What is this?

The FabricBloc Developer Hub is the single entry point for engineering context. It replaces scattered Notion pages, Confluence wikis, and bookmarked GitHub links with one dashboard that answers three questions:

1. Is the platform healthy?
2. Am I set up correctly?
3. Where do I find what I need?

How to use it

Overview
Platform health, quick start, architecture, all repositories
Map
Interactive architecture visualization (pan, zoom, click to drill down)
APIs
Service API documentation grouped by layer (Product, Platform, Infrastructure)
Contracts
Solidity smart contract ABIs and deployment data
Events
CloudEvents schema catalog across all services
Tools
Claude Code plugins, MCP server, AI agent access, getting started guides
Infrastructure
Local development infrastructure (Docker, PostgreSQL, Redis, Grafana, Jaeger)
Team
Contributor profiles and activity from GitHub

Key principle: No hardcoded data

Everything on this dashboard comes from generated JSON files produced by the docs pipeline (make generate). Service catalogs, event schemas, contract ABIs, and compliance scores are all derived from the actual codebase -- not manually maintained lists.

The MCP advantage

The FabricBloc MCP server gives Claude access to ALL platform APIs, events, and contracts without cloning every repo. A developer working on one service can ask Claude about any other service's endpoints, events, or contracts through the MCP connection. This eliminates the need to pull 15+ repos on a weak machine.

bun run mcp/server.ts

Phase 2 (shipped)

  • GitHub API integration -- deploy triggers, CI status, PR activity, contributor profiles
  • Activity feed -- recent commits, who's working on what

Phase 3 roadmap

  • Grafana metrics -- service health, error rates, latency pulled from dashboards
  • Real-time updates -- WebSocket for live health dots (currently snapshot-based)
This dashboard is part of fabricbloc-docs. Source: github.com/BloclabsHQ/fabricbloc-docs
Configuration: docs.config.yaml
Generation: make generate
Local preview: make serve

FabricBloc — Internal Developer Hub

Product Readiness

Hand-declared by the team. Replaces compliance % as the headline because the welfare question is “can a customer do the thing today?” not “what % of static rules pass?” Engineering quality detail is in the section below.
Loading product readiness…

Engineering Quality (compliance scan)

Loading compliance data…
Loading diagram…
Critical path (Creator → Kong → Platform) HTTP gRPC Event (async)
...
Grafana

No map data

Run this command, then refresh the page:

make generate
Details

Contracts

Events

Glossary

Platform and business terminology. Use these terms consistently across code, docs, issues, and conversations.

Tools
Plugins, MCP servers, AI agents, and quick links for the FabricBloc engineering stack.
Resources
Team, glossary, signing reference, and platform background — all the context that isn’t an API, event, or contract.

Quick Jump

For AI agents

Machine-readable catalog. Single HTML fetch reveals everything via <link rel="alternate"> tags in <head>. The list below mirrors that catalog for humans + crawlers.
Start at sitemap.json for the full inventory. MCP server available for tool-style access (bun run mcp/server.ts, stdio) — no hosting cost, but requires .mcp.json setup. The links above need neither.
GitHub
Effort, quality, and architecture across the platform. 13-week rolling window from every scanned repo.

Platform-wide activity

Engineering excellence

Security posture

Service bus factor

Platform
Runtime topology, network routing, deploy pipelines, and platform guidance that keeps services aligned.

Prerequisites

Three tools required before you can run any FabricBloc service locally.

1Password Desktop
Secrets manager — CLI injects secrets at runtime
  1. Install: brew install --cask 1password
  2. Install CLI: brew install --cask 1password/tap/1password-cli
  3. Enable: Settings → Developer → "Integrate with 1Password CLI"
  4. Verify: op vault list
Tailscale
VPN mesh — resolves internal DNS, RDS, Grafana
  1. Install: brew install --cask tailscale
  2. Connect to FabricBloc network
  3. Split DNS: 10.50.0.2 for rds.amazonaws.com (exit node ON)
Docker Desktop
Container runtime — everything runs in Docker
  1. Install: brew install --cask docker
  2. Clone: git clone BloclabsHQ/fabric-dev-stack
  3. Setup: make setup && make pull
  4. Start: make up

Port Allocation

All services listen on 8094 internally. Docker maps external ports for local dev.

ServiceExternalInternalOwner

Traffic Routing

Two paths into services. External traffic goes through Kong (JWT, rate limits, HMAC). Internal service-to-service uses the ALB (no JWT, HMAC only).

External KONG
Creator/Client → api.dev.fabricbloc.com
→ JWT validated · Rate limited · HMAC signed
→ Service
Public Services
Internal ALB
Service A → internal-api:8000
→ VPC only · No JWT · HMAC required
→ Service B
Internal Services
Never route service-to-service calls through Kong. Use the internal ALB or Docker DNS.

Stack Components

Architecture Reference Principles · networking · secrets
Principles
No .env files
Secrets via op run only. Never on disk.
Everything containerized
No local installs. If it's not in docker-compose, it doesn't run.
Infra-agnostic
Docker DNS locally, ALB in prod. Same pattern everywhere.
Network
Local: Service A → fabric-events:8094 → Service B
Dev/Prod: Service A → internal-api.dev.fabricbloc.com:8000 → Service B
Secrets Flow
Local
.env.op.testnet (op:// URIs)
op run
Process memory
Deployed
1Password ↓ sync-dev.yaml
AWS Secrets Manager ↓ Terraform
ECS env vars
Never create .env files with real secrets. 1Password and process memory only.

Team

Contributor profiles from GitHub — repos, PRs, recent activity per person. Data from platform-state.json.

Network Access

Every URL falls into one of three zones. If you're unsure whether something should be public, it probably shouldn't be.

PUBLIC — Internet-facing TAILSCALE — VPN required INTERNAL — VPC/ALB only
DomainZonePurpose

Route Exposure

Kong routes on api.dev.fabricbloc.com. Host-restricted routes only respond on listed hosts.

ServiceRouteAuthHost Restriction

Service Status

Operations Guide Secrets · credentials · redeploy

Secrets flow from 1Password → AWS Secrets Manager → ECS via GitHub Actions in fabric-iac.

1. Add Env Var

Credential management and deployment workflows. Secrets flow from 1Password → AWS Secrets Manager → ECS via GitHub Actions in fabric-iac.

1. Add Env Var
Add a new secret or env var to a service
  1. 1Password → vault 01-fabricbloc → item Fabric-{Service}-Env-Dev
  2. Add field (name = ENV_VAR, value = secret)
  3. Update fabric-iac/dev/fabric/terragrunt.hcl — add to secrets block
2. Sync Credentials
Push 1Password secrets → AWS Secrets Manager
gh workflow run sync-dev.yaml
3. Redeploy Dev
Terraform apply → ECS picks up new config
gh workflow run fabric-dev-apply.yml
Requires approval from @vincent or @cris
Open in GitHub →
1Password vault (01-fabricbloc)
  ↓  sync-dev.yaml (GitHub Actions)
AWS Secrets Manager fabric-dev/1password/fabric-{service}
  ↓  fabric-dev-apply.yml (Terraform)
ECS Task Definition → container env vars

Item naming: Fabric-{ServiceName}-Env-{Dev|Prod}
AWS path: fabric-{stage}/1password/fabric-{service}

Refresh Data

Run in your terminal, then refresh this page:

make generate
Close (Esc)

Sync Specs

Run in your terminal, then refresh this page:

make sync && make generate
Close (Esc)