- Project/component: thenv web console contract
- Canonical path:
apps/devkit/src/apps/thenv
- Runtime: Next.js mini app module
- Primary language: TypeScript
- Developers validating canonical Devkit mini app routing
- Operators managing scope-level bundle, policy, and audit workflows through the web console
- Stable component identifier:
web-console. - Route contract:
/apps/thenv. - Registration status contract:
active. - UI contract renders ThenvApp with scope selector, bundle management (list/detail/activate/rotate), policy editor, and audit viewer.
- Bundle detail fetches by selected version id and must remain aligned with bundle-list selection state.
- Secret file content is masked by default and only revealed through explicit user action.
- Devkit API proxy:
/api/thenv/*routes tohttp://127.0.0.1:8087/*via Next.js rewrites.
- Uses no component-specific persistence and relies on Connect RPC server-state reads/writes.
- Secret values must not be rendered by default; reveal/hide actions must be explicit and user-initiated.
- Error and diagnostic output must remain free of sensitive payloads.
- Route-level diagnostics should include mini app id and route context.
- Diagnostic logs must avoid backend secret payloads.
- Local validation:
pnpm --filter devkit... test - Build validation:
pnpm --filter devkit... build
- Integrates with
servers/thenvvia Connect RPC (BundleService, PolicyService, AuditService). - Uses
@connectrpc/connect-queryhooks with React Query for server-state management.
- Update
docs/project-thenv.mdand this file when web-console behavior changes. - Synchronize this contract with server and CLI docs when bundle, policy, audit, or security behavior changes.
docs/project-thenv.mddocs/servers-thenv-server-foundation.mddocs/cmds-thenv-cli-foundation.mddocs/apps-devkit-foundation.mddocs/domain-template.md