collavre 0.3.2 → 0.5.0

data/app/assets/stylesheets/collavre/mention_menu.css

@@ -1,10 +1,10 @@
 
 .common-popup {
   position: absolute;
-  z-index: 1200;
-  background: var(--color-section-bg);
-  border: 1px solid var(--color-border);
-  box-shadow: 0 2px 8px rgba(0,0,0,0.15);
+  z-index: var(--layer-modal);
+  background: var(--surface-section);
+  border: 1px solid var(--border-color);
+  box-shadow: var(--shadow-2);
   border-radius: 6px;
   padding: 0.35em;
   max-width: min(420px, 90vw);
@@ -18,6 +18,10 @@
   overflow-y: auto;
 }
 
+.common-popup-list li {
+  list-style: none;
+}
+
 .mention-popup ul,
 .common-popup ul {
   list-style: none;
@@ -34,7 +38,7 @@
 .mention-item.active,
 .common-popup-item:hover,
 .common-popup-item.active {
-  background: var(--color-drag-over);
+  background: var(--border-drag-over);
 }
 
 .common-popup-item {
@@ -49,21 +53,21 @@
 }
 
 .command-label {
-  font-weight: 600;
+  font-weight: var(--weight-6);
 }
 
 .command-args {
   font-size: 0.85em;
-  color: var(--color-text-muted);
+  color: var(--text-muted);
 }
 
 .command-aliases {
   font-size: 0.85em;
-  color: var(--color-text-muted);
+  color: var(--text-muted);
 }
 
 .command-description {
   margin-top: 0.2em;
   font-size: 0.85em;
-  color: var(--color-text-muted);
+  color: var(--text-muted);
 }

data/app/assets/stylesheets/collavre/popup.css

@@ -1,9 +1,9 @@
 .popup-box {
-  background: var(--color-bg);
-  border: 1px solid var(--color-border);
+  background: var(--surface-bg);
+  border: 1px solid var(--border-color);
   padding: 1em;
-  box-shadow: 0 2px 8px rgba(0, 0, 0, 0.15);
-  border-radius: 10px;
+  box-shadow: var(--shadow-2);
+  border-radius: var(--radius-3);
   position: relative;
   display: flex;
   flex-direction: column;
@@ -43,12 +43,12 @@
 
 .common-popup {
   position: absolute;
-  z-index: 1000;
-  background: var(--color-section-bg);
-  border: 1px solid var(--color-border);
+  z-index: var(--layer-modal);
+  background: var(--surface-section);
+  border: 1px solid var(--border-color);
   padding: 1em;
-  box-shadow: 0 4px 12px rgba(0, 0, 0, 0.15);
-  border-radius: 10px;
+  box-shadow: var(--shadow-3);
+  border-radius: var(--radius-3);
   display: flex;
   flex-direction: column;
   max-width: 90vw;
@@ -60,9 +60,9 @@
   margin-bottom: 0.75em;
   padding: 0.5em;
   border-radius: 6px;
-  border: 1px solid var(--color-border);
-  background: var(--color-bg);
-  color: var(--color-text);
+  border: 1px solid var(--border-color);
+  background: var(--surface-bg);
+  color: var(--text-primary);
 }
 
 .common-popup h3 {
@@ -71,25 +71,55 @@
   font-size: 1.1em;
 }
 
+.popup-box input:not([type="radio"]):not([type="checkbox"]),
+.popup-box select {
+  width: 100%;
+  box-sizing: border-box;
+}
+
 .popup-close-btn {
   position: absolute;
   top: 0.75em;
   right: 0.75em;
-  background: none;
+  background: transparent;
   border: none;
+  padding: 0;
   font-size: 1.2em;
   line-height: 1;
   cursor: pointer;
-  color: var(--color-text);
+  color: var(--text-primary);
+  opacity: 0.6;
+  appearance: none;
+}
+
+.popup-close-btn:hover {
+  opacity: 1;
+}
+
+.delete-share-btn {
+  background: transparent;
+  border: none;
+  padding: 0;
+  cursor: pointer;
+  color: var(--text-primary);
+  appearance: none;
+  font-size: 1.1em;
+  opacity: 0.6;
+  padding: 0 0.5em;
+}
+
+.delete-share-btn:hover {
+  opacity: 1;
+  color: var(--danger);
 }
 
 #github-integration-modal .github-modal-status {
-  color: var(--color-muted);
+  color: var(--text-muted);
   margin-bottom: 1em;
 }
 
