LogicOS

Quick Start & Systems Map
LogicOS PJ Admin

Quick Start

LogicSuite is a public-sector governance platform. LogicOS (os.publiclogic.org) is the primary user interface. PuddleJumper (PJ) is the backend API and rules engine running on Fly.io.

1 Sign In

Open os.publiclogic.org and sign in with GitHub or Google. OAuth tokens are session-cookie based. Refresh is automatic.

2 Start Screen

All tools available to your role appear as tiles. Click any tool to launch it. Recent CaseSpaces appear below for quick re-entry.

3 Create Documents

Open LogicPen to write and print governed documents. Use built-in templates or your LogicCommons templates. Save to Vault.

4 Build Connectors

Open LogicBackend to register API connectors (LOGICBRIDGE) and test live API calls in the API Explorer.

5 Govern Intake

Open FormKey to create governed intake forms. Forms require a legal basis, purpose, and retention tier before publishing.

6 Monitor

Use Admin → PJ Health to see real-time status of all backend modules. Use Audit Trail to inspect the ARCHIEVE event chain.

Local development

# From monorepo root
pnpm install
cd apps/puddlejumper

# Minimum env vars
export JWT_SECRET=dev-secret
export AUTH_ISSUER=puddle-jumper
export AUTH_AUDIENCE=puddle-jumper-api

# Start
npx tsx src/api/server.ts
# → http://localhost:3002/v1/health

Deploy to Fly.io

# From monorepo root (/n8drive)
flyctl deploy -a publiclogic-puddlejumper

Systems Map

Clients
LogicOS (Cloudflare Pages)
PJ Admin UI
Public Form Endpoint
Webhook / API Consumer
↕ HTTPS · Session Cookie · CSRF header
PuddleJumper (Express on Fly.io)
Auth & OAuth
FormKey API
LOGICBRIDGE API
SEAL API
ARCHIEVE API
SYNCRONATE API
VAULT Routes
CaseSpace Routes
Connector Routes
Admin Routes
PRR Routes
AXIS (AI) Routes
↕ In-process module calls
Backend Modules (Boot Order)
1 · KMS Client
2 · ARCHIEVE
3 · VAULT
4 · SEAL
5 · Template Library
6 · AXIS
7 · FormKey
8 · LOGICBRIDGE
9 · SYNCHRON8
10 · CaseSpace Factory
11 · SYNCRONATE
↕ SQLite WAL on Fly.io persistent volume
Data Stores
formkey.db (intake records, consent, form definitions)
archieve.db + WAL queue (event chain)
logicbridge.db (connector registry, handler code)
vault.db (documents, versions, governance envelopes)
seal.db (key registry, ESK versions)
syncronate.db (feeds, jobs, run history)
prr.db · oauth_state.db · rate-limit.db
↕ OAuth / API calls
External Providers
GitHub
Microsoft 365
Google Workspace
OpenAI / Anthropic (AXIS)
TSA (RFC 3161 notarization)

Monorepo structure

n8drive/
├── packages/core/           @publiclogic/core — JWT auth, middleware, CSRF
├── packages/vault/          @publiclogic/vault — Vault policy provider
├── apps/logic-commons/      @publiclogic/logic-commons — OAuth, session, audit
└── apps/puddlejumper/
    ├── public/              guide.html, admin.html, CSS, workspace
    └── src/
        ├── api/
        │   ├── server.ts    Boot sequence + all route wiring
        │   └── routes/      auth, vault, formkey, logicbridge, seal,
        │                    archieve, syncronate, casespace, connectors,
        │                    admin, prr, access, axis, governance
        ├── formkey/         Intake · Consent · Output
        ├── logicbridge/     Registry · Publisher · Sandbox runner
        ├── seal/            ECDSA-P256 sign / verify
        ├── archieve/        Event chain · Notarizations · Export
        ├── syncronate/      Feed definitions · Job scheduler
        ├── axis/            AI provider credential resolver
        └── casespace/       Factory · Environment provisioning

FormKey — Intake & Output

Every governed form submission runs through FormKey. Two paths:

PathSteps
Intake Schema validate → Consent check → SEAL stamp → VAULT write → ARCHIEVE event
Output / Render SEAL verify → Field binding resolution → JSON output (HTML template library in future)

FormKey API

MethodPathAuthDescription
GET/api/formkey/formsbearerList FormDefinitions
POST/api/formkey/formsbearerCreate draft
POST/api/formkey/forms/:id/publishadminPublish (5-step pipeline)
POST/v1/forms/:id/submitpublicSubmit intake (rate limited)
POST/v1/forms/:id/consentpublicGrant consent
GET/api/formkey/forms/:id/render/:recordIdbearerRender VAULT record as form output
GET/api/formkey/forms/:id/submissionsbearerList intake records

API Reference

Authentication

MethodPathAuthDescription
GET/api/auth/github/loginpublicGitHub OAuth redirect
GET/api/auth/google/loginpublicGoogle OAuth redirect
GET/api/auth/microsoft/loginpublicMicrosoft OAuth redirect
GET/api/auth/statuspublicCurrent auth state
POST/api/refreshcookieRotate refresh token
GET/api/identitybearerCurrent user identity
POST/api/auth/logoutcookieRevoke session

SEAL

MethodPathAuthDescription
POST/api/seal/verifybearerVerify SealToken against artifact
GET/api/seal/public-keypublicTenant public key PEM
GET/api/seal/keysbearerList ESK versions
POST/api/seal/rotateadminRotate signing key

ARCHIEVE

MethodPathAuthDescription
GET/api/archieve/eventsbearerPaginated event stream
GET/api/archieve/events/:idbearerSingle event
POST/api/archieve/verifybearerChain integrity verification
GET/api/archieve/exportbearerDownload events (CSV/JSON)

LOGICBRIDGE

MethodPathAuthDescription
GET/api/logicbridge/connectorsbearerList connectors
POST/api/logicbridge/connectorsbearerCreate connector
POST/api/logicbridge/connectors/:id/publishbearerPublish (SEAL sign)
POST/api/logicbridge/explorer/requestbearerAPI Explorer live request

Health & Operations

MethodPathAuthDescription
GET/v1/healthpublicFull module health (all PJ modules)
GET/healthpublicBasic health check
GET/readypublicReadiness probe
GET/api/admin/statsadminAdmin dashboard stats
GET/api/admin/audit/exportadminAuth audit export

Key Environment Variables

JWT_SECRET
JWT signing key (≥32 chars, required)
AUTH_ISSUER / AUTH_AUDIENCE
JWT iss / aud claims
GITHUB_CLIENT_ID / _SECRET
GitHub OAuth app credentials
GOOGLE_CLIENT_ID / _SECRET
Google OAuth credentials
MICROSOFT_CLIENT_ID / _SECRET
Microsoft OAuth credentials
LOGICBRIDGE_HANDLER_DEK
AES key for connector handler encryption at rest
FORMKEY_SUBMISSION_RATE_LIMIT
Max intake submissions per IP/minute/form (default: 10)
FORMKEY_CONSENT_CACHE_TTL_MS
Consent verification cache TTL ms (default: 60000)
OPENAI_API_KEY
OpenAI provider for AXIS AI chat
ANTHROPIC_API_KEY
Anthropic provider for AXIS AI chat
FRONTEND_URL
LogicOS URL for CORS (required in production)
PORT
Server port (default: 3002)
NODE_ENV
production | development | test

LogicOS · PuddleJumper Control Plane · PublicLogic LLC · os.publiclogic.org on Cloudflare Pages · Backend on Fly.io (publiclogic-puddlejumper)