using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Routing; using Microsoft.EntityFrameworkCore; using TeamUp.Modules.OrgBoard.Domain; using TeamUp.Modules.OrgBoard.Persistence; using TeamUp.SharedKernel.Access; using TeamUp.SharedKernel.Auditing; using TeamUp.SharedKernel.Modularity; namespace TeamUp.Modules.OrgBoard.Endpoints; internal static class OrgBoardEndpoints { public static void Map(IEndpointRouteBuilder endpoints) { var group = endpoints.MapGroup("/api/orgboard").WithTags("OrgBoard"); group.MapGet("/ping", () => TypedResults.Ok(new ModulePing("orgboard"))); group.MapPost("/organizations", CreateOrganization).RequireAuthorization(); group.MapPost("/teams", CreateTeam).RequireAuthorization(); group.MapGet("/teams", ListTeams).RequireAuthorization(); group.MapPost("/tasks", CreateTask).RequireAuthorization(); group.MapGet("/board", GetBoard).RequireAuthorization(); group.MapPatch("/tasks/{id:guid}/move", MoveTask).RequireAuthorization(); group.MapPatch("/tasks/{id:guid}/assign", AssignTask).RequireAuthorization(); group.MapGet("/cartable", Cartable).RequireAuthorization(); group.MapPost("/seats", CreateSeat).RequireAuthorization(); group.MapGet("/seats", ListSeats).RequireAuthorization(); group.MapPost("/seats/{id:guid}/agent", ConfigureAgent).RequireAuthorization(); group.MapGet("/seats/{id:guid}/agent", GetAgent).RequireAuthorization(); group.MapGet("/performance", PerformanceEndpoints.Get).RequireAuthorization(); } private static TaskResponse ToResponse(WorkItem item) => new( item.Id, item.TeamId, item.Title, item.Description, item.Type.ToString(), item.Status.ToString(), item.AssigneeKind.ToString(), item.AssigneeId, item.ParentId); private static async Task CreateOrganization( CreateOrganizationRequest request, IPermissionService permissions, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct) { if (!permissions.Has(Capability.CreateProductsAndTeams, ScopeRef.Org(request.OrganizationId))) { return Results.Forbid(); } if (string.IsNullOrWhiteSpace(request.Name)) { return Results.BadRequest("Name is required."); } var organization = await db.Organizations.FirstOrDefaultAsync(o => o.Id == request.OrganizationId, ct); if (organization is null) { organization = new Organization(request.OrganizationId, request.Name.Trim(), clock.GetUtcNow()); db.Organizations.Add(organization); } else { organization.Rename(request.Name.Trim()); } await db.SaveChangesAsync(ct); return Results.Ok(new OrganizationResponse(organization.Id, organization.Name)); } private static async Task CreateTeam( CreateTeamRequest request, ICurrentUser user, IPermissionService permissions, IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct) { if (!permissions.Has(Capability.CreateProductsAndTeams, ScopeRef.Org(request.OrganizationId))) { return Results.Forbid(); } if (string.IsNullOrWhiteSpace(request.Name)) { return Results.BadRequest("Name is required."); } if (!await db.Organizations.AnyAsync(o => o.Id == request.OrganizationId, ct)) { return Results.BadRequest("Organization does not exist; create it first."); } var team = new Team(request.OrganizationId, request.Name.Trim(), clock.GetUtcNow()); db.Teams.Add(team); await db.SaveChangesAsync(ct); await audit.WriteAsync(new AuditEvent("team.created", "Team", team.Id, user.MemberId, team.Name), ct); return Results.Ok(new TeamResponse(team.Id, team.OrganizationId, team.Name)); } private static async Task ListTeams( Guid organizationId, IPermissionService permissions, OrgBoardDbContext db, CancellationToken ct) { if (!permissions.Has(Capability.ViewBoard, ScopeRef.Org(organizationId))) { return Results.Forbid(); } var teams = await db.Teams .Where(t => t.OrganizationId == organizationId) .OrderBy(t => t.CreatedAtUtc) .Select(t => new TeamResponse(t.Id, t.OrganizationId, t.Name)) .ToListAsync(ct); return Results.Ok(teams); } private static async Task CreateTask( CreateTaskRequest request, ICurrentUser user, IPermissionService