AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/app/web/templates/admin_user_detail.html
ZdenekSrotyr 1b0329e8c5
UI design system unification — one stylesheet, canonical primitives, nav fix (#284) 
* docs(plan): design-system unification plan (post-review revisions)

Plan covers consolidating two CSS files into one, introducing
canonical primitives (.btn family, .search-input, .filter-bar,
.page-header, .data-table, .empty-state, .toast, .stat-card,
.tab-strip), unifying the top-nav Admin trigger with sibling
links, and migrating 41 templates that today carry inline
<style> blocks.

Post-review revisions: nav fix moved to first commit (user
complaint lands first); sticky-header and dark-mode skeleton
tasks dropped (defer to follow-up PRs); contract test class
detection tokenizes class="..." attributes properly; baseline
screenshot loop added to Task 0; vendor-token grep widened.

* fix(nav): unify Admin trigger with sibling nav links

The top-nav Admin entry is a <button class="app-nav-link
app-nav-menu-trigger">, siblings are <a class="app-nav-link">.
.app-nav-menu-trigger used to override .app-nav-link with
"color: inherit; font: inherit", resetting font-size from 13px
back to body default and color from --text-secondary to body
color. Active state diverged too: .is-active on links used
--primary blue, [aria-expanded=true] on the button used
--border-light grey.

Fix: expand .app-nav-link so it covers <button>-element resets
(font-family: inherit, border: 0, background: transparent,
cursor: pointer, display: inline-flex for chevron alignment).
Add [aria-expanded="true"] as another active-state selector
so the dropdown's open state highlights identically to .is-active
on links. Delete the now-redundant .app-nav-menu-trigger rules
that stripped button chrome.

Extract the inline <script> from _app_header.html into a new
app/web/static/app.js (loaded by base.html only — base_login.html
has no nav). Sets up window.appUI.wireDropdown for both the user
menu and the Admin dropdown via DOMContentLoaded.

* style(css): consolidate style.css into style-custom.css + add cache-bust

One stylesheet for the whole web UI:
- style.css (1086 lines, legacy Google-inspired tokens + components)
  absorbed into style-custom.css under a labeled block, placed after
  the modern :root + body so style-custom's component rules continue
  to override the legacy ones (preserves the original cascade order
  that came from loading style.css first).
- style.css deleted; <link> dropped from base.html + base_login.html.
- static_url() now appends ?v=<mtime> to /static/<path>. Cheap
  per-request os.stat — auto-invalidates browser + proxy caches on
  redeploy without operator intervention. Mtime survives across
  uvicorn restarts as long as the file content is unchanged.

Legacy classes (.btn, .card, .login-*, .badge, .code-block, .flash,
.form-group, .username-box, .btn-copy, .auth-tabs, .divider, etc.)
still render — they live in style-custom.css now. Login pages,
error page, password setup, and the dashboard's Claude Code Setup
card all kept working in browser smoke.

* test(design): contract test for design-system invariants

7 structural invariants enforced from this commit onwards:
- style.css must stay deleted
- no template links style.css via static_url
- exactly one bare :root block in style-custom.css
- canonical primitives declared (.btn, .btn-primary, .search-input,
  .filter-bar, .page-header, .data-table, .empty-state, .toast, …)
- no deprecated class names in templates (.users-table, .gp-table,
  .marketplaces-table, .audit-table, .users-search, .marketplaces-search,
  .modal-btn, .btn-primary-v2, …)
- app.js loaded by base.html, NOT by base_login.html
- 3 helper-level unit tests for the class-attribute tokenizer
  (multi-line attrs, Jinja-conditional fragments, false-positive prose)

Two of the assertions intentionally start FAILING after this commit
(missing primitives + legacy class refs in 7 admin templates) and
will turn green as Tasks 4–7 add primitives and Tasks 8–15 migrate
the templates.

* feat(css): canonical button family + legacy token aliases

Adds at top of :root: legacy token aliases (--bg, --card-bg, --text,
--text-light, --secondary, --radius) pointing at modern equivalents.
Absorbed style.css rules referenced these names; without aliases
they fell back to 'unset'. Aliases live until Task 16 alongside
their absorbed rules.

Appends canonical .btn variants at end of file (last cascade):
  .btn-primary + .btn-primary-v2 + .modal-btn.primary (alias group)
  .btn-secondary + .btn-secondary-v2 + .modal-btn:not(.primary):not(.danger)
  .btn-ghost + .btn-ghost-v2
  .btn-danger + .modal-btn.danger
  .btn-lg
  .btn:disabled + .btn:focus-visible (focus ring via --focus-ring)

Existing absorbed .btn, .btn-primary, .btn-secondary, .btn-sm rules
remain — the canonical block adds the missing variants + selector-list
aliases so .modal-btn and v2 markup keep rendering until migration
tasks swap them out.

Contract test: .btn-danger now declared (one less missing primitive).
Browser smoke: /admin/tokens hero + filter pills + empty state render
correctly with the absorbed style.css rules now backed by real tokens.

* feat(css): form-control primitives — .search-input + .filter-bar + .filter-pill + .form-input

Canonical filter bar shape: 36px-height inputs (matches button height
for vertical rhythm), 28px pills with .is-active state, consistent
focus ring via --focus-ring token.

Selector-list aliases for legacy per-page classes:
- .users-search / .marketplaces-search / .kb-search → .search-input
- .filters-card → .filter-bar
- .pill[aria-pressed="true"] also matches the .filter-pill active state

.form-input added as a sibling of .search-input for forms — same
baseline height + radius + focus treatment, with textarea.form-input
auto-sizing to min 96px and using the mono font (matches CSV/SQL
pasted-snippet patterns on /admin/agent-prompt + /admin/workspace-prompt).

Contract test: .search-input + .filter-bar + .filter-pill now declared.

* feat(css): .page-header primitive + variants + .tab-strip

Canonical page-header pattern with title (22px) + optional subtitle +
optional eyebrow + right-aligned actions slot. Two modifiers:
- .page-header--hero: gradient background (primary→primary-dark),
  28px white title, semi-transparent subtitle/eyebrow. For
  /marketplace, /store, /profile-style pages that already use this
  layout via per-page inline <style>. Migration tasks delete the
  duplicated rules.
- .page-header--compact: 18px title for dense admin index pages.

.tab-strip + .tab-strip__item — the secondary tab row pattern used by
/marketplace?tab=flea and similar. .is-active / [aria-selected=true]
both flip the active treatment (primary color + bottom border).

Contract test: .page-header / __title / __subtitle / __actions all
now declared (4 fewer missing primitives).

* feat(css+js): .data-table + .empty-state + .toast + .stat-card primitives

Last primitive batch. All 8 canonical-primitives invariants in
test_design_system_contract.py now green; only the template-migration
test fails (expected — Tasks 8–15).

.data-table (+ --compact modifier): selector-list aliases for legacy
per-page table classes (.users-table, .gp-table, .marketplaces-table,
.audit-table) so existing markup keeps rendering until migration.
Compact modifier shrinks padding + font for dense lists (audit log).

.empty-state with __icon / __title / __description / __actions —
replaces the ad-hoc 'no results' rendering scattered across pages
(corporate_memory, admin_users, admin_marketplaces, etc.).

