(feature) Add staff-only JSON inspection API

Expose lightweight Django JSON endpoints for hosts, snapshots, and backup runs using the existing admin/staff authentication boundary. Include filters for snapshot and run inspection, return resolved snapshot base metadata, and document the new /api/ entrypoint. Add endpoint tests for authentication, host summaries, snapshot lineage payloads, and run filtering.
2026-05-19 11:43:50 +02:00
parent d158644567
commit ccd89119da
4 changed files with 271 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -35,6 +35,10 @@ The admin is available at:

 - http://127.0.0.1:8000/admin/

+Staff-only JSON endpoints are available at:
+
+- http://127.0.0.1:8000/api/
+
 ## SQL-First Setup

 Create global config:
@@ -112,6 +116,7 @@ docker compose up --build web
 This starts Django on:

 - http://127.0.0.1:8010/admin/
+- http://127.0.0.1:8010/api/

 Run the scheduler alongside the web admin:

@@ -142,6 +147,7 @@ Discovered snapshots are stored in `SnapshotRecord`, including the base snapshot
 base record when it is known.
 The Django retention command plans from `SnapshotRecord` instead of rediscovering snapshots from the filesystem.
 Post-backup pruning from Django also uses the SQL retention service after the completed snapshot is recorded.
+Staff-only JSON endpoints expose hosts, snapshots, and backup runs for lightweight inspection.

 The remaining internal engine code still contains reusable backup primitives:

@@ -152,7 +158,6 @@ The remaining internal engine code still contains reusable backup primitives:

 Next refactor targets:

- Surface `SnapshotRecord` data through API/admin views instead of filesystem inspection.
 - Move more snapshot lifecycle details into typed domain objects.
 - Replace remaining dictionary-shaped config at engine boundaries.
 - Remove legacy YAML import/export once production migration no longer needs it.