AI Web FeedsAI Web FeedsOpen web AI reader
    • Features
    Documentation

    Admin Observability

    OAuth-protected admin telemetry for App Router APIs, including route latency, failure tracking, and audit visibility.

    Source: apps/web/content/docs/features/admin-observability.mdx

    Admin Observability

    The web application includes a protected admin panel at /admin for reviewing API telemetry without exposing observability data publicly.

    What It Captures

    • Route key, pathname, method, and status code
    • End-to-end handler latency
    • Cache-control hints
    • Request identifiers for incident correlation
    • Redacted failure context for server-side exceptions
    • Hashed client IPs instead of raw addresses
    • Admin audit events for login, logout, and observability reads

    Security Model

    • Admin access uses Google or GitHub OAuth via better-auth
    • Successful login issues a signed HttpOnly session cookie
    • Only accounts with role = 'admin' are granted access
    • The session and role are checked before rendering /admin
    • Admin telemetry APIs reject unauthenticated or non-admin access
    • OAuth tokens are never persisted into telemetry records

    Minimal Environment Variables

    # pragma: allowlist secret - documentation placeholder
DATABASE_URL=postgresql://user:pass@host.neon.tech/db?sslmode=require
BETTER_AUTH_SECRET=replace-with-a-long-random-secret
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
GITHUB_CLIENT_ID=your-github-client-id
GITHUB_CLIENT_SECRET=your-github-client-secret

    Optional Environment Variables

    AIWF_TELEMETRY_DIR=../../data/telemetry
# AIWF_TELEMETRY_SALT=replace-with-a-stable-hashing-salt

    Generate a session secret locally with either command:

    openssl rand -base64 32
    node -e "console.log(require('node:crypto').randomBytes(32).toString('base64'))"

    Admin Role Assignment

    The first user with email wyattowalsh@gmail.com is automatically granted the admin role on account creation. Additional admins can be assigned by updating the role column in the user table directly.

    Current Scope

    This implementation focuses on the Next.js API surface.

    • Route-level API observability for App Router handlers
    • Protected admin overview for throughput, error rate, and latency trends
    • Recent 5xx failures and request activity stream
    • Admin audit trail for privileged access

    Future backend integration can replace the local telemetry sink with a shared service-backed store without changing the admin surface.

    On this page

    Admin ObservabilityWhat It CapturesSecurity ModelMinimal Environment VariablesOptional Environment VariablesAdmin Role AssignmentCurrent Scope
    Admin Observability | AI Web Feeds