From a58ac303e9b1658693b2b6f17c29f6242aabcda7 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Tue, 18 Nov 2025 02:09:18 +0000
Subject: [PATCH 1/5] fix(api): exclude metrics endpoint from gzip compression

The metrics API was returning garbled binary data because the gzip
compression middleware was compressing responses but the browser
wasn't consistently decompressing them. This adds /api/v1/metrics
to the exclusion list alongside WebSocket and auth endpoints.
---
 api/cmd/main.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/api/cmd/main.go b/api/cmd/main.go
index 7abd21a8..dd53eafb 100644
--- a/api/cmd/main.go
+++ b/api/cmd/main.go
@@ -180,12 +180,13 @@ func main() {
 	auditLogger := middleware.NewAuditLogger(database, false) // Don't log request bodies by default
 	router.Use(auditLogger.Middleware())
 
-	// Add gzip compression (exclude WebSocket and auth endpoints)
+	// Add gzip compression (exclude WebSocket, auth, and metrics endpoints)
 	router.Use(middleware.GzipWithExclusions(
 		middleware.BestSpeed, // Use best speed for balance of compression vs CPU
 		[]string{
-			"/api/v1/ws/",    // Exclude WebSocket paths
-			"/api/v1/auth/",  // Exclude auth endpoints (setup, login, etc.)
+			"/api/v1/ws/",      // Exclude WebSocket paths
+			"/api/v1/auth/",    // Exclude auth endpoints (setup, login, etc.)
+			"/api/v1/metrics",  // Exclude metrics (browser handles decompression inconsistently)
 		},
 	))
 

From ae1a5a4c207d12c6e02bd439985d24d5c448c04b Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Tue, 18 Nov 2025 02:20:12 +0000
Subject: [PATCH 2/5] fix(ui): remove duplicate Settings entry and enable theme
 toggle

- Remove duplicate Settings entry from sidebar menu items array
- Wire up the remaining Settings entry (after divider) to navigate to /settings
- Add ThemeContext to App.tsx for dynamic light/dark mode switching
- Update UserSettings to use theme context instead of showing refresh message
- Theme changes now apply immediately without page refresh
---
 ui/src/App.tsx                | 106 ++++++++++++++++++++++++----------
 ui/src/components/Layout.tsx  |   6 +-
 ui/src/pages/UserSettings.tsx |  19 ++----
 3 files changed, 84 insertions(+), 47 deletions(-)

diff --git a/ui/src/App.tsx b/ui/src/App.tsx
index 52936b3d..08527166 100644
--- a/ui/src/App.tsx
+++ b/ui/src/App.tsx
@@ -1,4 +1,4 @@
-import { lazy, Suspense } from 'react';
+import { lazy, Suspense, useState, useMemo, createContext, useContext } from 'react';
 import { BrowserRouter, Routes, Route, Navigate } from 'react-router-dom';
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
 import { ThemeProvider, createTheme, CssBaseline, CircularProgress, Box } from '@mui/material';
@@ -6,6 +6,20 @@ import { useUserStore } from './store/userStore';
 import ErrorBoundary from './components/ErrorBoundary';
 import NotificationQueue from './components/NotificationQueue';
 
+// Theme mode context
+type ThemeMode = 'light' | 'dark';
+interface ThemeContextType {
+  mode: ThemeMode;
+  toggleTheme: () => void;
+}
+
+const ThemeContext = createContext<ThemeContextType>({
+  mode: 'dark',
+  toggleTheme: () => {},
+});
+
+export const useThemeMode = () => useContext(ThemeContext);
+
 // Eagerly load Login page and SetupWizard (needed immediately)
 import Login from './pages/Login';
 import SetupWizard from './pages/SetupWizard';
@@ -53,34 +67,41 @@ const queryClient = new QueryClient({
   },
 });
 
-// Create Material-UI theme
-const theme = createTheme({
-  palette: {
-    mode: 'dark',
-    primary: {
-      main: '#3f51b5',
-    },
-    secondary: {
-      main: '#f50057',
+// Create Material-UI theme based on mode
+const createAppTheme = (mode: ThemeMode) =>
+  createTheme({
+    palette: {
+      mode,
+      primary: {
+        main: '#3f51b5',
+      },
+      secondary: {
+        main: '#f50057',
+      },
+      background:
+        mode === 'dark'
+          ? {
+              default: '#0a1929',
+              paper: '#132f4c',
+            }
+          : {
+              default: '#f5f5f5',
+              paper: '#ffffff',
+            },
     },
-    background: {
-      default: '#0a1929',
-      paper: '#132f4c',
+    typography: {
+      fontFamily: '"Inter", "Roboto", "Helvetica", "Arial", sans-serif',
     },
-  },
-  typography: {
-    fontFamily: '"Inter", "Roboto", "Helvetica", "Arial", sans-serif',
-  },
-  components: {
-    MuiCard: {
-      styleOverrides: {
-        root: {
-          backgroundImage: 'none',
+    components: {
+      MuiCard: {
+        styleOverrides: {
+          root: {
+            backgroundImage: 'none',
+          },
         },
       },
     },
-  },
-});
+  });
 
 // Protected Route wrapper
 function ProtectedRoute({ children }: { children: React.ReactNode }) {
@@ -127,14 +148,36 @@ function PageLoader() {
 }
 
