AZ Azerbaijan / AZN
MUPZA OperatorOwner accountMU
M
MUPZAOSRestaurant OS command
Backend Runtime Boundary

Cloud backend without breaking LAN-first POS

MUPZAOS cloud APIs are defined around tenant, sync, auth, communication and metrics boundaries while POS Local Hub remains authoritative for offline cashier, waiter, kitchen and printer workflows.

Runtime mapEndpoints: 8Cloud endpoints: 7LAN endpoints: 1Audited endpoints: 6
Cloud optional for LANtrue
Local Hub offline authoritytrue
Printer bridge LAN-firsttrue
Waiter pre-check LAN-firsttrue
Manager approval requiredtrue
Approval audit requiredtrue
External mutation disabledtrue
Secrets out of Gittrue

Endpoint boundary

healthGET
/api/healthZone: cloud backendOffline/LAN impact: none

AWS/Nginx health check for staging runtime

tenant_contextGET
/api/tenant/contextZone: cloud backendOffline/LAN impact: none

Resolve restaurant tenant, domain, plan and feature flags

order_ingestPOST
/api/orders/ingestZone: cloud backendOffline/LAN impact: queues_locally

Accept QR/website/POS/waiter order events after local validation

approval_audit_syncPOST
/api/pos/approval-audit/syncZone: cloud backendOffline/LAN impact: queues_locally

Sync approved, blocked and queued risk cashier action audit events

communication_outboxPOST
/api/communications/outboxZone: cloud backendOffline/LAN impact: queues_locally

Create audited outbox records for OTP, WhatsApp, Telegram, email and in-app notifications

firebase_verifyPOST
/api/auth/firebase/verifyZone: cloud backendOffline/LAN impact: none

Verify Firebase ID token server-side without exposing service-account material

pos_lan_commandPOST
lan://local-hub/commandsZone: pos local hubOffline/LAN impact: lan_required

Route waiter, kitchen and printer bridge LAN commands

metrics_eventPOST
/api/metrics/eventsZone: cloud backendOffline/LAN impact: queues_locally

Receive privacy-safe aggregate product metrics after consent policy

Runtime dependencies

PostgreSQL or managed relational databaseStaging
Zone: cloud backend

Cloud database is for synced tenant/order/audit data; POS Local Hub keeps offline authority.

DATABASE_URL
Firebase AdminLater
Zone: cloud backend

Service account material stays in AWS/GitHub secrets or server-only files outside Git.

FIREBASE_SERVICE_ACCOUNT_BASE64FIREBASE_SERVICE_ACCOUNT_JSONFIREBASE_SERVICE_ACCOUNT_PATH
Queue backendLater
Zone: cloud backend

Optional for provider sends and sync processing; local POS queue works without it.

QUEUE_URLREDIS_URL
POS Local HubStaging
Zone: pos local hub

LAN/offline order, printer and approval workflows remain independent from cloud backend.

no external env required
Communication and metrics providersLater
Zone: external provider

Provider values are configured later and real external sends stay disabled in QA.

WHATSAPP_ACCESS_TOKENTELEGRAM_BOT_TOKENSMTP_PASSNEXT_PUBLIC_GTM_ID