Files
stack/docs/guides/admin-guide.md
Hermes Agent 365c2130de
All checks were successful
ci/woodpecker/pr/ci Pipeline was successful
feat(#756): add official Discord channel adapter
2026-07-14 15:16:44 -05:00

20 KiB

Mosaic Stack — Admin Guide

Table of Contents

  1. User Management
  2. System Health Monitoring
  3. Provider Configuration
  4. MCP Server Configuration
  5. Environment Variables Reference
  6. Local Fleet Canary

User Management

Admins access user management at /admin in the web dashboard. All admin endpoints require a session with role = admin.

Creating a User

Via the web admin panel:

  1. Navigate to /admin.
  2. Click Create User.
  3. Enter name, email, password, and role (admin or member).
  4. Submit.

Via the API:

POST /api/admin/users
Content-Type: application/json

{
  "name": "Jane Doe",
  "email": "jane@example.com",
  "password": "securepassword",
  "role": "member"
}

Passwords are hashed by BetterAuth before storage. Passwords are never stored in plaintext.

Roles

Role Permissions
admin Full access: user management, health, all agent tools
member Standard user access; agent tool set restricted by AGENT_USER_TOOLS

Updating a User's Role

PATCH /api/admin/users/:id/role
Content-Type: application/json

{ "role": "admin" }

Banning and Unbanning

Banned users cannot sign in. Provide an optional reason:

POST /api/admin/users/:id/ban
Content-Type: application/json

{ "reason": "Violated terms of service" }

To lift a ban:

POST /api/admin/users/:id/unban

Deleting a User

DELETE /api/admin/users/:id

This permanently deletes the user. Related data (sessions, accounts) is cascade-deleted. Conversations and tasks reference the user via owner_id which is set to NULL on delete (set null).


System Health Monitoring

The health endpoint is available to admin users only.

GET /api/admin/health

Sample response:

{
  "status": "ok",
  "database": { "status": "ok", "latencyMs": 2 },
  "cache": { "status": "ok", "latencyMs": 1 },
  "agentPool": { "activeSessions": 3 },
  "providers": [{ "id": "ollama", "name": "ollama", "available": true, "modelCount": 3 }],
  "checkedAt": "2026-03-15T12:00:00.000Z"
}

status is ok when both database and cache pass. It is degraded when either service fails.

The web admin panel at /admin polls this endpoint and renders the results in a status dashboard.


Provider Configuration

Providers are configured via environment variables and loaded at gateway startup. No restart-free hot reload is supported; the gateway must be restarted after changing provider env vars.

Ollama

Set OLLAMA_BASE_URL (or the legacy OLLAMA_HOST) to the base URL of your Ollama instance:

OLLAMA_BASE_URL=http://localhost:11434

Specify which models to expose (comma-separated):

OLLAMA_MODELS=llama3.2,codellama,mistral

Default when unset: llama3.2,codellama,mistral.

The gateway registers Ollama models using the OpenAI-compatible completions API (/v1/chat/completions).

Custom Providers (OpenAI-compatible APIs)

Any OpenAI-compatible API (LM Studio, llama.cpp HTTP server, etc.) can be registered via MOSAIC_CUSTOM_PROVIDERS. The value is a JSON array:

MOSAIC_CUSTOM_PROVIDERS='[
  {
    "id": "lmstudio",
    "name": "LM Studio",
    "baseUrl": "http://localhost:1234",
    "models": ["mistral-7b-instruct"]
  }
]'

Each entry must include:

Field Required Description
id Yes Unique provider identifier
name Yes Display name
baseUrl Yes API base URL (no trailing slash)
models Yes Array of model ID strings to expose
apiKey No API key if required by the endpoint

Testing Provider Connectivity

From the web admin panel or settings page, click Test next to a provider. This calls:

POST /api/agent/providers/:id/test

The response includes reachable, latencyMs, and optionally discoveredModels.


MCP Server Configuration

The gateway can connect to external MCP (Model Context Protocol) servers and expose their tools to agent sessions.

Set MCP_SERVERS to a JSON array of server configurations:

MCP_SERVERS='[
  {
    "name": "my-tools",
    "url": "http://localhost:3001/mcp",
    "headers": {
      "Authorization": "Bearer my-token"
    }
  }
]'

Each entry:

Field Required Description
name Yes Unique server name
url Yes MCP server URL (/mcp endpoint)
headers No Additional HTTP headers (e.g. auth)

On gateway startup, each configured server is connected and its tools are discovered. Tools are bridged into the Pi SDK tool format and become available in agent sessions.

The gateway itself also exposes an MCP server endpoint at POST /mcp for external clients. Authentication requires a valid BetterAuth session (cookie or Authorization header).