 function App() {
+  // Initialize theme from localStorage or default to dark
+  const [mode, setMode] = useState<ThemeMode>(() => {
+    const stored = localStorage.getItem('theme');
+    return (stored === 'light' || stored === 'dark') ? stored : 'dark';
+  });
+
+  const toggleTheme = () => {
+    setMode((prevMode) => {
+      const newMode = prevMode === 'dark' ? 'light' : 'dark';
+      localStorage.setItem('theme', newMode);
+      return newMode;
+    });
+  };
+
+  const theme = useMemo(() => createAppTheme(mode), [mode]);
+
+  const themeContextValue = useMemo(
+    () => ({ mode, toggleTheme }),
+    [mode]
+  );
+
   return (
     <QueryClientProvider client={queryClient}>
-      <ThemeProvider theme={theme}>
-        <CssBaseline />
-        <ErrorBoundary>
-          <BrowserRouter>
-            <Suspense fallback={<PageLoader />}>
-              <Routes>
+      <ThemeContext.Provider value={themeContextValue}>
+        <ThemeProvider theme={theme}>
+          <CssBaseline />
+          <ErrorBoundary>
+            <BrowserRouter>
+              <Suspense fallback={<PageLoader />}>
+                <Routes>
             {/* Public routes */}
             <Route path="/login" element={<Login />} />
             <Route path="/setup" element={<SetupWizard />} />
@@ -363,7 +406,8 @@ function App() {
           enableHistory={true}
           maxHistorySize={50}
         />
-      </ThemeProvider>
+        </ThemeProvider>
+      </ThemeContext.Provider>
     </QueryClientProvider>
   );
 }
diff --git a/ui/src/components/Layout.tsx b/ui/src/components/Layout.tsx
index 5dec0754..3008ac6c 100644
--- a/ui/src/components/Layout.tsx
+++ b/ui/src/components/Layout.tsx
@@ -94,7 +94,6 @@ function Layout({ children }: LayoutProps) {
     { text: 'My Applications', icon: <AppsIcon />, path: '/' },
     { text: 'My Sessions', icon: <ComputerIcon />, path: '/sessions' },
     { text: 'Shared with Me', icon: <ShareIcon />, path: '/shared-sessions' },
-    { text: 'Settings', icon: <SettingsIcon />, path: '/settings' },
   ];
 
   const handleOpenAdminPortal = () => {
@@ -126,7 +125,10 @@ function Layout({ children }: LayoutProps) {
       <Divider />
       <List>
         <ListItem disablePadding>
-          <ListItemButton>
+          <ListItemButton
+            selected={location.pathname === '/settings'}
+            onClick={() => navigate('/settings')}
+          >
             <ListItemIcon>
               <SettingsIcon />
             </ListItemIcon>
diff --git a/ui/src/pages/UserSettings.tsx b/ui/src/pages/UserSettings.tsx
index 75d41dba..f2ed16e7 100644
--- a/ui/src/pages/UserSettings.tsx
+++ b/ui/src/pages/UserSettings.tsx
@@ -44,6 +44,7 @@ import { useMFAMethods } from '../hooks/useApi';
 import { useQueryClient } from '@tanstack/react-query';
 import api from '../lib/api';
 import { toast } from '../lib/toast';
+import { useThemeMode } from '../App';
 
 /**
  * UserSettings - User account settings and preferences
@@ -62,6 +63,7 @@ export default function UserSettings() {
   const { user } = useUserStore();
   const queryClient = useQueryClient();
   const { data: mfaMethods = [], isLoading: mfaLoading } = useMFAMethods();
+  const { mode, toggleTheme } = useThemeMode();
 
   // Password change state
   const [passwordForm, setPasswordForm] = useState({
@@ -73,12 +75,6 @@ export default function UserSettings() {
   const [passwordSuccess, setPasswordSuccess] = useState(false);
   const [changingPassword, setChangingPassword] = useState(false);
 
-  // Theme state
-  const [darkMode, setDarkMode] = useState(() => {
-    const stored = localStorage.getItem('theme');
-    return stored ? stored === 'dark' : true; // Default to dark
-  });
-
   // MFA setup state
   const [mfaDialogOpen, setMfaDialogOpen] = useState(false);
   const [mfaStep, setMfaStep] = useState(0);
@@ -126,12 +122,7 @@ export default function UserSettings() {
 
   // Handle theme toggle
   const handleThemeToggle = () => {
-    const newTheme = !darkMode;
-    setDarkMode(newTheme);
-    localStorage.setItem('theme', newTheme ? 'dark' : 'light');
-    // Note: Full theme switching would require updating the ThemeProvider in App.tsx
-    // For now, this saves the preference
-    toast.info(`Theme preference saved. Refresh to apply ${newTheme ? 'dark' : 'light'} mode.`);
+    toggleTheme();
   };
 
   // Start MFA setup
@@ -217,12 +208,12 @@ export default function UserSettings() {
                 <FormControlLabel
                   control={
                     <Switch
-                      checked={darkMode}
+                      checked={mode === 'dark'}
                       onChange={handleThemeToggle}
                       color="primary"
                     />
                   }
-                  label={darkMode ? 'Dark Mode' : 'Light Mode'}
+                  label={mode === 'dark' ? 'Dark Mode' : 'Light Mode'}
                 />
                 <Typography variant="body2" color="text.secondary" sx={{ mt: 1 }}>
                   Choose your preferred color scheme for the interface.

From 79770cf2f0ee0b11a150818f9996d7a9e333d885 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Tue, 18 Nov 2025 02:27:51 +0000
Subject: [PATCH 3/5] refactor(ui): move user quotas to user detail page

User-specific quota overrides are now managed directly on the user
detail page instead of a separate admin quotas page. This makes quotas
group-level by default, with user-specific overrides available on the
individual user's detail page.

- Remove standalone admin Quotas page and route
- Update UserDetail to show "Resource Quota Override" section
- Update navigation to remove Quotas link
- Clarify that quotas are group-level with optional user overrides
---
 ui/src/App.tsx                          |   9 -
 ui/src/components/AdminPortalLayout.tsx |   3 +-
 ui/src/pages/admin/Quotas.tsx           | 532 ------------------------
 ui/src/pages/admin/UserDetail.tsx       |  13 +-
 4 files changed, 10 insertions(+), 547 deletions(-)
 delete mode 100644 ui/src/pages/admin/Quotas.tsx

