Expand description
CorTeX Frontend capabilities - reports, rendering, auth and more
Modules§
- actor
- The
Actorrequest guard: the authenticated initiator of a mutating request. - admin
- Admin web UI: a single signed-in
/admindashboard that consolidates the admin actions (service registry, background jobs, system health, settings, API docs, and “add a corpus”) which previously sprinkled the public homepage. Access uses the lightweight token scheme — anAdminSessioncookie (frontend::actor), set on the sign-in page below. - apidoc
- API documentation: a generated OpenAPI 3 spec plus a RapiDoc browser page, both built by
rocket_okapidirectly from the#[openapi]-annotated agent routes — the spec is generated from the single source of truth (the real Rocket route + its return type) and so can never drift from the served API. This is the symmetry contract extended to the docs (seedocs/archive/api-spike/COMPARISON.md+ OPEN_QUESTIONS #7; rocket_okapi was chosen over utoipa). - audit
- The accounting pillar (AAA —
docs/archive/AAA_DESIGN.md): a Rocket fairing that records every mutating admin request to theaudit_log, so “who did what, when, to what, with what outcome” is observable. Centralizing it in one fairing (rather than a call in each write handler) means no endpoint can forget to log and new endpoints are audited automatically — drift-proof, in the spirit of the symmetry contract. - catchers
- HTTP error catchers: one consistent, content-negotiated error response across the whole surface, instead of Rocket’s built-in default page.
- concerns
- Common concerns for frontend routes
- corpora
- Corpus-management capability: list/inspect/import/delete corpora as screens + API.
- cors
- CORS capabilities for the Rocket frontend
- helpers
- General purpose auxiliary routines that do not fit the MVC web service paradigm, tending to minor tasks
- jobs
- Jobs capability: poll long-running jobs. One shared
JobDtorenders as JSON for agents (GET /api/jobs/<uuid>) and the progress page (GET /jobs/<uuid>) polls that same JSON. The job mechanism itself lives incrate::jobs. - management
- Management & health capability: the configuration view/edit surface, the Settings page, and a health check.
- metrics
- Prometheus
/metrics— operational gauges for scraping (Arm 8 observability). Token-gated via theActorguard, so it is not public; Prometheus scrapes it with?token=<token>(the guard also accepts theX-Cortex-Tokenheader). Deliberately limited to current-state gauges read on each scrape — connection-pool saturation, background-job backlog, active admin sessions, registered corpora/services, the dispatcher worker fleet’s size + in-flight backlog, and the pending-conversion backlog (cortex_tasks_todo, the one full-table count — bounded ~tens-to-hundreds of ms even at arXiv scale). - params
- Various parameter data structures for the Rocket frontend routes
- render
- Report-rendering layer: the thin presentation proxy over [
crate::backend::task_report] that the HTML report screens use. - reports
- Reports capability: the typed, paginated agent API for the category and
whatreports — the agent twin of the most-used human screens (severity-report / category-report). - retention
- Historical-data retention — managing the one unbounded-growth table,
historical_tasks(one per-task status snapshot per save-snapshot). The admin screen surfaces the snapshot count + the oldest snapshot, lets the admin pick a cutoff date, shows a dry-run count of exactly what a prune would remove, and only then offers a confirmed delete (gated + audited — same safety pattern asdelete_corpus). The run summaries (historical_runs) are never touched, so the run history and charts survive; only the bulky per-task snapshots age out. - runs
- Historical-runs capability: inspect the run history of a
(corpus, service)as an agent API (the JSON twin of the human history screen). - server
- The library-resident Rocket composition root.
- services
- Services capability: the worker-fleet view for a service, as a human screen + agent API.
- sessions
- Active admin sessions management — the security-oversight completion of the session model
(
models::session,docs/archive/WEBAUTHN_DESIGN.md): see who is currently signed in (token or passkey) and revoke a compromised identity’s sessions. Uniform authz — any signed-in admin may view + revoke. - webauthn
- Passkey (WebAuthn) sign-in — the relying-party instance built from config
(
docs/archive/WEBAUTHN_DESIGN.md). This is the foundation: the configured [webauthn_rs::prelude::Webauthn] relying party as Rocket managed state. The registration/authentication ceremonies and the sign-in UI build on this in the following increments.