feat(admin): inquiry inbox, send log, email-template overrides, reports dashboard, recommender keys, role-editor coverage; replace placeholder pages
Closes the bulk of audit-pass-#1 admin gaps in one batch.
New admin pages:
- /admin/inquiries reads website_submissions with filter chips for
berth/residence/contact + payload viewer per row.
- /admin/sends reads document_sends with sent/failed filter chips and
expandable body markdown; failures surface errorReason and any
fallback-to-link reason from the SMTP retry.
- /admin/email-templates lets per-port admins override the subject of
each transactional template (8 templates catalogued in
template-catalog.ts). Body editing is a follow-on; portal_activation
+ portal_reset are wired to honor the override via loadSubjectOverride.
- /admin/reports replaces the "Coming in Layer 3" placeholder with a
KPI dashboard: 4 KPI tiles, pipeline funnel bars, berth occupancy
donut-bars, conversion %, refresh every 60s.
- backup/import/onboarding admin pages replace placeholders with
actionable guidance: backup posture + planned features, available CLI
imports + planned UI, ordered onboarding checklist linking to admin
pages.
Existing pages widened:
- settings-manager exposes the 9 berth-recommender tunables that were
previously code-only (recommender_*, heat_weight_*, fallthrough_*,
tier_ladder_hide_late_stage).
- role-form covers all 19 RolePermissions schema groups; previously
missing yachts/companies/memberships/reservations + missing
documents.edit + files.edit checkboxes. snake_case residential
labels replaced with friendly text.
portal-auth.service.ts now also writes audit_log rows for portal
invite, resend, activate, password-reset request, and reset (closes one
more audit-pass-#2 gap while we were touching the file).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 14:58:17 +02:00
|
|
|
/**
|
|
|
|
|
* Catalog of transactional email templates that admins can customize from
|
|
|
|
|
* /admin/email-templates. v1 supports subject-line overrides only; body
|
|
|
|
|
* overrides (HTML / merge-token authoring) are a follow-on iteration.
|
|
|
|
|
*
|
|
|
|
|
* To add a template here:
|
|
|
|
|
* 1. Pick a stable `key` and add it to TEMPLATE_KEYS (used for the
|
|
|
|
|
* `system_settings` row name).
|
|
|
|
|
* 2. List the merge tokens that the template renders so the admin
|
|
|
|
|
* knows what placeholders are valid in any future override.
|
|
|
|
|
* 3. Provide a `defaultSubject` string identical to what the code
|
|
|
|
|
* template emits when no override is set. Subject comparisons in
|
|
|
|
|
* the admin UI rely on this.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
export const TEMPLATE_KEYS = [
|
|
|
|
|
'portal_activation',
|
|
|
|
|
'portal_reset',
|
|
|
|
|
'portal_invite_resend',
|
|
|
|
|
'crm_invite',
|
|
|
|
|
'inquiry_client_confirmation',
|
|
|
|
|
'inquiry_sales_notification',
|
|
|
|
|
'residential_inquiry_client_confirmation',
|
|
|
|
|
'residential_inquiry_sales_alert',
|
fix(audit): comprehensive 2026-05-15 audit fix wave + Documenso v2 polish
Bundles the prior session's 50-task fix sweep (Documenso v2 + EOI/signing-
progress redesign + env-to-admin migration + dev-mode banner) with the
2026-05-18 audit fix wave (3 CRITICAL, 14 HIGH, 28 MEDIUM, 6 LOW).
CRITICAL (3):
- C-01 interest-berths INNER JOIN -> LEFT JOIN so hard-deleted berths
no longer silently drop interest links
- C-02 /setup added to PUBLIC_PATHS; fresh-deploy bootstrap loop fixed
- C-03 generic PATCH /interests/[id] no longer accepts pipelineStage —
callers must go through /stage with the override-guard chain
HIGH (14/15):
- H-01 explicit ON DELETE on previously-implicit NO ACTION FKs across
interests/documents/reservations/reminders/invoices (migration 0070)
- H-02 login page reads ?redirect= param with same-origin guard
- H-03 CRM invite token moves to URL fragment so it never lands in
nginx access logs / Referer headers
- H-04 Retry-After header on sign-in-by-identifier 429 (RFC 6585 §4)
- H-05 toggleAccount writes an audit row
- H-06 upsertSetting masks any value whose key ends with _encrypted
- H-07 archiveClient cascade fires per-interest audit rows
- H-08 createSalesTransporter applies SMTP_TIMEOUTS
- H-09 AppShell stable children — viewport flip across breakpoint no
longer destroys in-progress form drafts
- H-10 portal documents page swaps Unicode glyph status icons for
Lucide CheckCircle2/XCircle/Circle + aria-labels
- H-12 list components swap alert(...) for toast.warning(...)
