Skip to main content

Layer8 Operator Console

The Layer8 Operator Console is a single-operator admin + observability web console that fronts agent-locksmith's existing admin HTTPS API (:9201). It replaces the docker exec + CLI + --since-ms epoch-millisecond ritual with a visible, attributable, footgun-proof interface.

:::note Status The console is an in-progress prototype. A working preview is deployed at studio-1.taile222a3.ts.net/layer8-operator-console (reachable on the Tailnet). This page tracks the design; screens and behavior may change. :::

What it does

The console covers six screens, realizing 20 functional requirements over the operator routes already exposed by locksmith's admin listener:

  • Catalog / Registrations — view and edit model / tool / infra registrations; surface silently-degraded (unresolved env var) entries.
  • Agents & ACL — list agents, edit allowlists/denylists, register/revoke, manage per-agent credential overrides.
  • Audit Explorer — query the audit trail with human date pickers instead of --since-ms hand-math; filter by agent, tool, event class, decision.
  • OAuth Sessions — see session state and surface degraded sessions before a 503 hits an agent.
  • Bootstrap Tokens — mint / list / revoke enrollment tokens.
  • Health / Status — render /livez, /readyz, /version — including the offending tools[] when readiness reports unresolved credentials.

The load-bearing boundary

The console invents no new backend operation. Every action maps 1:1 to an admin route and a CLI verb that already ships in locksmith. It is a consumption contract over an existing surface, not a new subsystem.

Three design invariants shape every screen:

  1. Not a secret-management UI. The console renders credential shape, status, and attribution (env-var names, wired/degraded, override-vs- default) — never a value. The sole cleartext is a reveal-once modal for one-time secrets (a freshly minted bearer), shown once and never persisted.
  2. Footguns are unrepresentable, not warned. The OAuth-registration clobber, the ACL no-op/self-wipe, and the seed-vs-operator confusion the CLI permits are removed from the UI's expressible surface.
  3. Silent degradation is made loud. Degraded OAuth sessions and silently-no-injecting registrations surface on load, before an agent-facing 503/401.

Architecture

The console is a React + shadcn/ui + Tailwind SPA in front of a thin backend-for-frontend (BFF). The BFF holds the operator bearer (or presents a client certificate to the admin listener) server-side, issues the browser an opaque HTTP-only, SameSite=Strict, Secure session cookie, and proxies each browser call to https://<host>:9201/admin/operator/.... The browser never sees the crown-jewel operator credential. The BFF holds no persistence and adds no authorization logic — locksmith remains the sole authority behind :9201.

References

  • PRD: agents-stack/docs/prd/v0.5.0-operator-console.md — 20 FRs across 6 screens.
  • Design: agents-stack/docs/spec/v0.5.0-operator-console.md — the technical design (BFF decision, screen-by-screen realization).
  • Anchor ADRs: ADR-0004 (kind taxonomy), ADR-0005 (OAuth credentials), ADR-0006 (1Password is the secret store), ADR-0007 (agent endpoints as model registrations).

See also