"""Instance-admin surface — owner-only (OWNER_EMAIL). Operational status and instance-wide configuration. Deliberately exposes no tree contents or PII: instance ownership is an operator role, not a privacy bypass.""" from sqlalchemy import func, select from fastapi import APIRouter from app.api.deps import InstanceOwner, SessionDep, configured_llm_providers from app.core.config import get_settings from app.models.tree import Tree from app.models.user import User from app.schemas.admin import InstanceStatus from app.schemas.ai_policy import ConfiguredProvider router = APIRouter(prefix="/admin", tags=["admin"]) @router.get("/instance", response_model=InstanceStatus) async def instance_status(owner: InstanceOwner, session: SessionDep) -> InstanceStatus: """Operator dashboard data. Requires the caller to be an instance owner.""" s = get_settings() user_count = await session.scalar( select(func.count()).select_from(User).where(User.deleted_at.is_(None)) ) tree_count = await session.scalar( select(func.count()).select_from(Tree).where(Tree.deleted_at.is_(None)) ) return InstanceStatus( version=s.version, env=s.app_env, owner_emails=sorted(s.owner_emails()), require_email_verification=s.require_email_verification, user_count=user_count or 0, tree_count=tree_count or 0, default_llm_provider=s.default_llm_provider, ai_providers=[ConfiguredProvider(**p) for p in configured_llm_providers()], )