- H-13 5 icon-only buttons gain aria-label
- H-14 parseBody treats empty bodies as {}
- H-15 admin layout renders a 403 panel instead of silent bounce
- H-11 not applicable — mobile-search-overlay IS a mobile bottom-sheet
MEDIUM (28+):
- M-MT01-05 defense-in-depth port_id/parent-id filters on UPDATE/DELETE
WHEREs across custom-fields, notes (all 6 entity types x update +
delete), client-contacts, yacht ownerClient lookup, webhook reads
- M-D01 documents-hub realtime event-name typo (file:created -> uploaded)
- M-EM01 portal-auth emails thread through portId
- M-EM02 sendEmail accepts cc/bcc params
- M-EM04 notification_digest catalog key
- M-IN01 portal presigned download URLs use 4h TTL
- M-IN02 OpenAI client lazy-instantiated
- M-IN04 stale pdfme refs updated to pdf-lib AcroForm
- M-IN05 umami.testConnection returns tagged union
- M-L01 reservations tenure_type unified with berths
- M-L02 report-generators canonicalize stage values
- M-AU01 audit log placeholder copy fixed
- M-AU04 outcome_set / outcome_cleared distinct audit verbs
- M-NEW-2 activity feed entity name+type separator
- M-R01 portal allowlist narrowed + portal_session backstop in proxy
- M-SC02 companies archived partial index
- M-SC04 audit_logs.searchText documented as DB-managed
- M-S01 storage_s3_access_key_encrypted admin field
- M-U01 audit log empty state uses <EmptyState>
- M-U09 invoice delete dialog -> <AlertDialog>
- M-U10 toast.success on ClientForm + InterestForm create/edit
- M-U11 settings-form-card logo preview alt text
- M-U14 mobile topbar title on clients/yachts/interests/berths
- M-U15 Invoices in mobile More-sheet
LOW (6/8):
- L-AU01 severity defaults for security-relevant verbs
- L-AU02 +13 missing actions in admin audit filter
- L-AU03 +7 missing entity types in admin audit filter
- L-AU04 dead listAuditLogs stubbed
- L-D02 CLAUDE.md Owner-wins chain tightened
Bonus — Document detail polish (#67 partial, 3/6 deliverables):
- state-aware action button per signer
- watcher Add UI with display-name resolution
- cleanSignerName cleanup
Prior session work bundled in:
- Documenso v2 webhook + envelope-ID normalization + sequential signing
- SigningProgress UI redesign (avatars, per-signer state, timestamps)
- env->admin settings registry + RegistryDrivenForm + encrypted creds
- Embedded-signing card + Test connection + setup help
- Dev-mode EMAIL_REDIRECT_TO banner
- Pipeline rules admin page
- Sales email config card
- Audit log details Sheet
- EOI tab: Finalising badge, absolute timestamps, sequential indicator
- Notes pipeline_stage_at_creation (migration 0069)
- Documenso numeric ID dual-key webhook (migration 0068)
- Dimensions criterion copy (migration 0067)
Tests: 1374/1374 vitest pass. tsc clean. lint clean.
See docs/AUDIT-FIX-WAVE-2026-05-18.md for the full progress report and
the user-input items still pending.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 13:28:50 +02:00
|
|
|
// M-EM04: daily notification digest. The digest service previously
|
|
|
|
|
// resolved its subject via `'crm_invite' as any` because no entry
|
|
|
|
|
// existed; making it a first-class key removes the cast and lets
|
|
|
|
|
// admins override the subject from /admin/email like every other
|
|
|
|
|
// template.
|
|
|
|
|
'notification_digest',
|
feat(admin): inquiry inbox, send log, email-template overrides, reports dashboard, recommender keys, role-editor coverage; replace placeholder pages
Closes the bulk of audit-pass-#1 admin gaps in one batch.
New admin pages:
- /admin/inquiries reads website_submissions with filter chips for
berth/residence/contact + payload viewer per row.
- /admin/sends reads document_sends with sent/failed filter chips and
expandable body markdown; failures surface errorReason and any
fallback-to-link reason from the SMTP retry.
