pguerrerox/leads4less
Public Access
1
0
Fork 0
Code Actions Wiki Activity

feat: complete admin phase C and add safe mutation pilot

Browse Source
This commit is contained in:
pguerrerox
2026-05-28 12:46:06 +00:00
parent c58945353d
commit ce49497a6a
17 changed files with 1568 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
TODO-pricing.md
+62 -4
View File
@@ -97,11 +97,29 @@
- [x] Phase B (Admin Access Management): Add admin UI for managing app-admin identities with status visibility (active/disabled).
- [x] Phase B (Admin Access Management): Prevent accidental lockout with guardrails (e.g., disallow disabling the last active admin).
- [x] Phase B (Admin Access Management): Add explicit audit entries for admin identity mutations.
- [ ] Phase C (Audit & Support Operations): Add admin audit log page/table with filters (actor, action, workspace, date window).
- [ ] Phase C (Audit & Support Operations): Expose bootstrap/security posture checks in admin UI (bootstrap enabled state, fallback allowlist usage warnings).
- [ ] Phase C (Audit & Support Operations): Add support-oriented diagnostics widgets (recent webhook issues, billing sync errors, timeline anomalies).
- [x] Phase C execution split (implementation sequencing)
- [x] Sub-step 1 (Backend foundations): ship admin audit list API + security posture API + diagnostics aggregate API, plus shared types/client contracts.
- [x] Sub-step 2 (Admin Console UI): add audit explorer table/filters, security posture card, and diagnostics widgets with drill-down links.
- [x] Sub-step 3 (Hardening & operations): normalize audit action taxonomy, tune indexes/query performance, and finalize runbook/alerts for repeated failures.
- [x] Phase C (Audit & Support Operations): Add admin audit log page/table with filters (actor, action, workspace, date window).
- [x] Add backend admin audit-list endpoint with filters for actor email, action, workspace ID, date range, and pagination.
- [x] Review audit-log query performance and indexes to ensure efficient filtering and default sorting by `occurred_at DESC`.
- [x] Implement admin audit table UI with filter controls plus clear loading, empty, and error states.
- [x] Normalize admin audit action taxonomy so admin-route events use consistent action names.
- [x] Phase C (Audit & Support Operations): Expose bootstrap/security posture checks in admin UI (bootstrap enabled state, fallback allowlist usage warnings).
- [x] Add backend admin security-posture endpoint returning `bootstrapRequired`, `bootstrapEnabled`, and fallback allowlist usage status.
- [x] Add warning semantics when deprecated `BILLING_ADMIN_EMAILS` fallback is active.
- [x] Add admin UI security-posture card with explicit remediation guidance for risky states.
- [x] Document post-bootstrap hardening checklist: disable bootstrap, rotate bootstrap token, and verify at least two active admins.
- [x] Phase C (Audit & Support Operations): Add support-oriented diagnostics widgets (recent webhook issues, billing sync errors, timeline anomalies).
- [x] Add backend diagnostics endpoint aggregating recent failed webhook events, stale billing-sync accounts, and recent timeline-anomaly counts.
- [x] Define timeline-anomaly heuristics (for example: repeated `payment_failed`, pending plan effective date in the past, and stale sync threshold breaches).
- [x] Add admin diagnostics widgets with counts and drill-down links to existing workspace detail views.
- [x] Define alerting and runbook follow-up tasks for repeated failures surfaced by diagnostics.
- [ ] Phase D (Safe Mutations, later): Keep initial admin console read-only for billing data; defer write/mutation actions until policies and runbooks are defined.
- [x] Pilot: add constrained `billing resync` admin mutation with non-destructive intent and explicit operator guidance.
- [ ] Phase D (Safe Mutations, later): For future write actions, require explicit confirmations, actor attribution, and rollback guidance.
- [x] Pilot guardrails in place: required reason, typed confirmation (`RESYNC`), optional `ticketRef`, and admin audit attribution.
## 13) [DEFER] Operational Enforcement Follow-Up
- [ ] Add queue prioritization by plan tier.
