@cat-factory/app 0.26.7 → 0.27.0

package/app/components/layout/AccountDeploymentSettings.vue

@@ -0,0 +1,236 @@
+<script setup lang="ts">
+import { computed, onMounted, reactive, ref } from 'vue'
+
+// Deployment integration secrets for an account (admin only): the Slack app OAuth
+// credentials and the container web-search upstream keys — both moved out of env into
+// the per-account settings store, sealed at rest. Secrets are write-only: the panel only
+// ever shows whether each integration is configured (the `summary`), never the values;
+// blank inputs leave a configured secret unchanged. Hidden when the settings store isn't
+// wired (no ENCRYPTION_KEY).
+const props = defineProps<{ accountId: string }>()
+
+const store = useAccountSettingsStore()
+const toast = useToast()
+
+const slack = reactive({ clientId: '', clientSecret: '', redirectUrl: '' })
+const web = reactive({ braveApiKey: '', searxngUrl: '', searxngApiKey: '' })
+const savingSlack = ref(false)
+const savingWeb = ref(false)
+
+const summary = computed(() => store.view?.summary ?? null)
+
+onMounted(async () => {
+  try {
+    await store.load(props.accountId)
+  } catch (e) {
+    toast.add({
+      title: 'Could not load deployment settings',
+      description: e instanceof Error ? e.message : String(e),
+      icon: 'i-lucide-triangle-alert',
+      color: 'error',
+    })
+  }
+})
+
+async function saveSlack() {
+  if (!slack.clientId.trim() || !slack.clientSecret.trim() || !slack.redirectUrl.trim()) {
+    toast.add({ title: 'Enter the client id, secret and redirect URL', color: 'error' })
+    return
+  }
+  savingSlack.value = true
+  try {
+    await store.save(props.accountId, {
+      secrets: {
+        slackOAuth: {
+          clientId: slack.clientId.trim(),
+          clientSecret: slack.clientSecret.trim(),
+          redirectUrl: slack.redirectUrl.trim(),
+        },
+      },
+    })
+    slack.clientId = ''
+    slack.clientSecret = ''
+    slack.redirectUrl = ''
+    toast.add({ title: 'Slack OAuth saved', icon: 'i-lucide-check', color: 'success' })
+  } catch (e) {
+    toast.add({
+      title: 'Could not save Slack OAuth',
+      description: e instanceof Error ? e.message : String(e),
+      color: 'error',
+    })
+  } finally {
+    savingSlack.value = false
+  }
+}
+
+async function clearSlack() {
+  savingSlack.value = true
+  try {
+    await store.save(props.accountId, { secrets: { slackOAuth: null } })
+    toast.add({ title: 'Slack OAuth cleared', icon: 'i-lucide-check', color: 'success' })
+  } catch (e) {
+    toast.add({
+      title: 'Could not clear Slack OAuth',
+      description: e instanceof Error ? e.message : String(e),
+      color: 'error',
+    })
+  } finally {
+    savingSlack.value = false
+  }
+}
+
+async function saveWeb() {
+  const brave = web.braveApiKey.trim()
+  const searxng = web.searxngUrl.trim()
+  if (!brave && !searxng) {
+    toast.add({ title: 'Enter a Brave key or a SearXNG URL', color: 'error' })
+    return
+  }
+  savingWeb.value = true
+  try {
+    await store.save(props.accountId, {
+      secrets: {
+        webSearch: {
+          ...(brave ? { braveApiKey: brave } : {}),
+          ...(searxng ? { searxngUrl: searxng } : {}),
+          ...(web.searxngApiKey.trim() ? { searxngApiKey: web.searxngApiKey.trim() } : {}),
+        },
+      },
+    })
+    web.braveApiKey = ''
+    web.searxngUrl = ''
+    web.searxngApiKey = ''
+    toast.add({ title: 'Web search keys saved', icon: 'i-lucide-check', color: 'success' })
+  } catch (e) {
+    toast.add({
+      title: 'Could not save web search keys',
+      description: e instanceof Error ? e.message : String(e),
+      color: 'error',
+    })
+  } finally {
+    savingWeb.value = false
+  }
+}
+
+async function clearWeb() {
+  savingWeb.value = true
+  try {
+    await store.save(props.accountId, { secrets: { webSearch: null } })
