marco/buildmymcpserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
66128c73d8
buildmymcpserver/apps/web/app/admin/prompt/page.tsx
Marco Sadjadi c62fcd07ef feat(admin): password-auth admin panel with 8 pages + 15 API endpoints 
Schema migrations:
- users.is_admin boolean
- users.password_hash text (scrypt N=16384, 16-byte salt)
- users.last_login_at timestamp
- organizations.suspended + suspended_reason
- admin_settings table (DB-stored prompt override + future settings)

Auth (@bmm/auth):
- hashPassword + verifyPassword via node:crypto scrypt (no extra dep)
- loginWithPassword: scrypt-verifies, issues 30-day session, updates last_login_at
- seedAdmin: idempotent upsert keyed on email; creates org + membership on first run
- AuthedUser now carries isAdmin flag

API:
- POST /v1/auth/admin/login (email + password) — 300ms throttle on failure
- requireAdmin preHandler — 401 if no session, 403 if non-admin
- Bootstrap: api on boot calls seedAdmin(ADMIN_EMAIL, ADMIN_PASSWORD, ADMIN_NAME)
  if env present. Idempotent.

Admin API routes (all gated by requireAdmin):
- GET /v1/admin/overview (totals, trends 7d, server-status breakdown, builds 24h, recent activity)
- GET /v1/admin/users (search, per-row org + plan + serverCount)
- PATCH /v1/admin/users/:id (isAdmin, name)
- DELETE /v1/admin/users/:id (self-delete blocked)
- GET /v1/admin/orgs (member + server counts)
- PATCH /v1/admin/orgs/:id (plan, quota, suspended; cascades to mcp_servers.status=paused on suspend)
- GET /v1/admin/servers (cross-org with status filter)
- POST /v1/admin/servers/:id/rebuild (re-queues build using last prompt)
- DELETE /v1/admin/servers/:id
- GET /v1/admin/builds (status filter, error messages, prompt previews)
- GET /v1/admin/builds/:id/logs
- GET /v1/admin/audit (system-wide with user email join)
- GET /v1/admin/system (DB ping, Redis ping, BullMQ queue depth, docker ps count)
- GET /v1/admin/prompt (builtin + override + updatedAt)
- PATCH /v1/admin/prompt (value: string | null) — saves DB override or drops it

UI (apps/web/app/admin/*):
- /admin/login — password form, separate from /login magic-link
- AdminLayout — Linear-style sidebar (8 nav items), bottom panel with user email +
  'user view' shortcut + logout, client-side requireAdmin guard with redirect
- /admin — overview dashboard with 4 metric cards, 2 panels (status + 24h builds),
  recent activity table linking to full audit
- /admin/users — search + admin toggle + delete (self-delete blocked)
- /admin/orgs — plan/quota/suspend actions via prompts
- /admin/servers — cross-org table with rebuild + delete actions, status filter
- /admin/builds — every build cross-fleet with error vs prompt preview
- /admin/audit — system-wide log + CSV export + filter dropdowns
- /admin/system — auto-refreshing 5s health probes for Postgres, Redis, queue, Docker
- /admin/prompt — live editor for the LLM system prompt with built-in baseline,
  override-state badge, drop-override action, diff preview, save-as-override

End-to-end verified: login as marco.frangiskatos@gmail.com + Melusa112233.*, every
admin page returns 200, admin login + overview tested via screenshot, docker probe
returns true count of running MCP containers.
2026-05-19 23:01:26 +02:00

