d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4eead3e53fecdb2b7e629bb9f56b22ff92c61d2e
proxmox/docs/03-deployment/SANKOFA_MARKETPLACE_SURFACES.md
defiQUG 7ac74f432b chore: sync docs, config schemas, scripts, and meta task alignment 
- Institutional / JVMTM / reserve-provenance / GRU transport + standards JSON
- Validation and verify scripts (Blockscout labels, x402, GRU preflight, P1 local path)
- Wormhole wiring in AGENTS, MCP_SETUP, MASTER_INDEX, 04-configuration README
- Meta docs, integration gaps, live verification log, architecture updates
- CI validate-config workflow updates

Operator/LAN items, submodule working trees, and public token-aggregation edge
routes remain follow-up (see TODOS_CONSOLIDATED P1).

Made-with: Cursor
2026-03-31 22:31:39 -07:00

5.5 KiB
Raw Blame History

Sankofa marketplace surfaces (disambiguation)

Last updated: 2026-03-30
Purpose: One place to distinguish the three different “marketplace” experiences in this program, how native vs partner offerings fit together, and canonical links for operators.

Marketplace methodology: native vs partner offerings

Sankofa Marketplace is a single discovery and commercial lens that can expose many offer types. Two classes matter for architecture and documentation:

Class Meaning Examples
Native First-party platform and infrastructure primitives and standard cloud-style services you operate directly. VMs, IP addresses, app hosting, core compute/network/storage patterns, managed building blocks that are not a third-party ISV SKU.
Partner Third-party / ISV products listed under your marketplace brand: separate lifecycle, agreements, entitlements, and often a distinct support model. SolaceNet (IRU product family from Solace Bank Group PLC in the Phoenix UI copy), plus other IruOffering rows seeded or onboarded as partner solutions (e.g. Vault, AS4 settlement, private banking SKUs in dbis_core/scripts/seed-*-marketplace-offering.ts).

In this repo today

  • Partner-style catalog entries for IRU are modeled in dbis_core (IruOffering, /api/v1/iru/marketplace/*, /marketplace/* React routes).
  • Native services are primarily operational reality in Proxmox / VLAN / VMID / NPM documentation (e.g. docs/04-configuration/ALL_VMIDS_ENDPOINTS.md, config/proxmox-operational-template.json). They are not automatically the same persistence layer as IruOffering unless you explicitly unify catalog UX and provisioning APIs.

Analogy: Similar to hyperscaler marketplaces: VMs and IPs are native; SolaceNet is a partner offer in the same storefront metaphor.

1. IRU service catalog (Phoenix / dbis_core)

Item Typical value
What Institutional IRU partner offerings (and related SKUs), inquiries, pricing API (/api/v1/iru/marketplace/*) and React routes under /marketplace/*.
Public UI (typical) https://phoenix.sankofa.nexus/marketplace (same origin as Phoenix API deployment).
Code dbis_core/ — public routes: iru-marketplace-public.routes.ts; full router (admin): iru-marketplace.routes.ts; marketplace.service.ts; frontend/src/pages/marketplace/.
Docs dbis_core/docs/IRU_QUICK_START.md, dbis_core/docs/IRU_IMPLEMENTATION_STATUS.md.

Security / abuse (2026-03-29+):

  • Public inquiry status returns pipeline-only fields (no org name, qualification, risk, internal notes).
  • Rate limits: POST .../inquiries (default 10 / 15 min per IP), GET .../inquiries/:id and GET .../offerings/:id/pricing (default 200 / min per IP). Tunable via env — see dbis_core/.env.example.
  • Behind Nginx Proxy Manager or another proxy, set TRUST_PROXY=1 on the API process so limits use the real client IP (dbis_core app.ts).
  • Cloudflare Turnstile (Captcha): Not the same credentials as CLOUDFLARE_API_KEY / DNS. Create a Turnstile widget in the Cloudflare dashboard; set CLOUDFLARE_TURNSTILE_SECRET_KEY (or TURNSTILE_SECRET_KEY) on the API process and VITE_CLOUDFLARE_TURNSTILE_SITE_KEY on the frontend build. If you use a merged operator env file (e.g. xotenv), export those names into the correct processes. When the secret is set, POST .../inquiries requires cfTurnstileResponse. Use IRU_MARKETPLACE_TURNSTILE_DISABLED=1 only for local dev.

2. Client portal (SSO)

Item Typical value
What SSO client workspace: entitled Phoenix services and subscription / account style flows.
URL https://portal.sankofa.nexus (NextAuth + Keycloak; see EXPECTED_WEB_CONTENT.md).
Ops scripts/deployment/sync-sankofa-portal-7801.sh, enable-sankofa-portal-login-7801.sh.
Source Sibling repo Sankofa/portal (see SANKOFA_PORTAL_SRC in sync script).

Cloudflare Turnstile (optional): When NEXT_PUBLIC_CLOUDFLARE_TURNSTILE_SITE_KEY is set in the portal build (.env.local / CI), unauthenticated Sign In on the home and Partner views uses the same widget pattern as dbis_core (public site key only on the browser). This gates the OIDC redirect behind a human check; it does not replace Keycloak security. Pair with the same Turnstile site in Cloudflare as the IRU marketplace widget if you want one widget for both surfaces.

This is not the same binary as the dbis_core React marketplace unless you explicitly integrate or embed it.

3. Sankofa Studio “marketplace” landing (FusionAI)

Item Typical value
What White-label creative SaaS; Phoenix Marketplace marketing/landing path on the Studio stack.
URL https://studio.sankofa.nexus/marketplace/landing.html (and /studio/ for the product UI).
Ops docs/03-deployment/SANKOFA_STUDIO_DEPLOYMENT.md (VMID 7805).

Do not confuse this with the IRU JSON/API catalog in section 1.

Related architecture

  • Service catalog vs “marketplace” wording (public sector), including procurement-friendly terminology: docs/02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md (subsection Sankofa Marketplace: native vs partner)
  • FQDN intent table: docs/02-architecture/EXPECTED_WEB_CONTENT.md
Reference in New Issue View Git Blame Copy Permalink