- /admin/email-templates lets per-port admins override the subject of
each transactional template (8 templates catalogued in
template-catalog.ts). Body editing is a follow-on; portal_activation
+ portal_reset are wired to honor the override via loadSubjectOverride.
- /admin/reports replaces the "Coming in Layer 3" placeholder with a
KPI dashboard: 4 KPI tiles, pipeline funnel bars, berth occupancy
donut-bars, conversion %, refresh every 60s.
- backup/import/onboarding admin pages replace placeholders with
actionable guidance: backup posture + planned features, available CLI
imports + planned UI, ordered onboarding checklist linking to admin
pages.
Existing pages widened:
- settings-manager exposes the 9 berth-recommender tunables that were
previously code-only (recommender_*, heat_weight_*, fallthrough_*,
tier_ladder_hide_late_stage).
- role-form covers all 19 RolePermissions schema groups; previously
missing yachts/companies/memberships/reservations + missing
documents.edit + files.edit checkboxes. snake_case residential
labels replaced with friendly text.
portal-auth.service.ts now also writes audit_log rows for portal
invite, resend, activate, password-reset request, and reset (closes one
more audit-pass-#2 gap while we were touching the file).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 14:58:17 +02:00
|
|
|
] as const;
|
|
|
|
|
|
|
|
|
|
export type TemplateKey = (typeof TEMPLATE_KEYS)[number];
|
|
|
|
|
|
|
|
|
|
export interface TemplateMetadata {
|
|
|
|
|
key: TemplateKey;
|
|
|
|
|
label: string;
|
|
|
|
|
description: string;
|
|
|
|
|
/** Token names available inside the subject (and future body) overrides. */
|
|
|
|
|
mergeTokens: string[];
|
|
|
|
|
/** The literal subject the code template uses when no override is set. */
|
|
|
|
|
defaultSubject: string;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export const TEMPLATE_CATALOG: Record<TemplateKey, TemplateMetadata> = {
|
|
|
|
|
portal_activation: {
|
|
|
|
|
key: 'portal_activation',
|
|
|
|
|
label: 'Portal — activation invite',
|
|
|
|
|
description:
|
|
|
|
|
'Sent to a client when an admin invites them to activate their portal account. Contains the activation link.',
|
|
|
|
|
mergeTokens: ['portName', 'recipientName', 'ttlHours'],
|
|
|
|
|
defaultSubject: 'Activate your {{portName}} client portal account',
|
|
|
|
|
},
|
|
|
|
|
portal_reset: {
|
|
|
|
|
key: 'portal_reset',
|
|
|
|
|
label: 'Portal — password reset',
|
|
|
|
|
description:
|
|
|
|
|
'Sent when a portal user requests a password reset. Contains the reset link with a short TTL.',
|
|
|
|
|
mergeTokens: ['portName', 'recipientName', 'ttlMinutes'],
|
|
|
|
|
defaultSubject: 'Reset your {{portName}} client portal password',
|
|
|
|
|
},
|
|
|
|
|
portal_invite_resend: {
|
|
|
|
|
key: 'portal_invite_resend',
|
|
|
|
|
label: 'Portal — invite resend',
|
|
|
|
|
description: 'Re-sent activation email when an admin resends a pending portal invite.',
|
|
|
|
|
mergeTokens: ['portName', 'recipientName', 'ttlHours'],
|
|
|
|
|
defaultSubject: 'Activate your {{portName}} client portal account',
|
|
|
|
|
},
|
|
|
|
|
crm_invite: {
|
|
|
|
|
key: 'crm_invite',
|
|
|
|
|
label: 'CRM — staff invite',
|
|
|
|
|
description: 'Sent to a new staff user when an admin invites them to the CRM.',