permissions, IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct) { var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == request.TeamId, ct); if (team is null) { return Results.NotFound("Team not found."); } if (!permissions.Has(Capability.WorkTasks, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId))) { return Results.Forbid(); } if (string.IsNullOrWhiteSpace(request.Title)) { return Results.BadRequest("Title is required."); } var item = new WorkItem(team.Id, request.Title.Trim(), request.Description, request.Type, user.MemberId, clock.GetUtcNow()); db.WorkItems.Add(item); await db.SaveChangesAsync(ct); await audit.WriteAsync(new AuditEvent("task.created", "WorkItem", item.Id, user.MemberId, item.Title), ct); return Results.Ok(ToResponse(item)); } private static async Task GetBoard( Guid teamId, IPermissionService permissions, OrgBoardDbContext db, CancellationToken ct) { var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == teamId, ct); if (team is null) { return Results.NotFound("Team not found."); } if (!permissions.Has(Capability.ViewBoard, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId))) { return Results.Forbid(); } var items = await db.WorkItems.Where(w => w.TeamId == teamId).OrderBy(w => w.CreatedAtUtc).ToListAsync(ct); var columns = Enum.GetValues() .Select(status => new BoardColumn( status.ToString(), items.Where(i => i.Status == status).Select(ToResponse).ToList())) .ToList(); return Results.Ok(new BoardResponse(teamId, columns)); } private static async Task MoveTask( Guid id, MoveTaskRequest request, ICurrentUser user, IPermissionService permissions, IAuditLog audit, Runtime.QaHandoffTrigger handoff, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct) { var (item, team, error) = await LoadItemWithTeam(db, id, ct); if (error is not null) { return error; } if (!permissions.Has(Capability.WorkTasks, ScopeRef.Team(team!.Id), ScopeRef.Org(team.OrganizationId))) { return Results.Forbid(); } var fromStatus = item!.Status; item.MoveTo(request.Status, clock.GetUtcNow()); if (fromStatus != request.Status) { // The raw material for working-hours / cycle-time accountability metrics. db.Transitions.Add(new WorkItemTransition( item.Id, team.Id, fromStatus, request.Status, user.MemberId, clock.GetUtcNow())); } await db.SaveChangesAsync(ct); await audit.WriteAsync(new AuditEvent("task.moved", "WorkItem", item.Id, user.MemberId, request.Status.ToString()), ct); // The single V1 trigger: hitting done hands off to the team's QA AI seat. if (request.Status == WorkItemStatus.Done) { await handoff.OnTaskDoneAsync(item, user.MemberId, ct); } return Results.Ok(ToResponse(item)); } private static async Task AssignTask( Guid id, AssignTaskRequest request, ICurrentUser user, IPermissionService permissions, IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct) { var (item, team, error) = await LoadItemWithTeam(db, id, ct); if (error is not null) { return error; } if (!permissions.Has(Capability.WorkTasks, ScopeRef.Team(team!.Id), ScopeRef.Org(team.OrganizationId))) { return Results.Forbid(); } item!.AssignToMember(request.MemberId, clock.GetUtcNow()); await db.SaveChangesAsync(ct); await audit.WriteAsync(new AuditEvent("task.assigned", "WorkItem", item.Id, user.MemberId, request.MemberId.ToString()), ct); return Results.Ok(ToResponse(item)); } private static async Task Cartable(ICurrentUser user, OrgBoardDbContext db, CancellationToken ct) { var memberId = user.MemberId; var items = await db.WorkItems .Where(w => w.AssigneeKind == AssigneeKind.Member && w.AssigneeId == memberId) .OrderByDescending(w => w.UpdatedAtUtc) .ToListAsync(ct); return Results.Ok(items.Select(ToResponse).ToList()); } private static async Task<(WorkItem? Item, Team? Team, IResult? Error)> LoadItemWithTeam( OrgBoardDbContext db, Guid itemId, CancellationToken ct) { var item = await db.WorkItems.FirstOrDefaultAsync(w => w.Id == itemId, ct); if (item is null) { return (null, null, Results.NotFound("Task not