Unified developer command center API: secure workspace‑scoped management of environment variables, prompts, and documentation links.
DEADLINE provides a structured backend for organizing developer knowledge and configuration artifacts across multiple workspaces and environments (e.g. Development / Staging / Production). The API is protected via Firebase-issued ID tokens validated server‑side with the Admin SDK.
- Workspace isolation with owner scoping
- Polymorphic artifact model (ENV_VAR | PROMPT | DOC_LINK)
- Environment‑aware uniqueness constraints
- Global search & environment‑filtered listing endpoints
- OpenAPI 3 schema + Swagger UI via drf-spectacular
- Strict Firebase authentication (no dev bypass in code)
- Django + DRF
- Firebase Admin Authentication
- SQLite (local) — can be swapped for Postgres in production
- python‑decouple for configuration
- drf-spectacular for schema + docs
deadline_api/ # Django project settings & root URLConf
workspaces/ # Workspace & environment models + endpoints
artifacts/ # Artifact models (through validation & constraints)
auth_firebase/ # Firebase auth backend & permission logic
my-docs/ # Ancillary documentation (kept optional)
git clone <repo-url>
cd capstone-server
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -r requirements.txt
cp .env.example .env
python manage.py migrate
python manage.py runserverVisit:
- Swagger UI: http://127.0.0.1:8000/api/docs/
- OpenAPI JSON: http://127.0.0.1:8000/api/schema/
| Variable | Purpose | Required | Notes |
|---|---|---|---|
| SECRET_KEY | Django cryptographic key | Yes (prod) | Auto default only for local dev |
| DEBUG | Enable Django debug mode | No | Must be False in production |
| ALLOWED_HOSTS | Comma list of hostnames | Yes (prod) | localhost,127.0.0.1 for dev |
| FIREBASE_CREDENTIALS_FILE | Path to service account JSON | Yes (prod) | Preferred credential method |
| FIREBASE_* | Individual Firebase fields | Alt | Fallback if file not used |
The application logs warnings (not prints) if Firebase credentials are absent while DEBUG=True.
Clients obtain Firebase ID tokens via the frontend Firebase SDK and send them as Authorization: Bearer <token> headers. The backend:
- Verifies the token using Firebase Admin
- Attaches a lightweight user object with
uid - Applies workspace ownership filtering & permissions
Workspace:
name,description,owner_uid
Artifact:
workspaceFKkindchoice (ENV_VAR, PROMPT, DOC_LINK)- Uniqueness constraints on
(workspace, kind, key)and(workspace, kind, title)where fields are applicable - Type‑specific validation in serializer / model clean
GET /api/v1/workspaces/
POST /api/v1/workspaces/
GET /api/v1/workspaces/{id}/
GET /api/v1/workspaces/{id}/artifacts/?kind=ENV_VAR
POST /api/v1/workspaces/{id}/artifacts/
GET /api/v1/search/artifacts/?q=...All endpoints (except potential future health-check) require valid Firebase authentication.
The project contains a comprehensive Django test suite. Run tests with:
python manage.py test -v 2- Set
DEBUG=False - Provide strong
SECRET_KEY - Configure
ALLOWED_HOSTS - Supply Firebase service account JSON via
FIREBASE_CREDENTIALS_FILE - Enforce HTTPS at the reverse proxy (e.g. Nginx / Cloud Load Balancer)
- Add database (PostgreSQL) & run migrations
- Enable structured logging (configure LOGGING dict)
- Add monitoring (health endpoint + metrics)
- Build image (containerize Django app)
- Run migrations on release
- Start application with WSGI server (gunicorn / uwsgi)
- Serve static files via CDN / reverse proxy
- Apply Django checks:
python manage.py check --deploy
Example gunicorn invocation:
gunicorn deadline_api.wsgi:application \
--bind 0.0.0.0:8000 \
--workers 3 \
--timeout 60All runtime warnings (Firebase init, etc.) use the standard logging API. Configure LOGGING in deadline_api/settings.py or via an environment‑specific module. Example minimal config:
LOGGING = {
"version": 1,
"disable_existing_loggers": False,
"handlers": {"console": {"class": "logging.StreamHandler"}},
"root": {"handlers": ["console"], "level": "INFO"},
}- No plaintext secrets should be committed (sample
.env.exampleprovided) - All authentication enforced server‑side; no dev bypass logic present
- ENV_VAR values are masked in standard responses; a dedicated action returns the unmasked value for owners
- Workspace ↔ EnvironmentType Many‑to‑Many via
WorkspaceEnvironmentjoin - Artifact ↔ Tag Many‑to‑Many via explicit through model
ArtifactTag - Query performance:
select_related/prefetch_relatedused in viewsets
| Area | Next Targets |
|---|---|
| Artifacts | Bulk import/export, masking strategy |
| Search | Cross-field partial + relevance ranking |
| Auth | Token revocation cache / short-lived session tokens |
| Observability | Structured audit log for artifact changes |
Add your chosen license (MIT, Apache-2.0, etc.).
Provide contact or team identity here.
"DEADLINE API" – Foundational layer for a unified developer operations hub.