Skip to content

Understand Services

Caracal services are small, explicit runtime components. Each service owns a bounded part of the authority lifecycle and exposes health/readiness endpoints for operations.

ServicePortOwns
Manage Product State3000Product state, management routes, policy/grant resources, admin audit, API outbox.
Coordinate Agent State4000Agent sessions, service leases, delegation edges, invocations, Coordinator outbox.
Issue Mandates8080Token exchange, mandate issuance, JWKS, policy evaluation, step-up status.
Protect Upstreams8081Protected reverse proxy, per-request exchange, revocation checks, upstream safety.
Ingest Audit Evidence9090Audit ingestion, DLQ, tamper checks, retention, search.
Automate ManagementAPI 3000Optional in-process remote management invocation through shared engine dispatch.
flowchart LR
  API --> Postgres[(Postgres)]
  API --> Redis[(Redis)]
  Coordinator --> Postgres
  Coordinator --> Redis
  STS --> Postgres
  STS --> Redis
  Gateway --> Postgres
  Gateway --> Redis
  Gateway --> STS
  Audit --> Postgres
  Audit --> Redis
  Control --> API
  Control --> Redis
PathPages
Management planeManage Product StateCoordinate Agent State
Authority pathIssue MandatesProtect Upstreams
Evidence and automationIngest Audit EvidenceAutomate Management

Start with Manage Product State to understand where Caracal product objects are owned.