Org-wide config + agent for auto-discovery

[radiosilence]

Rethink: Org-wide config, not per-project

Instead of each project having its own drawbridge.yml, there should be one config per org that maps the entire service topology. When you want to dev on a specific project, you run that locally and drawbridge handles connecting it to everything else (containerised or proxied).

This is like Tilt but with more proxying — drawbridge becomes the org-wide local dev orchestrator.

Architecture

Org-level config (~/.drawbridge/orgs/surgeventures.yml or a shared repo)

org: surgeventures
domain: dev.local

# All services in the org, auto-discovered from GitHub
services:
  app-b2c-api-gateway:
    repo: surgeventures/app-b2c-api-gateway
    image: ghcr.io/surgeventures/app-b2c-api-gateway:latest
    hostname: api.b2c.dev.local
    ports: [{host: 443, container: 3000}]
    depends_on: [redis, b2c-users, platform]
    
  app-b2c-users:
    repo: surgeventures/app-b2c-users
    image: ghcr.io/surgeventures/app-b2c-users:latest
    hostname: b2c-users.dev.local
    ports: [{host: 50051, container: 50051}]
    depends_on: [postgres, redis]
    
  # ... all other services auto-discovered

Discovery agent

A Claude Code agent (or CLI command) that:

1. Uses gh to list all repos in the org
2. Introspects each repo: reads Dockerfile, docker-compose.yml, env schemas, K8s manifests, Helm charts
3. Discovers service dependencies from env vars (DATABASE_URL → postgres, REDIS_URL → redis, *_GRPC_URL → other services)
4. Builds a dependency graph of the entire org
5. Generates the unified config

Dev workflow

# "I'm working on b2c-api-gateway locally, proxy everything else"
drawbridge up --local app-b2c-api-gateway

# This means:
# - b2c-api-gateway runs from YOUR local source (npm run dev)
# - redis, b2c-users, platform etc boot as containers via drawbridge
# - All gRPC/HTTP URLs auto-configured via DNS
# - Unused services sleep after idle timeout

--local flag

When you mark a service as --local, drawbridge:

• Skips booting its container
• Still registers its hostname in DNS (pointing to localhost)
• Generates the right env vars for all other services to reach it
• Shows it as "local" in the TUI

Scope

• Org-level config format (YAML schema)
• drawbridge discover command — introspects org repos via gh, generates config
• drawbridge up --local <service> — run everything except the local service
• Auto-generated .env.drawbridge per project based on org config
• TUI shows full org topology, highlights which service is local

Learning from gateway PR (#8087)

• Always pass --config explicitly in generated Taskfile tasks
• Add lockfile hint comment in generated configs
• Deps (OTP/Elixir) should be auto-added to project mise.toml

Dependencies

• CLAUDE.md + LLM-actionable setup docs #17 CLAUDE.md + docs (merged)
• Drawbridge MCP server (AI agent API — expose proxy state and wire protocol data #6, merged) for agent integration

[radiosilence]

Learning from gateway PR review (#8087): The init skill should always pass --config explicitly in generated Taskfile tasks (down, status, not just up). Also add a comment in generated drawbridge.yml about using drawbridge lock to pin :latest tags.