lakebed 0.0.6 → 0.0.7

package/README.md

@@ -170,4 +170,4 @@ Claimed deploys are listed at `/deploys` on the deploy API origin. They keep the
 
 ## Admin Dashboard
 
-Set `LAKEBED_ADMIN_PASSWORD` on the anonymous deploy runner, then open `/admin` on the runner origin. The password is exchanged for an HttpOnly cookie so the dashboard stays unlocked until the cookie expires or the password changes. The resource table can terminate active deploys while preserving their resource history.
+Set `LAKEBED_ADMIN_PASSWORD` on the anonymous deploy runner, then open `/admin` on the runner origin. The password is exchanged for an HttpOnly cookie so the dashboard stays unlocked until the cookie expires or the password changes. The resource table can terminate active deploys while preserving their resource history, and the users table can set per-user request and mutation limit overrides for claimed deploys.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lakebed",
-  "version": "0.0.6",
+  "version": "0.0.7",
   "description": "Agent-native CLI and runtime for building and deploying Lakebed capsules.",
   "license": "UNLICENSED",
   "type": "module",

package/src/anonymous-server.js

@@ -62,7 +62,8 @@ function decryptServerEnvValue(value, secret) {
   return Buffer.concat([decipher.update(Buffer.from(ciphertextBase64, "base64url")), decipher.final()]).toString("utf8");
 }
 
-function html(title, basePath, { shooBaseUrl } = {}) {
+function html(title, basePath, { clientBundleHash, shooBaseUrl } = {}) {
+  const clientScriptUrl = `${basePath}/client.js${clientBundleHash ? `?v=${encodeURIComponent(clientBundleHash)}` : ""}`;
   return `<!doctype html>
 <html lang="en">
   <head>
@@ -74,7 +75,7 @@ function html(title, basePath, { shooBaseUrl } = {}) {
     <div id="app"></div>
     <script>window.__LAKEBED_BASE_PATH__ = ${JSON.stringify(basePath)};</script>
     <script>window.__LAKEBED_AUTH__ = ${JSON.stringify({ shooBaseUrl })};</script>
-    <script type="module" src="${basePath}/client.js"></script>
+    <script type="module" src="${clientScriptUrl}"></script>
     <script>
       const tailwind = document.createElement("script");
       tailwind.src = "https://cdn.jsdelivr.net/npm/@tailwindcss/browser@4";
@@ -254,6 +255,93 @@ function quotaLimitForBucket(bucket, deploy) {
   return deploy.limits.requestsPerDay;
 }
 
+const USER_LIMIT_OVERRIDE_KEYS = ["requestsPerDay", "mutationsPerDay"];
+
+function normalizeUserId(value) {
+  const userId = String(value ?? "").trim();
+  if (!userId) {
+    throw new Error("User id is required.");
+  }
+  if (userId.length > 256) {
+    throw new Error("User id must be 256 characters or fewer.");
+  }
+  return userId;
+}
+
+function normalizeLimitOverrideValue(value, key) {
+  const parsed = typeof value === "string" && value.trim() ? Number(value) : value;
+  if (!Number.isSafeInteger(parsed) || parsed < 1) {
+    throw new Error(`${key} must be a positive integer.`);
+  }
+  return parsed;
+}
+
+function normalizeUserLimitOverrides(value = {}) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    throw new Error("limits must be a JSON object.");
+  }
+
+  const overrides = {};
+  for (const key of Object.keys(value)) {
+    if (!USER_LIMIT_OVERRIDE_KEYS.includes(key)) {
+      throw new Error(`Unsupported user limit override: ${key}.`);
+    }
+  }
+
+  for (const key of USER_LIMIT_OVERRIDE_KEYS) {
+    const raw = value[key];
+    if (raw === undefined || raw === null || raw === "") {
+      continue;
+    }
+    overrides[key] = normalizeLimitOverrideValue(raw, key);
+  }
+  return overrides;
+}
+
+function limitsWithOverrides(baseLimits, limitOverrides) {
+  return {
+    ...baseLimits,
+    ...normalizeUserLimitOverrides(limitOverrides ?? {})
+  };
+}
+
+function userFromOwner(owner, current = {}) {
+  const id = normalizeUserId(owner?.id ?? current.id);
+  return {
+    avatarUrl: owner?.avatarUrl ?? current.avatarUrl ?? null,
+    createdAt: current.createdAt ?? now(),
+    displayName: owner?.displayName ?? owner?.login ?? current.displayName ?? id,
+    id,
+    limitOverrides: normalizeUserLimitOverrides(current.limitOverrides ?? {}),
+    login: owner?.login ?? current.login ?? null,
+    provider: owner?.provider ?? current.provider ?? null,
+    providerId: owner?.providerId ?? current.providerId ?? null,
+    updatedAt: now(),
+    url: owner?.url ?? current.url ?? null
+  };
+}
+
+function adminUserSummary({ activeDeployCount = 0, deployCount = 0, usage = [], user }) {
+  const limitOverrides = normalizeUserLimitOverrides(user.limitOverrides ?? {});
+  return {
+    activeDeployCount,
+    avatarUrl: user.avatarUrl,
+    createdAt: user.createdAt,
+    defaultLimits: DEFAULT_ANONYMOUS_LIMITS,
+    deployCount,
+    displayName: user.displayName ?? user.login ?? user.id,
+    id: user.id,
+    limitOverrides,
+    limits: limitsWithOverrides(DEFAULT_ANONYMOUS_LIMITS, limitOverrides),
+    login: user.login,
+    provider: user.provider,
+    providerId: user.providerId,
+    updatedAt: user.updatedAt,
+    url: user.url,
+    ...usageCounts(usage)
+  };
+}
+
 const adminCookieName = "lakebed_admin";
 const adminCookieMaxAgeSeconds = 60 * 60 * 24 * 7;
 const developerCookieName = "lakebed_developer";
@@ -731,6 +819,10 @@ function adminHtml() {
         overflow: hidden;
       }
 
