white",
border: "none",
borderRadius: 6,
fontSize: 14,
cursor: "pointer",
}}
>
Sign in with Keycloak
</button>
</form>
</section>
);
}
async function logout() {
"use server";
await signOut({ redirectTo: `/${slug}/dashboard` });
}
const products = session.products ?? [];
return (
<section>
<h1 style={{ fontSize: 28, marginBottom: 8 }}>Dashboard</h1>
<p style={{ color: "#444", marginBottom: 24 }}>
Welcome, {session.user?.name ?? session.user?.email ?? "user"}. Signed in
as <code>{session.org_roles?.join(", ") ?? "(no roles)"}</code>.
</p>
<h2 style={{ fontSize: 18, marginTop: 24, marginBottom: 12 }}>Your products</h2>
{products.length === 0 ? (
<ShellEmpty
title="No products yet"
description="Browse the catalog and request access to a product, or start a 14-day trial."
milestone="M11.1"
/>
) : (
<ul style={{ listStyle: "none", padding: 0, display: "grid", gap: 12, gridTemplateColumns: "repeat(auto-fill, minmax(220px, 1fr))" }}>
{products.map((p) => (
<li
key={p}
style={{
padding: 16,
border: "1px solid #eaeaea",
borderRadius: 8,
background: "white",
}}
>
<strong style={{ textTransform: "capitalize" }}>{p}</strong>
<p style={{ color: "#666", fontSize: 13, marginTop: 4 }}>
Tile content lands in <code>M10.1</code>.
</p>
</li>
))}
</ul>
)}
<form action={logout} style={{ marginTop: 32 }}>
<button
type="submit"
style={{
padding: "8px 12px",
background: "white",
color: "#0070f3",
border: "1px solid #0070f3",
borderRadius: 6,
fontSize: 13,
cursor: "pointer",
}}
>
Sign out
</button>
</form>
</section>
);
}
src/app/[slug]/layout.tsx
+51
View File
@@ -0,0 +1,51 @@
import { notFound, redirect } from "next/navigation";
import type { ReactNode } from "react";
import { auth } from "@/auth";
import { Nav } from "@/components/Nav";
import type { SessionWithExtras } from "@/lib/session";
import { fetchTenantBySlug } from "@/lib/tenant-registry";
export default async function TenantLayout({
children,
params,
}: {
children: ReactNode;
params: Promise<{ slug: string }>;
}) {
const { slug } = await params;
const tenant = await fetchTenantBySlug(slug);
if (!tenant) notFound();
const session = (await auth()) as SessionWithExtras | null;
// Tenant mismatch guard — a JWT scoped to tenant A must not be allowed
// to view tenant B. If the slug in the path doesn't match the session
// tenant_slug, redirect back to whatever this user CAN see.
if (session && session.tenant_slug && session.tenant_slug !== slug) {
redirect(`/${session.tenant_slug}/dashboard`);
}
return (
<div style={{ display: "flex", minHeight: "100vh" }}>
{session ? <Nav slug={slug} session={session} /> : null}
<div style={{ flex: 1 }}>
<header
style={{
padding: "12px 24px",
borderBottom: "1px solid #eaeaea",
background: "white",
display: "flex",
alignItems: "center",
justifyContent: "space-between",
}}
>
<strong>{tenant.name}</strong>
<span style={{ fontSize: 12, color: "#666" }}>
{tenant.plan} · {tenant.status}
</span>
</header>
<main style={{ padding: 24 }}>{children}</main>
</div>
</div>
);
}
src/app/[slug]/page.tsx
+10
View File
@@ -0,0 +1,10 @@
import { redirect } from "next/navigation";
export default async function TenantRoot({
params,
}: {
params: Promise<{ slug: string }>;
}) {
const { slug } = await params;
redirect(`/${slug}/dashboard`);
}
src/app/[slug]/products/page.tsx
+16
View File
@@ -0,0 +1,16 @@
import { auth } from "@/auth";
import { NotAuthorized, ShellEmpty } from "@/components/ShellEmpty";
import type { SessionWithExtras } from "@/lib/session";
import { canSee } from "@/lib/session";
export default async function Page() {
const session = (await auth()) as SessionWithExtras | null;
if (!canSee(session, "dashboard")) return <NotAuthorized />;
return (
<ShellEmpty
title="Products"
description="Per-product tiles — open into the embedded web component."
