ltcai 2.2.7 → 3.1.0

package/static/v3/js/views/admin-audit.660a1fb1.js

@@ -0,0 +1,185 @@
+/* ============================================================================
+ * View: Audit Logs — Administration · activity and access trail.
+ * Reads /admin/audit (live) and renders unavailable state when it cannot load.
+ * Severity filter narrows the rendered events; a compact stat row summarizes
+ * actors, volume and risk at a glance.
+ * ========================================================================== */
+
+import { timeAgo } from "../core/dom.a2773eb0.js";
+
+const SEVERITY = {
+  warning: { variant: "warn", label: "Warning", icon: "alert-triangle" },
+  notice: { variant: "info", label: "Notice", icon: "info-circle" },
+  informational: { variant: "", label: "Informational", icon: "point" },
+};
+function severityMeta(s) {
+  return SEVERITY[String(s || "").toLowerCase()] || { variant: "", label: titleCase(s) || "Event", icon: "point" };
+}
+
+const FILTERS = [
+  { key: "all", label: "All" },
+  { key: "informational", label: "Informational" },
+  { key: "notice", label: "Notice" },
+  { key: "warning", label: "Warning" },
+];
+
+export async function render(ctx) {
+  const { h, icon, api, c } = ctx;
+
+  const state = { events: [], source: "pending", filter: "all", loaded: false };
+
+  const srcSlot = h("span", c.sourceBadge("pending"));
+  const filterHost = h("div", buildTabs());
+  const statHost = h("div.lt3-statrow", c.loading({ lines: 1 }));
+  const tableHost = h("div", c.loading({ lines: 6 }));
+
+  const root = h("div.lt3-stack-6",
+    c.viewHeader({
+      eyebrow: "Administration",
+      title: "Audit Logs",
+      sub: "Activity and access trail",
+      actions: [
+        srcSlot,
+        h("button.lt3-btn.lt3-btn--ghost", {
+          on: { click: () => ctx.toast("Audit export is not available in this build (SIEM export is an Enterprise feature).", "warn") },
+        }, icon("download"), "Export"),
+      ],
+    }),
+    statHost,
+    c.panel({
+      eyebrow: "Trail",
+      title: "Recent events",
+      head: h("div.lt3-row", { style: { "justify-content": "space-between", flex: "1 1 auto", gap: "var(--lt3-space-3)" } },
+        h("div", h("div.lt3-eyebrow", "Trail"), h("h3.lt3-panel__title", "Recent events")),
+        filterHost,
+      ),
+      children: tableHost,
+    }),
+  );
+
+  function buildTabs() {
+    return c.tabs(FILTERS, state.filter, (key) => {
+      state.filter = key;
+      filterHost.replaceChildren(buildTabs());
+      renderTable();
+    });
+  }
+
+  function visibleEvents() {
+    if (state.filter === "all") return state.events;
+    return state.events.filter((e) => String(e.severity || "").toLowerCase() === state.filter);
+  }
+
+  function renderStats() {
+    const events = state.events;
+    const actors = new Set(events.map((e) => e.actor).filter(Boolean)).size;
+    const startOfDay = new Date(); startOfDay.setHours(0, 0, 0, 0);
+    const today = events.filter((e) => {
+      const t = e.ts ? new Date(e.ts).getTime() : NaN;
+      return !Number.isNaN(t) && t >= startOfDay.getTime();
+    }).length;
+    const high = events.filter((e) => ["warning", "high", "critical"].includes(String(e.severity || "").toLowerCase())).length;
+    statHost.replaceChildren(
+      c.stat({ label: "Total events", value: c.fmtNum(events.length), icon: "list-details" }),
+      c.stat({ label: "Actors", value: c.fmtNum(actors), icon: "users" }),
+      c.stat({ label: "Today", value: c.fmtNum(today), icon: "calendar-event" }),
+      c.stat({ label: "High-severity", value: c.fmtNum(high), icon: "shield-exclamation" }),
+    );
+  }
+
+  function renderTable() {
+    const rows = visibleEvents();
+    if (!rows.length) {
+      tableHost.replaceChildren(state.loaded
+        ? c.emptyState({
+            icon: "history-off",
+            title: state.filter === "all" ? "No audit events" : "No matching events",
+            body: state.filter === "all"
+              ? "Activity will appear here as users act in the workspace."
