Read-only Fro Bot monitoring dashboard. Surfaces live cross-repo status (open PRs + CI state, failing checks, open issues, security alerts) for Fro Bot's collaborator repos and Agent App installations, plus an authenticated single-operator control surface. Installs as a PWA.
- Server — Hono +
@hono/node-serveron Node 24 native TypeScript (strip-only, no backend build step). Serves the API, GitHub OAuth, and the built client. - Client — Vite + React 19 + Tailwind CSS v4, shipped as an installable PWA (vite-plugin-pwa + Workbox).
- pnpm, Vitest.
pnpm bootstrap # install deps
pnpm build:web # build the client bundle into web/dist
pnpm dev # start the server with --watchpnpm dev serves the prebuilt client from web/dist, so run pnpm build:web first (or after
client changes). The test suite rebuilds the client automatically via pretest.
GET /— operator PWA shell (requires a valid operator session).GET /api/healthz— public health check; returns{ ok, lastFetch, rateLimit }.GET /api/monitoring— minimized monitoring snapshot for the client (authenticated).GET /api/status— full internal snapshot (authenticated).GET /auth/login·GET /auth/callback·POST /auth/logout— GitHub OAuth session flow./manifest.webmanifest,/sw.js— PWA manifest and service worker.
Access is single-operator: GitHub OAuth authenticates the request and an exact, case-sensitive login allowlist gates every non-public route. Sessions are HttpOnly, Secure, SameSite=Lax signed cookies; logout is CSRF-protected.
The dashboard mints each GitHub App installation token with an explicit read-only permissions
subset (pull_requests/checks/issues/contents/metadata:read, with
security_events/vulnerability_alerts:read optional). It is read-only by construction — there
is no write code path.
Redaction is enforced from metadata/repos.yaml on the fro-bot/.github data branch:
denylisted repos are excluded before any per-repo query, and the app fails closed if that read
fails. The App private key and cookie key are never committed (*.pem/*.key are gitignored
in-repo).
pnpm check-types # type check server + client
pnpm lint # lint
pnpm test # build client, then run testsDockerfile builds the client in a builder stage and runs node src/server.ts against a
production-only dependency install.
Part of the Fro Bot ecosystem