Skip to content

UI guide

The KDBL Context Lake (K-Lake) web console is your day-to-day surface for managing sources, browsing indexed files, and administering users and tokens.

Signing in

Open the URL your administrator provided. You can authenticate with:

  • Personal access token — paste a PAT into the login form
  • Single sign-on (OIDC) — click the SSO button if your tenant is configured for it

A successful login lands you on the dashboard.

Dashboard

Top-level view of your tenant's indexing health.

  • Queue depth — pending, running, completed, failed
  • Per-source rollup — file count, bytes indexed, last crawl time
  • Alerts for sources reporting errors

Use the dashboard as your starting point for "is everything OK right now?"

Sources

The sources page lists every source in your tenant. From here you can:

  • Add a source — opens the new-source form. Pick a protocol (S3, SMB, SMBFS, NFS), fill in connection details, supply credentials. See Sources for protocol details.
  • Open a source — click a row to see its detail page.
  • Sort and filter — by protocol, last crawl, file count, status.

Source detail

Each source's detail page brings together everything you can do with it:

  • Overview — protocol, connection settings, current file count, bytes, last crawl
  • Crawl — trigger a crawl, optionally narrowed to a path prefix
  • Files — paginated browser of every file K-Lake has indexed for the source. Click a row for full metadata.
  • Enrichment — choose which optional metadata caps to gather (tags, ACLs, xattrs) and queue a backfill if you turn one on after the fact
  • Extraction — enable/disable content extraction, set extension/size/path filters, and watch live extraction progress
  • Crawl & extract progress — per-worker live progress panels while a crawl or extraction is running
  • Per-file security trimming — set the trim mode (per_file / source_only / open) and the fail-closed toggle (see security trimming)
  • Settings — enable / disable, toggle bulk-ingest mode, adjust subtree concurrency, SMB3 multi-channel; schedule recurring crawls/backfills
  • History — recent crawl runs with outcomes, errors, and timings
  • Access control — manage which users or groups can see this source

File detail

Opens for any file row. Shows path, size, timestamps, content hash (when available), and protocol-specific metadata such as S3 tags or NTFS / NFSv4 ACLs.

When the server has signed downloads enabled, the header carries Open original (inline preview) and Download buttons. K-Lake doesn't store original bytes — clicking re-fetches the file from its source on demand (permissions re-checked, audited). The buttons are hidden when the feature is off.

Content search

Full-text search over a source's extracted content. Each hit shows the matched file, an in-document locator (page / char / timestamp), and a highlighted snippet. When signed downloads are enabled, each hit also offers an Open original link so you can open the source file and verify the grounding behind a result.

Tokens

Found under your name in the top bar.

  • List — every PAT you've minted, with name and last-used time
  • New token — mint a fresh PAT. The raw value is shown once on creation; copy it immediately.
  • Revoke — invalidate a PAT. Effective immediately.

Tenant administration (admins only)

Tenant administrators see additional pages.

Users — list of users in the tenant. Create new users, edit roles, deactivate accounts.

Tenants — only visible to cluster administrators. Manage all tenants, set OIDC configuration, configure retention overrides, and the Directory correlation card to set a tenant's Entra Graph / AD-LDAP / declared-mapping config (the encrypted secrets stay CLI-only — the card shows a "secret stored / secret pending" badge per block). See directory enrichment.

Accessibility and browser support

The console targets recent Chrome, Firefox, Safari, and Edge releases. Keyboard navigation is supported throughout; the file browser uses standard table semantics.