+              : "No events match this severity. Try a broader filter.",
+            action: state.filter === "all" ? null : h("button.lt3-btn.lt3-btn--subtle.lt3-btn--sm", {
+              on: { click: () => { state.filter = "all"; filterHost.replaceChildren(buildTabs()); renderTable(); } },
+            }, icon("filter-off"), "Clear filter"),
+          })
+        : c.loading({ lines: 6 }));
+      return;
+    }
+    tableHost.replaceChildren(c.table(columns(ctx), rows));
+  }
+
+  async function load() {
+    const res = await api.adminAudit();
+    state.events = normalize(res.data);
+    state.source = res.source;
+    state.loaded = true;
+    srcSlot.replaceChildren(c.sourceBadge(res.source));
+    renderStats();
+    renderTable();
+  }
+
+  load();
+  return root;
+}
+
+/* ── table ───────────────────────────────────────────────────────────────── */
+function columns({ h, icon, c }) {
+  return [
+    {
+      key: "ts", label: "Time", width: "1%",
+      render: (e) => h("span.lt3-mono.lt3-faint", { style: { "white-space": "nowrap", "font-size": "var(--lt3-text-2xs)" } },
+        e.ts ? timeAgo(e.ts) : "—"),
+    },
+    {
+      key: "actor", label: "Actor",
+      render: (e) => h("div.lt3-row-2",
+        h("span.lt3-avatar", { style: { width: "26px", height: "26px" } }, initials(e.actor)),
+        h("span", { style: { "font-size": "var(--lt3-text-sm)", "white-space": "nowrap" } }, e.actor || "system"),
+      ),
+    },
+    {
+      key: "action", label: "Action", width: "1%",
+      render: (e) => h("span.lt3-pill.lt3-mono", { style: { "white-space": "nowrap" } }, e.action || "event"),
+    },
+    {
+      key: "target", label: "Target",
+      render: (e) => h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-sm)" } }, e.target || "—"),
+    },
+    {
+      key: "severity", label: "Severity", width: "1%",
+      render: (e) => {
+        const m = severityMeta(e.severity);
+        return c.pill(m.label, m.variant, { dot: true });
+      },
+    },
+  ];
+}
+
+/* ── helpers ─────────────────────────────────────────────────────────────── */
+function normalize(data) {
+  const list = Array.isArray(data) ? data
+    : Array.isArray(data && data.recent_events) ? data.recent_events
+    : Array.isArray(data && data.events) ? data.events
+    : [];
+  return list.map((e) => ({
+    ts: e.ts || e.timestamp || e.time || null,
+    actor: e.actor || e.user || e.email || "system",
+    action: e.action || e.event || "event",
+    target: e.target || e.resource || "",
+    severity: e.severity || e.level || "informational",
+  }));
+}
+
+function initials(name) {
+  const s = String(name || "·").trim();
+  if (!s || s === "system") return "SY";
+  const at = s.indexOf("@");
+  const base = at > 0 ? s.slice(0, at) : s;
+  const parts = base.split(/[\s._-]+/).filter(Boolean);
+  if (parts.length >= 2) return (parts[0][0] + parts[1][0]).toUpperCase();
+  return base.slice(0, 2).toUpperCase();
+}
+
+function titleCase(s) {
+  s = String(s || "").trim();
+  return s ? s[0].toUpperCase() + s.slice(1).toLowerCase() : "";
+}

package/static/v3/js/views/admin-audit.js

@@ -0,0 +1,185 @@
+/* ============================================================================
+ * View: Audit Logs — Administration · activity and access trail.
+ * Reads /admin/audit (live) and renders unavailable state when it cannot load.