milestone="M10.1"
/>
);
}
src/app/[slug]/projects/page.tsx
+16
View File
@@ -0,0 +1,16 @@
import { auth } from "@/auth";
import { NotAuthorized, ShellEmpty } from "@/components/ShellEmpty";
import type { SessionWithExtras } from "@/lib/session";
import { canSee } from "@/lib/session";
export default async function Page() {
const session = (await auth()) as SessionWithExtras | null;
if (!canSee(session, "projects")) return <NotAuthorized />;
return (
<ShellEmpty
title="Projects"
description="Sub-tenancy: GCP-Project-style scoping per product."
milestone="M10.1"
/>
);
}
src/app/[slug]/settings/api-keys/page.tsx
+16
View File
@@ -0,0 +1,16 @@
import { auth } from "@/auth";
import { NotAuthorized, ShellEmpty } from "@/components/ShellEmpty";
import type { SessionWithExtras } from "@/lib/session";
import { canSee } from "@/lib/session";
export default async function Page() {
const session = (await auth()) as SessionWithExtras | null;
if (!canSee(session, "api-keys")) return <NotAuthorized />;
return (
<ShellEmpty
title="API keys"
description="Per-tenant API keys for headless product access."
milestone="M15.1"
/>
);
}
src/app/[slug]/settings/integrations/page.tsx
+16
View File
@@ -0,0 +1,16 @@
import { auth } from "@/auth";
import { NotAuthorized, ShellEmpty } from "@/components/ShellEmpty";
import type { SessionWithExtras } from "@/lib/session";
import { canSee } from "@/lib/session";
export default async function Page() {
const session = (await auth()) as SessionWithExtras | null;
if (!canSee(session, "integrations")) return <NotAuthorized />;
return (
<ShellEmpty
title="Integrations"
description="Webhooks, outbound integrations, external IdP config."
milestone="M15.2"
/>
);
}
src/app/[slug]/settings/page.tsx
+16
View File
@@ -0,0 +1,16 @@
import { auth } from "@/auth";
import { NotAuthorized, ShellEmpty } from "@/components/ShellEmpty";
import type { SessionWithExtras } from "@/lib/session";
import { canSee } from "@/lib/session";
export default async function Page() {
const session = (await auth()) as SessionWithExtras | null;
if (!canSee(session, "settings")) return <NotAuthorized />;
return (
<ShellEmpty
title="Settings"
description="Tenant identity, SSO, organization defaults."
milestone="M10.1"
/>
);
}
src/app/[slug]/settings/users/page.tsx
+16
View File
@@ -0,0 +1,16 @@
import { auth } from "@/auth";
import { NotAuthorized, ShellEmpty } from "@/components/ShellEmpty";
import type { SessionWithExtras } from "@/lib/session";
import { canSee } from "@/lib/session";
export default async function Page() {
const session = (await auth()) as SessionWithExtras | null;
if (!canSee(session, "users")) return <NotAuthorized />;
return (
<ShellEmpty
title="Users"
description="Invite IT_ADMIN, CXO, FINANCE, LEGAL, USER. Role assignment."
milestone="M10.1"
/>
);
}
src/app/[slug]/support/page.tsx
+16
View File
@@ -0,0 +1,16 @@
import { auth } from "@/auth";
import { NotAuthorized, ShellEmpty } from "@/components/ShellEmpty";
import type { SessionWithExtras } from "@/lib/session";
import { canSee } from "@/lib/session";
export default async function Page() {
const session = (await auth()) as SessionWithExtras | null;
if (!canSee(session, "support")) return <NotAuthorized />;
return (
<ShellEmpty
title="Support"
description="Submit a ticket — Frappe HD customer portal embedded."
