The operator console for free
The problem: every operational system grows an admin surface — somewhere to paste credentials, tune limits, watch the pipeline, and see why something failed. Traditionally that's an internal tool: another deploy, another auth integration, another thing to maintain.
The pattern: the vibe's own App.jsx is the console. The backend does
the work; the frontend renders the backend's status documents and writes its
config documents. Nothing new to deploy, and the door is already locked:
js// access.js — the whole "admin auth integration"
if (!user || !user.isOwner) throw { forbidden: "owner-only" };
The console is just live queries over the operational databases:
- Status chips —
useLiveQueryoveroplog: last tick, lane probes,token-statusprojections (verified account, expiry countdown,NEEDS RE-AUTHin red). Because the backend writes a status doc on every meaningful action, the dashboard is always current — no polling endpoint, no refresh button. - Credential intake — a paste form that writes a
tokendoc into the write-only vault. The form can write it; no browser can read it back. - Config knobs — a
configdoc with the guardrail overrides (rate caps, dedupe windows). The backend reads it each tick; editing the form is deploying the new limits. - The work ledger — the doc state machine
rendered as a table: every request, its status, its
lastError, its permalink when done.
Why this beats an internal tool
- One security model. The console's permissions are the app's permissions — no second SSO, no "admin API" with its own token.
- Live by construction. Fireproof syncs every backend write to the open
dashboard; watching a mention walk
pending-build → built → repliedin real time is the default behavior, not a websocket project. - It travels with the app. Remix the vibe and you get the machine and its console — this is why meta-hub can say "remix this into your own posting system" with a straight face.
- The audit log is the database. Operational history isn't in a logging
SaaS; it's queryable docs, exportable with
npx vibes-diy db query --vibe you/your-hub --db oplog.
The one discipline: keep the console honest about redaction. The dashboard
renders projections the backend writes for it (token-status, probe
results, last4s) — never raw credentials, never unescaped model output. What
the console can display is exactly what the access function lets the owner's
browser sync; design the projections so that's always safe.