feat: admin and roles (#270)

# Admin System with Role-Based Access Control

## Summary

This PR introduces a complete user admin system with role-based access
control (RBAC), user management capabilities, and enhanced MCP server
sharing (featured) features. The implementation provides organizations
with control over users and user permissions while maintaining a clean
interface for all user roles.

It is designed to keep functionality the same for users who are not
interested in the admin features but adds the ability to manage users,
and restrict access and functionality for users who are not admins.
Before this PR, everyone would be an "editor" in this system. That is
still the default role. The FIRST user who registers becomes an admin
for a new installation. For existing installations, users will need to
update the user record to role to "admin" in the database to use the
admin features. It seemed like too much of a security risk to do this in
an automated way, but I would be open to a more automated solution if we
find a way to do it safely.

## Key Features

### 1. 🏢 Full Admin System

#### User Management Dashboard

<img width="1280" height="1061" alt="01-admin-users-list"
src="https://github.com/user-attachments/assets/1258120e-c005-4d72-8d65-8f7311db788c"
/>
_Comprehensive user listing with search, sorting, and pagination_

- **Advanced User Table**: Displays user information with sortable
columns for name, email, role, status, and creation date
- **Search & Filter**: Real-time search functionality with state
preservation across navigation
- **Pagination**: Efficient handling of large user bases with
configurable items per page
- **Quick Navigation**: Click any user row to view detailed information

#### Search Functionality

Can search by user name or email with case-insensitive, fuzzy matching.

<img width="1280" height="720" alt="80-admin-users-search-14"
src="https://github.com/user-attachments/assets/441cadf1-681e-4544-b70f-1879dc6d2c79"
/>

_Real-time search: typing "14" instantly finds "Test User 14"_

#### Sorting

Can sort by role, date joined or user name.

<img width="1280" height="1063" alt="03-admin-users-sorted"
src="https://github.com/user-attachments/assets/4410e5ce-621a-4a3d-a5da-bb96a2023be2"
/>

_Sort users by role, date joined or user name_

### 2. 👤 User Detail Management

<img width="1280" height="720" alt="61-admin-user-detail-edit-form"
src="https://github.com/user-attachments/assets/44b0017d-1c65-490c-bd64-3fab31aa961f"
/>

_Admin user detail page showing full management interface with real
usage statistics (1,558 tokens across 5 models)_

- **Profile Editing**: Admins can modify user name, email, and reset
passwords
- **Status Management**: Ban/unban users with reason tracking (visible
in users list with "Banned" badge)
- **Role Assignment**: Edit roles through dedicated interface (Admin,
Editor, User)
- **Security Controls**: Password reset, account status management
- **Danger Zone**: Delete user with confirmation (requires typing user
name)
- **Activity Tracking**: View join date, last updated, and usage
statistics

### 3. 📊 AI Usage Analytics

<img width="1280" height="720" alt="62-admin-user-statistics"
src="https://github.com/user-attachments/assets/143891ab-4a6f-49a9-9f22-693ecb11a735"
/>


The user detail page includes comprehensive statistics when available.
Users who haven't used AI assistants yet will see "No AI Activity Yet"
message.

- **Usage Statistics**: Track token consumption, model usage, and
message counts
- **Top Models**: Visualize which AI models users prefer (gpt-4o,
claude-3.5-sonnet, gemini-2.0-flash)
- **Activity Timeline**: See user engagement patterns over the last 30
days
- **Graceful Degradation**: Stats fail gracefully for providers without
telemetry

### 4. 🔐 Three-Tier Role System

This is a starter system that could be expanded to include more roles
and permissions in the future, most likely with dynamic roles and
permissions controlled in the admin dashboard.

