What you will find here
| Need | Where to look |
|---|---|
| System shape | Architecture overview, System design |
| Roles vs UI vs APIs | Roles and product surfaces |
| Backend layout | Backend overview, FastAPI services |
| Frontend layout | Frontend overview |
| Refactor guardrails | Repository structure guide, Backend architecture guide, Frontend architecture guide, Testing taxonomy |
| Admin parameters | Organization admin manual, Simulation settings catalog |
| API contracts | API reference tab (uses redacted OpenAPI; see below) |
What is intentionally not in public docs
- Concrete port numbers and default bind addresses for databases, vectors, or app servers.
- Step-by-step production hardening or secret-handling playbooks (keep those in private repos, wikis, or compliance systems).
- Environment variable names that map directly to secrets in your deployment (high-level categories appear on Environment variables; exact names and values belong with your stack).
API reference and OpenAPI
Mintlify’s API reference tab loadsdocs/api-reference/openapi.public.json — a redacted export (sensitive wording stripped, examples removed, placeholder server URL). The repository also keeps docs/api-reference/openapi.json as the full schema for engineers who need unredacted descriptions in-tree.
Redaction logic lives in scripts/dev/openapi_public_redact.py; extend the substring list there if new descriptions leak operational detail.
Regenerate both OpenAPI files
From the repository root, after route or schema changes:openapi.json (full) and openapi.public.json (public). Options:
--full-only— write only the full file.--public-only— rebuild the public file from an existingopenapi.json(no FastAPI import).
Previewing this documentation site locally
Contributors editing Mintlify content:npm run validate in docs/ before opening a PR.
Security-conscious integration
- Treat the OpenAPI document as the contract, not a guarantee of your tenant’s exposed surface—your host may disable routes or add gateways.
- Never embed long-lived secrets in client-side code; use your identity provider and server-side configuration patterns your security team approves.
- Report suspected vulnerabilities through the channel your vendor or open-source project publishes—not via public documentation edits.
Related
- Introduction — Full navigation map
- For organizations — Tenant admin–focused entry (no infra detail)
- Deployment — High-level rollout themes only