Skip to content

Move gatekeeper and keymaster clients to standalone containers#202

Merged
macterra merged 5 commits intomainfrom
201-standalone-clients
Mar 13, 2026
Merged

Move gatekeeper and keymaster clients to standalone containers#202
macterra merged 5 commits intomainfrom
201-standalone-clients

Conversation

@macterra
Copy link
Copy Markdown
Collaborator

@macterra macterra commented Mar 13, 2026

Summary

  • Extract embedded CRA clients from services/*/client/ into standalone Vite apps under apps/
  • Gatekeeper client on port 4225, keymaster client on port 4227
  • Add CORS to keymaster API for cross-origin client access
  • Default SERVE_CLIENT=false — service containers no longer bundle/serve clients
  • Remove client build steps from service Dockerfiles (smaller images)
  • Keymaster client always requires passphrase (no window.__ARCHON_CONFIG__ injection)

Test plan

  • npm run build succeeds for both apps/gatekeeper-client and apps/keymaster-client
  • Gatekeeper client loads and shows passphrase modal
  • Keymaster client loads and shows login modal
  • Docker images build for gatekeeper-client and keymaster-client
  • Verify gatekeeper/keymaster/drawbridge servers still work with SERVE_CLIENT=false

Closes #201

🤖 Generated with Claude Code

macterra and others added 4 commits March 13, 2026 13:12
Extract embedded CRA clients from service containers into standalone
Vite apps under apps/. Each gets its own Dockerfile and docker-compose
service (gatekeeper-client on 4225, keymaster-client on 4227).

- Convert both clients from react-scripts to Vite
- Add CORS to keymaster API for cross-origin client access
- Default SERVE_CLIENT=false in gatekeeper, keymaster, and drawbridge
- Remove client build steps from service Dockerfiles
- Keymaster client always requires passphrase

Closes #201

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Delete services/gatekeeper/client/ and services/keymaster/client/
(now replaced by apps/gatekeeper-client and apps/keymaster-client).
Remove SERVE_CLIENT static-file serving code and unused imports from
gatekeeper-api, keymaster-api, and drawbridge-api. Remove SERVE_CLIENT
env vars from docker-compose, sample.env, and test env generator.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add drawbridge-client container (port 4223) reusing gatekeeper-client
image pointed at drawbridge. Remove 127.0.0.1 binding from client,
RTL, LNbits, and Grafana ports so they are accessible over VPN.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move Name/DID inputs, Search/filter, and alias list into one table
with fixed column layout (colgroup) so all columns align. Use
stickyHeader so inputs stay visible while scrolling the list.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR decouples the Gatekeeper and Keymaster web clients from their service containers by moving them into standalone Vite-based apps under apps/, adding dedicated Docker images/compose services for the clients, and removing server-side static client serving (with CORS added to Keymaster for cross-origin access).

Changes:

  • Remove embedded CRA client serving from Gatekeeper/Keymaster/Drawbridge servers and related *_SERVE_CLIENT env wiring.
  • Add standalone Vite client apps (apps/gatekeeper-client, apps/keymaster-client) and compose services on ports 4225/4227.
  • Add CORS middleware to Keymaster API and update Dockerfiles to stop building embedded clients.

Reviewed changes

Copilot reviewed 46 out of 72 changed files in this pull request and generated 8 comments.