+ * Severity filter narrows the rendered events; a compact stat row summarizes
+ * actors, volume and risk at a glance.
+ * ========================================================================== */
+
+import { timeAgo } from "../core/dom.js";
+
+const SEVERITY = {
+  warning: { variant: "warn", label: "Warning", icon: "alert-triangle" },
+  notice: { variant: "info", label: "Notice", icon: "info-circle" },
+  informational: { variant: "", label: "Informational", icon: "point" },
+};
+function severityMeta(s) {
+  return SEVERITY[String(s || "").toLowerCase()] || { variant: "", label: titleCase(s) || "Event", icon: "point" };
+}
+
+const FILTERS = [
+  { key: "all", label: "All" },
+  { key: "informational", label: "Informational" },
+  { key: "notice", label: "Notice" },
+  { key: "warning", label: "Warning" },
+];
+
+export async function render(ctx) {
+  const { h, icon, api, c } = ctx;
+
+  const state = { events: [], source: "pending", filter: "all", loaded: false };
+
+  const srcSlot = h("span", c.sourceBadge("pending"));
+  const filterHost = h("div", buildTabs());
+  const statHost = h("div.lt3-statrow", c.loading({ lines: 1 }));
+  const tableHost = h("div", c.loading({ lines: 6 }));
+
+  const root = h("div.lt3-stack-6",
+    c.viewHeader({
+      eyebrow: "Administration",
+      title: "Audit Logs",
+      sub: "Activity and access trail",
+      actions: [
+        srcSlot,
+        h("button.lt3-btn.lt3-btn--ghost", {
+          on: { click: () => ctx.toast("Audit export is not available in this build (SIEM export is an Enterprise feature).", "warn") },
+        }, icon("download"), "Export"),
+      ],
+    }),
+    statHost,
+    c.panel({
+      eyebrow: "Trail",
+      title: "Recent events",
+      head: h("div.lt3-row", { style: { "justify-content": "space-between", flex: "1 1 auto", gap: "var(--lt3-space-3)" } },
+        h("div", h("div.lt3-eyebrow", "Trail"), h("h3.lt3-panel__title", "Recent events")),
+        filterHost,
+      ),
+      children: tableHost,
+    }),
+  );
+
+  function buildTabs() {
+    return c.tabs(FILTERS, state.filter, (key) => {
+      state.filter = key;
+      filterHost.replaceChildren(buildTabs());
+      renderTable();
+    });
+  }
+
+  function visibleEvents() {
+    if (state.filter === "all") return state.events;
+    return state.events.filter((e) => String(e.severity || "").toLowerCase() === state.filter);
+  }
+
+  function renderStats() {
+    const events = state.events;
+    const actors = new Set(events.map((e) => e.actor).filter(Boolean)).size;
+    const startOfDay = new Date(); startOfDay.setHours(0, 0, 0, 0);
+    const today = events.filter((e) => {
+      const t = e.ts ? new Date(e.ts).getTime() : NaN;
+      return !Number.isNaN(t) && t >= startOfDay.getTime();
+    }).length;
+    const high = events.filter((e) => ["warning", "high", "critical"].includes(String(e.severity || "").toLowerCase())).length;
+    statHost.replaceChildren(
+      c.stat({ label: "Total events", value: c.fmtNum(events.length), icon: "list-details" }),
+      c.stat({ label: "Actors", value: c.fmtNum(actors), icon: "users" }),
+      c.stat({ label: "Today", value: c.fmtNum(today), icon: "calendar-event" }),
+      c.stat({ label: "High-severity", value: c.fmtNum(high), icon: "shield-exclamation" }),
+    );
+  }
+
+  function renderTable() {
+    const rows = visibleEvents();
+    if (!rows.length) {
+      tableHost.replaceChildren(state.loaded
+        ? c.emptyState({
+            icon: "history-off",
+            title: state.filter === "all" ? "No audit events" : "No matching events",
+            body: state.filter === "all"
+              ? "Activity will appear here as users act in the workspace."