Environment Variables Reference

Required

Variable Description
BETTER_AUTH_SECRET Secret key for BetterAuth session signing. Must be set or gateway will not start.
DATABASE_URL PostgreSQL connection string. Default: postgresql://mosaic:mosaic@localhost:5433/mosaic

Gateway

Variable Default Description
GATEWAY_PORT 14242 Port the gateway listens on
GATEWAY_CORS_ORIGIN http://localhost:3000 Allowed CORS origin for browser clients
BETTER_AUTH_URL http://localhost:14242 Public URL of the gateway (used by BetterAuth)

SSO (Optional)

Variable Description
AUTHENTIK_CLIENT_ID Authentik OAuth2 client ID
AUTHENTIK_CLIENT_SECRET Authentik OAuth2 client secret
AUTHENTIK_ISSUER Authentik OIDC issuer URL
AUTHENTIK_TEAM_SYNC_CLAIM Optional claim used to derive team sync data (defaults to groups)
WORKOS_CLIENT_ID WorkOS OAuth client ID
WORKOS_CLIENT_SECRET WorkOS OAuth client secret
WORKOS_ISSUER WorkOS OIDC issuer URL
WORKOS_TEAM_SYNC_CLAIM Optional claim used to derive team sync data (defaults to organization_id)
KEYCLOAK_CLIENT_ID Keycloak OAuth client ID
KEYCLOAK_CLIENT_SECRET Keycloak OAuth client secret
KEYCLOAK_ISSUER Keycloak realm issuer URL
KEYCLOAK_TEAM_SYNC_CLAIM Optional claim used to derive team sync data (defaults to groups)
KEYCLOAK_SAML_LOGIN_URL Optional SAML login URL used when OIDC is unavailable

Each OIDC provider requires its client ID, client secret, and issuer URL together. If only part of a provider configuration is set, gateway startup logs a warning and that provider is skipped. Keycloak can fall back to SAML when KEYCLOAK_SAML_LOGIN_URL is configured.

Agent

Variable Default Description
AGENT_FILE_SANDBOX_DIR process.cwd() Root directory for file/git/shell tool access
AGENT_SYSTEM_PROMPT Platform-level system prompt injected into all sessions
AGENT_USER_TOOLS all tools Comma-separated allowlist of tools for non-admin users

Providers

Variable Default Description
OLLAMA_BASE_URL Ollama API base URL
OLLAMA_HOST Alias for OLLAMA_BASE_URL (legacy)
OLLAMA_MODELS llama3.2,codellama,mistral Comma-separated Ollama model IDs
MOSAIC_CUSTOM_PROVIDERS JSON array of custom OpenAI-compatible providers

Memory and Embeddings

Variable Default Description
OPENAI_API_KEY API key for OpenAI embedding and summarization calls
EMBEDDING_API_URL https://api.openai.com/v1 Base URL for embedding API
EMBEDDING_MODEL text-embedding-3-small Embedding model ID
SUMMARIZATION_API_URL https://api.openai.com/v1 Base URL for log summarization API
SUMMARIZATION_MODEL gpt-4o-mini Model used for log summarization
SUMMARIZATION_CRON 0 */6 * * * Cron schedule for log summarization (every 6 hours)
TIER_MANAGEMENT_CRON 0 3 * * * Cron schedule for log tier management (daily at 3am)

MCP

Variable Description
MCP_SERVERS JSON array of external MCP server configurations

Plugins

Variable Description
DISCORD_BOT_TOKEN Discord bot token (enables Discord plugin)
DISCORD_SERVICE_TOKEN Required high-entropy service credential used to authenticate and sign Discord ingress; inject through the approved secret mechanism only
DISCORD_SERVICE_USER_ID Required Mosaic service-principal user ID that owns persisted Discord conversations; the original Discord user ID remains audit metadata
DISCORD_GUILD_ID Discord guild/server ID
DISCORD_GATEWAY_URL Gateway URL for Discord plugin to call (default: http://localhost:14242)
DISCORD_ALLOWED_GUILD_IDS Required comma-separated Discord guild snowflake allowlist; default-deny
DISCORD_ALLOWED_CHANNEL_IDS Required comma-separated Discord channel snowflake allowlist; default-deny
DISCORD_ALLOWED_USER_IDS Required comma-separated Discord user snowflake allowlist; default-deny
DISCORD_INTERACTION_BINDINGS Required JSON bindings from guild/channel to logical agent and paired Discord users with viewer, operator, or admin roles
DISCORD_MESSAGE_RATE_LIMIT_PER_MINUTE Optional positive integer; authorized turns per guild/channel/user each minute (default: 30)
DISCORD_THREAD_RATE_LIMIT_PER_MINUTE Optional positive integer; mention-thread routes per guild/channel/user each minute (default: 5)
TELEGRAM_BOT_TOKEN Telegram bot token (enables Telegram plugin)
TELEGRAM_GATEWAY_URL Gateway URL for Telegram plugin to call

Discord ingress security

When DISCORD_BOT_TOKEN is configured, DISCORD_SERVICE_TOKEN, DISCORD_SERVICE_USER_ID, and all three Discord allowlists are required. Gateway startup fails rather than enabling a broad or unauthenticated remote-control surface. The service user ID identifies a provisioned Mosaic service principal for persistence; the original Discord user ID is retained in ingress audit metadata. The service token is a secret supplied by the approved runtime secret mechanism and is never committed or logged.

