hailin
/
it0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
283 Commits 1 Branch 0 Tags 9.5 MiB
TypeScript 64.9%
Dart 28.6%
Python 4%
Shell 1.7%
Kotlin 0.4%
Other 0.4%
Go to file
hailin 0ab7261129 feat(auth): introduce platform_admin role with proper access separation 
新增 platform_admin 角色,将平台超管与租户管理员的权限彻底分离。

## 后端变更

### auth-service — role-type.vo.ts
- 新增 RoleType.PLATFORM_ADMIN = 'platform_admin'
- DEFAULT_ROLE_PERMISSIONS 中为 PLATFORM_ADMIN 添加空权限集(平台层操作,不参与租户内权限体系)

### auth-service — tenant.controller.ts
- 移除类级别 @Roles('admin'),改为方法级别精细控制:
  - 租户 CRUD(列表/创建/GET/:id/PATCH/:id/PUT/:id/DELETE/:id)→ @Roles('platform_admin')
  - 成员管理(listMembers/updateMember/removeMember)→ @Roles('admin')
  - 邀请管理(listInvites/createInvite/revokeInvite)→ @Roles('admin')
  - 租户管理员可继续管理自己团队的成员和邀请,但无法访问跨租户的租户 CRUD

### auth-service — user.controller.ts
- /api/v1/auth/users(跨租户用户列表/CRUD)→ @Roles('platform_admin')
- 原来任意 admin 均可查看所有用户,现仅平台超管可访问

### version-service — guards/platform-admin.guard.ts(新文件)
- 新增 PlatformAdminGuard:从 Authorization: Bearer <JWT> 中 base64 解码 payload,
  检查 roles 包含 'platform_admin'(无需重复验签,Kong 已完成签名校验)
- 不依赖 @nestjs/passport,轻量、无额外依赖

### version-service — version.controller.ts
- 整个 /api/v1/versions 控制器挂载 @UseGuards(PlatformAdminGuard)
- App 版本管理(上传/发布/删除 APK/IPA)仅平台超管可操作

## 前端变更

### it0-web-admin — sidebar.tsx
- 登录时从 localStorage.user.roles 检测是否为 platform_admin
- 平台超管侧边栏:仪表盘 / 租户管理 / 用户(跨租户)/ App版本 / 账单(套餐+概览+账单记录)/ 设置
- 租户用户侧边栏:仪表盘 / Agent配置 / Runbooks / 常驻指令 / 服务器 / 监控 / 终端 / 安全 / 审计 / 通信 / 账单(概览+账单记录,无套餐管理)/ 设置

## 创建第一个平台超管账号
直接更新数据库:
  UPDATE it0_t_default.users SET roles = '{platform_admin}' WHERE email = 'xxx@xxx.com';
或通过已有 platform_admin 账号调用 POST /api/v1/auth/users 并指定 role: 'platform_admin'

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 		2026-03-07 00:57:40 -08:00
deploy feat(chat): voice-to-text fills input box instead of auto-sending 2026-03-06 07:01:39 -08:00
docs docs: add comprehensive deployment guide 2026-02-18 16:54:00 -08:00
it0-web-admin feat(auth): introduce platform_admin role with proper access separation 2026-03-07 00:57:40 -08:00
it0_app fix(stt): always use Whisper auto language detection, remove app language hint 2026-03-07 00:03:58 -08:00
packages feat(auth): introduce platform_admin role with proper access separation 2026-03-07 00:57:40 -08:00
.dockerignore fix: add Dockerfiles and fix docker-compose build configuration 2026-02-19 04:31:23 -08:00
.env.example Initial commit: IT0 AI-powered server cluster operations platform 2026-02-08 22:54:37 -08:00
.gitignore fix: 修复 .gitignore 误忽略 Flutter data/models/ 源码导致构建失败 2026-02-22 16:29:03 -08:00
Dockerfile.service fix(billing-service): add to Dockerfile.service and update pnpm lockfile 2026-03-03 21:27:35 -08:00
README.md Initial commit: IT0 AI-powered server cluster operations platform 2026-02-08 22:54:37 -08:00
entrypoint.sh refactor: clean up agent SSH setup after fixing host-local routing 2026-02-26 18:11:44 -08:00
logo.svg feat: rename app from IT0 to iAgent (我智能体) 2026-02-22 06:39:40 -08:00
package.json Initial commit: IT0 AI-powered server cluster operations platform 2026-02-08 22:54:37 -08:00
pnpm-lock.yaml fix(agent-service): add multer as explicit runtime dependency 2026-03-06 07:10:22 -08:00
pnpm-workspace.yaml Initial commit: IT0 AI-powered server cluster operations platform 2026-02-08 22:54:37 -08:00
tsconfig.base.json Initial commit: IT0 AI-powered server cluster operations platform 2026-02-08 22:54:37 -08:00
turbo.json fix: rename turbo.json pipeline to tasks for Turbo 2.x compatibility 2026-02-19 04:44:25 -08:00

README.md

IT0 — AI-Powered Server Cluster Operations Platform

Intelligent operations platform that combines AI agents with human oversight for managing server clusters.

Architecture

  • Backend: NestJS microservices (TypeScript) with DDD + Clean Architecture
  • Mobile: Flutter app with Riverpod state management
  • Web Admin: Next.js dashboard with Zustand + React Query
  • Voice: Python service for voice-based interaction (STT/TTS/VAD)

Services

Service Description
auth-service Authentication, RBAC, API key management
agent-service AI agent orchestration (Claude CLI + API)
inventory-service Server, cluster, credential management
monitor-service Metrics collection, alerting, health checks
ops-service Task execution, approvals, standing orders
comm-service Multi-channel notifications, escalation
audit-service Audit logging, compliance trail
voice-service Voice pipeline (Python)

Quick Start

# Backend
pnpm install
pnpm dev

# Flutter
cd it0_app && flutter pub get && flutter run

# Web Admin
cd it0-web-admin && pnpm install && pnpm dev

Tech Stack

  • Runtime: Node.js 20+, Dart 3.x, Python 3.11+
  • Database: PostgreSQL (schema-per-tenant)
  • Cache/Events: Redis Streams
  • AI: Anthropic Claude (CLI + API)
  • Build: pnpm workspaces + Turborepo