Service Architecture
Each service has one job. Shared filesystem for zero-latency file access. Deployed with Ansible + systemd.
Service topology
Services & ports
Iter owns ports 10090-10099. Third-party services use their own defaults.
| Port | Service | Description |
|---|---|---|
| User-facing | ||
| 10090 | Dashboard | React web UI. Project management, orchestration monitoring, file browsing, LLM chat, voice chat, and image generation. |
| Core | ||
| 10091 | Agent Server | API gateway and source of truth for project state. Prompt generation, review logic, LLM host management, model routing, and orchestration proxy. |
| 10092 | Executor | Stateless command and file execution sandbox. Process isolation for safety. |
| 10093 | Operator | Multi-phase orchestration pipeline. Connects directly to LLM hosts for streaming. Auto-start loop, run registry, and watchdog. |
| 10095 | MCP Tools | MCP tool server. File search, code search, git operations, web lookup, vision, and screenshot tools. |
| Optional | ||
| 10096 | Auth Server | JWT authentication, multi-tenant organizations, teams, role-based access control, and audit logging. |
| 10097 | Voice Server | Streaming STT (faster-whisper + Silero VAD) and TTS (Piper, Kokoro, Qwen3-TTS). Voice chat with waveform and NLP. |
| 10098 | Vision Server | PaddleOCR text extraction, vision-language model analysis (qwen2.5vl), Playwright screenshots, and structured data extraction. |
| 10099 | Docs | MkDocs documentation site. Architecture guides, service reference, and API docs. |
| Third-party | ||
| 10094 | PostgreSQL | Shared relational database. Project state, events, and service data in one place — no cross-service file sync. |
| 9000 | MinIO | S3-compatible object storage. Assets, screenshots, pipeline artifacts, and project backups in purpose-built buckets. |
| 3000 | Gitea | Self-hosted git server. Auto-provisioned repos, branch-per-request push, and token-based authentication. |
| 7860 | Forge | Stable Diffusion WebUI (A1111/Forge). Local GPU image generation with full parameter control. |
| 8000 | ChromaDB | Vector store for RAG. Semantic search across project files, memory, and error patterns. |
| 11434 | Ollama | LLM inference server. Hosts run on one or more GPU machines with automatic fallback chains. |
Communication patterns
Dashboard → Agent Server
Standard HTTP REST. The dashboard never talks to executor or operator directly.
Agent Server → Operator
Transparent proxy for orchestration. SSE streams are passthrough-proxied.
Operator → Executor
HTTP REST for command and file execution. Stateless - no session state.
Operator → LLM Hosts
Direct HTTP to Ollama hosts. Streaming responses with structured output.
Shared Filesystem
All backend services share the same filesystem paths. Operator reads files directly - no HTTP round-trip.
Operator → Agent Server
Callback for state CRUD: read project state, update request status, save to disk.
Dashboard → Auth Server
JWT login, token refresh, and user profile. Agent Server validates tokens via shared secret.
Deployment
Native systemd services, deployed with Ansible — no containers, no orchestrator.
Ansible + systemd
11 Ansible roles deploy native systemd services with process isolation. Multi-host GPU fleet support, per-host feature flags, automated admin bootstrap, and quick rsync deploys.
- ✓ ProtectSystem, PrivateTmp, NoNewPrivileges
- ✓ Per-service ReadWritePaths sandboxing
- ✓ Spread services across machines by host group
$ make deploy-staging
Deploy on your own infrastructure
Ansible-driven, systemd-native, multi-host ready.