Skip to content

[dashboards] Full-featured web dashboard for thought management#111

Merged
justfinethanku merged 2 commits intoNateBJones-Projects:mainfrom
alanshurafa:contrib/alanshurafa/open-brain-dashboard
Mar 24, 2026
Merged

[dashboards] Full-featured web dashboard for thought management#111
justfinethanku merged 2 commits intoNateBJones-Projects:mainfrom
alanshurafa:contrib/alanshurafa/open-brain-dashboard

Conversation

@alanshurafa
Copy link
Copy Markdown
Contributor

@alanshurafa alanshurafa commented Mar 23, 2026

Summary

  • First community dashboard for OB1 — 8 pages, 13 components, 10+ API routes
  • Pages: Dashboard (stats/capture), Browse (filtered table), Detail (edit/reflections/connections), Search (semantic + full-text), Add to Brain (smart ingest), Audit (quality review), Duplicates (similarity detection), Login
  • Built with Next.js 16, React 19, TypeScript, Tailwind CSS 4, iron-session
  • Session auth via encrypted HTTP-only cookies — API key never exposed to browser
  • Restricted content toggle auto-hides when RESTRICTED_PASSPHRASE_HASH is not set (works with sensitivity-tiers primitive, PR [recipes] Sensitivity tiers for content access control #110)
  • Deploy to Vercel free tier or any Node.js host
  • Zero ExoCortex-specific code — fully generic for any OB1 instance

Environment Variables

Variable Required Purpose
NEXT_PUBLIC_API_URL Yes Open Brain REST API endpoint
SESSION_SECRET Yes 32+ char secret for cookie encryption
RESTRICTED_PASSPHRASE_HASH No SHA-256 hash to enable restricted content toggle

Test plan

  • npm install && npm run dev starts without errors
  • Login with valid API key redirects to dashboard
  • Dashboard shows stats, type distribution, recent thoughts
  • Browse page loads paginated thoughts with working filters
  • Search returns results in both semantic and full-text modes
  • Add to Brain captures short text as single thought
  • Detail page allows inline editing of content, type, importance
  • Restricted toggle hidden when RESTRICTED_PASSPHRASE_HASH not set
  • No credentials or project refs in committed code

🤖 Generated with Claude Code

alanshurafa and others added 2 commits March 23, 2026 17:55
@alanshurafa @claude
Add Open Brain Dashboard with 8 pages for thought management
a082d26 
Full-featured Next.js web dashboard: browse, search, capture, audit,
duplicate detection, smart ingest, reflections, and connections.
Session auth via encrypted cookies. Restricted content toggle is
optional — auto-hides when RESTRICTED_PASSPHRASE_HASH is not set.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alanshurafa @claude
Fix broken internal link to sensitivity-tiers primitive
8a68ec5 
Change relative link to absolute GitHub PR URL since the primitive
is in a separate PR branch, not merged to main yet.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
justfinethanku
justfinethanku reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@justfinethanku justfinethanku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review: Open Brain Dashboard

This is an excellent first community dashboard for OB1. The implementation is clean, secure, and well-documented. I've reviewed all 54 files against the contribution standards.

What's Good ✅

Architecture & Security:

  • Proper session management with iron-session (HTTP-only encrypted cookies)
  • API key never exposed to browser - all server-side API calls
  • Clean separation: client components, server components, API routes
  • Middleware properly protects routes while allowing public paths
  • "server-only" directive on API utilities prevents client-side leaks
  • Auth checks happen before body parsing (401s before 400s) - correct order
  • No credentials or secrets committed

Code Quality:

  • TypeScript throughout with proper typing
  • Consistent error handling patterns
  • Good use of Next.js 16 App Router patterns (async params, etc.)
  • Zero ExoCortex-specific code - fully generic
  • No TODOs or FIXMEs left in code
  • Clean dependency list - only what's needed

Documentation:

  • README has all required sections: Prerequisites, Steps, Expected Outcome, Troubleshooting
  • Credential tracker table is helpful
  • Clear expected outcomes with specific details
  • Good troubleshooting section with 5 common issues
  • Nice touch: Auto-routing heuristic for smart ingest is documented in comments

Features:

  • 8 pages covering core workflows
  • Smart routing between single capture and extraction
  • Restricted content toggle auto-hides when not configured (graceful degradation)
  • Integrates cleanly with sensitivity-tiers primitive (PR #110)

Minor Suggestions (Optional)

  1. metadata.json: Consider adding "react", "typescript", "vercel" to tags for better discoverability

  2. README clarity: In Step 4, you mention "Enter your Open Brain API key (the MCP_ACCESS_KEY from your Supabase Edge Function secrets)". This might confuse users who haven't set up the REST API gateway yet. Consider linking to the REST API setup guide or adding a prerequisite check.

  3. package-lock.json: This is 6,640 lines. Consider adding a note in the README about running npm ci vs npm install for deterministic builds.

  4. Error boundaries: The React 19 components could benefit from error boundaries on pages that make API calls, but this is a nice-to-have for v1.0.0.

