commit f1c2d3e4g5h6i7j8k9l0m1n2o3p4q5r6s7t8u9v0

Author: atonixdev

README.md

@@ -148,8 +148,63 @@ For production, use the provided `Dockerfile` and `compose.yaml` as a basis and
 
 ---
 
+## Admin & audit logs
+
+This project includes a simple admin console and audit logging to help administrators monitor important events.
+
+- Make a user an admin:
+	- The `users` table contains an `is_admin` column (0/1). To grant admin rights to an existing user run:
+
+```sql
+UPDATE dbkamp.sqlite3 SET is_admin = 1 WHERE email = 'admin@example.com';
+```
+
+	- Or, using the Python DB helpers, you can set the field manually in a script that connects via `dbkamp.db.get_connection()`.
+
+- Viewing audit logs:
+	- Admins can visit `/dashboard/admin` in the app to inspect recent audit events (sign-ins, token creation/revocation, group/project changes, uploads, etc.).
+	- Audit events are stored in the `audit_logs` table (columns: `event_type`, `actor_user_id`, `details`, `ip`, `created_at`).
+
+- Notes and next steps:
+	- The admin console is read-only by default; actions such as revoking sessions or rotating tokens are UI placeholders and require backend handlers.
+	- For production, forward audit logs to a centralized logging system (ELK / Splunk / Cloud Logging) and enable secure retention and access controls.
+
+	### How super users (admins) log in
+
+	- Admins use the normal login flow (email/password or OAuth). Once a user's `is_admin` flag is set to `1`, they can visit `/dashboard/admin` to access the admin console.
+	- Use the provided convenience script to promote a user by email:
+
+	```bash
+	./scripts/promote_user_to_admin.py admin@example.com
+	```
+
+	After promotion, the user simply logs in and navigates to `/dashboard/admin`.
+
+---
+
 ## Contributing
 
 Contributions are welcome. Please open PRs against `main` and include a short description and tests where possible.
 
 
+---
+
+## Text generation & TTS (optional)
+
+This project includes optional endpoints for text generation and text-to-speech. These are disabled until you install the required packages.
+
+Install dependencies (recommended inside your virtualenv):
+
+```bash
+pip install transformers torch TTS[all] soundfile numpy
+```
+
+Endpoints:
+- POST `/api/generate` JSON {"prompt": "Hello"} → returns generated text
+- POST `/api/tts` JSON {"text": "Hello world"} → returns WAV audio
+
+Notes:
+- The code uses lazy imports and will return a helpful error if the dependencies are missing.
+- First run may download models (this can be large). For GPU acceleration, install a CUDA-enabled `torch` build.
+
+

dbkamp/db.py

@@ -44,6 +44,8 @@ def ensure_column(col, col_def):
     ensure_column('notify_email', 'notify_email INTEGER DEFAULT 1')
     ensure_column('notify_digest', "notify_digest TEXT DEFAULT 'weekly'")
     ensure_column('notify_webhook', 'notify_webhook TEXT')
+    # admin flag
+    ensure_column('is_admin', 'is_admin INTEGER DEFAULT 0')
     conn.commit()
     conn.close()
     # ensure API tokens table exists
@@ -52,6 +54,7 @@ def ensure_column(col, col_def):
     ensure_groups_tables()
     ensure_projects_tables()
     ensure_environments_table()
+    ensure_audit_table()
 
 
 def ensure_api_tokens_table():
@@ -155,6 +158,20 @@ def ensure_projects_tables():
     ''')
     conn.commit()
     conn.close()
+    # project members table
+    conn = get_connection()
+    cur = conn.cursor()
+    cur.execute('''
+    CREATE TABLE IF NOT EXISTS project_members (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        project_id INTEGER NOT NULL,
+        user_id INTEGER NOT NULL,
+        role TEXT NOT NULL,
+        added_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+    )
+    ''')
+    conn.commit()
+    conn.close()
 
 
 def ensure_environments_table():
@@ -182,13 +199,34 @@ def ensure_environments_table():
     conn.close()
 
