Hub-and-spoke routing
The same platform, viewed as a routing hub. User Management (apps/user-management on port 3001) sits at the center — every client request and every backend dispatch passes through it.
User Management is the central gateway hub. Six client surfaces fan in on the left. Six backend destinations fan out on the right.
The hub — User Management Core
Four sub-tiers inside User Management:
| Sub-tier | What it does |
|---|---|
| Inbound | Ingress (Cloud Run HTTPS · Tauri HTTP) → Auth middleware (JWT validation, session check via apps/auth) → Webhook receivers (/webhook/whatsapp, /api/billing Stripe, OAuth callbacks) |
| UM Core (the dispatcher) | Route Dispatcher (files · models · billing · plugins · skills · microapps) · Agent Proxy (cloud: spot-VM proxy, local: Tauri sidecar) · Target Resolution (provisioner/spot-vm.ts) |
| Outbound | Agent routes → Agent API (4000) · Direct routes → handled by UM itself · SSE pass-through → /api/events/company/:id |
| Adjacent services | Web SSR (3000) · Auth Service (3002) · Tauri Sidecars (local-mode only — UM + Agent API in-process) |
Why a single dispatcher
| Without a hub | With UM as the hub |
|---|---|
| Each client knows N backend URLs | Each client knows one URL |
| Auth implemented N times | Auth implemented once at the gateway |
| Webhooks land in random places | All webhooks land in one Express dispatcher |
| Local vs cloud mode = different code paths | Same gateway contract; only the target URL changes |
| Spot-VM provisioning leaks into clients | Provisioning is hidden behind the proxy |
Same gateway contract, both modes
The diagram’s most important line is the one at the bottom of the hub:
In cloud mode UM runs on Cloud Run and proxies to spot-VM agent containers. In local mode UM runs as a Tauri sidecar and proxies to the local Agent API. Browser code is identical — only the target URL changes.
This is what makes Tauri Desktop + Cloud Run two faces of one product. The hub abstracts the deployment.
The six clients and six destinations
Clients (fan-in):
- Web Users — Browser (Next.js, apps/web · port 3000, SSR + static)
- Tauri Desktop — macOS · Win · Linux (WebView + sidecars, local-mode)
- iOS App — apps/ios native, talks to cloud UM over HTTPS
- Internal Admin — Ops console (deploy · health · cost · routines)
- Chat Users — WhatsApp · Telegram (message-driven, never see UI)
- Phone Caller — Voice bridge (SIP/WebRTC in, Gemini Live realtime)
Backend destinations (fan-out):
- Auth Service — apps/auth · 3002 (identity, tokens, refresh, sessions)
- Agent API · Orchestration — apps/api · 4000 (heartbeat · invoker · runs · routines · issues)
- Agent API · Channels — registry · dispatch (WhatsApp Baileys, Telegram grammy)
- Direct APIs — files · models · billing · plugins · skills · OAuth (handled by UM directly)
- External Providers — LLM · OAuth · Voice · Stripe · Firebase · GCS
- Data Tier — Postgres/SQLite · Filestore/local FS · Secrets keychain
Read next
- Platform overview — the same system as a layered topology
- LIFEOSAI substrate — what the Compute Tier does in detail
- Agent SDKs — which SDK speaks to which harness