leedab 0.1.9 → 0.2.2

package/dist/team.js

@@ -1,75 +1,69 @@
-import { loadLicense } from "./license.js";
-const API_URL = "https://api.leedab.com/api/v1";
-/**
- * Get the license key for API auth.
- */
-async function getAuthHeader() {
-    const license = await loadLicense();
-    if (!license?.key) {
-        throw new Error("No license key found. Run `leedab onboard` first.");
-    }
-    return {
-        Authorization: `Bearer ${license.key}`,
-        "Content-Type": "application/json",
-    };
-}
-/**
- * Get the user's organization slug.
- */
-async function getOrgSlug(headers) {
-    const res = await fetch(`${API_URL}/organizations`, { headers });
-    if (!res.ok) {
-        throw new Error("Failed to fetch organizations.");
-    }
-    const data = await res.json();
-    if (!data.length) {
-        throw new Error("No organization found. Create one in the dashboard first.");
-    }
-    return data[0].slug;
-}
+import { userInfo } from "node:os";
+import { readOverlay, addLocalMember, removeLocalMember, setMemberRole, updateMemberIdentity, } from "./team/permissions.js";
+import { ensureLicense } from "./license.js";
 export async function loadTeam() {
-    const headers = await getAuthHeader();
-    const slug = await getOrgSlug(headers);
-    const res = await fetch(`${API_URL}/organizations/${slug}/members/`, { headers });
-    if (!res.ok) {
-        throw new Error("Failed to fetch team members.");
+    const overlay = await readOverlay();
+    const entries = Object.entries(overlay.members);
+    // ensureLicense re-validates if email/name fields are missing (one-time migration).
+    const license = await ensureLicense().catch(() => null);
+    const licenseEmail = license?.email;
+    const licenseName = license?.name || licenseEmail?.split("@")[0];
+    // Seed the install owner on first use so they always appear in the list.
+    if (entries.length === 0) {
+        const owner = await addLocalMember({
+            name: licenseName || userInfo().username,
+            email: licenseEmail,
+            role: "owner",
+        });
+        return [{
+                id: owner.id,
+                name: owner.name,
+                email: owner.email,
+                role: owner.role,
+                joined_at: owner.joined_at,
+                handles: owner.handles,
+                allowedWorkflows: owner.allowedWorkflows,
+                allowedChannels: owner.allowedChannels,
+            }];
     }
-    const data = await res.json();
-    return data.members;
-}
-export async function addMember(member) {
-    const headers = await getAuthHeader();
-    const slug = await getOrgSlug(headers);
-    const res = await fetch(`${API_URL}/organizations/${slug}/invites/`, {
-        method: "POST",
-        headers,
-        body: JSON.stringify({
-            email: member.email,
-            role: member.role,
-        }),
-    });
-    if (!res.ok) {
-        const err = await res.json().catch(() => ({}));
-        throw new Error(err.error || "Failed to add team member.");
+    // Auto-update owner entry if it was seeded with the OS username before
+    // license name/email were available.
+    if (licenseName && licenseName !== userInfo().username) {
+        const ownerEntry = entries.find(([, m]) => m.role === "owner" && m.name === userInfo().username);
+        if (ownerEntry) {
+            await updateMemberIdentity(ownerEntry[0], { name: licenseName, email: licenseEmail });
+            ownerEntry[1].name = licenseName;
+            if (licenseEmail)
+                ownerEntry[1].email = licenseEmail;
+        }
     }
-    return await res.json();
+    return entries.map(([id, m]) => ({
+        id,
+        name: m.name,
+        email: m.email,
+        role: m.role,
+        joined_at: m.joined_at,
+        handles: { ...m.handles },
+        allowedWorkflows: [...m.allowedWorkflows],
+        allowedChannels: [...m.allowedChannels],
+    }));
+}
+export async function addMember(data) {
+    const result = await addLocalMember(data);
+    return {
+        id: result.id,
+        name: result.name,
+        email: result.email,
+        role: result.role,
+        joined_at: result.joined_at,
+        handles: result.handles,
+        allowedWorkflows: result.allowedWorkflows,
+        allowedChannels: result.allowedChannels,
+    };
 }
-export async function removeMember(memberId) {
-    const headers = await getAuthHeader();
-    const slug = await getOrgSlug(headers);
-    const res = await fetch(`${API_URL}/organizations/${slug}/members/${memberId}/`, {
-        method: "DELETE",
-        headers,
-    });
-    return res.ok;
+export async function removeMember(id) {
+    return removeLocalMember(id);
 }
 export async function updateRole(memberId, role) {
-    const headers = await getAuthHeader();
-    const slug = await getOrgSlug(headers);
-    const res = await fetch(`${API_URL}/organizations/${slug}/members/${memberId}/`, {
-        method: "PUT",
-        headers,
-        body: JSON.stringify({ role }),
-    });
-    return res.ok;
+    return setMemberRole(memberId, role);
 }