.toast / .toast-container — paired with window.appToast({kind, msg,
timeout}) appended to app.js. Bottom-right stacked, click-to-dismiss,
auto-dismiss after 4s by default. Kind 'success' / 'warning' / 'error'
/ 'info' shows a 3px colored left border.

.stat-card (+ --accent variant) + .stat-row grid — for the dashboard
metric tile row.

* style(templates): migrate 8 templates off deprecated class names

Mechanical class-attribute rewrite via tokenizer (preserves Jinja
conditionals + multi-line attrs):

  modal-btn primary    -> btn btn-primary
  modal-btn danger     -> btn btn-danger
  modal-btn            -> btn btn-secondary
  users-table          -> data-table
  gp-table             -> data-table
  marketplaces-table   -> data-table
  audit-table          -> data-table
  users-search         -> search-input
  marketplaces-search  -> search-input

8 templates touched: admin_groups, admin_marketplaces, admin_tokens,
admin_users, admin_welcome, admin_workspace_prompt, my_tokens,
corporate_memory_admin. 43 lines updated total.

Inline <style> blocks in these templates still define rules for the
old class names — those rules no longer match anything and become
dead code, removed in Task 16's alias cleanup along with the
selector-list aliases in style-custom.css.

Contract test (tests/test_design_system_contract.py) now fully green:
9/9 invariants enforced from this commit onward.

* feat(css): extend .data-table selector list to 13 more bespoke -table classes

Visual unification of remaining tables across the codebase without
per-template edits. The .data-table baseline rules (uppercase header
tracking, 12px padding, hover state, border-radius) now apply to:

  .ad-table / .ea-table / .md-table / .members-table /
  .obs-table / .overview-stats-table / .registry-table /
  .sample-table / .sched-table / .sess-table / .sub-table /
  .subs-table / .ud-table

These class names live in 12 templates (activity_center, admin_access,
admin_group_detail, admin_scheduler_runs, admin_sessions,
admin_store_submissions, admin_tables, admin_usage, admin_user_detail,
catalog, me_debug, profile_sessions) that have their own per-page
<style> blocks. Per-page rules with higher specificity still win for
their custom needs (column widths, etc.) — this commit only sets a
shared baseline so every table renders with the same chrome.

Contract test stays green: 9/9 invariants enforced.

* style(css): remove now-unused legacy class aliases

Phase A renamed 8 templates off these names; no markup references
them any more, so the selector-list memberships are dead weight.
Removed from style-custom.css:

  .btn-primary-v2 / .btn-secondary-v2 / .btn-ghost-v2
  .modal-btn / .modal-btn.primary / .modal-btn.danger /
  .modal-btn:not(.primary):not(.danger)
  .users-search / .marketplaces-search / .kb-search
  .users-table / .gp-table / .marketplaces-table / .audit-table
  .filters-card

37 lines smaller. Contract test catches any reintroduction.

KEPT aliases (still in untouched template markup):
- .pill (marketplace_plugin_detail.html, marketplace.html — these
  pages weren't part of Phase A's deprecated-class sweep; their
  own .pill CSS rules still apply)
- All .data-table family extensions (.ad-table, .ea-table, .md-table,
  .members-table, .obs-table, .overview-stats-table, .registry-table,
  .sample-table, .sched-table, .sess-table, .sub-table, .subs-table,
  .ud-table) — these still render data tables in 12 templates;
  selector-list aliasing keeps them visually unified with .data-table
  baseline.
- Legacy token aliases (--bg / --text / --text-light / --secondary /
  --card-bg / --radius) — still resolve absorbed style.css rules.

Templates' inline <style> blocks still contain dead rules for the
renamed classes (.users-search, .modal-btn, etc.); harmless but
bloat. Optional follow-up: a separate sweep can drop those.

* docs(changelog): design-system unification under [Unreleased]

* feat(css): unify page-shell width — .container baseline 1280px + modifiers

Inventory found 30+ unique max-width values across templates (280px
login → 1600px admin/tables). The legacy .container default was 800px,
which made every admin page set its own wider inline override —
30+ ad-hoc widths drifted as a result.

Canonical: .container max-width = var(--width-app) (1280px). Pages
that need a different shape opt in via modifiers:

  .container--narrow → var(--width-narrow)  (800px) — long-form text,
                                                     setup wizards
  .container--wide   → var(--width-wide)    (1400px) — admin lists,
                                                     marketplace grids
  .container--full   → max-width: none — hero / landing

Pages that already set a NARROWER inline max-width (setup, login flows
inside .login-card, etc.) still render at their narrower size — the
inline override beats the new canonical 1280px. The visible change
hits the ~20 admin pages currently rendering at 800px via the legacy
default, which jump to 1280px and pick up consistent breathing room.

Spacing also normalized: padding 24px 20px → var(--space-6) var(--space-5).

* fix(home+catalog): gut dashboard sections + remove confusing toggle + fix table count

Dashboard /home cleanup:
- Remove 'Your Data' card — Data Packages is already a top-nav entry,
  so duplicating data sources on the landing page just adds noise.
- Remove 'Account' card — group memberships + scripts + last sync
  belong on /profile, not on the welcome screen.
- Remove entire right-column (Corporate Memory + Activity Center
  widgets) — both surfaces have dedicated admin pages reachable from
  the Admin dropdown.
- Keep stats row (Tables/Columns/Rows/Data Size/Unstructured),
  env-setup-CTA, and Notifications card.

/catalog cleanup:
- Strip the 'Always included' badge + the locked toggle-switch from
  Core Business Data and Business Metrics cards. The toggle was
  always 'checked disabled' — it visually looked like a switch but
  could not be toggled, which was confusing. The 'Always included'
  copy itself was redundant once the toggle was gone. Agnes Internal
  already rendered without these, so the three cards are now visually
  consistent.

Catalog data_stats fix:
- 'total_tables' was len(sync_state) — counted only tables that had
  ever synced, so a 30-row table_registry with 0 ever synced rendered
  as '0 tables'. Switched to len(tables) — the registered
  business-data table list — so the count reflects what's actually
  available, not what's been touched.

* fix(home): real stat numbers + drop unstructured tile + cleanup dead CSS

Dashboard stats were hardcoded zeros (columns: 0, size_display:
'0 MB', unstructured_display: '0 MB') and the table counter pulled
from sync_state (synced) instead of table_registry (registered).
On a fresh deployment with 30 registered tables and 0 ever synced,
the page rendered '0 / 0 / 0 / 0 MB / 0 MB' — useless.

Now:
- Tables: COUNT(*) FROM table_registry WHERE source_type != 'internal'.
  Matches the /catalog Core Business Data counter.
- Columns: SUM(sync_state.columns). Zero only when nothing's synced yet.
- Rows: unchanged (SUM(sync_state.rows), already correct).
- Data Size: SUM(sync_state.file_size_bytes), human-formatted via
  inline _fmt_bytes helper (KB/MB/GB).
- Unstructured: tile dropped — was always '0 MB' and had no source.
- last_updated: now derived from sync_state max(last_sync), wasn't set
  before so the 'Synced …' tag never rendered.

