cap-nodejs

CAP Dashboard

The dashboard package provides an optional admin surface for CAP outbox and inbox records. It includes REST endpoints and a lightweight static UI.

Packages: @mikara89/cap-dashboard-nest, @mikara89/cap-dashboard-express, and framework-neutral @mikara89/cap-dashboard-core.

Current Status

The dashboard exists and is included in the MVP target. It supports listing, detail views, retry/mark actions, and manual outbox flushing. The UI is still a small admin surface rather than a polished operations console.

Registration

Register the dashboard after CAP core storage and transport are available.

import { Module } from '@nestjs/common';
import { CapModule } from '@mikara89/cap-nest';
import { CapDashboardModule } from '@mikara89/cap-dashboard-nest';

@Module({
  imports: [
    CapModule.forInMemory(),
    CapDashboardModule.forRoot({
      guard: {
        provide: 'CAP_DASHBOARD_GUARD',
        useValue: { canActivate: () => true },
      },
      authorizer: {
        provide: 'CAP_DASHBOARD_AUTHORIZER',
        useValue: ({ permission }) => permission === 'read',
      },
      routePrefix: '/api/cap',
      uiRoute: '/cap-dashboard',
      serveStatic: true,
    }),
  ],
})
export class AppModule {}

The sample guard and authorizer are for tests and local demos only. Production apps must provide real NestJS authentication and authorization appropriate for admin actions.

MVP must keep dashboard security application-owned. CAP should not prescribe a specific identity provider, session model, token format, or role system. The host application can pass a NestJS guard for authentication and an optional operation-aware authorizer for read/admin policy.

For Express, pass application-owned middleware when creating the router:

import { createCapDashboardRouter } from '@mikara89/cap-dashboard-express';

app.use(
  '/api/cap',
  createCapDashboardRouter({
    service,
    middleware: requireAuthenticatedOperator,
  }),
);

Mounting the router without middleware is local-only. Write endpoints can retry messages, mark records, or flush the outbox, so production deployments must protect the router before exposing it.

Options

REST API

All endpoints are mounted under routePrefix.

Outbox

Inbox

Scheduler

Response Shapes

List responses:

{
  "items": [],
  "total": 0,
  "page": 1,
  "limit": 50
}

Item responses include stable preview fields such as id, topic, retryCount, status/processed flags, dates, and payloadPreview. Full payloads and headers should only be requested for detail views by passing full=true.

Storage Expectations

The dashboard uses the core storage tokens:

For efficient operation, production adapters should provide these optional methods:

Without these methods, the dashboard falls back to less complete or less efficient behavior. The MikroORM adapter provides these helpers.

Security Notes