Summary
Add an admin-only Cosmos DB document inspector/editor under Data Management that allows administrators to query approved Cosmos DB containers, select a result, view the full document JSON, edit it, and save changes back to Cosmos DB after explicit danger confirmations.
User Value
Administrators need a controlled internal tool for investigating and correcting Cosmos DB records without leaving SimpleChat or using external tooling. This should support operational troubleshooting while clearly warning that direct data edits can affect system stability.
Proposed Behavior
- Add a new Data Management view for a Cosmos DB JSON document editor.
- Protect the entire interface behind an initial danger confirmation explaining that direct Cosmos DB edits can harm system health.
- Enumerate available containers through a dropdown rather than free-form container typing.
- Prefer an allowlist of containers with metadata such as display name, partition key path, and editable/view-only status.
- Provide a query editor.
- Support empty-query browse mode:
- Treat empty query as a safe browse query.
- Limit empty query results to the first 100 documents.
- Do not allow empty-query pagination beyond that first page.
- Support custom query mode:
- Require read-only SELECT queries.
- Use Cosmos continuation-token pagination.
- Limit each request/page to at most 100 results.
- Allow moving beyond the first 100 results by requesting additional pages.
- Display query results as a selectable list with compact metadata such as id, partition key value, common display fields, and preview text.
- Load the selected document into a formatted editable JSON view.
- Validate JSON before saving.
- Require a second explicit confirmation before saving changes back to Cosmos DB.
- Use optimistic concurrency with ETags to prevent overwriting documents that changed after load.
- Reject changes to protected identity fields such as
id and partition key value in the initial implementation.
- Store all meaningful actions in activity logs, including:
- danger gate accepted
- container selected
- query executed
- document opened
- save attempted
- save succeeded
- save failed
- ETag conflict
- invalid JSON rejected
- For edit activity logs, include admin identity, timestamp, container, document id, partition key value, changed-field summary or diff summary, success/failure, and RU charge when available.
- Avoid logging full document bodies by default to reduce sensitive data exposure.
Acceptance Criteria
Notes
Implementation should follow existing SimpleChat admin route patterns, Swagger route security requirements, settings sanitization requirements for frontend routes, and Cosmos DB best practices for pagination, ETags, query limits, and diagnostics.
Summary
Add an admin-only Cosmos DB document inspector/editor under Data Management that allows administrators to query approved Cosmos DB containers, select a result, view the full document JSON, edit it, and save changes back to Cosmos DB after explicit danger confirmations.
User Value
Administrators need a controlled internal tool for investigating and correcting Cosmos DB records without leaving SimpleChat or using external tooling. This should support operational troubleshooting while clearly warning that direct data edits can affect system stability.
Proposed Behavior
idand partition key value in the initial implementation.Acceptance Criteria
idor partition key value are rejected.Notes
Implementation should follow existing SimpleChat admin route patterns, Swagger route security requirements, settings sanitization requirements for frontend routes, and Cosmos DB best practices for pagination, ETags, query limits, and diagnostics.