galaxy-game/gateway/docs/runtime.md

Runtime and Components

The diagram below focuses on the deployed galaxy/gateway process and its runtime dependencies.

flowchart LR
    subgraph Clients
        Public["Public REST clients"]
        Authd["Authenticated gRPC clients"]
    end

    subgraph Gateway["Edge Gateway process"]
        PublicHTTP["Public HTTP listener\n/healthz /readyz /api/v1/public/auth/*"]
        AuthGRPC["Authenticated gRPC listener\nExecuteCommand / SubscribeEvents"]
        AdminHTTP["Optional admin HTTP listener\n/metrics"]
        SessionSnap["In-memory session snapshot cache"]
        Replay["Replay reservation client"]
        PushHub["PushHub"]
        SessSub["Session event subscriber"]
        ClientSub["Client event subscriber"]
        Telemetry["Logs, traces, metrics"]
    end

    Public --> PublicHTTP
    Authd --> AuthGRPC
    AuthGRPC --> SessionSnap
    AuthGRPC --> Replay
    AuthGRPC --> PushHub
    SessSub --> SessionSnap
    SessSub --> PushHub
    ClientSub --> PushHub
    PublicHTTP --> Telemetry
    AuthGRPC --> Telemetry
    AdminHTTP --> Telemetry

    Redis["Redis\nsession records + replay keys + streams"]
    AuthSvc["Auth / Session Service"]
    Downstream["Downstream business services"]
    Metrics["Prometheus / OTLP collectors"]

    PublicHTTP -. public auth adapter .-> AuthSvc
    SessionSnap --> Redis
    Replay --> Redis
    SessSub --> Redis
    ClientSub --> Redis
    AuthGRPC --> Downstream
    Telemetry --> Metrics

Notes:

• cmd/gateway refuses startup when Redis connectivity or the response signer is misconfigured.
• The admin listener is optional and serves only Prometheus text metrics.
• Public auth routing stays available without an upstream adapter, but returns 503 service_unavailable.
• The default runtime reserves direct user.* authenticated self-service routes. When GATEWAY_USER_SERVICE_BASE_URL is unset those routes stay mounted but fail closed as dependency-unavailable instead of returning a route miss.