 #github-integration-modal .github-modal-subtext {
-  color: var(--color-muted);
+  color: var(--text-muted);
 }
 
 #github-integration-modal .github-existing-connections {
@@ -99,19 +129,19 @@
 #github-integration-modal .github-modal-list {
   padding-left: 1.2em;
   margin-bottom: 0.75em;
-  color: var(--color-text);
+  color: var(--text-primary);
 }
 
 #github-integration-modal .github-modal-list-box {
-  border: 1px solid var(--color-border);
+  border: 1px solid var(--border-color);
   padding: 0.5em;
-  border-radius: 4px;
-  background: var(--color-section-bg);
-  color: var(--color-text);
+  border-radius: var(--radius-1);
+  background: var(--surface-section);
+  color: var(--text-primary);
 }
 
 #github-integration-modal .github-modal-empty {
-  color: var(--color-muted);
+  color: var(--text-muted);
 }
 
 .popup-menu-wrapper {
@@ -122,11 +152,11 @@
 .popup-menu {
   display: none;
   position: absolute;
-  z-index: 1000;
-  background: var(--color-section-bg);
-  border: 1px solid var(--color-border);
+  z-index: var(--layer-modal);
+  background: var(--surface-section);
+  border: 1px solid var(--border-color);
   padding: 0.5em;
-  box-shadow: 0 2px 8px var(--color-border);
+  box-shadow: 0 2px 8px var(--border-color);
   min-width: 220px;
   top: calc(100% + 4px);
   left: 0;
@@ -164,4 +194,4 @@
     display: block;
     min-width: 100%;
   }
-}
+}

data/app/assets/stylesheets/collavre/slide_view.css

@@ -2,7 +2,7 @@
   height: 100vh;
   display: flex;
   overflow: auto;
-  padding: 2rem;
+  padding: var(--space-7);
   box-sizing: border-box;
 }
 
@@ -17,12 +17,12 @@
 
 #slide-controls {
   position: fixed;
-  bottom: 0.5rem;
+  bottom: var(--space-2);
   left: 50%;
   transform: translateX(-50%);
   z-index: 10;
   display: flex;
-  gap: 0.5rem;
+  gap: var(--space-2);
   align-items: center;
 }
 
@@ -58,7 +58,7 @@
     left: 0;
     right: 0;
     height: 20vh;
-    background: var(--color-border);
+    background: var(--border-color);
     align-items: center;
     justify-content: center;
   }
@@ -66,14 +66,14 @@
   #slide-caption {
     display: block;
     pointer-events: none;
-    padding: 0.5rem;
+    padding: var(--space-2);
     text-align: center;
     white-space: pre-wrap;
   }
 
   #slide-timer {
     display: block;
-    margin-top: 0.5rem;
+    margin-top: var(--space-2);
     font-variant-numeric: tabular-nums;
   }
 }

data/app/assets/stylesheets/collavre/user_menu.css

@@ -1,6 +1,6 @@
 .nav-avatar {
-  width: 32px;
-  height: 32px;
+  width: var(--space-7);
+  height: var(--space-7);
   border-radius: 50%;
 }
 
@@ -27,8 +27,7 @@
   display: flex;
   align-items: center;
   justify-content: center;
-  font-weight: bold;
-  color: var(--color-text);
+  font-weight: var(--weight-7);
+  color: var(--text-primary);
   pointer-events: none;
 }
-

data/app/components/collavre/plans_timeline_component.html.erb

@@ -1,5 +1,5 @@
 <div class="plans-timeline-wrapper">
-  <button id="timeline-today-btn" type="button"><%= t('collavre.plans.today', default: '오늘') %></button>
+  <button id="timeline-today-btn" class="btn btn-xs" type="button"><%= t('collavre.plans.today', default: '오늘') %></button>
   <div id="plans-timeline" class="horizontal-timeline" data-plans='<%= raw plan_data.to_json %>' data-start-date="<%= @start_date %>" data-end-date="<%= @end_date %>" data-delete-confirm="<%= t('collavre.plans.delete_confirm', default: 'Are you sure?') %>"></div>
 </div>
 <hr>
@@ -9,6 +9,6 @@
     <input type="text" id="plan-select-creative-input" placeholder="<%= t('collavre.plans.select_creative', default: 'Select Creative') %>" autocomplete="off">
     <%= form.date_field :start_date, placeholder: t('collavre.plans.start_date'), id: 'plan-start-date' %>
     <%= form.date_field :target_date, placeholder: t('collavre.plans.target_date'), id: 'plan-target-date' %>
-    <%= form.submit t('collavre.plans.add_plan'), id: 'add-plan-btn', disabled: true %>
+    <%= form.submit t('collavre.plans.add_plan'), id: 'add-plan-btn', class: 'btn btn-sm btn-primary', disabled: true %>
 <% end %>
 </div>