#### Admin Role

- Can do everything an Editor (the current default role) can do, plus:
- Full user management capabilities
- Create and feature MCP servers for organization-wide use
- Access to all administrative functions
- View detailed usage statistics across all users

#### Editor Role (Default)

<img width="1280" height="720" alt="13-agents-page-editor"
src="https://github.com/user-attachments/assets/26182a33-8ce7-4afd-9536-8da0bc6d5ac0"
/>

_Editors can create, use, and share agents, workflows. This image is an
example of the agents view._

- Create and manage agents, workflows, and MCP connections
- Share resources with other users
- Full app functionality except admin features
- Self-service profile management

#### User Role

<img width="1280" height="720" alt="16-agents-page-user"
src="https://github.com/user-attachments/assets/2779ce01-b585-4054-aa78-0f9b43eaea09"
/>

_Users can use shared agents and workflows. This image is an example of
the agent view. Users can still "bookmark" agents to show them in their
own sidebar._

- Use shared agents and workflows
- Access featured MCP servers
- Bookmark favorite resources
- Cannot create new resources (simplified experience)

### 5. 🔌 MCP Server Management

When introducing roles, MCP servers were global and there the only way
to get MCP servers up for all users was via file based MCP servers
configs, which was prolematic and bug prone. While MCP server
"featuring" and user specific MCPs were not originally part of the scope
of this PR, it made sense to include it since roles were being
introduced and implmented for features.

Using the same "private" and "public" visibility options as agents and
workflows and the same sharing component, mcps can be featured by
admins. Public = Featured, the logic is the same but the term "featured"
made more sense.

Admins are the only ones who can feature MCP servers, since sharing MCP
servers would be less common than sharing agents and workflows and too
many MCP servers can significantly impact performance.

#### Admin MCP Dashboard

<img width="1280" height="720" alt="68-admin-mcp-all-servers"
src="https://github.com/user-attachments/assets/96e7ba07-8696-48ed-8a76-565791d34cd6"
/>

_Admins can create and feature MCP servers_

#### Role-Based MCP Views


- **Admins**: Can create, use and feature MCP servers
- **Editors**: Can create and use personal MCP connections and use
featured ones
- **Users**: Can only use featured MCP servers

**Editors**

Editors can create and manage their own MCP servers and use featured
ones

<img width="1280" height="720" alt="69-editor-mcp-servers"
src="https://github.com/user-attachments/assets/0a5f8e1b-8900-4e13-ab8a-560be1accb1a"
/>

**Users**

Users see and use featured MCP servers

<img width="1280" height="720" alt="71-user-mcp-featured-only"
src="https://github.com/user-attachments/assets/7ed424c0-c5dc-44b0-ae38-d9d553d52d13"
/>



### 6. 🛠️ Workflow Management

Wofkflows have not been changed except that the "user" role cannot
create workflows, they can only use shared ones.

#### Admin Workflow Dashboard

Admins can create, use and share workflows.

<img width="1280" height="720" alt="71-admin-workflows"
src="https://github.com/user-attachments/assets/6749378f-4e0c-4b29-acd8-a73c76567ae2"
/>

_Admins can create, use and share workflows_

#### Editor Workflow Access

Editors can create, use and share workflows.

<img width="1280" height="720" alt="72-editor-workflows"
src="https://github.com/user-attachments/assets/5bbea6a3-0d13-471a-a358-1aa77046a645"
/>

_Editors can create, use and share workflows_

#### User Workflow Access

Users can use shared workflows.

<img width="1280" height="720" alt="73-user-workflows"
src="https://github.com/user-attachments/assets/57ec3c77-7e85-402f-ae3e-86e860dda332"
/>

_Users can use shared workflows_

### 7. 👥 Self-Service Features

Users can access and edit their own profile information with the same
interface that admins see, but with restricted permissions:

- Users can edit their own profile (name, email, password)
- Password updates are only available for users with password
authentication
- OAuth-only users cannot set passwords
- Simple user settings interface
- Users can view their "stats" for the last 30 days

### 8. 🌍 Internationalization

- All fields are translatable, the current language for new fields is
English

## Technical Implementation

### Architecture Highlights

- **Repository Pattern**: Clean separation of data access logic
- **Server Components**: Leveraging Next.js 15 server components and
React 19 Form Actions for optimal performance
- **Role-Based Middleware**: Secure API routes with automatic permission
checks
- **Optimistic Updates User Updates**: User updates are immediately
reflected in the UI with optimistic updates

### Security Features

- **Role-based access control** at API and UI levels
- **Self-modification restrictions**: Users cannot change their own
roles
- **Secure password updates**: Verification required for own password
changes, admins can set passwords for other users
- **Ban system**: Prevents access while maintaining audit trail
- **Permission boundaries**: Clear separation between roles

## Testing Coverage

### Comprehensive E2E Test Suite

This PR includes **3,500+ lines of new E2E tests** across 14 test files,
ensuring coverage of all new features:

