14c7a8f59a
Closes Phase 6 (the items that don't need a backend change). Three
threads, all on the Hermes Mission Control overview:
1. Severity-tagged alerts on the ops panel
New `RecentAlerts` component classifies each `recentAlerts` string
into critical / warn / info by leading token (CRITICAL/ERROR/FATAL
→ critical; INFO/OK → info; default → warn — most ops alerts are
warnings) and renders a colour-coded badge per alert. A
per-severity radiogroup filter sits in the panel header with live
counts. Pure UI — no backend contract change. The watchdog log
tailer in `hermes-telemetry/repository.ts` already emits structured
severities for the future migration off of leading-token parsing.
2. Per-instance action row on each `InstanceCard`
Adds three buttons next to "Open dashboard" / "Copy URL":
- "Copy SSH command": Tailscale-scoped only — never raw `ssh` —
and per-instance user (`tailscale ssh root@<ts-ip>` for Vijay,
`tailscale ssh uma@<ts-ip>` for Bheem). Disabled when the
snapshot has no Tailscale IP.
- "View tasks": deep link into the Task Ledger pre-filtered by
instance via `/hermes/tasks?instance=<id>`.
- "Open runbook": link to `docs/hermes-operations.md`.
"How to restart this gateway" is intentionally a runbook link, not
a button — restarting is privileged and should go through the
documented procedure, not the dashboard UI.
3. URL-param hydration of the instance switcher
`HermesInstanceProvider` now reads `?instance=` from the URL on
mount (and on subsequent navigations to a different value). The
URL value wins over the persisted localStorage selection so deep
links from the ops panel land on a pre-filtered pane. The param
is intentionally not auto-stripped — back/forward and copy-paste
stay meaningful.
Roadmap status: Phase 6 ticked except trend cards (deferred — needs
client-side history persistence) and theme toggle (deferred — shell
doesn't expose a switch primitive yet). Unified-alerts-feed bullet
partially achieved by the new severity filter; the per-instance roll-up
will land when a UI consumer is built for the Phase 3 telemetry
endpoint.
Verified: typecheck ✅, build ✅, 7/7 E2E ✅ (the existing switcher
test exercises the new context code path; URL hydration is covered
indirectly by the deep-link button → Task Ledger pre-filter).
Generated with [Devin](https://cli.devin.ai/docs)
Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
|
||
|---|---|---|
| .. | ||
| .gitea/workflows | ||
| backend | ||
| scripts | ||
| shared | ||
| web | ||
| .gitignore | ||
| .pnpmfile.cjs | ||
| deploy.sh | ||
| DEPLOYMENT_GUIDE.md | ||
| DEPLOYMENT.md | ||
| docker-compose.yml | ||
| ENDPOINTS.md | ||
| package.json | ||
| pnpm-lock.yaml | ||
| pnpm-workspace.yaml | ||
| README.md | ||
| REVIEW_ACTIONS.md | ||
ByteLyst DevOps Dashboard
Internal DevOps dashboard for deployment orchestration and service monitoring across ByteLyst products.
Architecture
dashboard/
├── backend/ # Fastify 5 backend (port 4004)
│ └── src/
│ ├── lib/ # Config, auth, Cosmos
│ └── modules/ # Services, deployments, health
├── web/ # Next.js 16 frontend (port 3000)
│ └── src/
│ ├── app/ # Pages
│ └── lib/ # API client, auth
└── shared/
└── product.json # Product identity
Features
- Service Registry: Manage all ByteLyst services (trading, notes, clock, etc.)
- Deployment Orchestration: Trigger deployments via existing bash scripts
- Health Monitoring: Real-time health checks for all services with caching
- Deployment History: Audit trail of all deployments with captured logs (JSON-polled by the web client; no SSE)
- Cross-Navigation: One-click link to Platform Admin dashboard
- Hermes Mission Control: Read-only mock dashboard for portfolio-wide execution, task ledger, product health, history, agents, and settings
- Testing: Vitest for backend, React Testing Library for frontend
- Security: Rate limiting, CORS, security headers, Zod validation
- Auto-Refresh: Automatic health status updates every 60 seconds
Recent Improvements
Testing Infrastructure
- Added Vitest for backend testing with test files for services and deployments
- Added React Testing Library for frontend with API client tests
- Test scripts:
pnpm test(watch mode),pnpm test:run(CI mode)
Health Monitoring
- Implemented actual HTTP health checks with 10-second timeout
- Added 30-second caching to avoid overwhelming services
- Added User-Agent header for health check requests
- Added admin endpoint to clear health cache (
DELETE /api/health/cache) - Health status determined by response time: >5s = degraded
API Validation
- Added Zod schemas for all API routes (services, deployments, health)
- Proper error handling with BadRequestError from @bytelyst/errors
- Validated path parameters, query parameters, and request bodies
- Strict validation on update operations to prevent accidental field changes
Deployment Logs
- Endpoint
GET /api/deployments/:id/logsreturns the full captured stdout/stderr + current status as a single JSON payload (admin only). - The web client polls this endpoint while a deployment is
running. There is intentionally no SSE/WebSocket stream — the previous attempt withfastify-sse-v2was incompatible with Fastify 5 and was removed. If a real-time stream is needed later, implement it explicitly viareply.rawand update this section in the same change.