+      .panel + .panel {
+        margin-top: 18px;
+      }
+
       .panel-head {
         align-items: center;
         border-bottom: 1px solid var(--line);
@@ -855,6 +947,58 @@ function adminHtml() {
         opacity: 0.62;
       }
 
+      .row-action.neutral {
+        border-color: var(--line-strong);
+        color: var(--text);
+      }
+
+      .row-action.primary {
+        border-color: rgba(154, 214, 107, 0.8);
+        color: var(--accent);
+      }
+
+      .user-name {
+        display: grid;
+        gap: 4px;
+        min-width: 220px;
+      }
+
+      .user-name strong {
+        font-size: 15px;
+      }
+
+      .limit-cell {
+        display: grid;
+        gap: 6px;
+        min-width: 150px;
+      }
+
+      .limit-cell input {
+        min-height: 34px;
+        padding: 0 10px;
+      }
+
+      .limit-form {
+        align-items: end;
+        display: grid;
+        gap: 8px;
+        grid-template-columns: minmax(180px, 1fr) 132px 132px auto;
+        width: min(100%, 720px);
+      }
+
+      .limit-form .field {
+        gap: 5px;
+      }
+
+      .limit-form input {
+        min-height: 36px;
+      }
+
+      .limit-actions {
+        display: flex;
+        gap: 8px;
+      }
+
       th:nth-child(8),
       td:nth-child(8),
       th:nth-child(9),
@@ -938,6 +1082,11 @@ function adminHtml() {
           justify-content: flex-start;
         }
 
+        .limit-form {
+          grid-template-columns: 1fr;
+          width: 100%;
+        }
+
         .metrics {
           grid-template-columns: repeat(2, minmax(0, 1fr));
         }
@@ -1013,6 +1162,43 @@ function adminHtml() {
             </table>
           </div>
         </section>
+
+        <section class="panel">
+          <div class="panel-head">
+            <h2>User limit overrides</h2>
+            <form class="limit-form" id="new-user-limit-form">
+              <div class="field">
+                <label for="new-user-id">User id</label>
+                <input id="new-user-id" name="userId" autocomplete="off" placeholder="github:42" />
+              </div>
+              <div class="field">
+                <label for="new-user-requests">Requests</label>
+                <input id="new-user-requests" name="requestsPerDay" inputmode="numeric" min="1" step="1" type="number" />
+              </div>
+              <div class="field">
+                <label for="new-user-mutations">Mutations</label>
+                <input id="new-user-mutations" name="mutationsPerDay" inputmode="numeric" min="1" step="1" type="number" />
+              </div>
+              <button class="button secondary" type="submit">Save</button>
+            </form>
+          </div>
+          <div class="table-wrap">
+            <table>
+              <thead>
+                <tr>
+                  <th>User</th>
+                  <th>Deploys</th>
+                  <th>Requests today</th>
+                  <th>Mutations today</th>
+                  <th>Request limit</th>
+                  <th>Mutation limit</th>
+                  <th>Actions</th>
+                </tr>
+              </thead>
+              <tbody id="user-rows"></tbody>
+            </table>
+          </div>
+        </section>
       </section>
     </main>
 
@@ -1022,8 +1208,11 @@ function adminHtml() {
       const loginForm = document.getElementById("login-form");
       const loginError = document.getElementById("login-error");
       const rows = document.getElementById("deploy-rows");
+      const userRows = document.getElementById("user-rows");
+      const newUserLimitForm = document.getElementById("new-user-limit-form");
       const statusLine = document.getElementById("status-line");
       let terminatingDeployId = null;
+      let savingUserId = null;
 
       function show(view) {
         loginView.classList.toggle("hidden", view !== "login");
@@ -1059,6 +1248,19 @@ function adminHtml() {
         document.getElementById(id).textContent = value;
       }
 
+      function parseLimitValue(value, name) {
+        const trimmed = String(value || "").trim();
+        if (!trimmed) {
+          return null;
+        }
+
+        const parsed = Number(trimmed);
+        if (!Number.isSafeInteger(parsed) || parsed < 1) {
+          throw new Error(name + " must be a positive integer.");
+        }
+        return parsed;
+      }
+
       function textCell(value, className) {
         const td = document.createElement("td");
         td.textContent = value;
@@ -1112,6 +1314,80 @@ function adminHtml() {
         return td;
       }
 
