Express wired up: /api prefix, /config endpoint, bundled static frontend
Commit `acbb6cc7` ties the fork's backend together. Every router gets mounted under `/api/*`, two roots (`/install` and `/config`) stay at the top level, and a static frontend block lets a Next.js static export be served from the same process. A second commit (`6697186c`) adds the full `.env.example` and supporting chore files.
The /api prefix is a breaking change relative to upstream - all client URLs need updating. The rationale is that the same Express process now serves the static frontend bundle from public/ when PUBLIC_DIR exists at startup, so API routes have to live under a distinct prefix to avoid colliding with frontend paths. When PUBLIC_DIR is absent, the static handler is skipped and the frontend dev server at :3000 talks to the backend over CORS as before.
The static-serving block handles Next.js output: "export" quirks. findShell() resolves dynamic-segment routes like /projects/<id> back to the _-placeholder HTML file that Next emits for parameterized routes. It tries the literal path first, then substitutes the last segment with _, then the second-to-last, and so on. RSC .txt requests for unmapped routes return 404 so Next falls back to a hard navigation rather than getting stuck.
GET /config returns { authProvider, entra: { tenantId, clientId } } from server env variables, unauthenticated. The intent is one Docker image that ships to any tenant - the frontend calls this before rendering the login screen so it knows which auth flow to offer.
trust proxy is set to true because Container Apps terminates TLS at the ingress layer and forwards plain HTTP to the container. Without this, req.protocol reports http even when the browser is on https://, which breaks OAuth redirect URI construction.
The .env.example in 6697186c documents the full env surface across all providers.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?