milestone="M9.1"
/>
);
}
src/app/__backstage__/page.tsx
+30
View File
@@ -0,0 +1,30 @@
import { auth } from "@/auth";
import type { SessionWithExtras } from "@/lib/session";
// Backstage — platform-staff-only surface. The middleware rewrites
// http://backstage.localhost:3000/* → /__backstage__/* so this is
// reachable only via that hostname. Real RBAC (BREAKPILOT_ADMIN /
// SUPPORT_ENGINEER / SALES_REP) lands in M13.2.
export default async function Backstage() {
const session = (await auth()) as SessionWithExtras | null;
if (!session) {
return (
<section style={{ padding: 32 }}>
<h1 style={{ fontSize: 28, marginBottom: 8 }}>Backstage</h1>
<p>Sign in with a BREAKPILOT_ADMIN / SUPPORT_ENGINEER / SALES_REP account.</p>
</section>
);
}
return (
<section style={{ padding: 32 }}>
<h1 style={{ fontSize: 28, marginBottom: 8 }}>Backstage</h1>
<p>
Signed in as <code>{session.user?.email}</code>.
</p>
<p style={{ marginTop: 24, color: "#666" }}>
Tenants list, leads, demo console, impersonation all land in M13.2 / M14.x.
</p>
</section>
);
}
src/app/api/auth/[...nextauth]/route.ts
+3
View File
@@ -0,0 +1,3 @@
import { handlers } from "@/auth";
export const { GET, POST } = handlers;
src/app/layout.tsx
+25
View File
@@ -0,0 +1,25 @@
import type { Metadata } from "next";
import type { ReactNode } from "react";
export const metadata: Metadata = {
title: "Breakpilot",
description: "Breakpilot Platform — customer portal",
};
export default function RootLayout({ children }: { children: ReactNode }) {
return (
<html lang="en">
<body
style={{
margin: 0,
fontFamily:
'system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", sans-serif',
background: "#fafafa",
color: "#111",
}}
>
{children}
</body>
</html>
);
}
src/app/page.tsx
+18
View File
@@ -0,0 +1,18 @@
// Apex landing page. In dev this is what loads at http://localhost:3000.
// Tenant portals live at http://<slug>.localhost:3000 (middleware rewrites).
export default function Apex() {
return (
<main style={{ maxWidth: 720, margin: "10vh auto", padding: "0 24px" }}>
<h1 style={{ fontSize: 32, marginBottom: 16 }}>Breakpilot</h1>
<p>
Customer portals live at <code>&lt;tenant&gt;.localhost:3000</code> in dev,{" "}
<code>&lt;tenant&gt;.breakpilot.com</code> in prod. Backstage lives at{" "}
<code>backstage.&lt;apex&gt;</code>.
</p>
<p style={{ marginTop: 24 }}>
Try: <a href="http://acme.localhost:3000">http://acme.localhost:3000</a>
</p>
</main>
);
}
src/auth.ts
+59
View File
@@ -0,0 +1,59 @@
// Auth.js v5 — Keycloak provider.
//
// Dev uses the breakpilot-dev realm from platform/orca-platform/dev. The
// realm's dev-portal client is a public PKCE client; we still pass a
// non-empty clientSecret because the Keycloak provider requires it
// structurally — it's unused in the auth code grant for public clients
// when PKCE is enabled.
import NextAuth from "next-auth";
import Keycloak from "next-auth/providers/keycloak";
export const { handlers, auth, signIn, signOut } = NextAuth({
providers: [
Keycloak({
clientId: process.env.KEYCLOAK_CLIENT_ID ?? "dev-portal",
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET ?? "unused-public-client",
issuer:
process.env.KEYCLOAK_ISSUER ??