+    toast.add({ title: 'Web search keys cleared', icon: 'i-lucide-check', color: 'success' })
+  } catch (e) {
+    toast.add({
+      title: 'Could not clear web search keys',
+      description: e instanceof Error ? e.message : String(e),
+      color: 'error',
+    })
+  } finally {
+    savingWeb.value = false
+  }
+}
+</script>
+
+<template>
+  <div v-if="store.available !== false" class="space-y-6">
+    <div>
+      <h3 class="mb-1 font-semibold text-white">Deployment integrations</h3>
+      <p class="text-[11px] text-slate-400">
+        Credentials shared by every workspace in this account, sealed at rest. Values are never
+        shown after saving; leave a field blank to keep the stored secret.
+      </p>
+    </div>
+
+    <!-- Slack app OAuth -->
+    <section class="space-y-2">
+      <div class="flex items-center gap-2">
+        <h4 class="text-sm font-semibold text-slate-200">Slack app (OAuth)</h4>
+        <UBadge
+          :color="summary?.slackOAuthConfigured ? 'success' : 'neutral'"
+          variant="subtle"
+          size="xs"
+        >
+          {{ summary?.slackOAuthConfigured ? 'Configured' : 'Not set' }}
+        </UBadge>
+      </div>
+      <p class="text-[11px] text-slate-400">
+        Enables the "Add to Slack" OAuth flow. Without it, workspaces can still connect Slack by
+        pasting a bot token.
+      </p>
+      <div class="grid grid-cols-1 gap-2 sm:grid-cols-3">
+        <UInput v-model="slack.clientId" placeholder="Client ID" size="sm" />
+        <UInput
+          v-model="slack.clientSecret"
+          type="password"
+          placeholder="Client secret"
+          size="sm"
+        />
+        <UInput v-model="slack.redirectUrl" placeholder="Redirect URL" size="sm" />
+      </div>
+      <div class="flex gap-2">
+        <UButton
+          color="primary"
+          size="xs"
+          icon="i-lucide-save"
+          :loading="savingSlack"
+          @click="saveSlack"
+        >
+          Save
+        </UButton>
+        <UButton
+          v-if="summary?.slackOAuthConfigured"
+          color="neutral"
+          variant="ghost"
+          size="xs"
+          :loading="savingSlack"
+          @click="clearSlack"
+        >
+          Clear
+        </UButton>
+      </div>
+    </section>
+
+    <!-- Web search keys -->
+    <section class="space-y-2 border-t border-slate-800 pt-6">
+      <div class="flex items-center gap-2">
+        <h4 class="text-sm font-semibold text-slate-200">Container web search</h4>
+        <UBadge :color="summary?.webSearch ? 'success' : 'neutral'" variant="subtle" size="xs">
+          {{ summary?.webSearch ? `Configured (${summary.webSearch})` : 'Not set' }}
+        </UBadge>
+      </div>
+      <p class="text-[11px] text-slate-400">
+        The search upstream container agents reach through the backend proxy. Set a Brave key
+        (recommended), or a self-hosted SearXNG URL (with an optional bearer key).
+      </p>
+      <div class="grid grid-cols-1 gap-2 sm:grid-cols-3">
+        <UInput v-model="web.braveApiKey" type="password" placeholder="Brave API key" size="sm" />
+        <UInput v-model="web.searxngUrl" placeholder="SearXNG URL" size="sm" />
+        <UInput
+          v-model="web.searxngApiKey"
+          type="password"
+          placeholder="SearXNG key (optional)"
+          size="sm"
+        />
+      </div>
+      <div class="flex gap-2">
+        <UButton
+          color="primary"
+          size="xs"
+          icon="i-lucide-save"
+          :loading="savingWeb"
+          @click="saveWeb"
+        >
+          Save
+        </UButton>
+        <UButton
+          v-if="summary?.webSearch"
+          color="neutral"
+          variant="ghost"
+          size="xs"
+          :loading="savingWeb"
+          @click="clearWeb"
+        >
+          Clear
+        </UButton>
+      </div>
+    </section>
+  </div>
+</template>