#### Test Files Added/Modified:

- **Admin System Tests** (21 tests)

  - `admin-permissions.spec.ts` - Admin access control
  - `admin-user-detail.spec.ts` - User management operations
  - `admin-users-list.spec.ts` - User listing and search

- **Permission System Tests** (30 tests)

  - `mcp-permissions.spec.ts` - MCP server role-based access
  - `resource-permissions.spec.ts` - Agent/workflow permissions

- **User Experience Tests**
  - `user-settings-popup.spec.ts` - Self-service features
  - `user-name-sync.spec.ts` - Profile updates
  - Authentication flow updates

### E2E Test Coverage Areas

✅ User listing, search, and pagination
✅ User detail viewing and editing
✅ Role assignment and restrictions
✅ Ban/unban functionality
✅ Delete user with confirmation
✅ MCP server visibility rules
✅ Featured vs private servers
✅ Agent/workflow permissions
✅ Self-service profile editing
✅ Statistics display and empty states
✅ Navigation state preservation
✅ First user admin assignment
✅ Role-based UI variations

### Test Infrastructure Improvements

- Multi-user auth states for parallel testing
- Seeded test data for consistent scenarios
- State preservation validation
- Permission boundary testing

## Database Migration Notes

12_kind_multiple_man.sql was updated to migrate model and usage data to
the new metadata format. This will only affect users who have not run
that migration yet, since the migration will have dropped those columns.
It doesn't break anything but did lose any usage or model stats for
existing chats. This migration update will maintain that existing data.

Added 13_graceful_leo.sql migrates for the admin system, roles and fixes
some cascade issues noticed in automated cleanup scripts.

### Environment Variables

No new environment variables required. The system uses the existing auth
configuration.

## Breaking Changes

- None. All existing functionality remains intact. MCP servers are all
migrated to the 1st user in the database (which may be updated to an
admin by updating that row in the database)
- New users default to the 'editor' role, maintaining the current
behavior
- Existing MCP configurations continue working the same.

## Performance Considerations

- **Lazy Loading**: Statistics load asynchronously to prevent blocking
- **Pagination**: Efficient handling of large user bases
- **Search Debouncing**: Prevents excessive API calls
- **Optimistic Updates**: Immediate UI feedback for better UX
- **Suspense Boundaries**: Graceful loading states throughout

## Future Enhancements

The architecture supports these planned features:

- User groups for team collaboration
- Model access control per user/group
- Spending limits and usage quotas
- Audit logs for compliance

Future UX improvements:

- Better UX for "featured" MCP servers, the existing interface was used,
and we might want to show more information about what they do.
- Better UX for "featured" agents. I've found my users having a hard
time finding shared agents, an essential feature for our company, since
they are the ones who will be using them.

## Review Checklist

- [ ] Database migrations tested
- [ ] Role permissions verified
- [ ] UI responsive on all screen sizes
- [ ] Error messages helpful
- [ ] Loading states smooth
- [ ] Search functionality fast
- [ ] Statistics display correctly
- [ ] Ban functionality works
- [ ] Self-service features accessible

---------

Co-authored-by: choi sung keun <[email protected]>
Co-authored-by: cgoing <[email protected]>

Author: mrjasonroy

.github/workflows/e2e-tests.yml

@@ -24,7 +24,7 @@ jobs:
 
       # LLM Provider (OpenRouter with free models)
       OPENROUTER_API_KEY: ${{ secrets.E2E_OPENROUTER_API_KEY || 'test-key' }}
-      E2E_DEFAULT_MODEL: openRouter/moonshotai/kimi-k2:free
+      E2E_DEFAULT_MODEL: openRouter/gemini-2.0-flash-exp:free
 
       # Feature flags
       DISABLE_SIGN_UP: 0
@@ -83,7 +83,10 @@ jobs:
           touch .env
 
       - name: Run database migrations
-        run: pnpm db:push
+        run: pnpm db:migrate
+
+      - name: Seed test users once before all tests
+        run: pnpm test:e2e:seed
 
       - name: Build application
         run: pnpm build:local
@@ -92,8 +95,8 @@ jobs:
         run: pnpm test:e2e
 