diff --git a/ui/src/App.tsx b/ui/src/App.tsx
index 08527166..a9e21bc9 100644
--- a/ui/src/App.tsx
+++ b/ui/src/App.tsx
@@ -44,7 +44,6 @@ const InstalledPlugins = lazy(() => import('./pages/InstalledPlugins'));
 // Admin Pages (loaded only for admin users)
 const AdminDashboard = lazy(() => import('./pages/admin/Dashboard'));
 const AdminNodes = lazy(() => import('./pages/admin/Nodes'));
-const AdminQuotas = lazy(() => import('./pages/admin/Quotas'));
 const AdminPlugins = lazy(() => import('./pages/admin/Plugins'));
 const Users = lazy(() => import('./pages/admin/Users'));
 const UserDetail = lazy(() => import('./pages/admin/UserDetail'));
@@ -255,14 +254,6 @@ function App() {
                 </AdminRoute>
               }
             />
-            <Route
-              path="/admin/quotas"
-              element={
-                <AdminRoute>
-                  <AdminQuotas />
-                </AdminRoute>
-              }
-            />
             <Route
               path="/admin/plugins"
               element={
diff --git a/ui/src/components/AdminPortalLayout.tsx b/ui/src/components/AdminPortalLayout.tsx
index 92deb234..a0222351 100644
--- a/ui/src/components/AdminPortalLayout.tsx
+++ b/ui/src/components/AdminPortalLayout.tsx
@@ -61,7 +61,7 @@ interface AdminPortalLayoutProps {
  * Navigation Sections:
  * - Overview: Admin dashboard
  * - Content Management: Templates, Plugins, Repositories
- * - User Management: Users, Groups, Quotas
+ * - User Management: Users, Groups
  * - System: Nodes, Integrations, Scaling, Compliance
  *
  * @component
@@ -132,7 +132,6 @@ function AdminPortalLayout({ children }: AdminPortalLayoutProps) {
       items: [
         { text: 'Users', icon: <PeopleIcon />, path: '/admin/users' },
         { text: 'Groups', icon: <GroupsIcon />, path: '/admin/groups' },
-        { text: 'User Quotas', icon: <PeopleIcon />, path: '/admin/quotas' },
       ],
     },
     {
diff --git a/ui/src/pages/admin/Quotas.tsx b/ui/src/pages/admin/Quotas.tsx
deleted file mode 100644
index ad65dd62..00000000
--- a/ui/src/pages/admin/Quotas.tsx
+++ /dev/null
@@ -1,532 +0,0 @@
-import { useState, useEffect } from 'react';
-import {
-  Box,
-  Typography,
-  Paper,
-  Table,
-  TableBody,
-  TableCell,
-  TableContainer,
-  TableHead,
-  TableRow,
-  Button,
-  IconButton,
-  Dialog,
-  DialogTitle,
-  DialogContent,
-  DialogActions,
-  TextField,
-  Alert,
-  LinearProgress,
-  Tooltip,
-  CircularProgress,
-} from '@mui/material';
-import {
-  Add as AddIcon,
-  Edit as EditIcon,
-  Delete as DeleteIcon,
-  Refresh as RefreshIcon,
-  Warning as WarningIcon,
-} from '@mui/icons-material';
-import AdminPortalLayout from '../../components/AdminPortalLayout';
-import { api, UserQuota, SetQuotaRequest } from '../../lib/api';
-import { useQuotaEvents } from '../../hooks/useEnterpriseWebSocket';
-import { useNotificationQueue } from '../../components/NotificationQueue';
-import EnhancedWebSocketStatus from '../../components/EnhancedWebSocketStatus';
-import WebSocketErrorBoundary from '../../components/WebSocketErrorBoundary';
-
-/**
- * AdminQuotas - User resource quota management for administrators
- *
- * Administrative interface for managing user resource quotas across the platform.
- * Administrators can set and modify resource limits for individual users to control
- * session creation, CPU, memory, and storage usage. Provides real-time quota monitoring
- * with usage visualization and automatic alerts for quota violations.
- *
- * Features:
- * - Create and edit user quotas
- * - Set limits for sessions, CPU, memory, storage
- * - Visual usage indicators with progress bars
- * - Real-time quota usage tracking
- * - Quota violation warnings
- * - Delete quota configurations
- * - Real-time quota event notifications via WebSocket
- *
- * Administrative capabilities:
- * - Define per-user resource limits
- * - Monitor quota utilization in real-time
- * - Prevent resource overconsumption
- * - Receive alerts for quota violations
- * - Enforce fair resource allocation
- * - Audit quota changes
- *
- * Resource types:
- * - Sessions: Maximum concurrent sessions (integer)
- * - CPU: Maximum CPU allocation (e.g., "4000m" = 4 cores)
- * - Memory: Maximum memory allocation (e.g., "8Gi" = 8 gigabytes)
- * - Storage: Maximum persistent storage (e.g., "50Gi" = 50 gigabytes)
- *
- * Real-time features:
- * - Live quota usage updates
- * - Quota exceeded notifications (high priority)
- * - Quota warning alerts (>90% usage)
- * - Create/update/delete notifications
- * - WebSocket connection monitoring
- *
- * User workflows:
- * - Create quotas for new users
- * - Update quotas based on requirements
- * - Monitor user resource consumption
- * - Identify users approaching limits
- * - Delete quotas to remove restrictions
- *
- * @page
- * @route /admin/quotas - User resource quota management
- * @access admin - Restricted to administrators only
- *
- * @component
- *
- * @returns {JSX.Element} Quota management interface with usage visualization
- *
- * @example
- * // Route configuration:
- * <Route path="/admin/quotas" element={<AdminQuotas />} />
- *
- * @see Users for user account management
- * @see AdminDashboard for overall resource utilization
- */
-export default function AdminQuotas() {
-  const [quotas, setQuotas] = useState<UserQuota[]>([]);
-  const [loading, setLoading] = useState(true);
-  const [error, setError] = useState('');
-  const [editDialogOpen, setEditDialogOpen] = useState(false);
-  const [deleteDialogOpen, setDeleteDialogOpen] = useState(false);
-  const [selectedQuota, setSelectedQuota] = useState<UserQuota | null>(null);
-
-  // WebSocket connection state
-  const [wsConnected, setWsConnected] = useState(false);
-
-  // Enhanced notification system
-  const { addNotification } = useNotificationQueue();
-
-  // Real-time quota events via WebSocket with notifications
-  useQuotaEvents((data: any) => {
-    console.log('Quota event:', data);
-    setWsConnected(true);
-
-    // Show notifications for quota events
-    if (data.event_type === 'quota.created') {
-      addNotification({
-        message: `Quota created for user: ${data.username}`,
-        severity: 'info',
-        priority: 'medium',
-        title: 'Quota Created',
-      });
-      // Refresh quota list
-      loadQuotas();
-    } else if (data.event_type === 'quota.updated') {
-      addNotification({
-        message: `Quota updated for user ${data.username}`,
-        severity: 'info',
-        priority: 'low',
-        title: 'Quota Updated',
-      });
-      // Refresh quota list
-      loadQuotas();
-    } else if (data.event_type === 'quota.deleted') {
-      addNotification({
-        message: `Quota deleted for user ${data.username}`,
-        severity: 'warning',
-        priority: 'medium',
-        title: 'Quota Deleted',
-      });
-      // Refresh quota list
-      loadQuotas();
-    } else if (data.event_type === 'quota.exceeded') {
-      addNotification({
-        message: `User ${data.username} has exceeded ${data.resource_type} quota`,
-        severity: 'warning',
-        priority: 'high',
-        title: 'Quota Exceeded',
-      });
-    } else if (data.event_type === 'quota.warning') {
-      addNotification({
-        message: `User ${data.username} is approaching ${data.resource_type} quota limit (${data.percentage}%)`,
-        severity: 'warning',
-        priority: 'medium',
-        title: 'Quota Warning',
-      });
-    }
-  });
-
-  // Form state
-  const [username, setUsername] = useState('');
-  const [maxSessions, setMaxSessions] = useState('10');
-  const [maxCPU, setMaxCPU] = useState('4000m');
-  const [maxMemory, setMaxMemory] = useState('8Gi');
-  const [maxStorage, setMaxStorage] = useState('50Gi');