package/app/components/layout/AccountTeamSettings.vue

@@ -1,6 +1,7 @@
 <script setup lang="ts">
 import { computed, onMounted, ref } from 'vue'
 import type { AccountRole } from '~/types/domain'
+import AccountDeploymentSettings from '~/components/layout/AccountDeploymentSettings.vue'
 
 // Team settings for an org account: the member roster (with combinable admin /
 // developer / product roles), pending email invitations, and the per-account
@@ -236,5 +237,10 @@ async function disconnectEmail() {
         <ProvidersApiKeysSection :account-id="accountId" category="proxy" />
       </div>
     </section>
+
+    <!-- deployment integration secrets (admin-only): Slack OAuth app + web-search keys -->
+    <section v-if="isAdmin">
+      <AccountDeploymentSettings :account-id="accountId" />
+    </section>
   </div>
 </template>

package/app/components/settings/ObservabilityConnectionPanel.vue

@@ -25,6 +25,12 @@ const provider = ref<ObservabilityProviderKind>('datadog')
 const datadog = reactive({ site: 'datadoghq.com', apiKey: '', appKey: '' })
 const busy = ref(false)
 
+// Incident enrichment (PagerDuty + incident.io) — write-only secrets; blank leaves the
+// stored value unchanged. Paired with observability since it acts on the same regression.
+const pagerDuty = reactive({ apiToken: '', fromEmail: '' })
+const incidentIo = reactive({ apiKey: '' })
+const incidentBusy = ref(false)
+
 function notifyError(title: string, e: unknown) {
   toast.add({
     title,
@@ -41,11 +47,50 @@ watch(open, async (isOpen) => {
     if (store.connection.provider) provider.value = store.connection.provider
     const site = store.connection.summary?.site
     if (site) datadog.site = site
+    await store.loadIncident()
   } catch (e) {
     notifyError('Could not load observability settings', e)
   }
 })
 