package/dist/templates/verticals/supply-chain/WORKFLOWS.md

@@ -22,6 +22,7 @@ When you write a Python script to generate a document from a template, save thes
 
 ---
 
+<a id="payroll_calculator"></a>
 ## 1. Payroll Calculator
 
 **Trigger:** User says "run payroll", "calculate payroll", "process payroll for [period]", or uploads attendance/salary files.
@@ -45,6 +46,7 @@ When you write a Python script to generate a document from a template, save thes
 
 ---
 
+<a id="credit_note_generator"></a>
 ## 2. Credit Note Generator
 
 **Trigger:** User says "generate credit notes", "create credit notes for [period]", or uploads deduction data.
@@ -72,6 +74,7 @@ When you write a Python script to generate a document from a template, save thes
 
 ---
 
+<a id="deduction_reconciler"></a>
 ## 3. Deduction Reconciler
 
 **Trigger:** User says "reconcile deductions", "check deductions", or uploads credit notes + payout sheets.
@@ -96,6 +99,7 @@ When you write a Python script to generate a document from a template, save thes
 
 ---
 
+<a id="attendance_importer"></a>
 ## 4. Attendance Importer
 
 **Trigger:** User says "import attendance", "process attendance for [period]", or uploads client attendance sheets.
@@ -121,6 +125,7 @@ When you write a Python script to generate a document from a template, save thes
 
 ---
 
+<a id="driver_clearance"></a>
 ## 5. Driver Clearance
 
 **Trigger:** User says "process clearance", "driver offboarding", or uploads clearance data.

package/dist/workflows/registry.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Canonical list of named workflows the agent can run.
+ *
+ * Workflows are the unit of permission, not tools or skills. IDs match the
+ * anchors in src/templates/verticals/supply-chain/WORKFLOWS.md so the prompt
+ * preamble and the template stay in lockstep.
+ */
+export interface WorkflowDef {
+    id: string;
+    title: string;
+    description: string;
+    /**
+     * UI hint only. Marks workflows that move money or produce billable
+     * documents so the team page can flag them visually. All enforcement is
+     * the admin-configured allowedWorkflows list, read through the prompt
+     * preamble. There is no server-side hard gate.
+     */
+    isFinancial: boolean;
+}
+export declare const WORKFLOWS: WorkflowDef[];
+export declare function isKnownWorkflow(id: string): boolean;
+export declare function getWorkflow(id: string): WorkflowDef | undefined;

