Per-tenant container now boots all five processes behind a single
exposed port (:8080), with the Core/Platform boundary enforced at
the filesystem level (two Linux users, mode 0700 on cial-core).
- @cial/edge: http-proxy edge (HTTP+WS) + node supervisor (PID 1
under tini, spawns each service via gosu as the right user)
- Routes: /.cial/api/* -> back (prefix stripped), /.cial/* -> core
front (basePath kept), /* -> platform front. Platform Back is
internal-only for v1.
- Dockerfile: multi-stage (builder + runtime). Builds protocol/sdk/
back/edge/front/platform-back/platform-front. Runtime installs
tini+gosu, creates cial:1000 / agent:1001, locks down cial-core
to 0700.
- Placeholder pages now render TENANT_ID at request time so the
smoke can verify per-tenant env propagation end-to-end.
- scripts/smoke-tenant.mjs: docker-driven L0 acceptance — boots the
image, polls healthz, probes the four route classes, and asserts
the agent user cannot read /opt/cial-monorepo/cial-core.
- PLAN-LOCAL.md: phased local-mode roadmap (L0..L6).
Verify on a host with docker:
docker build -f cial-core/docker/Dockerfile -t cial-tenant:dev .
pnpm smoke:tenant
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