-
-  useEffect(() => {
-    loadQuotas();
-  }, []);
-
-  const loadQuotas = async () => {
-    setLoading(true);
-    setError('');
-
-    try {
-      const quotasData = await api.listAllUserQuotas();
-      // Ensure quotasData is always an array to prevent undefined errors
-      setQuotas(Array.isArray(quotasData) ? quotasData : []);
-    } catch (err: any) {
-      console.error('Failed to load quotas:', err);
-      setError(err.response?.data?.message || 'Failed to load user quotas');
-      // Set empty array on error to prevent undefined
-      setQuotas([]);
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  const handleOpenEdit = (quota?: UserQuota) => {
-    if (quota) {
-      setSelectedQuota(quota);
-      setUsername(quota.username || quota.userId);
-      setMaxSessions(quota.maxSessions.toString());
-      setMaxCPU(quota.maxCpu);
-      setMaxMemory(quota.maxMemory);
-      setMaxStorage(quota.maxStorage);
-    } else {
-      setSelectedQuota(null);
-      setUsername('');
-      setMaxSessions('10');
-      setMaxCPU('4000m');
-      setMaxMemory('8Gi');
-      setMaxStorage('50Gi');
-    }
-    setEditDialogOpen(true);
-  };
-
-  const handleSaveQuota = async () => {
-    if (!username.trim()) {
-      setError('Username is required');
-      return;
-    }
-
-    try {
-      const quotaData: SetQuotaRequest = {
-        username: username.trim(),
-        maxSessions: parseInt(maxSessions),
-        maxCpu: maxCPU,
-        maxMemory,
-        maxStorage,
-      };
-
-      await api.setAdminUserQuota(quotaData);
-      setEditDialogOpen(false);
-      loadQuotas();
-    } catch (err: any) {
-      console.error('Failed to save quota:', err);
-      setError(err.response?.data?.message || 'Failed to save user quota');
-    }
-  };
-
-  const handleDeleteQuota = async () => {
-    if (!selectedQuota) return;
-
-    try {
-      await api.deleteAdminUserQuota(selectedQuota.username || selectedQuota.userId);
-      setDeleteDialogOpen(false);
-      setSelectedQuota(null);
-      loadQuotas();
-    } catch (err: any) {
-      console.error('Failed to delete quota:', err);
-      setError(err.response?.data?.message || 'Failed to delete user quota');
-    }
-  };
-
-  const calculatePercentage = (used: number, limit: number): number => {
-    if (limit === 0) return 0;
-    return (used / limit) * 100;
-  };
-
-  const parseResourceString = (resource: string): number => {
-    // Parse resource strings like "2Gi", "4000m", etc.
-    const match = resource.match(/^(\d+)([a-zA-Z]+)?$/);
-    if (!match) return 0;
-
-    const value = parseInt(match[1]);
-    const unit = match[2] || '';
-
-    if (unit === 'Gi') return value * 1024;
-    if (unit === 'Mi') return value;
-    if (unit === 'm') return value;
-
-    return value;
-  };
-
-  if (loading) {
-    return (
-      <AdminPortalLayout>
-        <Box display="flex" justifyContent="center" alignItems="center" minHeight="60vh">
-          <CircularProgress />
-        </Box>
-      </AdminPortalLayout>
-    );
-  }
-
-  return (
-    <WebSocketErrorBoundary>
-      <AdminPortalLayout>
-        <Box>
-          <Box sx={{ display: 'flex', justifyContent: 'space-between', alignItems: 'center', mb: 3 }}>
-            <Box sx={{ display: 'flex', alignItems: 'center', gap: 2 }}>
-              <Typography variant="h4" sx={{ fontWeight: 700 }}>
-                User Quotas
-              </Typography>
-
-              {/* Enhanced WebSocket Connection Status */}
-              <EnhancedWebSocketStatus
-                isConnected={wsConnected}
-                reconnectAttempts={0}
-                size="small"
-                showDetails={true}
-              />
-            </Box>
-            <Box sx={{ display: 'flex', gap: 2 }}>
-              <Button variant="outlined" startIcon={<RefreshIcon />} onClick={loadQuotas}>
-                Refresh
-              </Button>
-              <Button variant="contained" startIcon={<AddIcon />} onClick={() => handleOpenEdit()}>
-                Add Quota
-              </Button>
-            </Box>
-          </Box>
-
-        {error && (
-          <Alert severity="error" sx={{ mb: 3 }} onClose={() => setError('')}>
-            {error}
-          </Alert>
-        )}
-
-        <TableContainer component={Paper}>
-          <Table>
-            <TableHead>
-              <TableRow>
-                <TableCell>Username</TableCell>
-                <TableCell>Sessions</TableCell>
-                <TableCell>CPU</TableCell>
-                <TableCell>Memory</TableCell>
-                <TableCell>Storage</TableCell>
-                <TableCell align="right">Actions</TableCell>
-              </TableRow>
-            </TableHead>
-            <TableBody>
-              {quotas.length === 0 ? (
-                <TableRow>
-                  <TableCell colSpan={6} align="center">
-                    <Typography variant="body2" color="text.secondary" sx={{ py: 3 }}>
-                      No user quotas configured
-                    </Typography>
-                  </TableCell>
-                </TableRow>
-              ) : (
-                quotas.map((quota) => {
-                  const sessionPercent = calculatePercentage(quota?.usedSessions ?? 0, quota?.maxSessions ?? 0);
-                  const cpuPercent = calculatePercentage(
-                    parseResourceString(quota?.usedCpu || '0'),
-                    parseResourceString(quota?.maxCpu || '0')
-                  );
-                  const memoryPercent = calculatePercentage(
-                    parseResourceString(quota?.usedMemory || '0'),
-                    parseResourceString(quota?.maxMemory || '0')
-                  );
-                  const storagePercent = calculatePercentage(
-                    parseResourceString(quota?.usedStorage || '0'),
-                    parseResourceString(quota?.maxStorage || '0')
-                  );
-
-                  return (
-                    <TableRow key={quota.username || quota.userId}>
-                      <TableCell>
-                        <Typography variant="body1" sx={{ fontWeight: 500 }}>
-                          {quota.username || quota.userId}
-                        </Typography>
-                      </TableCell>
-                      <TableCell>
-                        <Box>
-                          <Box sx={{ display: 'flex', alignItems: 'center', gap: 1, mb: 0.5 }}>
-                            <Typography variant="body2">
-                              {quota?.usedSessions ?? 0} / {quota?.maxSessions ?? 0}
-                            </Typography>
-                            {sessionPercent > 90 && (
-                              <Tooltip title="Near quota limit">
-                                <WarningIcon color="warning" fontSize="small" />
-                              </Tooltip>
-                            )}
-                          </Box>
-                          <LinearProgress
-                            variant="determinate"
-                            value={Math.min(sessionPercent, 100)}
-                            sx={{
-                              height: 6,
-                              borderRadius: 3,
-                              backgroundColor: 'rgba(63, 81, 181, 0.1)',
-                              '& .MuiLinearProgress-bar': {
-                                backgroundColor: sessionPercent > 90 ? '#f44336' : '#3f51b5',
-                              },
-                            }}
-                          />
-                        </Box>
-                      </TableCell>
-                      <TableCell>
-                        <Box>
-                          <Typography variant="body2" sx={{ mb: 0.5 }}>