Show a summary per file
File Description
tests/cli-tests/generate_test_env.sh Drops *_SERVE_CLIENT env vars from generated test env.
services/keymaster/server/src/keymaster-api.ts Adds CORS and removes server-side SPA static serving/config injection.
services/keymaster/server/package.json Adds cors (+ types) dependency.
services/keymaster/server/package-lock.json Lockfile updates for new dependencies.
services/gatekeeper/server/src/gatekeeper-api.ts Removes server-side client static serving.
services/drawbridge/server/src/drawbridge-api.ts Removes serving the gatekeeper client from drawbridge.
sample.env Removes *_SERVE_CLIENT env defaults.
docker-compose.yml Removes *_SERVE_CLIENT, adds new client services, and changes Grafana port binding.
docker-compose.lightning.yml Changes RTL/LNbits port binding to all interfaces.
docker-compose.drawbridge.yml Adds drawbridge-client service (reusing gatekeeper-client image).
apps/gatekeeper-client/* New standalone Gatekeeper Vite app (includes passphrase/mnemonic modals, etc.).
apps/keymaster-client/* New standalone Keymaster Vite app and updated API URL handling.
Dockerfile.gatekeeper Removes embedded client copy/build; builds server only.
Dockerfile.keymaster Removes embedded client copy/build; builds server only.
Dockerfile.drawbridge Removes embedded gatekeeper-client copy/build.
Dockerfile.gatekeeper-client New client container build/run (Vite preview).
Dockerfile.keymaster-client New client container build/run (Vite preview).
services//client/ Removes old embedded CRA client scaffolding/assets/tests.
Files not reviewed (1)
  • services/keymaster/server/package-lock.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

Comment thread docker-compose.lightning.yml
Comment thread docker-compose.lightning.yml
Comment thread services/keymaster/server/src/keymaster-api.ts
Comment thread services/keymaster/server/package.json Outdated
Comment thread docker-compose.yml
Comment thread docker-compose.yml
Comment thread docker-compose.yml
Comment thread docker-compose.drawbridge.yml
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@macterra macterra merged commit d58f62c into main Mar 13, 2026
13 checks passed
@macterra macterra deleted the 201-standalone-clients branch March 13, 2026 19:26
santyr pushed a commit to santyr/archon that referenced this pull request Mar 28, 2026
Add support for delegating Nostr event signing to nsecbunker (LNbits
extension) instead of using DID-derived keys.

New CLI command:
  keymaster add-nostr-signer [id] --nsec <key> --lnbits-url <url>

Single command flow: imports/generates key in nsecbunker → retrieves
pubkey → grants permissions for 7 event kinds → stores signer config
in wallet alongside Lightning credentials → updates DID with npub.

signNostrEvent() checks for nsecbunker config first, delegates signing
via REST API. Falls back to derived-key signing if not configured.

Guards added:
- exportNsec() blocked when nsecbunker configured (prevents showing
  unrelated DID-derived nsec)
- addNostr() blocked when nsecbunker configured (prevents overwriting
  imported identity with derived keys)

Dockerfile.keymaster updated to bundle the embedded client UI alongside
the server (restores serve-client behavior removed in archetech#202).

Closes archetech#262
santyr pushed a commit to santyr/archon that referenced this pull request Mar 28, 2026
Add support for delegating Nostr event signing to nsecbunker (LNbits
extension) instead of using DID-derived keys.

New CLI command:
  keymaster add-nostr-signer [id] --nsec <key> --lnbits-url <url>

Single command flow: imports/generates key in nsecbunker → retrieves
pubkey → grants permissions for 7 event kinds → stores signer config
in wallet alongside Lightning credentials → updates DID with npub.

signNostrEvent() checks for nsecbunker config first, delegates signing
via REST API. Falls back to derived-key signing if not configured.

Guards added:
- exportNsec() blocked when nsecbunker configured (prevents showing
  unrelated DID-derived nsec)
- addNostr() blocked when nsecbunker configured (prevents overwriting
  imported identity with derived keys)

Dockerfile.keymaster updated to bundle the embedded client UI alongside
the server (restores serve-client behavior removed in archetech#202).

Also adds:
- NostrSignerConfig type
- nostrSigner field on LightningConfig
- POST /nostr/signer API endpoint
- add-nostr-signer CLI command
- KeymasterClient.addNostrSigner() REST method

Closes archetech#262
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Move gatekeeper and keymaster clients to standalone containers

2 participants