{
  "title": "Service Registry v1 — RPI Edge Platform",
  "version": 1,
  "services": [
    {
      "serviceName": "Community Sandbox / Living Lab",
      "class": "public-facing",
      "pillarOwner": "Community Sandbox / Living Lab",
      "purpose": "Primary public-facing Living Lab experience and entry surface",
      "publicRoute": "/community-sandbox/",
      "localUpstream": "app:3000 via Caddy /community-sandbox/*",
      "exposure": "public",
      "authExpectation": "public entry surface; protected subflows may exist",
      "healthEndpoint": "/community-sandbox/",
      "artifactSource": "deployment/portal/index.html gateway link, service registry publication, deploy SHA from /webhook/last-event",
      "verificationCommand": "curl -sS -o /dev/null -D - https://raspmedia.tailea9075.ts.net/community-sandbox/ -k | sed -n '1,12p'",
      "recoveryCommand": "git revert <sha> && git push origin main",
      "notes": "App-backed surface; API health remains runtime-dependent and should be verified on the Pi when needed",
      "evidenceStatus": "proven"
    },
    {
      "serviceName": "Fractional CTO",
      "class": "public-facing",
      "pillarOwner": "Fractional CTO",
      "purpose": "Content and offer-facing surface",
      "publicRoute": "/fractional-cto.html",
      "localUpstream": "static portal page",
      "exposure": "public",
      "authExpectation": "none expected",
      "healthEndpoint": "/fractional-cto.html",
      "artifactSource": "deployment/portal/fractional-cto.html",
      "verificationCommand": "curl -sS -o /dev/null -D - http://127.0.0.1:8080/fractional-cto.html | sed -n '1,12p'",
      "recoveryCommand": "git revert <sha> && git push origin main",
      "notes": "Static page",
      "evidenceStatus": "proven"
    },
    {
      "serviceName": "Real Estate",
      "class": "public-facing",
      "pillarOwner": "Real Estate",
      "purpose": "Property intelligence and operational presentation surface",
      "publicRoute": "/real-estate.html",
      "localUpstream": "static portal page",
      "exposure": "public",
      "authExpectation": "none expected",
      "healthEndpoint": "/real-estate.html",
      "artifactSource": "deployment/portal/real-estate.html, gateway navigation, deploy SHA from /webhook/last-event",
      "verificationCommand": "curl -sS -o /dev/null -D - https://raspmedia.tailea9075.ts.net/real-estate.html -k | sed -n '1,12p'",
      "recoveryCommand": "git revert <sha> && git push origin main",
      "notes": "Static route is proven more strongly than business-data freshness",
      "evidenceStatus": "proven"
    },
    {
      "serviceName": "OICP dashboard",
      "class": "public-facing",
      "pillarOwner": "OICP",
      "purpose": "OICP operator and program execution dashboard",
      "publicRoute": "/oicp/dashboard",
      "localUpstream": "oicp:3001",
      "exposure": "public",
      "authExpectation": "public route is exposed; deeper workflow authorization remains needs-verification",
      "healthEndpoint": "/oicp/api/health",
      "artifactSource": "gateway navigation, service-registry publication, deploy SHA from /webhook/last-event",
      "verificationCommand": "curl -sS -o /dev/null -D - https://raspmedia.tailea9075.ts.net/oicp/api/health -k | sed -n '1,12p'",
      "recoveryCommand": "git revert <sha> && git push origin main",
      "notes": "Confidence still depends on runtime API reachability when checked from the deployed environment",
      "evidenceStatus": "proven"
    },
    {
      "serviceName": "Sandbox Gateway",
      "class": "operator-facing",
      "pillarOwner": "cross-pillar",
      "purpose": "Main platform index and navigation surface",
      "publicRoute": "/",
      "localUpstream": "static portal page",
      "exposure": "public",
      "authExpectation": "none",
      "healthEndpoint": "/",
      "artifactSource": "deployment/portal/index.html",
      "verificationCommand": "curl -sS -o /dev/null -D - http://127.0.0.1:8080/ | sed -n '1,12p'",
      "recoveryCommand": "git revert <sha> && git push origin main",
      "notes": "Primary operator/public entry",
      "evidenceStatus": "proven"
    },
    {
      "serviceName": "Project Charter",
      "class": "operator-facing",
      "pillarOwner": "cross-pillar",
      "purpose": "Governing artifact for structure, priorities, and evaluator direction",
      "publicRoute": "/project-charter.html",
      "jsonRoute": "/project-charter-v1.json",
      "localUpstream": "static portal page and static portal JSON",
      "exposure": "public",
      "authExpectation": "none",
      "healthEndpoint": "/project-charter.html",
      "artifactSource": "docs/architecture/project-charter-v1.md and artifacts/architecture/project-charter-v1.json",
      "verificationCommand": "curl -sS -o /dev/null -D - http://127.0.0.1:8080/project-charter.html | sed -n '1,12p'",
