AppView in a box as a Vite plugin thing
hatk.dev
grant admin access to all authenticated users in dev mode
Sets DEV_MODE=1 when running hatk dev, which makes requireAdmin
skip the DID allowlist check. All seeded accounts automatically
have admin access during development.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+9
-2
+5
-1
packages/hatk/src/cli.ts
+5
-1
packages/hatk/src/cli.ts
···
1669
1669
} else {
1670
1670
// No frontend — just run the hatk server directly
1671
1671
const mainPath = resolve(import.meta.dirname!, 'main.js')
1672
-
execSync(`npx tsx ${mainPath} config.yaml`, { stdio: 'inherit', cwd: process.cwd() })
1672
+
execSync(`npx tsx ${mainPath} config.yaml`, {
1673
+
stdio: 'inherit',
1674
+
cwd: process.cwd(),
1675
+
env: { ...process.env, DEV_MODE: '1' },
1676
+
})
1673
1677
}
1674
1678
} catch (e: any) {
1675
1679
if (e.signal === 'SIGINT' || e.signal === 'SIGTERM') process.exit(0)
+3
-1
packages/hatk/src/server.ts
+3
-1
packages/hatk/src/server.ts
···
86
86
): Server {
87
87
const coreXrpc = (method: string) => `/xrpc/dev.hatk.${method}`
88
88
89
+
const devMode = process.env.DEV_MODE === '1'
90
+
89
91
function requireAdmin(viewer: { did: string } | null, res: any): boolean {
90
92
if (!viewer) {
91
93
jsonError(res, 401, 'Authentication required')
92
94
return false
93
95
}
94
-
if (!admins.includes(viewer.did)) {
96
+
if (!devMode && !admins.includes(viewer.did)) {
95
97
jsonError(res, 403, 'Admin access required')
96
98
return false
97
99
}