+      function userCell(user) {
+        const td = document.createElement("td");
+        const wrap = document.createElement("div");
+        const name = document.createElement("strong");
+        const id = document.createElement("small");
+        wrap.className = "user-name";
+        if (user.url) {
+          const link = document.createElement("a");
+          link.href = user.url;
+          link.textContent = user.login || user.displayName || user.id;
+          name.appendChild(link);
+        } else {
+          name.textContent = user.login || user.displayName || user.id;
+        }
+        id.className = "mono";
+        id.textContent = user.id;
+        wrap.appendChild(name);
+        wrap.appendChild(id);
+        td.appendChild(wrap);
+        return td;
+      }
+
+      function limitInputCell(user, key, label) {
+        const td = document.createElement("td");
+        const wrap = document.createElement("div");
+        const input = document.createElement("input");
+        const effective = document.createElement("small");
+        wrap.className = "limit-cell";
+        input.inputMode = "numeric";
+        input.min = "1";
+        input.step = "1";
+        input.type = "number";
+        input.dataset.key = key;
+        input.value = user.limitOverrides[key] ? String(user.limitOverrides[key]) : "";
+        input.placeholder = String(user.defaultLimits[key]);
+        input.setAttribute("aria-label", label + " override for " + user.id);
+        effective.className = "mono";
+        effective.textContent = "effective " + formatNumber(user.limits[key]);
+        wrap.appendChild(input);
+        wrap.appendChild(effective);
+        td.appendChild(wrap);
+        return td;
+      }
+
+      function userActionCell(user) {
+        const td = document.createElement("td");
+        const wrap = document.createElement("div");
+        const save = document.createElement("button");
+        const clear = document.createElement("button");
+        wrap.className = "limit-actions";
+        save.className = "row-action primary";
+        save.type = "button";
+        save.textContent = savingUserId === user.id ? "Saving" : "Save";
+        save.disabled = savingUserId === user.id;
+        save.addEventListener("click", () => {
+          void saveUserLimits(user.id, save.closest("tr")).catch((error) => {
+            statusLine.textContent = error instanceof Error ? error.message : String(error);
+          });
+        });
+        clear.className = "row-action neutral";
+        clear.type = "button";
+        clear.textContent = "Clear";
+        clear.disabled = savingUserId === user.id;
+        clear.addEventListener("click", () => {
+          void saveUserLimits(user.id, null, { requestsPerDay: null, mutationsPerDay: null }).catch((error) => {
+            statusLine.textContent = error instanceof Error ? error.message : String(error);
+          });
+        });
+        wrap.appendChild(save);
+        wrap.appendChild(clear);
+        td.appendChild(wrap);
+        return td;
+      }
+
       function render(summary) {
         setMetric("metric-deploys", formatNumber(summary.deployCount));
         setMetric("metric-artifacts", formatBytes(summary.totals.artifactBytes));
@@ -1136,6 +1412,27 @@ function adminHtml() {
           tr.appendChild(textCell(formatNumber(deploy.connections), "mono"));
           rows.appendChild(tr);
         }
+
+        userRows.replaceChildren();
+        for (const user of summary.users || []) {
+          const tr = document.createElement("tr");
+          tr.appendChild(userCell(user));
+          tr.appendChild(textCell(formatNumber(user.activeDeployCount) + " / " + formatNumber(user.deployCount), "mono"));
+          tr.appendChild(textCell(formatNumber(user.requestsToday) + " / " + formatNumber(user.limits.requestsPerDay), "mono"));
+          tr.appendChild(textCell(formatNumber(user.mutationsToday) + " / " + formatNumber(user.limits.mutationsPerDay), "mono"));
+          tr.appendChild(limitInputCell(user, "requestsPerDay", "Request limit"));
+          tr.appendChild(limitInputCell(user, "mutationsPerDay", "Mutation limit"));
+          tr.appendChild(userActionCell(user));
+          userRows.appendChild(tr);
+        }
+
+        if (!summary.users?.length) {
+          const tr = document.createElement("tr");
+          const td = textCell("No claimed users or manual overrides yet.", "mono");
+          td.colSpan = 7;
+          tr.appendChild(td);
+          userRows.appendChild(tr);
+        }
       }
 
       async function loadSummary() {
@@ -1156,6 +1453,35 @@ function adminHtml() {
         show("dashboard");
       }
 
+      async function saveUserLimits(userId, row, explicitLimits) {
+        const limits = explicitLimits || {
+          requestsPerDay: parseLimitValue(row.querySelector('input[data-key="requestsPerDay"]').value, "Request limit"),
+          mutationsPerDay: parseLimitValue(row.querySelector('input[data-key="mutationsPerDay"]').value, "Mutation limit")
+        };
+
+        savingUserId = userId;
+        statusLine.textContent = "Saving limits for " + userId;
+        try {
+          const response = await fetch("/admin/api/users/" + encodeURIComponent(userId) + "/limits", {
+            body: JSON.stringify({ limits }),
+            headers: { "Content-Type": "application/json" },
+            method: "PUT"
+          });
+
+          if (response.status === 401) {
+            show("login");
+            return;
+          }
+          if (!response.ok) {
+            statusLine.textContent = "Save failed";
+            throw new Error(await response.text());
+          }
+        } finally {
+          savingUserId = null;
+        }
+        await loadSummary();
+      }
+
       async function terminateDeploy(deploy) {
         if (!confirm("Terminate " + (deploy.name || deploy.slug) + "?")) {
           return;
@@ -1198,6 +1524,33 @@ function adminHtml() {
         await loadSummary();
       });
 
