Workbench local setup and roles
The workbench is developed in its own repository, but it expects a running OpenTRMS backend.
1. Install and start the frontend
From opentrms-workbench:
corepack enable pnpm
pnpm install
pnpm dev
By default that starts Vite on http://localhost:5173 and proxies /api to
http://localhost:8080.
2. Start the backend
From the main opentrms repository, a typical local loop is:
mvn -B -ntp spring-boot:run -pl trms-api -Dspring-boot.run.profiles=local
The workbench contributor docs also assume Playwright is installed locally:
pnpm exec playwright install --with-deps chromium
3. Optional frontend environment overrides
Useful local overrides include:
VITE_API_BASE_URLVITE_AI_PROVIDERVITE_AI_MODEL
The default local AI provider is openrouter, which avoids depending on a
fully configured Anthropic backend setup during ordinary frontend development.
4. Understand how local auth works
The workbench stores its token in localStorage under
trms_workbench_token.
The important local-development behavior is:
- the SPA decodes the JWT payload client-side to derive scopes
- the frontend does not verify the signature itself
- the backend still enforces real authorization on requests
That means a locally injected unsigned token is good enough to light up nav items and frontend flows, while backend responses remain the real permission check.
5. Seed a local all-access token when needed
For local-only iteration, the workbench repo documents a browser-console flow
that builds an unsigned token payload with a large scope set and writes it into
localStorage.
The intent of that flow is pragmatic:
- unblock frontend development when auth wiring is not the thing under test
- make hidden nav sections visible
- let you exercise admin and operator surfaces quickly
If you use that path, remember that it only affects the frontend shell. Backend routes that truly require scopes still need a backend environment willing to accept the corresponding token.
6. Role-driven navigation
The shell hides surfaces you cannot access. Scope-gated navigation is one of the main things to verify locally.
Examples:
- traders see trade capture, pretrade, blotters, and approval context
- operations users see settlement, netting, EOD, journals, and instruction flows
- admin roles reveal access-management and configuration surfaces
The Playwright suite also encodes this model through helper roles such as:
tradermiddle_officeback_officeadminfull
7. Quality gates
Before pushing frontend changes, the workbench repo expects:
pnpm typecheck
pnpm lint
pnpm test:coverage
pnpm build
pnpm test:e2e