       - uses: actions/upload-artifact@v4
-        if: ${{ !cancelled() }}
+        if: always()
         with:
-          name: test-results
-          path: test-results/
+          name: playwright-report
+          path: playwright-report/
           retention-days: 30

.gitignore

@@ -58,4 +58,4 @@ local-data
 *.ignore
 .mcp-config.json
 openai-compatible.config.ts
-certificates
+certificates

CONTRIBUTING.md

@@ -67,34 +67,23 @@ If you are fixing a bug, please add tests to prevent the same bug from happening
 
 6. **Run e2e tests**:
 
-Before opening a PR run e2e tests to ensure your changes work as expected.
-
-```bash
-
-# install playwright browsers - you only need to do this once
-pnpm playwright:install # install playwright browsers
-
-# this is typically the command you will use to run all e2e tests
-pnpm test:e2e # run all e2e tests
-```
-
-To help you debug, you can run the tests individually or in headed mode to see the browser UI.
-
-```bash
+   ```bash
+   pnpm playwright:install # install playwright browsers
+   pnpm test:e2e # run all e2e tests (48 tests covering core functionality)
 
-# Optional: run specific test suites in a folder
-pnpm test:e2e -- tests/agents/
-pnpm test:e2e -- tests/models/
+   # Optional: run specific test suites
+   pnpm test:e2e -- tests/agents/
+   pnpm test:e2e -- tests/models/
 
-# Debug specific test file in headed mode to see the browser UI
-pnpm test:e2e -- tests/agents/agent-visibility.spec.ts --headed
-```
+   # Debug specific test
+   pnpm test:e2e -- tests/agents/agent-visibility.spec.ts --headed
+   ```
 
-**E2E Test Requirements:**
+   **E2E Test Requirements:**
 
-- PostgreSQL database (use `pnpm docker:pg` for quick setup)
-- At least one LLM provider API key (OpenAI, Anthropic, or Google)
-- `BETTER_AUTH_SECRET` environment variable set
+   - PostgreSQL database (use `pnpm docker:pg` for quick setup)
+   - At least one LLM provider API key (OpenAI, Anthropic, or Google)
+   - `BETTER_AUTH_SECRET` environment variable set
 
 ---
 

README.md

@@ -1,6 +1,5 @@
 <img width="1184" height="576" alt="thumbnail" loading="lazy" src="https://github.com/user-attachments/assets/d6ba80ff-a62a-4920-b266-85c4a89d6076" />
 
-
 [![MCP Supported](https://img.shields.io/badge/MCP-Supported-00c853)](https://modelcontextprotocol.io/introduction)
 [![Local First](https://img.shields.io/badge/Local-First-blue)](https://localfirstweb.dev/)
 [![Discord](https://img.shields.io/discord/1374047276074537103?label=Discord&logo=discord&color=5865F2)](https://discord.gg/gCRu69Upnp)
@@ -17,11 +16,10 @@
 • **Collaboration** - Share agents, workflows, and MCP configurations with your team  
 • **Voice Assistant** - Realtime voice chat with full MCP tool integration  
 • **Intuitive UX** - Instantly invoke any feature with `@mention`  
-• **Quick Start** - Deploy free with Vercel Deploy button  
+• **Quick Start** - Deploy free with Vercel Deploy button
 
 Built with Vercel AI SDK and Next.js, combining the best features of leading AI services into one platform.
 
