docs(portal-openbaar): record openbaar decisions + walking-skeleton public-visibility demo (refs #10)
All checks were successful
CI / lint (pull_request) Successful in 1m14s
CI / build (pull_request) Successful in 54s
CI / frontend (pull_request) Successful in 1m55s
CI / mutation (pull_request) Successful in 4m1s
CI / unit (pull_request) Successful in 1m4s
CI / verify-stack (pull_request) Successful in 6m57s

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-13 16:16:30 +02:00
parent 7ec9d514ec
commit b00d8bd60e
2 changed files with 43 additions and 0 deletions

View File

@@ -103,3 +103,17 @@ with the submit form (S-08c, #67); any deviation from NL DS will be recorded her
touching the app or its production config.
- `tests/e2e` is a standalone Playwright project (its own `package.json`), not an Nx project — it's a
live-stack check like the other `verify-*` runners, not part of the `frontend` unit lane.
## Openbaar Register portal (S-09, #10)
- **Anonymous, no auth.** The openbaar register is a public read, so `apps/openbaar` has no
`angular-auth-oidc-client`, no interceptor, and no `config.json` — `main.ts` bootstraps `appConfig`
directly with just `provideHttpClient` + `provideRouter`. This is the deliberate contrast to
self-service and keeps the app trivially cacheable/CDN-able.
- **Same-origin via nginx, like self-service.** The compose `openbaar` image serves the built app and
reverse-proxies `/openbaar` to the BFF; the api-client's relative calls stay same-origin (no CORS).
Served on `:8141`, health-checked over IPv4 (`127.0.0.1`), no Keycloak dependency.
- **Public-safe by construction.** The portal only ever sees the BFF's `OpenbaarProjection.PublicView`
(id + status); `bsn`/`naam` never leave the BFF. The e2e asserts the bsn never renders.
- **Loads on open, filters on search.** `RegisterPage` fetches the full register on construction and
re-queries `/openbaar/register?q=` on search — no client-side filtering, the BFF owns the query.