2d11090d1a
Encrypted per-app secrets, reachable from scripts as
secrets::{get,set,delete,list}(name) and managed from the dashboard
Secrets tab. Values are AES-256-GCM-sealed with the process master key
(picloud_shared::crypto) before they touch Postgres; the repo only ever
sees ciphertext + nonce. JSON round-trip preserves Rhai types.
- migration 0023_secrets.sql (PRIMARY KEY (app_id, name)).
- SecretsService trait (picloud-shared) + SecretsServiceImpl + repo
(manager-core), wired into the Services bundle and Rhai engine.
- Capability::AppSecretsRead/Write (→ script:read / script:write); no
new Scope variants (seven-scope commitment).
- Admin API GET/POST/DELETE /apps/{id}/secrets (list returns names +
updated_at, never values).
- build_app now takes a MasterKey, sourced from PICLOUD_SECRET_KEY in
main.rs; test callers pass a fixed test key.
- 64 KB value cap (PICLOUD_SECRET_MAX_VALUE_BYTES); no ServiceEvent
emission (secret writes don't fire triggers, by design).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
PiCloud Dashboard
SvelteKit SPA for the PiCloud control plane.
Stack
- SvelteKit 2 with
adapter-static(SPA fallback) - Svelte 5 (runes)
- TypeScript
- Vite
Scripts
npm install
npm run dev # vite dev server on :5173, proxies /api → PICLOUD_API
npm run build # static SPA bundle into ./build/
npm run check # svelte-check
npm run lint
npm run format
By default npm run dev proxies /api/* and /healthz to
http://127.0.0.1:18080. Override with PICLOUD_API=http://host:port npm run dev.
How it fits in
In production Caddy serves the contents of ./build/ as static files and
falls back to index.html for client-side routing. The dashboard only
talks to the control plane (/api/admin/* on the manager); data-plane
invocations go through /api/execute/* on the orchestrator and are not
issued from the dashboard directly during MVP.