V5 Full Integration Plan
Date: 2025-10-14 Status: FDB Storage Fixed ✅ | Auth Integration Next ⏳ Timeline: 3-4 days (aggressive) | 5-7 days (realistic)
Current State ✅
Infrastructure Running:
- ✅ GKE Cluster:
codi-poc-e2-cluster(us-central1-a) - ✅ FoundationDB: 3 pods, ssd-2 storage, 4 MB data
- ✅ V5 Backend API:
coditect-api-v5(Rust/Actix-web, JWT auth working) - ✅ Combined Pods: 3 replicas (V5 frontend + theia + NGINX)
- ✅ Domain/SSL:
coditect.ai(34.8.51.57)
Verified Working:
- ✅ V5 API health:
https://coditect.ai/api/v5/health - ✅ V5 API auth:
https://coditect.ai/api/v5/auth/login(JWT working) - ✅ FDB persistence: Data survives pod restarts
- ✅ Frontend loads:
https://coditect.ai/
Not Yet Connected:
- ❌ V5 Frontend → V5 Backend (auth flow)
- ❌ theia → V5 Backend (session context)
- ❌ theia → FoundationDB (file persistence)
- ❌ Session management across all components
Integration Architecture
┌─────────────────────────────────────────────────────────────┐
│ USER (Browser) │
│ https://coditect.ai │
└────────────────────────┬────────────────────────────────────┘
│
↓
┌─────────────────────────────────────────────────────────────┐
│ NGINX Ingress (Google-managed) │
│ - SSL termination │
│ - /api/v5/* → coditect-api-v5-service │
│ - /* → coditect-combined-service │
└────────────┬────────────────────────┬───────────────────────┘
│ │
│ │
┌────────▼────────┐ ┌────────▼────────┐
│ V5 Backend API │ │ Combined Pods │
│ (Rust/Actix) │ │ (3 replicas) │
│ Port 8080 │ │ Port 80 │
│ │ │ │
│ JWT Auth ✅ │ │ ┌────────────┐ │
│ Sessions API │ │ │ V5 Frontend│ │
│ /health ✅ │ │ │ (React 18) │ │
│ /auth/* ✅ │ │ │ Port 5173 │ │
│ /sessions/* │ │ └────────────┘ │
└────────┬────────┘ │ ┌────────────┐ │
│ │ theia IDE │ │
│ │ (Eclipse) │ │
│ │ Port 3000 │ │
│ └────────────┘ │
│ NGINX Router │
│ (/theia/* → │
│ localhost:3000│
│ │
└─────────────┬───────────────────┘
│
↓
┌────────────────────────┐
│ FoundationDB Cluster │
│ 3 pods, ssd-2 │
│ 10.128.0.8:4500 │
│ │
│ Data: │
│ - Tenants │
│ - Sessions │
│ - User files │
│ - Pod allocations │
└────────────────────────┘
Phase 1: Frontend Auth Integration (1-2 days)
Goal
V5 Frontend can authenticate users via V5 Backend API and store JWT token.
Tasks
1.1: Update auth-store.ts (1 hour)
- File:
src/stores/auth-store.ts - Change: Already pointing to
/api/v5/auth/login✅ - Verify: Login/register functions work
- Test: Browser console shows successful JWT response
1.2: Add JWT Storage (30 mins)
- File:
src/stores/auth-store.ts - Add: Token to localStorage + Zustand state
- Add: Token refresh logic (before expiry)
- Test: Token persists across page reloads
1.3: Add Auth Interceptor (1 hour)
- File:
src/services/api-client.ts(create if missing) - Add: Axios/fetch interceptor to inject JWT in headers
- Add: Automatic redirect to /login on 401
- Test: Protected endpoints return 401 without token
1.4: Update Session Management (2 hours)
- File:
src/stores/session-store.ts - Change: Use
/api/v5/sessionsendpoints - Add: Create/list/delete sessions via API
- Test: Sessions persist in FDB, visible after page reload
Verification:
# Test 1: Login returns JWT
curl -X POST https://coditect.ai/api/v5/auth/login \
-H 'Content-Type: application/json' \
-d '{"email":"test@coditect.ai","password":"password"}' | jq .
# Expected: { "success": true, "data": { "token": "jwt..." } }
# Test 2: Create session with JWT
TOKEN="jwt_from_step_1"
curl -X POST https://coditect.ai/api/v5/sessions \
-H "Authorization: Bearer $TOKEN" \
-H 'Content-Type: application/json' \
-d '{"name":"Test Session"}' | jq .
# Expected: { "success": true, "data": { "id": "uuid", "name": "Test Session" } }
Files to Modify:
src/stores/auth-store.ts (update API URLs - DONE)
src/stores/session-store.ts (update API URLs - DONE)
src/services/api-client.ts (create - JWT interceptor)
src/pages/login-page.tsx (connect to authStore)
src/pages/register-page.tsx (connect to authStore)
Phase 2: theia Session Context (1 day)
Goal
theia knows the current user's sessionId and sends it with every operation.
