Server Admin

A SvelteKit admin app for managing the self-hosted server — system health, container orchestration, backup management, AI spend tracking, XRPL price-alert controls, and per-database schema browsing. Tailscale-only auth — no public surface.

Overview — health status bar (services, sentinel files, CPU, disk, memory, TLS, syncs), expandable service cards with live memory/PID data, and quick-stats tiles for server, Hair by Cari bookings, and XRPL price. Backups — paginated archive list with unified + encrypted-secrets pairs, one-click backup trigger, coverage audit, and quick-reference restore commands. Nightly snapshots with off-site replication. OpenClaw — Podman container lifecycle controls, OpenRouter budget tracking (daily/monthly spend), channel allowlists (WhatsApp + iMessage), model routing tiers, skill registry, and recent activity log. Schemas & Architecture — collapsible database browser plus tabs for Data Flow, API Routes, Folder Tree, and File Manifests. Expand-on-demand keeps the surface tight. Settings — password management, TOTP two-factor auth toggle, passkey registration (Touch ID / Face ID), and a Tailscale-IP-stamped auth log showing every session verification. System — full health-check breakdown (services, sentinel files, sync jobs, resources), smoke-test history, silent-failure counters, cron job schedule with last-run times, IMAP listener status, and per-service log viewer.

• Podman container lifecycle — restart, rebuild, live memory/CPU stats
• Encrypted backup snapshots with paired secrets files and B2 off-site sync
• Coverage audit verifying all critical server files are included in backups
• OpenRouter spend tracking — daily, weekly, monthly, with budget cap alerts
• XRPL price-alert daemon controls — per-device threshold matrix and test dispatch
• SQLite schema browser across all three databases with row counts and DDL viewer
• Tailscale-only session auth with TOTP 2FA and passkey (Touch ID / Face ID) support
• Cron job registry with schedule, last-run, consecutive-failures, and run-count-today
• Silent-failure event log — API counters, cron ticks, IMAP listener heartbeat
• Smoke-test runner with per-test history and latency tracking

SvelteKit static frontend served by Nginx behind a Tailscale ACL. Flask backend with direct Podman socket access for container lifecycle. SQLite for state. Secrets handled by a dedicated vault service in its own container. All routes require a Tailscale-issued session — no public login page exists.