feat: Makefile, admin dashboard section in README, project structure update

bradleygauthier · bradleygauthier · commit 24d0fe56628c · 2026-04-04T15:41:27.000-05:00
Makefile with 25 targets: setup, service management (register/deregister/
status), monitoring (hardware, containers), certificates (list/rotate/
inspect/trust), DNS (list/flush/resolve), audit verification, admin UI
(dev/build/install/typecheck), and testing (unit/integration/smoke/ui).

README updates: Admin UI badge, dashboard section with ASCII wireframe,
project structure includes ui/ directory, docs index cleaned up.
diff --git a/Makefile b/Makefile
@@ -0,0 +1,146 @@
+# QP Conduit - Makefile
+# Internal infrastructure for on-premises AI deployments.
+# https://github.com/quantumpipes/conduit
+#
+# Override CONDUIT_APP_NAME to rebrand for your project.
+# Include this Makefile in your own: include path/to/conduit/Makefile
+
+SHELL := /bin/bash
+.DEFAULT_GOAL := help
+
+CONDUIT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+UI_DIR := $(CONDUIT_DIR)/ui
+
+# ---------------------------------------------------------------------------
+# Help
+# ---------------------------------------------------------------------------
+.PHONY: help
+help: ## Show this help
+	@echo ""
+	@echo "  QP Conduit - On-Premises Infrastructure"
+	@echo "  ========================================"
+	@echo ""
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \
+		awk 'BEGIN {FS = ":.*?## "}; {printf "  \033[36m%-26s\033[0m %s\n", $$1, $$2}'
+	@echo ""
+
+# ---------------------------------------------------------------------------
+# Setup
+# ---------------------------------------------------------------------------
+.PHONY: conduit-setup
+conduit-setup: ## Initialize Conduit (dnsmasq, Caddy, internal CA)
+	@bash $(CONDUIT_DIR)/conduit-setup.sh
+
+# ---------------------------------------------------------------------------
+# Service Management
+# ---------------------------------------------------------------------------
+.PHONY: conduit-register
+conduit-register: ## Register a service (NAME=grafana HOST=10.0.1.50:3000)
+	@bash $(CONDUIT_DIR)/conduit-register.sh --name $(NAME) --host $(HOST) \
+		$(if $(HEALTH),--health $(HEALTH),) \
+		$(if $(NO_TLS),--no-tls,)
+
+.PHONY: conduit-deregister
+conduit-deregister: ## Remove a service (NAME=grafana)
+	@bash $(CONDUIT_DIR)/conduit-deregister.sh --name $(NAME)
+
+.PHONY: conduit-status
+conduit-status: ## Show all services with health, TLS, and DNS status
+	@bash $(CONDUIT_DIR)/conduit-status.sh
+
+# ---------------------------------------------------------------------------
+# Monitoring
+# ---------------------------------------------------------------------------
+.PHONY: conduit-monitor
+conduit-monitor: ## Show hardware stats (GPU, CPU, memory, disk)
+	@bash $(CONDUIT_DIR)/conduit-monitor.sh $(if $(SERVER),--server $(SERVER),)
+
+.PHONY: conduit-monitor-containers
+conduit-monitor-containers: ## Show Docker container health
+	@bash $(CONDUIT_DIR)/conduit-monitor.sh --containers
+
+# ---------------------------------------------------------------------------
+# Certificates
+# ---------------------------------------------------------------------------
+.PHONY: conduit-certs