-                            {quota?.usedCpu || '0'} / {quota?.maxCpu || '0'}
-                          </Typography>
-                          <LinearProgress
-                            variant="determinate"
-                            value={Math.min(cpuPercent, 100)}
-                            sx={{
-                              height: 6,
-                              borderRadius: 3,
-                              backgroundColor: 'rgba(245, 0, 87, 0.1)',
-                              '& .MuiLinearProgress-bar': {
-                                backgroundColor: cpuPercent > 90 ? '#f44336' : '#f50057',
-                              },
-                            }}
-                          />
-                        </Box>
-                      </TableCell>
-                      <TableCell>
-                        <Box>
-                          <Typography variant="body2" sx={{ mb: 0.5 }}>
-                            {quota?.usedMemory || '0'} / {quota?.maxMemory || '0'}
-                          </Typography>
-                          <LinearProgress
-                            variant="determinate"
-                            value={Math.min(memoryPercent, 100)}
-                            sx={{
-                              height: 6,
-                              borderRadius: 3,
-                              backgroundColor: 'rgba(255, 152, 0, 0.1)',
-                              '& .MuiLinearProgress-bar': {
-                                backgroundColor: memoryPercent > 90 ? '#f44336' : '#ff9800',
-                              },
-                            }}
-                          />
-                        </Box>
-                      </TableCell>
-                      <TableCell>
-                        <Box>
-                          <Typography variant="body2" sx={{ mb: 0.5 }}>
-                            {quota?.usedStorage || '0'} / {quota?.maxStorage || '0'}
-                          </Typography>
-                          <LinearProgress
-                            variant="determinate"
-                            value={Math.min(storagePercent, 100)}
-                            sx={{
-                              height: 6,
-                              borderRadius: 3,
-                              backgroundColor: 'rgba(76, 175, 80, 0.1)',
-                              '& .MuiLinearProgress-bar': {
-                                backgroundColor: storagePercent > 90 ? '#f44336' : '#4caf50',
-                              },
-                            }}
-                          />
-                        </Box>
-                      </TableCell>
-                      <TableCell align="right">
-                        <IconButton size="small" onClick={() => handleOpenEdit(quota)}>
-                          <EditIcon />
-                        </IconButton>
-                        <IconButton
-                          size="small"
-                          color="error"
-                          onClick={() => {
-                            setSelectedQuota(quota);
-                            setDeleteDialogOpen(true);
-                          }}
-                        >
-                          <DeleteIcon />
-                        </IconButton>
-                      </TableCell>
-                    </TableRow>
-                  );
-                })
-              )}
-            </TableBody>
-          </Table>
-        </TableContainer>
-
-        {/* Edit/Add Quota Dialog */}
-        <Dialog open={editDialogOpen} onClose={() => setEditDialogOpen(false)} maxWidth="sm" fullWidth>
-          <DialogTitle>{selectedQuota ? 'Edit User Quota' : 'Add User Quota'}</DialogTitle>
-          <DialogContent>
-            <Box sx={{ display: 'flex', flexDirection: 'column', gap: 2, mt: 2 }}>
-              <TextField
-                fullWidth
-                label="Username"
-                value={username}
-                onChange={(e) => setUsername(e.target.value)}
-                disabled={!!selectedQuota}
-                helperText={selectedQuota ? 'Username cannot be changed' : 'Enter the username'}
-              />
-              <TextField
-                fullWidth
-                label="Max Sessions"
-                type="number"
-                value={maxSessions}
-                onChange={(e) => setMaxSessions(e.target.value)}
-                helperText="Maximum number of concurrent sessions"
-              />
-              <TextField
-                fullWidth
-                label="Max CPU"
-                value={maxCPU}
-                onChange={(e) => setMaxCPU(e.target.value)}
-                helperText="e.g., 4000m (4 cores) or 8000m (8 cores)"
-              />
-              <TextField
-                fullWidth
-                label="Max Memory"
-                value={maxMemory}
-                onChange={(e) => setMaxMemory(e.target.value)}
-                helperText="e.g., 8Gi or 16Gi"
-              />
-              <TextField
-                fullWidth
-                label="Max Storage"
-                value={maxStorage}
-                onChange={(e) => setMaxStorage(e.target.value)}
-                helperText="e.g., 50Gi or 100Gi"
-              />
-            </Box>
-          </DialogContent>
-          <DialogActions>
-            <Button onClick={() => setEditDialogOpen(false)}>Cancel</Button>
-            <Button onClick={handleSaveQuota} variant="contained">
-              {selectedQuota ? 'Update' : 'Create'}
-            </Button>
-          </DialogActions>
-        </Dialog>
-
-        {/* Delete Confirmation Dialog */}
-        <Dialog open={deleteDialogOpen} onClose={() => setDeleteDialogOpen(false)}>
-          <DialogTitle>Delete User Quota</DialogTitle>
-          <DialogContent>
-            Are you sure you want to delete the quota for user <strong>{selectedQuota?.username}</strong>? This action
-            cannot be undone.
-          </DialogContent>
-          <DialogActions>
-            <Button onClick={() => setDeleteDialogOpen(false)}>Cancel</Button>
-            <Button onClick={handleDeleteQuota} color="error" variant="contained">
-              Delete
-            </Button>
-          </DialogActions>
-        </Dialog>
-      </Box>
-    </AdminPortalLayout>
-    </WebSocketErrorBoundary>
-  );
-}
diff --git a/ui/src/pages/admin/UserDetail.tsx b/ui/src/pages/admin/UserDetail.tsx
index 0579908b..8c1a5f80 100644
--- a/ui/src/pages/admin/UserDetail.tsx
+++ b/ui/src/pages/admin/UserDetail.tsx
@@ -334,9 +334,14 @@ export default function UserDetail() {
           <Card>
             <CardContent>
               <Box sx={{ display: 'flex', justifyContent: 'space-between', alignItems: 'center', mb: 2 }}>
-                <Typography variant="h6">
-                  Resource Quota
-                </Typography>
+                <Box>
+                  <Typography variant="h6">
+                    Resource Quota Override
+                  </Typography>
+                  <Typography variant="caption" color="text.secondary">
+                    User-specific limits that override group quotas
+                  </Typography>
+                </Box>
                 {!editQuotaMode && quota && (
                   <Button
                     size="small"
@@ -440,7 +445,7 @@ export default function UserDetail() {
                 )
               ) : (
                 <Typography color="text.secondary">
-                  No quota set for this user
+                  No user-specific quota override set. User will use group quota limits.
                 </Typography>
               )}
             </CardContent>

