Agent Panel UI:
- Visual dashboard showing all agents with status (idle/working)
- Agent cards with stats: total tasks, completed tasks
- Capabilities display for each agent
- Execution log showing recent agent activity
- Real-time updates (refreshes every 10 seconds)
- Click agent to filter execution log
- Status indicators: pending, running, completed, failed, pending_approval
Email Notifications:
- SMTP email service with HTML templates
- Task assignment notifications
- Agent approval request emails with action details
- Agent completion notifications
- Configurable via environment variables (SMTP_HOST, SMTP_USER, SMTP_PASSWORD, SMTP_TO)
- Integrated with agent executor service
PDF Invoice Generation:
- Professional PDF invoices using ReportLab
- Generate from time entries by project
- Client information and company branding
- Itemized time entries with hours, rates, amounts
- Automatic totals calculation
- Download as PDF attachment
- API endpoints: /api/opc/invoices/generate
- Projects and clients management endpoints
Additional Features:
- Projects CRUD API
- Clients CRUD API
- Project time tracking summary
- Billable vs non-billable hours tracking
Phase 1 MVP 100% Complete:
✅ PostgreSQL database with full schema
✅ Task CRUD API with automatic time tracking
✅ Kanban board with drag-and-drop
✅ Agent executor service with LLM integration
✅ WebSocket real-time updates
✅ 3 core agents (PM, CTO, COO)
✅ Agent panel UI with execution logs
✅ Email notifications (Telegram + Email)
✅ PDF invoice generation
All 12 tasks completed!
Agent Executor Service:
- BaseAgent class with LLM integration via LiteLLM proxy
- AgentExecutor service that processes pending executions every 5 seconds
- Action execution: create_subtask, update_status, send_notification, add_comment
- Approval workflow: CxO level agents require user approval before execution
- Telegram notifications for approvals and completions
- Error handling and execution status tracking
WebSocket Real-Time Updates:
- WebSocket endpoint at /ws/opc for real-time task updates
- ConnectionManager for broadcasting to all connected clients
- Frontend WebSocket client with auto-reconnect
- Live updates for task create/update/move/delete actions
- Agent execution status broadcasts
Integration:
- Agent executor starts on dashboard startup
- Task router broadcasts WebSocket updates on all mutations
- Frontend OPC page subscribes to WebSocket and updates UI in real-time
- Agents (PM, CTO, COO) can now execute tasks autonomously
Phase 1 MVP Complete:
✅ PostgreSQL database with full schema
✅ Task CRUD API with automatic time tracking
✅ Kanban board with drag-and-drop
✅ Agent executor service with LLM integration
✅ WebSocket real-time updates
✅ 3 core agents ready to execute
Next: Agent panel UI, email notifications, PDF invoicing
- Wrap tryRefreshSession in try-finally to ensure authRecoveryInFlight is always reset
- Fix variable scope issue: use const tabState instead of reassigning d
- Add error handling for process.stdin.write() to catch BrokenPipeError/OSError
- Verify WebSocket instance before closing in ping timeout callback
- Properly await conn.wait_closed() to prevent SSH connection leaks
- Gracefully cancel and wait for read_task with 2s timeout
These fixes prevent race conditions, resource leaks, and improve error recovery.
- Backend now responds to __ping__ with __pong__
- Frontend detects missing pong within 5s and closes connection
- This triggers proper reconnect/auth recovery instead of hanging
- Fixes 'keepalive ping timeout' issue where connection appears alive but is dead
- Change RP_ID from jimmygan.com to nas.jimmygan.com
- RP_ID must be a valid suffix of the origin domain
- Fixes WebAuthn failing silently on iOS/iPadOS
- Set WEBAUTHN_RP_ID=jimmygan.com for both main and dev
- Set WEBAUTHN_ORIGINS to match respective domains
- Fixes passkey registration failing due to origin mismatch
- Fix WEBAUTHN_ORIGIN -> WEBAUTHN_ORIGINS env var name
- Add null check for cancelled passkey creation
- Use finally block to ensure loading state is always reset
- Add console.error for better debugging
Restrict Docker/Files writes to admins, move terminal websocket auth to cookie-first with temporary query fallback, and migrate refresh-token handling to httpOnly cookies for safer session persistence.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Reuse the existing refresh-token flow before opening terminal websocket connections so reconnects can recover from expired access tokens without requiring a full dashboard reload.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Keep the selected dashboard page in sync with lightweight URL query params so direct terminal links can land on the right page without exposing extra client state.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Allow more concurrent dashboard terminal tabs per user and use the current access token for websocket reconnects so refreshed sessions keep working.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Label unauthorized security events as blocked and highlight likely scanner probes so the log view is easier to interpret during investigations.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add server-side IP and date range filtering for security logs so investigations can narrow events without relying on client-side filtering alone.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Tighten terminal websocket auth and proxy trust handling while making file-backed auth/RBAC writes atomic to reduce high-impact security and persistence risks.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add WebSocket and SSH keepalives so idle dashboard terminal sessions stay connected across proxies and long-running idle periods.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Make terminal tabs, controls, and xterm colors follow the global light/dark theme so terminal UI stays visually consistent with the rest of the dashboard.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Display websocket close reason text (or close code fallback) in terminal tabs so SSH/session failures are diagnosable without checking backend logs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a dedicated Mac terminal target with separate SSH host/user/key settings and mount a dedicated Mac key file for dashboard containers.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove backend idle timeout enforcement so terminal sessions persist until the UI disconnects or the SSH process ends.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Allow drag/drop and clipboard image paste in the dashboard terminal so users can quickly upload images into the active shell session, with a visible hint for discoverability.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Keep the Terminal component mounted and toggle visibility via CSS so tab state and WebSocket sessions persist when navigating between sidebar pages, while preserving existing per-tab close and full teardown cleanup behavior.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add backend start/stop endpoints and wire cc-connect UI controls to toggle container state with post-action health refresh and clear error handling.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Introduce a standalone scheduled info-engine worker with SQLite persistence and expose read-only dashboard APIs/UI so curated intelligence items can be collected and viewed with minimal architecture changes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a protected backend health endpoint and a new dashboard page/sidebar entry so cc-connect operational status is visible in the UI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Expose LiteLLM operational status in the NAS Dashboard UI so auth-required and outage states are visible without calling backend APIs directly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Allow the dashboard health check to include optional LiteLLM auth headers and treat unauthenticated 401 responses as an auth-required healthy state.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Connect LiteLLM to nas-dashboard_internal and point dashboard-dev to the litellm container hostname so health probes work without host-loopback routing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Point dashboard-dev LiteLLM health checks at host.docker.internal so the container can reach the NAS LiteLLM service bound on localhost.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Introduce a localhost-only LiteLLM service template and expose a protected dashboard health endpoint for operational visibility, while adding cc-connect mobile bridge templates with conservative defaults.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>