+async function saveIncident() {
+  incidentBusy.value = true
+  try {
+    const input: Parameters<typeof store.saveIncident>[0] = {}
+    if (pagerDuty.apiToken.trim() && pagerDuty.fromEmail.trim()) {
+      input.pagerDuty = {
+        apiToken: pagerDuty.apiToken.trim(),
+        fromEmail: pagerDuty.fromEmail.trim(),
+      }
+    }
+    if (incidentIo.apiKey.trim()) input.incidentIo = { apiKey: incidentIo.apiKey.trim() }
+    if (!input.pagerDuty && !input.incidentIo) {
+      toast.add({ title: 'Enter PagerDuty or incident.io credentials', color: 'error' })
+      return
+    }
+    await store.saveIncident(input)
+    pagerDuty.apiToken = ''
+    pagerDuty.fromEmail = ''
+    incidentIo.apiKey = ''
+    toast.add({ title: 'Incident enrichment saved', icon: 'i-lucide-check', color: 'success' })
+  } catch (e) {
+    notifyError('Could not save incident enrichment', e)
+  } finally {
+    incidentBusy.value = false
+  }
+}
+
+async function disconnectIncident() {
+  incidentBusy.value = true
+  try {
+    await store.removeIncident()
+  } catch (e) {
+    notifyError('Could not disconnect incident enrichment', e)
+  } finally {
+    incidentBusy.value = false
+  }
+}
+
 async function saveConnection() {
   busy.value = true
   try {
@@ -145,6 +190,53 @@ const connectedLabel = computed(() => {
             </UButton>
           </div>
         </section>
+
+        <!-- Incident enrichment (optional): annotate an incident PagerDuty / incident.io
+             already opened from the same monitors/SLOs. -->
+        <section
+          v-if="store.incidentAvailable !== false"
+          class="space-y-3 rounded-lg border border-slate-700 p-3"
+        >
+          <div class="flex items-center justify-between">
+            <h3 class="text-sm font-semibold">Incident enrichment</h3>
+            <UBadge :color="store.incident.connected ? 'success' : 'neutral'" variant="soft">
+              {{ store.incident.connected ? 'Configured' : 'Not set' }}
+            </UBadge>
+          </div>
+          <p class="text-[11px] text-slate-400">
+            Optional. On a regression, the on-call investigation is posted onto an incident these
+            systems ALREADY opened from the same signals (annotate, never re-alert). Secrets are
+            write-only — blank leaves a stored value unchanged.
+          </p>
+
+          <UFormField label="PagerDuty API token">
+            <UInput v-model="pagerDuty.apiToken" type="password" class="w-full" />
+          </UFormField>
+          <UFormField label="PagerDuty From email">
+            <UInput
+              v-model="pagerDuty.fromEmail"
+              type="email"
+              placeholder="oncall@example.com"
+              class="w-full"
+            />
+          </UFormField>
+          <UFormField label="incident.io API key">
+            <UInput v-model="incidentIo.apiKey" type="password" class="w-full" />
+          </UFormField>
+
+          <div class="flex gap-2">
+            <UButton :loading="incidentBusy" @click="saveIncident">Save</UButton>
+            <UButton
+              v-if="store.incident.connected"
+              color="error"
+              variant="soft"
+              :loading="incidentBusy"
+              @click="disconnectIncident"
+            >
+              Clear
+            </UButton>
+          </div>
+        </section>
       </div>
     </template>
   </UModal>

package/app/components/settings/WorkspaceSettingsPanel.vue

@@ -8,7 +8,7 @@
 // The latter three are body-only section components rendered in tabs here (no longer
 // standalone modals).
 import { reactive, ref, watch } from 'vue'
-import type { CreateTaskType, TaskLimitMode } from '~/types/domain'
+import type { CreateTaskType, TaskLimitMode, WorkspaceSettings } from '~/types/domain'
 import MergeThresholdsPanel from '~/components/settings/MergeThresholdsPanel.vue'
 import IssueTrackerPanel from '~/components/settings/IssueTrackerPanel.vue'
 import ServiceFragmentDefaultsPanel from '~/components/settings/ServiceFragmentDefaultsPanel.vue'
@@ -36,6 +36,7 @@ const tabs = [
     icon: 'i-lucide-sliders-horizontal',
     slot: 'workspace',
   },
+  { value: 'budget', label: 'Budget', icon: 'i-lucide-wallet', slot: 'budget' },
   { value: 'merge', label: 'Merge thresholds', icon: 'i-lucide-git-merge', slot: 'merge' },
   {
     value: 'tracker',
@@ -64,6 +65,10 @@ const draft = reactive({
   taskLimitMode: 'off' as TaskLimitMode,
   taskLimitShared: 5 as number,
   perType: {} as Record<CreateTaskType, number>,
+  // Budget: empty string ⇒ "use the built-in default" (null on the wire).
+  spendCurrency: '',
+  spendMonthlyLimit: '',
+  spendModelPrices: '',
 })
 
 function hydrate() {
@@ -73,6 +78,9 @@ function hydrate() {
   draft.taskLimitShared = s.taskLimitShared ?? 5
   const pt = s.taskLimitPerType ?? {}
   for (const t of TASK_TYPES) draft.perType[t] = pt[t] ?? 3
+  draft.spendCurrency = s.spendCurrency ?? ''
+  draft.spendMonthlyLimit = s.spendMonthlyLimit == null ? '' : String(s.spendMonthlyLimit)
+  draft.spendModelPrices = s.spendModelPrices ? JSON.stringify(s.spendModelPrices, null, 2) : ''
 }
 