-
 ### Quick Start 🚀
 
 ```bash
@@ -80,15 +78,15 @@ Open [http://localhost:3000](http://localhost:3000) in your browser to get start
   - [Quick Start (Local Version) 🚀](#quick-start-local-version-)
   - [Environment Variables](#environment-variables)
 - [📘 Guides](#-guides)
-    - [🔌 MCP Server Setup \& Tool Testing](#-mcp-server-setup--tool-testing)
-    - [🐳 Docker Hosting Guide](#-docker-hosting-guide)
-    - [▲ Vercel Hosting Guide](#-vercel-hosting-guide)
-    - [🎯 System Prompts \& Chat Customization](#-system-prompts--chat-customization)
-    - [🔐 OAuth Sign-In Setup](#-oauth-sign-in-setup)
-    - [🕵🏿 Adding openAI like providers](#-adding-openai-like-providers)
-    - [🧪 E2E Testing Guide](#-e2e-testing-guide)
+  - [🔌 MCP Server Setup \& Tool Testing](#-mcp-server-setup--tool-testing)
+  - [🐳 Docker Hosting Guide](#-docker-hosting-guide)
+  - [▲ Vercel Hosting Guide](#-vercel-hosting-guide)
+  - [🎯 System Prompts \& Chat Customization](#-system-prompts--chat-customization)
+  - [🔐 OAuth Sign-In Setup](#-oauth-sign-in-setup)
+  - [🕵🏿 Adding openAI like providers](#-adding-openai-like-providers)
+  - [🧪 E2E Testing Guide](#-e2e-testing-guide)
 - [💡 Tips](#-tips)
-    - [💬 Temporary Chat Windows](#-temporary-chat-windows)
+  - [💬 Temporary Chat Windows](#-temporary-chat-windows)
 - [🗺️ Roadmap](#️-roadmap)
 - [🙌 Contributing](#-contributing)
 - [💬 Join Our Discord](#-join-our-discord)
@@ -103,7 +101,6 @@ Get a feel for the UX — here's a quick look at what's possible.
 
 ![preview](https://github.com/user-attachments/assets/e4febb04-26d5-45da-a7bb-f7d452d333c2)
 
-
 **Example:** Control a web browser using Microsoft's [playwright-mcp](https://github.com/microsoft/playwright-mcp) tool.
 
 - The LLM autonomously decides how to use tools from the MCP server, calling them multiple times to complete a multi-step task and return a final message.
@@ -144,10 +141,11 @@ Sample prompt:
 **Example:** Create specialized AI agents with custom instructions and tool access.
 
 - Define custom agents with specific system prompts and available tools
-- Easily invoke agents in chat using `@agent_name` 
+- Easily invoke agents in chat using `@agent_name`
 - Build task-specific assistants like a GitHub Manager agent with issue/PR tools and project context
 
 For instance, create a GitHub Manager agent by:
+
 - Providing GitHub tools (issue/PR creation, comments, queries)
 - Adding project details to the system prompt
 - Calling it with `@github_manager` to manage your repository
@@ -277,9 +275,22 @@ pnpm build:local && pnpm start
 # pnpm dev
 ```
 
-Open [http://localhost:3000](http://localhost:3000) in your browser to get started.
+Alternative: Use Docker Compose for DB only (run app via pnpm)
 
-<br/>
+```bash
+# Start Postgres only via compose
+# Ensure your .env includes: POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB matching POSTGRES_URL
+docker compose -f docker/compose.yml up -d postgres
+
+# Apply migrations
+pnpm db:migrate
+
+
+# Run app locally
+pnpm dev   # or: pnpm build && pnpm start
+```
+
+Open [http://localhost:3000](http://localhost:3000) in your browser to get started.
 
 ### Environment Variables
 

docs/tips-guides/e2e-testing-guide.md

@@ -21,7 +21,7 @@ pnpm test:e2e:ui
 pnpm test:e2e -- tests/agents/agent-creation.spec.ts
 
 # Run tests in debug mode
-pnpm test:e2e -- --debug
+pnpm test:e2e:debug
 ```
 
 ## 🏗️ Test Architecture
@@ -83,28 +83,17 @@ We recommend using the [Playwright](https://marketplace.visualstudio.com/items?i
 
 ### Test Database
 
-For safety, always use a **separate test, local database**. If you run this against a production database, it can **severely impact your data**.
-
-The easiest database to use the local postgres database setup through the included docker compose file.
-
 ```bash
-# Use Docker (recommended)
 pnpm docker:pg
 ```
 
-Set the `POSTGRES_URL` environment variable in your .env to the test database URL.
-
-```text
-POSTGRES_URL="postgres://user:password@localhost:5432/better_chatbot"
-```
-
 ## 🎯 Authentication Strategy
 
 ### Authentication Setup
 
-Tests authenticate 2 users by default on setup. - This is to test multi-user functionality like agent or workspace sharing.
+Tests authenticate 4 users 1 admin, 1 editor, 1 editor2, and 1 regular by default on setup. - This is to test multi-user functionality like agent or workspace sharing. These users are defined in `tests/constants/test-users.ts`.
 
-To test as an authenticated user (nearly all tests), you can use the `test.use({ storageState: 'tests/.auth/user1.json' });` in the test file. Without this, the test will run as an unauthenticated user. This can go in the describe block or the test block.
+To test as an authenticated user (nearly all tests), you can use the `test.use({ storageState: TEST_USERS.editor.authFile });` or `test.use({ storageState: TEST_USERS.editor2.authFile });` or `test.use({ storageState: TEST_USERS.regular.authFile });` or `test.use({ storageState: TEST_USERS.admin.authFile });` in the test file. Without this, the test will run as an unauthenticated user. This can go in the describe block or the test block.
 
 ### Multi-User Testing
 
@@ -116,8 +105,9 @@ Playwright is designed to run tests in parallel. This means that each test will
 