+              : "No events match this severity. Try a broader filter.",
+            action: state.filter === "all" ? null : h("button.lt3-btn.lt3-btn--subtle.lt3-btn--sm", {
+              on: { click: () => { state.filter = "all"; filterHost.replaceChildren(buildTabs()); renderTable(); } },
+            }, icon("filter-off"), "Clear filter"),
+          })
+        : c.loading({ lines: 6 }));
+      return;
+    }
+    tableHost.replaceChildren(c.table(columns(ctx), rows));
+  }
+
+  async function load() {
+    const res = await api.adminAudit();
+    state.events = normalize(res.data);
+    state.source = res.source;
+    state.loaded = true;
+    srcSlot.replaceChildren(c.sourceBadge(res.source));
+    renderStats();
+    renderTable();
+  }
+
+  load();
+  return root;
+}
+
+/* ── table ───────────────────────────────────────────────────────────────── */
+function columns({ h, icon, c }) {
+  return [
+    {
+      key: "ts", label: "Time", width: "1%",
+      render: (e) => h("span.lt3-mono.lt3-faint", { style: { "white-space": "nowrap", "font-size": "var(--lt3-text-2xs)" } },
+        e.ts ? timeAgo(e.ts) : "—"),
+    },
+    {
+      key: "actor", label: "Actor",
+      render: (e) => h("div.lt3-row-2",
+        h("span.lt3-avatar", { style: { width: "26px", height: "26px" } }, initials(e.actor)),
+        h("span", { style: { "font-size": "var(--lt3-text-sm)", "white-space": "nowrap" } }, e.actor || "system"),
+      ),
+    },
+    {
+      key: "action", label: "Action", width: "1%",
+      render: (e) => h("span.lt3-pill.lt3-mono", { style: { "white-space": "nowrap" } }, e.action || "event"),
+    },
+    {
+      key: "target", label: "Target",
+      render: (e) => h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-sm)" } }, e.target || "—"),
+    },
+    {
+      key: "severity", label: "Severity", width: "1%",
+      render: (e) => {
+        const m = severityMeta(e.severity);
+        return c.pill(m.label, m.variant, { dot: true });
+      },
+    },
+  ];
+}
+
+/* ── helpers ─────────────────────────────────────────────────────────────── */
+function normalize(data) {
+  const list = Array.isArray(data) ? data
+    : Array.isArray(data && data.recent_events) ? data.recent_events
+    : Array.isArray(data && data.events) ? data.events
+    : [];
+  return list.map((e) => ({
+    ts: e.ts || e.timestamp || e.time || null,
+    actor: e.actor || e.user || e.email || "system",
+    action: e.action || e.event || "event",
+    target: e.target || e.resource || "",
+    severity: e.severity || e.level || "informational",
+  }));
+}
+
+function initials(name) {
+  const s = String(name || "·").trim();
+  if (!s || s === "system") return "SY";
+  const at = s.indexOf("@");
+  const base = at > 0 ? s.slice(0, at) : s;
+  const parts = base.split(/[\s._-]+/).filter(Boolean);
+  if (parts.length >= 2) return (parts[0][0] + parts[1][0]).toUpperCase();
+  return base.slice(0, 2).toUpperCase();
+}
+
+function titleCase(s) {
+  s = String(s || "").trim();
+  return s ? s[0].toUpperCase() + s.slice(1).toLowerCase() : "";
+}

package/static/v3/js/views/admin-permissions.a7ae5f09.js

@@ -0,0 +1,177 @@
+/* ============================================================================
+ * View: Permissions — Administration · roles and capability mapping (RBAC).
+ * Renders the role → capability matrix and per-role summaries from the admin
+ * roles endpoint. Capabilities map to product areas; "all" grants everything.
+ * Role editing is read-only unless a backend mutation route is added.