+conduit-certs: ## List all TLS certificates with expiry dates
+	@bash $(CONDUIT_DIR)/conduit-certs.sh
+
+.PHONY: conduit-certs-rotate
+conduit-certs-rotate: ## Rotate a certificate (NAME=grafana)
+	@bash $(CONDUIT_DIR)/conduit-certs.sh --rotate $(NAME)
+
+.PHONY: conduit-certs-inspect
+conduit-certs-inspect: ## Inspect a certificate (NAME=grafana)
+	@bash $(CONDUIT_DIR)/conduit-certs.sh --inspect $(NAME)
+
+.PHONY: conduit-certs-trust
+conduit-certs-trust: ## Install internal CA in system trust store
+	@bash $(CONDUIT_DIR)/conduit-certs.sh --trust
+
+# ---------------------------------------------------------------------------
+# DNS
+# ---------------------------------------------------------------------------
+.PHONY: conduit-dns
+conduit-dns: ## List all DNS entries
+	@bash $(CONDUIT_DIR)/conduit-dns.sh
+
+.PHONY: conduit-dns-flush
+conduit-dns-flush: ## Flush DNS cache
+	@bash $(CONDUIT_DIR)/conduit-dns.sh --flush
+
+.PHONY: conduit-dns-resolve
+conduit-dns-resolve: ## Test DNS resolution (DOMAIN=grafana.internal)
+	@bash $(CONDUIT_DIR)/conduit-dns.sh --resolve $(DOMAIN)
+
+# ---------------------------------------------------------------------------
+# Audit
+# ---------------------------------------------------------------------------
+.PHONY: conduit-verify
+conduit-verify: ## Verify Capsule audit chain integrity
+	@bash -c 'source $(CONDUIT_DIR)/conduit-preflight.sh && qp-capsule verify'
+
+# ---------------------------------------------------------------------------
+# Admin UI
+# ---------------------------------------------------------------------------
+.PHONY: ui
+ui: ## Start the admin dashboard (dev mode, port 5173)
+	@cd $(UI_DIR) && npm run dev
+
+.PHONY: ui-build
+ui-build: ## Build the admin dashboard for production
+	@cd $(UI_DIR) && npm run build
+
+.PHONY: ui-install
+ui-install: ## Install admin dashboard dependencies
+	@cd $(UI_DIR) && npm install
+
+.PHONY: ui-typecheck
+ui-typecheck: ## Type-check the admin dashboard
+	@cd $(UI_DIR) && npm run typecheck
+
+# ---------------------------------------------------------------------------
+# Testing
+# ---------------------------------------------------------------------------
+.PHONY: test
+test: ## Run all tests (requires bats-core)
+	@bats $(CONDUIT_DIR)/tests/unit/ $(CONDUIT_DIR)/tests/integration/
+
+.PHONY: test-unit
+test-unit: ## Run unit tests only
+	@bats $(CONDUIT_DIR)/tests/unit/
+
+.PHONY: test-integration
+test-integration: ## Run integration tests only
+	@bats $(CONDUIT_DIR)/tests/integration/
+
+.PHONY: test-smoke
+test-smoke: ## Run smoke tests
+	@bash $(CONDUIT_DIR)/tests/smoke/test_standalone.sh
+
+.PHONY: test-ui
+test-ui: ## Run admin dashboard tests
+	@cd $(UI_DIR) && npm test
+
+.PHONY: check
+check: test ui-typecheck ## Run all tests + type-check UI
diff --git a/README.md b/README.md
@@ -9,6 +9,7 @@ Tunnel gets you in. Conduit connects everything inside. Automatic DNS, internal
 [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Crypto](https://img.shields.io/badge/Crypto-Internal_CA_%2B_TLS_1.3-purple.svg)](#security)
 [![Capsule](https://img.shields.io/badge/Audit-Capsule_Protocol-orange.svg)](https://github.com/quantumpipes/capsule)
+[![Admin UI](https://img.shields.io/badge/UI-React_19_%2B_OKLCH-ff69b4.svg)](#admin-dashboard)
 
