improvement

Quieter Admin, Stronger Guarantees

A native admin dashboard, runtime provider settings, an audit trail, and a smaller-surface security pass for self-hosted Arivu.

July 2, 2026
Admin Security Self-Hosting Reliability

Before we ship a wave of new features, we wanted the operating layer underneath them to be solid. This update rebuilds the admin experience on the app’s own storage, makes provider configuration a runtime concern instead of a restart concern, and adds a clear audit trail for sensitive actions.

None of this changes what Arivu looks like day to day. It changes how confidently you can run it.

ADMIN Overview, users, system, activity SETTINGS Runtime provider keys, no restart AUDIT Sensitive actions recorded SUPPLY CHAIN Verified builds, pinned scans ONE GO APP, ONE SQLITE DATABASE, ONE PLACE TO LOOK

A Native Admin Dashboard

The admin dashboard now runs entirely on the app’s own SQLite storage. Admins listed in ADMIN_EMAILS get an /admin area with sections for overview, API usage, users, system status, recent activity, collections, and an audit log.

You can invite or remove users, ban and unban accounts, and reset a user’s password when needed. Password resets now use the same modern password storage as the normal change-password flow, so there is no weaker path in for administrators.

What this means for you: If you run Arivu for yourself or a small group, the tools to keep it healthy are built in, and they read from the same database as the rest of the app.

Configure Providers at Runtime

Provider keys for AI, email, and X integration can be set from Settings and take effect immediately. Operational settings are stored in the database, secrets are encrypted at rest, and each value shows where it came from so you can tell a database override from an environment default. Removing an override cleanly reverts to the environment value.

What this means for you: You can rotate a key or connect a provider without editing files and restarting the service.

An Audit Trail You Can Read

Sensitive account, settings, and authentication events now write audit records, and admins can review them from the dashboard. Provider setting updates are restricted to known keys, so the configuration surface stays predictable.

What this means for you: When something changes, there is a record of it. That is the difference between hoping nothing went wrong and being able to check.

A Smaller Security Surface

The rewrite let us keep security controls close to the app instead of scattered across extra services. In this pass:

  • Web, CLI, and extension sessions stay isolated by audience, so a token issued for one surface cannot be reused on another.
  • Sensitive authentication endpoints are throttled against repeated attempts.
  • Outbound page fetching stays pinned to vetted addresses and blocks private or reserved targets.
  • Continuous integration verifies module checksums, runs a pinned vulnerability scanner, and publishes a short-lived build evidence bundle so releases are inspectable.

We are keeping the public description high level on purpose. The takeaway for self-hosters is that the moving parts are fewer and the guarantees are clearer.

Migration, Finished

The legacy migration path is now complete and dependency-free. Moving from the archived implementation uses a JSON export, validates relationships before applying, preserves supported IDs, sanitizes archived content, and re-encrypts migrated secrets under the new key model.

What this means for you: Existing data has a clean, verifiable path forward.


This is deliberately boring work, and that is the point. A calmer admin surface, runtime configuration, a real audit trail, and a smaller security footprint are what make the next features safe to ship.