npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@hiai-gg/hiai-admin

v0.0.9

Published

Central admin panel for the HiAi SaaS platform — tenant management, billing, analytics, and platform settings

Readme

hiai-admin

License: MIT Bun Status

Central admin panel for the HiAi SaaS platform — tenant management, user administration, billing, analytics, and platform settings.

Release 0.0.8 also provides generic headless service APIs for authentication events, integration tokens, site-access provisioning, and site invites.

This is the main control center of the entire HiAi ecosystem.

Quick Start

cd projects/hiai-admin
cp .env.example .env        # fill in DATABASE_URL, REDIS_URL, BETTER_AUTH_SECRET, STRIPE_SECRET_KEY
bun install                  # install dependencies
bun run db:generate          # generate Drizzle migrations
bun run db:push              # apply migrations to database
bun run dev                  # start API (port 50200) + Frontend (port 50201)

Health check:

curl -fsS http://localhost:50200/api/health

Docker Quick Start

docker compose up -d --build
  • API: http://localhost:50200 (health: /api/health)
  • Frontend: http://localhost:50201
  • PostgreSQL: port 5435
  • Redis: port 6382

Tech Stack

| Layer | Technology | Version | |---|---|---| | Runtime | Bun | 1.3.14+ | | Backend | Elysia | 1.4.28+ | | ORM | Drizzle ORM | 0.45.2+ | | Validation | Zod | latest | | Database | PostgreSQL + pgvector | 18.4 | | Cache/Queue | Redis | 8.6+ | | Frontend | Svelte 5 + SvelteKit | 2.60+ | | UI Components | @hiai-gg/hiai-ui (shadcn-svelte + Tailwind CSS v4) | ^0.0.4 | | Data Tables | TanStack Table | latest | | Data Fetching | TanStack Query | latest | | Auth | Better Auth | latest | | Payments | Stripe | 14.10+ | | Charts | LayerChart | latest | | Observability | @hiai-gg/hiai-observe | ^0.1.9 |

Architecture

hiai-admin-api (Elysia)     hiai-admin-frontend (SvelteKit)
  port 50200                   port 50201
       │                            │
       ├── /api/tenants             ├── /dashboard
       ├── /api/users               ├── /tenants
       ├── /api/billing             ├── /users
       ├── /api/analytics           ├── /billing
       ├── /api/settings            ├── /analytics
       ├── /api/audit               ├── /settings
       └── /api/integrations        └── /security
              │
              ├── PostgreSQL 18.4 (tenants, users, roles, billing, audit)
              ├── Redis 8.6+ (sessions, rate limiting, caching)
              ├── Stripe (subscriptions, Connect, invoicing)
              └── @hiai-gg/hiai-observe (errors, uptime, traces)  ← npm package

The module consists of two parts:

  1. Backend — Elysia API service (hiai-admin-api)
  2. Frontend — SvelteKit application (hiai-admin-frontend)

Both can run as a single monolith or as separate services.

Key Features

  • Multi-tenant management — provision, suspend, configure, and monitor all stores
  • User & role management — RBAC with Super Admin, Tenant Admin, and Staff roles
  • Billing & subscriptions — Stripe-powered plans, invoices, and platform fee collection
  • Global analytics — MRR, churn, LTV, CAC, active tenants, growth metrics
  • Platform settings — global configuration, feature flags, integrations
  • Security & audit — 2FA, session management, complete audit trail of all actions
  • Integration management — Stripe, Shippo, @hiai-gg/hiai-observe, and third-party service configuration

Project Structure

/hiai-admin
  /src
    /api              # Elysia routes (tenants, users, billing, analytics, settings, audit)
    /lib              # Business logic (tenant provisioning, billing, analytics)
    /db               # Drizzle schemas + migrations
    /auth             # Better Auth configuration + RBAC
    /modules          # Feature modules (tenants, users, billing, analytics, audit, settings)
  /app                # SvelteKit frontend
    /routes
      /dashboard      # Platform overview + key metrics
      /tenants        # Tenant list, detail, provisioning
      /users          # User management, roles, permissions
      /billing        # Subscriptions, invoices, payments
      /analytics      # Charts, metrics, reports
      /settings       # Platform configuration
      /security       # Audit logs, 2FA, session management
      /integrations   # Third-party service management
  /docker-compose.yml
  /Dockerfile

Database

Core tables managed by Drizzle ORM:

| Table | Purpose | |---|---| | tenants | Store/merchant accounts with config and status | | users | Platform users (owners + staff) | | user_tenant_access | User-tenant permission mapping | | roles | RBAC role definitions | | permissions | Granular permission entries | | role_permissions | Role-permission mapping | | subscriptions | Stripe subscription records | | invoices | Billing invoice history | | settings | Global platform configuration (key-value) | | audit_logs | Complete action trail (actor, action, resource, metadata, IP) | | integrations | Third-party service credentials (encrypted) | | webhooks | Registered webhook endpoints | | site_adapters | Versioned HTTP/Drizzle connections to managed sites | | site_memberships | Exact user-to-site access, independent from tenant-level access |