Dashboard.html cleanup: ~725 lines of orphan inline <style> removed —
.section-title, .data-source*, .toggle-switch*, .catalog-cta*,
.memory-card / .memory-stat / .memory-description / .memory-footer
/ .btn-memory, .activity-card / .activity-stat / .activity-text
/ .btn-activity, .account-grid / .account-row / .account-scripts
/ .badge-role / .badge-group / .cron-line, .badge-included /
.badge-beta / .badge-demo. All matched markup deleted in the
previous commit; the CSS was dead code until now.

* ui(catalog): rename page heading 'Data Catalog' → 'Data Packages'

The top-nav entry says 'Data Packages' but the page itself said
'Data Catalog' — confusing two-name product. Aligns the heading and
<title> with the nav label. Subtitle trimmed too: 'manage your
subscriptions' was a vestige of the toggle UI that just got removed,
replaced with a one-liner describing what the page is for.

Two other 'Data Catalog' strings stay: they live inside the table-
profiler overlay JS and refer to an EXTERNAL catalog system (e.g.
OpenMetadata / Atlan) that an operator may link to per table — that
is a generic term for any external data-catalog product, not our
page name.

* fix(nav): dropdown clicks always work + mutual-exclusion close

Two bugs in the wireDropdown helper:

1. Clicking trigger B while trigger A's menu was open left both open.
   e.stopPropagation() in trigger.click prevented the document-click
   handler from firing, so trigger A's open menu had no way to learn
   that something else was clicked. Net effect: state diverged across
   the two dropdowns the more you clicked.

2. The target-vs-trigger equality check (e.target !== trigger) was
   strict. Clicking the chevron <svg> inside the button reports the
   svg or its <path> child as e.target — not the button — so removing
   stopPropagation alone would trip the close branch in the same
   click that just opened the panel.

Fix both at once: drop e.stopPropagation() AND switch the doc-handler
guard to trigger.contains(e.target). Now any click outside both the
trigger subtree and the panel subtree closes; any click on another
trigger closes via the OTHER dropdown's doc handler; clicks inside
the trigger (button OR svg child) are fully ignored by the doc
handler and only the trigger's own toggle handler fires.

* feat(ui): canonical blue-gradient hero on every admin page

The UI had a per-page hero pattern on ~10 onboarding/marketing pages
(admin_tokens / profile / install / setup_advanced / marketplace /
my_tokens / store_upload / home_*), each with its own ad-hoc CSS
(.tokens-hero, .profile-hero, .install-hero, .upload-hero, …). The
admin section's index + detail pages had plain H1/H2 with their own
.users-title / .gp-title / .obs-title / .cfg-title / … inline styling.
Net effect: half the app felt like a product, half felt like a
spreadsheet.

Now:
- .page-header--hero CSS upgraded to match the look analysts already
  liked from admin_tokens: 28px/32px/24px padding, 14px radius, soft
  primary-tinted box-shadow (0 4px 16px rgba(0,115,209,0.2)), 28px
  semibold title, optional uppercase eyebrow + 13.5px subtitle.
  Narrow-viewport breakpoint included.
- New _page_hero.html partial wraps the boilerplate. Usage:
    {% set page_hero_eyebrow  = "Users & Access" %}
    {% set page_hero_title    = "Users" %}
    {% set page_hero_subtitle = "…" %}
    {% include "_page_hero.html" %}
- 15 admin templates migrated to it: admin_users / admin_groups /
  admin_marketplaces / admin_access / admin_sessions /
  admin_session_detail / admin_store_submissions /
  admin_scheduler_runs / admin_usage / admin_user_detail /
  admin_welcome / admin_workspace_prompt / admin_server_config /
  activity_center / admin/news_editor. Each gets a grouped eyebrow
  (Users & Access / Data / Agent Experience / Activity Center /
  Server) matching the Admin dropdown sections so the page identity
  is unambiguous at a glance.

Legacy *-title H2/H1 + adjacent subtitle paragraphs deleted; their
per-page CSS rules are dead now (harmless, retire in a follow-up
sweep alongside other inline-style cleanup the reviewers flagged).

admin_tables.html intentionally NOT migrated — it's a standalone
HTML page that doesn't extend base.html; a separate refactor.

Test: test_admin_users_page_renders_for_admin assertion updated
from .users-title to .page-header__title + .page-header--hero (the
canonical pair). All other web/template tests stay green.

* refactor(ui): dedup _humanbytes, drop 267 lines of dead inline CSS

(1) _humanbytes consolidation:
- Add TB branch + optional precision param (default 2 preserves existing
  Store detail callers; dashboard uses precision=1 for headline tiles).
- Delete inline _fmt_bytes from dashboard handler — was a copy of
  _humanbytes with different rounding. One canonical helper now.

(2) Dead inline-CSS sweep across 17 migrated templates:
- Conservative regex: a CSS rule is deleted only when its primary class
  matches one of the known-dead names AND that name is NOT referenced
  from any class= attribute in the same file's markup.
- Per-file 'in-use' guard saved several false positives that the deny
  list would have nuked (e.g. .users-toolbar, .gp-search, .obs-subtitle,
  .marketplaces-toolbar are still in use; only .users-table, .users-search,
  .users-title, .modal-btn, etc. that have NO markup left went away).
- Removed: -267 lines across admin_users (-42), admin_marketplaces (-45),
  admin_groups (-31), my_tokens (-38), admin_tokens (-29), admin_access
  (-9), admin_user_detail (-6), admin_welcome (-8), admin_workspace_prompt
  (-8), admin_server_config (-2), admin_sessions (-1), admin_session_detail
  (-1), admin_usage (-1), admin_store_submissions (-3), admin_scheduler_runs
  (-3), activity_center (-4), corporate_memory_admin (-36).

Contract test stays green (9/9); all web/template/render/user_management
tests pass.

* feat(ui): canonical hero on /catalog (Data Packages)

Same .page-header--hero treatment as the admin pages — Data eyebrow,
Data Packages title, Browse-the-data-sources subtitle. Removes the
ad-hoc .page-title block (h1 / p / wrapper-div) and its CSS rules
(now dead, 3 rule blocks deleted).

* fix(nav): load app.js from _app_header.html — works on standalone pages

The previous nav-fix commit moved the inline dropdown script from
_app_header.html into app/web/static/app.js + added <script src=…>
to base.html. That broke EVERY page that includes _app_header.html
WITHOUT extending base.html (catalog, corporate_memory*,
admin_tables, install). They got the nav markup but no JS → both
Admin and AD dropdowns dead on those pages.

Fix: emit the <script src=app.js defer> directly inside the
_app_header.html partial. Any page that includes the header now
gets the script automatically — base.html-extenders AND standalone
HTML pages alike. base.html's duplicate <script> line removed.

Also fixes the wide-hero on /catalog: .page-header--hero now sets
its own max-width: var(--width-app) (1280px) so standalone pages
without a .container parent don't render the gradient edge-to-edge.
catalog's .source-cards bumped from 900px → 1280px to match the
hero, otherwise the page reads two-tier (wide blue band, narrow
content) which the user flagged.

Verified locally via agent-browser: Admin + AD dropdowns now click
through on /catalog, /admin/tables, /corporate-memory.

* docs(plan): standalone pages → base.html framework migration plan

Plan + Plan-agent review (8 must-fix items applied) for converting
the 5 templates that ship their own <html><head><body> scaffold
(catalog, install, corporate_memory, corporate_memory_admin,
admin_tables) to extend base.html. Root cause of yesterday's
'dropdown dead on /catalog' regression: shared infrastructure in
base.html doesn't propagate to standalones.