Standards Compliance ✅

  • Folder structure: Correct ()
  • Required files: README.md ✅, metadata.json ✅
  • Metadata valid: All required fields present, valid JSON, correct category
  • No credentials: None found (only .env.example with placeholders)
  • SQL safety: No SQL files in this PR
  • Category artifacts: Has package.json, Next.js app, complete dashboard code
  • PR format: Title starts with [dashboards]
  • No binary blobs: Only package-lock.json (6,640 lines but valid for Node.js projects)
  • README completeness: Has Prerequisites, Steps, Expected Outcome, Troubleshooting
  • No local MCP: N/A (this is a dashboard, not an MCP integration)
  • Scope check: All changes within

Automated Review Checklist

All 11 automated rules pass:

  1. ✅ Folder structure correct
  2. ✅ Required files present
  3. ✅ Metadata valid JSON with required fields
  4. ✅ No credentials
  5. ✅ No dangerous SQL
  6. ✅ Category-specific artifacts present
  7. ✅ PR title format correct
  8. ✅ No binary blobs over 1MB
  9. ✅ README complete
  10. ✅ No primitive dependencies declared
  11. ✅ Scope limited to contribution folder

Verdict: Ready to merge

This is a high-quality contribution that sets a strong precedent for community dashboards. The code is secure, well-documented, and follows all OB1 standards. The author clearly understands Next.js best practices and has built something genuinely useful.

Recommendation: Merge as-is. The minor suggestions above are truly optional and could be addressed in future PRs if desired.

Great work, @alanshurafa!

justfinethanku
justfinethanku reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@justfinethanku justfinethanku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review: Open Brain Dashboard

This is an excellent first community dashboard for OB1. The implementation is clean, secure, and well-documented. I've reviewed all 54 files against the contribution standards.

What's Good ✅

Architecture & Security:

  • Proper session management with iron-session (HTTP-only encrypted cookies)
  • API key never exposed to browser - all server-side API calls
  • Clean separation: client components, server components, API routes
  • Middleware properly protects routes while allowing public paths
  • "server-only" directive on API utilities prevents client-side leaks
  • Auth checks happen before body parsing (401s before 400s) - correct order
  • No credentials or secrets committed

Code Quality:

  • TypeScript throughout with proper typing
  • Consistent error handling patterns
  • Good use of Next.js 16 App Router patterns (async params, etc.)
  • Zero ExoCortex-specific code - fully generic
  • No TODOs or FIXMEs left in code
  • Clean dependency list - only what's needed

Documentation:

  • README has all required sections: Prerequisites, Steps, Expected Outcome, Troubleshooting
  • Credential tracker table is helpful
  • Clear expected outcomes with specific details
  • Good troubleshooting section with 5 common issues
  • Nice touch: Auto-routing heuristic for smart ingest is documented in comments

Features:

  • 8 pages covering core workflows
  • Smart routing between single capture and extraction
  • Restricted content toggle auto-hides when not configured (graceful degradation)
  • Integrates cleanly with sensitivity-tiers primitive (PR #110)

Minor Suggestions (Optional)

  1. metadata.json: Consider adding "react", "typescript", "vercel" to tags for better discoverability

  2. README clarity: In Step 4, you mention the MCP_ACCESS_KEY from Supabase Edge Function secrets. This might confuse users who haven't set up the REST API gateway yet. Consider linking to the REST API setup guide or adding a prerequisite check.

  3. package-lock.json: This is 6,640 lines. Consider adding a note in the README about running npm ci vs npm install for deterministic builds.

  4. Error boundaries: The React 19 components could benefit from error boundaries on pages that make API calls, but this is a nice-to-have for v1.0.0.

Standards Compliance ✅

All required checks pass:

  • Folder structure: Correct (dashboards/open-brain-dashboard/)
  • Required files: README.md ✅, metadata.json ✅
  • Metadata valid: All required fields present, valid JSON, correct category
  • No credentials: None found (only .env.example with placeholders)
  • SQL safety: No SQL files in this PR
  • Category artifacts: Has package.json, Next.js app, complete dashboard code
  • PR format: Title starts with [dashboards] ✅
  • No binary blobs: Only package-lock.json (valid for Node.js projects)
  • README completeness: Has Prerequisites, Steps, Expected Outcome, Troubleshooting
  • Scope check: All changes within dashboards/open-brain-dashboard/

Automated Review Checklist

All 11 automated rules pass:

  1. ✅ Folder structure correct
  2. ✅ Required files present
  3. ✅ Metadata valid JSON with required fields
  4. ✅ No credentials
  5. ✅ No dangerous SQL
  6. ✅ Category-specific artifacts present
  7. ✅ PR title format correct
  8. ✅ No binary blobs over 1MB
  9. ✅ README complete
  10. ✅ No primitive dependencies declared
  11. ✅ Scope limited to contribution folder

Verdict: Ready to merge

This is a high-quality contribution that sets a strong precedent for community dashboards. The code is secure, well-documented, and follows all OB1 standards. The author clearly understands Next.js best practices and has built something genuinely useful.

Recommendation: Merge as-is. The minor suggestions above are truly optional and could be addressed in future PRs if desired.

Great work, @alanshurafa!

@justfinethanku
Copy link
Copy Markdown
Collaborator

justfinethanku commented Mar 24, 2026

Merged manually after resolving folder conflict — renamed to dashboards/open-brain-dashboard-next/ to coexist with the SvelteKit dashboard. Community badge added. Thank you @alanshurafa!

@justfinethanku justfinethanku merged commit 8a68ec5 into NateBJones-Projects:main Mar 24, 2026
0 of 4 checks passed
@justfinethanku
Copy link
Copy Markdown
Collaborator

justfinethanku commented Mar 24, 2026

Merged manually — renamed to dashboards/open-brain-dashboard-next/ to coexist with the SvelteKit dashboard (#83). Community badge added. Thank you @alanshurafa! 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@justfinethanku justfinethanku justfinethanku left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alanshurafa @justfinethanku