app:
  id: fips-ui
  name: FIPS Mesh
  version: 1.0.0
  description: |
    Archipelago-native dashboard for the FIPS mesh transport. Runs nginx
    inside a container with host networking, serves a static dashboard on
    :8336, and reverse-proxies /rpc/v1 to the archipelago backend on
    127.0.0.1:5678. All FIPS controls (status, seed anchors, reconnect,
    restart, and stable-channel daemon updates) go through the existing
    fips.* RPC methods, authenticated by the browser's own archipelago
    session — there is no separate secret to manage.

  container:
    build:
      context: /opt/archipelago/docker/fips-ui
      dockerfile: Dockerfile
      tag: localhost/fips-ui:local

  resources:
    memory_limit: 128Mi

  security:
    readonly_root: false
    network_policy: host

  # Host networking: nginx listens on 8336 directly on the host IP and
  # proxies to 127.0.0.1:5678 (the archipelago RPC). `ports:` is
  # intentionally empty because host networking bypasses port mapping.
  ports: []

  volumes: []

  environment: []

  health_check:
    type: http
    endpoint: http://127.0.0.1:8336
    path: /
    interval: 30s
    timeout: 5s
    retries: 3