* feat(base): body_attrs block + migrate install.html to extend base

base.html: new {% block body_attrs %}{% endblock %} slot so pages
that need <body> attributes (admin_tables has data-source-type)
can carry them through extends.

install.html: convert from standalone <html><head><body> scaffold
to {% extends "base.html" %} with title / body_attrs / head_extra
/ layout / scripts blocks. Drops:
- <!DOCTYPE>, <html>, </html>, <head>, </head>
- <meta charset>, <meta viewport>
- Duplicate <link rel="stylesheet" href="...style-custom.css">
  (base.html already provides one)
- <body> opening + closing tags
- Leading _app_header.html include + _version_badge.html include
  (base.html handles both)

Preserves per-page CSS (in head_extra), per-page JS (in scripts),
the Inter font preconnect (kept inline; not hoisted to base in
this PR — separate decision).

Pilots the migration recipe before the 4 larger pages.

* refactor(memory): extend base.html

Same recipe as install.html. corporate_memory.html now inherits
<html>/<head>/<body> + nav + app.js script tag from base.html.
Page-specific CSS and JS preserved in head_extra + scripts blocks.

* refactor(memory-admin): extend base.html

Same recipe as install/corporate_memory. Curation page now in the
shared rendering pipeline.

* refactor(catalog): extend base.html

catalog.html had the most complexity: 7 head-level assets (chart.js,
Prism, prism-sql, metric_modal.css link + 2 preconnects + Inter
stylesheet), 5 body-level <script> blocks including a <script type=
"module"> for the metric modal, 2 duplicate style-custom.css links
in <head>. The migration script preserved all of them — head-level
externals hoisted to {% block head_extra %} in source order, body
scripts relocated to {% block scripts %} in source order (so chart.js
loads before the IIFE that builds Chart instances), duplicate
style-custom.css links dropped (base.html provides one).

* refactor(admin-tables): extend base.html + carry data-source-type

The biggest of the 5 standalones at 3563 lines. <body data-source-
type="{{ data_source_type }}"> attribute carried through via the
new {% block body_attrs %} slot (admin_tables JS reads
document.body.dataset.sourceType to switch between keboola and
bigquery rendering paths).

* release: 0.54.10 — UI design system unification + homepage status frame + initial workspace override + store guardrails

Co-Authored-By: zdenek.srotyr <zdenek.srotyr@keboola.com>

* refactor(web): migrate remaining templates to canonical design primitives

- admin_group_detail: .data-table, .btn family, appToast(), remove duplicate table/button/toast CSS
- admin_store_submission_detail: .data-table, .btn family, appToast(), remove duplicate btn/toast CSS
- profile_sessions: .data-table, _page_hero.html, remove duplicate table/title CSS
- me_debug: .data-table, .btn family, remove duplicate table/button CSS
- marketplace: .btn-primary/.btn-secondary, remove duplicate button CSS
- store_edit: remove duplicate .btn-primary/.btn-link CSS, canonical button classes
- store_upload: remove duplicate .btn-primary/.btn-secondary/.btn-link CSS

