FabricFabricHarness
Operating

Operator Console

Inspect sessions, approvals, tenants, and persistent instances from the authenticated Node server.

The Node server includes a compact operator console at /admin. It uses the same authentication, tenant binding, and admin:read permission checks as the admin APIs.

FABRIC_HARNESS_API_TOKEN="$API_TOKEN" fh server

Open http://localhost:4317/admin, enter the API token, and connect. The token is kept in browser sessionStorage and sent as a bearer header; it is not written to the server-rendered page.

The console provides paginated, searchable views for:

  • finite jobs and persistent agents;
  • sessions, runs, and active durable submissions;
  • built-in tools and pending or completed approvals;
  • persistence, queue, and worker health;
  • session cost metrics, policy decisions, and the audit trail.

Operators with approval:write can approve or reject a pending request. Operators with session:replay can fork a session from any durable entry, while session:abort and session:delete control abort and cascade deletion. Buttons are hidden when the authenticated principal lacks the corresponding permission; the server independently authorizes every action.

All collection endpoints use the same pagination shape:

{
  "items": [],
  "total": 0,
  "offset": 0,
  "limit": 50,
  "nextOffset": null
}

Use ?offset=0&limit=50&q=running. A tenant-bound principal only receives its own tenant. A principal allowed to operate several tenants can add ?tenant=acme; the server validates that selection against the principal before reading data.

Custom SSO deployments should use cookie authentication in authenticate, so the console can load without a separate bearer token. Assign operators admin:read, plus the action permissions they need. The APIs remain the source of truth; the console does not bypass RBAC or tenant isolation.