flowchart LR
subgraph UI[Browser in kobi-ai]
UCHAT[Chat UX]
UCANVAS[Canvas UX]
UTHREAD[Thread and message CRUD]
end
subgraph BFF[kobi-ai API Layer]
BAI["/api/ai/*"]
BCANVAS["/api/canvas/*"]
BINTERNAL["/api/internal/canvas/context"]
end
subgraph ENG[kobi-agent-service]
EGRAPH[LangGraph]
EHITL[HITL interrupt and resume]
ETOOLS[MCP dispatch]
end
subgraph MCP[kobi-mcp-server]
MREG[Tool registry]
MAUTH[Auth and gating]
MWRITE[Tool-side persistence]
end
UCHAT --> BAI
UCANVAS --> BCANVAS
UTHREAD --> DB[(Supabase)]
BAI --> EGRAPH
EGRAPH --> EHITL
EGRAPH --> ETOOLS
ETOOLS --> MREG
MREG --> MAUTH
MAUTH --> MWRITE
MWRITE --> DB
BCANVAS --> DB
BINTERNAL --> DB
| Capability | UI | BFF (kobi-ai) | Engine (kobi-agent-service) | MCP (kobi-mcp-server) |
|---|
| Render chat/canvas | Owns | No | No | No |
| Chat inference request ingress | Calls | Owns | No | No |
| Chat orchestration and HITL state | No | Proxy only | Owns | No |
| Tool execution routing | No | No | Owns | Executes |
| Tool auth/scope/phase checks | No | No | Context provider | Owns |
| Canvas workspace/context APIs | Calls | Owns | No | No |
| Canvas mutations via API | Calls | Owns | No | No |
| Tool-side writes (strategy/map/idea) | No | No | Triggers | Owns |
| Internal contract to engine | No | Owns (sends headers/token) | Owns (validates) | No |
| Internal canvas context endpoint | No | Owns | Optional caller | No |
| Thread/message table CRUD | Owns (via Supabase SDK + RLS) | No | Reads/writes via services | Uses thread checks |
- Browser must call BFF for all inference (
/api/ai/*).
- Engine contract validation stays enabled (
INTERNAL_API_ENFORCE=true) in normal runtime.
- BFF payload/metadata allowlists are strict and should not be bypassed.
- MCP side-effect tools require approved execution context with scope IDs.
- New features must declare whether persistence happens in BFF canvas APIs or MCP tool handlers.
