# Frontend Boundary

- This repository hosts a React edge application for a single BFF.
- Frontend data access flows through `src/api/*` adapter modules.
- The UI does not access DAL or internal services directly.
- Route shell uses Ant Design layout/menu and keeps business views behind session checks.
- Unauthenticated users are redirected to the central auth host OIDC start endpoint.

## Runtime Base URLs

- `API_BASE_URL` for business BFF calls.
- `THALOS_AUTH_BASE_URL` for session login/refresh/logout/me.
- `THALOS_DEFAULT_RETURN_URL` for safe callback fallback.
- `THALOS_DEFAULT_TENANT_ID` for OIDC tenant context defaults.

## Protected Workflow Endpoints

- `GET /api/restaurant/admin/config?contextId=...`
- `GET /api/restaurant/admin/changes?contextId=...`
- `POST /api/restaurant/admin/service-window`

## UI Workflow Coverage

- Restaurant config snapshot lookup with version, feature flags, and service windows
- Recent configuration change inspection
- Service-window management with latest applied snapshot and local action history
- Protected route shell for config, service-window, and session inspection