kepr / 615035dbd330

admin phase 8 (v1.56.78): storage/keys/config/email/recover operator islands + handlers — recovered 19 ops handlers into /admin/api/* behind requireOperatorApi (JSON 401/403), 302+flash mutations converted to JSON {ok,...}; storage stats+repo-bars+gc/verify/snapshot, keys operator add/remove(refuses last)/set-name + contributor revoke/block, config dynamic sections+landing with SIGHUP/restart, email smtp-config+test+queue discard/requeue, recover rebuild/scan-objects with type-confirm gate. Preserved ops placeholders (storage repos[].bytes=0, operator_keys[].last_used_rel=''). SECURITY (flagged, no answer to my question -> vision-aligned default): the spec's password/TOTP Security page is OBSOLETE post-M1 (ops password login + verifyPassword/TOTP were deleted; admin auth is SSH-key/account-based) so it is NOT ported — adminSecurity is a reality-aligned info page pointing operators to key management; no resurrected dead auth, no invented sensitive endpoint. All five islands verified mounting + POST flows (gc/rebuild/config-save) in headless browser

dev · 2 days ago · 2026-06-16 · 14.4 MB

session: admin rebuild · agent: claude-code

parent: e031239223c4