soroush.asadi
d853609213
UI (daily-drivable now): - Board: dnd-kit drag-and-drop between columns; click a card → task detail drawer (Sheet) with status, member assignee picker, send-to-AI-seat dispatch, description/artifact, parent/children navigation; seat-triad assignee chips (AI indigo monogram / human slate). - Cartable page (the personal pending slice), Members & invitations page (invite + copy join token; V1 sends no email), Review inbox now shows a word-level diff of your edits vs the proposal (lib/diff.ts, LCS), Org chart page (React Flow: org → teams → seats in the human/open/AI triad). Nav reordered; nothing left "soon". Accountability & benchmarking: - Identity: GET /members (directory + org role) and GET /invitations (with join token, inviter-only) — the directory also resolves names client-side everywhere. - OrgBoard: work_item_transitions recorded on every status change (AddWorkItemTransitions migration); GET /performance — per assignee (human and AI on the same scale): pending by column, done, worked hours (time in InProgress), avg cycle time (start of work → done), plus the unassigned-pending count. Owner-level capability. - Performance page: benchmark table merging board metrics with AI trust metrics (approval rate + edit distance from analytics); flags work with no one accountable. Verified: build green; ArchitectureTests 8/8; IntegrationTests 43/43 (new: directory, invitations list + Member 403s, transition-derived worked-hours/cycle-time, unassigned count); client npm build green (TS strict). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
374 lines
14 KiB
C#
374 lines
14 KiB
C#
using Microsoft.AspNetCore.Builder;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Routing;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using TeamUp.Modules.OrgBoard.Domain;
|
|
using TeamUp.Modules.OrgBoard.Persistence;
|
|
using TeamUp.SharedKernel.Access;
|
|
using TeamUp.SharedKernel.Auditing;
|
|
using TeamUp.SharedKernel.Modularity;
|
|
|
|
namespace TeamUp.Modules.OrgBoard.Endpoints;
|
|
|
|
internal static class OrgBoardEndpoints
|
|
{
|
|
public static void Map(IEndpointRouteBuilder endpoints)
|
|
{
|
|
var group = endpoints.MapGroup("/api/orgboard").WithTags("OrgBoard");
|
|
|
|
group.MapGet("/ping", () => TypedResults.Ok(new ModulePing("orgboard")));
|
|
group.MapPost("/organizations", CreateOrganization).RequireAuthorization();
|
|
group.MapPost("/teams", CreateTeam).RequireAuthorization();
|
|
group.MapGet("/teams", ListTeams).RequireAuthorization();
|
|
group.MapPost("/tasks", CreateTask).RequireAuthorization();
|
|
group.MapGet("/board", GetBoard).RequireAuthorization();
|
|
group.MapPatch("/tasks/{id:guid}/move", MoveTask).RequireAuthorization();
|
|
group.MapPatch("/tasks/{id:guid}/assign", AssignTask).RequireAuthorization();
|
|
group.MapGet("/cartable", Cartable).RequireAuthorization();
|
|
|
|
group.MapPost("/seats", CreateSeat).RequireAuthorization();
|
|
group.MapGet("/seats", ListSeats).RequireAuthorization();
|
|
group.MapPost("/seats/{id:guid}/agent", ConfigureAgent).RequireAuthorization();
|
|
group.MapGet("/seats/{id:guid}/agent", GetAgent).RequireAuthorization();
|
|
|
|
group.MapGet("/performance", PerformanceEndpoints.Get).RequireAuthorization();
|
|
}
|
|
|
|
private static TaskResponse ToResponse(WorkItem item) => new(
|
|
item.Id, item.TeamId, item.Title, item.Description,
|
|
item.Type.ToString(), item.Status.ToString(), item.AssigneeKind.ToString(),
|
|
item.AssigneeId, item.ParentId);
|
|
|
|
private static async Task<IResult> CreateOrganization(
|
|
CreateOrganizationRequest request, IPermissionService permissions,
|
|
OrgBoardDbContext db, TimeProvider clock, CancellationToken ct)
|
|
{
|
|
if (!permissions.Has(Capability.CreateProductsAndTeams, ScopeRef.Org(request.OrganizationId)))
|
|
{
|
|
return Results.Forbid();
|
|
}
|
|
|
|
if (string.IsNullOrWhiteSpace(request.Name))
|
|
{
|
|
return Results.BadRequest("Name is required.");
|
|
}
|
|
|
|
var organization = await db.Organizations.FirstOrDefaultAsync(o => o.Id == request.OrganizationId, ct);
|
|
if (organization is null)
|
|
{
|
|
organization = new Organization(request.OrganizationId, request.Name.Trim(), clock.GetUtcNow());
|
|
db.Organizations.Add(organization);
|
|
}
|
|
else
|
|
{
|
|
