gigafibre-fsm

Author SHA1 Message Date

Author	SHA1	Message	Date
louispaulb	30a867a326	fix(tech): restore Gemini-native scanner + port equipment UX into ops The ops tech module at /ops/#/j/* had drifted from the field app in two ways: 1. Scanner — a prior "restoration" re-added html5-qrcode, but the design has always been native <input capture="environment"> → Gemini 2.5 Flash via targo-hub /vision/barcodes (up to 3 codes) and /vision/equipment (structured labels, up to 5). Revert useScanner.js + ScanPage.vue + TechScanPage.vue to commit `e50ea88` and drop html5-qrcode from both package.json + lockfiles. No JS barcode library, no camera stream, no polyfills. 2. Equipment UX — TechJobDetailPage.vue was a 186-line stub missing the Ajouter bottom-sheet (Scanner / Rechercher / Créer), the debounced SN-then-MAC search, the 5-field create dialog, Type + Priority selects on the info card, and the location-detail contact expansion. Port the full UX from apps/field/src/pages/JobDetailPage.vue (526 lines) into the ops module (458 lines after consolidation). Rebuilt and deployed both apps. Remote smoke test confirms 0 bundles reference html5-qrcode and the new TechJobDetailPage.1075b3b8.js chunk (16.7 KB vs ~5 KB stub) ships the equipment bottom-sheet strings. Docs: - docs/features/tech-mobile.md — new. Documents all three delivery surfaces (legacy SSR /t/{jwt}, transitional apps/field/, unified /ops/#/j/*), Gemini-native scanner pipeline, equipment UX, magic-link JWT, cutover plan. Replaces an earlier stub that incorrectly referenced html5-qrcode. - docs/features/dispatch.md — new. Dispatch board, scheduling, tags, travel-time optimization, magic-link SMS, SSE updates. - docs/features/customer-portal.md — new. Plan A passwordless magic-link at portal.gigafibre.ca, Stripe self-service, file inventory. - docs/architecture/module-interactions.md — new. One-page call graph with sequence diagrams for the hot paths. - docs/README.md — expanded module index (§2) now lists every deployed surface with URL + primary doc + primary code locations (was missing dispatch, tickets, équipe, rapports, telephony, network, agent-flows, OCR, every customer-portal page). New cross-module edge map in §4. - docs/features/README.md + docs/architecture/README.md — cross-link all new docs. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-22 15:56:38 -04:00
louispaulb	2b04e6bd86	feat(portal): passwordless magic-link login — retire ERPNext /login Customers no longer authenticate with passwords. A POST to the hub's /portal/request-link mints a 24h customer-scoped JWT and sends it via email + SMS; the /#/login Vue page sits on top of this and a navigation guard hydrates the Pinia store from the token on arrival. Why now: legacy customer passwords are unsalted MD5 from the old PHP system. Migrating hashes to PBKDF2 would still require a forced reset for every customer, so it's simpler to drop passwords entirely. The earlier Authentik forwardAuth attempt was already disabled on client.gigafibre.ca; this removes the last vestige of ERPNext's password form from the customer-facing path. Hub changes: - services/targo-hub/lib/portal-auth.js (new) — POST /portal/request-link • 3-requests / 15-min per identifier rate limit (in-memory Map + timer) • Lookup by email (email_id + email_billing), customer id (legacy + direct name), or phone (cell + tel_home) • Anti-enumeration: always 200 OK with redacted contact hint • Email template with CTA button + raw URL fallback; SMS short form - services/targo-hub/server.js — mount the new /portal/* router Client changes: - apps/client/src/pages/LoginPage.vue (new) — standalone full-page, single identifier input, success chips, rate-limit banner - apps/client/src/api/auth-portal.js (new) — thin fetch wrapper - apps/client/src/stores/customer.js — hydrateFromToken() sync decoder, stripTokenFromUrl (history.replaceState), init() silent Authentik fallback preserved for staff impersonation - apps/client/src/router/index.js — PUBLIC_ROUTES allowlist + guard that hydrates from URL token before redirecting - apps/client/src/api/auth.js — logout() clears store + bounces to /#/login (no more Authentik redirect); 401 in authFetch is warn-only - apps/client/src/composables/useMagicToken.js — thin read-through to the store (no more independent decoding) - PaymentSuccess/Cancel/CardAdded pages — goToLogin() uses router, not window.location to id.gigafibre.ca Infra: - apps/portal/traefik-client-portal.yml — block /login and /update-password on client.gigafibre.ca, redirect to /#/login. Any stale bookmark or external link lands on the Vue page, not ERPNext's password form. Docs: - docs/roadmap.md — Phase 4 checkbox flipped; MD5 migration item retired - docs/features/billing-payments.md — replace MD5 reset note with magic-link explainer Online appointment booking (Plan B from the same discussion) is queued for a follow-up session; this commit is Plan A only. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-22 13:25:28 -04:00
louispaulb	beb6ddc5e5	docs: reorganize into architecture/features/reference/archive folders All docs moved with git mv so --follow preserves history. Flattens the single-folder layout into goal-oriented folders and adds a README.md index at every level. - docs/README.md — new landing page with "I want to…" intent table - docs/architecture/ — overview, data-model, app-design - docs/features/ — billing-payments, cpe-management, vision-ocr, flow-editor - docs/reference/ — erpnext-item-diff, legacy-wizard/ - docs/archive/ — HANDOFF-2026-04-18, MIGRATION, status-snapshots/ - docs/assets/ — pptx sources, build scripts (fixed hardcoded path) - roadmap.md gains a "Modules in production" section with clickable URLs for every ops/tech/portal route and admin surface - Phase 4 (Customer Portal) flipped to "Largely Shipped" based on audit of services/targo-hub/lib/payments.js (16 endpoints, webhook, PPA cron, Klarna BNPL all live) - Archive files get an "ARCHIVED" banner so stale links inside them don't mislead readers Code comments + nginx configs rewritten to use new doc paths. Root README.md documentation table replaced with intent-oriented index. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-22 11:51:33 -04:00