"http://localhost:8080/realms/breakpilot-dev",
}),
],
callbacks: {
async jwt({ token, profile }) {
// Pass the breakpilot-dev realm's custom claims through to the session.
if (profile) {
token.tenant_id = (profile as Record<string, unknown>).tenant_id as
| string
| undefined;
token.tenant_slug = (profile as Record<string, unknown>).tenant_slug as
| string
| undefined;
token.org_roles = (profile as Record<string, unknown>).org_roles as
| string[]
| undefined;
token.products = (profile as Record<string, unknown>).products as
| string[]
| undefined;
token.plan = (profile as Record<string, unknown>).plan as
| string
| undefined;
token.tenant_status = (profile as Record<string, unknown>)
.tenant_status as string | undefined;
}
return token;
},
async session({ session, token }) {
session.user = session.user ?? { name: null, email: null, image: null };
Object.assign(session, {
tenant_id: token.tenant_id,
tenant_slug: token.tenant_slug,
org_roles: token.org_roles,
products: token.products,
plan: token.plan,
tenant_status: token.tenant_status,
});
return session;
},
},
});
src/components/Nav.tsx
+40
View File
@@ -0,0 +1,40 @@
import Link from "next/link";
import type { Surface, SessionWithExtras } from "@/lib/session";
import { canSee } from "@/lib/session";
type NavLink = {
href: string;
label: string;
surface: Surface;
};
export function Nav({ slug, session }: { slug: string; session: SessionWithExtras }) {
const links: NavLink[] = [
{ href: `/${slug}/dashboard`, label: "Dashboard", surface: "dashboard" },
{ href: `/${slug}/products`, label: "Products", surface: "products" },
{ href: `/${slug}/catalog`, label: "Catalog", surface: "catalog" },
{ href: `/${slug}/projects`, label: "Projects", surface: "projects" },
{ href: `/${slug}/settings`, label: "Settings", surface: "settings" },
{ href: `/${slug}/settings/users`, label: "Users", surface: "users" },
{ href: `/${slug}/settings/api-keys`, label: "API keys", surface: "api-keys" },
{ href: `/${slug}/settings/integrations`, label: "Integrations", surface: "integrations" },
{ href: `/${slug}/billing`, label: "Billing", surface: "billing" },
{ href: `/${slug}/audit`, label: "Audit log", surface: "audit" },
{ href: `/${slug}/support`, label: "Support", surface: "support" },
];
const visible = links.filter((l) => canSee(session, l.surface));
return (
<nav style={{ width: 220, padding: 16, borderRight: "1px solid #eaeaea", background: "white" }}>
<ul style={{ listStyle: "none", padding: 0, margin: 0 }}>
{visible.map((l) => (
<li key={l.href} style={{ margin: "8px 0" }}>
<Link href={l.href} style={{ color: "#0070f3", textDecoration: "none" }}>
{l.label}
</Link>
</li>
))}
</ul>
</nav>
);
}
src/components/ShellEmpty.tsx
+53
View File
@@ -0,0 +1,53 @@
// Reusable empty-state for a customer-area route shell. Every M5.2 route
// renders one of these; real content lands in M10.1 / M11.x / M12.x /
// M14.x / etc.
export function ShellEmpty({
title,
description,
milestone,
}: {
title: string;
description: string;
milestone: string;
}) {
return (
<section style={{ maxWidth: 720 }}>
<h1 style={{ fontSize: 28, marginBottom: 8 }}>{title}</h1>
<p style={{ color: "#444", marginBottom: 24 }}>{description}</p>
<div
style={{
padding: 16,
border: "1px dashed #ddd",
borderRadius: 8,
background: "#fafafa",
color: "#666",
fontSize: 14,
}}
>
This surface is a route shell. Real implementation lands in{" "}
<code>{milestone}</code>. See{" "}
<a
href="https://gitea.meghsakha.com/platform/docs/src/branch/main/PLATFORM_ARCHITECTURE.md"
style={{ color: "#0070f3" }}
>
PLATFORM_ARCHITECTURE.md §5a
</a>{" "}
for the spec.
</div>
</section>
);
}
export function NotAuthorized() {
return (
<section style={{ maxWidth: 720 }}>
<h1 style={{ fontSize: 28, marginBottom: 8 }}>403 Not authorized</h1>
<p style={{ color: "#444" }}>
This surface requires a role your account doesn&apos;t have. If you think
that&apos;s a mistake, ask an IT_ADMIN on your tenant to invite you with
the right role.
