Resumate is the Structured Career Data Engine and the Reference Implementation for Identity Bridge's "Clean Room" architecture.
It proves that you can build highly personal apps (Resume Optimization) without storing toxic PII.
Documentation
- Strategic Doctrine:
../../Chroma/src/docs/Projects/Resumate/definition.md - Architecture:
docs/ARCHITECTURE.md - API Reference:
docs/API.md - Runbook:
docs/RUNBOOK.md
Note: apps/client/docs/* contains legacy docs from the pre-thin-client implementation and should not be treated as canonical for the current runtime.
Architecture
apps/server: Express API for resume analysis/refinement + identity-runtime + notification-plane integration.apps/client: dumb UI client that only calls backend endpoints.- No image-generation runtime is used.
Runtime Access Modes
standalone_local: keep Resumate isolated and point runtime env at manually managed local servicestitan_bridge: the canonical local integration path; sourceeval "$(titan bridge profile resumate)"deployed_remote: use deployment-managed runtime URLs; localhost runtime URLs are not valid there
Run
pnpm install
pnpm dev- Client:
http://localhost:3002 - Server:
http://localhost:3001 - Identity Runtime is server-mediated: the browser talks to
apps/server, and the server proxies identity-runtime requests.
If Titan is hosting the runtimes, source the bridge profile first:
eval "$(titan bridge profile resumate)"To verify the bridge-aware local flow end to end, run bash scripts/titan_smoke.sh.
The client defaults to same-origin /api calls. In local dev, Vite proxies /api to the server.
Environment
- Copy server env:
cp apps/server/.env.example apps/server/.env- Optionally copy client env:
cp apps/client/.env.example apps/client/.envIdentity Runtime Integration
Resumate server integrates with identity-runtime via:
POST /api/identity/session/init->/v1/identity/session/initGET /api/identity/session/me->/v1/identity/session/me
For protected route enforcement against identity-runtime session existence:
- Set
IDENTITY_RUNTIME_ENFORCE=true - Send
X-Session-Idfrom client (already handled inapps/client/src/services/api.ts)
Notification Plane
Resumate exposes notification intent proxying:
POST /api/notify/intent->/v1/notify/intentPOST /api/notify/invite->/v1/notify/invite
If identity-runtime uses internal plane secret protection, configure:
IDENTITY_INTERNAL_SECRET=<same as identity-runtime INTERNAL_PLANE_SECRET>
Commands
pnpm dev: run client + server in parallelpnpm build: build all packagespnpm test: run server API tests
API Endpoints
GET /healthPOST /api/identity/session/initGET /api/identity/session/mePOST /api/identity/access/requestPOST /api/identity/access/redeemPOST /api/notify/intentPOST /api/notify/invitePOST /api/jobs/parse-urlPOST /api/jobs/extractPOST /api/resumes/analyzePOST /api/resumes/refine-section
Titan Bridge
The browser never talks to runtimes directly. It talks to apps/server, which owns the runtime URLs and proxies to identity-runtime, text-runtime, and browser-runtime as needed.
The backend reads IDENTITY_RUNTIME_URL, TEXT_RUNTIME_URL, BROWSER_RUNTIME_URL, and DATABASE_URL from its environment, so the Titan bridge profile and repo-local .env.local keep the server-side runtime wiring aligned.