louispaulb

30a867a326

fix(tech): restore Gemini-native scanner + port equipment UX into ops

The ops tech module at /ops/#/j/* had drifted from the field app in two ways:

1. Scanner — a prior "restoration" re-added html5-qrcode, but the
   design has always been native <input capture="environment"> → Gemini
   2.5 Flash via targo-hub /vision/barcodes (up to 3 codes) and
   /vision/equipment (structured labels, up to 5). Revert useScanner.js
   + ScanPage.vue + TechScanPage.vue to commit e50ea88 and drop
   html5-qrcode from both package.json + lockfiles. No JS barcode
   library, no camera stream, no polyfills.

2. Equipment UX — TechJobDetailPage.vue was a 186-line stub missing the
   Ajouter bottom-sheet (Scanner / Rechercher / Créer), the debounced
   SN-then-MAC search, the 5-field create dialog, Type + Priority
   selects on the info card, and the location-detail contact expansion.
   Port the full UX from apps/field/src/pages/JobDetailPage.vue (526
   lines) into the ops module (458 lines after consolidation).

Rebuilt and deployed both apps. Remote smoke test confirms 0 bundles
reference html5-qrcode and the new TechJobDetailPage.1075b3b8.js chunk
(16.7 KB vs ~5 KB stub) ships the equipment bottom-sheet strings.

Docs:

- docs/features/tech-mobile.md — new. Documents all three delivery
  surfaces (legacy SSR /t/{jwt}, transitional apps/field/, unified
  /ops/#/j/*), Gemini-native scanner pipeline, equipment UX, magic-link
  JWT, cutover plan. Replaces an earlier stub that incorrectly
  referenced html5-qrcode.
- docs/features/dispatch.md — new. Dispatch board, scheduling, tags,
  travel-time optimization, magic-link SMS, SSE updates.
- docs/features/customer-portal.md — new. Plan A passwordless magic-link
  at portal.gigafibre.ca, Stripe self-service, file inventory.
- docs/architecture/module-interactions.md — new. One-page call graph
  with sequence diagrams for the hot paths.
- docs/README.md — expanded module index (§2) now lists every deployed
  surface with URL + primary doc + primary code locations (was missing
  dispatch, tickets, équipe, rapports, telephony, network, agent-flows,
  OCR, every customer-portal page). New cross-module edge map in §4.
- docs/features/README.md + docs/architecture/README.md — cross-link
  all new docs.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-22 15:56:38 -04:00

louispaulb

2b04e6bd86

feat(portal): passwordless magic-link login — retire ERPNext /login

Customers no longer authenticate with passwords. A POST to the hub's
/portal/request-link mints a 24h customer-scoped JWT and sends it via
email + SMS; the /#/login Vue page sits on top of this and a navigation
guard hydrates the Pinia store from the token on arrival.