</p>
</section>
);
}
src/lib/host.test.ts
+46
View File
@@ -0,0 +1,46 @@
import { describe, expect, test } from "vitest";
import { parseHost } from "./host";
describe("parseHost", () => {
test("null host → unknown", () => {
expect(parseHost(null)).toEqual({ kind: "unknown" });
expect(parseHost(undefined)).toEqual({ kind: "unknown" });
expect(parseHost("")).toEqual({ kind: "unknown" });
});
test("apex hosts return apex", () => {
expect(parseHost("localhost")).toEqual({ kind: "apex" });
expect(parseHost("localhost:3000")).toEqual({ kind: "apex" });
expect(parseHost("breakpilot.com")).toEqual({ kind: "apex" });
expect(parseHost("stage.breakpilot.com")).toEqual({ kind: "apex" });
});
test("tenant subdomain returns slug", () => {
expect(parseHost("acme.localhost:3000")).toEqual({ kind: "tenant", slug: "acme" });
expect(parseHost("acme.breakpilot.com")).toEqual({ kind: "tenant", slug: "acme" });
expect(parseHost("acme.stage.breakpilot.com")).toEqual({ kind: "tenant", slug: "acme" });
});
test("backstage subdomain is reserved", () => {
expect(parseHost("backstage.localhost:3000")).toEqual({ kind: "backstage" });
expect(parseHost("backstage.breakpilot.com")).toEqual({ kind: "backstage" });
});
test("invalid slugs return unknown", () => {
expect(parseHost("a.localhost")).toEqual({ kind: "unknown" }); // too short (1 char)
expect(parseHost("foo_bar.localhost")).toEqual({ kind: "unknown" }); // underscore not allowed
expect(parseHost("FOO!.localhost")).toEqual({ kind: "unknown" }); // exclamation invalid
});
test("empty subdomain falls back to apex", () => {
expect(parseHost(".localhost")).toEqual({ kind: "apex" });
});
test("uppercase host is lowercased", () => {
expect(parseHost("ACME.LOCALHOST")).toEqual({ kind: "tenant", slug: "acme" });
});
test("unknown apex returns unknown", () => {
expect(parseHost("acme.example.com")).toEqual({ kind: "unknown" });
});
});
src/lib/host.ts
+41
View File
@@ -0,0 +1,41 @@
// Host → tenant slug parser for the portal middleware.
//
// In dev we serve at <slug>.localhost:3000 (e.g. acme.localhost:3000). In
// prod we serve at <slug>.breakpilot.com. Backstage lives at the apex —
// no subdomain — and resolves to a fixed `__backstage__` slug.
export type HostMatch =
| { kind: "tenant"; slug: string }
| { kind: "backstage" }
| { kind: "apex" }
| { kind: "unknown" };
// Longest-first so `stage.breakpilot.com` is matched before `breakpilot.com`.
const APEX_HOSTS = ["stage.breakpilot.com", "breakpilot.com", "localhost"];
const APEX_SET = new Set(APEX_HOSTS);
export function parseHost(host: string | null | undefined): HostMatch {
if (!host) return { kind: "unknown" };
const hostNoPort = host.split(":")[0].toLowerCase();
if (APEX_SET.has(hostNoPort)) return { kind: "apex" };
// Strip the known apex suffix to extract the subdomain.
for (const apex of APEX_HOSTS) {
const suffix = `.${apex}`;
if (hostNoPort.endsWith(suffix)) {
const sub = hostNoPort.slice(0, -suffix.length);
if (!sub) return { kind: "apex" };
// Backstage is reserved.
if (sub === "backstage") return { kind: "backstage" };
// Slugs are [a-z0-9-]{2,40} per the tenant-registry schema check.
