UI¶
Target Architecture — Final-State Design
This page describes the final-state Integration management surfaces inside Factory Studio, the factory's operator and developer experience. These surfaces are backed by the public APIs through a backend-for-frontend and are tenant-scoped, role-gated, and fully audited.
Integration management in Factory Studio gives operators and developers a single place to configure external connectivity, govern credentials, manage webhooks, and watch external health — without ever handling raw secrets. Every action maps to a governed API call, every change emits a canonical event, and everything is filtered by tenantId.
Surface Map¶
flowchart LR
Studio["Factory Studio"] --> Conn["Connections"]
Studio --> Prov["Providers & API Clients"]
Studio --> Hooks["Webhooks"]
Studio --> Health["External Health"]
Conn --> Runs["Connection Runs & Failures"]
Prov --> Creds["Credentials & Rotation"]
Hooks --> Subs["Subscriptions"]
Hooks --> Deliv["Deliveries"]Connections¶
The primary operator surface. Lists every IntegrationConnection for the tenant with provider, status, and live health.
- List & filter connections by provider category, status (
Active/Degraded/Retired), and project. - Establish connection wizard: pick a registered provider, choose an auth mode, bind a credential (by Key Vault reference — never by typing a secret into the page), set provider configuration, and run a live test.
- Connection detail: health timeline, recent
IntegrationRuns, configuration, and the bound credential reference. Drill into a run to see attempts, latency, andexternalRef. - Retire connection with confirmation; emits
IntegrationConnectionRetired.
Providers & API Clients¶
The Vendor Registry surface. Browse and register the providers and versioned ExternalApiClients the factory supports.
- Provider catalogue with category, capabilities, auth model, and status, including
globalshared providers. - Register provider form and register API client (assembly + semver + declared capabilities), surfacing the Implemented clients (
ConnectSoft.Deputy.ApiClient,ConnectSoft.Braze.ApiClient,ConnectSoft.Bill.ApiClient, the SMS providers, etc.) as ready-to-use. - Capability matrix showing which operations each provider/client supports.
Credentials & Rotation¶
Credential governance without secret exposure.
- Credential list shows
keyVaultRef,authMode,currentVersion,lastRotatedAt, andexpiresAt— never the secret value. - Rotate now action (calls
POST /integrations/credentials/rotate) with live verification status; shows whether the new version passed its verification run before promotion. - Rotation policy editor (cadence, expiry warnings). Upcoming expirations surface as alerts.
Webhooks¶
Both directions of the webhook gateway.
- Subscriptions (outbound): create/edit subscriptions binding a factory
eventTypeto an HTTPS endpoint with a signing-secret reference; toggle active; view egress audit. - Deliveries: searchable log of inbound and outbound
WebhookDeliveryrecords with direction, status, attempts, signature status, and per-attempt detail. Replay a delivery from its preserved payload (governed action).
External Health¶
A real-time view fed by the ExternalApiHealthWorker.
- Health dashboard: per-provider/connection health (
Healthy/Degraded/Unhealthy), latency, error rate, and open circuits. - Failure feed: live
IntegrationFailurestream grouped by category, with links to the originating run/delivery and escalation status. - Cross-links into Observability dashboards for deeper trace analysis.
UX & Governance Principles¶
- No secrets in the browser. Credential surfaces show references and metadata only; secret material never transits the UI.
- Role-gated actions. Establishing connections, rotating credentials, and replaying deliveries require the corresponding security scopes; the UI hides actions the user cannot perform.
- Every action is audited. UI-initiated changes carry the operator identity and
traceIdinto the emitted event for full traceability. - Tenant-scoped by default. Operators only see their tenant's connections, providers, and deliveries.