---
name: matrix_admin_panel
lang: go
domain: infra
version: 0.1.0
description: "Panel admin Matrix propio (Wails + React + Mantine). Sustituye synapse-admin. MAS OIDC login + Synapse Admin API."
tags: [matrix, admin, synapse, mas, wails, react, mantine, infra, matrix-mas, client]
uses_functions:
  - mas_oidc_loopback_go_infra
  - keyring_token_store_go_infra
  - synapse_admin_client_go_infra
uses_types: []
framework: "wails"
entry_point: "main.go"
dir_path: "projects/element_agents/apps/matrix_admin_panel"
repo_url: "https://gitea-dgg044oo04woo4ggcsws4gk0.organic-machine.com/dataforge/matrix_admin_panel.git"
icon:
  phosphor: "shield-check"
  accent: "#dc2626"
---

## Goal

Panel admin Matrix propio que sustituye el contenedor synapse-admin eliminado (issue 0162). Wails (Go) + React+Mantine. Login MAS OIDC PKCE (loopback puerto 8766) + Synapse Admin API.

## Ejecutar

```bash
cd projects/element_agents/apps/matrix_admin_panel
wails dev                                  # hot-reload
wails build                                # binario Linux
wails build -platform windows/amd64        # binario Windows
```

## Flow

1. Login MAS OIDC (PKCE public client, mismo issuer que matrix_client_pc, distinto client_id).
2. Tras login, modal `AdminTokenModal` pide el `access_token` Synapse de un user con `admin: true` (MAS no expone scope admin todavia).
3. Validacion: GET `/_synapse/admin/v2/users/{self}` con el token. 200 = OK, se persiste en keyring con prefijo `admin_token:`.
4. UI con AppShell.Navbar tabs: Users / Rooms / Sessions.
5. Acciones row: Deactivate user (purge opcional), Reset password, Delete room (purge + block opcionales).

## Arquitectura

```
main.go             entry: wails.Run + bind AdminService
admin_service.go    bindings (Login/SetAdminToken/ListUsers/...)
helpers.go          whoami helper
internal/infra/     vendored helpers del registry
  mas_oidc_loopback.go
  keyring_token_store.go
  synapse_admin_client.go
frontend/           React+Vite+TS+Mantine v7
  src/
    main.tsx        MantineProvider violet dark
    App.tsx         router (Login | Home)
    LoginScreen.tsx boton "Sign in with MAS"
    AdminTokenModal.tsx pide admin_token Synapse
    HomeScreen.tsx  AppShell + sidebar tabs
    UsersTab.tsx    tabla users + acciones
    RoomsTab.tsx    tabla rooms + acciones
    SessionsTab.tsx placeholder TBD
```

## MAS client (registrado en production)

- `client_id`: `XSFD2SWA394DXRVJFTREAMY6J6`
- `client_auth_method`: `none` (PKCE public)
- redirect URIs: `http://127.0.0.1:8766/callback`, `http://localhost:8766/callback`, `https://admin-mas.organic-machine.com/callback`, `http://localhost:8090/callback`

## Capability growth log

- v0.1.0 (2026-05-25) — baseline scaffold (issue 0163): Wails skeleton + login MAS OIDC + admin token modal + Users/Rooms/Sessions tabs (Sessions placeholder).