Skip to content

Stardeck

Stardeck is the Next.js customer dashboard — the "ship's command deck." It ships from starform/stardeck and runs in the infra cluster (or a CDN). Mission Control is the bird's-eye observability view inside Stardeck.

A deliberately thin tab

The PRD has no dedicated Stardeck section — it appears as cross-references from the component map (§1), the binaries table (§3), label consumers (§24), RBAC UI implications (§15.9), and the dashboard reads in the observability pipeline (§35). This page gathers those threads; it will grow into Mission Control and UI/RBAC sub-pages as the frontend is documented in depth.

What Stardeck renders

  • Logs — runtime + build logs with live tail (ClickHouse), scoped per-tenant.
  • The seven customer metrics — latency, RPS, throughput, error rate, CPU, memory, network — read from VictoriaMetrics via the Starbase telemetry-query broker. Every query is scoped by a server-side tenant filter the client cannot override (§35.2 / FR-065), so one tenant's dashboard can never read another's series.
  • Service controls — the starform.io/service-type label (web / worker / cron) tells the UI which icon and controls to render (§24.2).

Mission Control

The bird's-eye view across a workspace's projects and environments — health, deploys, and the metric rollups above. What each role sees is governed by the two-tier RBAC model (§15.9): Owner/Admin/Billing/Member at the workspace, Admin/Developer/Viewer at the project.

What each role sees

The UI implications of the two-tier RBAC model — how the role gates each surface (§15.9).

Projects view (Workspace level):

  • Each project card shows a team avatar stack indicating project members
  • Workspace Owners/Admins see all projects; Workspace Members see only projects they're directly added to
  • Billing role users see only a Billing page; no Projects view

Mission Control (Project level):

  • Breadcrumbs establish hierarchy (Projects / Acme SaaS Platform / production)
  • Protected environments show a lock icon in the environment switcher
  • Developers attempting to deploy to a protected environment see an inline explanation and a "Request Admin approval" CTA (feature deferred, but UI prepared)

Settings:

  • Workspace Settings (profile menu): Team members & roles, Billing, Workspace-wide API keys
  • Project Settings (sidebar): Project members, Environment variables, Custom domains, Integrations

Cross-references

The two-tier RBAC model and permission helpers → §15 · the seven customer metrics it displays → Observability › Metrics · the server-side tenant filter → §35.2 / FR-065 · the service-type label that drives UI controls → §24.2. Canonical map: Canonical Sources.