Initialization and Boot Process

Source of truth:

• d3chat/backend/app/main.py
• d3chat/backend/app/federation/identity.py
• d3chat/backend/alembic/versions/004_seed_settings.py

Startup Sequence

When backend starts, lifespan() runs this sequence:

1. Runs Alembic migrations (alembic upgrade head) in a subprocess.
2. Initializes federation server identity (init_server_identity).
3. Ensures at least one local superadmin exists (ensure_default_admin).
4. Ensures uploads directories exist (<upload_dir>/avatars and <upload_dir>/attachments).

Database Initialization

Migrations create and update schema, then seed runtime settings.

Seeded server_settings keys include:

• app_name
• app_description
• session_timeout_days
• max_devices_per_user
• registration_mode
• registration_domain_allowlist
• brand_primary_color
• brand_accent_color
• message_retention_days

All values are JSON objects using shape:

{ "value": "..." }

or

{ "value": 7 }

Default Superadmin Bootstrap

If no local user with role superadmin exists:

• Backend creates admin with password Change_Me_123.
• This happens once per empty state.

Operational requirement: rotate this credential immediately.

Public Config Cache

GET /api/v1/config reads selected settings and caches them in Redis key public_config for 60 seconds.

When settings are updated via admin API (PUT /api/v1/admin/settings/{key}), backend invalidates this cache.

Federation Identity Bootstrap

The server publishes:

• GET /.well-known/d3chat-server

Response includes:

• domain
• signing_key_public
• api_base_url
• protocol_version

If SIGNING_KEY_SEED is configured, signing identity is deterministic from that seed.

Runtime Middleware Initialized

• CORS from CORS_ORIGINS
• Global rate limit middleware (IP-based, per minute)
• API routers for auth/users/devices/channels/messages/keys/admin/avatars/attachments
• WebSocket router (/ws)
• Federation inbox routes (/federation/*)