package/dist/workflows/registry.js

@@ -0,0 +1,46 @@
+/**
+ * Canonical list of named workflows the agent can run.
+ *
+ * Workflows are the unit of permission, not tools or skills. IDs match the
+ * anchors in src/templates/verticals/supply-chain/WORKFLOWS.md so the prompt
+ * preamble and the template stay in lockstep.
+ */
+export const WORKFLOWS = [
+    {
+        id: "payroll_calculator",
+        title: "Payroll Calculator",
+        description: "Calculate monthly payroll from attendance and deduction data.",
+        isFinancial: true,
+    },
+    {
+        id: "credit_note_generator",
+        title: "Credit Note Generator",
+        description: "Generate credit notes (PDF/DOCX) from deduction data.",
+        isFinancial: true,
+    },
+    {
+        id: "deduction_reconciler",
+        title: "Deduction Reconciler",
+        description: "Reconcile credit notes against actual payout deductions.",
+        isFinancial: false,
+    },
+    {
+        id: "attendance_importer",
+        title: "Attendance Importer",
+        description: "Normalize client attendance sheets into a standard report.",
+        isFinancial: false,
+    },
+    {
+        id: "driver_clearance",
+        title: "Driver Clearance",
+        description: "Track driver offboarding, equipment return, and pending deductions.",
+        isFinancial: false,
+    },
+];
+const WORKFLOW_IDS = new Set(WORKFLOWS.map((w) => w.id));
+export function isKnownWorkflow(id) {
+    return WORKFLOW_IDS.has(id);
+}
+export function getWorkflow(id) {
+    return WORKFLOWS.find((w) => w.id === id);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "leedab",
-  "version": "0.1.9",
+  "version": "0.2.2",
   "description": "LeedAB — Your enterprise AI agent. Local-first, private by default.",
   "license": "SEE LICENSE IN LICENSE",
   "author": "LeedAB <hello@leedab.com>",

