Feature: Admin-Controlled Prompt Sharing System

[davidamacey]

Summary

Add functionality for administrators to share LLM prompts with other users, allowing users to discover and use prompts created by others in the organization.

Current State

Currently, the LLM prompt system supports:

• System-provided default prompts (visible to all users)
• User-created custom prompts (private, only visible to creator)
• Users can create, edit, delete, and activate their own prompts
• Maximum of 50 custom prompts per user
• Prompts categorized by content type (meeting, interview, podcast, documentary, general, speaker_identification)

Relevant Code Locations:

• Backend Models: backend/app/models/prompt.py
• Backend Schemas: backend/app/schemas/prompt.py
• Backend API: backend/app/api/endpoints/prompts.py
• Frontend Component: frontend/src/components/settings/PromptSettings.svelte
• Frontend API Client: frontend/src/lib/api/prompts.ts
• Database: database/init_db.sql

Proposed Feature

Requirements

1. Admin Sharing Controls

   • Admins can mark any user-created prompt as "shared" (visible to all users in the organization)
   • Admins can unshare previously shared prompts
   • Admins can view all prompts in the system (system, shared, and user-private)
   • Only users with role='admin' or is_superuser=True can share prompts

2. User Visibility

   • Users can see three categories of prompts:
     • System prompts (default, created by the system)
     • Shared prompts (created by users, shared by admin)
     • Their own custom prompts
   • Shared prompts are read-only for non-owners
   • Users can activate any shared prompt as their active prompt
   • Users can view the prompt text and details of shared prompts
   • Users can optionally "clone" a shared prompt to create their own editable copy

3. Ownership & Attribution

   • Shared prompts display the original creator's name
   • Shared prompts cannot be edited or deleted by non-owners
   • Original owner retains full control over their prompt even when shared
   • If owner deletes a shared prompt, it's removed for all users

Technical Design

Database Changes

Add to summary_prompt table in database/init_db.sql:

ALTER TABLE summary_prompt ADD COLUMN is_shared BOOLEAN NOT NULL DEFAULT FALSE;
ALTER TABLE summary_prompt ADD COLUMN shared_by INTEGER NULL REFERENCES "user"(id);
ALTER TABLE summary_prompt ADD COLUMN shared_at TIMESTAMP WITH TIME ZONE NULL;

Backend Changes

1. Model Updates (backend/app/models/prompt.py)

   • Add is_shared field (Boolean, default False)
   • Add shared_by field (ForeignKey to User, nullable)
   • Add shared_at field (DateTime, nullable)
   • Add relationship to sharing admin user

2. Schema Updates (backend/app/schemas/prompt.py)

   • Add is_shared, shared_by, shared_at fields to SummaryPrompt schema
   • Create PromptShareRequest schema for share/unshare operations
   • Update SummaryPromptList to include shared prompts count
   • Add shared_by_name field for display purposes

3. API Endpoint Updates (backend/app/api/endpoints/prompts.py)

   • Update GET /prompts/ to include shared prompts filter
   • Add POST /prompts/{prompt_id}/share (admin only) - mark prompt as shared
   • Add POST /prompts/{prompt_id}/unshare (admin only) - unmark prompt as shared
   • Add POST /prompts/{prompt_id}/clone - clone a shared prompt to user's own library
   • Add GET /prompts/shared - get all shared prompts
   • Update visibility logic to include shared prompts

4. Authorization (backend/app/utils/auth_decorators.py)

   • Ensure admin check decorator exists or create one
   • Apply admin-only restrictions to share/unshare endpoints

Frontend Changes

1. UI Updates (frontend/src/components/settings/PromptSettings.svelte)

   • Add "Shared Prompts" section between System and Custom prompts
   • Display creator attribution for shared prompts
   • Add "Share" button for admins on user prompts (visible when viewing as admin)
   • Add "Clone" button on shared prompts for users to copy to their library
   • Show sharing status indicator on shared prompts
   • Update prompt count displays to show shared prompts separately

2. API Client (frontend/src/lib/api/prompts.ts)

   • Add sharePrompt(id) method
   • Add unsharePrompt(id) method
   • Add clonePrompt(id) method
   • Add getSharedPrompts() method
   • Update SummaryPrompt interface to include sharing fields

Admin Interface Considerations

• Add admin panel or section for managing shared prompts
• Provide search/filter capabilities for finding prompts to share
• Show statistics: total prompts, shared prompts, most used prompts
• Allow bulk operations if needed

User Stories

1. As an admin, I want to share high-quality prompts created by experienced users so that other team members can benefit from them
2. As a user, I want to discover and use prompts shared by others so I don't have to create everything from scratch
3. As a user, I want to clone a shared prompt to customize it for my specific needs
4. As a prompt creator, I want recognition when my prompt is shared while retaining ownership and control
5. As an admin, I want to curate the best prompts and make them available organization-wide

Security Considerations

• Only admins can share/unshare prompts
• Shared prompts are read-only for non-owners
• Original owner can still edit/delete even if shared (deletion removes from shared pool)
• Users cannot bypass the 50 prompt limit by cloning (clones count toward limit)
• Validate admin permissions on all share-related endpoints

Testing Requirements

• Unit tests for sharing logic and permissions
• Integration tests for share/unshare workflows
• Test prompt visibility for different user roles
• Test clone functionality
• Test deletion of shared prompts
• Test admin permission enforcement

Implementation Phases

Phase 1: Database & Backend Core

• Database schema changes
• Model and schema updates
• Basic share/unshare endpoints
• Admin permission checks

Phase 2: Backend Extended

• Clone functionality
• Enhanced visibility logic
• Shared prompts listing endpoint
• Attribution handling

Phase 3: Frontend UI

• Shared prompts section
• Admin share controls
• Clone button
• Creator attribution display

Phase 4: Testing & Polish

• Comprehensive testing
• UI/UX refinements
• Documentation updates
• Performance optimization

Success Metrics

• Number of prompts shared by admins
• Number of users using shared prompts
• Number of prompt clones created
• Reduction in duplicate prompt creation
• User satisfaction with prompt discovery

Dependencies

• Existing user role/admin system
• Current prompt management system
• Authentication/authorization framework

References

• CLAUDE.md project architecture documentation
• Existing prompt system in backend/app/api/endpoints/prompts.py:256-260 (permission checking pattern)
• User model with role field in backend/app/models/user.py:23