FuzzyCode Service Topology

Generated from topology.yaml · Last verified: 2026-04-17

Diagram

%% Auto-generated from topology.yaml — do NOT hand-edit.
%% Regenerate: python generate.py --yaml topology.yaml --out-mmd ...

flowchart LR
    classDef prod fill:#edd9c0,stroke:#683c06,color:#111
    classDef ops fill:#e6a95e,stroke:#683c06,color:#111
    classDef ext fill:#c7d9e8,stroke:#1d58b1,color:#111
    classDef client fill:#fff460,stroke:#683c06,color:#111

    fuzzycode["FuzzyCode
_{fuzzycode.dev}_{editor 
AC: uat-only}"]
    pages["Pages
_{pages.fuzzycode.dev}_{storage 
AC: uat-only}"]
    simplegpt["SimpleGPT
_{simplegpt.fuzzycode.dev}_ai-gateway"]
    imagebuddy["ImageBuddy
_{images.fuzzycode.dev}_{ai-gateway 
AC: uat-only}"]
    soundbuddy["SoundBuddy
_{sounds.fuzzycode.dev}_{ai-gateway 
AC: uat-only}"]
    spritebuddy["SpriteBuddy
_{sprites.fuzzycode.dev}_{ai-gateway 
AC: uat-only}"]
    cdnbuddy["CDNBuddy
_{cdn.fuzzycode.dev}_cdn"]
    uploaderbuddy["UploaderBuddy
_{uploads.fuzzycode.dev}_{uploader 
AC: uat-only}"]
    s3bucketbuddy["S3BucketBuddy
_uploader"]
    moderationbuddy["ModerationBuddy
_moderator"]
    browser["Browser
_client"]
    cf_worker_proxy_cors["CF Worker: proxy-cors
_{fuzzycode.dev/@pages/*}_worker"]
    cf_worker_usercontent["CF Worker: usercontent-proxy
_{usercontent.fuzzycode.dev}_worker"]
    s3_aws["S3 (aws.fuzzycode.dev)
_{aws.fuzzycode.dev}_asset-origin"]
    supabase["Supabase
_external"]

    browser -->|publish| fuzzycode
    browser -->|publish| cf_worker_proxy_cors
    cf_worker_proxy_cors ==>|publish| pages
    pages -.->|publish| s3_aws
    browser -->|image-gen| imagebuddy
    browser -->|sound-gen| soundbuddy
    browser -->|sprite-gen| spritebuddy
    browser -->|asset-upload| uploaderbuddy
    pages -.->|auth-verify| fuzzycode
    imagebuddy -.->|auth-verify| fuzzycode
    soundbuddy -.->|auth-verify| fuzzycode
    spritebuddy -.->|auth-verify| fuzzycode
    fuzzycode -->|auth-verify,auth-login| supabase
    fuzzycode -->|llm-admin| simplegpt

    class fuzzycode prod;
    class pages prod;
    class simplegpt prod;
    class imagebuddy prod;
    class soundbuddy prod;
    class spritebuddy prod;
    class cdnbuddy prod;
    class uploaderbuddy prod;
    class s3bucketbuddy prod;
    class moderationbuddy prod;
    class browser client;
    class cf_worker_proxy_cors ops;
    class cf_worker_usercontent ops;
    class s3_aws ext;
    class supabase ext;

Services (15)

