Add Buckets, Monitoring, Memberships, Networking, SSO, Announcements, Status page

Full set of admin surfaces on top of /platform/* and /admin/* endpoints,
plus a migration of /assistant onto @crema/llm-providers-ui.

Buckets (/buckets):
  S3-level CRUD over /platform/buckets — list, create, delete (with the
  6-digit confirmation flow the backend enforces), per-bucket configure
  for versioning / CORS rules / policy JSON, plus an object browser
  with FileGrid/FileList from @crema/file-ui and presigned-URL reveal.
  Storage-config picker scopes the view to one credential at a time.

Monitoring (/monitoring):
  Live dashboard. Service health board derived from indirect signals
  (status-ui OverallStatus + ComponentRow). KPI tiles for sessions,
  jobs, audit. Tabs: background jobs (Donut + BarChart + retry recent),
  sessions (Sparkline of last 24h sign-ins), audit activity (BarChart
  of severity / top resource types), infrastructure (DO summary +
  WorldMapSvg coloured by droplet region + droplet list + Spaces),
  rate limits. 30s auto-refresh.

Memberships (/memberships):
  M:N glue between users and tenants over /admin/memberships. Add /
  edit / suspend / activate / remove with role multi-select.

Networking (/networking):
  Tabs over /platform/{firewalls,vpcs,domains,floating_ips}.
  Read/delete on firewalls, read on VPCs, full DNS-record CRUD, and
  inline assign/unassign for floating IPs.

SSO (/sso):
  /sso/identity-providers CRUD with PEM cert as write-only field, plus
  /sso/sessions list with destroy.

Announcements (/announcements):
  /admin/announcements CRUD. Platform-wide vs per-tenant audience,
  schedule windows, dismissible + active toggles.

Status page (/status-page):
  /admin/status-page/{components,incidents,subscribers}. Components
  CRUD, incidents with timeline + post-update + resolve flow,
  subscriber list. Public preview at the top using StatusBoard +
  IncidentTimeline from @crema/status-ui.

Assistant migration:
  /assistant now uses @crema/llm-providers-ui (provider catalog +
  vault key resolution) instead of ~/lib/llm-settings. Same async
  buildAdapter() flow used by /ai. The legacy lib file is now
  unreferenced and can be removed when ready.

New sibling libs wired (cloned from CremaUIStudio):
  lib-file-ui, lib-card-ui, lib-dashboard-ui, lib-chart-ui,
  lib-map-ui, lib-status-ui.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
jules
2026-05-02 07:55:46 +10:00
parent 7ba415d78e
commit 0fcb9e40f1
20 changed files with 7472 additions and 28 deletions

99
app/lib/arcadia/sso.ts Normal file
View File

@@ -0,0 +1,99 @@
// SSO / SAML helpers.
// Backend: /api/v1/sso/identity-providers (tenant CRUD) + /sessions.
// Note: certificates are large and write-only.
import type { ArcadiaClient } from "@crema/arcadia-client"
export interface IdentityProvider {
id: string
tenant_id: string
name: string
entity_id: string
sso_url: string
slo_url: string | null
name_id_format: string | null
attribute_mapping: Record<string, string>
sp_entity_id: string | null
sign_requests: boolean
metadata_url: string | null
callback_url: string | null
enabled: boolean
has_certificate: boolean
inserted_at: string
updated_at: string
}
export interface IdentityProviderInput {
name: string
entity_id: string
sso_url: string
slo_url?: string | null
name_id_format?: string | null
attribute_mapping?: Record<string, string>
sp_entity_id?: string | null
sign_requests?: boolean
metadata_url?: string | null
callback_url?: string | null
enabled?: boolean
/** PEM cert from the IdP. Write-only. */
certificate?: string
}
export interface SamlSession {
id: string
user_id: string
idp_id: string
name_id: string | null
session_index: string | null
expires_at: string | null
inserted_at: string
}
const BASE = "/api/v1/sso"
export async function listIdentityProviders(arcadia: ArcadiaClient): Promise<IdentityProvider[]> {
const res = await arcadia.GET<{ data: IdentityProvider[] }>(`${BASE}/identity-providers`)
return res.data
}
export async function createIdentityProvider(
arcadia: ArcadiaClient,
input: IdentityProviderInput,
): Promise<IdentityProvider> {
const res = await arcadia.POST<{ data: IdentityProvider }>(
`${BASE}/identity-providers`,
{ body: { identity_provider: input } },
)
return res.data
}
export async function updateIdentityProvider(
arcadia: ArcadiaClient,
id: string,
input: Partial<IdentityProviderInput>,
): Promise<IdentityProvider> {
const res = await arcadia.PATCH<{ data: IdentityProvider }>(
`${BASE}/identity-providers/${id}`,
{ body: { identity_provider: input } },
)
return res.data
}
export async function deleteIdentityProvider(
arcadia: ArcadiaClient,
id: string,
): Promise<void> {
await arcadia.DELETE(`${BASE}/identity-providers/${id}`)
}
export async function listSamlSessions(arcadia: ArcadiaClient): Promise<SamlSession[]> {
const res = await arcadia.GET<{ data: SamlSession[] }>(`${BASE}/sessions`)
return res.data
}
export async function destroySamlSession(
arcadia: ArcadiaClient,
sessionId: string,
): Promise<void> {
await arcadia.DELETE(`${BASE}/sessions/${sessionId}`)
}