Co-Authored-By: zdenek.srotyr <zdenek.srotyr@keboola.com>

---------

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
2026-05-14 13:28:03 +02:00

848 lines
33 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{% extends "base.html" %}
{% block title %}{{ target_user.email }} — User detail — {{ config.INSTANCE_NAME }}{% endblock %}
{% block content %}
<style>
.container:has(.ud-page) { max-width: none; padding: 24px 16px; }
.ud-page { max-width: 1100px; margin: 0 auto; padding: 0; }
.ud-header {
display: flex; align-items: center; gap: 16px;
margin-bottom: 24px;
}
.ud-back {
display: inline-flex; align-items: center; gap: 6px;
text-decoration: none; color: var(--text-secondary, #6b7280);
font-size: 13px;
}
.ud-back:hover { color: var(--text-primary, #111827); }
.ud-title-block { flex: 1; }
.ud-status-pill {
display: inline-block; padding: 3px 10px; border-radius: 999px;
font-size: 11px; font-weight: 600;
text-transform: uppercase; letter-spacing: 0.5px;
}
.ud-status-pill.active { background: #dcfce7; color: #166534; }
.ud-status-pill.inactive { background: #fee2e2; color: #991b1b; }
.ud-section {
background: var(--surface, #fff);
border: 1px solid var(--border, #e5e7eb);
border-radius: 12px;
margin-bottom: 16px;
overflow: hidden;
}
.ud-section-head {
padding: 14px 18px;
border-bottom: 1px solid var(--border, #e5e7eb);
background: var(--border-light, #f9fafb);
display: flex; align-items: center; justify-content: space-between;
}
.ud-section-head h2 { margin: 0; font-size: 14px; font-weight: 600; }
.ud-section-head .sub { font-size: 11px; color: var(--text-secondary, #6b7280); }
/* Account actions */
.account-grid {
padding: 16px 18px;
display: grid; grid-template-columns: 1fr auto; gap: 12px;
align-items: center;
}
.account-action-btn {
padding: 7px 14px; border-radius: 6px; font-size: 12px;
border: 1px solid var(--border, #e5e7eb); background: var(--surface, #fff);
cursor: pointer;
}
.account-action-btn:hover { background: var(--border-light, #f9fafb); }
.account-action-btn.danger { color: #b91c1c; border-color: #fecaca; }
.account-action-btn.danger:hover { background: #fef2f2; }
/* Memberships table */
.members-table { width: 100%; border-collapse: collapse; font-size: 13px; }
.members-table thead th {
text-align: left; padding: 10px 18px;
background: var(--border-light, #f9fafb);
border-bottom: 1px solid var(--border, #e5e7eb);
font-weight: 600; color: var(--text-secondary, #6b7280);
font-size: 11px; text-transform: uppercase; letter-spacing: 0.4px;
}
.members-table tbody td {
padding: 10px 18px;
border-bottom: 1px solid var(--border-light, #f3f4f6);
}
.members-table tbody tr:last-child td { border-bottom: none; }
.members-table tbody tr:hover { background: var(--border-light, #fafafa); }
/* Source as quiet metadata, not a status pill — group name dominates. */
.source-meta {
font-size: 12px; color: var(--text-secondary, #9ca3af);
font-weight: 400;
}
.source-meta .label { font-style: italic; }
.source-meta .added {
color: var(--text-secondary, #9ca3af);
font-size: 11px; margin-left: 6px;
}
.group-link {
color: var(--text-primary, #111827); font-weight: 500;
text-decoration: none;
}
.group-link:hover { color: var(--primary, #4338ca); text-decoration: underline; }
/* Chip styling for the group cell — same color vocabulary as
/admin/users membership chips. Built as <a> so a click on the
chip lands the admin on the group's detail page. */
.group-chip {
display: inline-block;
padding: 3px 10px; border-radius: 999px;
font-size: 12px; font-weight: 500;
text-decoration: none;
background: #ede9fe; color: #6d28d9; /* default = custom (purple) */
}
.group-chip:hover { filter: brightness(0.97); }
.group-chip.is-admin { background: #fef3c7; color: #92400e; font-weight: 600; }
.group-chip.is-everyone { background: #f3f4f6; color: #4b5563; }
.group-chip.is-google_sync { background: #dcfce7; color: #166534; }
.group-chip.is-custom { background: #ede9fe; color: #6d28d9; }
.add-member-row {
padding: 12px 18px;
background: var(--border-light, #f9fafb);
border-top: 1px solid var(--border-light, #f3f4f6);
display: flex; gap: 8px; align-items: center;
}
.add-member-row select {
flex: 1; padding: 7px 10px;
border: 1px solid var(--border, #e5e7eb); border-radius: 6px;
font-size: 13px; background: var(--surface, #fff);
}
.add-member-row button {
padding: 7px 14px; border-radius: 6px; font-size: 12px; font-weight: 500;
background: var(--primary, #6366f1); color: #fff;
border: 1px solid var(--primary, #6366f1); cursor: pointer;
}
.add-member-row button:disabled { opacity: 0.5; cursor: not-allowed; }
.ud-hint {
margin: 8px 0 0; font-size: 12px;
color: var(--text-secondary, #6b7280);
}
.ud-hint a { color: var(--accent, #2563eb); }
.ud-hint code {
font-family: ui-monospace, Menlo, monospace;
font-size: 11px;
background: var(--border-light, #f3f4f6);
padding: 1px 4px; border-radius: 3px;
}
/* Effective access */
.ea-empty, .ea-loading {
padding: 24px 18px; text-align: center;
color: var(--text-secondary, #6b7280); font-size: 13px;
}
.ea-table { width: 100%; border-collapse: collapse; font-size: 13px; }
.ea-table thead th {
text-align: left; padding: 10px 18px;
background: var(--border-light, #f9fafb);
border-bottom: 1px solid var(--border, #e5e7eb);
font-weight: 600; color: var(--text-secondary, #6b7280);
font-size: 11px; text-transform: uppercase; letter-spacing: 0.4px;
}
.ea-table tbody td {
padding: 10px 18px;
border-bottom: 1px solid var(--border-light, #f3f4f6);
vertical-align: top;
}
.ea-table tbody tr:last-child td { border-bottom: none; }
.ea-rid {
font-family: var(--font-mono, ui-monospace, monospace);
font-size: 12px;
}
.ea-via {
font-size: 11px; color: var(--text-secondary, #6b7280);
}
.ea-via .via-group {
display: inline-block; margin-right: 6px;
padding: 1px 6px; border-radius: 4px;
background: #e0e7ff; color: #3730a3; font-weight: 500;
}
/* Sessions section */
.ud-table { width: 100%; border-collapse: collapse; font-size: 13px; }
.ud-table thead th {
text-align: left; padding: 10px 18px;
background: var(--border-light, #f9fafb);
border-bottom: 1px solid var(--border, #e5e7eb);
font-weight: 600; color: var(--text-secondary, #6b7280);
font-size: 11px; text-transform: uppercase; letter-spacing: 0.4px;
}
.ud-table tbody td {
padding: 10px 18px;
border-bottom: 1px solid var(--border-light, #f3f4f6);
vertical-align: middle;
}
.ud-table tbody tr:last-child td { border-bottom: none; }
.ud-table tbody tr:hover { background: var(--border-light, #fafafa); }
.ud-empty { padding: 24px 18px; text-align: center; color: var(--text-secondary, #6b7280); font-size: 13px; }
.ud-pagination { padding: 10px 18px; display: flex; gap: 10px; align-items: center; font-size: 13px; }
.btn { display: inline-block; padding: 5px 12px; border-radius: 6px; font-size: 12px; font-weight: 500;
border: 1px solid var(--border, #e5e7eb); background: var(--surface, #fff);
cursor: pointer; text-decoration: none; color: inherit; }
.btn:hover { background: var(--border-light, #f9fafb); }
.btn-secondary { background: var(--surface, #fff); }
.btn-sm { padding: 3px 9px; font-size: 11px; }
.unprocessed-badge {
display: inline-block; padding: 1px 6px; border-radius: 4px;
font-size: 11px; background: #fef9c3; color: #854d0e;
}
.toast-stack {
position: fixed; bottom: 24px; right: 24px; z-index: 2000;
display: flex; flex-direction: column; gap: 8px; pointer-events: none;
}
.toast {
background: #111827; color: #fff; padding: 10px 16px;
border-radius: 8px; font-size: 13px; box-shadow: 0 10px 30px rgba(0, 0, 0, 0.25);
opacity: 0; transform: translateY(8px); transition: opacity 0.2s, transform 0.2s;
pointer-events: auto; max-width: 380px;
}
.toast.show { opacity: 1; transform: translateY(0); }
.toast.success { background: #047857; }