From f87f25e7e755e2cbb7d290f46b91e15d1f73e865 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Tue, 18 Nov 2025 02:33:30 +0000
Subject: [PATCH 4/5] feat(api): add default all_users group for all users

- Create default 'all_users' group (display name: "All Users") in
  database migrations with type 'system'
- Automatically add all new users to this group on creation
- Add admin user to all_users group in initial migration
- Group quotas can now be set on all_users to apply to everyone
---
 api/internal/db/database.go | 10 ++++++++++
 api/internal/db/users.go    | 19 +++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/api/internal/db/database.go b/api/internal/db/database.go
index 7c3bf16a..a5c66b70 100644
--- a/api/internal/db/database.go
+++ b/api/internal/db/database.go
@@ -523,6 +523,16 @@ func (d *Database) Migrate() error {
 		VALUES ('admin', 100, '64000m', '256Gi', '1Ti')
 		ON CONFLICT (user_id) DO NOTHING`,
 
+		// Insert default all_users group that all users belong to
+		`INSERT INTO groups (id, name, display_name, description, type)
+		VALUES ('all-users', 'all_users', 'All Users', 'Default group containing all users', 'system')
+		ON CONFLICT (id) DO NOTHING`,
+
+		// Add admin user to all_users group
+		`INSERT INTO group_memberships (id, user_id, group_id, role, created_at)
+		VALUES ('admin-all-users', 'admin', 'all-users', 'member', NOW())
+		ON CONFLICT (user_id, group_id) DO NOTHING`,
+
 		// Insert default configuration values
 		`INSERT INTO configuration (key, value, category, description) VALUES
 			('ingress.domain', 'streamspace.local', 'ingress', 'Default ingress domain'),
diff --git a/api/internal/db/users.go b/api/internal/db/users.go
index a8207fa7..e9187c84 100644
--- a/api/internal/db/users.go
+++ b/api/internal/db/users.go
@@ -157,6 +157,12 @@ func (u *UserDB) CreateUser(ctx context.Context, req *models.CreateUserRequest)
 		return nil, fmt.Errorf("failed to create default quota: %w", err)
 	}
 
+	// Add user to all_users group
+	if err := u.addToAllUsersGroup(ctx, user.ID); err != nil {
+		// Log but don't fail user creation
+		fmt.Printf("Warning: failed to add user %s to all_users group: %v\n", user.ID, err)
+	}
+
 	return user, nil
 }
 