 watch(() => store.settings, hydrate, { immediate: true, deep: true })
@@ -109,6 +117,45 @@ async function save() {
     saving.value = false
   }
 }
+
+const savingBudget = ref(false)
+
+async function saveBudget() {
+  // Parse the optional per-model price overrides JSON (blank ⇒ no overrides).
+  let prices: WorkspaceSettings['spendModelPrices'] = null
+  const raw = draft.spendModelPrices.trim()
+  if (raw) {
+    try {
+      prices = JSON.parse(raw)
+    } catch {
+      toast.add({
+        title: 'Per-model prices must be valid JSON',
+        icon: 'i-lucide-triangle-alert',
+        color: 'error',
+      })
+      return
+    }
+  }
+  savingBudget.value = true
+  try {
+    await store.update({
+      spendCurrency: draft.spendCurrency.trim() ? draft.spendCurrency.trim().toUpperCase() : null,
+      spendMonthlyLimit:
+        draft.spendMonthlyLimit.trim() === '' ? null : Number(draft.spendMonthlyLimit),
+      spendModelPrices: prices,
+    })
+    toast.add({ title: 'Budget saved', icon: 'i-lucide-check', color: 'success' })
+  } catch (e) {
+    toast.add({
+      title: 'Could not save budget',
+      description: e instanceof Error ? e.message : String(e),
+      icon: 'i-lucide-triangle-alert',
+      color: 'error',
+    })
+  } finally {
+    savingBudget.value = false
+  }
+}
 </script>
 
 <template>
@@ -195,6 +242,74 @@ async function save() {
           </div>
         </template>
 
+        <!-- Budget -->
+        <template #budget>
+          <div class="space-y-6">
+            <section class="space-y-2">
+              <h3 class="text-sm font-semibold text-slate-200">Monthly spend budget</h3>
+              <p class="text-[11px] text-slate-400">
+                Token usage is metered per LLM call, priced, and gated by this budget — when
+                reached, runs in this workspace pause and the board shows a warning. Leave blank to
+                inherit the built-in default (~100&nbsp;EUR/month).
+              </p>
+              <div class="grid grid-cols-2 gap-3">
+                <label class="block">
+                  <span class="mb-1 block text-[10px] uppercase tracking-wide text-slate-500">
+                    Monthly limit
+                  </span>
+                  <UInput
+                    v-model="draft.spendMonthlyLimit"
+                    type="number"
+                    :min="0"
+                    placeholder="Default"
+                    size="sm"
+                  />
+                </label>
+                <label class="block">
+                  <span class="mb-1 block text-[10px] uppercase tracking-wide text-slate-500">
+                    Currency (ISO 4217)
+                  </span>
+                  <UInput
+                    v-model="draft.spendCurrency"
+                    placeholder="EUR"
+                    maxlength="3"
+                    size="sm"
+                    class="uppercase"
+                  />
+                </label>
+              </div>
+            </section>
+
+            <section class="space-y-2">
+              <h3 class="text-sm font-semibold text-slate-200">Per-model price overrides</h3>
+              <p class="text-[11px] text-slate-400">
+                Optional. JSON object of <code>"provider:model"</code> (or a bare
+                <code>"provider"</code>) → <code>{ inputPerMillion, outputPerMillion }</code>,
+                overlaid on the built-in price table. Leave blank to use the defaults.
+              </p>
+              <UTextarea
+                v-model="draft.spendModelPrices"
+                :rows="6"
+                size="sm"
+                class="w-full font-mono text-[11px]"
+                placeholder='{"openai:gpt-4o":{"inputPerMillion":2.3,"outputPerMillion":9.2}}'
+              />
+            </section>
+
+            <div class="flex justify-end">
+              <UButton
+                color="primary"
+                icon="i-lucide-save"
+                size="sm"
+                :loading="savingBudget"
+                @click="saveBudget"
+              >
+                Save budget
+              </UButton>
+            </div>
+          </div>
+        </template>
+
         <!-- Merge thresholds -->
         <template #merge>
           <MergeThresholdsPanel />