organization.Rename(request.Name.Trim());
|
|
}
|
|
|
|
await db.SaveChangesAsync(ct);
|
|
return Results.Ok(new OrganizationResponse(organization.Id, organization.Name));
|
|
}
|
|
|
|
private static async Task<IResult> CreateTeam(
|
|
CreateTeamRequest request, ICurrentUser user, IPermissionService permissions,
|
|
IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct)
|
|
{
|
|
if (!permissions.Has(Capability.CreateProductsAndTeams, ScopeRef.Org(request.OrganizationId)))
|
|
{
|
|
return Results.Forbid();
|
|
}
|
|
|
|
if (string.IsNullOrWhiteSpace(request.Name))
|
|
{
|
|
return Results.BadRequest("Name is required.");
|
|
}
|
|
|
|
if (!await db.Organizations.AnyAsync(o => o.Id == request.OrganizationId, ct))
|
|
{
|
|
return Results.BadRequest("Organization does not exist; create it first.");
|
|
}
|
|
|
|
var team = new Team(request.OrganizationId, request.Name.Trim(), clock.GetUtcNow());
|
|
db.Teams.Add(team);
|
|
await db.SaveChangesAsync(ct);
|
|
await audit.WriteAsync(new AuditEvent("team.created", "Team", team.Id, user.MemberId, team.Name), ct);
|
|
return Results.Ok(new TeamResponse(team.Id, team.OrganizationId, team.Name));
|
|
}
|
|
|
|
private static async Task<IResult> ListTeams(
|
|
Guid organizationId, IPermissionService permissions, OrgBoardDbContext db, CancellationToken ct)
|
|
{
|
|
if (!permissions.Has(Capability.ViewBoard, ScopeRef.Org(organizationId)))
|
|
{
|
|
return Results.Forbid();
|
|
}
|
|
|
|
var teams = await db.Teams
|
|
.Where(t => t.OrganizationId == organizationId)
|
|
.OrderBy(t => t.CreatedAtUtc)
|
|
.Select(t => new TeamResponse(t.Id, t.OrganizationId, t.Name))
|
|
.ToListAsync(ct);
|
|
|
|
return Results.Ok(teams);
|
|
}
|
|
|
|
private static async Task<IResult> CreateTask(
|
|
CreateTaskRequest request, ICurrentUser user, IPermissionService permissions,
|
|
IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct)
|
|
{
|
|
var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == request.TeamId, ct);
|
|
if (team is null)
|
|
{
|
|
return Results.NotFound("Team not found.");
|
|
}
|
|
|
|
if (!permissions.Has(Capability.WorkTasks, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId)))
|
|
{
|
|
return Results.Forbid();
|
|
}
|
|
|
|
if (string.IsNullOrWhiteSpace(request.Title))
|
|
{
|
|
return Results.BadRequest("Title is required.");
|
|
}
|
|
|
|
var item = new WorkItem(team.Id, request.Title.Trim(), request.Description, request.Type, user.MemberId, clock.GetUtcNow());
|
|
db.WorkItems.Add(item);
|
|
await db.SaveChangesAsync(ct);
|
|
await audit.WriteAsync(new AuditEvent("task.created", "WorkItem", item.Id, user.MemberId, item.Title), ct);
|
|
return Results.Ok(ToResponse(item));
|
|
}
|
|
|
|
private static async Task<IResult> GetBoard(
|
|
Guid teamId, IPermissionService permissions, OrgBoardDbContext db, CancellationToken ct)
|
|
{
|
|
var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == teamId, ct);
|
|
if (team is null)
|
|
{
|
|
return Results.NotFound("Team not found.");
|
|
}
|
|
|
|
if (!permissions.Has(Capability.ViewBoard, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId)))
|
|
{
|
|
return Results.Forbid();
|
|
}
|
|
|
|
var items = await db.WorkItems.Where(w => w.TeamId == teamId).OrderBy(w => w.CreatedAtUtc).ToListAsync(ct);
|
|
var columns = Enum.GetValues<WorkItemStatus>()
|
|
.Select(status => new BoardColumn(
|
|
status.ToString(),
|
|
items.Where(i => i.Status == status).Select(ToResponse).ToList()))
|
|
.ToList();
|
|
|
|
return Results.Ok(new BoardResponse(teamId, columns));
|
|
}
|
|
|
|
private static async Task<IResult> MoveTask(
|
|
Guid id, MoveTaskRequest request, ICurrentUser user, IPermissionService permissions,
|
|
IAuditLog audit, Runtime.QaHandoffTrigger handoff, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct)
|
|
{
|
|
var (item, team, error) = await LoadItemWithTeam(db, id, ct);
|
|
if (error is not null)
|
|
{
|
|
return error;
|
|
}
|
|
|
|
if (!permissions.Has(Capability.WorkTasks, ScopeRef.Team(team!.Id), ScopeRef.Org(team.OrganizationId)))
|
|
{
|
|
return Results.Forbid();
|
|
}
|
|
|
|
var fromStatus = item!.Status;
|
|
item.MoveTo(request.Status, clock.GetUtcNow());
|
|
if (fromStatus != request.Status)
|
|
{
|
|
// The raw material for working-hours / cycle-time accountability metrics.
