@palettelab/cli 0.3.48 → 0.3.50

package/README.md

@@ -533,10 +533,35 @@ Environment variables:
 | `PALETTE_DEV_LOG_TAIL` | `200` | Initial hosted log events shown by `pltt dev --sandbox` / `--cloud` |
 | `APPSTORE_AUTO_APPROVE_SANDBOX_PREVIEWS` | `false` | Backend setting for hosted sandboxes; auto-approve passing preview publishes so developers can test full OS behavior without manual review |
 
-### `pltt secrets`
+### `.env` and secrets
 
-Palette secrets are declared in `palette-plugin.json` and resolved through
-`ctx.secret("NAME")`.
+For normal app development, put environment values in root `.env` files and run
+the usual CLI command. No separate input is required:
+
+```bash
+pltt dev
+pltt sandbox --env staging
+pltt preview --env staging
+pltt publish --env staging
+```
+
+The CLI automatically reads these files, with later files overriding earlier
+ones:
+
+```text
+.env
+.env.local
+.env.<env>
+.env.<env>.local
+```
+
+Server-only keys such as `OPENAI_API_KEY` or `STRIPE_SECRET` are uploaded during
+hosted preview/publish as encrypted plugin secrets and resolved through
+`ctx.secret("NAME")`. Public keys prefixed with `NEXT_PUBLIC_` are bundled into
+the frontend and are not uploaded as backend secrets.
+
+You can still declare secrets explicitly in `palette-plugin.json` when you need
+install-scoped values or labels/help text:
 
 ```json
 {
@@ -549,7 +574,7 @@ Palette secrets are declared in `palette-plugin.json` and resolved through
 }
 ```
 
-Commands:
+Optional management commands:
 
 ```bash
 pltt secrets init
@@ -559,10 +584,9 @@ pltt secrets list --env staging
 pltt publish --env staging --secrets-file plugin-secrets.env
 ```
 
-`dev` secrets live in `.palette/.env.local`, are loaded by `pltt dev`, and are
-never uploaded. `plugin` secrets are encrypted by the platform and attached to
-the plugin/environment. `install` secrets are filled by the installing org.
-Frontend bundles may only receive public values such as `NEXT_PUBLIC_*`.
+`.palette/.env.local` remains supported for older projects. `plugin` secrets
+are encrypted by the platform and attached to the plugin/environment.
+`install` secrets are filled by the installing org.
 
 Managed platform services do not require developer Redis/Qdrant keys. Declare
 them and use scoped SDK clients:
@@ -737,6 +761,30 @@ pltt logs --json
 
 If no plugin ID is provided, the CLI uses the current `palette-plugin.json` or `.palette/last-publish.json`.
 
+### `pltt services`
+
+Inspect and generate OS-broker service integrations declared through
+`provides` and `consumes` in `palette-plugin.json`.
+
+```bash
+pltt services list --env staging
+pltt services add hr/v1#approvalChain.get --reason "Route approvals through HR"
+pltt services add hr/v1#hierarchy.updated --event --optional
+pltt services pull --env staging
+pltt services scaffold approvalChain.get
+```
+
+Subcommands:
+
+- `list`: fetches `/api/v1/os-broker/catalog` from the selected environment and prints services/events available to the current org. Use `--json` for the raw catalog.
+- `add <namespace/version#name>`: appends a consumed service target to `consumes.services`. Use `--event` or `--type event` for `consumes.events`, `--optional` for non-required dependencies, and `--reason <text>` to record why the dependency is needed.
+- `pull`: reads `consumes.services` and `consumes.events`, fetches JSON Schemas from `/api/v1/os-broker/schemas`, and generates `.palette/types/services.ts` plus `.palette/python/services.py`.
+- `scaffold <method>`: adds a provider method to `provides.services`, creates `schemas/<method>.in.json` and `schemas/<method>.out.json`, and writes a Python handler stub under `broker/`.
+
+Generated TypeScript clients use the SDK's default `palette` client. Generated
+Python clients call `palette_sdk.services(ctx)`, so backend routes still pass
+through Palette's broker permission and install checks.
+
 ## Global Flags
 
 - `--json` emits machine-readable output for `package`, `publish`, `status`, `logs`, and `test`.