 ```typescript
 // Most tests use single user authentication
+import { TEST_USERS } from '../constants/test-users';
 test.describe('Agent Creation', () => {
-  test.use({ storageState: 'tests/.auth/user1.json' });
+  test.use({ storageState: TEST_USERS.editor.authFile });
 
   test('should create agent', async ({ page }) => {
     // Test logic here
@@ -128,8 +118,9 @@ test.describe('Agent Creation', () => {
 #### User 2 Only
 
 ```typescript
+import { TEST_USERS } from '../constants/test-users';
 test.describe('Agent Creation', () => {
-  test.use({ storageState: 'tests/.auth/user2.json' });
+  test.use({ storageState: TEST_USERS.editor2.authFile });
 
   test('should create agent', async ({ page }) => {
     // Test logic here
@@ -142,17 +133,18 @@ test.describe('Agent Creation', () => {
 This is the most common use case for multi-user testing.
 
 ```typescript
+import { TEST_USERS } from '../constants/test-users';
 test.describe('Agent Sharing', () => {
   test('user sharing workflow', async ({ browser }) => {
     // User1 creates agent
     const user1Context = await browser.newContext({
-      storageState: 'tests/.auth/user1.json',
+      storageState: TEST_USERS.editor.authFile,
     });
     const user1Page = await user1Context.newPage();
 
     // User2 interacts with shared agent
     const user2Context = await browser.newContext({
-      storageState: 'tests/.auth/user2.json',
+      storageState: TEST_USERS.editor2.authFile,
     });
     const user2Page = await user2Context.newPage();
   });
@@ -213,30 +205,20 @@ const agentName = `Test Agent ${testSuffix}`;
 
 ### Debug Commands
 
-See [https://playwright.dev/docs/test-cli](https://playwright.dev/docs/test-cli) for more information.
-
-Some useful commands to help you debug your tests:
-
 ```bash
 # Run specific test with browser visible
 pnpm test:e2e -- tests/agents/agent-creation.spec.ts --headed
 
 # Debug mode with breakpoints
-pnpm test:e2e:debug -- --debug
+pnpm test:e2e:debug
 
 # Run single test
-pnpm test:e2e -- -g "should create agent"
+npx playwright test -g "should create agent"
 
 # Generate test report
-pnpm test:e2e -- show-report
+npx playwright show-report
 ```
 
-### VSCode/Cursor Debugging
-
-You can use the VSCode extension to debug and help write your tests, it's a great way to get started:
-
-See [https://playwright.dev/docs/getting-started-vscode](https://playwright.dev/docs/getting-started-vscode) for more information.
-
 ### Debug Helpers
 
 Add debug information to tests:
@@ -286,9 +268,9 @@ Tests run automatically on GitHub Actions with:
 
 ```typescript
 import { test, expect } from '@playwright/test';
-
+import { TEST_USERS } from '../constants/test-users';
 test.describe('Your Feature', () => {
-  test.use({ storageState: 'tests/.auth/user1.json' });
+  test.use({ storageState: TEST_USERS.editor.authFile });
 
   test('should perform action', async ({ page }) => {
     // Navigate to page
@@ -310,12 +292,13 @@ test.describe('Your Feature', () => {
 ### Multi-User Test Template
 
 ```typescript
+import { TEST_USERS } from '../constants/test-users';
 test('multi-user workflow', async ({ browser }) => {
   const testId = Date.now().toString(36);
 
   // User1 setup
   const user1Context = await browser.newContext({
-    storageState: 'tests/.auth/user1.json',
+    storageState: TEST_USERS.editor.authFile,
   });
   const user1Page = await user1Context.newPage();