Jimmy CC Platform — AI-Integrated Community Operations
Express v5 · React 18 · Supabase · Claude API · node-pty · xterm.js · Monaco Editor · Discord OAuth · 2025
Overview
Jimmy CC is a community operations platform operated by JCCIDC. It is not a landing page with a contact form — it is a full-stack web application serving an active community with public content, RBAC-gated resources, an admin operations console, an embedded AI assistant with 23 production tools, a WebSocket terminal, interactive script visualizers, and a hardware flashing workflow. Every feature is wired to real production state: Supabase for auth and data, Discord OAuth for identity, pm2 on a VPS for runtime, nginx for TLS termination.
The Challenge
Running a community at any scale requires admin tooling that doesn't exist off-the-shelf. The platform needed to serve public visitors, gate premium resources behind Discord roles, give admins a conversational AI interface to the entire stack (database, filesystem, git, process manager), provide a real terminal for emergency access, host interactive script visualizers for the community, and manage hardware flashing workflows — all under a single auth model.
Architecture
| Layer | Technology |
|---|---|
| Public Site | React 18 |
| API | Express v5 |
| Auth | Discord OAuth via Supabase |
| Database | Supabase PostgreSQL + RLS |
| AI | Claude sonnet-4, 23 tools |
| Terminal | ws + node-pty + xterm.js |
| Editor | Monaco |
| Infrastructure | Ubuntu VPS, nginx, pm2, Let's Encrypt |
Feature 1 — Admin AI Assistant with 23 Production Tools
The Claude admin assistant is the primary interface for platform operations. It has access to 23 tools spanning three permission tiers:
Read-only (10, no approval required):
supabaseQuery, supabaseSchema, readFile, listFiles, searchFiles, gitLog, gitStatus, httpCheck, readLogs, scanTrademarks
Write (7, require explicit approval):
supabaseInsert, supabaseUpdate, supabaseDelete, writeFile, gitCommit, gitPush, pm2Restart
Admin commands (6, domain-specific):
queryScriptUploads, queryBugReports, triageBug, getDashboardStats, getMessageInbox, getDiscordStats
The tool approval UI separates safe reads from destructive writes. Claude can freely observe the entire system but cannot mutate state without human confirmation. See the 16-tool Claude deep dive →
Feature 2 — WebSocket Terminal with Auth-Gated PTY
The platform includes a real terminal — not a simulated shell, but a full PTY session via node-pty. The browser connects over WebSocket, and keystrokes are forwarded to a real bash process on the server. xterm.js renders the terminal with proper ANSI escape handling. Access is gated behind the same Discord OAuth + Supabase admin whitelist used for the AI assistant.
Feature 3 — Interactive Script Visualizers (Workshop)
The public workshop hosts 6 interactive script visualizers. Each visualizer renders a Monaco editor with the script source, a feature breakdown, and an 8-axis radar chart showing the script's profile across categories like aim behavior, recoil management, rapid-fire, and movement. These are community-facing — no auth required.
Feature 4 — Multi-Slot Hardware Flashing
The platform supports a multi-slot hardware flashing workflow for community scripts. Users select a device slot, upload compiled bytecode, and the platform handles the transfer protocol. The workflow is integrated into the admin console alongside the AI assistant and terminal.
Feature 5 — Discord Bot Event Tracking
A companion Discord bot feeds community events (joins, leaves, role changes, message activity) into Supabase. The admin dashboard surfaces these events as live stats accessible both through the web UI and through the Claude assistant's getDiscordStats tool.
Key Design Decisions
- Claude as admin interface — conversational access to the full stack, not a separate admin panel
- Two-layer auth — Discord OAuth for identity, Supabase admin whitelist for authorization
- Write ops require filters — supabaseUpdate/Delete require a WHERE filter; blanket mutations are rejected
- Tool approval UI — read-only ops auto-execute, writes surface for human confirmation
- Path sanitization — readFile/writeFile enforce allowed directories, block traversal
- Rate limiting — per-user request throttling on all API and AI endpoints