Understand Services
Caracal services are small, explicit runtime components. Each service owns a bounded part of the authority lifecycle and exposes health/readiness endpoints for operations.
Service Map
Section titled “Service Map”| Service | Port | Owns |
|---|---|---|
| Manage Product State | 3000 | Product state, management routes, policy/grant resources, admin audit, API outbox. |
| Coordinate Agent State | 4000 | Agent sessions, service leases, delegation edges, invocations, Coordinator outbox. |
| Issue Mandates | 8080 | Token exchange, mandate issuance, JWKS, policy evaluation, step-up status. |
| Protect Upstreams | 8081 | Protected reverse proxy, per-request exchange, revocation checks, upstream safety. |
| Ingest Audit Evidence | 9090 | Audit ingestion, DLQ, tamper checks, retention, search. |
| Automate Management | API 3000 | Optional in-process remote management invocation through shared engine dispatch. |
Dependency Map
Section titled “Dependency Map”flowchart LR API --> Postgres[(Postgres)] API --> Redis[(Redis)] Coordinator --> Postgres Coordinator --> Redis STS --> Postgres STS --> Redis Gateway --> Postgres Gateway --> Redis Gateway --> STS Audit --> Postgres Audit --> Redis Control --> API Control --> Redis
Service Reading Path
Section titled “Service Reading Path”| Path | Pages |
|---|---|
| Management plane | Manage Product State → Coordinate Agent State |
| Authority path | Issue Mandates → Protect Upstreams |
| Evidence and automation | Ingest Audit Evidence → Automate Management |
Next Step
Section titled “Next Step”Start with Manage Product State to understand where Caracal product objects are owned.