if (/^[a-z0-9-]{2,40}$/.test(sub)) {
return { kind: "tenant", slug: sub };
}
return { kind: "unknown" };
}
}
return { kind: "unknown" };
}
src/lib/session.test.ts
+65
View File
@@ -0,0 +1,65 @@
import { describe, expect, test } from "vitest";
import { canSee, hasAnyOrgRole, hasOrgRole, hasProduct } from "./session";
import type { SessionWithExtras } from "./session";
function s(roles: SessionWithExtras["org_roles"], products: string[] = []): SessionWithExtras {
return {
user: { name: "Test", email: "t@x.test" },
expires: "2099-01-01T00:00:00Z",
org_roles: roles,
products,
};
}
describe("hasOrgRole", () => {
test("null session has no roles", () => {
expect(hasOrgRole(null, "IT_ADMIN")).toBe(false);
});
test("matches single role", () => {
expect(hasOrgRole(s(["CXO"]), "CXO")).toBe(true);
expect(hasOrgRole(s(["CXO"]), "IT_ADMIN")).toBe(false);
});
});
describe("hasAnyOrgRole", () => {
test("any match wins", () => {
expect(hasAnyOrgRole(s(["LEGAL"]), ["IT_ADMIN", "LEGAL"])).toBe(true);
expect(hasAnyOrgRole(s(["USER"]), ["IT_ADMIN", "CXO"])).toBe(false);
});
test("empty roles", () => {
expect(hasAnyOrgRole(s(undefined), ["IT_ADMIN"])).toBe(false);
});
});
describe("hasProduct", () => {
test("checks products array", () => {
expect(hasProduct(s(["USER"], ["certifai"]), "certifai")).toBe(true);
expect(hasProduct(s(["USER"], ["certifai"]), "compliance")).toBe(false);
expect(hasProduct(null, "certifai")).toBe(false);
});
});
describe("canSee", () => {
test("IT_ADMIN sees settings, USER does not", () => {
expect(canSee(s(["IT_ADMIN"]), "settings")).toBe(true);
expect(canSee(s(["USER"]), "settings")).toBe(false);
});
test("CXO can see billing", () => {
expect(canSee(s(["CXO"]), "billing")).toBe(true);
});
test("LEGAL can see audit but not settings", () => {
expect(canSee(s(["LEGAL"]), "audit")).toBe(true);
expect(canSee(s(["LEGAL"]), "settings")).toBe(false);
});
test("FINANCE sees billing but not settings", () => {
expect(canSee(s(["FINANCE"]), "billing")).toBe(true);
expect(canSee(s(["FINANCE"]), "settings")).toBe(false);
});
test("dashboard visible to everyone with any role", () => {
expect(canSee(s(["USER"]), "dashboard")).toBe(true);
expect(canSee(s(["LEGAL"]), "dashboard")).toBe(true);
});
test("null session sees nothing", () => {
expect(canSee(null, "dashboard")).toBe(false);
});
});
src/lib/session.ts
+70
View File
@@ -0,0 +1,70 @@
// Session-derived types & helpers — keep all session-shape knowledge in
// one place so route components don't all repeat the same casts.
//
// The breakpilot-dev realm projects these claims into every JWT via
// protocol mappers (see platform/orca-platform/dev/keycloak/realm-export.json).
// Auth.js v5 callbacks copy them onto the session in src/auth.ts.
import type { Session } from "next-auth";
export type OrgRole = "IT_ADMIN" | "CXO" | "FINANCE" | "LEGAL" | "USER";
export type TenantStatus = "demo" | "trial" | "active" | "frozen" | "archived";
export type Plan = "starter" | "professional" | "enterprise";
export type SessionExtras = {
tenant_id?: string;
tenant_slug?: string;
org_roles?: OrgRole[];
products?: string[];
plan?: Plan;
tenant_status?: TenantStatus;
};
export type SessionWithExtras = Session & SessionExtras;
export function hasOrgRole(s: SessionWithExtras | null, role: OrgRole): boolean {
return !!s?.org_roles?.includes(role);
}
export function hasAnyOrgRole(s: SessionWithExtras | null, roles: OrgRole[]): boolean {
if (!s?.org_roles) return false;
return roles.some((r) => s.org_roles?.includes(r));
}
export function hasProduct(s: SessionWithExtras | null, product: string): boolean {
return !!s?.products?.includes(product);
}
// Permission matrix per PLATFORM_ARCHITECTURE.md §5a "Operating principles":
// hide what the user can't access. Each portal surface declares which
// org_roles can see it; the nav uses this to filter links.
