unibus_admin

3 Commits 2 Branches 0 Tags

Author	SHA1	Message	Date
Egutierrez	93acc059f1	docs: app.md + deploy artifacts (systemd unit, deploy README) - app.md: frontmatter (service, port 8480, systemd unibus-admin.service on magnus), architecture, capabilities, security, known gaps. uses_functions: sign_ed25519_go_cybersecurity. e2e_checks (build/vet/web_build/smoke_mock). - deploy/unibus-admin.service: systemd unit (Restart=always per the SIGTERM gotcha). - deploy/README.md: reproducible deploy steps (no secrets), Caddy additive-site recipe. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-07 19:44:38 +02:00
Egutierrez	df1c03a0be	feat: Mantine SPA (Cluster/Rooms/Users) + verified end-to-end SPA (React 19 + Vite 6 + Mantine v9, dark/indigo, @fn_library-style): - AdminShell: AppShell nav (Cluster/Rooms/Users), operator endpoint badge - ClusterPage: per-node up/down + posture badges (enforce/acl/tls/cluster/store), 10s auto-refresh - RoomsPage: room table (E2E/cleartext, persist, signed, epoch, role), create modal, members drawer with kick(+rekey) and invite modal - UsersPage: allowlist table (handle/role/status/sign_pub), add modal, revoke with confirmation, degraded state when no store backend - api.ts: single repository layer hitting /api; gateway decides mock vs live Verified end-to-end against a local membershipd in BOTH postures: - auth-off: create room, list rooms, signed members GET, add/revoke user - enforce + TLS + nkey (production posture): TLS-pinned healthz, nkey NATS connect, signed control-plane requests verified by the server, 403 surfaced for a non-member room pnpm build green (tsc + vite); go build/vet green; dist embedded. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-07 19:38:30 +02:00
Egutierrez	8d893d216b	feat: scaffold unibus_admin gateway (Go REST + embed SPA placeholder) Single Go binary: serves an embedded Mantine SPA and a small REST API over the unibus control plane. Holds the operator ADMIN identity, signs every control-plane request, never exposes a private key to the browser. - internal/admin: Repo interface + mock + bus implementations, REST server - repo_bus: rooms via pkg/client, members via signed GET (CanonicalRequest + SignEd25519), cluster via /healthz (CA-pinned), users via membership.Store - identity loaded from pass entry or 0600 file (operator-identity JSON) - go build CGO_ENABLED=0 green; go vet clean Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-07 19:27:49 +02:00

Author

SHA1

Message

Date

Egutierrez

93acc059f1

docs: app.md + deploy artifacts (systemd unit, deploy README)

- app.md: frontmatter (service, port 8480, systemd unibus-admin.service on magnus),
  architecture, capabilities, security, known gaps. uses_functions:
  sign_ed25519_go_cybersecurity. e2e_checks (build/vet/web_build/smoke_mock).
- deploy/unibus-admin.service: systemd unit (Restart=always per the SIGTERM gotcha).
- deploy/README.md: reproducible deploy steps (no secrets), Caddy additive-site recipe.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-07 19:44:38 +02:00

Egutierrez

df1c03a0be

feat: Mantine SPA (Cluster/Rooms/Users) + verified end-to-end

SPA (React 19 + Vite 6 + Mantine v9, dark/indigo, @fn_library-style):
- AdminShell: AppShell nav (Cluster/Rooms/Users), operator endpoint badge
- ClusterPage: per-node up/down + posture badges (enforce/acl/tls/cluster/store),
  10s auto-refresh
- RoomsPage: room table (E2E/cleartext, persist, signed, epoch, role), create
  modal, members drawer with kick(+rekey) and invite modal
- UsersPage: allowlist table (handle/role/status/sign_pub), add modal, revoke
  with confirmation, degraded state when no store backend
- api.ts: single repository layer hitting /api; gateway decides mock vs live

Verified end-to-end against a local membershipd in BOTH postures:
- auth-off: create room, list rooms, signed members GET, add/revoke user
- enforce + TLS + nkey (production posture): TLS-pinned healthz, nkey NATS
  connect, signed control-plane requests verified by the server, 403 surfaced
  for a non-member room

pnpm build green (tsc + vite); go build/vet green; dist embedded.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-07 19:38:30 +02:00

Egutierrez

8d893d216b

feat: scaffold unibus_admin gateway (Go REST + embed SPA placeholder)

Single Go binary: serves an embedded Mantine SPA and a small REST API over the
unibus control plane. Holds the operator ADMIN identity, signs every
control-plane request, never exposes a private key to the browser.

- internal/admin: Repo interface + mock + bus implementations, REST server
- repo_bus: rooms via pkg/client, members via signed GET (CanonicalRequest +
  SignEd25519), cluster via /healthz (CA-pinned), users via membership.Store
- identity loaded from pass entry or 0600 file (operator-identity JSON)
- go build CGO_ENABLED=0 green; go vet clean

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-07 19:27:49 +02:00