unibus_admin

dataforge/unibus_admin

Fork 0

Commit Graph

Author	SHA1	Message	Date
egutierrez	c412941e4c	feat: route Users management through the signed control-plane API The gateway previously managed the bus allowlist only via a direct membership store opened with --db, falling back to a "none" backend that left the Users tab degraded in cluster (the control plane exposed no user HTTP endpoint). The unibus control plane now exposes an admin-only user API (GET/POST /users, POST /users/{signpub}/revoke), and pkg/client wraps it with ListUsers/AddUser/RevokeUser that sign each request. busRepo now drives those client methods whenever no direct store is configured (the cluster default), so user management works in cluster without KV/SQLite access — the bus verifies the operator's admin identity with requireAdmin and writes to the same store the room handlers use. A direct store (--db) is kept as an explicit single-node fallback. The reported users_backend becomes "control-plane" (or "sqlite" with --db), and ErrUsersUnavailable / the "none" path are removed since a connected gateway can always reach the API. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-07 21:10:27 +02:00
Egutierrez	8d893d216b	feat: scaffold unibus_admin gateway (Go REST + embed SPA placeholder) Single Go binary: serves an embedded Mantine SPA and a small REST API over the unibus control plane. Holds the operator ADMIN identity, signs every control-plane request, never exposes a private key to the browser. - internal/admin: Repo interface + mock + bus implementations, REST server - repo_bus: rooms via pkg/client, members via signed GET (CanonicalRequest + SignEd25519), cluster via /healthz (CA-pinned), users via membership.Store - identity loaded from pass entry or 0600 file (operator-identity JSON) - go build CGO_ENABLED=0 green; go vet clean Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-07 19:27:49 +02:00

Author

SHA1

Message

Date

egutierrez

c412941e4c

feat: route Users management through the signed control-plane API

The gateway previously managed the bus allowlist only via a direct
membership store opened with --db, falling back to a "none" backend that
left the Users tab degraded in cluster (the control plane exposed no user
HTTP endpoint). The unibus control plane now exposes an admin-only user
API (GET/POST /users, POST /users/{signpub}/revoke), and pkg/client wraps
it with ListUsers/AddUser/RevokeUser that sign each request.

busRepo now drives those client methods whenever no direct store is
configured (the cluster default), so user management works in cluster
without KV/SQLite access — the bus verifies the operator's admin identity
with requireAdmin and writes to the same store the room handlers use. A
direct store (--db) is kept as an explicit single-node fallback. The
reported users_backend becomes "control-plane" (or "sqlite" with --db),
and ErrUsersUnavailable / the "none" path are removed since a connected
gateway can always reach the API.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-07 21:10:27 +02:00

Egutierrez

8d893d216b

feat: scaffold unibus_admin gateway (Go REST + embed SPA placeholder)

Single Go binary: serves an embedded Mantine SPA and a small REST API over the
unibus control plane. Holds the operator ADMIN identity, signs every
control-plane request, never exposes a private key to the browser.

- internal/admin: Repo interface + mock + bus implementations, REST server
- repo_bus: rooms via pkg/client, members via signed GET (CanonicalRequest +
  SignEd25519), cluster via /healthz (CA-pinned), users via membership.Store
- identity loaded from pass entry or 0600 file (operator-identity JSON)
- go build CGO_ENABLED=0 green; go vet clean

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-07 19:27:49 +02:00

2 Commits