Admin Panel
Complete guide to the AIGCS management panel
Overview
The AIGCS admin panel is a single-page application (React + TanStack Router) with the following sections:
| Section | Route | Description |
|---|---|---|
| Dashboard | / | System overview and statistics |
| Sites | /sites | Multi-tenant site management |
| Providers | /providers | AI provider configuration |
| Prompts | /prompts | System prompt templates |
| Cache | /cache | Page cache management |
| Reactions | /reactions | Emoji reaction types |
| Users | /users | User management (admin only) |
| Plugins | /plugins | Plugin management |
| Webhooks | /webhooks | Webhook configuration |
| API Tokens | /api-tokens | API access tokens |
| Audit Log | /audit-log | Activity audit trail |
| Profile | /profile | Personal settings |
| Settings | /settings | Global system settings |
Dashboard
The dashboard shows:
- Total Sites — number of registered sites
- Total Providers — AI provider count across all sites
- Total Comments — generated AI comments
- Cached Pages — pages with cached content
Notification Center
The bell icon at the top right of the admin panel serves as a global Notification Center. It automatically polls the background every 30 seconds. You will receive real-time push notifications with an unread red dot for the following events:
- Batch cache warming tasks (Success/Failure)
- RSS feed comment import completion
- New visitor submissions via the native plugin
Site Management
Each Site represents a website where AIGCS comments are embedded.
Site Settings
| Setting | Type | Default | Description |
|---|---|---|---|
autoGenerate | boolean | false | Auto-generate comments on page view |
cacheTtl | number | 3600 | Cache TTL in seconds |
theme | string | auto | Widget theme (auto/light/dark) |
commentPlugin | string | — | Active comment plugin name |
avatarMode | string | aigcs | Avatar mode (aigcs/mravatar/off) |
contentSelector | string | — | CSS selector for page content extraction |
aiBadgePosition | string | nick | AI badge position (nick/br/tl/bl/tr/tl-inline) |
reactionEnabled | boolean | true | Enable emoji reactions |
pingToken | string | — | Ping webhook token |
Comment Markdown
Comments in the admin panel are rendered as Markdown (GFM). Both AI-generated and visitor-submitted comments support bold, italic, inline code, code blocks, links, lists, and blockquotes. Content is sanitized server-side via DOMPurify.
Creating a Site
- Click Add Site
- Enter the Domain (e.g.,
blog.example.com) - Enter the Name (e.g.,
My Blog) - Click Save
AI Provider Management
See the AI Providers section for detailed configuration of all 14+ providers.
Provider Features
- Encrypted API Keys — all API keys are encrypted at rest using AES-256-GCM
- Test Provider — generate a sample comment to verify configuration
- Drag-and-Drop Sort — reorder providers to control comment generation priority
- Custom Avatars — upload SVG avatars for each provider
Provider Defaults
Global provider defaults can be configured in the Providers page. These serve as templates when adding providers to individual sites.
Prompt Templates
Prompt templates are system prompts used to instruct AI models on how to generate comments.
Features
- 8 Languages — zh, en, ja, ko, fr, es, de, pt
- Categories — organize prompts by purpose
- Import — bulk import from GitHub raw JSON URL
- Global System Prompt — prepended to all generation prompts
Prompt Format
Cache Management
The cache system manages page content and AI comment generation.
Cache States
| State | Description |
|---|---|
pending | Awaiting content fetch and generation |
generating | Content being fetched, AI providers generating |
ready | Comments available and cached |
failed | All providers errored during generation |
Operations
- Fetch & Generate — fetch page content and generate comments
- Warm Cache — batch generate for multiple pages. This process runs silently in the background. A generation report will be pushed to the site owner via the top "Notification Center" when finished.
- Clear Cache — remove cached entries
- Restore — recover deleted cache entries
Reaction Management
Six built-in emoji reactions are provided:
| Emoji | Label | Sort |
|---|---|---|
| 👍 | Thumbs Up | 1 |
| 😄 | Smile | 2 |
| 🎉 | Tada | 3 |
| ❤️ | Heart | 4 |
| 🚀 | Rocket | 5 |
| 👀 | Eyes | 6 |
Custom reactions can be added, and any reaction can be enabled/disabled.
User Management
Available to admin role users only.
- List all users
- Create new users
- Edit user details and role
Comment Import/Export
Available per site in the site dashboard. Supports bulk import/export of native visitor comments.
Export
Click Export Comments to download all visitor comments for the site as JSON. Each comment includes: id, path, parentId, authorName, authorEmail, content, status, timestamps.
Import
- Prepare a JSON file with a
commentsarray (or use an exported file) - Click Select File → choose your JSON
- Click Import Comments
- Results show:
{ imported, skipped, total }
Duplicate IDs are automatically skipped.
RSS Auto Import
In addition to manual JSON imports, you can provide an RSS feed URL for a site. The system will automatically parse articles from the RSS and fetch data to build or synchronize the comment article structure for that site. Once fetched, the results will be reported to you via the Notification Center.
Download Template
Click Download Template to get a sample JSON with example comments (including replies) to guide your import format.
Plugin Management
See the Plugins section for details.
Webhook Management
See the Webhooks section for details.
API Tokens
Three scope levels:
| Scope | Permissions |
|---|---|
read | Read-only access to public APIs |
read_write | Read and write access |
admin | Full administrative access |
Tokens start with aigcs_ prefix and are stored as SHA-256 hashes.
Audit Log
Tracks all admin actions with:
- User ID
- Action type
- IP address
- User agent
- Details (JSON)
Audit logs are user-scoped — regular users only see their own actions.
Profile Settings
Avatar
- Max 2MB, formats: png/jpg/gif/webp
- Stored as file in
data/avatars/ - Gravatar fallback with timeout handling
TOTP Two-Factor Authentication
- Setup — click Enable, scan QR code with authenticator app
- Verify — enter a code from the app
- Backup Codes — 8 one-time recovery codes (save them securely)
- Login — after password, enter TOTP code
Change Password
Requires current password verification. Passwords are hashed with Argon2id.
System Settings
SMTP
| Field | Description |
|---|---|
| Host | SMTP server hostname |
| Port | SMTP port (default: 587) |
| User | SMTP username |
| Password | Encrypted at rest |
| From Email | Sender address |
| From Name | Sender display name |
Email Language — set the locale for notification email templates (en or zh). This controls the language of subject lines and body content for all email types (welcome, verification codes, comment notifications, etc.). Templates are fully bilingual.
CAPTCHA
Supported providers:
| Provider | Env Variables |
|---|---|
| Cloudflare Turnstile | TURNSTILE_SITE_KEY, TURNSTILE_SECRET_KEY |
| Google reCAPTCHA | RECAPTCHA_SITE_KEY, RECAPTCHA_SECRET_KEY |
| GeeTest | GEETEST_CAPTCHA_ID, GEETEST_CAPTCHA_KEY |
| hCaptcha | HCAPTCHA_SITE_KEY, HCAPTCHA_SECRET_KEY |
| Altcha | ALTCHA_SITE_KEY, ALTCHA_SECRET_KEY |
| CAP.so | CAP_SITE_KEY, CAP_SECRET_KEY, CAP_VERIFY_URL |
CORS
- Empty list: only the site's domain is allowed
*: allow all origins- Comma-separated URLs: specific origins allowed
When creating or updating a site, http://{domain} and https://{domain} are automatically added to the allowed origins list.
Rate Limiting
| Limit | Default | Scope |
|---|---|---|
| Admin API | 100 req/60s | Per IP |
| Widget Reactions | 50 req/hour | Per visitor |
| Verification Codes | 5 req/day | Per email |