Tasks
2.1: Add JWT to theia Backend (2 hours)
- File: Create
theia-backend/session-middleware.ts - Add: Express middleware to extract JWT from Authorization header
- Add: Middleware to extract sessionId from JWT payload
- Add: Inject sessionId into theia request context
- Test: theia endpoints log sessionId correctly
2.2: Update theia File Operations (2 hours)
- Files: theia file service extensions
- Change: Wrap file ops to include sessionId
- Add: Route file reads/writes to FDB with tenant/session prefix
- Test: Files saved in FDB under correct tenant/session
2.3: Add WebSocket Auth (2 hours)
- File: theia WebSocket handler
- Add: JWT validation on WebSocket connect
- Add: Reject connections without valid token
- Test: Authenticated users can connect, unauthenticated cannot
Verification:
# Test 1: theia file ops include sessionId
kubectl logs deployment/coditect-combined -n coditect-app | grep sessionId
# Expected: [INFO] File operation: sessionId=abc-123, path=/workspace/test.txt
# Test 2: Files in FDB have correct prefix
kubectl exec -n coditect-app foundationdb-0 -- fdbcli --exec "getrangekeys tenant_123/session_abc/ tenant_123/session_abc/\xFF"
# Expected: List of keys like "tenant_123/session_abc/files/test.txt"
Files to Create:
theia-backend/session-middleware.ts (JWT validation + sessionId injection)
theia-backend/fdb-file-service.ts (FDB-backed file operations)
theia-backend/websocket-auth.ts (WebSocket JWT validation)
Phase 3: FoundationDB File Persistence (1-2 days)
Goal
All theia file operations persist to FDB, organized by tenant/session.
Tasks
3.1: Implement FDB Key Schema (1 hour)
tenant_{tenant_id}/sessions/{session_id} → Session metadata
tenant_{tenant_id}/sessions/{session_id}/files/{path} → File content
tenant_{tenant_id}/sessions/{session_id}/terminal/{terminal_id} → terminal state
tenant_{tenant_id}/users/{user_id} → User profile
3.2: Implement File Service (4 hours)
- File:
theia-backend/fdb-file-service.ts - Functions:
readFile(sessionId, path)→ read from FDBwriteFile(sessionId, path, content)→ write to FDBdeleteFile(sessionId, path)→ delete from FDBlistFiles(sessionId, dirPath)→ list directory
- Add: Caching layer (in-memory for hot files)
- Test: CRUD operations work, data persists
3.3: Integrate with theia (3 hours)
- Replace theia's default filesystem service
- Route all file ops through FDB service
- Add error handling (FDB unavailable → fallback to local)
- Test: Create/edit/delete files in theia, verify in FDB
Verification:
# Test 1: Write file in theia, verify in FDB
# (In theia: create file /workspace/test.txt with content "Hello FDB")
kubectl exec -n coditect-app foundationdb-0 -- fdbcli --exec "get tenant_123/session_abc/files/workspace/test.txt"
# Expected: 'tenant_123/session_abc/files/workspace/test.txt' is 'Hello FDB'
# Test 2: Restart pod, file still exists
kubectl delete pod coditect-combined-<pod-name> -n coditect-app
# Wait 2 minutes for pod to restart
# Open theia, verify /workspace/test.txt still exists with correct content
Files to Create:
theia-backend/fdb-file-service.ts (Core FDB file operations)
theia-backend/fdb-client.ts (FDB connection pool)
theia-backend/fdb-schema.ts (Key schema definitions)
Phase 4: End-to-End Integration (1 day)
Goal
Complete flow: User logs in → Creates session → Opens theia → Files persist to FDB.
