Node 22+, pnpm, Docker. The data plane (postgres, redis, opensearch, neo4j) runs in compose; the API and worker run on the host via `pnpm dev`. Full setup in DEPLOY.md.
After `pnpm --filter @rinjani/db push`, run `pnpm --filter @rinjani/worker sync:feeds`. The first sync backfills; subsequent syncs are delta-only.
Separate repo (cti-platform-dashboard). Runs on port 3000 by default, points at the API on 3001.
Two paths: /admin/feeds in the dashboard, or the Schedulers tab in Workbench at /admin/workbench. Both write through the same reconcileScheduledJob backend.
Open Workbench → Jobs → filter by failed. Each job has a Retry button. If the same job keeps failing, check the logs via `docker compose logs v3-worker` (apps profile) or the host `pnpm dev` output.
Set its scheduler to disabled in Workbench → Schedulers. Historical data stays in Postgres + Neo4j; future syncs simply won't fire.
Yes. Drop the keys in `.env` (OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY) and the platform picks them up. Ollama works for self-hosted models — see the AI Analysis section of DEPLOY.md.
By STIX ID first, then by IOC value when IDs are absent. Duplicates merge rather than replicate; relationships are preserved.
STIX is structured + relationship-aware; MISP is event-centric. Both are first-class, and you can mix them — an actor created via STIX import can be enriched by a MISP event later.
Issue keys via `/admin/rbac` (UI) or directly in the API_KEYS env var (`key:role` pairs). Keys are sent as `X-API-Key` headers or `?api_key=` query params. Role determines RBAC scope.
Yes — Keycloak is the supported provider, configured via the platform compose profile. OIDC tokens are accepted on `/admin/*` endpoints. SCIM provisioning is available on the Enterprise tier.
The dashboard authenticates via OAuth (Google/GitHub) or API key — there's no password to forget. If your OAuth account is the issue, contact your admin or rinjanianalytics@gmail.com.