package/backend-sdk/palette_sdk/__init__.py

@@ -34,7 +34,14 @@ from palette_sdk.permissions import (
     is_known_permission,
     require_permission,
 )
+from palette_sdk import events as events_module  # also exposed as `palette_sdk.events`
 from palette_sdk.events import Event, EventPublisher, subscribe_event
+from palette_sdk.services import (
+    BrokerCallError,
+    ServicesClient,
+    service,
+    services,
+)
 from palette_sdk.config import get_config, require_config
 from palette_sdk.webhooks import sign_webhook, verify_webhook_signature
 from palette_sdk.testing import route_permission_issues
@@ -77,6 +84,11 @@ __all__ = [
     "Event",
     "EventPublisher",
     "subscribe_event",
+    "events_module",
+    "service",
+    "services",
+    "ServicesClient",
+    "BrokerCallError",
     "get_config",
     "require_config",
     "sign_webhook",

package/backend-sdk/palette_sdk/apps.py

@@ -64,3 +64,15 @@ class AppInteropClient:
             json_body=json,
             timeout=timeout,
         )
+
+    async def broker_call(self, target: str, payload: dict[str, Any] | None = None) -> Any:
+        """OS-broker RPC call. Used by the high-level `services(ctx).call(...)`."""
+        if self._adapter is None:
+            raise MissingAppServiceError("Palette OS broker is not available in this runtime")
+        return await self._adapter.broker_call(target, payload or {})
+
+    async def broker_emit(self, target: str, payload: dict[str, Any] | None = None) -> None:
+        """Emit an event through the OS broker."""
+        if self._adapter is None:
+            raise MissingAppServiceError("Palette OS broker is not available in this runtime")
+        await self._adapter.broker_emit(target, payload or {})

package/backend-sdk/palette_sdk/events.py

@@ -44,6 +44,13 @@ _pending: list[tuple[str, Handler]] = []
 
 
 def subscribe_event(topic: str, handler: Handler) -> None:
+    """Subscribe to a topic.
+
+    Accepts either a legacy bare topic (`"task.created"`) or a fully qualified
+    broker target (`"core/v1#task.created"` or `"org/v1#member.updated"`). Both
+    forms are routed to the same core bus; the broker decodes the qualified
+    form on dispatch.
+    """
     _pending.append((topic, handler))
 
 
@@ -54,8 +61,31 @@ def drain_pending() -> list[tuple[str, Handler]]:
     return out
 
 
+def on(topic: str) -> Callable[[Handler], Handler]:
+    """Decorator form of `subscribe_event`.
+
+    Usage::
+
+        @events.on("org/v1#member.updated")
+        async def refresh(event):
+            ...
+    """
+
+    def decorator(fn: Handler) -> Handler:
+        subscribe_event(topic, fn)
+        return fn
+
+    return decorator
+
+
 class EventPublisher:
-    """Publish app-owned events declared in palette-plugin.json provides.events."""
+    """Publish app-owned events declared in palette-plugin.json provides.events.
+
+    Accepts both legacy topics (`task.created`) and qualified broker targets
+    (`org/v1#member.updated`). The adapter (injected by the platform) routes
+    the call through the broker, which checks that the caller is the declared
+    provider and validates the payload against its schema.
+    """
 
     def __init__(self, adapter: Any = None):
         self._adapter = adapter
@@ -64,3 +94,7 @@ class EventPublisher:
         if self._adapter is None:
             raise RuntimeError("Palette event publisher is not available in this runtime")
         await self._adapter.publish(topic, payload or {})
+
+    # Alias: `events.emit(...)` reads more naturally for app-owned events.
+    async def emit(self, topic: str, payload: dict[str, Any] | None = None) -> None:
+        await self.publish(topic, payload)

package/backend-sdk/palette_sdk/manifest.py

@@ -4,9 +4,9 @@ from __future__ import annotations
 
 import json
 from pathlib import Path
-from typing import Literal
+from typing import Any, Literal
 
-from pydantic import BaseModel, ConfigDict, Field
+from pydantic import AliasChoices, BaseModel, ConfigDict, Field
 
 
 class AgentDefinition(BaseModel):
@@ -99,6 +99,22 @@ class AppServiceRouteSpec(BaseModel):
     description: str = ""
 
