Echo Prompt Manager - SaaS Edition

A modern, production-ready prompt management and asset versioning system for AI applications. Designed for teams building LLM-powered features at scale.

Features

• Asset Management: Create, organize, and manage AI prompts, context packs, skills, and workflows
• Version Control: Track versions with semantic tagging, status management (draft/approved/active), and activation history
• Change Tracking: Link commits to asset changes with risk level assessment and review workflows
• Execution Logging: Audit trail for every prompt execution with latency and token usage metrics
• CI/CD Integration: Gate checks for AI-related changes with configurable review requirements
• Web UI: Clean, modern dashboard with real-time asset management
• REST API: Fully documented FastAPI endpoints for programmatic access

Architecture

echo-saas/
├── backend/          # FastAPI application
│   ├── main.py      # Core API implementation
│   ├── requirements.txt
│   └── .env.example
├── frontend/        # Web UI (Single-page app)
│   └── index.html
├── docs/            # Documentation
└── .github/
    └── workflows/   # CI/CD pipelines

Tech Stack

• Backend: FastAPI + SQLAlchemy + SQLite (with PostgreSQL support for prod)
• Frontend: Vanilla JavaScript (no build step required)
• Database: SQLite (dev) / PostgreSQL (production)

Getting Started

Prerequisites

• Python 3.9+
• Node.js (optional, for frontend development)
• Git

Installation

One-Command Run (Recommended)

From the repo root, run:

python run_app.py

This launcher will:

• start backend + frontend together
• automatically pick free ports if 8000 or 3000 are busy
• open frontend, API docs, and health URLs in your browser

Press Ctrl+C in that terminal to stop both servers.

Backend Setup

1. Install dependencies:

   cd backend
   pip install -r requirements.txt

2. Configure environment:

   cp .env.example .env
   # Edit .env with your settings

3. Run the server:

   python main.py
   # Or with uvicorn directly:
   uvicorn main:app --reload --port 8000

   The API will be available at http://localhost:8000

Frontend Setup

1. Serve the frontend:

   cd frontend
   # Option 1: Python's built-in server
   python -m http.server 3000
   
   # Option 2: Any HTTP server (Node.js)
   npx serve -p 3000

2. Open in browser:

   http://localhost:3000
   

3. Configure API endpoint:

   • Use the input field in the header to set your backend URL
   • Default: http://127.0.0.1:8000

API Endpoints

Assets

• POST /api/assets/ - Create asset
• GET /api/assets/ - List assets (with filters: q, asset_type, owner, tag)
• GET /api/assets/{asset_id} - Get asset details
• PATCH /api/assets/{asset_id} - Update asset

Versions

• POST /api/assets/{asset_id}/versions/ - Create version
• GET /api/assets/{asset_id}/versions/ - List versions
• POST /api/assets/{asset_id}/versions/{version_id}/activate - Activate version
• GET /api/services/assets/{name}/active - Get active version by asset name

Execution Logs

• POST /api/logs/ - Record execution log
• GET /api/logs/ - List logs (with filters: asset_version_id, request_id, limit)

Changes

• POST /api/changes/ - Register change/commit
• GET /api/changes/ - List changes

Health

• GET /health - Service health check

Database Schema

Core Tables

• assets: Asset metadata (name, type, owner, tags, timestamps)
• asset_versions: Version history with status, prompts, schemas
• execution_logs: Execution records (latency, tokens, inputs, outputs)
• change_requests: Change tracking with risk levels and review status

All relationships support cascading deletes and maintain audit timestamps.

Environment Variables

See backend/.env.example for all available options:

DEBUG=True
DATABASE_URL=sqlite:///./echo_prompt_manager.db
CORS_ORIGINS=["http://localhost:3000"]
API_TITLE=Echo Prompt Manager
API_VERSION=1.0.0

SaaS Roadmap & Future Considerations

Phase 1 (Current)

• ✅ Single-tenant asset management
• ✅ Basic version control
• ✅ Execution logging
• ✅ REST API

Phase 2 (Planned)

• Multi-tenancy: Workspace/organization isolation
• Authentication: JWT + RBAC per tenant
• Database: PostgreSQL migration with connection pooling
• File Storage: S3 integration for large payloads
• Webhooks: Events for asset changes, version activations

Phase 3 (Future)

• Billing Integration: Per-execution pricing, metered usage
• Analytics Dashboard: Execution trends, cost per asset, model comparisons
• Advanced Versioning: A/B testing, canary deployments
• Monitoring: Prometheus metrics, distributed tracing

Critical SaaS Features to Implement Before Production

1. Multi-tenancy:

   • Add tenant_id to all core tables
   • Implement row-level security
   • Isolate data in queries and mutations

2. Authentication & Authorization:

   • OAuth2/JWT token-based auth
   • Role-based access control (Admin, Editor, Viewer per tenant)
   • API key management for service-to-service calls

3. Rate Limiting:

   • Per-tenant rate limits
   • Token bucket algorithm for fairness

4. Secrets Management:

   • No hardcoded credentials in code or database
   • Use environment variables or a secrets vault (HashiCorp Vault, AWS Secrets Manager)

5. Data Isolation:

   • Ensure tenants cannot access each other's data
   • Validate tenant ownership on every API call

6. Audit Logging:

   • Log all mutations with user identity
   • Immutable audit trail for compliance

7. Database Scaling:

   • Switch to PostgreSQL for reliability
   • Implement connection pooling
   • Plan for sharding/multi-database setups

Development

Project Structure

• Backend: Monolithic FastAPI app with ORM models, Pydantic schemas, and API routes
• Frontend: Single-page application (no framework, vanilla JS for simplicity)
• Database: SQLite for development, easily migrated to PostgreSQL

Adding Features

1. Define database models in backend/main.py (ORM section)
2. Create Pydantic request/response models
3. Implement API route with dependency injection for database session
4. Update frontend forms/functionality in frontend/index.html

Testing

# Run with test data
python -c "from backend.main import app; import uvicorn; uvicorn.run(app, host='0.0.0.0', port=8000)"

Deployment

Development

python run_app.py
# Or with uvicorn directly from root:
uvicorn backend.main:app --reload --port 8000

Production

gunicorn main:app --workers 4 --bind 0.0.0.0:8000

Docker (Optional)

FROM python:3.11-slim
WORKDIR /app
COPY backend/requirements.txt .
RUN pip install -r requirements.txt
COPY backend/main.py .
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]

Security Checklist

• No secrets in code or .env committed to Git
• Database backups automated
• API rate limiting configured
• CORS properly restricted in production
• Input validation on all endpoints
• SQL injection prevention (SQLAlchemy ORM used)
• XSS prevention in frontend (HTML escaping implemented)
• HTTPS enforced in production
• Authentication added before multi-tenant deployment

Support & Contribution

See CONTRIBUTING.md for development guidelines and pull request process.

License

See LICENSE for license details.

Changelog

v1.0.0 (Initial Release)

• Asset management system
• Version control with activation
• Execution logging
• Change tracking
• Web UI dashboard
• REST API with OpenAPI documentation

---

Status: Private Alpha
Maintainer: Echo Protocol Team
Last Updated: April 2026