Documentation Index
Fetch the complete documentation index at: https://docs.emergence.ai/llms.txt
Use this file to discover all available pages before exploring further.
Platform Overview
The platform layer gives your solutions shared infrastructure for identity, authorization, resource management, and a unified UI shell. It includes three core services (Governance, Assets, Utilities), a shared common library, and auto-generated SDKs.The platform is the foundation that every solution depends on. Solutions never implement their own authentication, authorization, or resource management — they delegate to the platform via SDKs.
Authentication Flow
Authentication uses Keycloak with a multi-realm architecture where each organization is a separate realm:User Authentication
The user authenticates via OIDC/PKCE flow against their organization’s Keycloak realm. The browser receives a JWT token.
Token Forwarding
All API requests include the JWT in the
Authorization header. The X-Project-ID header specifies the active project context.Governance Validation
The Governance service validates the JWT, extracts
org_id from the realm, and checks OpenFGA for the requested permission.Authorization Model
Authorization uses OpenFGA for Relationship-Based Access Control (ReBAC):| Concept | Description |
|---|---|
| Roles | owner, admin, member, developer, operator, viewer |
| Computed permissions | can_read, can_write, can_delete, can_execute, can_manage_secrets |
| Inheritance | Projects inherit from organizations; resources inherit from projects |
| Schema | Defined in openfga-schema.fga (DSL) and openfga-schema.json (runtime) |
Next Steps
Organizations
Learn how organizations provide multi-tenant isolation.
Agent Registry
Explore the unified registry for A2A agents, MCP servers, and skills.
Authentication
Deep dive into Keycloak multi-realm authentication.
Authorization
Understand OpenFGA and the ReBAC permission model.
Build a solution
Build a new solution on top of these services — start with the 30-minute quickstart.