|
|
db.Transitions.Add(new WorkItemTransition(
|
|
item.Id, team.Id, fromStatus, request.Status, user.MemberId, clock.GetUtcNow()));
|
|
}
|
|
|
|
await db.SaveChangesAsync(ct);
|
|
await audit.WriteAsync(new AuditEvent("task.moved", "WorkItem", item.Id, user.MemberId, request.Status.ToString()), ct);
|
|
|
|
// The single V1 trigger: hitting done hands off to the team's QA AI seat.
|
|
if (request.Status == WorkItemStatus.Done)
|
|
{
|
|
await handoff.OnTaskDoneAsync(item, user.MemberId, ct);
|
|
}
|
|
|
|
return Results.Ok(ToResponse(item));
|
|
}
|
|
|
|
private static async Task<IResult> AssignTask(
|
|
Guid id, AssignTaskRequest request, ICurrentUser user, IPermissionService permissions,
|
|
IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct)
|
|
{
|
|
var (item, team, error) = await LoadItemWithTeam(db, id, ct);
|
|
if (error is not null)
|
|
{
|
|
return error;
|
|
}
|
|
|
|
if (!permissions.Has(Capability.WorkTasks, ScopeRef.Team(team!.Id), ScopeRef.Org(team.OrganizationId)))
|
|
{
|
|
return Results.Forbid();
|
|
}
|
|
|
|
item!.AssignToMember(request.MemberId, clock.GetUtcNow());
|
|
await db.SaveChangesAsync(ct);
|
|
await audit.WriteAsync(new AuditEvent("task.assigned", "WorkItem", item.Id, user.MemberId, request.MemberId.ToString()), ct);
|
|
return Results.Ok(ToResponse(item));
|
|
}
|
|
|
|
private static async Task<IResult> Cartable(ICurrentUser user, OrgBoardDbContext db, CancellationToken ct)
|
|
{
|
|
var memberId = user.MemberId;
|
|
var items = await db.WorkItems
|
|
.Where(w => w.AssigneeKind == AssigneeKind.Member && w.AssigneeId == memberId)
|
|
.OrderByDescending(w => w.UpdatedAtUtc)
|
|
.ToListAsync(ct);
|
|
|
|
return Results.Ok(items.Select(ToResponse).ToList());
|
|
}
|
|
|
|
private static async Task<(WorkItem? Item, Team? Team, IResult? Error)> LoadItemWithTeam(
|
|
OrgBoardDbContext db, Guid itemId, CancellationToken ct)
|
|
{
|
|
var item = await db.WorkItems.FirstOrDefaultAsync(w => w.Id == itemId, ct);
|
|
if (item is null)
|
|
{
|
|
return (null, null, Results.NotFound("Task not found."));
|
|
}
|
|
|
|
var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == item.TeamId, ct);
|
|
if (team is null)
|
|
{
|
|
return (null, null, Results.NotFound("Team not found."));
|
|
}
|
|
|
|
return (item, team, null);
|
|
}
|
|
|
|
private static SeatResponse ToSeat(Seat seat) =>
|
|
new(seat.Id, seat.TeamId, seat.RoleName, seat.State.ToString(), seat.MemberId, seat.AgentId);
|
|
|
|
private static AgentResponse ToAgent(Agent agent) => new(
|
|
agent.Id, agent.SeatId, agent.Name, agent.Monogram, agent.Autonomy.ToString(),
|
|
agent.ApiConfigId, agent.FallbackApiConfigId, agent.SkillKeys, agent.Docs);
|
|
|
|
private static async Task<IResult> CreateSeat(
|
|
CreateSeatRequest request, ICurrentUser user, IPermissionService permissions,
|
|
IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct)
|
|
{
|
|
var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == request.TeamId, ct);
|
|
if (team is null)
|
|
{
|
|
return Results.NotFound("Team not found.");
|
|
}
|
|
|
|
if (!permissions.Has(Capability.ConfigureAgents, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId)))
|
|
{
|
|
return Results.Forbid();
|
|
}
|
|
|
|
if (string.IsNullOrWhiteSpace(request.RoleName))
|
|
{
|
|
return Results.BadRequest("RoleName is required.");