|
|
|
|
|
mergeTokens: ['portName', 'recipientName', 'ttlHours'],
|
|
|
|
|
defaultSubject: 'You have been invited to {{portName}} CRM',
|
|
|
|
|
},
|
|
|
|
|
inquiry_client_confirmation: {
|
|
|
|
|
key: 'inquiry_client_confirmation',
|
|
|
|
|
label: 'Inquiry — client confirmation',
|
|
|
|
|
description: 'Auto-reply confirmation sent to the client after a website berth inquiry.',
|
|
|
|
|
mergeTokens: ['portName', 'recipientName', 'mooringNumber'],
|
|
|
|
|
defaultSubject: 'We received your inquiry — {{portName}}',
|
|
|
|
|
},
|
|
|
|
|
inquiry_sales_notification: {
|
|
|
|
|
key: 'inquiry_sales_notification',
|
|
|
|
|
label: 'Inquiry — sales notification',
|
|
|
|
|
description: 'Internal alert sent to the sales team when a new website inquiry arrives.',
|
|
|
|
|
mergeTokens: ['portName', 'clientName', 'mooringNumber', 'email'],
|
|
|
|
|
defaultSubject: 'New berth inquiry — {{clientName}}',
|
|
|
|
|
},
|
|
|
|
|
residential_inquiry_client_confirmation: {
|
|
|
|
|
key: 'residential_inquiry_client_confirmation',
|
|
|
|
|
label: 'Residential inquiry — client confirmation',
|
|
|
|
|
description: 'Auto-reply sent to the client after a residential property inquiry.',
|
|
|
|
|
mergeTokens: ['portName', 'recipientName'],
|
|
|
|
|
defaultSubject: 'We received your residential inquiry — {{portName}}',
|
|
|
|
|
},
|
|
|
|
|
residential_inquiry_sales_alert: {
|
|
|
|
|
key: 'residential_inquiry_sales_alert',
|
|
|
|
|
label: 'Residential inquiry — sales alert',
|
|
|
|
|
description: 'Internal alert sent to residential sales recipients when an inquiry arrives.',
|
|
|
|
|
mergeTokens: ['portName', 'clientName', 'email', 'phone'],
|
|
|
|
|
defaultSubject: 'New residential inquiry — {{clientName}}',
|
|
|
|
|
},
|
fix(audit): comprehensive 2026-05-15 audit fix wave + Documenso v2 polish
Bundles the prior session's 50-task fix sweep (Documenso v2 + EOI/signing-
progress redesign + env-to-admin migration + dev-mode banner) with the
2026-05-18 audit fix wave (3 CRITICAL, 14 HIGH, 28 MEDIUM, 6 LOW).
CRITICAL (3):
- C-01 interest-berths INNER JOIN -> LEFT JOIN so hard-deleted berths
no longer silently drop interest links
- C-02 /setup added to PUBLIC_PATHS; fresh-deploy bootstrap loop fixed
- C-03 generic PATCH /interests/[id] no longer accepts pipelineStage —
callers must go through /stage with the override-guard chain
HIGH (14/15):
- H-01 explicit ON DELETE on previously-implicit NO ACTION FKs across
interests/documents/reservations/reminders/invoices (migration 0070)
- H-02 login page reads ?redirect= param with same-origin guard
- H-03 CRM invite token moves to URL fragment so it never lands in
nginx access logs / Referer headers
- H-04 Retry-After header on sign-in-by-identifier 429 (RFC 6585 §4)
- H-05 toggleAccount writes an audit row
- H-06 upsertSetting masks any value whose key ends with _encrypted
- H-07 archiveClient cascade fires per-interest audit rows
- H-08 createSalesTransporter applies SMTP_TIMEOUTS
- H-09 AppShell stable children — viewport flip across breakpoint no
longer destroys in-progress form drafts
- H-10 portal documents page swaps Unicode glyph status icons for
Lucide CheckCircle2/XCircle/Circle + aria-labels
- H-12 list components swap alert(...) for toast.warning(...)
