Services
RedactedWorld is composed of 12 NestJS microservices. Each service owns a bounded context and exposes both an HTTP port (for health checks and internal REST endpoints) and a gRPC port (for inter-service communication). The API Gateway is the only service that receives external traffic.
Existing Services
These nine services form the core platform for user management, collaboration, and content sharing.
| Service | HTTP Port | gRPC Port | Responsibility |
|---|---|---|---|
| api-gateway | 3000 | -- | Single entry point for all client requests. Authenticates tokens, authorizes via SpiceDB, and proxies to downstream services over gRPC. Manages WebSocket connections for real-time features. |
| auth-service | 3001 | 50051 | Manages Keycloak integration, token validation, session lifecycle, and SpiceDB relationship writes for permission changes. |
| user-service | 3002 | 50052 | User profiles, preferences (theme, notification settings), and account management. Owns the users PostgreSQL schema. |
| org-service | 3003 | 50053 | Organization CRUD, membership management, team hierarchies, and invitation workflows. Owns the orgs PostgreSQL schema. |
| chat-service | 3004 | 50054 | Real-time messaging between users and within organizations. Supports direct messages and group channels. Owns the chat PostgreSQL schema. |
| notification-service | 3005 | 50055 | Delivers in-app notifications, email digests, and webhook callbacks. Listens to NATS events from other services. Owns the notifications PostgreSQL schema. |
| forum-service | 3006 | 50056 | Discussion boards with threads, replies, and moderation tools. Used for community knowledge sharing. Owns the forums PostgreSQL schema. |
| file-service | 3007 | 50057 | File upload, download, and metadata management. Stores binary objects in MinIO (S3-compatible). Owns the files PostgreSQL schema for metadata. |
| media-service | 3008 | -- | Image and video processing (thumbnails, transcoding). Consumes jobs from NATS and writes processed media back to MinIO. |
New Services (Pentesting Domain)
These three services implement the core pentesting functionality.
| Service | HTTP Port | gRPC Port | Responsibility |
|---|---|---|---|
| domain-service | 3009 | 50058 | Domain registration, DNS TXT verification, subdomain tracking, and weekly re-verification scheduling. Owns the domains PostgreSQL schema. |
| scan-service | 3010 | 50059 | Scan job orchestration. Creates Kubernetes Jobs for each tool, monitors their lifecycle, streams output via NATS, and persists results to ClickHouse. Owns the scans PostgreSQL schema. |
| report-service | 3011 | 50060 | Aggregates scan results into structured reports. Provides PDF/HTML export. Indexes findings in Elasticsearch for search and trend analysis. |
Service Interaction Diagram
Shared Libraries
All services share a set of internal NestJS libraries:
- @redactedworld/proto -- Generated gRPC client/server stubs from
.protodefinitions. - @redactedworld/common -- Shared DTOs, decorators, guards, interceptors, and exception filters.
- @redactedworld/spicedb-client -- Wrapper around the SpiceDB gRPC API for permission checks and relationship writes.
- @redactedworld/nats-client -- Typed NATS publishers and subscribers for domain events.