Skip to content

ConnectumMicroservices Framework

Designed to empower modern engineering and platform teams that ship mission-critical business logic

Connectum FrameworkConnectum Framework

See It in Action

protobuf
syntax = "proto3";
package platform.v1;

import "buf/validate/validate.proto";
import "google/api/annotations.proto";
import "connectum/auth/v1/options.proto";

service DeploymentService {
  option (connectum.auth.v1.service_auth) = {
    default_policy: "deny"
    default_requires: { roles: ["platform-engineer"] }
  };

  rpc CreateDeployment(CreateDeploymentRequest) returns (Deployment) {
    option (google.api.http) = { post: "/v1/deployments" body: "*" };
  }

  rpc GetDeployment(GetDeploymentRequest) returns (Deployment) {
    option (connectum.auth.v1.method_auth) = { public: true };
    option (google.api.http) = { get: "/v1/deployments/{deployment_id}" };
  }
}

message CreateDeploymentRequest {
  string namespace = 1 [(buf.validate.field).string.min_len = 1];
  string image = 2 [(buf.validate.field).string.pattern = "^[a-z0-9./:-]+$"];
  int32 replicas = 3 [(buf.validate.field).int32 = { gte: 1, lte: 100 }];
}

message GetDeploymentRequest {
  string deployment_id = 1 [(buf.validate.field).string.uuid = true];
}

message Deployment {
  string deployment_id = 1;
  string namespace = 2;
  string image = 3;
  int32 replicas = 4;
  string status = 5;
  string created_by = 6;
}
typescript
import { create } from '@bufbuild/protobuf';
import { defineService } from '@connectum/core';
import { requireAuthContext } from '@connectum/auth';
import { getLogger, getMeter } from '@connectum/otel';
import { DeploymentService, DeploymentSchema } from '#gen/platform_pb.ts';

const logger = getLogger('DeploymentService');
const deployments = getMeter().createCounter('platform.deployments.total');

export default defineService(DeploymentService, {
  async createDeployment(req) {
    const auth = requireAuthContext();

    deployments.add(1, { namespace: req.namespace });
    logger.info('Deployment created', {
      namespace: req.namespace,
      image: req.image,
      createdBy: auth.subject,
    });

    return create(DeploymentSchema, {
      deploymentId: crypto.randomUUID(),
      namespace: req.namespace,
      image: req.image,
      replicas: req.replicas,
      status: 'PENDING',
      createdBy: auth.subject,
    });
  },
});
typescript
import { createServer } from '@connectum/core';
import { Healthcheck, healthcheckManager, ServingStatus } from '@connectum/healthcheck';
import { Reflection } from '@connectum/reflection';
import { createDefaultInterceptors, createErrorHandlerInterceptor } from '@connectum/interceptors';
import { createOtelInterceptor } from '@connectum/otel';
import { createJwtAuthInterceptor } from '@connectum/auth';
import { createProtoAuthzInterceptor } from '@connectum/auth/proto';
import deploymentService from '#services/deploymentService.ts';

const server = createServer({
  services: [deploymentService],
  port: 5000,
  protocols: [Healthcheck({ httpEnabled: true }), Reflection()],
  // Fixed-order chain: errorHandler first, then auth/authz immediately after
  // it, then observability and the default validation chain.
  interceptors: [
    createErrorHandlerInterceptor({ logErrors: true }),
    createJwtAuthInterceptor({ jwksUri: process.env.JWKS_URI! }),
    createProtoAuthzInterceptor(),
    createOtelInterceptor({ serverPort: 5000 }),
    ...createDefaultInterceptors({ errorHandler: false }),
  ],
  shutdown: { autoShutdown: true },
});

server.on('ready', () => {
  healthcheckManager.update(ServingStatus.SERVING);
});

await server.start();
bash
# Sync proto types from a running server (gRPC Server Reflection)
connectum proto sync --from localhost:5000 --out ./gen

# gRPC call (requires platform-engineer role)
grpcurl -d '{"namespace":"prod","image":"api:v2.1.0","replicas":3}' \
  -H "Authorization: Bearer $TOKEN" \
  localhost:5000 platform.v1.DeploymentService/CreateDeployment

# REST via Envoy Gateway (gRPC-JSON transcoding from google.api.http)
curl -X POST http://gateway:8080/v1/deployments \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"namespace":"prod","image":"api:v2.1.0","replicas":3}'