Why now: legacy customer passwords are unsalted MD5 from the old PHP
system. Migrating hashes to PBKDF2 would still require a forced reset
for every customer, so it's simpler to drop passwords entirely. The
earlier Authentik forwardAuth attempt was already disabled on
client.gigafibre.ca; this removes the last vestige of ERPNext's
password form from the customer-facing path.

Hub changes:
  - services/targo-hub/lib/portal-auth.js (new) — POST /portal/request-link
    • 3-requests / 15-min per identifier rate limit (in-memory Map + timer)
    • Lookup by email (email_id + email_billing), customer id (legacy +
      direct name), or phone (cell + tel_home)
    • Anti-enumeration: always 200 OK with redacted contact hint
    • Email template with CTA button + raw URL fallback; SMS short form
  - services/targo-hub/server.js — mount the new /portal/* router

Client changes:
  - apps/client/src/pages/LoginPage.vue (new) — standalone full-page,
    single identifier input, success chips, rate-limit banner
  - apps/client/src/api/auth-portal.js (new) — thin fetch wrapper
  - apps/client/src/stores/customer.js — hydrateFromToken() sync decoder,
    stripTokenFromUrl (history.replaceState), init() silent Authentik
    fallback preserved for staff impersonation
  - apps/client/src/router/index.js — PUBLIC_ROUTES allowlist + guard
    that hydrates from URL token before redirecting
  - apps/client/src/api/auth.js — logout() clears store + bounces to
    /#/login (no more Authentik redirect); 401 in authFetch is warn-only
  - apps/client/src/composables/useMagicToken.js — thin read-through to
    the store (no more independent decoding)
  - PaymentSuccess/Cancel/CardAdded pages — goToLogin() uses router,
    not window.location to id.gigafibre.ca

Infra:
  - apps/portal/traefik-client-portal.yml — block /login and
    /update-password on client.gigafibre.ca, redirect to /#/login.
    Any stale bookmark or external link lands on the Vue page, not
    ERPNext's password form.

Docs:
  - docs/roadmap.md — Phase 4 checkbox flipped; MD5 migration item retired
  - docs/features/billing-payments.md — replace MD5 reset note with
    magic-link explainer

Online appointment booking (Plan B from the same discussion) is queued
for a follow-up session; this commit is Plan A only.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-22 13:25:28 -04:00

louispaulb

beb6ddc5e5

docs: reorganize into architecture/features/reference/archive folders

All docs moved with git mv so --follow preserves history. Flattens the
single-folder layout into goal-oriented folders and adds a README.md index
at every level.

- docs/README.md — new landing page with "I want to…" intent table
- docs/architecture/ — overview, data-model, app-design
- docs/features/ — billing-payments, cpe-management, vision-ocr, flow-editor
- docs/reference/ — erpnext-item-diff, legacy-wizard/
- docs/archive/ — HANDOFF-2026-04-18, MIGRATION, status-snapshots/
- docs/assets/ — pptx sources, build scripts (fixed hardcoded path)
- roadmap.md gains a "Modules in production" section with clickable
  URLs for every ops/tech/portal route and admin surface
- Phase 4 (Customer Portal) flipped to "Largely Shipped" based on
  audit of services/targo-hub/lib/payments.js (16 endpoints, webhook,
  PPA cron, Klarna BNPL all live)
- Archive files get an "ARCHIVED" banner so stale links inside them
  don't mislead readers

Code comments + nginx configs rewritten to use new doc paths. Root
README.md documentation table replaced with intent-oriented index.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-22 11:51:33 -04:00

3 Commits