+      newUserLimitForm.addEventListener("submit", async (event) => {
+        event.preventDefault();
+        const form = new FormData(newUserLimitForm);
+        const userId = String(form.get("userId") || "").trim();
+        if (!userId) {
+          statusLine.textContent = "User id is required.";
+          return;
+        }
+
+        try {
+          const requestsPerDay = parseLimitValue(form.get("requestsPerDay"), "Request limit");
+          const mutationsPerDay = parseLimitValue(form.get("mutationsPerDay"), "Mutation limit");
+          if (!requestsPerDay && !mutationsPerDay) {
+            statusLine.textContent = "Enter at least one custom limit.";
+            return;
+          }
+
+          await saveUserLimits(userId, null, {
+            requestsPerDay,
+            mutationsPerDay
+          });
+          newUserLimitForm.reset();
+        } catch (error) {
+          statusLine.textContent = error instanceof Error ? error.message : String(error);
+        }
+      });
+
       document.getElementById("refresh-button").addEventListener("click", () => {
         void loadSummary();
       });
@@ -1475,10 +1828,99 @@ export class MemoryAnonymousStore {
     this.queues = new Map();
     this.rows = new Map();
     this.serverEnv = new Map();
+    this.users = new Map();
   }
 
   async initialize() {}
 
+  async rememberUser(owner) {
+    const id = normalizeUserId(owner?.id);
+    const user = userFromOwner(owner, this.users.get(id));
+    this.users.set(id, user);
+    return user;
+  }
+
+  async getUserLimitOverrides(userId) {
+    return normalizeUserLimitOverrides(this.users.get(normalizeUserId(userId))?.limitOverrides ?? {});
+  }
+
+  async setUserLimitOverrides(userId, limitOverrides) {
+    const id = normalizeUserId(userId);
+    const current = this.users.get(id) ?? {
+      createdAt: now(),
+      displayName: id,
+      id,
+      limitOverrides: {}
+    };
+    const user = {
+      ...current,
+      displayName: current.displayName ?? current.login ?? id,
+      id,
+      limitOverrides: normalizeUserLimitOverrides(limitOverrides),
+      updatedAt: now()
+    };
+    this.users.set(id, user);
+    return this.getAdminUser(id);
+  }
+
+  async deployWithUserLimitOverrides(deploy) {
+    if (!deploy?.ownerId) {
+      return deploy;
+    }
+
+    const limitOverrides = await this.getUserLimitOverrides(deploy.ownerId);
+    if (Object.keys(limitOverrides).length === 0) {
+      return deploy;
+    }
+
+    return {
+      ...deploy,
+      limits: limitsWithOverrides(deploy.limits, limitOverrides)
+    };
+  }
+
+  async getStoredDeployById(id) {
+    return this.deploys.get(id) ?? null;
+  }
+
+  async getAdminUser(userId) {
+    const id = normalizeUserId(userId);
+    const user = this.users.get(id);
+    if (!user) {
+      return null;
+    }
+
+    const deploys = Array.from(this.deploys.values()).filter((deploy) => deploy.ownerId === id);
+    const usage = [];
+    for (const deploy of deploys) {
+      usage.push(...(await this.readUsage(deploy.id)));
+    }
+
+    return adminUserSummary({
+      activeDeployCount: deploys.filter((deploy) => deploy.status === "active" && !isExpired(deploy)).length,
+      deployCount: deploys.length,
+      usage,
+      user
+    });
+  }
+
+  async listAdminUsers() {
+    for (const deploy of this.deploys.values()) {
+      if (deploy.owner && !this.users.has(deploy.ownerId)) {
+        await this.rememberUser(deploy.owner);
+      }
+    }
+
+    const users = [];
+    for (const user of this.users.values()) {
+      users.push(await this.getAdminUser(user.id));
+    }
+
+    return users
+      .filter(Boolean)
+      .sort((left, right) => String(left.login ?? left.id).localeCompare(String(right.login ?? right.id)));
+  }
+
   storeArtifact({ artifact, artifactHash, clientBundleBase64, clientBundleHash, createdAt }) {
     const currentArtifact = this.artifacts.get(artifactHash);
     this.artifacts.set(artifactHash, {
@@ -1550,7 +1992,7 @@ export class MemoryAnonymousStore {
     requestedTtlSeconds,
     serverEnv
   }) {
-    const currentDeploy = await this.getDeployById(deployId);
+    const currentDeploy = await this.getStoredDeployById(deployId);
     if (!currentDeploy) {
       return null;
     }
@@ -1581,11 +2023,11 @@ export class MemoryAnonymousStore {
     if (serverEnv !== undefined) {
       this.serverEnv.set(deployId, { ...serverEnv });
     }
-    return deploy;
+    return this.deployWithUserLimitOverrides(deploy);
   }
 