export type Surface =
| "dashboard"
| "products"
| "projects"
| "settings"
| "users"
| "api-keys"
| "integrations"
| "billing"
| "audit"
| "support"
| "catalog";
export const surfaceRoles: Record<Surface, OrgRole[]> = {
dashboard: ["IT_ADMIN", "CXO", "FINANCE", "LEGAL", "USER"],
products: ["IT_ADMIN", "CXO", "FINANCE", "LEGAL", "USER"],
projects: ["IT_ADMIN", "CXO"],
settings: ["IT_ADMIN"],
users: ["IT_ADMIN"],
"api-keys": ["IT_ADMIN"],
integrations: ["IT_ADMIN"],
billing: ["IT_ADMIN", "CXO", "FINANCE"],
audit: ["IT_ADMIN", "CXO", "LEGAL"],
support: ["IT_ADMIN", "CXO", "FINANCE", "LEGAL", "USER"],
catalog: ["IT_ADMIN", "CXO"],
};
export function canSee(s: SessionWithExtras | null, surface: Surface): boolean {
return hasAnyOrgRole(s, surfaceRoles[surface]);
}
src/lib/tenant-registry.test.ts
+64
View File
@@ -0,0 +1,64 @@
import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
import { fetchTenantBySlug, type Tenant } from "./tenant-registry";
const SAMPLE: Tenant = {
id: "00000000-0000-0000-0000-000000000001",
slug: "acme",
name: "Acme Inc.",
status: "active",
plan: "professional",
products: ["certifai", "compliance"],
created_at: "2026-05-18T22:00:00Z",
};
const originalFetch = globalThis.fetch;
const originalRegistryUrl = process.env.TENANT_REGISTRY_URL;
afterEach(() => {
globalThis.fetch = originalFetch;
process.env.TENANT_REGISTRY_URL = originalRegistryUrl;
vi.restoreAllMocks();
});
describe("fetchTenantBySlug", () => {
beforeEach(() => {
process.env.TENANT_REGISTRY_URL = "http://test:1234";
});
test("200 → parsed tenant", async () => {
globalThis.fetch = vi.fn(async () => new Response(JSON.stringify(SAMPLE), { status: 200 }));
const t = await fetchTenantBySlug("acme");
expect(t).toEqual(SAMPLE);
});
test("404 → null", async () => {
globalThis.fetch = vi.fn(async () => new Response("", { status: 404 }));
const t = await fetchTenantBySlug("nope");
expect(t).toBeNull();
});
test("500 → throws", async () => {
globalThis.fetch = vi.fn(async () => new Response("", { status: 500, statusText: "boom" }));
await expect(fetchTenantBySlug("acme")).rejects.toThrow(/tenant-registry: 500/);
});
test("falls back to default base URL when env unset", async () => {
delete process.env.TENANT_REGISTRY_URL;
const fetchSpy = vi.fn(async () => new Response(JSON.stringify(SAMPLE), { status: 200 }));
globalThis.fetch = fetchSpy;
await fetchTenantBySlug("acme");
expect(fetchSpy).toHaveBeenCalledWith(
"http://localhost:8090/v1/tenants/by-slug/acme",
expect.any(Object),
);
});
test("encodes slug to defend against weird input", async () => {
const fetchSpy = vi.fn<typeof fetch>(async () => new Response("", { status: 404 }));
globalThis.fetch = fetchSpy;
await fetchTenantBySlug("a/b c");
const firstCall = fetchSpy.mock.calls[0];
expect(firstCall).toBeDefined();
expect(firstCall![0]).toBe("http://test:1234/v1/tenants/by-slug/a%2Fb%20c");
});
});
src/lib/tenant-registry.ts
+29
View File
@@ -0,0 +1,29 @@
// Tenant Registry client — fetches tenant data from the Go service.