+ *
+ * View contract (shared by all views):
+ *   export async function render(ctx) -> single DOM node
+ *   ctx = { h, icon, api, store, c, route, params, navigate, toast }
+ * ========================================================================== */
+
+/* Capability columns, in product-area order. Each maps to a routable surface
+ * and a Tabler icon so the matrix reads at a glance. */
+const CAPS = [
+  { key: "chat", label: "Chat", icon: "message-2", route: "chat" },
+  { key: "search", label: "Search", icon: "arrows-join", route: "hybrid-search" },
+  { key: "files", label: "Files", icon: "folders", route: "files" },
+  { key: "pipeline", label: "Pipeline", icon: "git-branch", route: "pipeline" },
+  { key: "users", label: "Users", icon: "users", route: "admin/users" },
+  { key: "policies", label: "Policies", icon: "shield-lock", route: "admin/policies" },
+  { key: "audit", label: "Audit", icon: "history", route: "admin/audit" },
+  { key: "security", label: "Security", icon: "shield-check", route: "admin/security" },
+];
+
+const ROLE_META = {
+  owner: { icon: "crown", variant: "ok" },
+  admin: { icon: "shield-check", variant: "info" },
+  member: { icon: "user-check", variant: "" },
+  viewer: { icon: "eye", variant: "warn" },
+};
+const metaFor = (role) => ROLE_META[String(role).toLowerCase()] || { icon: "user", variant: "" };
+
+/** A role grants a capability when it holds "all" or that specific cap. */
+const grants = (caps, key) => Array.isArray(caps) && (caps.includes("all") || caps.includes(key));
+const capLabel = (key) => (CAPS.find((cc) => cc.key === key)?.label) || key;
+
+export async function render(ctx) {
+  const { h, icon, c, navigate, toast } = ctx;
+
+  // Live RBAC roles from /admin/roles.
+  const res = await ctx.api.adminRoles();
+  const roles = Array.isArray(res.data && res.data.roles) ? res.data.roles
+    : (Array.isArray(res.data) ? res.data : []);
+  const source = res.source;
+  const totalMembers = roles.reduce((sum, r) => sum + (r.members || 0), 0);
+
+  const root = h("div.lt3-stack-6",
+    c.viewHeader({
+      eyebrow: "Administration",
+      title: "Permissions",
+      sub: "Roles and capability mapping.",
+      actions: [
+        c.sourceBadge(source),
+        h("button.lt3-btn.lt3-btn--ghost", { on: { click: () => navigate("admin/users") } }, icon("users"), "Members"),
+        h("button.lt3-btn.lt3-btn--primary", { on: { click: () => pendingToast(toast, "Creating a role") } }, icon("plus"), "New role"),
+      ],
+    }),
+
+    c.banner(
+      "Access is role-based (RBAC): every member holds exactly one role, and each role grants a set of capabilities that map to product areas. The owner role grants all capabilities.",
+      "info",
+      "shield-lock",
+    ),
+
+    h("div.lt3-statrow",
+      c.stat({ label: "Roles", value: roles.length, icon: "id-badge-2" }),
+      c.stat({ label: "Members", value: c.fmtNum(totalMembers), icon: "users" }),
+      c.stat({ label: "Capabilities", value: CAPS.length, icon: "key" }),
+      c.stat({ label: "Full-access roles", value: roles.filter((r) => (r.caps || []).includes("all")).length, icon: "crown" }),
+    ),
+
+    c.panel({
+      eyebrow: "RBAC",
+      title: "Capability matrix",
+      sub: "Which product areas each role can reach. Scroll horizontally to see every capability.",
+      children: buildMatrix(ctx, roles),
+    }),
+
+    h("section",
+      c.sectionHead("Roles", c.sourceBadge(source)),
+      buildRoleGrid(ctx, roles),
+    ),
+  );
+
+  return root;
+}
+
+/* ── Capability matrix ──────────────────────────────────────────────────── */
+function buildMatrix(ctx, roles) {
+  const { h, icon, c } = ctx;
+
+  if (!roles.length) {
