admin

Documentation

Overview

Package admin provides a read-only web UI for inspecting and managing muster sessions. It runs on a dedicated HTTP listener (configured via AggregatorConfig.Admin) without authentication; callers are expected to bind it to a loopback address and reach it via kubectl port-forward or localhost.

The package is intentionally minimal: plain HTML templates, a sprinkle of CSS, no JavaScript framework, no persistent state of its own. All data is fetched through the Deps callbacks supplied by the aggregator.

Index

• type Config
• type DecodedJWT
  • func DecodeJWT(label, raw string) *DecodedJWT
• type Deps
• type MCPDetail
• type MCPSummary
• type Server
  • func NewServer(cfg Config, deps Deps) (*Server, error)
  • func (s *Server) Addr() string
  • func (s *Server) Start() error
  • func (s *Server) Stop(ctx context.Context) error
• type ServerEntry
• type SessionDetail
• type SessionSummary
• type SessionToken

Types

type Config

type Config struct {
	BindAddress string // default "127.0.0.1"
	Port        int    // default 9999
}

Config configures the admin listener.

type DecodedJWT

type DecodedJWT struct {
	Label   string
	Header  json.RawMessage
	Payload json.RawMessage
	Error   string // Non-empty if decoding failed; fields above may be nil.
}

DecodedJWT is the header+payload view of a JWT. The signature segment is always discarded before a DecodedJWT is constructed.

func DecodeJWT

func DecodeJWT(label, raw string) *DecodedJWT

DecodeJWT renders a JWT's header and payload as pretty-printed JSON for display. The signature segment is dropped — this is a diagnostic helper for trusted contexts (operators inspecting stored tokens), never a verification path. Accepts 2- and 3-part tokens; the admin UI is deliberately lenient because operators routinely paste truncated tokens from logs.

type Deps

type Deps struct {
	// ListSessions returns summary rows for every known session.
	ListSessions func(ctx context.Context) ([]SessionSummary, error)

	// GetSessionDetail returns the detail view for a single session, or nil
	// + false when the session is unknown.
	GetSessionDetail func(ctx context.Context, sessionID string) (*SessionDetail, bool, error)

	// DeleteSession revokes auth state, clears capability caches, evicts
	// pooled connections, and clears upstream tokens for the session.
	DeleteSession func(ctx context.Context, sessionID string) error

	// ReconnectServer tears down all per-server state (auth, caps, pool,
	// upstream token) and immediately re-runs SSO so the server comes back
	// online with a fresh bearer. Used by the admin UI's per-server
	// "Reconnect" button.
	ReconnectServer func(ctx context.Context, sessionID, serverName string) error

	// ListMCPServers returns summary rows for every registered MCP server
	// (global, not session-scoped).
	ListMCPServers func(ctx context.Context) ([]MCPSummary, error)

	// GetMCPDetail returns the detail view for a single MCP server, or nil +
	// false when the server is unknown.
	GetMCPDetail func(ctx context.Context, name string) (*MCPDetail, bool, error)
}

Deps is the surface the admin package needs from the rest of muster. The aggregator package wires these callbacks up against its internal stores; tests inject fakes directly.

type MCPDetail

type MCPDetail struct {
	MCPSummary

	ToolPrefix string
	Scope      string
}

MCPDetail is the full view for one MCP server.

type MCPSummary

type MCPSummary struct {
	Name         string
	URL          string
	Namespace    string
	Status       string // connected / disconnected / unknown (api.ServiceState string)
	Issuer       string // Empty when server does not require auth.
	RequiresAuth bool
	LastUpdate   time.Time
}

MCPSummary is one row in the global MCP server list. It exposes only the registry-level metadata for a server; per-session capability data (tools/resources/prompts) belongs on the session detail page because most of muster's servers cache those per-session.

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server owns the admin HTTP listener.

func NewServer

func NewServer(cfg Config, deps Deps) (*Server, error)

NewServer constructs an admin server. Call Start to begin serving.

func (*Server) Addr

func (s *Server) Addr() string

Addr reports the listener address, useful in tests.

func (*Server) Start

func (s *Server) Start() error

Start begins serving in a goroutine and returns immediately. It returns an error only if the listener cannot be bound.

func (*Server) Stop

func (s *Server) Stop(ctx context.Context) error

Stop shuts down the admin listener with a brief grace period.

type ServerEntry

type ServerEntry struct {
	Name        string
	Issuer      string
	Transport   string // "sse", "stdio", "streamable-http", or "" if not pooled.
	Pooled      bool
	CreatedAt   time.Time
	LastUsedAt  time.Time
	TokenExpiry time.Time // Zero if no tracked expiry.
	ToolCount   int
	ToolNames   []string // Sorted names of the tools advertised to this session.
	RsrcCount   int
	PromptCount int
}

ServerEntry describes one authenticated server for a session.

type SessionDetail

type SessionDetail struct {
	SessionID string
	Subject   string
	Email     string // User email from ID token (preferred over subject for display)
	Servers   []ServerEntry
	Tokens    []SessionToken // Raw JWTs to be decoded; never rendered raw.
}

SessionDetail is the full view for one session.

type SessionSummary

type SessionSummary struct {
	SessionID   string
	Subject     string
	Email       string // User email from ID token (preferred over subject for display)
	ServerCount int
	ToolCount   int
	LastSeen    time.Time // Zero if unknown.
}

SessionSummary is one row in the session list view.

type SessionToken

type SessionToken struct {
	Label string // e.g. "muster → github"
	Raw   string // Compact JWT. Never rendered to the client.
}

SessionToken pairs a raw JWT with a display label. The admin package decodes the payload for rendering; the raw value never leaves the server.