# Frontend Boundary

- This repository hosts a React edge application for a single BFF.
- Frontend data access flows through `src/api/*` adapter modules.
- The UI does not access DAL or internal services directly.
- Route shell uses Ant Design layout/menu and keeps business views behind session checks.
- Unauthenticated users are redirected to the central auth host OIDC start endpoint.
- Session-expired responses are treated as an auth boundary concern and trigger revalidation before the UI prompts for login again.

## Runtime Base URLs

- `API_BASE_URL` for business BFF calls.
- `THALOS_AUTH_BASE_URL` for session login/refresh/logout/me.
- `THALOS_DEFAULT_RETURN_URL` for safe callback fallback.
- `THALOS_DEFAULT_TENANT_ID` for OIDC tenant context defaults.

## Protected Workflow Endpoints

- `GET /api/kitchen/ops/board?contextId=...`
- `POST /api/kitchen/ops/work-items/claim`
- `POST /api/kitchen/ops/work-items/release`
- `POST /api/kitchen/ops/work-items/transition`
- `POST /api/kitchen/ops/board/priority`

## UI Workflow Coverage

- Kitchen board lanes with work-item detail and station coverage
- Board event feed derived from the loaded lane state
- Claim, release, transition, and priority operator actions
- Latest operator result and recent action history
- Session-expired handling with reauthentication guidance
- Protected route shell for board, operator actions, and session inspection