Tasks
4.1: Wire Frontend to Backend (2 hours)
- V5 Frontend login → JWT stored
- Session created in FDB via API
- Frontend redirects to theia with sessionId in URL
- theia receives sessionId, validates JWT
4.2: Session Lifecycle (2 hours)
- User creates session → Entry in FDB
- User opens theia → sessionId injected into all operations
- User edits files → Files saved to FDB with session prefix
- User closes tab → Session marked as "paused" (not deleted)
- User returns → Session resumed, files still there
4.3: Multi-Session Support (2 hours)
- User can have multiple sessions (Project A, Project B)
- Each session has isolated filesystem in FDB
- Switching sessions in UI updates sessionId context
- Files don't leak between sessions
Verification:
# Test 1: Complete user flow
# 1. Open https://coditect.ai
# 2. Register new user
# 3. Create session "Project A"
# 4. Open theia, create file /workspace/hello.txt
# 5. Close tab
# 6. Login again, open session "Project A"
# 7. Verify /workspace/hello.txt still exists
# Test 2: Multi-session isolation
# 1. Create session "Project A", create file /workspace/a.txt
# 2. Create session "Project B", create file /workspace/b.txt
# 3. Switch to "Project A", verify ONLY a.txt exists (not b.txt)
# 4. Switch to "Project B", verify ONLY b.txt exists (not a.txt)
Configuration Files (YAML Approach)
Option 1: Environment Variables (FASTEST)
Update k8s-combined-deployment.yaml:
env:
- name: V5_API_URL
value: "http://coditect-api-v5-service.coditect-app.svc.cluster.local:8080"
- name: FDB_CLUSTER_FILE
value: "/var/fdb/fdb.cluster"
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: v5-jwt-secret
key: jwt-secret
Create JWT secret:
kubectl create secret generic v5-jwt-secret \
-n coditect-app \
--from-literal=jwt-secret='your-secret-key-here'
Apply changes:
kubectl apply -f k8s-combined-deployment.yaml
kubectl rollout restart deployment/coditect-combined -n coditect-app
Option 2: ConfigMap (MORE FLEXIBLE)
Create auth-config.yaml:
apiVersion: v1
kind: ConfigMap
metadata:
name: auth-config
namespace: coditect-app
data:
auth.json: |
{
"jwt": {
"issuer": "coditect.ai",
"audience": "coditect-users",
"expiry": "24h"
},
"theia": {
"auth_required": true,
"session_timeout": "30m"
},
"fdb": {
"cluster_file": "/var/fdb/fdb.cluster",
"key_prefix": "tenant_"
}
}
Mount in deployment:
volumes:
- name: auth-config
configMap:
name: auth-config
volumeMounts:
- name: auth-config
mountPath: /etc/coditect/auth.json
subPath: auth.json
Testing Checklist
Phase 1: Frontend Auth ✅
- User can register via UI
- User can login via UI
- JWT stored in localStorage
- JWT sent with API requests
- 401 redirects to /login
- Sessions created via API
- Sessions listed from FDB
Phase 2: theia Session Context ✅
- theia extracts JWT from header
- theia knows current sessionId
- theia logs sessionId with operations
- WebSocket auth works
- Unauthenticated requests rejected
Phase 3: FDB Persistence ✅
- Files saved to FDB
- Files readable from FDB
- Files survive pod restart
- Sessions isolated (no cross-session leaks)
- Directory listings work
Phase 4: End-to-End ✅
- Complete user flow works
- Multi-session support works
- Session resume works
- No data loss after pod restarts
- Performance acceptable (<500ms file ops)
Rollout Strategy
Development Testing (Local)
- Test frontend auth against production API
- Test theia changes in local Docker
- Verify FDB writes in test cluster
Staging Deployment (GKE Test Namespace)
- Deploy to
coditect-stagingnamespace - Run full integration tests
- Load test (100 concurrent users)
- Verify no regressions
Production Deployment (Blue-Green)
- Deploy new version as
coditect-combined-v2 - Route 10% traffic to v2 (Ingress split)
- Monitor errors/latency for 1 hour
- Route 50% traffic if stable
- Route 100% traffic after 4 hours
- Delete old
coditect-combineddeployment
Rollback Plan
If deployment fails:
# Rollback to previous version
kubectl rollout undo deployment/coditect-combined -n coditect-app
# Verify old version running
kubectl get pods -n coditect-app | grep coditect-combined
# Check health
curl https://coditect.ai/health
If data corruption detected:
# FDB has automatic backups every 6 hours
# Restore from last backup
kubectl exec -n coditect-app foundationdb-0 -- fdbbackup restore \
--destcluster /var/fdb/fdb.cluster \
--restoretimestamp $(date -u -d '1 hour ago' +%s)
Timeline Summary
| Phase | Tasks | Time | Start | End |
|---|---|---|---|---|
| Phase 1 | Frontend Auth | 1-2 days | Day 1 AM | Day 2 PM |
| Phase 2 | theia Session | 1 day | Day 2 PM | Day 3 PM |
| Phase 3 | FDB Persistence | 1-2 days | Day 3 PM | Day 5 PM |
| Phase 4 | E2E Integration | 1 day | Day 5 PM | Day 6 PM |
| TOTAL | 4-6 days |
Aggressive (solo, 10h/day): 4 days Realistic (solo, 8h/day): 6 days With 2 people: 3-4 days (parallel Phase 1+2)
Next Immediate Action
START HERE:
-
Create JWT secret in K8s (5 minutes)
kubectl create secret generic v5-jwt-secret \
-n coditect-app \
--from-literal=jwt-secret='$(openssl rand -base64 32)' -
Update src/services/api-client.ts (30 minutes)
- Create Axios instance with JWT interceptor
- Add automatic token refresh
- Add 401 redirect
-
Test frontend auth (15 minutes)
- Open https://coditect.ai
- Register new user
- Verify JWT in localStorage
- Verify API calls include Authorization header
-
Move to Phase 2 (theia integration)
Status: Ready to execute Phase 1, Task 1.2 (JWT Storage) Blocker: None Risk: Low (frontend auth is isolated, won't break existing functionality)