.toast.error { background: #b91c1c; }
</style>
<div class="ud-page" data-user-id="{{ target_user.id }}">
<div class="ud-header">
<a href="/admin/users" class="ud-back">← Back to users</a>
<div class="ud-title-block">
{% set page_hero_eyebrow = "Users & Access" %}
{% set page_hero_title = "User detail" %}
{% set page_hero_subtitle = "Account, group memberships, sessions, and activity for one user." %}
{% include "_page_hero.html" %}
</div>
</div>
<!-- Account actions -->
<section class="ud-section">
<div class="ud-section-head">
<h2>Account</h2>
</div>
<div class="account-grid">
<div id="account-status-text" style="font-size:13px;color:var(--text-secondary,#6b7280);">
Loading…
</div>
<div style="display:flex; gap:8px;">
<button class="account-action-btn" id="reset-pw-btn">Reset password</button>
<button class="account-action-btn" id="toggle-active-btn">Deactivate</button>
<button class="account-action-btn danger" id="delete-user-btn">Delete</button>
</div>
</div>
</section>
<!-- Group memberships -->
<section class="ud-section">
<div class="ud-section-head">
<h2>Group memberships</h2>
<span class="sub">Groups this user belongs to. Add to <strong>Admin</strong> to grant full access.</span>
</div>
<div id="memberships-loading" class="ea-loading">Loading memberships…</div>
<table class="members-table" id="memberships-table" style="display:none;">
<thead><tr>
<th>Group</th><th>Origin</th>
<th style="text-align:right">Actions</th>
</tr></thead>
<tbody id="memberships-tbody"></tbody>
</table>
<div class="ea-empty" id="memberships-empty" style="display:none;">
User is not in any groups.
</div>
<div class="add-member-row">
<select id="add-group-select">
<option value="">— Pick a group —</option>
</select>
<button id="add-group-btn" disabled>Add to group</button>
</div>
<p id="add-group-hint" class="ud-hint" style="display:none;"></p>
</section>
<!-- Effective access -->
<section class="ud-section">
<div class="ud-section-head">
<h2>Effective access</h2>
<span class="sub">Resources this user can see, derived from group memberships.</span>
</div>
<div id="effective-loading" class="ea-loading">Loading…</div>
<div id="effective-content" style="display:none;"></div>
</section>
<!-- Sessions -->
<section class="ud-section">
<div class="ud-section-head">
<h2>Sessions</h2>
<a class="btn btn-secondary" id="ud-download-all" href="#">Download all (.zip)</a>
</div>
<div class="ud-empty" id="ud-sessions-loading">Loading…</div>
<div class="ud-empty" id="ud-sessions-empty" hidden>
No collected sessions for this user yet.
</div>
<table class="ud-table" id="ud-sessions-table" hidden>
<thead>
<tr>
<th>Started</th>
<th>Active duration</th>
<th>Tool calls</th>
<th>Errors</th>
<th>Model</th>
<th>Actions</th>
</tr>
</thead>
<tbody id="ud-sessions-tbody"></tbody>
</table>
<div class="ud-pagination" id="ud-sessions-pagination" hidden>
<button class="btn" id="ud-sessions-prev">Prev</button>
<span id="ud-sessions-page-meta"></span>
<button class="btn" id="ud-sessions-next">Next</button>
</div>
</section>
<!-- Activity -->
<section class="ud-section">
<div class="ud-section-head">
<h2>Activity</h2>
<span class="sub">All recorded server actions for this user</span>
</div>
<div class="ud-empty" id="ud-activity-loading">Loading…</div>
<table class="ud-table" id="ud-activity-table" hidden>
<thead>
<tr>
<th>Time</th>
<th>Action</th>
<th>Resource</th>
<th>Result</th>
<th>Client</th>
<th>Duration</th>
</tr>
</thead>
<tbody id="ud-activity-tbody"></tbody>
</table>
<div class="ud-empty" id="ud-activity-empty" hidden>
No recorded activity for this user yet.
</div>
<div class="ud-pagination" id="ud-activity-pagination" hidden>
<button class="btn" id="ud-activity-prev">Prev</button>
<span id="ud-activity-page-meta"></span>
<button class="btn" id="ud-activity-next">Next</button>
</div>
</section>
</div>
<div class="toast-stack" id="toast-stack" aria-live="polite"></div>
<script>
const USER_ID = document.querySelector("[data-user-id]").dataset.userId;
const USER_API = `/api/users/${encodeURIComponent(USER_ID)}`;
const MEMBERSHIPS_API = `/api/admin/users/${encodeURIComponent(USER_ID)}/memberships`;
const EFFECTIVE_API = `/api/admin/users/${encodeURIComponent(USER_ID)}/effective-access`;
// Server-injected env: empty string = no prefix configured. Same shape as
// /admin/groups + /admin/users — used to shorten google-sync chip text
// (`grp_acme_legal@workspace.example.com` → `Legal`) so the membership cell
// stays readable.
const GOOGLE_GROUP_PREFIX = {{ config.AGNES_GOOGLE_GROUP_PREFIX | tojson }};
const GROUPS_API = "/api/admin/groups";
function esc(s) { const d = document.createElement("div"); d.textContent = s == null ? "" : String(s); return d.innerHTML; }
function fmtDate(s) { return s ? String(s).slice(0, 16).replace("T", " ") : "-"; }
// Same logic as /admin/groups + /admin/users: only safe to call on
// google_sync rows whose `name` is the raw Workspace email; calling it
// on a custom group name like "data-team" would over-capitalize it.
function deriveDisplayName(fullEmail) {
if (!fullEmail) return "";
const local = String(fullEmail).split("@")[0] || String(fullEmail);
const px = (GOOGLE_GROUP_PREFIX || "").toLowerCase();
let s = local;
if (px && s.toLowerCase().startsWith(px)) s = s.slice(px.length);
s = s.replace(/^[_\-\s]+/, "");
if (!s) return local;
return s.charAt(0).toUpperCase() + s.slice(1);
}
function toast(msg, kind = "") {
const el = document.createElement("div");
el.className = "toast " + kind;
el.textContent = msg;
document.getElementById("toast-stack").appendChild(el);
requestAnimationFrame(() => el.classList.add("show"));
setTimeout(() => { el.classList.remove("show"); setTimeout(() => el.remove(), 250); }, 3500);
}
let userState = null; // /api/users/{id} response
let memberships = []; // [{group_id, group_name, is_system, source, added_at}]
let allGroups = []; // for the add-to-group dropdown
async function loadUser() {
const r = await fetch(USER_API, { credentials: "include" });
if (r.ok) {
userState = await r.json();
renderHeader();
renderAccountStatus();
}
}
function renderHeader() {
const pill = document.getElementById("status-pill");
if (userState && !userState.active) {
pill.textContent = "Deactivated";
pill.className = "ud-status-pill inactive";
pill.style.display = "inline-block";
} else if (userState) {
pill.textContent = "Active";
pill.className = "ud-status-pill active";
pill.style.display = "inline-block";
}
}
function renderAccountStatus() {
const node = document.getElementById("account-status-text");
const toggleBtn = document.getElementById("toggle-active-btn");
// SSO-managed accounts (Google Workspace today) hide password / delete
// affordances — those operations are no-ops or get reverted by the next
// sync. Deactivate stays so admins can still gate access locally.
const resetBtn = document.getElementById("reset-pw-btn");
const deleteBtn = document.getElementById("delete-user-btn");
const sso = !!(userState && userState.is_sso_user);
if (resetBtn) resetBtn.style.display = sso ? "none" : "";
if (deleteBtn) deleteBtn.style.display = sso ? "none" : "";
if (!userState) { node.textContent = "—"; return; }
if (userState.active) {
node.innerHTML = `<strong>${esc(userState.email)}</strong> is active.`;
toggleBtn.textContent = "Deactivate";
} else {
node.innerHTML = `<strong>${esc(userState.email)}</strong> is deactivated. They cannot log in.`;
toggleBtn.textContent = "Reactivate";
}
}
async function loadMemberships() {
const r = await fetch(MEMBERSHIPS_API, { credentials: "include" });
document.getElementById("memberships-loading").style.display = "none";
if (!r.ok) {
toast("Failed to load memberships", "error");
return;
}
memberships = await r.json();