Security Enhancements
- Added rate limiting: 100 requests per minute per IP
- Improved CORS with allowed origins whitelist
- Added security headers: X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, HSTS, Referrer-Policy
- OPTIONS preflight request handling
- Credentials support for authenticated requests
Auto-Refresh
- Automatic health status refresh every 60 seconds
- Manual refresh button to clear cache and force health checks
- Visual feedback with spinning icon during refresh
- Last health check timestamp displayed on service cards
Setup
Prerequisites
- Node.js 22+
- pnpm 10.6.5
- Azure Cosmos DB credentials
- Platform Service URL
- Access to @bytelyst/* packages (via common-plat workspace or Gitea registry)
Installation
The dashboard uses the .pnpmfile.cjs pattern for dynamic dependency resolution, supporting both local workspace and Gitea registry modes.
# For local development (uses workspace links to learning_ai_common_plat)
pnpm install:common-plat
# For production (uses Gitea registry at localhost:3300)
pnpm install:gitea
Backend
cd backend
cp .env.example .env # Add your credentials
pnpm dev # Runs on port 4004
Frontend
cd web
cp .env.local.example .env.local # Add your URLs
pnpm dev # Next dev server on http://localhost:3000 (no Docker)
Running Both
# From dashboard root
pnpm dev
Environment Variables
Backend (.env)
PORT=4004
PLATFORM_SERVICE_URL=http://localhost:4003
COSMOS_ENDPOINT=https://your-cosmos.documents.azure.com:443/
COSMOS_KEY=your-cosmos-key
COSMOS_DATABASE=bytelyst-platform
JWT_SECRET=your-jwt-secret
Frontend (.env.local)
NEXT_PUBLIC_DEVOPS_API_URL=http://localhost:4004
NEXT_PUBLIC_PLATFORM_URL=http://localhost:4003
Production deployments use https://api.bytelyst.com/devops for NEXT_PUBLIC_DEVOPS_API_URL and https://api.bytelyst.com/platform/api for NEXT_PUBLIC_PLATFORM_URL.
Usage
- Seed Services: Click "Seed Services" on the dashboard to register default services
- Deploy: Click "Deploy" on any service card to trigger deployment
- Monitor: View real-time health status and deployment history
- Platform Admin: Click "Platform Admin" link to jump to the admin dashboard
- Hermes Mission Control: Visit
/hermesfor the mock executive command center and the companion routes/hermes/tasks,/hermes/tasks/[id],/hermes/products,/hermes/history,/hermes/agents, and/hermes/settings
Integration with Platform Admin
- DevOps dashboard links to admin-web at
http://localhost:3001 - Admin-web should have a reciprocal link back to DevOps dashboard
- Both use platform-service for authentication
API Endpoints
Services
GET /api/services- List all servicesGET /api/services/:id- Get single servicePOST /api/services- Create service (admin only)PUT /api/services/:id- Update service (admin only)DELETE /api/services/:id- Delete service (admin only)
Deployments
GET /api/deployments- Recent deployments (with?limit=query param)GET /api/deployments/service/:serviceId- Deployments for specific serviceGET /api/deployments/:id- Single deploymentGET /api/deployments/:id/logs- Get captured deployment logs as JSON (web client polls this; no SSE)POST /api/deployments/trigger/:serviceId- Trigger deployment (admin only)
Health
GET /api/health- Health of all servicesGET /api/health/:serviceId- Health of specific serviceDELETE /api/health/cache- Clear health cache (admin only)
Seed
POST /api/seed- Seed default services (admin only)
Development
# Backend typecheck
cd backend && pnpm typecheck
# Frontend typecheck
cd web && pnpm typecheck
# Run tests (watch mode)
pnpm test
# Run tests (CI mode)
pnpm test:run
# Run both
pnpm --filter backend dev & pnpm --filter web dev
Deployment
See DEPLOYMENT.md for detailed deployment instructions.
Deploy as a ByteLyst product:
- Product ID:
devops-internal - Backend port: 4004 (host) / 4004 (container)
- Web port: 3000 (container) — exposed on host as
localhost:3049under Docker Compose; dev mode (pnpm dev) listens directly onlocalhost:3000. SeeDEPLOYMENT.mdfor the full port table. - Use existing deployment scripts in parent directory
- Public API base:
https://api.bytelyst.com/devops
Production Features
The dashboard includes comprehensive production-ready features:
- CI/CD Pipeline: Gitea Actions with build, test, typecheck, lint, E2E tests
- Security: CSRF protection, rate limiting, CORS, security headers
- Monitoring: System metrics, Docker management, performance tracking
- Operations: Database migrations, backup/restore, audit logging
- Accessibility: ARIA labels, keyboard navigation, skip links
- PWA: Web app manifest, mobile-friendly
- Documentation: OpenAPI/Swagger at
/docs
See DEPLOYMENT.md for complete deployment guide.