_format_version: "3.0" consumers: - username: it0-system jwt_secrets: - key: it0-auth algorithm: HS256 secret: "${JWT_SECRET}" services: - name: auth-service url: http://auth-service:3001 routes: - name: auth-routes paths: - /api/v1/auth strip_path: false - name: admin-routes paths: - /api/v1/admin strip_path: false - name: agent-service url: http://agent-service:3002 routes: - name: agent-routes paths: - /api/v1/agent strip_path: false - name: agent-ws paths: - /ws/agent strip_path: false protocols: - http - https - name: agent-config-service url: http://agent-service:3002 routes: - name: agent-config-routes paths: - /api/v1/agent-config strip_path: false - name: ops-service url: http://ops-service:3003 routes: - name: ops-routes paths: - /api/v1/ops strip_path: false - name: inventory-service url: http://inventory-service:3004 routes: - name: inventory-routes paths: - /api/v1/inventory strip_path: false - name: monitor-service url: http://monitor-service:3005 routes: - name: monitor-routes paths: - /api/v1/monitor strip_path: false - name: comm-service url: http://comm-service:3006 routes: - name: comm-routes paths: - /api/v1/comm strip_path: false - name: comm-ws paths: - /ws/comm strip_path: false protocols: - http - https - name: voice-service url: http://voice-service:3008 routes: - name: voice-ws paths: - /ws/voice strip_path: false protocols: - http - https - name: voice-api paths: - /api/v1/voice strip_path: false - name: twilio-webhook paths: - /api/v1/twilio strip_path: false - name: voice-test paths: - /api/v1/test strip_path: false - name: audit-service url: http://audit-service:3007 routes: - name: audit-routes paths: - /api/v1/audit strip_path: false - name: version-service url: http://version-service:3009 routes: - name: version-routes paths: - /api/v1/versions strip_path: false plugins: # ===== Global plugins (apply to ALL routes) ===== - name: cors config: origins: - http://localhost:3000 - https://it0.szaiai.com - http://it0.szaiai.com - https://update.szaiai.com methods: - GET - POST - PUT - DELETE - PATCH - OPTIONS headers: - Authorization - Content-Type - X-Tenant-Id credentials: true - name: rate-limiting config: minute: 120 policy: redis redis_host: redis redis_port: 6379 - name: file-log config: path: /dev/stdout reopen: true # ===== JWT per-service (NOT on auth-service) ===== - name: jwt service: agent-service config: key_claim_name: kid claims_to_verify: - exp - name: jwt service: agent-config-service config: key_claim_name: kid claims_to_verify: - exp - name: jwt service: ops-service config: key_claim_name: kid claims_to_verify: - exp - name: jwt service: inventory-service config: key_claim_name: kid claims_to_verify: - exp - name: jwt service: monitor-service config: key_claim_name: kid claims_to_verify: - exp - name: jwt service: comm-service config: key_claim_name: kid claims_to_verify: - exp - name: jwt route: voice-api config: key_claim_name: kid claims_to_verify: - exp - name: jwt route: twilio-webhook config: key_claim_name: kid claims_to_verify: - exp - name: jwt service: audit-service config: key_claim_name: kid claims_to_verify: - exp - name: jwt route: admin-routes config: key_claim_name: kid claims_to_verify: - exp # ===== Route-specific overrides ===== - name: rate-limiting route: agent-ws config: minute: 30 policy: redis redis_host: redis