Skip to main content

CustomerLaunchpadPanel

CustomerLaunchpadPanel is the customer-facing dashboard surface for launching generated applications from one ValkyrAI sign-in.

It lives at:

web/typescript/valkyr_labs_com/src/components/Dashboard/components/CustomerLaunchpadPanel.tsx

Component Contract

The panel imports generated ThorAPI model types:

import type { Application } from "@thorapi/model/Application";
import type { TenantRuntimeBinding } from "@thorapi/model/TenantRuntimeBinding";

The component does not create replacement interfaces for ThorAPI-owned application or runtime-binding records. Local response types are limited to the custom Launchpad projection returned by the backend controller.

Endpoint Contract

Launchpad data comes from the lowercase authenticated controller:

GET /v1/launchpad/apps
POST /v1/launchpad/apps/{applicationId}/launch

The panel calls the endpoint with authJsonFetch. It does not call generated TenantRuntimeBinding DataWorkbook routes, which remain hidden and explicitly denied at the HTTP boundary.

POST /v1/launchpad/apps/{applicationId}/launch returns a short-lived signed launch token and tokenized launch URL after the backend revalidates that the application belongs to the authenticated principal and is launchable.

UX Behavior

  • Shows the owned application count and launchable application count.
  • Lists generated applications with status, runtime kind, auth mode, RBAC mode, link type, deployment ownership model, billing profile, runtime URL or application entrypoint, source-backed health URL when registered, data-plane posture, required launch claims, and latest binding time.
  • Requests a short-lived app-scoped launch token before opening active or validating runtime bindings. Launch tokens are issued only for HTTP(S) runtime or entrypoint URLs without embedded userinfo.
  • Shows a backend-approved generated application entrypoint when no runtime binding is available and the application is deployed or ready.
  • Refuses to open a raw runtime or entrypoint URL when the launch response does not include a tokenized runtime URL.
  • Keeps unbound applications visible, disables direct launch, and links the customer to deployment setup.
  • Links each card to the generated application detail surface.

Security Boundary

The browser receives only a launch-safe projection:

  • application id, name, description, type, and status
  • runtime binding id, runtime kind, runtime status, auth mode, RBAC mode, and runtime URL
  • deployment id, deployment status, deployment endpoint, link type, deployment ownership model, billing profile, health URL when present in deployment metadata or derivable from generated healthCheckPath
  • organization id, tenant schema registry id/name, tenant database scope, and tenant isolation mode
  • application data-plane binding id, isolation mode, status, schema/database placement, host, and region
  • required launch-token claim names
  • launch URL, launchability, and launch hint
  • short-lived launch token, expiry, audience, and tokenized launch URL only after an explicit launch request

The projection intentionally omits data-plane credential references, registry internals beyond launch scope ids, database placement secrets, raw generated tenant runtime binding rows, and unregistered health claims.

Backend services remain responsible for:

  • resolving the authenticated principal id
  • querying generated Application rows by owner id
  • querying generated TenantRuntimeBinding rows by owner id
  • choosing the latest runtime binding per application
  • issuing five-minute tokenType=launchpad launch tokens with app and audience claims
  • rejecting non-HTTP(S) launch URLs before token creation and appending launch tokens before any URL fragment
  • denying anonymous access before the generic /v1/** GET fallback
  • keeping generated tenant runtime binding DataWorkbook routes inaccessible

Tests

Focused coverage lives at:

src/components/Dashboard/components/__tests__/CustomerLaunchpadPanel.test.tsx
valkyrai/src/test/java/com/valkyrlabs/valkyrai/service/LaunchpadServiceTest.java
valkyrai/src/test/java/com/valkyrlabs/valkyrai/controller/LaunchpadControllerContractTest.java

The tests verify authenticated endpoint usage, latest runtime binding selection, legacy entrypoint fallback, disabled launch behavior for unbound apps, short-lived launch-token claims, tokenized runtime URL launching, rejected out-of-owner launch attempts, source-backed link/billing/data-plane/health metadata rendering, and route ordering before the anonymous /v1/** fallback. Frontend tests also prove the panel fails closed instead of opening a raw runtime URL if the launch endpoint does not return a tokenized launch URL. Backend tests prove non-HTTP(S) runtime URLs are non-launchable and tokenized launch URLs preserve existing query strings and URL fragments.