pal-e-admin: Scaffold SvelteKit app + Keycloak OIDC auth

### Type Feature ### Lineage Standalone — scoped during platform SSO initiative (2026-05-04). Depends on platform realm (#335). ### Repo `forgejo_admin/pal-e-platform` (for Forgejo repo creation) + new repo `forgejo_admin/pal-e-admin` ### User Story As a platform admin I want a SvelteKit app that authenticates me via Keycloak So that I have a single entry point to my entire platform ### Context pal-e-admin is a new SvelteKit project that serves as the admin dashboard landing page. It authenticates via Keycloak (platform realm) and displays links to all platform services. The key value prop: after logging in here, clicking any service link (Forgejo, Grafana, etc.) requires zero re-authentication because all services share the same Keycloak realm session. Follow existing SvelteKit patterns from westside app. Use @auth/sveltekit for OIDC integration. CSS follows playground philosophy (design tokens, Atkinson Hyperlegible, mobile-first, no Tailwind). ### File Targets Files the agent should modify or create: - New repo: `pal-e-admin/` with SvelteKit scaffold - `src/routes/+page.svelte` — landing page with service links - `src/hooks.server.ts` — auth setup - `src/app.css` — design tokens from playground convention - `static/` — any static assets Files the agent should NOT touch: - Other repos — this is a new standalone project ### Acceptance Criteria - [ ] SvelteKit app scaffolded with @auth/sveltekit - [ ] Keycloak OIDC login works (redirect → authenticate → return) - [ ] Landing page shows grid of service links with names and URLs - [ ] Unauthenticated users see login prompt, not the dashboard - [ ] Mobile-friendly layout (works on phone) - [ ] CSS uses design tokens from playground convention ### Test Expectations - [ ] Build passes: `npm run build` succeeds - [ ] Auth flow: redirect to Keycloak and back with valid session - Run command: `npm run build` ### Constraints - No Tailwind — pure CSS with custom properties per convention - Use @auth/sveltekit (same pattern as westside app) - Atkinson Hyperlegible font, mobile-first layout - Must work behind Tailscale funnel (AUTH_TRUST_HOST=true, AUTH_URL rewrite in hooks) ### Checklist - [ ] PR opened - [ ] Tests pass - [ ] No unrelated changes ### Related - `project-pal-e-platform` — platform project - `convention-frontend-css` — CSS philosophy

forgejo_admin commented

2026-05-05 04:06:50 +00:00

Contributor

Type

Feature

Lineage

Standalone — scoped during platform SSO initiative (2026-05-04). Depends on platform realm (#335).

Repo

forgejo_admin/pal-e-platform (for Forgejo repo creation) + new repo forgejo_admin/pal-e-admin

User Story

As a platform admin
I want a SvelteKit app that authenticates me via Keycloak
So that I have a single entry point to my entire platform

Context

pal-e-admin is a new SvelteKit project that serves as the admin dashboard landing page. It authenticates via Keycloak (platform realm) and displays links to all platform services. The key value prop: after logging in here, clicking any service link (Forgejo, Grafana, etc.) requires zero re-authentication because all services share the same Keycloak realm session.

Follow existing SvelteKit patterns from westside app. Use @auth/sveltekit for OIDC integration. CSS follows playground philosophy (design tokens, Atkinson Hyperlegible, mobile-first, no Tailwind).

File Targets

Files the agent should modify or create:

New repo: pal-e-admin/ with SvelteKit scaffold
src/routes/+page.svelte — landing page with service links
src/hooks.server.ts — auth setup
src/app.css — design tokens from playground convention
static/ — any static assets

Files the agent should NOT touch:

Other repos — this is a new standalone project

Acceptance Criteria

SvelteKit app scaffolded with @auth/sveltekit
Keycloak OIDC login works (redirect → authenticate → return)
Landing page shows grid of service links with names and URLs
Unauthenticated users see login prompt, not the dashboard
Mobile-friendly layout (works on phone)
CSS uses design tokens from playground convention

Test Expectations

Build passes: npm run build succeeds
Auth flow: redirect to Keycloak and back with valid session
Run command: npm run build

Constraints

No Tailwind — pure CSS with custom properties per convention
Use @auth/sveltekit (same pattern as westside app)
Atkinson Hyperlegible font, mobile-first layout
Must work behind Tailscale funnel (AUTH_TRUST_HOST=true, AUTH_URL rewrite in hooks)

Checklist

PR opened
Tests pass
No unrelated changes

project-pal-e-platform — platform project
convention-frontend-css — CSS philosophy

forgejo_admin closed this issue

2026-05-05 23:50:56 +00:00

Rows
Columns

pal-e-admin: Scaffold SvelteKit app + Keycloak OIDC auth #340