Skip to content

Add super admin console at /-/admin/#9083

Open
ericokuma wants to merge 30 commits intomainfrom
eokuma/admin-console
Open

Add super admin console at /-/admin/#9083
ericokuma wants to merge 30 commits intomainfrom
eokuma/admin-console

Conversation

@ericokuma
Copy link
Contributor

@ericokuma ericokuma commented Mar 19, 2026

Adds an internal super admin console to web-admin at /-/admin/, giving non-technical staff (CS, account managers) a GUI for operations currently only available via rill sudo CLI commands.

  • New route group /-/admin/ with superuser-gated auth guard (ListSuperusers check)
  • Sidebar navigation layout with 11 sections across 5 groups (Overview, People, Billing & Plans, Resources, Advanced)
  • Full pages for: Users (search/assume/delete), Billing (extend trial, set customer ID, repair, issues), Organizations (lookup, custom domain, join), Quotas (org + user), Projects (search, hibernate, redeploy), Whitelist (add/remove domains), Superusers (list/add/remove), Annotations (load/edit/save)
  • Stub pages for Virtual Files and Runtime (engineer-leaning, deferred)
  • "Admin" link in OrgHeader visible only to superusers
  • 26 new files, ~2000 lines; all using existing Orval-generated API clients with TanStack Query

Checklist:

  • Covered by tests
  • Ran it and it works as intended
  • Reviewed the diff before requesting a review
  • Checked for unhandled edge cases
  • Linked the issues it closes
  • Checked if the docs need to be updated. If so, create a separate Linear DOCS issue
  • Intend to cherry-pick into the release branch
  • I'm proud of this work!

Developed in collaboration with Claude Code

ericokuma and others added 23 commits March 19, 2026 08:30
@ericokuma @claude
Add Claude Code PM skills
633cda1 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add superuser auth guard for admin layout
51a2490 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add page header component
e7158a5 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add sidebar navigation component
417e96b 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add shared UI components (ConfirmDialog, StatusB…
441d77d 
…adge, ActionResultBanner, SearchInput)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add admin layout with sidebar + content area
f8f3cc0 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add dashboard home page with quick action cards
3979190 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add user management API selectors
29a2915 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add billing management API selectors
14647e1 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add user management page with search, assume, an…
f502d41 
…d delete

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add billing management page with trial extension…
ccd6905 
…, repair, and issue management

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add admin link in top nav for superusers
efff27c 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add quota management selectors
55affa1 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add organization management selectors
7223698 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add quota management page with editable fields
5b7a419 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add project management selectors
61f2da3 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add domain whitelist management page
c92255f 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add project management page with search, hiberna…
2abf00e 
…te, and redeploy

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add annotations management page
b5561a8 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add superuser management page
0e76ab7 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma @claude
feat(admin-console): add stub pages for virtual files and runtime man…
6d28008 
…agement

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma
fix(admin-console): fix annotations page Svelte template compile error
33f445e
@ericokuma
Revert "Add Claude Code PM skills"
c81c0f6 
This reverts commit 633cda1.
ericokuma
ericokuma commented Mar 20, 2026
View reviewed changes
Copy link
Contributor Author

@ericokuma ericokuma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re-review: Issues Found & Fixed

After re-reviewing the current state of the PR, I identified and fixed the following issues:

Fixed in this pass

  1. Auth guard control flow clarity (+layout.ts): Restructured the catch block so redirectToLogin() is only called inside the 401 branch, with non-401 errors always throwing a redirect. Same behavior, clearer intent.

  2. Unreachable code (+page.svelte Users): Removed notifySuccess() call after assumedUser.assume() — since assume() sets window.location.href, the notification never displays.

  3. Unfiltered invalidateQueries() (superusers/+page.svelte): Both add and remove handlers called queryClient.invalidateQueries() with no filter, invalidating every query in the app. Scoped to /v1/superuser queries.

  4. Unfiltered invalidateQueries() (billing/+page.svelte): handleDeleteIssue invalidated all queries. Scoped to /v1/organizations and /v1/superuser/billing.

  5. ConfirmDialog closes on error (ConfirmDialog.svelte): If onConfirm threw, the dialog would close via the finally block, hiding the error. Added a catch block so the dialog stays open on failure, letting users retry or cancel.

