docs: realign URL references to api./console./docs.zeroauth.dev#2
Merged
Conversation
…mains
Cross-repo companion to zeroauth-dev/ZeroAuth dev branch:
zeroauth.dev/dashboard/* → console.zeroauth.dev/*
zeroauth.dev/docs/* → docs.zeroauth.dev/*
zeroauth.dev/v1/* → api.zeroauth.dev/v1/*
Touched: threat-model/{canonical,dashboard,iot,sdk}.md,
shared/naming-conventions.md, release-coordination/changelogs/
pre-release-1.md.
The naming-conventions row for the central API also lost its
'planned' qualifier — the subdomain is now active in the Caddy
config, not aspirational.
There was a problem hiding this comment.
Pull request overview
This PR updates governance documentation to reflect ZeroAuth’s new subdomain layout (api.zeroauth.dev, console.zeroauth.dev, docs.zeroauth.dev) as a companion to zeroauth-dev/ZeroAuth#58.
Changes:
- Updated pre-release changelog summary URLs for the Central API and Dashboard.
- Updated threat-model documentation to reference the Console SPA and
/v1API on the new subdomains. - Updated shared naming conventions to reflect new hostnames for Dashboard and Docs.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| release-coordination/changelogs/pre-release-1.md | Updates the pre-release summary URLs to api.zeroauth.dev and console.zeroauth.dev. |
| docs/threat-model/dashboard.md | Updates the dashboard surface URL to the console.zeroauth.dev subdomain. |
| docs/threat-model/canonical.md | Updates the canonical threat-surface entry for /v1/* to api.zeroauth.dev. |
| docs/shared/naming-conventions.md | Updates the hostname table to use console.zeroauth.dev and docs.zeroauth.dev (and adjusts Central API wording). |
Comments suppressed due to low confidence (1)
docs/threat-model/canonical.md:16
- Only the
/v1/*surface was updated toapi.zeroauth.dev, but the rest of the table still referenceshttps://zeroauth.dev/api/.... If the intent is to realign threat-model surfaces to the newapi./console.subdomain layout, please update the console/admin/health/auth/leads entries to the correct hostnames as well (or explicitly document which endpoints intentionally remain onzeroauth.dev).
| `https://api.zeroauth.dev/v1/*` | API | Public, tenant-API-key authed | Scoped to `(tenant_id, environment)`. Rate-limit + monthly quota per tenant. |
| `https://zeroauth.dev/api/console/*` | API (console) | Public, JWT-authed for everything except signup + login | Per-IP rate limit on signup/login. Password policy enforced. |
| `https://zeroauth.dev/api/admin/*` | API (admin) | Public, `x-api-key` (single shared admin key) | Read-only today. |
| `https://zeroauth.dev/api/health` | API | Public, unauth | Health + subsystem status only. |
| `https://zeroauth.dev/api/auth/{saml,oidc}/*` | API (demo) | Public, gated by `ENABLE_DEMO_AUTH` flag | Demo stubs; **do not** validate signatures. Off in production. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ## Summary | ||
|
|
||
| First production deploy. Central API live at `https://zeroauth.dev/v1/*`. Dashboard live at `https://zeroauth.dev/dashboard/*`. TLS via Caddy + Let's Encrypt. Hosted on VPS at `104.207.143.14`. | ||
| First production deploy. Central API live at `https://api.zeroauth.dev/v1/*`. Dashboard live at `https://console.zeroauth.dev/*`. TLS via Caddy + Let's Encrypt. Hosted on VPS at `104.207.143.14`. |
Comment on lines
+8
to
10
| - React SPA served at `https://console.zeroauth.dev/*` | ||
| - Console API consumed at `/api/console/*` (authenticated via JWT in `Authorization: Bearer` header) | ||
| - 10 pages: Login, Signup, Overview, ApiKeys, Users, Devices, Verifications, Attendance, Audit, Settings |
| | Service | Repo name | Internal name | Hostname | | ||
| |---|---|---|---| | ||
| | Central API | `zeroauth-dev/ZeroAuth` | `zeroauth-api` | `api.zeroauth.dev` (planned; today: `zeroauth.dev/v1/*`) | | ||
| | Central API | `zeroauth-dev/ZeroAuth` | `zeroauth-api` | `api.zeroauth.dev` (planned; today: `api.zeroauth.dev/v1/*`) | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cross-repo companion to zeroauth-dev/ZeroAuth#58. Updates threat-model, naming-conventions, and changelog references to the new subdomain layout.