Vibes DIY
Vibes DIY / Docs
creator docs · pattern

The operator console for free

The problem: every operational system grows an admin surface — somewhere to paste credentials, tune limits, watch the pipeline, and see why something failed. Traditionally that's an internal tool: another deploy, another auth integration, another thing to maintain.

The pattern: the vibe's own App.jsx is the console. The backend does the work; the frontend renders the backend's status documents and writes its config documents. Nothing new to deploy, and the door is already locked:

js// access.js — the whole "admin auth integration"
if (!user || !user.isOwner) throw { forbidden: "owner-only" };

The console is just live queries over the operational databases:

  • Status chipsuseLiveQuery over oplog: last tick, lane probes, token-status projections (verified account, expiry countdown, NEEDS RE-AUTH in red). Because the backend writes a status doc on every meaningful action, the dashboard is always current — no polling endpoint, no refresh button.
  • Credential intake — a paste form that writes a token doc into the write-only vault. The form can write it; no browser can read it back.
  • Config knobs — a config doc with the guardrail overrides (rate caps, dedupe windows). The backend reads it each tick; editing the form is deploying the new limits.
  • The work ledger — the doc state machine rendered as a table: every request, its status, its lastError, its permalink when done.

Why this beats an internal tool

  • One security model. The console's permissions are the app's permissions — no second SSO, no "admin API" with its own token.
  • Live by construction. Fireproof syncs every backend write to the open dashboard; watching a mention walk pending-build → built → replied in real time is the default behavior, not a websocket project.
  • It travels with the app. Remix the vibe and you get the machine and its console — this is why meta-hub can say "remix this into your own posting system" with a straight face.
  • The audit log is the database. Operational history isn't in a logging SaaS; it's queryable docs, exportable with npx vibes-diy db query --vibe you/your-hub --db oplog.

The one discipline: keep the console honest about redaction. The dashboard renders projections the backend writes for it (token-status, probe results, last4s) — never raw credentials, never unescaped model output. What the console can display is exactly what the access function lets the owner's browser sync; design the projections so that's always safe.