Architecture Overview
OpenPrime follows a microservices architecture with clear separation of concerns between components.
System Architectureβ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β User Browser β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β React Frontend (3000) β
β ββββββββββββββ ββββββββββββββ ββββββββββββββ ββββββββββββββββββββββββββ β
β β Context β β Router β β Config β β UI Components β β
β β Providers β β β β Files β β β β
β ββββββββββββββ ββββββββββββββ ββββββββββββββ ββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
βΌ βΌ
ββββββββββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββ
β Keycloak (8080) β β Express Backend (3001) β
β ββββββββββββββββββββββββββββββ β β ββββββββββββββββββββββββββββββ β
β β OpenID Connect / PKCE β β β β REST API Routes β β
β β User Management ββββΌββββββββΌββΆβ JWT Validation β β
β β Identity Federation β β β β Business Logic β β
β ββββββββββββββββββββββββββββββ β β ββββββββββββββββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββ
β
ββββββββββββββββββββββββββββββββββββββββββββββββββΌβββββββββββββββββ
β β β
βΌ βΌ βΌ
ββββββββββββββββββββββ ββββββββββββββββββββββββ ββββββββββββββββββ
β PostgreSQL (5432) β β Injecto (8000) β β StateCraft β
β ββββββββββββββββ β β Template Processor β β (8001) β
β β Users β β β β β TF State Mgmt β
β β Environments β β β @param processing β β β
β β Credentials β β β @section handling β β S3 + DynamoDB β
β ββββββββββββββββ β β Code generation β β Management β
ββββββββββββββββββββββ ββββββββββββββββββββββββ ββββββββββββββββββ
Component Overviewβ
Frontend (openprime-app)β
Technology: React 19, Tailwind CSS, React Router v6
Responsibilities:
- User interface rendering
- Configuration wizards
- State management via Context API
- Authentication flow (Keycloak JS)
Key Patterns:
- Configuration-driven UI generation
- Centralized context providers
- Component composition
Backend (openprime-app-backend)β
Technology: Express.js, Sequelize ORM, PostgreSQL
Responsibilities:
- REST API endpoints
- JWT token validation
- Database operations
- Credential encryption
- Service orchestration
Key Patterns:
- Route/Controller/Service layers
- Middleware chain (auth, validation, logging)
- Repository pattern for data access
Authentication (Keycloak)β
Technology: Keycloak 24.x
Responsibilities:
- User authentication (OIDC/PKCE)
- Session management
- Identity federation
- User provisioning
Template Processor (Injecto)β
Technology: Python, FastAPI
Responsibilities:
- Template parsing (
@param,@section) - Variable substitution
- Code generation
- Validation
State Manager (StateCraft)β
Technology: Python, FastAPI
Responsibilities:
- Terraform backend provisioning
- S3 bucket management
- DynamoDB table management
Data Flowβ
Environment Creationβ
1. User fills wizard form
β
βΌ
2. Frontend validates configuration
β
βΌ
3. POST /api/environments
β
βΌ
4. Backend validates JWT + authorization
β
βΌ
5. Save to PostgreSQL (JSONB)
β
βΌ
6. Return environment ID
Code Generationβ
1. User requests code generation
β
βΌ
2. Backend fetches environment config
β
βΌ
3. Backend calls Injecto service
β
βΌ
4. Injecto processes templates
β
βΌ
5. Generated code returned
β
βΌ
6. Download or push to Git
Technology Stackβ
| Layer | Technology | Purpose |
|---|---|---|
| Frontend | React 19 | UI framework |
| Styling | Tailwind CSS | Utility CSS |
| Routing | React Router v6 | Client routing |
| Icons | Lucide React | Icon library |
| Backend | Express.js | API server |
| ORM | Sequelize | Database abstraction |
| Database | PostgreSQL 15 | Data persistence |
| Auth | Keycloak | Identity management |
| Templates | Python/FastAPI | Code generation |
| IaC | Terraform | Infrastructure provisioning |
| K8s Apps | Helm | Package management |
Design Principlesβ
Configuration-Drivenβ
UI components are generated from configuration files, not hardcoded:
// servicesConfig.js drives form generation
const schema = {
clusterName: { type: 'string', required: true },
version: { type: 'select', options: [...] }
};
// β Auto-generates form fields
Separation of Concernsβ
- Frontend: UI and user interaction
- Backend: Business logic and data
- Injecto: Template processing
- StateCraft: Infrastructure state
Security by Designβ
- All credentials encrypted at rest
- User isolation at database level
- JWT validation on every request
- CORS and rate limiting enabled
Scalability Considerationsβ
Horizontal Scalingβ
- Frontend: Static files, CDN-friendly
- Backend: Stateless, load-balanceable
- Database: Read replicas supported
Vertical Scalingβ
- Injecto: CPU-bound, scales with cores
- Database: Memory for query performance