      "recoveryCommand": "git revert <sha> && git push origin main",
      "notes": "JSON is intentionally published in portal for safe serving",
      "evidenceStatus": "proven"
    },
    {
      "serviceName": "Service Registry",
      "class": "operator-facing",
      "pillarOwner": "cross-pillar",
      "purpose": "Canonical map of services, routes, exposure, proof, and recovery",
      "publicRoute": "/service-registry.html",
      "jsonRoute": "/service-registry-v1.json",
      "localUpstream": "static portal page and static portal JSON",
      "exposure": "public",
      "authExpectation": "none",
      "healthEndpoint": "/service-registry.html",
      "artifactSource": "docs/architecture/service-registry-v1.md and artifacts/architecture/service-registry-v1.json",
      "verificationCommand": "curl -sS -o /dev/null -D - http://127.0.0.1:8080/service-registry.html | sed -n '1,12p'",
      "recoveryCommand": "git revert <sha> && git push origin main",
      "notes": "Supports future evaluator work",
      "evidenceStatus": "proven"
    },
    {
      "serviceName": "Runtime monitor",
      "class": "operator-facing",
      "pillarOwner": "cross-pillar",
      "purpose": "Dedicated runtime health, deploy, and freshness monitoring surface",
      "publicRoute": "/runtime-monitor.html",
      "localUpstream": "static portal page",
      "exposure": "public",
      "authExpectation": "none currently",
      "healthEndpoint": "/runtime-monitor.html",
      "artifactSource": "/ops-digest.json, /webhook/status.json, /health.json, /observability-status.json",
      "verificationCommand": "curl -sS -o /dev/null -D - http://127.0.0.1:8080/runtime-monitor.html | sed -n '1,12p'",
      "recoveryCommand": "git revert <sha> && git push origin main",
      "notes": "Depends on artifact freshness",
      "evidenceStatus": "inferred"
    },
    {
      "serviceName": "Webhook engine",
      "class": "internal platform service",
      "pillarOwner": "cross-pillar",
      "purpose": "Receives deploy triggers and executes normal deploy path",
      "publicRoute": "/webhook/push",
      "localUpstream": "host.docker.internal:9000",
      "exposure": "public",
      "authExpectation": "signed webhook validation expected",
      "healthEndpoint": "/webhook/last-event",
      "artifactSource": "/opt/community-sandbox/deployment/webhook-receipts.log and webhook log",
      "verificationCommand": "curl -sS http://127.0.0.1:9000/webhook/last-event",
      "recoveryCommand": "systemctl status webhook || docker logs deployment-caddy-1",
      "notes": "Central dependency for Git-backed deploys",
      "evidenceStatus": "proven"
    },
    {
      "serviceName": "Pi-hole admin",
      "class": "operator-facing",
      "pillarOwner": "cross-pillar",
      "purpose": "DNS and network control panel",
      "publicRoute": "/admin/",
      "localUpstream": "http://host.docker.internal:80",
      "exposure": "public",
      "authExpectation": "boundary plus application login",
      "healthEndpoint": "/admin/",
      "artifactSource": "Caddy route behavior and login redirect",
      "verificationCommand": "curl -sS -o /dev/null -D - http://127.0.0.1:8080/admin/ | sed -n '1,12p'",
      "recoveryCommand": "git revert <sha> && git push origin main",
      "notes": "Must preserve 302 redirect to /admin/login",
      "evidenceStatus": "proven"
    },
    {
      "serviceName": "LiteLLM",
      "class": "internal platform service",
      "pillarOwner": "cross-pillar",
      "purpose": "Local model routing and inference gateway",
      "publicRoute": "/litellm/",
      "localUpstream": "litellm:4000",
      "exposure": "public",
      "authExpectation": "needs-verification",
      "healthEndpoint": "/litellm/v1/models",
      "artifactSource": "Caddy config and route checks",
      "verificationCommand": "curl -sS -o /dev/null -D - http://127.0.0.1:8080/litellm/v1/models | sed -n '1,12p'",
      "recoveryCommand": "docker compose -f deployment/docker-compose.yml restart litellm",
      "notes": "UI and API route shape are special-cased in Caddy",
      "evidenceStatus": "inferred"
    },
    {
      "serviceName": "Self-eval jobs",
      "class": "internal platform service",
      "pillarOwner": "cross-pillar",
      "purpose": "Generate self-eval and execution artifacts",
      "publicRoute": null,
      "localUpstream": "artifact-producing jobs under artifacts/self-eval/",
      "exposure": "local only",
      "authExpectation": "not directly user-facing",
      "healthEndpoint": null,
      "artifactSource": "artifacts/self-eval/*.json and rollup.md",
      "verificationCommand": "ls -1 artifacts/self-eval | sed -n '1,20p'",
      "recoveryCommand": "needs-verification",
      "notes": "Indirectly exposed through published artifacts",
      "evidenceStatus": "needs-verification"
    }
  ]
}