Not applicable

  • Annotations page, whitelist page, and OrgHeader component do not exist in the current diff — these were false positives from the earlier review.
  • superuserForceAccess on getOrgProjects: the AdminServiceListProjectsForOrganizationParams type does not include this field, so no change needed.

Developed in collaboration with Claude Code

@ericokuma @claude
fix(admin-console): fix type errors, scoped query invalidation, and r…
61d9d36 
…eview issues

- Fix mutateAsync param names: organization → org for hibernate/redeploy
- Fix billing issue type to use V1BillingIssueType enum instead of string
- Fix quota fields: convert API numbers to strings for form binding
- Remove invalid superuserForceAccess from deleteUser call
- Scope invalidateQueries in superusers and billing pages instead of invalidating all
- Fix ConfirmDialog to keep dialog open on error for retry
- Clean up auth guard control flow in admin layout
- Remove unreachable notifySuccess after assume navigation
- Fix a11y: change label to span for non-input billing text

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ericokuma
Copy link
Contributor Author

ericokuma commented Mar 20, 2026

https://www.loom.com/share/c2371a742c5446ed8f33bd2f2da311b9

ericokuma and others added 2 commits March 20, 2026 23:44
@ericokuma @claude
fix(admin-console): add missing new files and remove deleted pages
e058d49 
Add new shared components (OrgSearchInput, UserSearchInput, notify,
RepresentingBanner, assume-state) that were missing from previous
commits. Remove obsolete pages (annotations, runtime, users,
virtual-files, whitelist) and unused components (ActionResultBanner,
StatusBadge, whitelist selectors) that were deleted locally but
not staged.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ericokuma @claude
fix(admin-console): sync sidebar, selectors with intended state
f276684 
- Remove Dashboard, Whitelist, and Advanced nav sections from sidebar
- Point Users link to root admin page (/-/admin)
- Fix users/selectors: use emailPattern with wildcards, threshold >= 3,
  remove unused assume/unassume mutations
- Fix projects/selectors: add wildcard wrapping, threshold >= 3

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ericokuma and others added 4 commits March 21, 2026 00:06
@ericokuma @claude
fix(admin-console): move admin link to profile menu, fix billing 500,…
1580e70 
… mount assume banner

- Move Admin Console link from top nav (OrgHeader) to profile dropdown
  (AvatarButton), removing duplicate ListSuperusers query from OrgHeader
- Add missing getBillingSetupURL function to billing selectors (was
  imported but never defined, causing 500 on billing page)
- Mount RepresentingBanner in root layout so assume-user banner appears
  when browsing as another user

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ericokuma @claude
fix(admin-console): replace @apply PostCSS with inline Tailwind cla…
11f34d2 
…sses

svelte-check cannot parse `@apply` with `dark:` variants in `<style lang="postcss">` blocks,
causing 12 CI errors and broken dark mode. Move all utility classes inline across 13 admin
console files and remove `<style>` blocks entirely.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ericokuma @claude
fix(admin-console): add dark mode backgrounds and missing dark text v…
8a48cab 
…ariants

Add explicit bg-white/dark:bg-slate-900 to admin layout wrapper and
bg-slate-50/dark:bg-slate-950 to content area. Add dark:text-slate-400
to all loading/empty state text that was missing dark variants.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ericokuma @claude
fix(admin-console): remove dark: prefixes, use auto-adapting CSS vari…
64de7ce 
…ables

Rill's Tailwind color palette (slate, blue, red, etc.) uses CSS custom
properties that already swap between light and dark values. Using dark:
prefixed classes caused double-inversion. Remove all dark: variants and
replace bg-white with bg-slate-50 which auto-adapts.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@royendo
Copy link
Contributor

royendo commented Mar 21, 2026

ill play with in Monday but from the Video a few comments:
Billing

  • Not sure we need to surface Billing customer ID, very niche; also repair not sure what this does even with the description
    Orgs
  • add ability to assume from there (Maybe thats already there but couldnt see in video)

Projects

  • is this iterating through all orgs; probably fine but as you saw lots of duplicate project names might be confusing
  • Add ability to change prod slots
    rill sudo project edit --prod-slots 4
    Quotas dont actually set the prod slots; those are just maxes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ericpgreen2 ericpgreen2 Awaiting requested review from ericpgreen2

@royendo royendo Awaiting requested review from royendo

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ericokuma @royendo