data/app/controllers/collavre/admin/orchestration_controller.rb

@@ -39,7 +39,8 @@ module Collavre
         # Group by type for readable YAML structure
         structure = {
           "arbitration" => { "global" => nil, "overrides" => [] },
-          "scheduling" => { "global" => nil, "overrides" => [] }
+          "scheduling" => { "global" => nil, "overrides" => [] },
+          "collaboration" => { "global" => nil, "overrides" => [] }
         }
 
         policies.each do |policy|
@@ -89,6 +90,12 @@ module Collavre
               "backoff_strategy" => "exponential",
               "topic_max_concurrent_jobs" => 1
             }
+          },
+          "collaboration" => {
+            "global" => {
+              "a2a_completion_instruction" => nil,
+              "mention_rule" => nil
+            }
           }
         }
       end
@@ -97,7 +104,7 @@ module Collavre
         raise PolicyValidationError, t("admin.orchestration.invalid_format") unless parsed.is_a?(Hash)
 
         parsed.each do |type, data|
-          unless %w[arbitration scheduling].include?(type)
+          unless %w[arbitration scheduling collaboration].include?(type)
             raise PolicyValidationError, t("admin.orchestration.unknown_policy_type", type: type)
           end
 

data/app/controllers/collavre/admin/settings_controller.rb

@@ -0,0 +1,199 @@
+# frozen_string_literal: true
+
+module Collavre
+  module Admin
+    class SettingsController < ApplicationController
+      before_action :require_system_admin!
+
+      def index
+        @help_link = SystemSetting.find_by(key: "help_menu_link")&.value
+        @mcp_tool_approval = SystemSetting.find_by(key: "mcp_tool_approval_required")&.value == "true"
+        @creatives_login_required = SystemSetting.creatives_login_required?
+        @home_page_path = SystemSetting.home_page_path
+
+        # Account lockout settings
+        @max_login_attempts = SystemSetting.max_login_attempts
+        @lockout_duration_minutes = SystemSetting.lockout_duration_minutes
+
+        # Password policy settings
+        @password_min_length = SystemSetting.password_min_length
+
+        # Session timeout settings
+        @session_timeout_minutes = SystemSetting.session_timeout_minutes
+
+        # Rate limiting settings
+        @password_reset_rate_limit = SystemSetting.password_reset_rate_limit
+        @password_reset_rate_period_minutes = SystemSetting.password_reset_rate_period_minutes
+        @api_rate_limit = SystemSetting.api_rate_limit
+        @api_rate_period_minutes = SystemSetting.api_rate_period_minutes
+
+        # Storage is "disabled" list. View expects "enabled" list.
+        all_provider_keys = Rails.application.config.auth_providers.map { |p| p[:key].to_s }
+        disabled_providers = SystemSetting.find_by(key: "auth_providers_disabled")&.value&.split(",") || []
+        @enabled_auth_providers = all_provider_keys - disabled_providers
+      end
+
+      def uiux
+        @default_light_theme_id = SystemSetting.default_light_theme_id
+        @default_dark_theme_id = SystemSetting.default_dark_theme_id
+        @available_themes = Collavre::UserTheme.all.order(:name)
+      end
+
+      def update_uiux
+        SystemSetting.transaction do
+          light_theme_id = params[:default_light_theme_id].to_s.strip
+          light_theme_setting = SystemSetting.find_or_initialize_by(key: "default_light_theme_id")
+          light_theme_setting.value = light_theme_id.present? ? light_theme_id : nil
+          light_theme_setting.save!
+
+          dark_theme_id = params[:default_dark_theme_id].to_s.strip
+          dark_theme_setting = SystemSetting.find_or_initialize_by(key: "default_dark_theme_id")
+          dark_theme_setting.value = dark_theme_id.present? ? dark_theme_id : nil
+          dark_theme_setting.save!
+        end
+
+        redirect_to collavre.admin_uiux_path, notice: t("admin.settings.updated")
+      rescue ActiveRecord::RecordInvalid => e
+        flash.now[:alert] = e.record.errors.full_messages.join(", ")
+        @default_light_theme_id = params[:default_light_theme_id]
+        @default_dark_theme_id = params[:default_dark_theme_id]
