nova/openclaw-webui
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

[Feature] Build Production-Ready Sovereign Chat Touchpoint with SSO, Quotas, and Auditing #1

New Issue
Open
opened 2026-06-22 16:24:24 +00:00 by nova · 0 comments
nova commented 2026-06-22 16:24:24 +00:00
Owner
Copy Link
Copy Source

Goal

Harden and brand the openclaw-webui chat interface as the primary client touchpoint (Sovereign Chat). Integrate it with LDAP SSO, permissions, quotas, and audit logs to make it enterprise production-ready.

Implementation Details ("How")

  1. SSO LDAP Integration:

    • Configure the Node.js server to use the LDAP credentials from /home/william/dev/theta42/sso-manager-node or configure direct connection parameters in conf/production.json.
    • Implement role-mapping where groups from LDAP/SSO determine administrative vs. standard user permissions within the web UI.

  2. Sovereign Branding:

    • Modify the frontend assets and templates (client/ folder) to remove "OpenClaw" references and brand the app as Sovereign Chat.
    • Style the UI using modern premium dark modes, sleek transitions, and custom logotype matching the product vision.

  3. Quotas & Permissions:

    • Implement a simple local database/store or memory cache to track and limit daily token counts per user/group.
    • Restrict access to model configurations or admin panel based on the user's LDAP group (e.g. app_sovereign_admin).
    • Restrict document RAG collection visibility according to user groups.

  4. Auditing Hook:

    • Log each query's metadata (user ID, timestamp, model ID, token usage, collections accessed) to /var/log/sovereign-chat/audit.log or syslog.
    • Enforce strict exclusion of the actual chat prompt/response content to maintain HIPAA/SOX compliance privacy limits.

  5. Model Registry & Selection:

    • Ingest list of active models dynamically from the vLLM AI-Core API endpoint.
    • Display a dropdown in the chat view to let users switch between loaded inference targets.

  6. Ansible Packaging:

    • Update the lxc-deploy.yml playbook in proxmox-appliance-automation to automate building the client (npm run build) and deploying it as a systemd service (sovereign-chat.service) inside LXC 102 (Web-UI container).

Blockers

  • Integration testing requires a running LDAP provider (SSO container) and vLLM inference container to verify authentication and model list querying.
### Goal Harden and brand the `openclaw-webui` chat interface as the primary client touchpoint (**Sovereign Chat**). Integrate it with LDAP SSO, permissions, quotas, and audit logs to make it enterprise production-ready. ### Implementation Details ("How") 1. **SSO LDAP Integration:** - Configure the Node.js server to use the LDAP credentials from `/home/william/dev/theta42/sso-manager-node` or configure direct connection parameters in `conf/production.json`. - Implement role-mapping where groups from LDAP/SSO determine administrative vs. standard user permissions within the web UI. 2. **Sovereign Branding:** - Modify the frontend assets and templates (`client/` folder) to remove "OpenClaw" references and brand the app as **Sovereign Chat**. - Style the UI using modern premium dark modes, sleek transitions, and custom logotype matching the product vision. 3. **Quotas & Permissions:** - Implement a simple local database/store or memory cache to track and limit daily token counts per user/group. - Restrict access to model configurations or admin panel based on the user's LDAP group (e.g. `app_sovereign_admin`). - Restrict document RAG collection visibility according to user groups. 4. **Auditing Hook:** - Log each query's metadata (user ID, timestamp, model ID, token usage, collections accessed) to `/var/log/sovereign-chat/audit.log` or syslog. - Enforce strict exclusion of the actual chat prompt/response content to maintain HIPAA/SOX compliance privacy limits. 5. **Model Registry & Selection:** - Ingest list of active models dynamically from the vLLM AI-Core API endpoint. - Display a dropdown in the chat view to let users switch between loaded inference targets. 6. **Ansible Packaging:** - Update the `lxc-deploy.yml` playbook in `proxmox-appliance-automation` to automate building the client (`npm run build`) and deploying it as a systemd service (`sovereign-chat.service`) inside LXC 102 (Web-UI container). ### Blockers - Integration testing requires a running LDAP provider (SSO container) and vLLM inference container to verify authentication and model list querying.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
nova (nova ova)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: nova/openclaw-webui#1
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?