package/dist/dashboard/static/app.js

@@ -1,351 +0,0 @@
-// Fetch status, vault, and allowlist on load
-document.addEventListener("DOMContentLoaded", () => {
-  refreshStatus();
-  loadVault();
-  loadAllowlist();
-});
-
-async function refreshStatus() {
-  try {
-    const res = await fetch("/api/status");
-    const status = await res.json();
-
-    for (const [key, info] of Object.entries(status)) {
-      const card = document.getElementById(`card-${key}`);
-      const statusEl = document.getElementById(`status-${key}`);
-      const btn = card?.querySelector(".btn");
-
-      if (info.connected) {
-        card?.classList.add("connected");
-        if (statusEl) {
-          statusEl.innerHTML = '<span class="dot"></span> Connected';
-        }
-        if (btn) {
-          btn.textContent = "Connected";
-          btn.className = "btn btn-connected";
-          btn.disabled = true;
-          btn.onclick = null;
-        }
-      }
-    }
-  } catch (err) {
-    console.error("Failed to fetch status:", err);
-  }
-}
-
-// --- WhatsApp ---
-
-function connectWhatsApp() {
-  const panel = document.getElementById("whatsapp-panel");
-  panel.classList.remove("hidden");
-  const qr = document.getElementById("whatsapp-qr");
-  qr.innerHTML = `<p>Generating QR code...</p>`;
-
-  fetch("/api/whatsapp/connect", { method: "POST" })
-    .then((r) => r.json())
-    .then((data) => {
-      if (data.error) {
-        qr.innerHTML = `<p style="color:#ef4444">${escapeHtml(data.error)}</p>`;
-        return;
-      }
-      if (data.qr) {
-        const lines = data.qr.split("\n").filter(
-          (l) => l.includes("\u2588") || l.includes("\u2584") || l.includes("\u2580")
-        );
-        const qrText = lines.join("\n");
-        qr.innerHTML = `<pre style="
-          font-family: monospace;
-          font-size: 4px;
-          line-height: 4px;
-          letter-spacing: 0px;
-          background: white;
-          color: black;
-          padding: 16px;
-          display: inline-block;
-          border-radius: 8px;
-          transform: scale(2);
-          transform-origin: center;
-          margin: 40px 0;
-        ">${escapeHtml(qrText)}</pre>`;
-        pollWhatsAppStatus();
-      } else {
-        qr.innerHTML = `<p>Waiting for QR code... try again in a moment.</p>`;
-      }
-    })
-    .catch(() => {
-      qr.innerHTML = `<p style="color:#ef4444">Connection failed. Try again.</p>`;
-    });
-}
-
-function pollWhatsAppStatus() {
-  const interval = setInterval(async () => {
-    const res = await fetch("/api/status");
-    const status = await res.json();
-    if (status.whatsapp.connected) {
-      clearInterval(interval);
-      hideWhatsAppPanel();
-      showToast("WhatsApp connected!", "success");
-      refreshStatus();
-    }
-  }, 3000);
-
-  setTimeout(() => clearInterval(interval), 120000);
-}
-
-function hideWhatsAppPanel() {
-  document.getElementById("whatsapp-panel").classList.add("hidden");
-}
-
-// --- Telegram ---
-
-function showTelegramForm() {
-  document.getElementById("telegram-form").classList.remove("hidden");
-}
-
-function hideTelegramForm() {
-  document.getElementById("telegram-form").classList.add("hidden");
-}
-
-async function connectTelegram() {
-  const token = document.getElementById("telegram-token").value.trim();
-  if (!token) {
-    showToast("Bot token is required", "error");
-    return;
-  }
-
-  try {
-    const res = await fetch("/api/telegram/connect", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ token }),
-    });
-    const data = await res.json();
-    if (data.error) {
-      showToast(data.error, "error");
-    } else {
-      hideTelegramForm();
-      showToast("Telegram connected!", "success");
-      refreshStatus();
-    }
-  } catch {
-    showToast("Connection failed", "error");
-  }
-}
-
-// --- Teams ---
-
-function showTeamsForm() {
-  document.getElementById("teams-form").classList.remove("hidden");
-}
-
-function hideTeamsForm() {
-  document.getElementById("teams-form").classList.add("hidden");
-}
-
-async function connectTeams() {
-  const appId = document.getElementById("teams-app-id").value.trim();
-  const tenantId = document.getElementById("teams-tenant-id").value.trim();
-
-  if (!appId || !tenantId) {
-    showToast("All fields are required", "error");
-    return;
-  }
-
-  try {
-    const res = await fetch("/api/teams/connect", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ appId, tenantId }),
-    });
-    const data = await res.json();
-    if (data.error) {
-      showToast(data.error, "error");
-    } else {
-      hideTeamsForm();
-      showToast("Teams credentials saved!", "success");
-      refreshStatus();
-    }
-  } catch {
-    showToast("Connection failed", "error");
-  }
-}
-
-// --- Vault ---
-
-async function loadVault() {
-  const container = document.getElementById("vault-list");
-  if (!container) return;
-
-  try {
-    const res = await fetch("/api/vault");
-    const entries = await res.json();
-
-    if (!entries.length) {
-      container.innerHTML = '<div class="vault-empty">No credentials stored yet.</div>';