+        @available_themes = Collavre::UserTheme.all.order(:name)
+        render :uiux, status: :unprocessable_entity
+      end
+
+      def update
+        SystemSetting.transaction do
+          # Help Link
+          help_link_setting = SystemSetting.find_or_initialize_by(key: "help_menu_link")
+          help_link_setting.value = params[:help_link].to_s.strip
+          help_link_setting.save!
+
+          # MCP Tool Approval
+          mcp_setting = SystemSetting.find_or_initialize_by(key: "mcp_tool_approval_required")
+          mcp_setting.value = params[:mcp_tool_approval] == "1" ? "true" : "false"
+          mcp_setting.save!
+
+          # Creatives Login Required
+          creatives_login_setting = SystemSetting.find_or_initialize_by(key: "creatives_login_required")
+          creatives_login_setting.value = params[:creatives_login_required] == "1" ? "true" : "false"
+          creatives_login_setting.save!
+
+          # Home Page Path
+          home_page_path_input = params[:home_page_path].to_s.strip
+          if home_page_path_input.present?
+            normalized_path, error = validate_and_normalize_home_page_path(home_page_path_input)
+            if error
+              home_page_setting = SystemSetting.new(key: "home_page_path")
+              home_page_setting.errors.add(:base, error)
+              raise ActiveRecord::RecordInvalid, home_page_setting
+            end
+            home_page_setting = SystemSetting.find_or_initialize_by(key: "home_page_path")
+            home_page_setting.value = normalized_path
+            home_page_setting.save!
+          else
+            home_page_setting = SystemSetting.find_or_initialize_by(key: "home_page_path")
+            home_page_setting.value = nil
+            home_page_setting.save!
+          end
+
+          # Account Lockout Settings
+          max_attempts = params[:max_login_attempts].to_i
+          max_attempts = SystemSetting::DEFAULT_MAX_LOGIN_ATTEMPTS if max_attempts < 1
+          SystemSetting.find_or_initialize_by(key: "max_login_attempts").tap { |s| s.value = max_attempts.to_s; s.save! }
+
+          lockout_duration = params[:lockout_duration_minutes].to_i
+          lockout_duration = SystemSetting::DEFAULT_LOCKOUT_DURATION_MINUTES if lockout_duration < 1
+          SystemSetting.find_or_initialize_by(key: "lockout_duration_minutes").tap { |s| s.value = lockout_duration.to_s; s.save! }
+
+          # Password Policy Settings
+          password_min_length = [ [ params[:password_min_length].to_i, SystemSetting::DEFAULT_PASSWORD_MIN_LENGTH ].max, 72 ].min
+          SystemSetting.find_or_initialize_by(key: "password_min_length").tap { |s| s.value = password_min_length.to_s; s.save! }
+
+          # Session Timeout Settings
+          session_timeout = [ params[:session_timeout_minutes].to_i, 0 ].max
+          SystemSetting.find_or_initialize_by(key: "session_timeout_minutes").tap { |s| s.value = session_timeout.to_s; s.save! }
+
+          # Rate Limiting - Password Reset
+          pw_reset_limit = params[:password_reset_rate_limit].to_i
+          pw_reset_limit = SystemSetting::DEFAULT_PASSWORD_RESET_RATE_LIMIT if pw_reset_limit < 1
+          SystemSetting.find_or_initialize_by(key: "password_reset_rate_limit").tap { |s| s.value = pw_reset_limit.to_s; s.save! }
+
+          pw_reset_period = params[:password_reset_rate_period_minutes].to_i
+          pw_reset_period = SystemSetting::DEFAULT_PASSWORD_RESET_RATE_PERIOD_MINUTES if pw_reset_period < 1
+          SystemSetting.find_or_initialize_by(key: "password_reset_rate_period_minutes").tap { |s| s.value = pw_reset_period.to_s; s.save! }
+
+          # Rate Limiting - API
+          api_limit = params[:api_rate_limit].to_i
+          api_limit = SystemSetting::DEFAULT_API_RATE_LIMIT if api_limit < 1
+          SystemSetting.find_or_initialize_by(key: "api_rate_limit").tap { |s| s.value = api_limit.to_s; s.save! }
+
+          api_period = params[:api_rate_period_minutes].to_i
+          api_period = SystemSetting::DEFAULT_API_RATE_PERIOD_MINUTES if api_period < 1
+          SystemSetting.find_or_initialize_by(key: "api_rate_period_minutes").tap { |s| s.value = api_period.to_s; s.save! }
+