@@ -576,6 +582,19 @@ func (u *UserDB) createDefaultQuota(ctx context.Context, userID string) error {
 	return err
 }
 
+// addToAllUsersGroup adds a user to the default all_users group
+func (u *UserDB) addToAllUsersGroup(ctx context.Context, userID string) error {
+	query := `
+		INSERT INTO group_memberships (id, user_id, group_id, role, created_at)
+		SELECT $1, $2, id, 'member', NOW()
+		FROM groups WHERE name = 'all_users'
+		ON CONFLICT (user_id, group_id) DO NOTHING
+	`
+
+	_, err := u.db.ExecContext(ctx, query, uuid.New().String(), userID)
+	return err
+}
+
 // createQuota creates quota with custom values
 func (u *UserDB) createQuota(ctx context.Context, userID string, req *models.SetQuotaRequest) error {
 	maxSessions := 5

From 32a1a4c11302e36898a16fa24a68e71520c25495 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Tue, 18 Nov 2025 02:44:30 +0000
Subject: [PATCH 5/5] fix(api): add type field to repositories and fix default
 repos

- Add 'type' field to repositories table (template/plugin)
- Fix default repositories to use correct status 'pending' not 'active'
- Handle NULL last_sync and error_message in ListRepositories handler
- Update Repository interface to include type field
- Update EnhancedRepositories page to:
  - Rename to "Repositories" (manages both templates and plugins)
  - Add type filter tabs (All/Templates/Plugins)
  - Show counts by repository type
---
 api/internal/api/handlers.go          | 33 +++++++++++++++++++-------
 api/internal/db/database.go           |  9 +++----
 ui/src/lib/api.ts                     |  1 +
 ui/src/pages/EnhancedRepositories.tsx | 34 +++++++++++++++++----------
 4 files changed, 52 insertions(+), 25 deletions(-)

diff --git a/api/internal/api/handlers.go b/api/internal/api/handlers.go
index be99e170..9b06a61d 100644
--- a/api/internal/api/handlers.go
+++ b/api/internal/api/handlers.go
@@ -1393,13 +1393,13 @@ func (h *Handler) InstallCatalogTemplate(c *gin.Context) {
 // Repository Endpoints (Template Repository Management)
 // ============================================================================
 
-// ListRepositories returns all template repositories
+// ListRepositories returns all template and plugin repositories
 func (h *Handler) ListRepositories(c *gin.Context) {
 	// SECURITY FIX: Use request context for proper cancellation and timeout handling
 	ctx := c.Request.Context()
 
 	rows, err := h.db.DB().QueryContext(ctx, `
-		SELECT id, name, url, branch, auth_type, last_sync, template_count, status, error_message, created_at, updated_at
+		SELECT id, name, url, branch, COALESCE(type, 'template'), auth_type, last_sync, template_count, status, error_message, created_at, updated_at
 		FROM repositories
 		ORDER BY name ASC
 	`)
@@ -1412,27 +1412,42 @@ func (h *Handler) ListRepositories(c *gin.Context) {
 	repos := []map[string]interface{}{}
 	for rows.Next() {
 		var id int
-		var name, url, branch, authType, status, errorMessage string
-		var lastSync, createdAt, updatedAt time.Time
+		var name, url, branch, repoType, authType, status string
+		var lastSync sql.NullTime
+		var errorMessage sql.NullString
+		var createdAt, updatedAt time.Time
 		var templateCount int
 
-		if err := rows.Scan(&id, &name, &url, &branch, &authType, &lastSync, &templateCount, &status, &errorMessage, &createdAt, &updatedAt); err != nil {
+		if err := rows.Scan(&id, &name, &url, &branch, &repoType, &authType, &lastSync, &templateCount, &status, &errorMessage, &createdAt, &updatedAt); err != nil {
 			continue
 		}
 
-		repos = append(repos, map[string]interface{}{
+		repo := map[string]interface{}{
 			"id":            id,
 			"name":          name,
 			"url":           url,
 			"branch":        branch,
+			"type":          repoType,
 			"authType":      authType,
-			"lastSync":      lastSync,
 			"templateCount": templateCount,
 			"status":        status,
-			"errorMessage":  errorMessage,
 			"createdAt":     createdAt,
 			"updatedAt":     updatedAt,
-		})
+		}
+
+		if lastSync.Valid {
+			repo["lastSync"] = lastSync.Time
+		} else {
+			repo["lastSync"] = nil
+		}
+
+		if errorMessage.Valid {
+			repo["errorMessage"] = errorMessage.String
+		} else {
+			repo["errorMessage"] = ""
+		}
+
+		repos = append(repos, repo)
 	}
 
 	c.JSON(http.StatusOK, gin.H{
diff --git a/api/internal/db/database.go b/api/internal/db/database.go
index a5c66b70..7b9e76f3 100644
--- a/api/internal/db/database.go
+++ b/api/internal/db/database.go
@@ -363,12 +363,13 @@ func (d *Database) Migrate() error {
 		// Create index on session_id
 		`CREATE INDEX IF NOT EXISTS idx_connections_session_id ON connections(session_id)`,
 
-		// Template repositories
+		// Template and plugin repositories
 		`CREATE TABLE IF NOT EXISTS repositories (
 			id SERIAL PRIMARY KEY,
 			name VARCHAR(255) UNIQUE,
 			url TEXT NOT NULL,
 			branch VARCHAR(100) DEFAULT 'main',
+			type VARCHAR(50) DEFAULT 'template',
 			auth_type VARCHAR(50) DEFAULT 'none',
 			auth_secret VARCHAR(255),
 			last_sync TIMESTAMP,
@@ -380,9 +381,9 @@ func (d *Database) Migrate() error {
 		)`,
 