Inbound Discord messages must originate from an allowed guild and configured parent channel, come from an allowed and paired user whose role permits sending, and carry a signed envelope containing the native Discord message ID and a generated correlation ID. Attachment references are limited in count, metadata size, field length, and declared size; only query-free HTTPS URLs without credentials or fragments are accepted, so bearer or presigned URLs never reach persistence or an agent prompt. The gateway validates the service identity, envelope signature, allowlists, pairing, and role again before dispatching. Replayed Discord message IDs are rejected during the bounded ingress replay window. Durable inbox/idempotency retention is introduced with Tess durable state.

Configured channels are dedicated agent interaction surfaces. An authorized untagged message routes to the bound logical agent and the response returns in that channel. Mentioning the bot on a normal channel message creates a public Discord thread, or reuses the thread already attached to that same message; the response and later thread messages stay in that thread without repeated mentions. A normal channel's category is not an authorization parent—only a Discord thread inherits authorization from its configured parent channel. Runtime control commands such as /approve and /stop <approval> remain on the current channel/thread because they target that durable session rather than opening a new topic.

Authorization and per-user/channel rate limits are evaluated before thread creation, so an unlisted guild/channel/user, unpaired user, viewer, or rate-limited sender cannot create bot threads or dispatch gateway work. The bot needs Discord permissions to view/send in configured channels and create/send in public threads. If thread creation fails, the turn is not dispatched because the requested response destination cannot be honored.

Conversation handles use the configured logical agent plus Discord channel/thread identity. They do not contain a Claude, Codex, Pi, OpenCode, model, process, or runtime-provider identifier; changing the runtime behind the logical session therefore does not require reconnecting the Discord bot.

Interaction binding format

DISCORD_INTERACTION_BINDINGS must be a non-empty JSON array. Each item requires instanceId, trusted agentConfigId, guildId, channelId, and a non-empty pairedUsers object. instanceId is the configured logical-agent name; its trusted database agentConfigId must resolve to an agent configuration with exactly that name, preserving provider/model/prompt/tool selection per binding. The guild/channel must also appear in their corresponding allowlists. IDs below are placeholders:

[
  {
    "instanceId": "interaction-agent",
    "agentConfigId": "agent-config-id",
    "guildId": "guild-id",
    "channelId": "channel-id",
    "pairedUsers": {
      "discord-user-id": {
        "role": "operator",
        "mosaicUserId": "mosaic-user-id"
      }
    }
  }
]
Pairing role Send message Create/continue thread Approve Stop
viewer No No No No
operator Yes Yes No No
admin Yes Yes Yes Yes

A legacy role-only value such as "discord-user-id": "operator" remains valid for non-privileged ingress. Approval and stop require the object form with a provisioned mosaicUserId; gateway policy checks that Mosaic identity and consumes one exact-action approval once. Do not make the Discord service principal an approving administrator.

After changing bindings or allowlists, restart the gateway/plugin through the normal service manager and verify both Discord and gateway connectivity. The adapter reports connected only when both links are ready, degraded when one is ready, and disconnected when neither is ready. Test one authorized untagged channel turn, one mention-created thread, one thread follow-up, and one unauthorized user denial without using production credential values in logs or evidence.

Session retention and garbage collection

Session cleanup is scoped to one session identifier and only removes that session's Valkey keys and demotes that session's hot logs. Gateway startup and scheduled jobs do not perform global session cleanup; startup removes legacy repeatable session-gc schedules created by older deployments. The /gc command is intentionally disabled until a distinct global-retention job supplies explicit authorization and audit evidence. This prevents one tenant or session's cleanup from changing another's retained data.

Observability

Variable Default Description
OTEL_EXPORTER_OTLP_ENDPOINT http://localhost:4318 OpenTelemetry collector endpoint
OTEL_SERVICE_NAME mosaic-gateway Service name in traces

Web App

Variable Default Description
NEXT_PUBLIC_GATEWAY_URL http://localhost:14242 Gateway URL used by the Next.js client

Coordination

Variable Default Description
MOSAIC_WORKSPACE_ROOT monorepo root (auto-detected) Root path for mission workspace operations