|
|
}
|
|
|
|
var seat = new Seat(team.Id, request.RoleName.Trim(), SeatState.Open, clock.GetUtcNow());
|
|
db.Seats.Add(seat);
|
|
await db.SaveChangesAsync(ct);
|
|
await audit.WriteAsync(new AuditEvent("seat.created", "Seat", seat.Id, user.MemberId, request.RoleName), ct);
|
|
return Results.Ok(ToSeat(seat));
|
|
}
|
|
|
|
private static async Task<IResult> ListSeats(
|
|
Guid teamId, IPermissionService permissions, OrgBoardDbContext db, CancellationToken ct)
|
|
{
|
|
var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == teamId, ct);
|
|
if (team is null)
|
|
{
|
|
return Results.NotFound("Team not found.");
|
|
}
|
|
|
|
if (!permissions.Has(Capability.ViewBoard, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId)))
|
|
{
|
|
return Results.Forbid();
|
|
}
|
|
|
|
var seats = await db.Seats.Where(s => s.TeamId == teamId).OrderBy(s => s.CreatedAtUtc).ToListAsync(ct);
|
|
return Results.Ok(seats.Select(ToSeat).ToList());
|
|
}
|
|
|
|
private static async Task<IResult> ConfigureAgent(
|
|
Guid id, ConfigureAgentRequest request, ICurrentUser user, IPermissionService permissions,
|
|
IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct)
|
|
{
|
|
var seat = await db.Seats.FirstOrDefaultAsync(s => s.Id == id, ct);
|
|
if (seat is null)
|
|
{
|
|
return Results.NotFound("Seat not found.");
|
|
}
|
|
|
|
var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == seat.TeamId, ct);
|
|
if (team is null)
|
|
{
|
|
return Results.NotFound("Team not found.");
|
|
}
|
|
|
|
if (!permissions.Has(Capability.ConfigureAgents, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId)))
|
|
{
|
|
return Results.Forbid();
|
|
}
|
|
|
|
if (string.IsNullOrWhiteSpace(request.Name) || request.ApiConfigId == Guid.Empty)
|
|
{
|
|
return Results.BadRequest("Name and apiConfigId are required.");
|
|
}
|
|
|
|
var now = clock.GetUtcNow();
|
|
var agent = await db.Agents.FirstOrDefaultAsync(a => a.SeatId == seat.Id, ct);
|
|
var isNew = agent is null;
|
|
agent ??= new Agent(seat.Id, now);
|
|
agent.Configure(
|
|
request.Name.Trim(), request.Monogram, request.Autonomy, request.ApiConfigId,
|
|
request.FallbackApiConfigId, request.SkillKeys ?? [], request.Docs ?? [], now);
|
|
|
|
if (isNew)
|
|
{
|
|
db.Agents.Add(agent);
|
|
}
|
|
|
|
seat.AssignAgent(agent.Id);
|
|
await db.SaveChangesAsync(ct);
|
|
await audit.WriteAsync(new AuditEvent("agent.configured", "Agent", agent.Id, user.MemberId, agent.Name), ct);
|
|
return Results.Ok(ToAgent(agent));
|
|
}
|
|
|
|
private static async Task<IResult> GetAgent(
|
|
Guid id, IPermissionService permissions, OrgBoardDbContext db, CancellationToken ct)
|
|
{
|
|
var seat = await db.Seats.FirstOrDefaultAsync(s => s.Id == id, ct);
|
|
if (seat is null)
|
|
{
|
|
return Results.NotFound("Seat not found.");
|
|
}
|
|
|
|
var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == seat.TeamId, ct);
|
|
if (team is null)
|
|
{
|
|
return Results.NotFound("Team not found.");
|
|
}
|
|
|
|
if (!permissions.Has(Capability.ViewBoard, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId)))
|
|
{
|
|
return Results.Forbid();
|
|
}
|
|
|
|
var agent = await db.Agents.FirstOrDefaultAsync(a => a.SeatId == seat.Id, ct);
|
|
return agent is null
|
|
? Results.NotFound("Seat has no agent configured.")
|
|
: Results.Ok(ToAgent(agent));
|
|
}
|
|
}
|