 
+class AppServiceMethodSpec(BaseModel):
+    model_config = ConfigDict(populate_by_name=True)
+
+    id: str = Field(validation_alias=AliasChoices("id", "name"))
+    scope: str | None = None
+    version: str | None = None
+    label: str | None = None
+    description: str = ""
+    input_schema: dict[str, Any] | str | None = None
+    input: dict[str, Any] | str | None = None
+    output_schema: dict[str, Any] | str | None = None
+    output: dict[str, Any] | str | None = None
+    route_method: Literal["GET", "POST", "PUT", "PATCH", "DELETE"] | None = None
+    route_path: str | None = None
+
+
 class ProvidedAppServiceSpec(BaseModel):
     id: str
     version: str | None = None
@@ -106,6 +122,22 @@ class ProvidedAppServiceSpec(BaseModel):
     description: str = ""
     permissions: list[str] = Field(default_factory=list)
     routes: list[AppServiceRouteSpec] = Field(default_factory=list)
+    methods: list[AppServiceMethodSpec] = Field(default_factory=list)
+
+
+class ProvidedEventSpec(BaseModel):
+    model_config = ConfigDict(populate_by_name=True)
+
+    id: str = Field(validation_alias=AliasChoices("id", "topic"))
+    version: str | None = None
+    label: str | None = None
+    description: str = ""
+    payload_schema: dict[str, Any] | str | None = None
+    schema_: dict[str, Any] | str | None = Field(
+        default=None,
+        validation_alias=AliasChoices("schema", "schema_"),
+        serialization_alias="schema",
+    )
 
 
 class AppDependencySpec(BaseModel):
@@ -123,9 +155,16 @@ class ServiceDependencySpec(BaseModel):
     provider: str | None = None
 
 
+class ConsumedBrokerTargetSpec(BaseModel):
+    target: str
+    required: bool = True
+    reason: str = ""
+
+
 class ProvidesSpec(BaseModel):
+    namespace: str | None = None
     services: list[ProvidedAppServiceSpec] = Field(default_factory=list)
-    events: list[str] = Field(default_factory=list)
+    events: list[str | ProvidedEventSpec] = Field(default_factory=list)
 
 
 class RequiresSpec(BaseModel):
@@ -134,6 +173,11 @@ class RequiresSpec(BaseModel):
     events: list[str] = Field(default_factory=list)
 
 
+class ConsumesSpec(BaseModel):
+    services: list[str | ConsumedBrokerTargetSpec] = Field(default_factory=list)
+    events: list[str | ConsumedBrokerTargetSpec] = Field(default_factory=list)
+
+
 class PlatformServiceSpec(BaseModel):
     required: bool = False
     billing: Literal["org_wallet", "plugin_owner", "platform"] | None = None
@@ -167,6 +211,7 @@ class PluginManifest(BaseModel):
     connections: list[ConnectionSpec] = Field(default_factory=list)
     provides: ProvidesSpec | None = None
     requires: RequiresSpec | None = None
+    consumes: ConsumesSpec | None = None
     platform_services: list[Literal["llm", "redis", "storage", "vector"]] | dict[str, PlatformServiceSpec] = Field(default_factory=list)
     rating: float = 0.0
     reviews: int = 0