   async claimDeploy(deployId, token, owner) {
-    const currentDeploy = await this.getDeployById(deployId);
+    const currentDeploy = await this.getStoredDeployById(deployId);
     if (!currentDeploy) {
       return { status: "missing" };
     }
@@ -1604,12 +2046,13 @@ export class MemoryAnonymousStore {
       owner,
       ownerId: owner.id
     };
+    await this.rememberUser(owner);
     this.deploys.set(deployId, deploy);
-    return { deploy, status: currentDeploy.ownerId ? "already_claimed" : "claimed" };
+    return { deploy: await this.deployWithUserLimitOverrides(deploy), status: currentDeploy.ownerId ? "already_claimed" : "claimed" };
   }
 
   async terminateDeploy(deployId) {
-    const currentDeploy = await this.getDeployById(deployId);
+    const currentDeploy = await this.getStoredDeployById(deployId);
     if (!currentDeploy) {
       return null;
     }
@@ -1619,11 +2062,11 @@ export class MemoryAnonymousStore {
       status: "terminated"
     };
     this.deploys.set(deployId, deploy);
-    return deploy;
+    return this.deployWithUserLimitOverrides(deploy);
   }
 
   async getDeployById(id) {
-    return this.deploys.get(id) ?? null;
+    return this.deployWithUserLimitOverrides(await this.getStoredDeployById(id));
   }
 
   async getDeployBySlug(slug) {
@@ -1786,12 +2229,13 @@ export class MemoryAnonymousStore {
     const summaries = [];
 
     for (const deploy of deploys) {
+      const effectiveDeploy = await this.deployWithUserLimitOverrides(deploy);
       const storedArtifact = await this.getArtifact(deploy.artifactHash);
       summaries.push(
         adminDeploySummary({
           artifact: storedArtifact?.artifact,
           artifactBytes: storedArtifact?.bytes ?? 0,
-          deploy,
+          deploy: effectiveDeploy,
           ...this.logResourceForDeploy(deploy.id),
           ...this.stateResourceForDeploy(deploy.id),
           usage: await this.readUsage(deploy.id)
@@ -1809,11 +2253,12 @@ export class MemoryAnonymousStore {
     const summaries = [];
 
     for (const deploy of deploys) {
+      const effectiveDeploy = await this.deployWithUserLimitOverrides(deploy);
       const storedArtifact = await this.getArtifact(deploy.artifactHash);
       summaries.push(
         developerDeploySummary({
           artifact: storedArtifact?.artifact,
-          deploy,
+          deploy: effectiveDeploy,
           usage: await this.readUsage(deploy.id)
         })
       );
@@ -1907,6 +2352,48 @@ export class PostgresAnonymousStore {
         primary key (deploy_id, env_key)
       )
     `);
+    await this.query(`
+      create table if not exists users(
+        id text primary key,
+        provider text,
+        provider_id text,
+        login text,
+        display_name text,
+        avatar_url text,
+        url text,
+        limit_overrides_json jsonb not null default '{}',
+        created_at timestamptz not null,
+        updated_at timestamptz not null
+      )
+    `);
+    await this.query(`
+      insert into users(
+        id, provider, provider_id, login, display_name, avatar_url, url,
+        limit_overrides_json, created_at, updated_at
+      )
+      select distinct on (owner_id)
+        owner_id,
+        owner_json->>'provider',
+        owner_json->>'providerId',
+        owner_json->>'login',
+        coalesce(owner_json->>'displayName', owner_json->>'login', owner_id),
+        owner_json->>'avatarUrl',
+        owner_json->>'url',
+        '{}'::jsonb,
+        coalesce(claimed_at, created_at, now()),
+        coalesce(claimed_at, created_at, now())
+      from deploys
+      where owner_id is not null
+      order by owner_id, claimed_at desc nulls last, created_at desc
+      on conflict(id) do update set
+        provider = coalesce(excluded.provider, users.provider),
+        provider_id = coalesce(excluded.provider_id, users.provider_id),
+        login = coalesce(excluded.login, users.login),
+        display_name = coalesce(excluded.display_name, users.display_name),
+        avatar_url = coalesce(excluded.avatar_url, users.avatar_url),
+        url = coalesce(excluded.url, users.url),
+        updated_at = greatest(users.updated_at, excluded.updated_at)
+    `);
   }
 
   async query(sql, params = []) {
@@ -1917,6 +2404,199 @@ export class PostgresAnonymousStore {
     return this.pool.query(sql, params);
   }
 