Service	URL	Framework	Role	UAT: active-ctx	PROD: active-ctx	PII firewall	Notes
FuzzyCode `fuzzycode`	fuzzycode.dev	quart	editor	on	off	yes	Main editor + auth broker. Runs main:app via gunicorn (4 workers, 900s timeout).
Pages `pages`	pages.fuzzycode.dev	quart	storage	on	off	no	Publish storage + render. Despite name, uses Quart (not Flask). No PII firewall; verifies FuzzyCode-issued HMAC attestation.
SimpleGPT `simplegpt`	simplegpt.fuzzycode.dev	fastapi	ai-gateway	off	off	no	Admin-only since migration; runs main2:app per .replit (NOT main.py). Service-key + admin-JWT gates on /send.
ImageBuddy `imagebuddy`	images.fuzzycode.dev	fastapi	ai-gateway	on	off	yes	Image generation (FAL AI). Still gates on raw JWT claims in prod; active-context augments in UAT.
SoundBuddy `soundbuddy`	sounds.fuzzycode.dev	fastapi	ai-gateway	on	off	yes	Sound gen (ElevenLabs / Stable Audio).
SpriteBuddy `spritebuddy`	sprites.fuzzycode.dev	flask	ai-gateway	on	off	yes	Sprites + GIF/APNG export + bg-removal.
CDNBuddy `cdnbuddy`	cdn.fuzzycode.dev	fastapi	cdn	off	off	no	Only /resolve; NOT on publish path (scan report was wrong).
UploaderBuddy `uploaderbuddy`	uploads.fuzzycode.dev	fastapi	uploader	on	off	no	HAS NO PII FIREWALL. User uploads may carry PII (EXIF, filename, embedded text) — gap flagged in Phase 1b.
S3BucketBuddy `s3bucketbuddy`		fastapi	uploader	off	off	no	Internal bridge; not in docker-compose.
ModerationBuddy `moderationbuddy`		fastapi	moderator	off	off	no	Active for SoundBuddy; planned expansion to FuzzyCode (per repos.yaml).
Browser `browser`		n/a	client				Orchestrates two-hop publish; holds active-context cookies.
CF Worker: proxy-cors `cf_worker_proxy_cors`	fuzzycode.dev/@pages/*	worker	worker				Rewrites /@pages/* → pages.fuzzycode.dev/*. NOT the UGC Worker; that's a separate script.
CF Worker: usercontent-proxy `cf_worker_usercontent`	usercontent.fuzzycode.dev	worker	worker				Proxies editor draft/preview paths only. NOT on publish path.
S3 (aws.fuzzycode.dev) `s3_aws`	aws.fuzzycode.dev	n/a	asset-origin				Pages writes screenshots here directly via boto3.
Supabase `supabase`		n/a	external				Auth (JWT issuance) + Postgres for FuzzyCode household/children.

Edges (14)

From	To	Kind	Flows	Notes	Verified
`browser`	`fuzzycode`	http	publish	POST /api/pages/attest-publish (first hop)	`FuzzyCode/static/script.js:3899-3912; api.py:1655-1761`
`browser`	`cf_worker_proxy_cors`	http	publish	POST fuzzycode.dev/@pages/submit (second hop; Worker is transparent to client)	`FuzzyCode/static/script.js:3958-3965`
`cf_worker_proxy_cors`	`pages`	worker-forward	publish	Worker rewrites host; forwards cookies	`docs/cloudflare/workers/uat-proxy-cors.js:57-88`
`pages`	`s3_aws`	direct-boto3	publish	Screenshot PNG/WebP upload; NO CDNBuddy involvement	`FuzzycodePagesFlaskServer/main.py:2303-2386`
`browser`	`imagebuddy`	http	image-gen		`FuzzyCode/static/script.js (ASSETS_ORIGIN/IMAGES_ORIGIN refs)`
`browser`	`soundbuddy`	http	sound-gen
`browser`	`spritebuddy`	http	sprite-gen
`browser`	`uploaderbuddy`	http	asset-upload	User uploads; no PII firewall gate (flagged)
`pages`	`fuzzycode`	jwks	auth-verify	Pages fetches active-context JWKS from FuzzyCode (when active_context enabled)	`FuzzycodePagesFlaskServer/active_context_verifier.py:76-81`
`imagebuddy`	`fuzzycode`	jwks	auth-verify		`ImageBuddyRobustFastAPI/active_context_verifier.py`
`soundbuddy`	`fuzzycode`	jwks	auth-verify
`spritebuddy`	`fuzzycode`	jwks	auth-verify
`fuzzycode`	`supabase`	http	auth-verify, auth-login	Supabase auth + household data
`fuzzycode`	`simplegpt`	http	llm-admin	Service-key auth; admin uses only	`simplegpt-fastapi/main2.py:158-280`