package/backend-sdk/palette_sdk/services.py

@@ -0,0 +1,147 @@
+"""OS-broker service helpers - provider + consumer side.
+
+Provider example::
+
+    from palette_sdk import service, PluginContext
+
+    @service("members.list", scope="org/members.read")
+    async def list_members(ctx: PluginContext, payload: dict) -> dict:
+        return {"items": [...]}
+
+Consumer example::
+
+    from palette_sdk import services
+
+    members = await services(ctx).call("org/v1#members.list", {"team_id": 7})
+
+The decorator captures handlers at import time; the platform's plugin loader
+binds them into the broker registry when the plugin is mounted, prefixing the
+method names with the plugin's declared namespace/version.
+
+The consumer accessor goes through `ctx.apps.broker_call()`, which the
+platform injects with the same signed-internal-call transport used elsewhere.
+"""
+
+from __future__ import annotations
+
+from collections.abc import Awaitable, Callable
+from dataclasses import dataclass
+from typing import Any
+
+ServiceHandler = Callable[[Any, dict[str, Any]], Awaitable[Any]]
+
+
+@dataclass(frozen=True)
+class ServiceDecl:
+    name: str
+    handler: ServiceHandler
+    scope: str | None = None
+    label: str | None = None
+    description: str | None = None
+    input_schema: dict | None = None
+    output_schema: dict | None = None
+
+
+_pending: list[ServiceDecl] = []
+
+
+def service(
+    name: str,
+    *,
+    scope: str | None = None,
+    label: str | None = None,
+    description: str | None = None,
+    input_schema: dict | None = None,
+    output_schema: dict | None = None,
+) -> Callable[[ServiceHandler], ServiceHandler]:
+    """Mark an async function as a broker-callable service method."""
+
+    def decorator(fn: ServiceHandler) -> ServiceHandler:
+        _pending.append(
+            ServiceDecl(
+                name=name,
+                handler=fn,
+                scope=scope,
+                label=label,
+                description=description,
+                input_schema=input_schema,
+                output_schema=output_schema,
+            )
+        )
+        return fn
+
+    return decorator
+
+
+def drain_pending_services() -> list[ServiceDecl]:
+    """Platform-only. Drain and return services registered since last drain."""
+    out = list(_pending)
+    _pending.clear()
+    return out
+
+
+class BrokerCallError(RuntimeError):
+    """Raised when the broker rejects or fails a service call."""
+
+
+class ServicesClient:
+    """Returned by `services(ctx)`. Use `.call(target, payload)` or sugar `.proxy(...)`."""
+
+    def __init__(self, adapter: Any | None):
+        self._adapter = adapter
+
+    async def call(self, target: str, payload: dict[str, Any] | None = None) -> Any:
+        if self._adapter is None:
+            raise BrokerCallError(
+                "Palette OS broker is not available in this runtime. "
+                "This call must run inside a plugin request handler."
+            )
+        return await self._adapter.broker_call(target, payload or {})
+
+    async def emit(self, target: str, payload: dict[str, Any] | None = None) -> None:
+        if self._adapter is None:
+            raise BrokerCallError("Palette OS broker is not available in this runtime.")
+        await self._adapter.broker_emit(target, payload or {})
+
+    def proxy(self, namespace_version: str) -> "_Proxy":
+        return _Proxy(self, namespace_version)
+
+
+class _Proxy:
+    """Dotted-attribute syntax to broker target string."""
+
+    def __init__(self, client: ServicesClient, namespace_version: str, segments: tuple[str, ...] = ()):
+        if "/" not in namespace_version:
+            raise ValueError("namespace_version must look like 'org/v1'")
+        self._client = client
+        self._ns = namespace_version
+        self._segments = segments
+
+    def __getattr__(self, item: str) -> "_Proxy":
+        return _Proxy(self._client, self._ns, self._segments + (item,))
+
+    async def __call__(self, payload: dict[str, Any] | None = None) -> Any:
+        if not self._segments:
+            raise BrokerCallError("missing method name on proxy call")
+        method = ".".join(self._segments)
+        return await self._client.call(f"{self._ns}#{method}", payload)
+
+
+def services(ctx_or_adapter: Any) -> ServicesClient:
+    """Resolve a `ServicesClient` from either a `PluginContext` or an adapter."""
+    if ctx_or_adapter is None:
+        return ServicesClient(None)
+    apps = getattr(ctx_or_adapter, "apps", None)
+    if apps is not None and hasattr(apps, "broker_call"):
+        return ServicesClient(apps)
+    return ServicesClient(ctx_or_adapter)
+
+
+__all__ = [
+    "BrokerCallError",
+    "ServiceDecl",
+    "ServicesClient",
+    "drain_pending_services",
+    "service",
+    "services",
+]