// Skeleton-mode: read-only by-slug lookup. The portal middleware uses this
// to resolve `<slug>.localhost:3000` → tenant context before rendering.
export type Tenant = {
id: string;
slug: string;
name: string;
status: "active" | "trial" | "frozen" | "archived" | "demo";
plan: "starter" | "professional" | "enterprise";
products: string[];
created_at: string;
};
function baseUrl(): string {
return process.env.TENANT_REGISTRY_URL ?? "http://localhost:8090";
}
export async function fetchTenantBySlug(slug: string): Promise<Tenant | null> {
const res = await fetch(`${baseUrl()}/v1/tenants/by-slug/${encodeURIComponent(slug)}`, {
headers: { accept: "application/json" },
cache: "no-store",
});
if (res.status === 404) return null;
if (!res.ok) {
throw new Error(`tenant-registry: ${res.status} ${res.statusText}`);
}
return (await res.json()) as Tenant;
}
src/middleware.ts
+36
View File
@@ -0,0 +1,36 @@
import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
import { parseHost } from "@/lib/host";
// Host → URL-rewrite. Acme visits acme.localhost:3000/dashboard; we
// internally rewrite to /acme/dashboard so the [slug] route group renders.
// URL bar stays unchanged.
//
// Backstage (backstage.<apex>) rewrites to /__backstage__/<rest>.
// Apex hosts (localhost, breakpilot.com) get a marketing/landing page
// at the root route.
export function middleware(request: NextRequest) {
const match = parseHost(request.headers.get("host"));
const url = request.nextUrl.clone();
if (match.kind === "tenant") {
if (!url.pathname.startsWith(`/${match.slug}/`) && url.pathname !== `/${match.slug}`) {
url.pathname = `/${match.slug}${url.pathname === "/" ? "" : url.pathname}`;
return NextResponse.rewrite(url);
}
} else if (match.kind === "backstage") {
if (!url.pathname.startsWith("/__backstage__")) {
url.pathname = `/__backstage__${url.pathname === "/" ? "" : url.pathname}`;
return NextResponse.rewrite(url);
}
}
return NextResponse.next();
}
export const config = {
// Skip Next internals + API + static assets so middleware doesn't
// double-rewrite the auth callback or _next/static.
matcher: ["/((?!api|_next/static|_next/image|favicon.ico).*)"],
};
tsconfig.json
+43
View File
@@ -0,0 +1,43 @@
{
"compilerOptions": {
"target": "ES2022",
"lib": [
"dom",
"dom.iterable",
"esnext"
],
"allowJs": false,
"skipLibCheck": true,
"strict": true,
"noEmit": true,
"esModuleInterop": true,
"module": "esnext",
"moduleResolution": "bundler",
"resolveJsonModule": true,
"isolatedModules": true,
"jsx": "react-jsx",
"incremental": true,
"baseUrl": ".",
"paths": {
"@/*": [
"src/*"
]
},
"plugins": [
{
"name": "next"
}
]
},
"include": [
"next-env.d.ts",
"src/**/*.ts",
"src/**/*.tsx",
".next/types/**/*.ts",
".next/dev/types/**/*.ts"
],
"exclude": [
"node_modules",
".next"
]
}
vitest.config.ts
+21
View File
@@ -0,0 +1,21 @@
import { defineConfig } from "vitest/config";
export default defineConfig({
test: {
environment: "node",
include: ["src/**/*.test.ts"],
coverage: {
provider: "v8",
// Skeleton-mode: only enforce coverage on the tested module (src/lib).
// Re-include the rest of src/ once real code + real tests land.
include: ["src/lib/**/*.ts"],
reporter: ["text", "json-summary"],
thresholds: {
lines: 100,
functions: 100,
branches: 100,
statements: 100,
},
},
},
});