Runtime Guide
MIGD Runtime Guide
Section titled “MIGD Runtime Guide”This guide covers runtime-focused MIG v0.1 deployment options for migd.
For first-time setup, use Quickstart.
For full operator documentation, use User Guide.
Security Modes
Section titled “Security Modes”Open mode
Section titled “Open mode”MIGD_AUTH_MODE=none migdJWT mode
Section titled “JWT mode”MIGD_AUTH_MODE=jwt \MIGD_JWT_HS256_SECRET=<set-a-strong-secret> \migdIn JWT mode:
Authorization: Bearer <token>is required.- Token must include
tenant_id(ortenant) claim. - Capability scope checks use
scopeorscopesclaims.
Observability
Section titled “Observability”Enable metrics (default on):
MIGD_ENABLE_METRICS=true migdPrometheus scrape endpoint:
GET /metrics
gRPC binding
Section titled “gRPC binding”Enable gRPC listener:
MIGD_GRPC_ADDR=:9090 migdServices exposed:
Discovery(Hello,Discover)Invocation(Invoke,StreamInvoke)Events(Publish,Subscribe)Control(Cancel,Heartbeat)
Optional durability hooks
Section titled “Optional durability hooks”NATS event mirroring
Section titled “NATS event mirroring”MIGD_NATS_URL=nats://localhost:4222 migdPublished MIG events are mirrored to subjects:
mig.v0_1.<tenant>.events.<topic>
NATS request/reply binding
Section titled “NATS request/reply binding”MIGD_NATS_URL=nats://localhost:4222 \\MIGD_ENABLE_NATS_BINDING=true \\migdRequest/reply subjects:
mig.v0_1.<tenant>.hellomig.v0_1.<tenant>.discovermig.v0_1.<tenant>.invoke.<capability>mig.v0_1.<tenant>.events.<topic>mig.v0_1.<tenant>.control.cancel.<message_id>mig.v0_1.<tenant>.control.heartbeat
Audit JSONL sink
Section titled “Audit JSONL sink”MIGD_AUDIT_LOG_PATH=./migd-audit.jsonl migdEach invoke audit record is appended as one JSON line.
WebSocket stream invoke
Section titled “WebSocket stream invoke”Use endpoint:
GET /mig/v0.1/stream
Frame contract:
kind=request+capability+payloadinvokes capability.kind=control+payload.action=cancelsends cancellation.
Responses are emitted as kind=response or kind=error frames.