+  rowToUser(row) {
+    if (!row) {
+      return null;
+    }
+
+    return {
+      avatarUrl: row.avatar_url ?? null,
+      createdAt: new Date(row.created_at).toISOString(),
+      displayName: row.display_name ?? row.login ?? row.id,
+      id: row.id,
+      limitOverrides: normalizeUserLimitOverrides(row.limit_overrides_json ?? {}),
+      login: row.login ?? null,
+      provider: row.provider ?? null,
+      providerId: row.provider_id ?? null,
+      updatedAt: new Date(row.updated_at).toISOString(),
+      url: row.url ?? null
+    };
+  }
+
+  async rememberUser(owner) {
+    const user = userFromOwner(owner);
+    const result = await this.query(
+      `
+      insert into users(
+        id, provider, provider_id, login, display_name, avatar_url, url,
+        limit_overrides_json, created_at, updated_at
+      )
+      values($1, $2, $3, $4, $5, $6, $7, '{}'::jsonb, $8, $9)
+      on conflict(id) do update set
+        provider = excluded.provider,
+        provider_id = excluded.provider_id,
+        login = excluded.login,
+        display_name = excluded.display_name,
+        avatar_url = excluded.avatar_url,
+        url = excluded.url,
+        updated_at = excluded.updated_at
+      returning *
+      `,
+      [
+        user.id,
+        user.provider,
+        user.providerId,
+        user.login,
+        user.displayName,
+        user.avatarUrl,
+        user.url,
+        user.createdAt,
+        user.updatedAt
+      ]
+    );
+    return this.rowToUser(result.rows[0]);
+  }
+
+  async getUserLimitOverrides(userId) {
+    const result = await this.query("select limit_overrides_json from users where id = $1", [normalizeUserId(userId)]);
+    return normalizeUserLimitOverrides(result.rows[0]?.limit_overrides_json ?? {});
+  }
+
+  async setUserLimitOverrides(userId, limitOverrides) {
+    const id = normalizeUserId(userId);
+    const updatedAt = now();
+    await this.query(
+      `
+      insert into users(id, display_name, limit_overrides_json, created_at, updated_at)
+      values($1, $2, $3::jsonb, $4, $4)
+      on conflict(id) do update set
+        limit_overrides_json = excluded.limit_overrides_json,
+        updated_at = excluded.updated_at
+      `,
+      [id, id, JSON.stringify(normalizeUserLimitOverrides(limitOverrides)), updatedAt]
+    );
+    return this.getAdminUser(id);
+  }
+
+  async deployWithUserLimitOverrides(deploy) {
+    if (!deploy?.ownerId) {
+      return deploy;
+    }
+
+    const limitOverrides = await this.getUserLimitOverrides(deploy.ownerId);
+    if (Object.keys(limitOverrides).length === 0) {
+      return deploy;
+    }
+
+    return {
+      ...deploy,
+      limits: limitsWithOverrides(deploy.limits, limitOverrides)
+    };
+  }
+
+  async getBaseDeployById(id) {
+    const result = await this.query("select * from deploys where id = $1", [id]);
+    return this.rowToDeploy(result.rows[0]);
+  }
+
+  async getAdminUser(userId) {
+    const windowStart = dayWindowStart();
+    const result = await this.query(
+      `
+      select
+        u.*,
+        coalesce(d.deploy_count, 0)::int as deploy_count,
+        coalesce(d.active_deploy_count, 0)::int as active_deploy_count,
+        coalesce(q.requests_today, 0)::int as requests_today,
+        coalesce(q.mutations_today, 0)::int as mutations_today
+      from users u
+      left join (
+        select
+          owner_id,
+          count(*)::int as deploy_count,
+          count(*) filter (where status = 'active' and expires_at > now())::int as active_deploy_count
+        from deploys
+        where owner_id is not null
+        group by owner_id
+      ) d on d.owner_id = u.id
+      left join (
+        select
+          d.owner_id,
+          coalesce(sum(q.count) filter (where q.bucket = 'requests' and q.window_start = $2), 0)::int as requests_today,
+          coalesce(sum(q.count) filter (where q.bucket = 'mutations' and q.window_start = $2), 0)::int as mutations_today
+        from deploys d
+        join quota_events q on q.deploy_id = d.id
+        where d.owner_id is not null
+        group by d.owner_id
+      ) q on q.owner_id = u.id
+      where u.id = $1
+      `,
+      [normalizeUserId(userId), windowStart]
+    );
+    const row = result.rows[0];
+    if (!row) {
+      return null;
+    }
+
+    return adminUserSummary({
+      activeDeployCount: row.active_deploy_count,
+      deployCount: row.deploy_count,
+      usage: [
+        { bucket: "requests", count: row.requests_today, windowStart },
+        { bucket: "mutations", count: row.mutations_today, windowStart }
+      ],
+      user: this.rowToUser(row)
+    });
+  }
+
+  async listAdminUsers() {
+    const windowStart = dayWindowStart();
+    const result = await this.query(
+      `
+      select
+        u.*,
+        coalesce(d.deploy_count, 0)::int as deploy_count,
+        coalesce(d.active_deploy_count, 0)::int as active_deploy_count,
+        coalesce(q.requests_today, 0)::int as requests_today,
+        coalesce(q.mutations_today, 0)::int as mutations_today
+      from users u
+      left join (
+        select
+          owner_id,
+          count(*)::int as deploy_count,
+          count(*) filter (where status = 'active' and expires_at > now())::int as active_deploy_count
+        from deploys
+        where owner_id is not null
+        group by owner_id
+      ) d on d.owner_id = u.id
+      left join (
+        select
+          d.owner_id,
+          coalesce(sum(q.count) filter (where q.bucket = 'requests' and q.window_start = $1), 0)::int as requests_today,
+          coalesce(sum(q.count) filter (where q.bucket = 'mutations' and q.window_start = $1), 0)::int as mutations_today
+        from deploys d
+        join quota_events q on q.deploy_id = d.id
+        where d.owner_id is not null
+        group by d.owner_id
+      ) q on q.owner_id = u.id
+      order by coalesce(u.login, u.id) asc
+      `,
+      [windowStart]
+    );
+
+    return result.rows.map((row) =>
+      adminUserSummary({
+        activeDeployCount: row.active_deploy_count,
+        deployCount: row.deploy_count,
+        usage: [
+          { bucket: "requests", count: row.requests_today, windowStart },
+          { bucket: "mutations", count: row.mutations_today, windowStart }
+        ],
+        user: this.rowToUser(row)
+      })
+    );
+  }
+
   async storeArtifact({ artifact, artifactHash, clientBundleBase64, clientBundleHash, createdAt }) {
     await this.query(
       `
@@ -2008,7 +2688,7 @@ export class PostgresAnonymousStore {
     requestedTtlSeconds,
     serverEnv
   }) {
-    const currentDeploy = await this.getDeployById(deployId);
+    const currentDeploy = await this.getBaseDeployById(deployId);
     if (!currentDeploy) {
       return null;
     }
@@ -2039,11 +2719,11 @@ export class PostgresAnonymousStore {
     if (serverEnv !== undefined) {
       await this.replaceServerEnv(deployId, serverEnv, createdAt);
     }
-    return this.rowToDeploy(result.rows[0]);
+    return this.deployWithUserLimitOverrides(this.rowToDeploy(result.rows[0]));
   }
 
   async claimDeploy(deployId, token, owner) {
-    const currentDeploy = await this.getDeployById(deployId);
+    const currentDeploy = await this.getBaseDeployById(deployId);
     if (!currentDeploy) {
       return { status: "missing" };
     }
@@ -2068,7 +2748,11 @@ export class PostgresAnonymousStore {
       `,
       [deployId, owner.id, claimedAt, JSON.stringify(owner)]
     );
-    return { deploy: this.rowToDeploy(result.rows[0]), status: currentDeploy.ownerId ? "already_claimed" : "claimed" };
+    await this.rememberUser(owner);
+    return {
+      deploy: await this.deployWithUserLimitOverrides(this.rowToDeploy(result.rows[0])),
+      status: currentDeploy.ownerId ? "already_claimed" : "claimed"
+    };
   }
 
   async terminateDeploy(deployId) {
@@ -2081,7 +2765,7 @@ export class PostgresAnonymousStore {
       `,
       [deployId]
     );
-    return this.rowToDeploy(result.rows[0]);
+    return this.deployWithUserLimitOverrides(this.rowToDeploy(result.rows[0]));
   }
 
   rowToDeploy(row) {
@@ -2109,13 +2793,12 @@ export class PostgresAnonymousStore {
   }
 
   async getDeployById(id) {
-    const result = await this.query("select * from deploys where id = $1", [id]);
-    return this.rowToDeploy(result.rows[0]);
+    return this.deployWithUserLimitOverrides(await this.getBaseDeployById(id));
   }
 
   async getDeployBySlug(slug) {
     const result = await this.query("select * from deploys where slug = $1", [slug]);
-    return this.rowToDeploy(result.rows[0]);
+    return this.deployWithUserLimitOverrides(this.rowToDeploy(result.rows[0]));
   }
 
   async getArtifact(hash) {
@@ -2335,11 +3018,13 @@ export class PostgresAnonymousStore {
       [windowStart]
     );
 
-    return result.rows.map((row) =>
-      adminDeploySummary({
+    return Promise.all(
+      result.rows.map(async (row) => {
+        const deploy = await this.deployWithUserLimitOverrides(this.rowToDeploy(row));
+        return adminDeploySummary({
         artifact: row.artifact_json,
         artifactBytes: row.artifact_bytes,
-        deploy: this.rowToDeploy(row),
+        deploy,
         logBytes: row.log_bytes,
         logEntries: row.log_entries,
         stateBytes: row.state_bytes,
@@ -2348,6 +3033,7 @@ export class PostgresAnonymousStore {
           { bucket: "requests", count: row.requests_today, windowStart },
           { bucket: "mutations", count: row.mutations_today, windowStart }
         ]
+        });
       })
     );
   }
@@ -2377,14 +3063,17 @@ export class PostgresAnonymousStore {
       [ownerId, windowStart]
     );
 
-    return result.rows.map((row) =>
-      developerDeploySummary({
+    return Promise.all(
+      result.rows.map(async (row) => {
+        const deploy = await this.deployWithUserLimitOverrides(this.rowToDeploy(row));
+        return developerDeploySummary({
         artifact: row.artifact_json,
-        deploy: this.rowToDeploy(row),
+        deploy,
         usage: [
           { bucket: "requests", count: row.requests_today, windowStart },
           { bucket: "mutations", count: row.mutations_today, windowStart }
         ]
+        });
       })
     );
   }
@@ -2521,6 +3210,7 @@ export async function startAnonymousServer({
       ...deploy,
       connections: connections.get(deploy.id) ?? 0
     }));
+    const users = await resolvedStore.listAdminUsers();
     const totals = deploys.reduce(
       (acc, deploy) => ({
         artifactBytes: acc.artifactBytes + deploy.artifactBytes,
@@ -2548,7 +3238,9 @@ export async function startAnonymousServer({
       deployCount: deploys.length,
       deploys,
       generatedAt: now(),
-      totals
+      totals,
+      userCount: users.length,
+      users
     };
   }
 