158 lines
5.5 KiB
TypeScript
Raw Blame History

'use client';
import { useEffect, useState } from 'react';
import { apiFetch } from '@/lib/api';
import { Button } from '@/components/ui/button';
import { Textarea } from '@/components/input';
import { CodeBlock } from '@/components/code-block';
interface PromptData {
builtin: string;
override: string | null;
updatedAt: string | null;
}
export default function AdminPromptPage() {
const [data, setData] = useState<PromptData | null>(null);
const [draft, setDraft] = useState('');
const [saving, setSaving] = useState(false);
const [message, setMessage] = useState<string | null>(null);
async function reload() {
const r = await apiFetch<PromptData>('/v1/admin/prompt');
setData(r);
setDraft(r.override ?? r.builtin);
}
useEffect(() => {
reload();
}, []);
async function save() {
if (!data) return;
setSaving(true);
setMessage(null);
try {
// Only persist as override if it differs from built-in
const value = draft === data.builtin ? null : draft;
await apiFetch('/v1/admin/prompt', {
method: 'PATCH',
body: JSON.stringify({ value }),
});
setMessage(value === null ? 'Reverted to built-in prompt.' : 'Override saved.');
await reload();
} catch (e) {
setMessage(`Failed: ${(e as Error).message}`);
} finally {
setSaving(false);
}
}
async function revert() {
if (!data) return;
if (!confirm('Drop the override and use the built-in prompt?')) return;
await apiFetch('/v1/admin/prompt', { method: 'PATCH', body: JSON.stringify({ value: null }) });
await reload();
setMessage('Reverted to built-in.');
}
if (!data) return <div className="px-8 py-8 mono text-[12px] text-[--color-fg-muted]">Loading</div>;
const dirty = draft !== (data.override ?? data.builtin);
const isOverridden = data.override !== null;
return (
<div className="px-8 py-8">
<header className="mb-6">
<h1 className="text-[22px] font-semibold tracking-tight">AI prompt</h1>
<p className="mt-1 text-[13px] text-[--color-fg-muted]">
The system prompt the generator hands to Claude when parsing user requests. Override at
your own risk bad prompts cause low-quality builds.
</p>
</header>
<div className="grid gap-4 md:grid-cols-[1fr_280px]">
<div>
<div className="flex items-baseline justify-between">
<h2 className="text-[14px] font-semibold tracking-tight">Live prompt</h2>
<span className="mono text-[10.5px] uppercase tracking-wider text-[--color-fg-subtle]">
{draft.length} chars
</span>
</div>
<Textarea
rows={28}
value={draft}
onChange={(e) => setDraft(e.target.value)}
className="mt-3 mono text-[12px]"
spellCheck={false}
/>
{message && (
<p className="mt-2 text-[12px] text-[--color-fg-muted]">{message}</p>
)}
<div className="mt-4 flex justify-end gap-2">
{isOverridden && (
<Button variant="ghost" size="md" onClick={revert} disabled={saving}>
Drop override
</Button>
)}
<Button variant="primary" size="md" onClick={save} disabled={!dirty || saving}>
{saving ? 'Saving…' : isOverridden ? 'Save override' : 'Save as override'}
</Button>
</div>
</div>
<aside className="space-y-3">
<div className="panel p-3">
<div className="text-[11px] uppercase tracking-wider text-[--color-fg-subtle]">
Status
</div>
<div className="mt-2 text-[13px]">
{isOverridden ? (
<>
<span className="text-amber-300">Override active</span>
{data.updatedAt && (
<div className="mono text-[11px] text-[--color-fg-subtle]">
since {new Date(data.updatedAt).toLocaleString()}
</div>
)}
</>
) : (
<span className="text-emerald-300">Using built-in</span>
)}
</div>
</div>
<div className="panel p-3">
<div className="text-[11px] uppercase tracking-wider text-[--color-fg-subtle]">
Built-in baseline
</div>
<p className="mt-2 text-[12px] text-[--color-fg-muted]">
Shipped with <span className="mono">@bmm/llm</span>. Restored if you drop the
override.
</p>
</div>
<div className="panel p-3">
<div className="text-[11px] uppercase tracking-wider text-[--color-fg-subtle]">
Warning
</div>
<p className="mt-2 text-[12px] text-[--color-fg-muted]">
Prompt changes apply to <em>new builds only</em>. Existing servers run their
generated code as-is and aren&apos;t affected until iterated.
</p>
</div>
</aside>
</div>
{dirty && (
<div className="mt-6">
<h3 className="text-[13px] font-semibold tracking-tight">Diff preview</h3>
<CodeBlock
label="proposed → builtin"
code={`+ ${draft.length} chars\n- ${(data.override ?? data.builtin).length} chars\n→ ${
draft.length - (data.override ?? data.builtin).length > 0 ? '+' : ''
}${draft.length - (data.override ?? data.builtin).length} chars`}
/>
</div>
)}
</div>
);
}
Reference in New Issue View Git Blame Copy Permalink