From dedb53d1137cb38e3f7f44ef11e8aff9a58bfd60 Mon Sep 17 00:00:00 2001
From: saptarshi <saptarshimemari072@gmail.com>
Date: Sun, 29 Mar 2026 00:22:00 +0530
Subject: [PATCH] updated README

---
 README.md               | 79 ++++++++++++++++++++++++++++-------------
 docker-compose.prod.yml |  5 +++
 2 files changed, 59 insertions(+), 25 deletions(-)

diff --git a/README.md b/README.md
index 337aa7d..8d46977 100644
--- a/README.md
+++ b/README.md
@@ -24,31 +24,38 @@ make cli
 ## Architecture
 
 ```
-                          ┌──────────────────┐
-                          │ CLI (configctl)  │
-                          │    Go / gRPC     │
-                          └────────┬─────────┘
-                                   │ :8081
-                          ┌────────▼─────────┐
-                          │   API Service    │
-                          │  Upload/Rollout  │
-                          └────────┬─────────┘
-                                   │ Kafka
-                    ┌──────────────┼──────────────┐
-                    │              │              │
-             ┌──────▼──────┐ ┌────▼─────┐ ┌─────▼──────┐
-             │  PostgreSQL  │ │  Redis   │ │Distribution│
-             │  (config,    │ │ (cache)  │ │  Service   │
-             │   rollouts)  │ └──────────┘ │   :8082    │
-             └─────────────┘              └─────┬──────┘
-                                                │ gRPC stream
-                                         ┌──────▼──────┐
-                                         │  Client SDK │
-                                         │  (C++ lib)  │
-                                         └─────────────┘
-```
-
-### Services
+  Browser / CLI
+       │
+  ┌────▼─────────────────────────────────────────┐
+  │                 Caddy (TLS)                   │
+  │  example.com  →  web-frontend (React)         │
+  │  *.example.com → web-frontend (org routing)   │
+  │  /api /ws     →  web-backend  :8090           │
+  └────┬──────────────────────────┬───────────────┘
+       │ HTTP/WS                  │ gRPC
+  ┌────▼──────────┐         ┌─────▼──────────────┐
+  │  Web Backend  │         │   C++ gRPC Services │
+  │  (Go :8090)   │◄───────►│  api-service  :8081 │
+  │  JWT + OTP    │         │  dist-service :8082 │
+  │  Org mgmt     │         │  val-service  :8083 │
+  └────┬──────────┘         └─────────────────────┘
+       │                           │ Kafka + PostgreSQL + Redis
+  ┌────▼──────────┐         ┌──────▼──────┐
+  │  web-postgres │         │  PostgreSQL  │
+  │  (auth DB)    │         │  (config DB) │
+  └───────────────┘         └─────────────┘
+```
+
+### Web Layer
+
+| Component | Port | Description |
+|-----------|------|-------------|
+| **Caddy** | 80/443 | TLS termination, subdomain routing, reverse proxy |
+| **Web Backend** | 8090 | Go HTTP/WebSocket gateway — auth, org management, proxies to gRPC |
+| **Web Frontend** | — | React dashboard (served by Caddy from static build) |
+| **web-postgres** | — | Isolated PostgreSQL for auth/session data (internal only) |
+
+### Core Services
 
 | Service | Port | Description |
 |---------|------|-------------|
@@ -56,6 +63,8 @@ make cli
 | **Distribution Service** | 8082 | Real-time config push to clients via gRPC streaming |
 | **Validation Service** | 8083 | Config syntax/schema/rule validation (JSON & YAML) |
 
+> **Note:** gRPC ports (8081–8083) are internal-only in production (`ports: []` in `docker-compose.prod.yml`). All external traffic goes through the web backend.
+
 ### Infrastructure
 
 | Component | Port | Purpose |
@@ -239,6 +248,24 @@ Headers are in `include/configclient/`. Libraries are in `lib/` after `make sdk`
 
 **Database credentials:** `configuser` / `configpass` / `configservice`
 
+## Running the Web Dashboard
+
+```bash
+# Start everything (C++ services + web layer + Caddy)
+docker compose up --build -d
+
+# Or bring up only the web layer (assumes C++ services already running)
+docker compose up --build -d caddy web-backend web-frontend web-postgres
+```
+
+For production use `docker-compose.prod.yml` which removes host exposure of internal gRPC ports:
+
+```bash
+docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
+```
+
+See [Web Backend README](../Konfig-Web-Backend/README.md) and [Web Frontend README](../Konfig-Web-Frontend/README.md) for configuration details.
+
 ## Documentation
 
 - [CLI Reference](cmd/configctl/README.md) — all commands, flags, rollout strategies
@@ -246,6 +273,8 @@ Headers are in `include/configclient/`. Libraries are in `lib/` after `make sdk`
 - [API Service](src/api-service/README.md) — gRPC API, upload flow, components
 - [Distribution Service](src/distribution-service/README.md) — streaming, rollout execution, heartbeat monitor
 - [Validation Service](src/validation-service/README.md) — schema validation, rules
+- [Web Backend](../Konfig-Web-Backend/README.md) — HTTP/WS gateway, auth, org management, all API routes
+- [Web Frontend](../Konfig-Web-Frontend/README.md) — React dashboard, pages, env vars
 
 ## License
 
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 4157c1d..750316c 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -21,14 +21,19 @@ services:
     restart: unless-stopped
 
   # ── C++ Core ─────────────────────────────────────────────────────────────
+  # gRPC services are internal-only; no host port exposure in prod.
+  # They are reachable inside config-network (web-backend -> api-service:8081 etc.)
 
   api-service:
+    ports: []
     restart: unless-stopped
 
   distribution-service:
+    ports: []
     restart: unless-stopped
 
   validation-service:
+    ports: []
     restart: unless-stopped
 
   # ── Infrastructure ───────────────────────────────────────────────────────