MSS CONTROL PLANE

Connect any app.Control

A premium control plane for GitHub-imported apps, backend services, desktop/mobile gateways and managed MSS instances. The UI is generated from capabilities, and every dangerous action goes through preview, dry-run, passkey step-up and audit.

Open workspace Explore lifecycle

GitHub importSDK adapterCapability-aware UISigned commands

$ mss import github

Automation lifecycleRepository analyzed

NestJS backend, Yarn workspace and Docker support detected.

github.com/mss-systems/mss-link.web

NestJS detectedYarn workspaceDocker compose

Secure command lifecyclePreview → Dry-run → Step-up → Execute → Audit

1Preview

2Dry-run

3Passkey

4Execute

5Audit

Lifecycle storytelling

From source code to a managed control surface.

This is the core product flow: import a project, install a thin adapter, read capabilities, then control the instance through a protected command lifecycle.

01GitHub → analyzer

Import repository

MSS reads the repository shape, detects framework, package manager, Docker files and the safest adapter path.

$ mss import github

repo parsedNestJS / Expressworkspace detected

02SDK → control endpoint

Patch adapter

The integration adds a small MSS Link SDK bridge instead of rewriting application business logic.

+ ControlModule.register()

generated patchcommands registryhealth endpoint

03contract → UI

Verify capabilities

The app tells the admin panel which modules and commands are real. Unsupported controls stay hidden.

GET /control/v1/capabilities

accountssessionsstoragecommands

04preview → audit

Operate safely

Every dangerous command has a visible path: preview, dry-run, passkey step-up, execution, acknowledgement and audit.

REVOKE_SESSION → audit.ok

previewdry-runpasskeyaudit

Capabilities unlock UI

The admin panel does not guess. The app declares what it can do.

Each connected service exposes a small capabilities contract. MSS turns that contract into visible modules, safe command buttons and disabled states.

JSON contract/control/v1/capabilities

{
  "service": "mss-link.web",
  "protocol_version": "v1",
  "capabilities": [
    "accounts",
    "sessions",
    "storage"
  ],
  "supported_commands": [
    "REVOKE_SESSION",
    "APPLY_QUOTAS",
    "ROTATE_WEBHOOK_SECRET"
  ]
}

Generated product surfaceCapability-aware UI

Visible modules

Accountsenabled

Sessionsenabled

Storageenabled

Business Inboxhidden

Abuse toolshidden

Allowed commands

REVOKE_SESSIONenabled

APPLY_QUOTASenabled

ROTATE_WEBHOOK_SECRETenabled

MANUAL_ABUSE_ACTIONdisabled

capabilities.json → enabled modules → command policy → audit trail

Any runtime, one contract

Backend, frontend and gateway services can all become managed instances.

MSS starts with Node/NestJS/Express, Docker and GitHub import, then grows into desktop, mobile and service gateways through the same control API.

NestJSStructured control adapter for modular backend services.

ExpressSmall control endpoints for existing Node applications.

FastifyFast HTTP runtime for lightweight managed services.

DockerLocal, staging and production instance targets.

GitHubRepository import, analysis and adapter patches.

PostgresTenants, instances, commands and audit storage.

RedisNonce reservation, challenge cache and replay protection.

ReactCapability-aware operator UI for connected projects.

Node.jsSDK bridge for JavaScript and TypeScript services.

OpenAPIContract-first integration checks and documentation.

PasskeysStep-up verification before dangerous operations.

SecurityHMAC, timestamp, nonce, body hash and audit envelope.

RuntimeHealth, readiness and command lifecycle state.

Control APIStable bridge between apps and MSS Control Plane.

Security operations

Production control is a visible command lifecycle, not a hidden admin button.

Security is shown as evidence: HMAC, nonce, timestamp, passkey step-up, command acknowledgement and a high-fidelity audit stream.

Project SwitcherMSS Link / production

HEALTH: OK // READINESS: TRUE

Operator NodePasskey verified

Managed topology

tenant: Modular Software Systems

workspace · billing · audit

mss-link.web

accounts · sessions · storage

desktop gateway

devices · sync · command relay

Crypto envelope

hmac signature verifiednonce reserved in redistimestamp drift: 12msbody_hash sha256 matchedpasskey step-up acceptedaudit envelope persistedhmac signature verifiednonce reserved in redistimestamp drift: 12msbody_hash sha256 matchedpasskey step-up acceptedaudit envelope persisted

Audit stream

12:04:18command.previewmss-link.webOK

12:04:22command.dry_runREVOKE_SESSIONOK

12:04:25passkey.step_upoperatorOK

12:04:29command.executemss-link.webQUEUED

Runtime quotas

Redis nonce cache42%

Command queue18%

Audit retention71%

Product system

One admin foundation for every MSS product line.

This public home is not a decorative page. It explains the operating model that will support mss-link.web, future backend services, desktop/mobile gateways and any managed instance connected to MSS.

Instance Registry

One inventory for web apps, backend services, desktop gateways, mobile gateways and future managed MSS runtimes.

Command Center

Preview, dry-run and execute operations without giving operators raw database or server access.

Security Operations

Passkeys, signed requests, nonce replay protection, timestamp checks and audit retention are part of the product surface.

Ready for the next layer

First the premium control surface. Then GitHub import and passkeys become product features.

The landing page now explains why MSS exists: connect applications by contract, unlock only supported modules and execute risky operations through a secure command lifecycle.

Open workspace Sign in to panel