Sentinel

API-first admin infrastructure that decouples operational authority from UI. Provides a backend-only admin engine for safe bulk operations, strong auditability, and multi-client access.

Features

• Multi-Database Support - PostgreSQL, SQLite, MySQL, MongoDB
• Authentication - JWT-based auth with bcrypt password hashing
• Role-Based Access Control - Permissions system with field-level masking
• Audit Logging - Append-only audit trail for all admin actions
• Background Jobs - Chunked execution for long-running bulk operations
• Audit Log UI - Built-in dark-themed web interface for viewing logs

Quick Start

# Install dependencies
bun install

# Set up environment variables
cp .env.example .env
# Edit .env with your settings

# Run migrations
bun run migrate up

# Start the server
bun run dev

Environment Variables

Create a .env file:

DATABASE_URL=file:./sentinel.db    # SQLite (default)
ADMIN_JWT_SECRET=your-secret-here  # Required for JWT signing
PORT=3000                          # Server port (default)

Development

# Start dev server
bun run dev

# Run migrations
bun run migrate up      # Apply pending migrations
bun run migrate status  # Check migration status
bun run migrate down    # Rollback last migration

# Type check
bun build --target=bun

API Endpoints

Authentication

POST /v1/auth/login     - Login with email/password
POST /v1/auth/refresh   - Refresh access token
GET  /v1/auth/me        - Get current user info
POST /v1/auth/logout    - Logout

Audit Logs

GET /v1/audit/logs      - List audit logs (filterable)
GET /v1/audit/logs/:id  - Get single audit entry
GET /v1/audit/stats     - Get audit statistics

Health

GET /health              - Health check
GET /health/db           - Database health check

Users (requires auth)

GET    /v1/admin/users           - List users
POST   /v1/admin/users           - Create user
GET    /v1/admin/users/:id       - Get user
PUT    /v1/admin/users/:id       - Update user
DELETE /v1/admin/users/:id       - Delete user
POST   /v1/admin/users/query     - Advanced query
POST   /v1/admin/users/bulk      - Bulk operations

Web UI

Open http://localhost:3000 in your browser to access the Audit Log UI.

Login via API first:

# Login to get a token
curl -X POST http://localhost:3000/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"test@example.com","password":"test123"}'

Then add the token to browser's localStorage:

localStorage.setItem('sentinel_token', 'your-token-here')

Or use browser DevTools → Application → Local Storage.

Default Credentials

After migrations, a default admin user is created:

• Email: admin@sentinel.local
• Password: admin123 (change in production!)

Project Structure

sentinel/
├── src/
│   ├── lib/
│   │   ├── auth.ts       # JWT auth, password hashing
│   │   ├── rbac.ts       # Role-based access control
│   │   ├── audit.ts      # Audit logging utilities
│   │   ├── db/           # Database adapters (SQLite, Postgres, MySQL, Mongo)
│   │   └── migrate.ts    # Migration system
│   ├── routes/
│   │   ├── auth.http.ts  # Auth API routes
│   │   ├── audit.http.ts # Audit log API routes
│   │   ├── users.ts      # User management routes
│   │   └── health.ts     # Health check routes
│   ├── types/            # TypeScript type definitions
│   ├── server.ts         # HTTP server
│   └── index.ts          # Entry point
├── public/
│   └── audit.html        # Audit log web UI
├── migrations/           # Database migrations
└── .env                  # Environment configuration

License

MIT