package/app/composables/api/accounts.ts

@@ -7,6 +7,7 @@ import type {
   EmailConnection,
   UpdateAccountInput,
 } from '~/types/domain'
+import type { AccountSettingsView, UpdateAccountSettingsInput } from '~/types/accountSettings'
 import type { ApiContext } from './context'
 
 /** Account (tenancy) management: orgs, members, invitations + the email sender. */
@@ -77,5 +78,16 @@ export function accountsApi({ http }: ApiContext) {
         method: 'POST',
         body: { to },
       }),
+
+    // Per-account deployment settings (admin only): integration secrets (Slack OAuth +
+    // web-search keys), sealed at rest. Read returns config + non-secret summary only.
+    getAccountSettings: (accountId: string) =>
+      http<AccountSettingsView>(`/accounts/${encodeURIComponent(accountId)}/settings`),
+
+    updateAccountSettings: (accountId: string, body: UpdateAccountSettingsInput) =>
+      http<AccountSettingsView>(`/accounts/${encodeURIComponent(accountId)}/settings`, {
+        method: 'PUT',
+        body,
+      }),
   }
 }

package/app/composables/api/releaseHealth.ts

@@ -4,6 +4,10 @@ import type {
   UpsertObservabilityConnectionInput,
   UpsertReleaseHealthConfigInput,
 } from '~/types/releaseHealth'
+import type {
+  IncidentEnrichmentView,
+  UpsertIncidentEnrichmentInput,
+} from '~/types/incidentEnrichment'
 import type { ApiContext } from './context'
 
 /** Post-release-health: the observability connection + per-block monitor/SLO mapping. */
@@ -40,5 +44,18 @@ export function releaseHealthApi({ http, ws }: ApiContext) {
       http(`${ws(workspaceId)}/release-health-configs/${encodeURIComponent(blockId)}`, {
         method: 'DELETE',
       }),
+
+    // ---- Incident enrichment (PagerDuty + incident.io, write-only secrets) --
+    getIncidentEnrichment: (workspaceId: string) =>
+      http<IncidentEnrichmentView>(`${ws(workspaceId)}/incident-enrichment`),
+
+    setIncidentEnrichment: (workspaceId: string, body: UpsertIncidentEnrichmentInput) =>
+      http<IncidentEnrichmentView>(`${ws(workspaceId)}/incident-enrichment`, {
+        method: 'PUT',
+        body,
+      }),
+
+    deleteIncidentEnrichment: (workspaceId: string) =>
+      http(`${ws(workspaceId)}/incident-enrichment`, { method: 'DELETE' }),
   }
 }

package/app/stores/accountSettings.ts

@@ -0,0 +1,49 @@
+import { defineStore } from 'pinia'
+import { ref } from 'vue'
+import type { AccountSettingsView, UpdateAccountSettingsInput } from '~/types/accountSettings'
+
+/**
+ * Per-account deployment settings (admin only): the integration secrets — Slack app OAuth
+ * credentials + the web-search upstream keys — sealed at rest in the DB. Secrets are
+ * write-only: this store only ever holds the non-secret `summary` (which integrations are
+ * configured), never the values. `available` mirrors the backend opt-in: a 503 (no
+ * ENCRYPTION_KEY) hides the panel. Loaded on demand from the account-settings panel.
+ */
+export const useAccountSettingsStore = defineStore('accountSettings', () => {
+  const api = useApi()
+
+  const view = ref<AccountSettingsView | null>(null)
+  const loading = ref(false)
+  const available = ref<boolean | null>(null)
+
+  async function load(accountId: string) {
+    loading.value = true
+    try {
+      view.value = await api.getAccountSettings(accountId)
+      available.value = true
+    } catch (e) {
+      // 503 ⇒ the settings store isn't wired (no ENCRYPTION_KEY) ⇒ hide the panel.
+      if (
+        e &&
+        typeof e === 'object' &&
+        'statusCode' in e &&
+        (e as { statusCode?: number }).statusCode === 503
+      ) {
+        available.value = false
+        view.value = null
+      } else {
+        throw e
+      }
+    } finally {
+      loading.value = false
+    }
+  }
+
+  async function save(accountId: string, input: UpdateAccountSettingsInput) {
+    view.value = await api.updateAccountSettings(accountId, input)
+    available.value = true
+    return view.value
+  }
+
+  return { view, loading, available, load, save }
+})