+          # Auth Providers
+          auth_providers = Array(params[:auth_providers]).reject(&:blank?)
+          if auth_providers.empty?
+            auth_setting = SystemSetting.new(key: "auth_providers_enabled")
+            auth_setting.errors.add(:base, t("admin.settings.auth_provider_required"))
+            raise ActiveRecord::RecordInvalid, auth_setting
+          end
+
+          all_provider_keys = Rails.application.config.auth_providers.map { |p| p[:key].to_s }
+          disabled_providers = all_provider_keys - auth_providers
+          SystemSetting.find_or_initialize_by(key: "auth_providers_disabled").tap { |s| s.value = disabled_providers.join(","); s.save! }
+        end
+
+        redirect_to collavre.admin_settings_path, notice: t("admin.settings.updated")
+      rescue ActiveRecord::RecordInvalid => e
+        flash.now[:alert] = e.record.errors.full_messages.join(", ")
+        @help_link = params[:help_link]
+        @mcp_tool_approval = params[:mcp_tool_approval] == "1"
+        @creatives_login_required = params[:creatives_login_required] == "1"
+        @home_page_path = params[:home_page_path]
+        @max_login_attempts = params[:max_login_attempts].to_i.positive? ? params[:max_login_attempts].to_i : SystemSetting::DEFAULT_MAX_LOGIN_ATTEMPTS
+        @lockout_duration_minutes = params[:lockout_duration_minutes].to_i.positive? ? params[:lockout_duration_minutes].to_i : SystemSetting::DEFAULT_LOCKOUT_DURATION_MINUTES
+        @password_min_length = [ [ params[:password_min_length].to_i, SystemSetting::DEFAULT_PASSWORD_MIN_LENGTH ].max, 72 ].min
+        @session_timeout_minutes = [ params[:session_timeout_minutes].to_i, 0 ].max
+        @password_reset_rate_limit = params[:password_reset_rate_limit].to_i.positive? ? params[:password_reset_rate_limit].to_i : SystemSetting::DEFAULT_PASSWORD_RESET_RATE_LIMIT
+        @password_reset_rate_period_minutes = params[:password_reset_rate_period_minutes].to_i.positive? ? params[:password_reset_rate_period_minutes].to_i : SystemSetting::DEFAULT_PASSWORD_RESET_RATE_PERIOD_MINUTES
+        @api_rate_limit = params[:api_rate_limit].to_i.positive? ? params[:api_rate_limit].to_i : SystemSetting::DEFAULT_API_RATE_LIMIT
+        @api_rate_period_minutes = params[:api_rate_period_minutes].to_i.positive? ? params[:api_rate_period_minutes].to_i : SystemSetting::DEFAULT_API_RATE_PERIOD_MINUTES
+        @enabled_auth_providers = params[:auth_providers] || []
+        render :index, status: :unprocessable_entity
+      end
+
+      private
+
+      def validate_and_normalize_home_page_path(value)
+        path = value.to_s.strip
+
+        if path.match?(%r{\A[a-z][a-z0-9+.-]*://}i)
+          return [ nil, t("admin.settings.home_page_path_invalid_url") ]
+        end
+
+        path = path.split(/[?#]/).first
+        path = "/#{path}" unless path.start_with?("/")
+        path = path.gsub(%r{/+}, "/")
+        return [ nil, nil ] if path == "/"
+
+        begin
+          route_info = Rails.application.routes.recognize_path(path, method: :get)
+
+          if route_info[:format].present? && route_info[:format] != "html"
+            return [ nil, t("admin.settings.home_page_path_not_html", path: path) ]
+          end
+
+          non_html_paths = %w[/service-worker /manifest /up]
+          if non_html_paths.any? { |p| path.start_with?(p) }
+            return [ nil, t("admin.settings.home_page_path_not_html", path: path) ]
+          end
+        rescue ActionController::RoutingError
+          return [ nil, t("admin.settings.home_page_path_not_routable", path: path) ]
+        end
+
+        [ path, nil ]
+      end
+    end
+  end
+end

data/app/controllers/collavre/comments/reactions_controller.rb

@@ -45,15 +45,7 @@ module Collavre
       end
 
       def broadcast_reaction_update
-        payload = build_reaction_payload
-        Turbo::StreamsChannel.broadcast_action_to(
-          [ @creative, :comments ],
-          action: "update_reactions",
-          target: view_context.dom_id(@comment),
-          attributes: {
-            data: payload.to_json
-          }
-        )
+        CommentReaction.broadcast_reaction_update(@comment)
       end
 
       def set_creative