Architecture

How Portal, DLaaS control plane, and the lifeform runtime fit together.

Browser ──► Portal (Next.js) ──► BFF /api/proxy/dlaas/* ──► dlaas-platform-api ──► lifeform-service runtime
                          │
                          └──► Postgres (Portal identity + tenant secrets)

Portal owns user, organization, membership and Portal-issued API keys.
DLaaS control plane (dlaas-platform-api) owns tenants, contracts, ai_id lifecycle, asset intake, training jobs, audit, quota and billing.
lifeform runtime owns sessions and the kernel state. Portal never reconstructs cognitive state — it speaks HTTP only.

Trust boundary

Server-only secrets live in the Portal pod environment:

DLAAS_CONTROL_PLANE_SECRET — used during sign-up to create your tenant.
DLAAS_SERVICE_SECRET — used for admin endpoints (e.g. raw snapshot export).
PORTAL_TENANT_SECRET_KEY — wraps each org's api_secret at rest.
AUTH_SECRET — Auth.js JWT signing.

None of these ever appear in client bundles or in any response body.

Architecture

How Portal, DLaaS control plane, and the lifeform runtime fit together.

Browser ──► Portal (Next.js) ──► BFF /api/proxy/dlaas/* ──► dlaas-platform-api ──► lifeform-service runtime
                          │
                          └──► Postgres (Portal identity + tenant secrets)

Portal owns user, organization, membership and Portal-issued API keys.
DLaaS control plane (dlaas-platform-api) owns tenants, contracts, ai_id lifecycle, asset intake, training jobs, audit, quota and billing.
lifeform runtime owns sessions and the kernel state. Portal never reconstructs cognitive state — it speaks HTTP only.

Trust boundary

Server-only secrets live in the Portal pod environment:

DLAAS_CONTROL_PLANE_SECRET — used during sign-up to create your tenant.
DLAAS_SERVICE_SECRET — used for admin endpoints (e.g. raw snapshot export).
PORTAL_TENANT_SECRET_KEY — wraps each org's api_secret at rest.
AUTH_SECRET — Auth.js JWT signing.

None of these ever appear in client bundles or in any response body.