renderMemberships();
// loadAll() fires loadGroups() and loadMemberships() in parallel; if
// groups resolved first, refreshGroupDropdown() saw the initial empty
// memberships array and listed groups the user is already in. Re-run
// here so the final dropdown reflects both data sets regardless of
// which fetch completes first. Cheap (in-memory only) and idempotent.
if (allGroups.length > 0) {
refreshGroupDropdown();
}
}
function renderMemberships() {
const table = document.getElementById("memberships-table");
const empty = document.getElementById("memberships-empty");
const tbody = document.getElementById("memberships-tbody");
if (memberships.length === 0) {
table.style.display = "none";
empty.style.display = "block";
return;
}
empty.style.display = "none";
table.style.display = "table";
tbody.innerHTML = "";
for (const m of memberships) {
const tr = document.createElement("tr");
const removable = m.source === "admin"
? `<button class="account-action-btn danger" data-action="remove" data-group-id="${esc(m.group_id)}">Remove</button>`
: `<span style="color:#9ca3af;font-size:11px">managed by ${esc(m.source)}</span>`;
// Map raw source value to a humane phrase. Keep the date inline as
// secondary metadata rather than a separate column.
const sourceLabel = ({
admin: "added by admin",
google_sync: "synced from Google",
system_seed: "system-managed",
})[m.source] || m.source;
const addedFragment = m.added_at
? `<span class="added">· ${esc(fmtDate(m.added_at))}</span>` : "";
// Same chip color + name-shortening rules as the user list:
// - name match (Admin / Everyone) wins over origin so env-mapped
// system rows keep their canonical color
// - google_sync chip text runs through deriveDisplayName ("Legal"
// instead of "grp_acme_legal@workspace.example.com"), full email in
// the title attribute for hover reveal
const cls = m.group_name === "Admin" ? "is-admin"
: m.group_name === "Everyone" ? "is-everyone"
: `is-${m.origin || "custom"}`;
const display = (m.origin === "google_sync" && m.group_name !== "Admin" && m.group_name !== "Everyone")
? deriveDisplayName(m.group_name) : m.group_name;
tr.innerHTML = `
<td><a class="group-chip ${cls}" href="/admin/groups/${encodeURIComponent(m.group_id)}" title="${esc(m.group_name)}">${esc(display)}</a></td>
<td><span class="source-meta"><span class="label">${esc(sourceLabel)}</span>${addedFragment}</span></td>
<td style="text-align:right">${removable}</td>
`;
tbody.appendChild(tr);
}
tbody.querySelectorAll('[data-action="remove"]').forEach(btn => {
btn.addEventListener("click", () => removeFromGroup(btn.dataset.groupId));
});
}
async function loadGroups() {
const r = await fetch(GROUPS_API, { credentials: "include" });
if (!r.ok) return;
allGroups = await r.json();
refreshGroupDropdown();
}
function refreshGroupDropdown() {
const sel = document.getElementById("add-group-select");
const hint = document.getElementById("add-group-hint");
const memberOf = new Set(memberships.map(m => m.group_id));
sel.innerHTML = '<option value="">— Pick a group —</option>';
let googleManagedSkipped = 0;
let assignableCount = 0;
for (const g of allGroups) {
if (memberOf.has(g.id)) continue; // already a member, hide
if (g.is_google_managed) { // membership owned by Workspace —
googleManagedSkipped++; // includes mapped Admin / Everyone when
continue; // AGNES_GROUP_{ADMIN,EVERYONE}_EMAIL is
// set. The API would 409 on POST
// anyway; hiding the option keeps the
// picker honest about what's grantable.
}
const opt = document.createElement("option");
opt.value = g.id;
opt.textContent = g.name + (g.is_system ? " (system)" : "");
sel.appendChild(opt);
assignableCount++;
}
document.getElementById("add-group-btn").disabled = assignableCount === 0;
// When the dropdown ends up empty, explain why instead of leaving the
// admin staring at a silent "— Pick a group —" placeholder. Three cases:
// (a) user is already in every existing group;
// (b) every remaining group is Google-Workspace-managed (POST would 409);
// (c) no groups exist at all (fresh deploy with the system seeds masked
// via AGNES_GROUP_{ADMIN,EVERYONE}_EMAIL). Cases (b)/(c) point the
// admin at /admin/groups so they can create a custom group whose
// membership flows through Agnes itself.
if (assignableCount === 0) {
if (allGroups.length === 0) {
hint.textContent = "No groups exist on this server.";
hint.style.display = "block";
} else if (googleManagedSkipped > 0) {
hint.innerHTML = (
"All assignable groups are managed by Google Workspace — membership flows from " +
"<code>admin.google.com</code>. To grant access manually, create a custom Agnes group at " +
"<a href=\"/admin/groups\">/admin/groups</a>."
);
hint.style.display = "block";
} else {
hint.textContent = "User is already a member of every group.";
hint.style.display = "block";
}
} else {
hint.style.display = "none";
}
}
document.getElementById("add-group-select").addEventListener("change", e => {
document.getElementById("add-group-btn").disabled = !e.target.value;
});
document.getElementById("add-group-btn").addEventListener("click", async () => {
const sel = document.getElementById("add-group-select");
const gid = sel.value;
if (!gid) return;
const r = await fetch(MEMBERSHIPS_API, {
method: "POST", credentials: "include",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ group_id: gid }),
});
if (!r.ok) {
const err = await r.json().catch(() => ({}));
toast("Add failed: " + (err.detail || r.status), "error");
return;
}
toast("Added to group", "success");
await Promise.all([loadMemberships(), loadEffectiveAccess()]);
refreshGroupDropdown();
});
async function removeFromGroup(group_id) {
if (!confirm("Remove user from this group?")) return;
const r = await fetch(`${MEMBERSHIPS_API}/${encodeURIComponent(group_id)}`, {
method: "DELETE", credentials: "include",
});
if (!r.ok) {
const err = await r.json().catch(() => ({}));
toast("Remove failed: " + (err.detail || r.status), "error");
return;
}
toast("Removed from group", "success");
await Promise.all([loadMemberships(), loadEffectiveAccess()]);
refreshGroupDropdown();
}
async function loadEffectiveAccess() {
const r = await fetch(EFFECTIVE_API, { credentials: "include" });
document.getElementById("effective-loading").style.display = "none";
const content = document.getElementById("effective-content");
content.style.display = "block";
if (!r.ok) {
content.innerHTML = `<div class="ea-empty">Failed to load.</div>`;
return;
}
const data = await r.json();
// We deliberately don't short-circuit on `data.is_admin` anymore —
// admin users get the same explicit grant breakdown as everyone else
// so the operator can audit which Admin-group grants exist (and via
// which sibling groups). Authorization at runtime still grants admin
// god-mode regardless of this list (see `app.auth.access`).
if (!data.items || data.items.length === 0) {
content.innerHTML = `<div class="ea-empty">User has no resource access yet. Add them to a group with grants.</div>`;
return;
}
let html = `<table class="ea-table">
<thead><tr>
<th>Type</th><th>Resource</th><th>Granted via</th>
</tr></thead><tbody>`;
for (const it of data.items) {
const viaHtml = it.via_groups
.map(g => `<span class="via-group">${esc(g.group_name)}</span>`).join(" ");
html += `
<tr>
<td style="white-space:nowrap">${esc(it.resource_type)}</td>
<td class="ea-rid">${esc(it.resource_id)}</td>
<td class="ea-via">${viaHtml}</td>
</tr>`;
}
html += `</tbody></table>`;
content.innerHTML = html;
}
// Account actions
document.getElementById("reset-pw-btn").addEventListener("click", async () => {
if (!confirm("Send password reset link to " + (userState && userState.email) + "?")) return;
const r = await fetch(`${USER_API}/reset-password`, {