- H-13 5 icon-only buttons gain aria-label
- H-14 parseBody treats empty bodies as {}
- H-15 admin layout renders a 403 panel instead of silent bounce
- H-11 not applicable — mobile-search-overlay IS a mobile bottom-sheet
MEDIUM (28+):
- M-MT01-05 defense-in-depth port_id/parent-id filters on UPDATE/DELETE
WHEREs across custom-fields, notes (all 6 entity types x update +
delete), client-contacts, yacht ownerClient lookup, webhook reads
- M-D01 documents-hub realtime event-name typo (file:created -> uploaded)
- M-EM01 portal-auth emails thread through portId
- M-EM02 sendEmail accepts cc/bcc params
- M-EM04 notification_digest catalog key
- M-IN01 portal presigned download URLs use 4h TTL
- M-IN02 OpenAI client lazy-instantiated
- M-IN04 stale pdfme refs updated to pdf-lib AcroForm
- M-IN05 umami.testConnection returns tagged union
- M-L01 reservations tenure_type unified with berths
- M-L02 report-generators canonicalize stage values
- M-AU01 audit log placeholder copy fixed
- M-AU04 outcome_set / outcome_cleared distinct audit verbs
- M-NEW-2 activity feed entity name+type separator
- M-R01 portal allowlist narrowed + portal_session backstop in proxy
- M-SC02 companies archived partial index
- M-SC04 audit_logs.searchText documented as DB-managed
- M-S01 storage_s3_access_key_encrypted admin field
- M-U01 audit log empty state uses <EmptyState>
- M-U09 invoice delete dialog -> <AlertDialog>
- M-U10 toast.success on ClientForm + InterestForm create/edit
- M-U11 settings-form-card logo preview alt text
- M-U14 mobile topbar title on clients/yachts/interests/berths
- M-U15 Invoices in mobile More-sheet
LOW (6/8):
- L-AU01 severity defaults for security-relevant verbs
- L-AU02 +13 missing actions in admin audit filter
- L-AU03 +7 missing entity types in admin audit filter
- L-AU04 dead listAuditLogs stubbed
- L-D02 CLAUDE.md Owner-wins chain tightened
Bonus — Document detail polish (#67 partial, 3/6 deliverables):
- state-aware action button per signer
- watcher Add UI with display-name resolution
- cleanSignerName cleanup
Prior session work bundled in:
- Documenso v2 webhook + envelope-ID normalization + sequential signing
- SigningProgress UI redesign (avatars, per-signer state, timestamps)
- env->admin settings registry + RegistryDrivenForm + encrypted creds
- Embedded-signing card + Test connection + setup help
- Dev-mode EMAIL_REDIRECT_TO banner
- Pipeline rules admin page
- Sales email config card
- Audit log details Sheet
- EOI tab: Finalising badge, absolute timestamps, sequential indicator
- Notes pipeline_stage_at_creation (migration 0069)
- Documenso numeric ID dual-key webhook (migration 0068)
- Dimensions criterion copy (migration 0067)
Tests: 1374/1374 vitest pass. tsc clean. lint clean.
See docs/AUDIT-FIX-WAVE-2026-05-18.md for the full progress report and
the user-input items still pending.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 13:28:50 +02:00
|
|
|
notification_digest: {
|
|
|
|
|
key: 'notification_digest',
|
|
|
|
|
label: 'Notification digest',
|
|
|
|
|
description:
|
|
|
|
|
"Daily roll-up of a rep's pending notifications. Fires from the digest worker; respects per-user opt-out.",
|
|
|
|
|
mergeTokens: ['portName', 'recipientName', 'unreadCount'],
|
|
|
|
|
defaultSubject: 'Your {{portName}} CRM digest — {{unreadCount}} updates',
|
|
|
|
|
},
|
feat(admin): inquiry inbox, send log, email-template overrides, reports dashboard, recommender keys, role-editor coverage; replace placeholder pages
Closes the bulk of audit-pass-#1 admin gaps in one batch.
New admin pages:
- /admin/inquiries reads website_submissions with filter chips for
berth/residence/contact + payload viewer per row.
- /admin/sends reads document_sends with sent/failed filter chips and
expandable body markdown; failures surface errorReason and any
fallback-to-link reason from the SMTP retry.
- /admin/email-templates lets per-port admins override the subject of
each transactional template (8 templates catalogued in
template-catalog.ts). Body editing is a follow-on; portal_activation
+ portal_reset are wired to honor the override via loadSubjectOverride.
- /admin/reports replaces the "Coming in Layer 3" placeholder with a
KPI dashboard: 4 KPI tiles, pipeline funnel bars, berth occupancy
donut-bars, conversion %, refresh every 60s.
- backup/import/onboarding admin pages replace placeholders with
actionable guidance: backup posture + planned features, available CLI
imports + planned UI, ordered onboarding checklist linking to admin
pages.
Existing pages widened:
- settings-manager exposes the 9 berth-recommender tunables that were
previously code-only (recommender_*, heat_weight_*, fallthrough_*,
tier_ladder_hide_late_stage).
- role-form covers all 19 RolePermissions schema groups; previously
missing yachts/companies/memberships/reservations + missing
documents.edit + files.edit checkboxes. snake_case residential
labels replaced with friendly text.
portal-auth.service.ts now also writes audit_log rows for portal
invite, resend, activate, password-reset request, and reset (closes one
more audit-pass-#2 gap while we were touching the file).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 14:58:17 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/** system_settings key for a template's subject override. */
|
|
|
|
|
export function settingKeyForSubject(key: TemplateKey): string {
|
|
|
|
|
return `email_template_${key}_subject`;
|
|
|
|
|
}
|