package/app/stores/releaseHealth.ts

@@ -6,6 +6,10 @@ import type {
   UpsertObservabilityConnectionInput,
   UpsertReleaseHealthConfigInput,
 } from '~/types/releaseHealth'
+import type {
+  IncidentEnrichmentView,
+  UpsertIncidentEnrichmentInput,
+} from '~/types/incidentEnrichment'
 import { useWorkspaceStore } from '~/stores/workspace'
 
 /**
@@ -23,6 +27,10 @@ export const useReleaseHealthStore = defineStore('releaseHealth', () => {
     summary: null,
   })
   const configs = ref<ReleaseHealthConfig[]>([])
+  // Incident-enrichment (PagerDuty + incident.io) connection — write-only secrets, the
+  // store only ever holds the presence summary. Wired alongside observability.
+  const incident = ref<IncidentEnrichmentView>({ connected: false, summary: null })
+  const incidentAvailable = ref<boolean | null>(null)
   const loading = ref(false)
   // Mirrors the backend's opt-in gate (`OBSERVABILITY_ENABLED`): `null` until first
   // probed, then `true`/`false`. The hub + inspector hide their observability entry
@@ -95,9 +103,35 @@ export const useReleaseHealthStore = defineStore('releaseHealth', () => {
     configs.value = configs.value.filter((c) => c.blockId !== blockId)
   }
 
+  /** Load the incident-enrichment connection (separate opt-in gate from observability). */
+  async function loadIncident() {
+    const ws = useWorkspaceStore()
+    try {
+      incident.value = await api.getIncidentEnrichment(ws.requireId())
+      incidentAvailable.value = true
+    } catch {
+      incidentAvailable.value = false
+      incident.value = { connected: false, summary: null }
+    }
+  }
+
+  async function saveIncident(input: UpsertIncidentEnrichmentInput) {
+    const ws = useWorkspaceStore()
+    incident.value = await api.setIncidentEnrichment(ws.requireId(), input)
+    incidentAvailable.value = true
+  }
+
+  async function removeIncident() {
+    const ws = useWorkspaceStore()
+    await api.deleteIncidentEnrichment(ws.requireId())
+    incident.value = { connected: false, summary: null }
+  }
+
   return {
     connection,
     configs,
+    incident,
+    incidentAvailable,
     loading,
     available,
     load,
@@ -107,5 +141,8 @@ export const useReleaseHealthStore = defineStore('releaseHealth', () => {
     configForBlock,
     saveConfig,
     removeConfig,
+    loadIncident,
+    saveIncident,
+    removeIncident,
   }
 })

package/app/stores/workspaceSettings.ts

@@ -9,6 +9,9 @@ const DEFAULTS: WorkspaceSettings = {
   taskLimitMode: 'off',
   taskLimitShared: null,
   taskLimitPerType: null,
+  spendCurrency: null,
+  spendMonthlyLimit: null,
+  spendModelPrices: null,
 }
 