 
+def ensure_audit_table():
+    conn = get_connection()
+    cur = conn.cursor()
+    cur.execute('''
+    CREATE TABLE IF NOT EXISTS audit_logs (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        event_type TEXT NOT NULL,
+        actor_user_id INTEGER,
+        details TEXT,
+        ip TEXT,
+        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+    )
+    ''')
+    conn.commit()
+    conn.close()
+
+
 def create_environment(project_id: int, name: str, target: str = None):
     conn = get_connection()
     cur = conn.cursor()
     cur.execute('INSERT INTO environments (project_id, name, target) VALUES (?, ?, ?)', (project_id, name, target))
     conn.commit()
     eid = cur.lastrowid
     conn.close()
+    try:
+        record_audit('environment.create', actor_user_id=None, details=f'project_id={project_id}, env={name}')
+    except Exception:
+        pass
     return eid
 
 
@@ -221,13 +259,35 @@ def list_env_vars(environment_id: int):
     conn.close()
     return [dict(r) for r in rows]
 
+
+def record_audit(event_type: str, actor_user_id: int = None, details: str = None, ip: str = None):
+    """Record an audit event."""
+    conn = get_connection()
+    cur = conn.cursor()
+    cur.execute('INSERT INTO audit_logs (event_type, actor_user_id, details, ip) VALUES (?, ?, ?, ?)', (event_type, actor_user_id, details, ip))
+    conn.commit()
+    conn.close()
+
+
+def list_audit_logs(limit: int = 200):
+    conn = get_connection()
+    cur = conn.cursor()
+    cur.execute('SELECT id, event_type, actor_user_id, details, ip, created_at FROM audit_logs ORDER BY created_at DESC LIMIT ?', (limit,))
+    rows = cur.fetchall()
+    conn.close()
+    return [dict(r) for r in rows]
+
 def create_project(name: str, repo_url: str = None, orchestration: str = None, config: str = None):
     conn = get_connection()
     cur = conn.cursor()
     cur.execute('INSERT INTO projects (name, repo_url, orchestration, config) VALUES (?, ?, ?, ?)', (name, repo_url, orchestration, config))
     conn.commit()
     pid = cur.lastrowid
     conn.close()
+    try:
+        record_audit('project.create', actor_user_id=None, details=f'project={name}, repo={repo_url}')
+    except Exception:
+        pass
     return pid
 
 
@@ -285,13 +345,39 @@ def list_milestones(project_id: int):
     return [dict(r) for r in rows]
 
 
+def add_project_member(project_id: int, user_id: int, role: str = 'member'):
+    conn = get_connection()
+    cur = conn.cursor()
+    cur.execute('INSERT INTO project_members (project_id, user_id, role) VALUES (?, ?, ?)', (project_id, user_id, role))
+    conn.commit()
+    conn.close()
+    try:
+        record_audit('project.member.add', actor_user_id=None, details=f'project_id={project_id}, user_id={user_id}, role={role}')
+    except Exception:
+        pass
+    return True
+
+
+def list_project_members(project_id: int):
+    conn = get_connection()
+    cur = conn.cursor()
+    cur.execute('SELECT pm.id, pm.user_id, pm.role, u.email, u.full_name, pm.added_at FROM project_members pm LEFT JOIN users u ON u.id = pm.user_id WHERE pm.project_id = ? ORDER BY pm.added_at DESC', (project_id,))
+    rows = cur.fetchall()
+    conn.close()
+    return [dict(r) for r in rows]
+
+
 def create_group(name: str, description: str = None):
     conn = get_connection()
     cur = conn.cursor()
     cur.execute('INSERT INTO groups (name, description) VALUES (?, ?)', (name, description))
     conn.commit()
     gid = cur.lastrowid
     conn.close()
+    try:
+        record_audit('group.create', actor_user_id=None, details=f'group={name}')
+    except Exception:
+        pass
     return gid
 
 
@@ -346,6 +432,10 @@ def record_upload(user_id: int, filename: str, status: str, message: str = None,
     cur.execute('INSERT INTO uploads (user_id, filename, status, message, chunks_indexed) VALUES (?, ?, ?, ?, ?)', (user_id, filename, status, message, chunks_indexed))
     conn.commit()
     conn.close()
+    try:
+        record_audit('upload.record', actor_user_id=user_id, details=f'{filename} status={status} msg={message}')
+    except Exception:
+        pass
 
 
 def list_uploads_for_user(user_id: int, limit: int = 20):
@@ -366,6 +456,10 @@ def create_api_token(user_id: int, name: str, token_plain: str):
     cur.execute('INSERT INTO api_tokens (user_id, name, token_hash) VALUES (?, ?, ?)', (user_id, name, token_hash))
     conn.commit()
     conn.close()
+    try:
+        record_audit('api.token.create', actor_user_id=user_id, details=f'name={name}')
+    except Exception:
+        pass
     return True
 