+    return c.emptyState({ icon: "lock-off", title: "No roles defined", body: "Define a role to start mapping capabilities." });
+  }
+
+  const columns = [
+    {
+      key: "role",
+      label: "Role",
+      width: "180px",
+      render: (r) => {
+        const m = metaFor(r.role);
+        return h("div.lt3-row-2", { style: { "align-items": "center" } },
+          h("span.lt3-result__rank", { style: { color: "var(--accent)" } }, icon(m.icon)),
+          h("div.lt3-stack",
+            h("b", { style: { "font-size": "var(--lt3-text-sm)", "text-transform": "capitalize" } }, r.role),
+            c.pill(`${c.fmtNum(r.members || 0)} ${(r.members === 1) ? "member" : "members"}`, m.variant || "", { dot: true }),
+          ),
+        );
+      },
+    },
+    ...CAPS.map((cap) => ({
+      key: cap.key,
+      label: cap.label,
+      render: (r) => cell(ctx, grants(r.caps, cap.key)),
+    })),
+  ];
+
+  return c.table(columns, roles);
+}
+
+/** A matrix cell: accent check when granted, muted dash when not. */
+function cell({ h, icon }, granted) {
+  return h("div", { style: { display: "grid", "place-items": "center" }, "aria-label": granted ? "granted" : "not granted" },
+    granted
+      ? h("span", { style: { color: "var(--accent)", "font-size": "var(--lt3-text-lg)", "line-height": "1" } }, icon("check"))
+      : h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-lg)", "line-height": "1" }, "aria-hidden": "true" }, "–"),
+  );
+}
+
+/* ── Per-role summary cards ─────────────────────────────────────────────── */
+function buildRoleGrid(ctx, roles) {
+  const { h } = ctx;
+  if (!roles.length) {
+    return ctx.c.emptyState({ icon: "lock-off", title: "No roles defined", body: "Define a role to map capabilities." });
+  }
+  return h("div.lt3-grid-auto", roles.map((r) => roleCard(ctx, r)));
+}
+
+function roleCard(ctx, r) {
+  const { h, icon, c, toast } = ctx;
+  const m = metaFor(r.role);
+  const isAll = (r.caps || []).includes("all");
+  const grantedKeys = isAll ? CAPS.map((cc) => cc.key) : CAPS.filter((cc) => (r.caps || []).includes(cc.key)).map((cc) => cc.key);
+
+  return c.card(
+    h("div.lt3-stack-3",
+      h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "flex-start" } },
+        h("div.lt3-row-2", { style: { "align-items": "center" } },
+          h("span.lt3-quick__icon", icon(m.icon)),
+          h("div.lt3-stack",
+            h("b", { style: { "font-size": "var(--lt3-text-md)", "text-transform": "capitalize" } }, r.role),
+            h("div.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } }, `${c.fmtNum(r.members || 0)} ${(r.members === 1) ? "member" : "members"}`),
+          ),
+        ),
+        c.pill(isAll ? "Full access" : `${grantedKeys.length}/${CAPS.length}`, m.variant || "info"),
+      ),
+
+      h("div.lt3-cluster", { "aria-label": `${r.role} capabilities` },
+        isAll
+          ? h("span.lt3-chip", { dataset: { active: "true" } }, icon("infinity"), "All capabilities")
+          : (grantedKeys.length
+              ? grantedKeys.map((k) => h("span.lt3-chip", { dataset: { active: "true" } }, icon(CAPS.find((cc) => cc.key === k).icon), capLabel(k)))
+              : h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-xs)" } }, "No capabilities")),
+      ),
+
+      h("button.lt3-btn.lt3-btn--subtle.lt3-btn--sm", { style: { "align-self": "flex-start" }, on: { click: () => pendingToast(toast, `Editing the ${r.role} role`) } },
+        icon("edit"), "Edit role"),
+    ),
+    { attrs: { "data-role": r.role } },
+  );
+}
+
+/* ── Read-only affordance ───────────────────────────────────────────────── */
+function pendingToast(toast, what) {
+  toast(`${what} is not available in this build — roles are a fixed RBAC model (owner · admin · member · viewer).`, "warn");
+}