 </div>
 
@@ -277,6 +278,43 @@ The JSON audit log is the fast local index. Capsules are the cryptographic sourc
 
 ---
 
+## Admin Dashboard
+
+Conduit includes a browser-based admin UI for managing your entire on-premises infrastructure visually.
+
+```bash
+make ui-install    # First time: install dependencies
+make ui            # Start the dashboard (http://localhost:5173)
+```
+
+```
+┌──────────────────────────────────────────────────────────────────────┐
+│  QP Conduit                                                         │
+├──────────┬───────────────────────────────────────────────────────────┤
+│          │  Services    4 up  ·  0 degraded  ·  0 down              │
+│ Overview │                                                          │
+│ ┌──────┐ │  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐   │
+│ │Dashbd│ │  │ Hub          │  │ Core API     │  │ Grafana      │   │
+│ ├──────┤ │  │ ● hub.local  │  │ ● api.local  │  │ ● grafana    │   │
+│ │Svc   │ │  │ :4200  TLS ✓ │  │ :8000  TLS ✓ │  │ .internal    │   │
+│ │DNS   │ │  │ 12ms healthy │  │ 8ms  healthy │  │ 15ms healthy │   │
+│ │TLS   │ │  └──────────────┘  └──────────────┘  └──────────────┘   │
+│ ├──────┤ │                                                          │
+│ │Server│ │  GPU Server (10.0.1.20)                                  │
+│ │Route │ │  GPU 0: H200  87%  ███████░░  72/141 GB  62°C           │
+│ └──────┘ │  GPU 1: H200  43%  ████░░░░░  31/141 GB  58°C           │
+│          │  CPU: 24/48   Mem: 189/256 GB   Disk: 1.2/3.8 TB        │
+└──────────┴───────────────────────────────────────────────────────────┘
+```
+
+**Six views**: Dashboard (health overview), Services (register/manage), DNS (entries + resolver), TLS (certificates + CA), Servers (GPU/CPU/memory), Routing (proxy routes).
+
+**Tech**: React 19, TypeScript, Vite, TailwindCSS 4 with OKLCH perceptual color system, Zustand, TanStack Query. Dark theme with 6-level surface hierarchy.
+
+**Keyboard-first**: `1-6` switches views, `/` focuses search, `Esc` dismisses panels.
+
+---
+
 ## Security
 
 | Layer | Mechanism |
@@ -357,10 +395,8 @@ All values are overridable via environment variables or `.env.conduit`.
 |----------|----------|
 | [Architecture](./docs/architecture.md) | Developers, Auditors |
 | [Security Evaluation](./docs/security.md) | CISOs, Security Teams |
+| [Why Conduit](./docs/why-conduit.md) | Decision-Makers, Architects |
 | [Compliance Mappings](./docs/compliance/) | Regulators, GRC |
-| [Internal TLS](./docs/internal-tls.md) | Network Engineers |
-| [Monitoring](./docs/monitoring.md) | DevOps, SREs |
-| [Narrative Guide](./docs/GUIDE.md) | New Users |
 
 ### Examples
 
@@ -384,13 +420,20 @@ All values are overridable via environment variables or `.env.conduit`.
 │   ├── audit.sh                 # Structured audit logging + Capsule sealing
 │   ├── dns.sh                   # dnsmasq configuration and management
 │   ├── tls.sh                   # Caddy CA and certificate operations
-│   ├── routing.sh               # Reverse proxy route management
-│   └── monitor.sh               # Hardware and container monitoring
+│   └── routing.sh               # Reverse proxy route management
+├── ui/                          # Admin dashboard (React 19 + TypeScript)
+│   └── src/
+│       ├── components/views/    # 6 views (dashboard, services, dns, tls, servers, routing)
+│       ├── components/layout/   # AppShell, Sidebar, StatusBar
+│       ├── components/shared/   # HealthDot, StatCard, Chip, SlideOver, Toast
+│       ├── api/                 # Typed API client modules
+│       ├── stores/              # Zustand state management
+│       └── lib/                 # Types, utilities, OKLCH theme
 ├── templates/
-│   └── Caddyfile.conduit.tpl    # Caddy configuration template
+│   └── Caddyfile.service.tpl    # Per-service Caddy configuration template
 ├── conformance/                 # Audit log golden test vectors
 ├── completions/                 # Bash and Zsh tab-completion scripts
-├── tests/                       # Unit, integration, and smoke tests
+├── tests/                       # Unit, integration, and smoke tests (bats-core)
 ├── docs/                        # Architecture, security, compliance, guides
 ├── examples/                    # Deployment walkthroughs
 ├── .env.conduit.example         # Configuration template