 /**

package/app/types/accountSettings.ts

@@ -0,0 +1,39 @@
+// Per-account (deployment-wide) integration settings. Mirrors
+// `@cat-factory/contracts` accountSettings. Secrets are write-only — the read view
+// returns only `config` + a non-secret presence `summary`.
+
+export interface SlackOAuthSecret {
+  clientId: string
+  clientSecret: string
+  redirectUrl: string
+}
+
+export interface WebSearchSecret {
+  braveApiKey?: string
+  searxngUrl?: string
+  searxngApiKey?: string
+}
+
+/** Non-secret per-account config (empty today; reserved for forward-compatible tuning). */
+export type AccountSettingsConfig = Record<string, never>
+
+export interface AccountSettingsSummary {
+  slackOAuthConfigured: boolean
+  webSearch: 'brave' | 'searxng' | null
+}
+
+export interface AccountSettingsView {
+  config: AccountSettingsConfig
+  summary: AccountSettingsSummary
+}
+
+/**
+ * Admin write. Each secrets group: omit ⇒ leave unchanged, `null` ⇒ clear, value ⇒ set.
+ */
+export interface UpdateAccountSettingsInput {
+  config?: AccountSettingsConfig
+  secrets?: {
+    slackOAuth?: SlackOAuthSecret | null
+    webSearch?: WebSearchSecret | null
+  }
+}

package/app/types/domain.ts

@@ -493,6 +493,12 @@ export interface WorkspaceSettings {
   taskLimitShared: number | null
   /** The per-type caps, when `taskLimitMode` is `per_type` (type → cap). */
   taskLimitPerType: Partial<Record<CreateTaskType, number>> | null
+  /** Spend budget currency (ISO 4217). Null ⇒ the built-in default (`EUR`). */
+  spendCurrency: string | null
+  /** Monthly spend budget in `spendCurrency`. Null ⇒ the built-in default. */
+  spendMonthlyLimit: number | null
+  /** Per-model price overrides (`provider:model` → per-1M rates). Null ⇒ none. */
+  spendModelPrices: Record<string, { inputPerMillion: number; outputPerMillion: number }> | null
 }
 
 /** Patch a workspace's settings (only the supplied fields change). */
@@ -501,6 +507,9 @@ export interface UpdateWorkspaceSettingsInput {
   taskLimitMode?: TaskLimitMode
   taskLimitShared?: number | null
   taskLimitPerType?: Partial<Record<CreateTaskType, number>> | null
+  spendCurrency?: string | null
+  spendMonthlyLimit?: number | null
+  spendModelPrices?: Record<string, { inputPerMillion: number; outputPerMillion: number }> | null
 }
 
 /**

package/app/types/incidentEnrichment.ts

@@ -0,0 +1,28 @@
+// Per-workspace incident-enrichment connection (PagerDuty + incident.io). Mirrors
+// `@cat-factory/contracts` incident-enrichment. Credentials are write-only — the view
+// returns only a presence `summary`.
+
+export interface PagerDutyCredentials {
+  apiToken: string
+  fromEmail: string
+}
+
+export interface IncidentIoCredentials {
+  apiKey: string
+}
+
+/** Write input — set one or both providers; an omitted group is left unchanged. */
+export interface UpsertIncidentEnrichmentInput {
+  pagerDuty?: PagerDutyCredentials
+  incidentIo?: IncidentIoCredentials
+}
+
+export interface IncidentEnrichmentSummary {
+  pagerDuty: boolean
+  incidentIo: boolean
+}
+
+export interface IncidentEnrichmentView {
+  connected: boolean
+  summary: IncidentEnrichmentSummary | null
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cat-factory/app",
-  "version": "0.26.7",
+  "version": "0.27.0",
   "description": "Reusable Nuxt layer for the Agent Architecture Board SPA (components, stores, composables, pages). Consume it from a thin deployment app via `extends: ['@cat-factory/app']` and point it at your backend with NUXT_PUBLIC_API_BASE. See deploy/frontend for an example.",
   "repository": {
     "type": "git",