✨ feat: add admin console, onboarding, and scoped access#20
Merged
Conversation
Introduce scoped token support and related APIs, engines and helpers. Tokens now use salted SHA256 hashes, support creation (personal/service), revocation, authentication and expiry checks; legacy token endpoints updated and new /auth/tokens/v2 endpoints added. Add scope-based authorization (Access.policy), request token middleware, audit event recording (Engines.audit) and audit API. Implement Projects and Configs engines/resources, a SecretsV2 engine with config inheritance and export (including env format), plus helpers.resolve_project_config and wiring in connection.py. Update KV and userpass resources to use token-based auth and optional open registration, bump API version to 2.0.0, and add tests for token expiry, scope matching and config inheritance.
…e friendly - add shared serialization helpers for datetime/ObjectId-safe JSON responses - switch audit writes/filters to slug fields with legacy id fallback matching - return frontend-friendly config list shape with parentSlug and createdAt - add tokens v2 list endpoint and revoke by token_id with plaintext fallback - enable CORS via CORS_ORIGINS and allow Authorization/Content-Type headers - extend secrets export JSON with optional metadata payload - update README env vars/curl examples and add regression tests
…yment - vendor SSM-Admin-Console into frontend/ with docs and agent guidance - add frontend Dockerfile/nginx config and compose service integration - wire local CORS defaults for frontend-backend compose integration - update root/dev docs, ignore rules, and contribution quality instructions - add development guide for backend-only, frontend-only, and full-stack workflows
- add deterministic onboarding stamp + lock state in MongoDB - add /api/onboarding/status and /api/onboarding/bootstrap endpoints - remove env-based open registration dependency for first user creation - add frontend initial setup wizard with auto-login bootstrap token - issue admin-scoped bootstrap token and clear stale token on 401 - document onboarding flow and add backend onboarding unit tests
Updated README to include monorepo layout information.
bearlike
changed the title
bearlike
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR ships v1.3.0 and moves Simple Secrets Manager from API-first workflows to a product-ready experience with a complete admin console, first-time onboarding, and hardened access controls.
Product changes
.envimport preview + confirm (new/overwrite/inherited override) plus export support.Engineering changes
/api) and compose-first runtime.