package/docs/python-backend-sdk.md

@@ -114,7 +114,7 @@ Available context values:
 | `ctx.data_rooms` | Backend Data Room client |
 | `ctx.connections` | Palette-managed third-party connection client |
 | `ctx.members` | Current organisation member client |
-| `ctx.apps` | Governed app-to-app calls through declared `requires` contracts |
+| `ctx.apps` / `services(ctx)` | Governed app-to-app calls through declared `consumes` contracts |
 | `ctx.events` | Publish event topics declared in `provides.events` |
 | `ctx.redis` | Plugin/org-scoped Redis-style service when `platform_services` includes `redis` |
 | `ctx.vector` | Plugin/org-scoped vector service when `platform_services` includes `vector` |
@@ -141,13 +141,15 @@ These are the public Python helpers exported by `palette_sdk`.
 | `KNOWN_PERMISSIONS`, `is_known_permission(...)` | Permission vocabulary checks for manifests/tools |
 | `DataRoomsClient`, `ctx.data_rooms` | Backend Data Room room/folder/file helpers |
 | `OrganizationMembersClient`, `ctx.members` | Current-organization member lookup, invite, and role helpers |
-| `AppInteropClient`, `ctx.apps` | Call required apps/services without direct database access |
+| `PluginConnectionsClient`, `ConnectionStatus`, `MissingConnectionError`, `ctx.connections` | Third-party connection status and token helpers |
+| `AppInteropClient`, `AppServiceClient`, `MissingAppServiceError`, `ctx.apps` | Call required apps/services without direct database access |
+| `service(...)`, `services(ctx)`, `ServicesClient`, `BrokerCallError` | Provide and consume OS-broker service methods/events |
 | `OrgRepository`, `ctx.repo(Model)` | Org-safe convenience CRUD for app-owned models |
 | `PluginBase`, `OrgScopedTable` | SQLAlchemy declarative bases for plugin-owned tables |
 | `ensure_org_rls(op, table)` | Alembic helper that enables org row-level security |
 | `plugin_safe_id(...)`, `plugin_schema(...)`, `plugin_table_prefix(...)` | Manifest id to database-safe naming helpers |
 | `get_config(ctx, key)`, `require_config(ctx, key)` | Functional form of config reads when not using `ctx.config_value(...)` |
-| `LocalRedisService`, `LocalVectorService` | Local `pltt dev` service emulators and test fakes |
+| `LocalRedisService`, `LocalVectorService`, `LocalStorageService` | Local `pltt dev` service emulators and test fakes |
 | `PlatformServiceUnavailable`, `UnavailablePlatformService` | Clear errors when an undeclared platform service is used |
 | `LifecycleHooks` | Install/update/enable/disable/uninstall callbacks |
 | `Event`, `EventPublisher`, `subscribe_event(...)` | In-process event subscriptions and declared app event publishing |
@@ -631,9 +633,10 @@ Declare secret ownership in `palette-plugin.json`:
 ```
 
 `ctx.secret("KEY")` resolves declared secrets from the configured scope:
-install config, plugin-scope encrypted secrets, or local `.palette/.env.local`
-during `pltt dev`. Undeclared keys still fall back to the process environment
-for local compatibility.
+install config, plugin-scope encrypted secrets, or local root `.env` files
+during `pltt dev`. During hosted preview/publish, server-only `.env` keys are
+uploaded automatically as encrypted plugin secrets. Undeclared keys still fall
+back to the process environment for local compatibility.
 
 Managed Redis, vector, and storage services are declared in the manifest:
 
@@ -689,57 +692,84 @@ token = await ctx.connections.access_token("google_calendar")
 
 ## 11. App-To-App Services
 
-Apps can expose governed services and depend on services from other installed
-apps. Declare provider capabilities with `provides`:
+Apps can expose governed broker services and events, then consume them from
+other installed apps without knowing another app's URL.
+
+Provider apps declare a namespace and callable methods with `provides`:
 
 ```json
 {
   "provides": {
+    "namespace": "hr",
     "services": [
       {
-        "id": "org.hierarchy",
-        "version": "1.0.0",
-        "routes": [
-          { "method": "GET", "path": "/hierarchy/approval-chain/{user_id}" }
+        "id": "hr.directory",
+        "methods": [
+          { "name": "approvalChain.get", "input_schema": "schemas/approval-chain.input.json" }
         ]
       }
     ],
-    "events": ["hierarchy.updated"]
+    "events": [{ "topic": "hierarchy.updated" }]
   }
 }
 ```
 
-Consumers declare dependencies with `requires`:
+Expose the handler with `@service`:
+
+```python
+from palette_sdk import PluginContext, service
+
+@service("approvalChain.get")
+async def approval_chain(ctx: PluginContext, payload: dict) -> dict:
+    return {"approvers": [{"user_id": ctx.user_id, "step": 1}]}
+```
+
+Consumers declare qualified targets with `consumes`:
 
