hailin
/
it0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
400 Commits 1 Branch 0 Tags 7.8 MiB
Commit Graph

55 Commits

Author SHA1 Message Date
hailin f393a07092 fix: correct alert-rules API paths and remove audit ACL plugin 
- Frontend alert-rules paths changed from /monitoring/alert-rules to
  /monitor/alerts/rules to match backend routes
- Removed Kong ACL plugin on audit-routes (JWT auth is sufficient)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 00:21:50 -08:00
hailin 48e47975ca fix: configure Kong JWT auth flow with consumer credentials 
- Add kid claim to auth-service JWT for Kong validation
- Add Kong consumer with JWT credential (shared secret via env)
- Add agent-config route to Kong for /api/v1/agent-config
- Kong Dockerfile uses entrypoint script to inject JWT_SECRET at runtime
- Fix frontend login path (/auth/login → /api/v1/auth/login)
- Extract tenantId from JWT on login and store as current_tenant
- Add auth guard in admin layout (redirect to /login if no token)
- Pass JWT_SECRET env var to Kong container in docker-compose

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-21 23:20:06 -08:00
hailin 74e4c55277 fix: read API_BASE_URL at request time in proxy route 
The module-level const was being inlined at build time by Next.js
standalone bundler, causing the proxy to always use localhost:8000
instead of the Docker runtime env var api-gateway:8000.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-21 22:45:57 -08:00
hailin c75ad27771 feat: add Claude Agent SDK engine with multi-tenant support 
Add @anthropic-ai/claude-agent-sdk as a third engine (pure additive, no changes
to existing CLI/API engines). Includes full frontend admin page.

Backend (agent-service):
- ClaudeAgentSdkEngine: implements AgentEnginePort using SDK's query() API
- ApprovalGate: L2 tool approval with configurable auto-approve timeout (default 120s)
- TenantAgentConfig entity: per-tenant billing mode, encrypted API key, timeout, tool lists
- AllowedToolsResolverService: RBAC-based tool whitelist (admin/operator/viewer)
- TenantAgentConfigController: REST endpoints for admin config management
- Default subscription billing (operator's Claude login, no API key needed)
- Optional per-tenant API key with AES-256-GCM encryption

Frontend (web-admin):
- SDK Config page at /agent-config/sdk with billing, timeout, tool permissions
- Sidebar navigation entry under Agent Config
- React Query key for tenant SDK config

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-20 18:38:30 -08:00
hailin 00f8801d51 Initial commit: IT0 AI-powered server cluster operations platform 
Full-stack monorepo with DDD + Clean Architecture:
- Backend: 7 NestJS microservices + 5 shared libraries (TypeScript)
- Mobile: Flutter app with Riverpod (Dart)
- Web Admin: Next.js dashboard with Zustand + React Query
- Voice: Python voice service (STT/TTS/VAD)
- Infra: Docker Compose, K8s manifests, Turborepo build

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 22:54:37 -08:00