CMP Quickstart (Local Dev)

Last updated: 2025-09-15

This walks you from zero → local Registry + Portal + scanner validation.

1) Prereqs

Node 22 LTS, pnpm, Nx
Docker (for Postgres) or a local Postgres instance

2) Start Postgres (Docker)

docker run --name cmp-pg -e POSTGRES_PASSWORD=postgres -e POSTGRES_USER=postgres -e POSTGRES_DB=cmp \
  -p 5432:5432 -d postgres:14

Set CMP_REGISTRY_DATABASE_URL to postgresql://postgres:postgres@localhost:5432/cmp?schema=public. Optionally, use Infisical to inject secrets when running commands:

bin/infisical run --env=dev -- <your command>

3) Generate Prisma client & push schema

pnpm -w nx run cmp-registry-data:prisma:generate
pnpm -w nx run cmp-registry-data:prisma:db-push

4) Run the Registry (dev)

# Minimal env
export CMP_REGISTRY_DATABASE_URL="postgresql://postgres:postgres@localhost:5432/cmp?schema=public"
# Allow the Portal origin(s) for admin endpoints (comma-separated)
export CORS_ADMIN_ALLOWED_ORIGINS="http://localhost:4310,http://127.0.0.1:4310"
# Option A: full bypass (no Authorization header required; non-production only)
# export DEV_BYPASS_ADMIN_AUTH=1
# Option B: static bearer (non-production only)
# export DEV_ADMIN_BEARER="dev-admin-secret"

pnpm -w nx serve cmp-registry
# API base is /api. Example:
# GET http://localhost:3318/v1/config?site_key=DEV_SITE_KEY&v=live

Seed (optional): pnpm run cmp:seed if seed script is available and points at your DB.

5) Run the Portal (dev)

# apps/cmp/portal/.env.local
cat > apps/cmp/portal/.env.local <<EOF
VITE_REGISTRY_URL=http://localhost:3318/api
VITE_CDN_CMP_URL=http://localhost:8080/dw-cmp.min.js
VITE_SITE_KEY=DEV_SITE_KEY
# Dev bypass (no IDP): set VITE_BYPASS_AUTH=1 to skip login.
VITE_BYPASS_AUTH=1
# IDP (hooks): point to your IDP base if you have one
VITE_IDP_BASE_URL=http://localhost:3101
EOF

pnpm -w nx serve cmp-portal
# http://localhost:4310

With the above, the Portal skips login. If DEV_BYPASS_ADMIN_AUTH=1 is set on the Registry, admin routes work without any Authorization header. For a real setup, remove bypass envs and configure the IDP + Registry:

Portal: set VITE_IDP_BASE_URL and add <meta name="idp-audience" content="cmp-portal" /> to index.html.
Registry: set OIDC_ISSUER, OIDC_AUDIENCE, and optionally OIDC_HS_SECRET to accept HS256 tokens from the IDP.

6) Validate with the scanner

npx playwright install chromium       # one‑time
pnpm --filter cmp-scanner scan http://localhost:4310 tmp/report.json --site-key=DEV_SITE_KEY
node tools/ci/check-scanner.mjs tmp/report.json

Aim for Scanner gate OK and zero new pre→post third‑party hosts/cookies until you explicitly accept all.

7) Try GPC

pnpm --filter cmp-scanner scan http://localhost:4310 tmp/report-gpc.json --site-key=DEV_SITE_KEY --gpc=1
node tools/ci/check-scanner.mjs tmp/report-gpc.json

8) Next steps

Wire a real IDP; set OIDC envs for the Registry and Portal.
Deploy via Helm/Argo (see docs/cmp/OPERATOR_CHECKLIST.md).
Enable CI gates and import the Grafana dashboard.

1) Prereqs​

2) Start Postgres (Docker)​

3) Generate Prisma client & push schema​

4) Run the Registry (dev)​

5) Run the Portal (dev)​

6) Validate with the scanner​

7) Try GPC​

8) Next steps​