API Endpoints (overview)

| Group | Routes | Auth | |---|---|---| | Health | GET /api/health | Public | | Tenants | GET/POST/PUT/DELETE /api/tenants | Super Admin | | Users | GET/POST/PUT /api/users | Super Admin | | Billing | GET/POST /api/billing/* | Super Admin | | Analytics | GET /api/analytics/* | Super Admin | | Settings | GET/PUT /api/settings | Super Admin | | Audit | GET /api/audit | Super Admin | | Integrations | GET/POST/PUT /api/integrations | Super Admin | | Site adapters | GET/POST/PUT /api/site-adapters | Super Admin | | Site memberships | GET/POST/DELETE /api/site-adapters/:slug/memberships | Super Admin | | Webhooks | POST /api/webhooks/stripe | Stripe signature |

Environment Variables

# Database (local development — change for production)
DATABASE_URL=postgresql://hiadmin:password@localhost:5435/hiai_admin

# Redis
REDIS_URL=redis://localhost:6382

# Auth
BETTER_AUTH_SECRET=change-me-min-32-characters-long
BETTER_AUTH_URL=http://localhost:50200
AUTH_SIGNUP_MODE=public
AUTH_TRUSTED_CLIENT_SECRET=
AUTH_COOKIE_DOMAIN=
AUTH_EVENT_WEBHOOK_URL=
AUTH_EVENT_WEBHOOK_SECRET=
AUTH_EVENT_WEBHOOK_AUDIENCE=hiai-admin
AUTH_EVENT_WEBHOOK_ISSUER=hiai-admin
AUTH_EVENT_WEBHOOK_SECRET can be unset in local dev if webhook delivery is not used.

# Stripe (use sk_test_ for development)
STRIPE_SECRET_KEY=sk_test_...
STRIPE_WEBHOOK_SECRET=whsec_...
STRIPE_PLATFORM_ACCOUNT_ID=acct_...

# @hiai-gg/hiai-observe (npm: ^0.1.9) — observability SDK
HIAI_OBSERVE_URL=http://localhost:8001

# Ports
API_PORT=50200
FRONTEND_PORT=50201

Site Adapter Contract

Site adapters expose canonical HTTP modules such as /site-settings, /articles, /homepage-blocks, /domains, and /kofi. Product-specific storage schemas and protocol translation belong to the consuming project, not to hiai-admin.

Every mutating proxy request records an audit attempt before forwarding and a success/failure result afterward. Non-super-admin users require an exact active site_memberships row for the adapter slug; tenant access alone does not grant access to every site in that tenant.

Object Storage (OBJECT_STORAGE_*)

| Variable | Default | Description | |---|---|---| | OBJECT_STORAGE_ENDPOINT | localhost:8333 | SeaweedFS S3 endpoint host:port | | OBJECT_STORAGE_PORT | 8333 | S3 API port | | OBJECT_STORAGE_USE_SSL | false | Whether to use HTTPS for S3 connections | | OBJECT_STORAGE_ACCESS_KEY | seaweedfs | S3 access key | | OBJECT_STORAGE_SECRET_KEY | seaweedfs | S3 secret key | | OBJECT_STORAGE_REGION | us-east-1 | S3 region (ignored by SeaweedFS but required by SDK) | | OBJECT_STORAGE_BUCKET | hiai-admin | Bucket name for admin uploads | | OBJECT_STORAGE_PUBLIC_URL | — | Public CDN/base URL for generated object URLs (optional) | | OBJECT_STORAGE_FORCE_PATH_STYLE | true | Path-style addressing (http://endpoint/bucket/key) — required for SeaweedFS |

Object Storage

hiai-admin uses SeaweedFS as its S3-compatible object storage backend, replacing the previous MinIO integration. This decision was driven by MinIO support concerns in our self-hosted stack; standardising on SeaweedFS provides a consistent S3-compatible layer across the ecosystem.

  • Protocol: S3-compatible (AWS SDK v3 via @aws-sdk/client-s3)
  • Bucket: hiai-admin
  • Upload endpoints:
    • POST /api/profile/avatar — user avatar upload (stored under avatars/)
    • POST /api/settings/logo — platform logo upload (stored under logos/)
  • Authentication: Each upload is guarded by RBAC (super_admin for logo, authenticated user for avatar) and the checksum-verified by the backend before returning a public URL.
  • Server-side configuration: All OBJECT_STORAGE_* variables are optional — when unset, the upload endpoints return HTTP 503 with a clear message and the UI gracefully shows "upload disabled".
  • Infrastructure note: hiai-admin's own docker-compose.yml does not run object storage. SeaweedFS is deployed as part of the shared infrastructure (infra/docker/docker-compose.shared.yml) on ports 9020 (S3 API), 9021 (master), and 9022 (volume). Local development can point at the shared stack or a standalone SeaweedFS instance.

Related Projects

| Project | Relationship | |---|---| | hiai-store | E-commerce module managed by this admin panel | | hiai-post | Social media publishing managed by this admin panel | | hiai-docs | AI-native knowledge base module | | hiai-observe | Observability platform (errors, uptime, logs, traces) | | hiai-ui | Design system — shared UI components and tokens |

License

MIT — see LICENSE for details.