method: "POST", credentials: "include",
});
if (!r.ok) {
toast("Reset failed: " + r.status, "error");
return;
}
const data = await r.json();
toast(data.email_sent ? "Reset link emailed" : "Reset token: " + data.reset_token, "success");
});
document.getElementById("toggle-active-btn").addEventListener("click", async () => {
if (!userState) return;
const newActive = !userState.active;
const verb = newActive ? "Reactivate" : "Deactivate";
if (!confirm(`${verb} this user?`)) return;
const path = newActive ? "/activate" : "/deactivate";
const r = await fetch(`${USER_API}${path}`, { method: "POST", credentials: "include" });
if (!r.ok) {
const err = await r.json().catch(() => ({}));
toast(verb + " failed: " + (err.detail || r.status), "error");
return;
}
toast(verb + "d", "success");
loadUser();
});
document.getElementById("delete-user-btn").addEventListener("click", async () => {
if (!userState) return;
if (!confirm(`Delete ${userState.email}? This cannot be undone.`)) return;
const r = await fetch(USER_API, { method: "DELETE", credentials: "include" });
if (!r.ok) {
const err = await r.json().catch(() => ({}));
toast("Delete failed: " + (err.detail || r.status), "error");
return;
}
toast("User deleted", "success");
setTimeout(() => { window.location.href = "/admin/users"; }, 800);
});
// ---------------------------------------------------------------------------
// Sessions section
// ---------------------------------------------------------------------------
const SESSIONS_API = `/api/admin/users/${encodeURIComponent(USER_ID)}/sessions`;
const SESSIONS_DL_ALL = `/api/admin/users/${encodeURIComponent(USER_ID)}/sessions/download-all`;
let _sessionsOffset = 0;
const _sessionsLimit = 50;
let _sessionsTotal = 0;
document.getElementById("ud-download-all").href = SESSIONS_DL_ALL;
function fmtDuration(seconds) {
if (seconds == null) return "—";
const s = Math.round(Number(seconds));
if (s < 60) return s + "s";
const m = Math.floor(s / 60), rem = s % 60;
if (m < 60) return rem > 0 ? `${m}m ${rem}s` : `${m}m`;
const h = Math.floor(m / 60), rm = m % 60;
return rm > 0 ? `${h}h ${rm}m` : `${h}h`;
}
async function loadSessions() {
const url = `${SESSIONS_API}?limit=${_sessionsLimit}&offset=${_sessionsOffset}`;
const r = await fetch(url, { credentials: "include" });
const emptyEl = document.getElementById("ud-sessions-empty");
document.getElementById("ud-sessions-loading").hidden = true;
const tableEl = document.getElementById("ud-sessions-table");
const paginEl = document.getElementById("ud-sessions-pagination");
const tbody = document.getElementById("ud-sessions-tbody");
const pageMeta = document.getElementById("ud-sessions-page-meta");
if (!r.ok) {
emptyEl.textContent = "Failed to load sessions.";
emptyEl.hidden = false;
tableEl.hidden = true;
paginEl.hidden = true;
return;
}
const data = await r.json();
_sessionsTotal = data.pagination.total;
if (data.rows.length === 0 && _sessionsOffset === 0) {
emptyEl.hidden = false;
tableEl.hidden = true;
paginEl.hidden = true;
return;
}
emptyEl.hidden = true;
tableEl.hidden = false;
tbody.innerHTML = "";
for (const row of data.rows) {
const tr = document.createElement("tr");
const dlHref = `/api/admin/users/${encodeURIComponent(USER_ID)}/sessions/${encodeURIComponent(row.session_file)}/download`;
const modelText = row.primary_model
? esc(row.primary_model).replace(/claude-/i, "").replace(/-\d{8}$/, "")
: "—";
const unprocessed = !row.processed
? ` <span class="unprocessed-badge">pending</span>` : "";
tr.innerHTML = `
<td>${esc(fmtDate(row.started_at))}${unprocessed}</td>
<td>${fmtDuration(row.active_seconds)}</td>
<td>${row.tool_calls != null ? esc(String(row.tool_calls)) : "—"}</td>
<td>${row.tool_errors != null && row.tool_errors > 0 ? `<span style="color:#b91c1c">${esc(String(row.tool_errors))}</span>` : (row.tool_errors === 0 ? "0" : "—")}</td>
<td style="font-size:11px;color:var(--text-secondary,#6b7280)">${modelText}</td>
<td><a class="btn btn-sm" href="${dlHref}">Download .jsonl</a></td>
`;
tbody.appendChild(tr);
}
// Pagination
const from = _sessionsOffset + 1;
const to = Math.min(_sessionsOffset + data.rows.length, _sessionsTotal);
pageMeta.textContent = `${from}${to} of ${_sessionsTotal}`;
paginEl.hidden = _sessionsTotal <= _sessionsLimit;
document.getElementById("ud-sessions-prev").disabled = _sessionsOffset === 0;
document.getElementById("ud-sessions-next").disabled = (_sessionsOffset + _sessionsLimit) >= _sessionsTotal;
}
document.getElementById("ud-sessions-prev").addEventListener("click", () => {
if (_sessionsOffset > 0) {
_sessionsOffset = Math.max(0, _sessionsOffset - _sessionsLimit);
loadSessions();
}
});
document.getElementById("ud-sessions-next").addEventListener("click", () => {
if (_sessionsOffset + _sessionsLimit < _sessionsTotal) {
_sessionsOffset += _sessionsLimit;
loadSessions();
}
});
// ---------------------------------------------------------------------------
// Activity section
// ---------------------------------------------------------------------------
const ACTIVITY_API = `/api/admin/users/${encodeURIComponent(USER_ID)}/activity`;
let _activityOffset = 0;
const _activityLimit = 50;
let _activityTotal = 0;
function loadActivity() {
const table = document.getElementById('ud-activity-table');
const empty = document.getElementById('ud-activity-empty');
const tbody = document.getElementById('ud-activity-tbody');
const pag = document.getElementById('ud-activity-pagination');
fetch(`${ACTIVITY_API}?limit=${_activityLimit}&offset=${_activityOffset}`, { credentials: 'include' })
.then(r => r.json())
.then(data => {
document.getElementById('ud-activity-loading').hidden = true;
if (!data.rows || (data.rows.length === 0 && _activityOffset === 0)) {
empty.hidden = false;
table.hidden = true;
pag.hidden = true;
return;
}
empty.hidden = true;
table.hidden = false;
_activityTotal = data.pagination.total;
tbody.innerHTML = data.rows.map(r => {
const isErr = r.result && (r.result.startsWith('error') || r.result === 'failed');
const resultCls = isErr ? 'style="color:#b91c1c"' : '';
return `<tr>
<td><time datetime="${esc(r.timestamp)}">${esc(fmtDate(r.timestamp))}</time></td>
<td><code>${esc(r.action)}</code></td>
<td style="font-size:12px;color:var(--text-secondary,#6b7280)">${esc(r.resource || '—')}</td>
<td ${resultCls}>${esc(r.result || '—')}</td>
<td>${esc(r.client_kind || '—')}</td>
<td>${r.duration_ms != null ? esc(String(r.duration_ms)) + ' ms' : '—'}</td>
</tr>`;
}).join('');
const from = _activityOffset + 1;
const to = Math.min(_activityOffset + data.rows.length, _activityTotal);
document.getElementById('ud-activity-page-meta').textContent = `${from}${to} of ${_activityTotal}`;
pag.hidden = _activityTotal <= _activityLimit;
document.getElementById('ud-activity-prev').disabled = _activityOffset === 0;
document.getElementById('ud-activity-next').disabled = (_activityOffset + _activityLimit) >= _activityTotal;
})
.catch(() => {
document.getElementById('ud-activity-loading').hidden = true;
empty.textContent = 'Failed to load activity.';
empty.hidden = false;
table.hidden = true;
pag.hidden = true;
});
}
document.getElementById('ud-activity-prev').addEventListener('click', () => {
if (_activityOffset > 0) {
_activityOffset = Math.max(0, _activityOffset - _activityLimit);
loadActivity();
}
});
document.getElementById('ud-activity-next').addEventListener('click', () => {
if (_activityOffset + _activityLimit < _activityTotal) {
_activityOffset += _activityLimit;
loadActivity();
}
});
async function loadAll() {
await Promise.all([loadUser(), loadMemberships(), loadGroups(), loadEffectiveAccess(), loadSessions(), loadActivity()]);
}
loadAll();
</script>
{% endblock %}
Reference in a new issue View git blame Copy permalink