alphaswarm-admin
Internal-only admin dashboard for AlphaSwarm staff. Audit-first: every
action lands a security_audit_events row before mutating anything;
no destructive surface bypasses the ledger.
Authenticated via the AlphaSwarm staff Entra tenant. Outbound M2M
calls use a per-deployment Entra Agent Identity provisioned by the
alphaswarm_admin_agent_identity
Terraform module.
Identity
| Field | Value |
|---|---|
| Service id | alphaswarm-admin |
| Role | admin |
| Package | alphaswarm_admin/ |
| Image (key) | admin |
| Built from | alphaswarm_admin/Dockerfile (FastAPI backend, port 8900) + alphaswarm_admin/frontend/Dockerfile (Next.js 15 UI). Two ECR repos: alphaswarm-admin + alphaswarm-admin-frontend. |
Wire
| Field | Value |
|---|---|
| Protocol | HTTP/1.1 + WebSocket |
| Port | 8900 |
| Health | GET /admin/health (public; backs the Docker + ECS container health checks) |
| Public URL | https://admin.alpha-swarm.ai (Cloudflare tunnel + Pomerium IAP) |
| Identity | AlphaSwarm staff Entra tenant; actor_kind is user for human staff and agent for the per-deployment Agent Identity (RFC 8693 act claim) |
Surfaces
| Prefix | Purpose |
|---|---|
/admin/* | FastAPI backend — managed-services CRUD, company accounts, audit log, billing |
/admin/platform/ecs/* | Platform deployment control — boto3 → AWS ECS + CloudWatch for the platform's OWN Fargate services (rollout status, redeploy, scale, logs, metrics, alarms). Distinct from /admin/deployments (customer workloads, brokered). Redeploy + scale are audit-first + step-up-MFA gated. |
/api/auth/entra/* | Next.js BFF proxy to alphaswarm-cp /auth/* |
/dashboard, /platform, /managed-services, /companies, /audit-log, /billing | Next.js frontend pages |
Deployment surfaces
| Surface | Where |
|---|---|
| Compose | service alphaswarm-admin in deployments/compose/docker-compose.admin.yml |
| Kustomize | rolled into the per-cell base — namespace alphaswarm-admin |
| ECS Fargate | infrastructure/modules/ecs-fargate-control-plane, wired in infrastructure/envs/minimum. Container health check on /admin/health; the admin task carries the self-management policy so /admin/platform/ecs/* can drive the cluster. |
| AQP CR | AQPAdmin |
| Terraform module | alphaswarm_admin_agent_identity (Entra Agent Identity provisioning) |
Dependencies
Upstream:
alphaswarm-cp(/auth/*,/manage/*).alphaswarm-core(/api/*for read-only platform queries).postgresfor the admin's own ledger tables.- Stripe (optional) for billing integration.
Downstream:
- AlphaSwarm staff admins only — public ingress is wrapped by Pomerium
with the
alphaswarm-staffEntra group as the sole authenticated population.
Operations
- Audit-first: every mutating endpoint writes a
security_audit_eventsrow BEFORE acting; rollbacks compensate the row. - No customer data exposure: the admin reads aggregate signals only — never raw operator strategy code or RL weights.
- Step-up MFA: required for company-account suspensions, billing refunds, kill-switch fan-out.
- Boundary:
alphaswarm_adminMUST NOT importalphaswarm.*— it is HTTP-only againstalphaswarm-cpandalphaswarm-core. The guard is enforced byalphaswarm_admin/AGENTS.md.
See also
alphaswarm_admin/AGENTS.md— boundary rules.identity.md— Entra integration.alphaswarm_admin_agent_identitymodule — Agent Identity provisioning.