found.")); } var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == item.TeamId, ct); if (team is null) { return (null, null, Results.NotFound("Team not found.")); } return (item, team, null); } private static SeatResponse ToSeat(Seat seat) => new(seat.Id, seat.TeamId, seat.RoleName, seat.State.ToString(), seat.MemberId, seat.AgentId); private static AgentResponse ToAgent(Agent agent) => new( agent.Id, agent.SeatId, agent.Name, agent.Monogram, agent.Autonomy.ToString(), agent.ApiConfigId, agent.FallbackApiConfigId, agent.SkillKeys, agent.Docs); private static async Task CreateSeat( CreateSeatRequest request, ICurrentUser user, IPermissionService permissions, IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct) { var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == request.TeamId, ct); if (team is null) { return Results.NotFound("Team not found."); } if (!permissions.Has(Capability.ConfigureAgents, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId))) { return Results.Forbid(); } if (string.IsNullOrWhiteSpace(request.RoleName)) { return Results.BadRequest("RoleName is required."); } var seat = new Seat(team.Id, request.RoleName.Trim(), SeatState.Open, clock.GetUtcNow()); db.Seats.Add(seat); await db.SaveChangesAsync(ct); await audit.WriteAsync(new AuditEvent("seat.created", "Seat", seat.Id, user.MemberId, request.RoleName), ct); return Results.Ok(ToSeat(seat)); } private static async Task ListSeats( Guid teamId, IPermissionService permissions, OrgBoardDbContext db, CancellationToken ct) { var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == teamId, ct); if (team is null) { return Results.NotFound("Team not found."); } if (!permissions.Has(Capability.ViewBoard, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId))) { return Results.Forbid(); } var seats = await db.Seats.Where(s => s.TeamId == teamId).OrderBy(s => s.CreatedAtUtc).ToListAsync(ct); return Results.Ok(seats.Select(ToSeat).ToList()); } private static async Task ConfigureAgent( Guid id, ConfigureAgentRequest request, ICurrentUser user, IPermissionService permissions, IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct) { var seat = await db.Seats.FirstOrDefaultAsync(s => s.Id == id, ct); if (seat is null) { return Results.NotFound("Seat not found."); } var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == seat.TeamId, ct); if (team is null) { return Results.NotFound("Team not found."); } if (!permissions.Has(Capability.ConfigureAgents, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId))) { return Results.Forbid(); } if (string.IsNullOrWhiteSpace(request.Name) || request.ApiConfigId == Guid.Empty) { return Results.BadRequest("Name and apiConfigId are required."); } var now = clock.GetUtcNow(); var agent = await db.Agents.FirstOrDefaultAsync(a => a.SeatId == seat.Id, ct); var isNew = agent is null; agent ??= new Agent(seat.Id, now); agent.Configure( request.Name.Trim(), request.Monogram, request.Autonomy, request.ApiConfigId, request.FallbackApiConfigId, request.SkillKeys ?? [], request.Docs ?? [], now); if (isNew) { db.Agents.Add(agent); } seat.AssignAgent(agent.Id); await db.SaveChangesAsync(ct); await audit.WriteAsync(new AuditEvent("agent.configured", "Agent", agent.Id, user.MemberId, agent.Name), ct); return Results.Ok(ToAgent(agent)); } private static async Task GetAgent( Guid id, IPermissionService permissions, OrgBoardDbContext db, CancellationToken ct) { var seat = await db.Seats.FirstOrDefaultAsync(s => s.Id == id, ct); if (seat is null) { return Results.NotFound("Seat not found."); } var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == seat.TeamId, ct); if (team is null) { return Results.NotFound("Team not found."); } if (!permissions.Has(Capability.ViewBoard, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId))) { return Results.Forbid(); } var agent = await db.Agents.FirstOrDefaultAsync(a => a.SeatId == seat.Id, ct); return agent is null ? Results.NotFound("Seat has no agent configured.") : Results.Ok(ToAgent(agent)); } }