@@ -134,9 +152,49 @@
- [ ] Phase 7: harden post-payments lifecycle handling, wire real billing CTAs, and add pragmatic admin billing visibility before broader commercialization work.
- [ ] Phase 7a: ship dedicated read-only admin console and migrate existing admin billing tools out of the account page.
- [ ] Phase 7b: ship app-admin identity management APIs/UI with last-admin lockout protection and audit logging.
- [ ] Phase 7c: ship admin audit explorer and support diagnostics views.
- [x] Phase 7c: ship admin audit explorer and support diagnostics views (Phase C from section 12).
- [ ] Phase 7d: evaluate controlled admin write-actions only after policy/runbook readiness.
- [ ] Phase 7e: MinIO/object-storage foundation + dataset registry schema.
- [ ] Phase 7f: postal ingestion worker pipeline + admin APIs.
- [ ] Phase 7g: admin console postal dataset operations and activation workflow.
- [ ] Phase 8: expand analytics, ops, and revenue instrumentation around the live billing and upgrade flows.
- [ ] Phase 9: launch collaboration, API, enrichment, and enterprise features as architecture matures.
- [ ] Phase 10: complete deferred operational enforcement work such as queue prioritization, throttling, and backend export enforcement when runtime scale justifies it.
- [ ] Phase 11: decide and implement founder/LTD strategy only after the app/site, billing lifecycle, admin/support visibility, analytics, and broader product maturity work are in place.
## 16) Multi-Country Postal Dataset Onboarding (MinIO-backed)
- Architecture decision
- [ ] Standardize on self-hosted MinIO (S3-compatible) for postal dataset storage and processing.
- [ ] Retire host-mounted files and manual CLI-only import as primary onboarding paths.
- Infrastructure/bootstrap
- [ ] Add MinIO service to Docker deployment with persistent volume and health checks.
- [ ] Define credential bootstrap/rotation expectations and automated bucket creation for postal datasets.
- [ ] Document backup/restore expectations (RPO/RTO target, snapshot cadence, and restore verification).
- Config/env
- [ ] Add and document `S3_ENDPOINT`, `S3_REGION`, `S3_ACCESS_KEY_ID`, `S3_SECRET_ACCESS_KEY`, `S3_FORCE_PATH_STYLE`, and `S3_BUCKET_POSTAL_DATASETS`.
- [ ] Wire S3-compatible config into both API and worker runtime boot paths.
- Data model
- [ ] Add `postal_datasets` schema for object metadata, versioning, and activation status lifecycle.
- [ ] Add `postal_dataset_runs` schema for run tracking, timing, actor/source metadata, and run types.
- [ ] Add `postal_country_support` schema/state fields for per-country readiness, coverage, and active dataset linkage.
- [ ] Define lifecycle states and transitions (draft, uploaded, validated, processing, ready, active, failed, archived) and enforce transition guards.
- API/admin flows
- [ ] Add admin-authenticated dataset register + upload URL flow for object ingest.
- [ ] Add validate/process/activate endpoints and dataset run history/read APIs.
- [ ] Require admin authorization and audit logging for all mutating dataset actions.
- Worker pipeline
- [ ] Implement queued jobs: `postal.validate`, `postal.import`, `postal.neighbors`, `postal.check`, `postal.activate`.
- [ ] Enforce idempotency keys and per-country mutex/locking to prevent conflicting runs.
- [ ] Track progress checkpoints and standard retry/backoff policy with terminal failure states.
- Country adapters
- [ ] Implement pluggable country-specific validation/normalization profiles.
- [ ] Enforce country geometry/topology constraints (bounds, shapes, adjacency expectations) during validation.
- Safety/operability
- [ ] Keep activation behind an explicit admin gate after successful checks.
- [ ] Preserve previous active dataset for rollback and support fast re-activation.
- [ ] Add alerts and runbook steps for failed, stalled, or long-running jobs.
- UX/admin console
- [ ] Add postal dataset list with status, country, version, and activation markers.
- [ ] Add run logs/error visibility and filtered run history in admin console.
- [ ] Add activation controls with confirmation guardrails and rollback visibility.
- [ ] Add per-country readiness visibility so operators can see launch coverage at a glance.