 		// Insert default repositories (plugins and templates)
-		`INSERT INTO repositories (name, url, branch, auth_type, status) VALUES
-			('Official Plugins', 'https://github.com/JoshuaAFerguson/streamspace-plugins', 'main', 'none', 'active'),
-			('Official Templates', 'https://github.com/JoshuaAFerguson/streamspace-templates', 'main', 'none', 'active')
+		`INSERT INTO repositories (name, url, branch, type, auth_type, status) VALUES
+			('Official Plugins', 'https://github.com/JoshuaAFerguson/streamspace-plugins', 'main', 'plugin', 'none', 'pending'),
+			('Official Templates', 'https://github.com/JoshuaAFerguson/streamspace-templates', 'main', 'template', 'none', 'pending')
 		ON CONFLICT (name) DO NOTHING`,
 
 		// Catalog templates (cache of templates from repos)
diff --git a/ui/src/lib/api.ts b/ui/src/lib/api.ts
index 56cec6b9..c6790021 100644
--- a/ui/src/lib/api.ts
+++ b/ui/src/lib/api.ts
@@ -123,6 +123,7 @@ export interface Repository {
   name: string;
   url: string;
   branch: string;
+  type: 'template' | 'plugin';
   authType: string;
   lastSync?: string;
   templateCount: number;
diff --git a/ui/src/pages/EnhancedRepositories.tsx b/ui/src/pages/EnhancedRepositories.tsx
index 7a7440fa..979161e0 100644
--- a/ui/src/pages/EnhancedRepositories.tsx
+++ b/ui/src/pages/EnhancedRepositories.tsx
@@ -102,6 +102,7 @@ function EnhancedRepositoriesContent() {
   const [searchQuery, setSearchQuery] = useState('');
   const [viewMode, setViewMode] = useState<'grid' | 'list'>('grid');
   const [statusFilter, setStatusFilter] = useState<string>('all');
+  const [typeFilter, setTypeFilter] = useState<string>('all');
   const [snackbar, setSnackbar] = useState<{ open: boolean; message: string; severity: 'success' | 'error' }>({
     open: false,
     message: '',
@@ -262,14 +263,17 @@ function EnhancedRepositoriesContent() {
       repo.url.toLowerCase().includes(searchQuery.toLowerCase());
 
     const matchesStatus = statusFilter === 'all' || repo.status === statusFilter;
+    const matchesType = typeFilter === 'all' || repo.type === typeFilter;
 
-    return matchesSearch && matchesStatus;
+    return matchesSearch && matchesStatus && matchesType;
   });
 
   const syncingCount = repositories.filter((r) => r.status === 'syncing').length;
   const syncedCount = repositories.filter((r) => r.status === 'synced').length;
   const failedCount = repositories.filter((r) => r.status === 'failed').length;
-  const totalTemplates = repositories.reduce((sum, r) => sum + r.templateCount, 0);
+  const templateRepoCount = repositories.filter((r) => r.type === 'template').length;
+  const pluginRepoCount = repositories.filter((r) => r.type === 'plugin').length;
+  const totalTemplates = repositories.filter((r) => r.type === 'template').reduce((sum, r) => sum + r.templateCount, 0);
 
   if (isLoading) {
     return (
@@ -288,10 +292,10 @@ function EnhancedRepositoriesContent() {
         <Box sx={{ display: 'flex', justifyContent: 'space-between', alignItems: 'center', mb: 3 }}>
           <Box>
             <Typography variant="h4" sx={{ fontWeight: 700, mb: 0.5 }}>
-              Template Repositories
+              Repositories
             </Typography>
             <Typography variant="body2" color="text.secondary">
-              Manage external template repositories and sync status
+              Manage template and plugin repositories
             </Typography>
           </Box>
           <Box sx={{ display: 'flex', gap: 1, alignItems: 'center' }}>
@@ -380,13 +384,13 @@ function EnhancedRepositoriesContent() {
 
         {/* Filters and View Controls */}
         <Box sx={{ display: 'flex', justifyContent: 'space-between', alignItems: 'center', mb: 3, flexWrap: 'wrap', gap: 2 }}>
-          <Box sx={{ display: 'flex', gap: 2, alignItems: 'center', flex: 1 }}>
+          <Box sx={{ display: 'flex', gap: 2, alignItems: 'center', flex: 1, flexWrap: 'wrap' }}>
             <TextField
               placeholder="Search repositories..."
               value={searchQuery}
               onChange={(e) => setSearchQuery(e.target.value)}
               size="small"
-              sx={{ minWidth: 300 }}
+              sx={{ minWidth: 250 }}
               InputProps={{
                 startAdornment: (
                   <InputAdornment position="start">
@@ -396,12 +400,18 @@ function EnhancedRepositoriesContent() {
               }}
             />
 
-            <Tabs value={statusFilter} onChange={(_, v) => setStatusFilter(v)}>
-              <Tab label="All" value="all" />
-              <Tab label="Synced" value="synced" />
-              <Tab label="Syncing" value="syncing" />
-              <Tab label="Failed" value="failed" />
-              <Tab label="Pending" value="pending" />
+            <Tabs value={typeFilter} onChange={(_, v) => setTypeFilter(v)} sx={{ minHeight: 36 }}>
+              <Tab label="All" value="all" sx={{ minHeight: 36, py: 0 }} />
+              <Tab label={`Templates (${templateRepoCount})`} value="template" sx={{ minHeight: 36, py: 0 }} />
+              <Tab label={`Plugins (${pluginRepoCount})`} value="plugin" sx={{ minHeight: 36, py: 0 }} />
+            </Tabs>
+
+            <Tabs value={statusFilter} onChange={(_, v) => setStatusFilter(v)} sx={{ minHeight: 36 }}>
+              <Tab label="All" value="all" sx={{ minHeight: 36, py: 0 }} />
+              <Tab label="Synced" value="synced" sx={{ minHeight: 36, py: 0 }} />
+              <Tab label="Syncing" value="syncing" sx={{ minHeight: 36, py: 0 }} />
+              <Tab label="Failed" value="failed" sx={{ minHeight: 36, py: 0 }} />
+              <Tab label="Pending" value="pending" sx={{ minHeight: 36, py: 0 }} />
             </Tabs>
           </Box>