-      return;
-    }
-
-    container.innerHTML = `
-      <table class="vault-table">
-        <thead>
-          <tr><th>Service</th><th>URL</th><th>Username</th><th></th></tr>
-        </thead>
-        <tbody>
-          ${entries.map(e => `
-            <tr>
-              <td>${escapeHtml(e.service)}</td>
-              <td>${e.url ? escapeHtml(e.url) : '<span style="color:var(--text-faint)">—</span>'}</td>
-              <td>${e.username ? escapeHtml(e.username) : '<span style="color:var(--text-faint)">—</span>'}</td>
-              <td><button class="btn btn-danger" onclick="removeVaultEntry('${escapeHtml(e.service)}')">Remove</button></td>
-            </tr>
-          `).join("")}
-        </tbody>
-      </table>`;
-  } catch {
-    container.innerHTML = '<div class="vault-empty">Could not load vault.</div>';
-  }
-}
-
-async function addVaultEntry() {
-  const service = document.getElementById("vault-service").value.trim();
-  const url = document.getElementById("vault-url").value.trim();
-  const username = document.getElementById("vault-username").value.trim();
-  const password = document.getElementById("vault-password").value;
-  const notes = document.getElementById("vault-notes").value.trim();
-
-  if (!service) {
-    showToast("Service name is required", "error");
-    return;
-  }
-
-  try {
-    await fetch("/api/vault", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ service, url, username, password, notes }),
-    });
-
-    // Clear form
-    document.getElementById("vault-service").value = "";
-    document.getElementById("vault-url").value = "";
-    document.getElementById("vault-username").value = "";
-    document.getElementById("vault-password").value = "";
-    document.getElementById("vault-notes").value = "";
-
-    showToast(`Added ${service} to vault`, "success");
-    loadVault();
-  } catch {
-    showToast("Failed to add credential", "error");
-  }
-}
-
-async function removeVaultEntry(service) {
-  try {
-    await fetch(`/api/vault?service=${encodeURIComponent(service)}`, {
-      method: "DELETE",
-    });
-    showToast(`Removed ${service}`, "success");
-    loadVault();
-  } catch {
-    showToast("Failed to remove credential", "error");
-  }
-}
-
-// --- Allowlist ---
-
-async function loadAllowlist() {
-  const container = document.getElementById("allowlist-entries");
-  const channelSelect = document.getElementById("allowlist-channel");
-  if (!container || !channelSelect) return;
-
-  const channel = channelSelect.value;
-
-  try {
-    const res = await fetch(`/api/allowlist?channel=${encodeURIComponent(channel)}`);
-    const data = await res.json();
-
-    if (!data.allowFrom || data.allowFrom.length === 0) {
-      container.innerHTML = `<div class="vault-empty">No users in ${channel} allowlist. Policy: ${data.dmPolicy}</div>`;
-      return;
-    }
-
-    container.innerHTML = `
-      <table class="vault-table">
-        <thead>
-          <tr><th>User ID</th><th>Policy</th><th></th></tr>
-        </thead>
-        <tbody>
-          ${data.allowFrom.map(id => `
-            <tr>
-              <td>${escapeHtml(id)}</td>
-              <td style="color:var(--text-dim)">${data.dmPolicy}</td>
-              <td><button class="btn btn-danger" onclick="removeAllowlistEntry('${escapeHtml(channel)}', '${escapeHtml(id)}')">Remove</button></td>
-            </tr>
-          `).join("")}
-        </tbody>
-      </table>`;
-  } catch {
-    container.innerHTML = '<div class="vault-empty">Could not load allowlist.</div>';
-  }
-}
-
-async function addAllowlistEntry() {
-  const channel = document.getElementById("allowlist-channel").value;
-  const userId = document.getElementById("allowlist-userid").value.trim();
-
-  if (!userId) {
-    showToast("User ID is required", "error");
-    return;
-  }
-
-  try {
-    const res = await fetch("/api/allowlist", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ channel, userId }),
-    });
-    const data = await res.json();
-    if (data.error) {
-      showToast(data.error, "error");
-    } else {
-      document.getElementById("allowlist-userid").value = "";
-      showToast(`Added ${userId} to ${channel}.`, "success");
-      loadAllowlist();
-    }
-  } catch {
-    showToast("Failed to add user", "error");
-  }
-}
-
-async function removeAllowlistEntry(channel, userId) {
-  try {
-    await fetch(`/api/allowlist?channel=${encodeURIComponent(channel)}&userId=${encodeURIComponent(userId)}`, {
-      method: "DELETE",
-    });
-    showToast(`Removed ${userId}.`, "success");
-    loadAllowlist();
-  } catch {
-    showToast("Failed to remove user", "error");
-  }
-}
-
-// --- Helpers ---
-
-function showToast(message, type = "success") {
-  const toast = document.getElementById("toast");
-  if (!toast) return;
-  toast.textContent = message;
-  toast.className = `toast ${type}`;
-
-  setTimeout(() => {
-    toast.classList.add("hidden");
-  }, 4000);
-}
-
-function escapeHtml(str) {
-  return str
-    .replace(/&/g, "&amp;")
-    .replace(/</g, "&lt;")
-    .replace(/>/g, "&gt;")
-    .replace(/"/g, "&quot;");
-}