 
@@ -388,6 +482,10 @@ def revoke_api_token(token_id: int, user_id: int):
     cur.execute('UPDATE api_tokens SET revoked_at = CURRENT_TIMESTAMP WHERE id = ?', (token_id,))
     conn.commit()
     conn.close()
+    try:
+        record_audit('api.token.revoke', actor_user_id=user_id, details=f'token_id={token_id}')
+    except Exception:
+        pass
     return True
 
 
@@ -399,6 +497,10 @@ def create_user(email: str, password: str) -> bool:
         cur = conn.cursor()
         cur.execute('INSERT INTO users (email, password) VALUES (?, ?)', (email, pw_hash))
         conn.commit()
+        try:
+            record_audit('user.create', actor_user_id=None, details=f'email={email}')
+        except Exception:
+            pass
         return True
     except sqlite3.IntegrityError:
         return False

models/tts_and_text.py

@@ -0,0 +1,77 @@
+import io
+import logging
+
+logger = logging.getLogger(__name__)
+
+_text_gen = None
+_tts = None
+
+def text_generate(prompt: str, model_name: str = 'gpt2', max_new_tokens: int = 128):
+    """Generate text from a prompt using Hugging Face pipelines (lazy import).
+
+    Returns generated text on success or raises ImportError if transformers not installed.
+    """
+    global _text_gen
+    try:
+        from transformers import pipeline
+    except Exception as e:
+        logger.exception('transformers not available')
+        raise ImportError('transformers package is required for text generation') from e
+
+    if _text_gen is None:
+        _text_gen = pipeline('text-generation', model=model_name)
+    out = _text_gen(prompt, max_new_tokens=max_new_tokens, do_sample=True, top_p=0.95)
+    return out[0].get('generated_text')
+
+
+def synthesize_speech(text: str, tts_model: str = 'tts_models/en/ljspeech/tacotron2-DDC'):
+    """Synthesize speech using Coqui TTS (lazy import).
+
+    Returns raw WAV bytes. Raises ImportError if TTS not available.
+    """
+    global _tts
+    try:
+        from TTS.api import TTS
+        import soundfile as sf
+        import numpy as np
+    except Exception as e:
+        logger.exception('TTS dependencies not available')
+        raise ImportError('Coqui TTS and soundfile packages are required for TTS') from e
+
+    if _tts is None:
+        _tts = TTS(tts_model)
+
+    # TTS.tts returns a numpy array of audio samples
+    wav = _tts.tts(text)
+    sample_rate = _tts.synthesizer.output_sample_rate if hasattr(_tts, 'synthesizer') else 22050
+
+    buf = io.BytesIO()
+    sf.write(buf, wav.astype(np.float32), sample_rate, format='WAV')
+    buf.seek(0)
+    return buf.read()
+# models/tts_and_text.py
+import io
+import soundfile as sf
+from transformers import pipeline
+from TTS.api import TTS
+
+# text generation (small example)
+_text_gen = None
+def text_generate(prompt, model_name="gpt2"):
+    global _text_gen
+    if _text_gen is None:
+        _text_gen = pipeline("text-generation", model=model_name)
+    out = _text_gen(prompt, max_new_tokens=128, do_sample=True, top_p=0.95)
+    return out[0]['generated_text']
+
+# TTS using Coqui TTS (will download prebuilt model on first run)
+_tts = None
+def synthesize_speech(text, tts_model="tts_models/en/ljspeech/tacotron2-DDC"):
+    global _tts
+    if _tts is None:
+        _tts = TTS(tts_model)  # choose a model id from Coqui
+    wav = _tts.tts(text)
+    # return raw bytes (WAV)
+    buf = io.BytesIO()
+    sf.write(buf, wav, _tts.synthesizer.output_sample_rate, format='WAV')
+    return buf.getvalue()

requirements.txt

@@ -28,4 +28,9 @@ black
 isort
 flake8
 sentence-transformers
-faiss-cpu
+faiss-cpu
+transformers
+torch
+TTS[all]
+soundfile
+numpy