Skip to content

fro-bot/dashboard

Repository files navigation

dashboard Banner

@fro-bot/dashboard

Command center for Fro Bot operations.

Build Status OpenSSF Scorecard Node

Overview · Quick Start · Usage · Configuration · Development


Overview

Read-only Fro Bot monitoring dashboard. Surfaces live cross-repo status (open PRs + CI state, failing checks, open issues, security alerts) for Fro Bot's collaborator repos and Agent App installations, plus an authenticated single-operator control surface. Installs as a PWA.

Stack

Quick Start

pnpm bootstrap   # install deps
pnpm build:web   # build the client bundle into web/dist
pnpm dev         # start the server with --watch

pnpm dev serves the prebuilt client from web/dist, so run pnpm build:web first (or after client changes). The test suite rebuilds the client automatically via pretest.

Usage

Endpoints

  • GET / — operator PWA shell (requires a valid operator session).
  • GET /api/healthz — public health check; returns { ok, lastFetch, rateLimit }.
  • GET /api/monitoring — minimized monitoring snapshot for the client (authenticated).
  • GET /api/status — full internal snapshot (authenticated).
  • GET /auth/login · GET /auth/callback · POST /auth/logout — GitHub OAuth session flow.
  • /manifest.webmanifest, /sw.js — PWA manifest and service worker.

Configuration

Access is single-operator: GitHub OAuth authenticates the request and an exact, case-sensitive login allowlist gates every non-public route. Sessions are HttpOnly, Secure, SameSite=Lax signed cookies; logout is CSRF-protected.

The dashboard mints each GitHub App installation token with an explicit read-only permissions subset (pull_requests/checks/issues/contents/metadata:read, with security_events/vulnerability_alerts:read optional). It is read-only by construction — there is no write code path.

Redaction is enforced from metadata/repos.yaml on the fro-bot/.github data branch: denylisted repos are excluded before any per-repo query, and the app fails closed if that read fails. The App private key and cookie key are never committed (*.pem/*.key are gitignored in-repo).

Development

pnpm check-types # type check server + client
pnpm lint        # lint
pnpm test        # build client, then run tests

Dockerfile builds the client in a builder stage and runs node src/server.ts against a production-only dependency install.


Part of the Fro Bot ecosystem

About

No description, website, or topics provided.

Resources

Security policy

Stars

1 star

Watchers

0 watching

Forks

Packages

 
 
 

Contributors