feat(admin): inquiry inbox, send log, email-template overrides, reports dashboard, recommender keys, role-editor coverage; replace placeholder pages

Closes the bulk of audit-pass-#1 admin gaps in one batch. New admin pages: - /admin/inquiries reads website_submissions with filter chips for berth/residence/contact + payload viewer per row. - /admin/sends reads document_sends with sent/failed filter chips and expandable body markdown; failures surface errorReason and any fallback-to-link reason from the SMTP retry. - /admin/email-templates lets per-port admins override the subject of each transactional template (8 templates catalogued in template-catalog.ts). Body editing is a follow-on; portal_activation + portal_reset are wired to honor the override via loadSubjectOverride. - /admin/reports replaces the "Coming in Layer 3" placeholder with a KPI dashboard: 4 KPI tiles, pipeline funnel bars, berth occupancy donut-bars, conversion %, refresh every 60s. - backup/import/onboarding admin pages replace placeholders with actionable guidance: backup posture + planned features, available CLI imports + planned UI, ordered onboarding checklist linking to admin pages. Existing pages widened: - settings-manager exposes the 9 berth-recommender tunables that were previously code-only (recommender_*, heat_weight_*, fallthrough_*, tier_ladder_hide_late_stage). - role-form covers all 19 RolePermissions schema groups; previously missing yachts/companies/memberships/reservations + missing documents.edit + files.edit checkboxes. snake_case residential labels replaced with friendly text. portal-auth.service.ts now also writes audit_log rows for portal invite, resend, activate, password-reset request, and reset (closes one more audit-pass-#2 gap while we were touching the file). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 14:58:17 +02:00
parent 8cdee99310
commit c90876abad
22 changed files with 1703 additions and 54 deletions
--- a/src/app/(dashboard)/[portSlug]/admin/backup/page.tsx
+++ b/src/app/(dashboard)/[portSlug]/admin/backup/page.tsx
@@ -1,14 +1,64 @@
 import { PageHeader } from '@/components/shared/page-header';
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card';

 export default function BackupManagementPage() {
  return (
-    <div className="space-y-6">
-      <PageHeader title="Backup Management" description="Manage system backups and restoration" />
-      <div className="flex flex-col items-center justify-center rounded-lg border border-dashed p-12">
-        <p className="text-lg font-medium text-muted-foreground">Coming in Layer 4</p>
-        <p className="text-sm text-muted-foreground">
-          This feature will be implemented in the next phase.
-        </p>
+    <div>
+      <PageHeader
+        title="Backup &amp; Restore"
+        description="How backups are taken today and what an in-app backup admin will look like."
+      />
+
+      <div className="grid gap-4 mt-6 lg:grid-cols-2">
+        <Card>
+          <CardHeader>
+            <CardTitle>Current backup posture</CardTitle>
+            <CardDescription>
+              Database snapshots run outside the app — there is no in-app trigger yet.
+            </CardDescription>
+          </CardHeader>
+          <CardContent className="space-y-3 text-sm">
+            <p>
+              <strong>PostgreSQL:</strong> snapshotted by the platform&rsquo;s nightly{' '}
+              <code>pg_dump</code> job. Retention is set at the infrastructure layer (see{' '}
+              <code>docs/operations/</code> if a runbook exists). Restores are manual.
+            </p>
+            <p>
+              <strong>Object storage:</strong> when{' '}
+              <code>system_settings.storage_backend = &lsquo;s3&rsquo;</code>, the bucket is
+              versioned by the provider. When the filesystem backend is in use, the host&rsquo;s
+              snapshot policy is the only safety net — switch to s3 before relying on point-in-time
+              recovery.
+            </p>
+            <p>
+              <strong>Redis / queue state:</strong> ephemeral. Failed jobs sit on the{' '}
+              <code>removeOnFail</code> retention window (7 days) and then disappear. Anything
+              durable belongs in PostgreSQL.
+            </p>
+          </CardContent>
+        </Card>
+
+        <Card>
+          <CardHeader>
+            <CardTitle>What this page will become</CardTitle>
+            <CardDescription>Planned admin surface, prioritised in upcoming work.</CardDescription>
+          </CardHeader>
+          <CardContent className="space-y-2 text-sm">
+            <ul className="list-disc pl-5 space-y-1">
+              <li>List recent snapshot files with timestamp, size, and origin (cron vs manual).</li>
+              <li>&ldquo;Take backup now&rdquo; button that enqueues a maintenance job.</li>
+              <li>
+                Per-port logical export (&ldquo;give me everything for port-nimara&rdquo;) for
+                compliance.
+              </li>
+              <li>Restore preview that shows row-counts that would change before commit.</li>
+              <li>GDPR per-client export bundled here.</li>
+            </ul>
+            <p className="text-xs text-muted-foreground pt-2">
+              Until this lands, treat ops/devops as the source of truth for backup state.
+            </p>
+          </CardContent>
+        </Card>
      </div>
    </div>
  );