 ```json
 {
-  "requires": {
+  "consumes": {
     "services": [
-      { "id": "org.hierarchy", "version": "^1.0.0", "reason": "Approval routing" }
+      {
+        "target": "hr/v1#approvalChain.get",
+        "required": true,
+        "reason": "Route leave approvals through the HR hierarchy"
+      }
+    ],
+    "events": [
+      { "target": "hr/v1#hierarchy.updated", "required": false }
     ]
   }
 }
 ```
 
-Then call through `ctx.apps`; never read another app's database directly. If
-the same app emits `leave.requested`, declare that topic under its own
-`provides.events` first:
+The CLI can update the manifest and generate typed clients for those targets:
 
-```python
-chain = await ctx.apps.service("org.hierarchy").get(f"/hierarchy/approval-chain/{ctx.user_id}")
-await ctx.events.publish("leave.requested", {"next_approver_id": chain["next_approver_id"]})
+```bash
+pltt services add hr/v1#approvalChain.get --reason "Route leave approvals through HR"
+pltt services add hr/v1#hierarchy.updated --event --optional
+pltt services pull --env staging
 ```
 
-Local mocks live in `.palette/app-services.local.json`:
+`pltt services pull` writes `.palette/types/services.ts` for frontend code and
+`.palette/python/services.py` for backend code from the schemas returned by the
+selected Palette environment.
 
-```json
-{
-  "org.hierarchy GET /hierarchy/approval-chain/dev-user": {
-    "next_approver_id": "manager-1"
-  }
-}
+Then call through the OS broker; never read another app's database directly.
+If the same app emits `leave.requested`, declare that topic under its own
+`provides.events` first and emit with `ctx.events.emit`:
+
+```python
+from palette_sdk import services
+
+chain = await services(ctx).call("hr/v1#approvalChain.get", {"user_id": ctx.user_id})
+await ctx.events.emit("leave/v1#leave.requested", {"approval_chain": chain})
 ```
 
+At install time, Palette checks required `consumes` targets and can show the
+provider apps that must also be installed. The org-level grant is saved on the
+install and the broker checks it on every call, emit, or event stream.
+
 App storage is separate from Data Rooms. Use `ctx.storage` and `palette.storage` for app-owned files that go directly to the OS-configured storage backend, currently GCS in hosted environments. Use `ctx.data_rooms` or `palette.dataRooms` only when the file should be visible and governed as a Data Room document.
 
 Palette scopes storage the same way. Files written through `ctx.storage` or the
@@ -886,7 +916,7 @@ point = ctx.vector.scoped_point(
 await client.upsert(collection_name=collection, points=[point])
 ```
 
-## 10. Lifecycle Hooks
+## 12. Lifecycle Hooks
 
 Lifecycle hooks let an app seed defaults or clean up app-owned data when the
 platform installs, updates, enables, disables, or uninstalls the app.
@@ -908,7 +938,7 @@ async def on_enable(ctx: PluginContext):
     ctx.logger.info("finance tools enabled for org %s", ctx.organization_id)
 ```
 
-## 11. Calling Backend APIs From Frontend
+## 13. Calling Backend APIs From Frontend
 
 Frontend code should call backend routes through the platform API helper, not by
 hardcoding backend origins.
@@ -925,7 +955,7 @@ async function loadInvoices() {
 During `pltt dev`, the simulator routes this to the local backend. In hosted
 sandbox or OS runtime, it goes through the real platform shell and auth context.
 
-## 12. Local Development
+## 14. Local Development
 
 Create and run an app:
 
@@ -947,7 +977,7 @@ The CLI checks manifest shape, SDK compatibility, frontend bundling, backend
 imports, backend route permission gates, declared permissions, migration safety,
 package dependency policy, and backend package size.
 
-## 13. Test In Real Palette OS Without Docker
+## 15. Test In Real Palette OS Without Docker
 
 Configure the hosted sandbox once:
 
@@ -977,7 +1007,7 @@ APPSTORE_AUTO_APPROVE_SANDBOX_PREVIEWS=true
 
 That lets passing preview publishes become active without manual approval.
 
-## 14. Common Mistakes
+## 16. Common Mistakes
 
 - Do not import `@palettelab/sdk` from Python. That package is for frontend
   JavaScript/React code only.
@@ -992,7 +1022,7 @@ That lets passing preview publishes become active without manual approval.
 - Use hosted sandbox when you need real Data Rooms, login, organization,
   install, logs, and OS behavior without Docker.
 
-## 15. Complete Minimal Example
+## 17. Complete Minimal Example
 
 `backend/api/main.py`: