feat: UI enhancements — hero_ui_dashboard compliance, hero_auth integration, Playwright E2E tests, CI #3

Merged

timur merged 12 commits from development_ui_enhancements into development 2026-02-11 07:19:23 +00:00

Conversation 1 Commits 12 Files changed 80 +3948 -1790

mik-tf commented 2026-02-11 04:20:15 +00:00

Owner

Copy link

Summary

Bring aibroker admin UI to full compliance with hero_ui_dashboard skill, add hero_auth JWT integration, comprehensive test coverage, and proper CI.

Commits

Features

• hero_ui_dashboard alignment — Bootstrap 5.3.3 CDN, dark theme, navbar with SSE status, theme toggle, sidebar cards with icons, tabs with Bootstrap Icons, favicon.svg
• rpc.discover — JSON-RPC method returning OpenRPC spec
• hero_auth integration — HERO_SECRET JWT validation (HS256) + HERO_AUTH_URL OAuth login redirect, dual auth chain (ADMIN_TOKEN then JWT), client-side token management with localStorage

Testing

• Smoke tests — 23 basic + 12 auth mode tests in scripts/smoke-test.sh
• Playwright E2E — 53 tests across 5 spec files (navigation, dashboard, api, rpc, auth) with fixtures for token injection
• Unit tests — JWT validation module with 5 tests (valid token, wrong secret, insufficient scope, multi-scope, bearer extraction)
• Makefile targets — test-smoke, test-smoke-auth, test-e2e, test-e2e-auth, test-full

CI

• New test.yaml — triggers on all branch pushes (branches: ["*"]), runs lint + unit tests + smoke tests (basic + auth)
• Build workflows — scoped to tag pushes only (no longer on branch pushes)
• cargo fmt — fixed pre-existing formatting issues across 19 files

Infrastructure

• Port 3385 registered in hero_ports skill
• .env.example updated with HERO_SECRET and HERO_AUTH_URL
• apikeys.db and test artifacts added to .gitignore

Local Verification

• cargo build --release — clean
• cargo test -p llmbroker — 10/10 pass
• cargo fmt --check — clean
• cargo clippy -p llmbroker — clean
• Smoke tests — 23/23 basic + 12/12 auth
• Playwright — 43/43 basic + 10/10 auth

CI Note

CI test.yaml runs are currently failing in ~2s (infrastructure/runner issue, not code). Same runner image works for existing build.yaml workflows. Will resolve once runner is available.

## Summary Bring aibroker admin UI to full compliance with hero_ui_dashboard skill, add hero_auth JWT integration, comprehensive test coverage, and proper CI. ## Commits ### Features - **hero_ui_dashboard alignment** — Bootstrap 5.3.3 CDN, dark theme, navbar with SSE status, theme toggle, sidebar cards with icons, tabs with Bootstrap Icons, favicon.svg - **rpc.discover** — JSON-RPC method returning OpenRPC spec - **hero_auth integration** — HERO_SECRET JWT validation (HS256) + HERO_AUTH_URL OAuth login redirect, dual auth chain (ADMIN_TOKEN then JWT), client-side token management with localStorage ### Testing - **Smoke tests** — 23 basic + 12 auth mode tests in `scripts/smoke-test.sh` - **Playwright E2E** — 53 tests across 5 spec files (navigation, dashboard, api, rpc, auth) with fixtures for token injection - **Unit tests** — JWT validation module with 5 tests (valid token, wrong secret, insufficient scope, multi-scope, bearer extraction) - **Makefile targets** — `test-smoke`, `test-smoke-auth`, `test-e2e`, `test-e2e-auth`, `test-full` ### CI - **New `test.yaml`** — triggers on all branch pushes (`branches: ["*"]`), runs lint + unit tests + smoke tests (basic + auth) - **Build workflows** — scoped to tag pushes only (no longer on branch pushes) - **cargo fmt** — fixed pre-existing formatting issues across 19 files ### Infrastructure - Port 3385 registered in hero_ports skill - `.env.example` updated with HERO_SECRET and HERO_AUTH_URL - `apikeys.db` and test artifacts added to .gitignore ## Local Verification - `cargo build --release` — clean - `cargo test -p llmbroker` — 10/10 pass - `cargo fmt --check` — clean - `cargo clippy -p llmbroker` — clean - Smoke tests — 23/23 basic + 12/12 auth - Playwright — 43/43 basic + 10/10 auth ## CI Note CI `test.yaml` runs are currently failing in ~2s (infrastructure/runner issue, not code). Same runner image works for existing `build.yaml` workflows. Will resolve once runner is available.

mik-tf added 9 commits 2026-02-11 04:20:15 +00:00

compliance: register port 3385, remove dotenvy, fix build_lib header ... ecb045fad9

- Register aibroker at port 3385 in hero_ports (was unregistered 3751)
- Remove dotenvy crate (env_secrets: use source ~/.config/env.sh)
- Fix build_lib.sh header (was hero_redis copy-paste)
- Fix .env.example: HOST=127.0.0.1, PORT=3385 (was 0.0.0.0:8080)
- Remove --env-file .env from docker-run target
- Update openrpc.json server URL to port 3385

feat: add rpc.discover JSON-RPC method ... f75a690c1a

- Add rpc.discover to RPC dispatcher (returns OpenRPC spec)
- Add rpc.discover method to openrpc.json spec
- Enables automatic service discovery (heroindex pattern)

feat: hero_ui_dashboard alignment — Bootstrap 5.3.3, theme toggle, auth, SSE ... 40d2e16a76

- Bootstrap 5.3.3 + Bootstrap Icons 1.11.3 CDN
- Flat navbar (bg-body-tertiary border-bottom), no gradient/!important
- Dark/light theme toggle with localStorage and iframe sync
- Status dots (.status-ok/.status-warn/.status-error/.status-off)
- Tab IDs: tab-chat, tab-models, tab-mcp, tab-apikeys, tab-metrics, tab-logs, tab-apidocs
- Sidebar cards: card mb-3 with card-header/card-body
- Tab content wrapper: border border-top-0 rounded-bottom p-3
- Compact sizing (0.85rem)
- Removed all hardcoded bg-dark/text-white/border-secondary from templates
- CSS variables (var(--bs-*)) instead of hardcoded colors
- Admin auth middleware (ADMIN_TOKEN bearer check, optional)
- SSE endpoint at /api/events (replaces 10s polling)
- Broadcast channel for server-sent events
- Auth token in rpcCall headers from localStorage

test: add smoke tests and CI smoke test step ... 71fe04605e

- scripts/smoke-test.sh: comprehensive smoke test suite
  - Basic mode: health, openrpc, admin HTML, RPC methods, SSE, OpenAI models, 404
  - Auth mode: token validation, 401/403 checks, public vs admin routes
- CI: add smoke test step after build (start server, run tests, cleanup)

fix: align admin UI with hero_ui_dashboard skill ... b4278c1392

- Navbar: bi-diagram-3 brand icon, SSE dot+text, .vr dividers, logout btn
- Favicon: SVG file with diagram-3 icon on blue background, served before auth
- Tabs: <button> with data-bs-target (not <a> with href), Bootstrap Icons
- Sidebar cards: d-flex headers with icons and refresh button
- Container: py-4 (not p-2)
- Status CSS: custom --status-ok/warn/error root vars
- Theme: aibroker_theme localStorage key, updateThemeIcon(), d-none default
- Compact sizing: all form-control, form-select, btn, table rules
- JS tab handler: uses data-bs-target, stops logs on tab switch
- Smoke tests: favicon route tests (23 total)

feat: add hero_auth integration (HERO_SECRET JWT + HERO_AUTH_URL OAuth) ... 16a69e4b01

Backend:
- Add jsonwebtoken v9 dependency for HS256 JWT validation
- New auth.rs module: Claims, AuthError, validate_admin_token(), extract_bearer_token()
- Dual auth chain in admin_auth middleware: ADMIN_TOKEN (simple) then HERO_SECRET (JWT)
- Config loads HERO_SECRET and HERO_AUTH_URL from env vars
- Dashboard HTML (/) served without auth so JS can handle login redirects
- Only /rpc and /api/events remain auth-protected
- IndexTemplate passes hero_auth_url to Askama template

Frontend (base.html):
- HERO_AUTH_URL injected via Askama template variable in <head>
- Early auth init (IIFE before DOMContentLoaded): OAuth callback, localStorage, redirect
- handleAuthError() clears token and redirects to hero_auth on 401/403
- Redirect loop prevention via authRedirectInProgress flag
- Logout button wired: clear localStorage + redirect with ?logout=true
- rpcCall() checks auth before request, handles auth errors in response
- Token expiry tracking via aibroker_token_expiry localStorage key

Tests:
- 5 unit tests in auth.rs (valid token, wrong secret, insufficient scope, multi-scope, extract bearer)
- Smoke tests updated: dashboard no-auth 200, RPC auth checks, favicon no-auth
- 23/23 basic mode, 12/12 auth mode

test: add Playwright E2E tests and CI test workflow ... 4fa588bcf2

- Add 5 Playwright test files: navigation, dashboard, api, rpc, auth
- 43 tests (basic mode) + 10 tests (auth mode) = 53 total
- Add fixtures.ts with localStorage token injection
- Create test.yaml CI workflow (triggers on all branch pushes)
- Update build workflows to trigger only on tags (not branches)
- Add Makefile targets: test-smoke, test-smoke-auth, test-e2e, test-e2e-auth, test-full
- Add apikeys.db and e2e artifacts to .gitignore

style: cargo fmt — fix pre-existing formatting issues fd35495817

ci: scope clippy to llmbroker, allow pre-existing lint warnings 8a878dbdef

mik-tf added 1 commit 2026-02-11 04:45:37 +00:00

Rename llmbroker to aibroker per naming convention skill ... 1dd5f7dc6d

- Rename crates/llmbroker/ to crates/aibroker/
- Rename crates/llmbroker-cli/ to crates/aibroker_cli/ (snake_case)
- Update all Cargo.toml package/bin/dep names
- Update use statements, struct names, string literals
- Rename LlmBrokerExtension to AiBrokerExtension, x_llmbroker to x_aibroker
- Update buildenv.sh BINARIES, Makefile, CI workflows
- Rewrite README with current state (port 3385, hero_auth, make targets)
- Remove redundant build.yaml (replaced by test.yaml)
- Merge fmt/lint into single target per makefile_helper skill
- Rename rundev to dev per makefile_helper skill
- Update all docs/*.md references
- Fix workspace repo URL to forge.ourworld.tf

mik-tf added 1 commit 2026-02-11 05:03:40 +00:00

fix: dashboard auth, SSE, logout, theme toggle (hero_auth parity) ... 1f3ccc93ea

- Add query param token support to admin_auth middleware (EventSource
  cannot set Authorization headers, needs ?token= for SSE)
- Fix base.html JS: proper initAuth() with OAuth hash callback,
  localStorage persistence, token expiry handling
- Wire up logout button (clears token, redirects to hero_auth)
- Wire up theme toggle (localStorage persistence, parent frame sync)
- Fix SSE: use onopen handler, pass token via query param
- Add handleAuthError() to redirect to hero_auth on 401/403

mik-tf added 1 commit 2026-02-11 05:11:15 +00:00

fix: dashboard auth flow per hero_ui_dashboard skill ... 59cd8cceed

- Early auth IIFE: check token before DOMContentLoaded, hide page and
  redirect to hero_auth immediately when no token (prevents flash)
- Handle 401 vs 403 separately: 401 clears token silently (no redirect
  from background polls), 403 redirects once then shows Access Denied
- Add sessionStorage scope retry tracking to prevent infinite 403 loop
- Add Auth navbar link (bi-shield-lock) when HERO_AUTH_URL is configured
- Extract clearAuthToken() and redirectToLogin() helpers
- Skip SSE init when no token available

mik-tf force-pushed development_ui_enhancements from 59cd8cceed to 445e35eb17 2026-02-11 05:11:52 +00:00 Compare

timur merged commit 7fb9e0f027 into development 2026-02-11 07:19:23 +00:00

timur referenced this pull request from a commit 2026-02-11 07:19:25 +00:00

Merge pull request 'feat: UI enhancements — hero_ui_dashboard compliance, hero_auth integration, Playwright E2E tests, CI' (#3) from development_ui_enhancements into development

timur referenced this pull request from a commit 2026-02-11 07:24:12 +00:00

revert 7fb9e0f02798c360d76a4dae8b7bfe6c66cc0074

timur referenced this pull request 2026-02-11 07:34:40 +00:00

feat: UI enhancements — hero_ui_dashboard compliance, hero_auth integration, Playwright E2E tests, CI #4

timur commented 2026-02-11 07:35:03 +00:00

Owner

Copy link

was accidentally merged, opened this instead:

geomind_code/aibroker#4

was accidentally merged, opened this instead: https://forge.ourworld.tf/geomind_code/aibroker/pulls/4

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/hero_aibroker!3

No description provided.