Skip to content
PLUR Docs

Admin dashboard

PLUR Enterprise ships a server-rendered admin dashboard at /admin. Same design language as plur.ai (Outfit font, dark/light themes, PLUR brand palette). Cookie-based session, CSRF-protected forms, server-side RBAC.

Access

Section titled “Access”

Open https://plur.your-org.com/admin. Log in with one of:

  • The bootstrap admin account (PLUR_ADMIN_EMAIL + PLUR_ADMIN_PASSWORD from .env).
  • Any OIDC/SAML/GitHub/GitLab account with the org_admin role.

First login forces a password reset; TOTP can be enabled from /me/security.

Surfaces

Section titled “Surfaces”

/admin — Overview

Section titled “/admin — Overview”

At-a-glance health:

  • Active users (last 7 / 30 days).
  • Engram counts by scope.
  • Recall/inject volume.
  • Failed-auth and rate-limit counters.
  • Webhook delivery health.

/admin/users

Section titled “/admin/users”
  • List users with role, last-login, account status.
  • Manually create users (when SCIM isn’t configured).
  • Disable / re-enable.
  • View per-user audit trail.
  • Reset password (for local-auth users).

/admin/teams (Groups)

Section titled “/admin/teams (Groups)”
  • Hierarchical group tree.
  • Add/remove members.
  • Set roles (viewer / editor / admin).
  • Map to GitHub/GitLab teams (when those IdPs are configured).
  • SCIM-provisioned groups are flagged read-only.

/admin/engrams

Section titled “/admin/engrams”
  • List engrams by scope, type, status.
  • Pin / unpin (admin-only; audited).
  • Bulk retire candidate engrams.
  • Inspect activation, feedback signals, provenance.

/admin/audit

Section titled “/admin/audit”
  • Filter by user, action, scope, channel, date range.
  • Export CSV / JSON for compliance archives.
  • Webhook fires on every audit row when the audit.entry event is subscribed.

/admin/sso

Section titled “/admin/sso”
  • Configure OIDC providers (multiple allowed).
  • Configure SAML 2.0 IdPs.
  • Configure GitHub OAuth (org-level scope).
  • Configure GitLab OAuth.
  • Test connection without disabling existing auth.

/admin/scim

Section titled “/admin/scim”
  • Manage SCIM bearer tokens.
  • View provisioning audit.
  • Choose which IdP groups sync.
  • Toggle hard-delete vs soft-delete.

See SCIM 2.0 provisioning.

/admin/webhooks

Section titled “/admin/webhooks”
  • Register endpoints.
  • Subscribe to event types.
  • Inspect delivery history (retries, last status, payload).
  • Test-fire a webhook to verify HMAC signing.

See Webhooks.

/admin/insights

Section titled “/admin/insights”
  • Quality metrics: hit/miss ratios per scope.
  • Engram health: candidates awaiting promotion, stale engrams.
  • Per-team adoption: who’s using PLUR, who’s not.

/admin/settings

Section titled “/admin/settings”
  • Org metadata (name, support email).
  • Rate-limit knobs.
  • Default engram TTL.
  • Backup configuration.
  • Email (SMTP) configuration.

The /me user portal

Section titled “The /me user portal”

Distinct from /admin. Every authenticated user gets:

  • /me — your engrams, recent activity.
  • /me/api-keys — issue, rotate, revoke your own API keys.
  • /me/webhooks — subscribe your own webhooks to events on engrams you own.
  • /me/security — change password, enable TOTP.
  • /me/sessions — list of active sessions; revoke any.

The split is deliberate: /admin is for admins, /me is for everyone. They use the same auth but separate routers (src/admin/router.ts and src/admin/me-router.ts).

RBAC

Section titled “RBAC”

Three roles plus org_admin:

RoleGrantedCapabilities
viewerper-scopeRead engrams in scope.
editorper-scopeRead + write engrams in scope.
adminper-scopeAll editor capabilities + manage scope members.
org_adminorg-wideEverything inside the org, plus /admin access.

The dashboard enforces these checks server-side via src/admin/rbac.ts. There is no client-side gate; even if a user types /admin/users directly, RBAC returns the HTML 403.

CSRF

Section titled “CSRF”

Every state-changing form on /admin and /me carries a CSRF token. Double-submit cookie pattern (src/admin/csrf.ts). API endpoints with Authorization: Bearer headers are exempt — they’re not subject to the cookie-on-third-party-site attack class.

Server-side rendering

Section titled “Server-side rendering”

The admin dashboard is server-rendered HTML — not a single-page app. Choices:

  • Server-rendered because admin UIs benefit more from “view source works” than from interactivity. You can scrape the audit log with curl.
  • Outfit font for type, JetBrains Mono for code — matches the rest of the PLUR brand.
  • Dark/light toggle synced with prefers-color-scheme.

Code: src/admin/views.ts for the templates, src/admin/queries.ts for the data layer.