Summary
Add an admin-only Cosmos DB document inspector/editor under Data Management that allows administrators to query approved Cosmos DB containers, select a result, view the full document JSON, edit it, and save changes back to Cosmos DB after explicit danger confirmations.
User Value
Administrators need a controlled internal tool for investigating and correcting Cosmos DB records without leaving SimpleChat or using external tooling. This should support operational troubleshooting while clearly warning that direct data edits can affect system stability.
Proposed Behavior
- Add a new Data Management view for a Cosmos DB JSON document editor.
- Protect the entire interface behind an initial danger confirmation explaining that direct Cosmos DB edits can harm system health.
- Enumerate available containers through a dropdown rather than free-form container typing.
- Prefer an allowlist of containers with metadata such as display name, partition key path, and editable/view-only status.
- Provide a query editor.
- Support empty-query browse mode:
- Treat empty query as a safe browse query.
- Limit empty query results to the first 100 documents.
- Do not allow empty-query pagination beyond that first page.
- Support custom query mode:
- Require read-only SELECT queries.
- Use Cosmos continuation-token pagination.
- Limit each request/page to at most 100 results.
- Allow moving beyond the first 100 results by requesting additional pages.
- Display query results as a selectable list with compact metadata such as id, partition key value, common display fields, and preview text.
- Load the selected document into a formatted editable JSON view.
- Validate JSON before saving.
- Require a second explicit confirmation before saving changes back to Cosmos DB.
- Use optimistic concurrency with ETags to prevent overwriting documents that changed after load.
- Reject changes to protected identity fields such as
id and partition key value in the initial implementation.
- Store all meaningful actions in activity logs, including:
- danger gate accepted
- container selected
- query executed
- document opened
- save attempted
- save succeeded
- save failed
- ETag conflict
- invalid JSON rejected
- For edit activity logs, include admin identity, timestamp, container, document id, partition key value, changed-field summary or diff summary, success/failure, and RU charge when available.
- Avoid logging full document bodies by default to reduce sensitive data exposure.
Acceptance Criteria
- Admins can access the new Data Management Cosmos DB editor view.
- Non-admin users cannot access the view or backing APIs.
- The UI blocks use until the initial high-risk warning is accepted.
- Containers are selected from a backend-provided dropdown, not free text.
- Empty query returns at most 100 documents and does not paginate further.
- Custom SELECT queries support continuation-token pagination with a server-enforced max page size of 100.
- Query results render as selectable list items.
- Selecting a result displays the full document as editable formatted JSON.
- Invalid JSON cannot be saved.
- Saves require an explicit dangerous-operation confirmation.
- Saves use ETag-based optimistic concurrency.
- Attempts to change
id or partition key value are rejected.
- Successful and failed edits are written to activity logs.
- Query, open, and danger-gate actions are written to activity logs.
- Functional tests cover route security, query limits, pagination behavior, JSON validation, protected-field validation, ETag conflict handling, and activity-log writes.
Notes
Implementation should follow existing SimpleChat admin route patterns, Swagger route security requirements, settings sanitization requirements for frontend routes, and Cosmos DB best practices for pagination, ETags, query limits, and diagnostics.
Summary
Add an admin-only Cosmos DB document inspector/editor under Data Management that allows administrators to query approved Cosmos DB containers, select a result, view the full document JSON, edit it, and save changes back to Cosmos DB after explicit danger confirmations.
User Value
Administrators need a controlled internal tool for investigating and correcting Cosmos DB records without leaving SimpleChat or using external tooling. This should support operational troubleshooting while clearly warning that direct data edits can affect system stability.
Proposed Behavior
idand partition key value in the initial implementation.Acceptance Criteria
idor partition key value are rejected.Notes
Implementation should follow existing SimpleChat admin route patterns, Swagger route security requirements, settings sanitization requirements for frontend routes, and Cosmos DB best practices for pagination, ETags, query limits, and diagnostics.