Phase 4 · Batch 6: Admin Controls — Gateway Restart, Config Edit, Logs, Docker #35

Closed
opened 2026-05-20 19:49:16 -05:00 by null · 1 comment
Owner

Outcome

Sensitive controls available only with explicit admin UX, audit logging, and confirmation.

Scope

  • Auth/permissions: backend/app/api/deps.py, backend/app/core/auth.py, organization admin dependencies
  • Audit trail: existing activity/event models under backend/app/models/activity_events.py and backend/app/services/activity_log.py
  • Gateway APIs: backend/app/api/gateways.py, backend/app/api/gateway.py, backend/app/services/openclaw/admin_service.py
  • Frontend admin surfaces: likely new pages under frontend/src/app/gateways/[gatewayId]/

Candidate Features

  • Restart gateway/OpenClaw service
  • Read-only logs first, write actions later
  • Config edit with validation, backup, and audit trail
  • Docker/system security pages as separate admin feature

Explicitly Deferred

  • Do NOT include in the first usage-cost rollout
  • Config write controls and Docker actions need audit logging and confirmation UX first

Reference

  • server.js: /api/action/* quick actions, /api/logs, /api/openclaw-config, /api/docker, /api/sys-security, /api/services
  • server.js: reauth flow and audit logging around sensitive pages
  • index.html: config editor, logs viewer, Docker page, security page, notification center

Depends On

  • #30 (Batch 1) and ideally #31 (Batch 2) should be stable first
  • Requires clear admin permission model

Labels

phase-4, backend, frontend, priority-low

## Outcome Sensitive controls available only with explicit admin UX, audit logging, and confirmation. ## Scope - Auth/permissions: `backend/app/api/deps.py`, `backend/app/core/auth.py`, organization admin dependencies - Audit trail: existing activity/event models under `backend/app/models/activity_events.py` and `backend/app/services/activity_log.py` - Gateway APIs: `backend/app/api/gateways.py`, `backend/app/api/gateway.py`, `backend/app/services/openclaw/admin_service.py` - Frontend admin surfaces: likely new pages under `frontend/src/app/gateways/[gatewayId]/` ## Candidate Features - Restart gateway/OpenClaw service - Read-only logs first, write actions later - Config edit with validation, backup, and audit trail - Docker/system security pages as separate admin feature ## Explicitly Deferred - Do NOT include in the first usage-cost rollout - Config write controls and Docker actions need audit logging and confirmation UX first ## Reference - `server.js`: /api/action/* quick actions, /api/logs, /api/openclaw-config, /api/docker, /api/sys-security, /api/services - `server.js`: reauth flow and audit logging around sensitive pages - `index.html`: config editor, logs viewer, Docker page, security page, notification center ## Depends On - #30 (Batch 1) and ideally #31 (Batch 2) should be stable first - Requires clear admin permission model ## Labels phase-4, backend, frontend, priority-low
Author
Owner

Verified. Issue #35 accurately reflects Batch 6 (Admin Controls) scope from the runtime usage dashboard plan:

  • All admin control candidates correctly listed (gateway restart, logs, config edit, Docker/security)
  • Auth/permissions and audit trail requirements match plan
  • Dependencies on #30 and #31 noted
  • Explicit deferral note ("Do NOT include in first usage-cost rollout") captured
  • No missing or incorrect information

This issue is ready for tracking.

✅ Verified. Issue #35 accurately reflects Batch 6 (Admin Controls) scope from the runtime usage dashboard plan: - All admin control candidates correctly listed (gateway restart, logs, config edit, Docker/security) - Auth/permissions and audit trail requirements match plan - Dependencies on #30 and #31 noted - Explicit deferral note ("Do NOT include in first usage-cost rollout") captured - No missing or incorrect information This issue is ready for tracking.
null closed this issue 2026-05-20 22:03:26 -05:00
Sign in to join this conversation.
No description provided.