Skip to content

feat(admin): add Prometheus-backed /admin/metrics SSE endpoint#662

Draft
Ferryx349 wants to merge 7 commits into
cameri:mainfrom
Ferryx349:ADMIN-CONSOLE-2-SSE
Draft

feat(admin): add Prometheus-backed /admin/metrics SSE endpoint#662
Ferryx349 wants to merge 7 commits into
cameri:mainfrom
Ferryx349:ADMIN-CONSOLE-2-SSE

Conversation

@Ferryx349

Copy link
Copy Markdown
Collaborator

Description

Add GET /admin/metrics as an authenticated SSE stream for the admin console.

Note: This PR is stacked on Phase 1 until #641 merges to main.

Related Issue

Fixes - #655

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Non-functional change (docs, style, minor refactor)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my code changes.
  • I added a changeset, or this is docs-only and I added an empty changeset.
  • All new and existing tests passed.

Ferryx349 and others added 7 commits June 18, 2026 12:57
Signed-off-by: ABHAY PANDEY <pandeyabhay967@gmail.com>
- Move admin enabled/auth checks into request-handlers middleware
- Reuse admin auth provider instance per process
- Deduplicate admin rate-limit middleware via scope factory
- Return JSON errors from admin controller wrapper
- Drop duplicated sessionTtlSeconds default from settings yaml

Signed-off-by: ABHAY PANDEY <pandeyabhay967@gmail.com>
…L metrics

Signed-off-by: ABHAY PANDEY <pandeyabhay967@gmail.com>
Stack admin auth routes required for authenticated /admin/metrics SSE.

Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: ABHAY PANDEY <pandeyabhay967@gmail.com>
@changeset-bot

changeset-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: b58e212

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
nostream Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@Ferryx349 Ferryx349 marked this pull request as draft July 1, 2026 04:18
Comment thread src/routes/admin/index.ts
router.use(rateLimiterMiddleware)
// codeql[js/missing-rate-limiting] - feature gate only, not authentication
router.use(adminEnabledMiddleware)
router.post('/login', adminLoginRateLimitMiddleware, json(), withAdminController(createPostAdminLoginController))
Comment thread src/routes/admin/index.ts
// codeql[js/missing-rate-limiting] - feature gate only, not authentication
router.use(adminEnabledMiddleware)
router.post('/login', adminLoginRateLimitMiddleware, json(), withAdminController(createPostAdminLoginController))
router.get('/session', adminRateLimitMiddleware, adminAuthMiddleware, withAdminController(createGetAdminSessionController))
Comment thread src/routes/admin/index.ts
router.post('/login', adminLoginRateLimitMiddleware, json(), withAdminController(createPostAdminLoginController))
router.get('/session', adminRateLimitMiddleware, adminAuthMiddleware, withAdminController(createGetAdminSessionController))
router.get('/health', adminRateLimitMiddleware, adminAuthMiddleware, withAdminController(createGetAdminHealthController))
router.get('/metrics', adminRateLimitMiddleware, adminAuthMiddleware, withAdminController(createGetAdminMetricsController))
@coveralls

Copy link
Copy Markdown
Collaborator

Coverage Status

coverage: 67.576% (+0.8%) from 66.747% — Ferryx349:ADMIN-CONSOLE-2-SSE into cameri:main

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants