Warning
This project is under active development and currently has dependencies on WorkOS. Instructions are tailored for our internal team, but we are working to make deployment easy for everyone.
Join our Discord if you'd like to help!
Visit us at http://lab.cloud for updates.
- Backend: FastAPI with WorkOS SSO integration, API at
/api/v1/* - Frontend: React + TypeScript + MUI Joy UI, served from
/ - Authentication: WorkOS SSO with session cookies
- Unified Deployment: Single port (
8000) serves both frontend and backend - Development: Hot reload support; optional separate frontend server
- Python 3.8+
- Node.js 16+
- uv (can be installed via
curl -LsSf https://astral.sh/uv/install.sh | sh) - WorkOS account and application setup
- WorkOS Setup: Create a WorkOS account at workos.com and configure your SSO connection.
- Configure Environment: Copy
.env.exampleto.envand add your WorkOS credentials. - Run Setup Script:
(Installs all dependencies and runs database migrations.)
./setup.sh
You are set up!
- Create a WorkOS account at workos.com
- Create a new WorkOS application
- Configure your SSO connection (Google, Microsoft, etc.)
- Note your API Key and Client ID
- Add redirect URI:
http://localhost:8000/api/v1/auth/callback
- Ensure your env files are set in
/backend/.envand/frontend/.env.
For frontend dev, set:(UseVITE_API_URL=http://localhost:8000/api/v1VITE_API_URL=/api/v1only for production with unified server.) - Run backend and migrations:
./start.sh --dev - In another window, run frontend:
npm run dev
This project uses Alembic with SQLAlchemy for schema changes.
Migrations live in backend/alembic/versions and target metadata from backend/config.py.
- Make model changes in
backend/db_models.py. - Create a migration (autogenerate):
cd backend source .venv/bin/activate alembic revision --autogenerate -m "describe your change"
- Apply migrations (automatically runs with
start.sh):alembic upgrade head
- Verify/history (optional):
alembic current alembic history --verbose
- Create environment file:
Copy.env.exampleto.envand configure:AUTH_API_KEY=your_api_key_here AUTH_CLIENT_ID=your_client_id_here AUTH_REDIRECT_URI=http://localhost:8000/api/v1/auth/callback AUTH_COOKIE_PASSWORD=your_secure_cookie_password BASE_URL=http://localhost:8000
- Run:
./docker-run.sh build-and-run
| Scope | Description |
|---|---|
admin |
Full access to all write operations |
compute:write |
Launch, stop, and manage compute jobs/instances |
nodepools:write |
Create, update, or delete node pools |
storage:write |
Create, mount, or modify storage buckets |
registries:write |
Manage private container registries |
- Scopes apply to API key-authenticated requests. Session-authenticated users are not scope-restricted.
- If an API key has no scopes, it cannot perform protected write actions.
- Selecting the
adminscope supersedes all others. - The server exposes allowed scopes at
GET /api/v1/auth/allowed-scopes. - Scope values are case-insensitive on input; they are normalized to lowercase and
adminis exclusive (cannot be combined).
- Framework:
pytest - Location:
tests/
Quick run:
./run_tests.sh- Create/activate venv (if not already):
uv venv --python 3.10 source .venv/bin/activate - Install dev deps (includes pytest):
uv pip install -e .[dev]
- Run tests:
pytest
Tips:
- Run a single file:
pytest tests/test_app_basic.py - Run a single test:
pytest -k login_url - Forward args via script:
./run_tests.sh -k login_url
Notes:
- Tests isolate
$HOMEtotests/.tmp_homeand setDATABASE_URLto a file-based SQLite DB under that folder; Alembic migrations run at test session start to match production schema. - The initial tests are intentionally simple to serve as templates for future tests.