@@ -2574,6 +3266,19 @@ export async function startAnonymousServer({
     }
   }
 
+  async function refreshOwnerSubscriptions(ownerId) {
+    for (const subscription of subscriptions.values()) {
+      if (subscription.deploy.ownerId !== ownerId) {
+        continue;
+      }
+
+      const deploy = await resolvedStore.getDeployById(subscription.deploy.id);
+      if (deploy) {
+        subscription.deploy = deploy;
+      }
+    }
+  }
+
   function closeDeployConnections(deployId) {
     for (const [ws, subscription] of subscriptions) {
       if (subscription.deploy.id !== deployId) {
@@ -2609,6 +3314,14 @@ export async function startAnonymousServer({
     }
   }
 
+  function refreshDeployClients(deploy) {
+    for (const [ws, subscription] of subscriptions) {
+      if (subscription.deploy.id === deploy.id) {
+        websocketSend(ws, { clientBundleHash: deploy.clientBundleHash, op: "refresh" });
+      }
+    }
+  }
+
   const server = createServer(async (req, res) => {
     const host = req.headers.host ?? "localhost";
     const requestUrl = new URL(req.url ?? "/", `http://${host}`);
@@ -2823,6 +3536,34 @@ export async function startAnonymousServer({
         return;
       }
 
+      const userLimitsMatch =
+        req.method === "PUT" ? requestUrl.pathname.match(/^\/admin\/api\/users\/([^/]+)\/limits$/) : null;
+      if (userLimitsMatch) {
+        if (!isAdminConfigured(adminPassword)) {
+          sendJson(res, 503, { error: "Lakebed admin is not configured. Set LAKEBED_ADMIN_PASSWORD." });
+          return;
+        }
+
+        if (!isAdminAuthenticated(req, adminPassword)) {
+          sendJson(res, 401, { error: "Admin authentication required." });
+          return;
+        }
+
+        const body = await readJsonBody(req, 4096);
+        let limitOverrides;
+        try {
+          limitOverrides = normalizeUserLimitOverrides(body.limits ?? body.limitOverrides ?? {});
+        } catch (error) {
+          sendJson(res, 400, { error: error instanceof Error ? error.message : String(error) });
+          return;
+        }
+
+        const user = await resolvedStore.setUserLimitOverrides(decodeURIComponent(userLimitsMatch[1]), limitOverrides);
+        await refreshOwnerSubscriptions(user.id);
+        sendJson(res, 200, { user });
+        return;
+      }
+
       const terminateMatch =
         req.method === "POST"
           ? requestUrl.pathname.match(/^\/admin\/api\/deploys\/([^/]+)\/terminate$/)
@@ -2916,6 +3657,7 @@ export async function startAnonymousServer({
 
         await resolvedStore.appendLog(deploy.id, "info", "anonymous deploy updated", { artifactHash: deploy.artifactHash });
         await refreshDeploySubscriptions(deploy);
+        refreshDeployClients(deploy);
         await publishDeploy(deploy.id);
         sendJson(res, 200, responseForDeploy({ deploy }));
         return;
@@ -2951,7 +3693,8 @@ export async function startAnonymousServer({
 
       const appPath = routeSystemPath(loaded.route.appPath);
       if (req.method === "GET" && (appPath === "/" || appPath === "/index.html" || appPath === "/auth/callback")) {
-        sendText(res, 200, html(loaded.artifact.name ?? "Lakebed Capsule", loaded.basePath, { shooBaseUrl }), {
+        sendText(res, 200, html(loaded.artifact.name ?? "Lakebed Capsule", loaded.basePath, { clientBundleHash: loaded.deploy.clientBundleHash, shooBaseUrl }), {
+          "Cache-Control": "no-store",
           "Content-Type": "text/html; charset=utf-8"
         });
         return;

package/src/client.js

@@ -19,6 +19,7 @@ const pending = new Map();
 const activeSubscriptions = new Set();
 let authInitPromise = null;
 let authInitialized = false;
+let refreshRequested = false;
 
 function toGuestName(name) {
   return (
@@ -68,6 +69,15 @@ function emitQuery(name, value) {
   }
 }
 
+function refreshPage() {
+  if (refreshRequested) {
+    return;
+  }
+
+  refreshRequested = true;
+  window.location.reload();
+}
+
 function send(message) {
   const ws = connect();
   const payload = JSON.stringify(message);
@@ -438,6 +448,11 @@ function connect() {
       return;
     }
 
+    if (message.op === "refresh") {
+      refreshPage();
+      return;
+    }
+
     if (message.id && pending.has(message.id)) {
       const handlers = pending.get(message.id);
       pending.delete(message.id);

package/src/version.js

@@ -1 +1 @@
-export const LAKEBED_VERSION = "0.0.6";
+export const LAKEBED_VERSION = "0.0.7";