-
Notifications
You must be signed in to change notification settings - Fork 0
Home
noetl-gateway is the Rust API gateway that sits between
clients (browsers, CLIs, partner integrations) and the NoETL
runtime (noetl-server + worker pool + NATS + Postgres). It is
the gatekeeper: it authenticates callers, fans out SSE pushes,
proxies playbook invocations, and routes subscription events.
It does not execute tools, run MCP servers, or touch domain
databases itself.
| Concern | Where in this repo |
|---|---|
| Authentication (Auth0 → gateway session) | src/auth/ |
GraphQL executePlaybook
|
src/graphql/ |
SSE channel at GET /events
|
src/sse.rs, src/connection_hub.rs
|
/api/internal/callback* callback receiver |
src/callbacks.rs |
Push ingress POST /ingress/{listener} (webhook / Pub-Sub push: verify → forward) |
src/ingress/ |
playbook/state NATS bridge + FORWARDED_EVENT_TYPES allowlist |
src/playbook_state.rs |
RequestStore (NATS K/V) for in-flight requests |
src/request_store.rs |
Proxy to noetl-server (/noetl/*) |
src/proxy.rs |
| Session cache | src/session_cache.rs |
For pushback discipline:
- Domain data. The gateway never opens a connection to a business database on behalf of a client. Tenant data flows through playbooks; the gateway routes the request and forwards the result.
-
Tool execution. Tools (
python,postgres,nats,agent,http) run on the worker pool. The gateway dispatches; it does not execute. - MCP server hosting. MCP servers are playbooks in the NoETL catalog. The gateway routes requests; the worker pool runs the playbook.
- Long-lived agent processes. No persistent per-tenant agent infra. See the Ephemeral Blueprints architecture doc.
| Page | What |
|---|---|
| Architecture | Module map, request flow, where the gateway fits in the NoETL stack. |
| SSE events | The GET /events channel, all SSE frame families and their schemas. |
| Subscriptions | Firestore subscription subsystem (removed in v2.12.0). Historical reference. |
| Configuration | Environment variables, secrets, defaults. |
| Deployment | Docker image, GKE manifests, Helm chart wiring. |
- Architecture principle: Ephemeral Blueprints + Compute-Data Boundary
- NoETL runtime: noetl wiki
- Helm chart and GKE install: ops wiki
- Reference SPA consuming this gateway: travel wiki
Latest: v2.12.0 (2026-05-28) — Add calendar.event.touched to
the FORWARDED_EVENT_TYPES SSE allowlist; remove the
firestore_subscriptions subsystem (route + Python sidecar). See
CHANGELOG.md,
SSE events, and Subscriptions.
v2.11.0 (2026-05-24) — SSE playbook/state lifecycle frames and
Firestore subscription endpoint (since removed).
Gateway
Surfaces
Operations
See also
- noetl wiki
- ops wiki
- travel wiki (consumer)
- Ephemeral Blueprints