MasterMito/work-club-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: MasterMito/work-club-manager:9cb80e4517dc94eb5bebc2d31e6949c6b68227f3
Branches Tags
MasterMito/work-club-manager:main MasterMito/work-club-manager:no_ticket/openspec MasterMito/work-club-manager:fix/shift-signup-external-user-lookup MasterMito/work-club-manager:feature/fix-self-assignment MasterMito/work-club-manager:sisyphus/club-work-manager
MasterMito/work-club-manager:v0.0.1
...
compare: MasterMito/work-club-manager:no_ticket/openspec
Branches Tags
MasterMito/work-club-manager:main MasterMito/work-club-manager:no_ticket/openspec MasterMito/work-club-manager:fix/shift-signup-external-user-lookup MasterMito/work-club-manager:feature/fix-self-assignment MasterMito/work-club-manager:sisyphus/club-work-manager
MasterMito/work-club-manager:v0.0.1

4 Commits
9cb80e4517 ... no_ticket/openspec

Author SHA1 Message Date
WorkClub Automation 65fea5d48b Introduced Openspec to project 2026-03-18 12:07:34 +01:00
MasterMito 3cf7c3a221 Merge pull request 'feat: restrict admin access to club operations and rollout test environment' (#4) from epic/admin_rework_second_try into main
CI Pipeline / Backend Build & Test (push) Successful in 48s
Details
CI Pipeline / Frontend Lint, Test & Build (push) Successful in 32s
Details
CI Pipeline / Infrastructure Validation (push) Successful in 3s
Details 
Reviewed-on: #4
 2026-03-18 09:16:58 +01:00
WorkClub Automation d30895c94a fix: resolve frontend lint errors and cleanup types
CI Pipeline / Backend Build & Test (pull_request) Successful in 53s
Details
CI Pipeline / Frontend Lint, Test & Build (pull_request) Successful in 36s
Details
CI Pipeline / Infrastructure Validation (pull_request) Successful in 4s
Details
2026-03-18 09:15:02 +01:00
WorkClub Automation 821459966c feat: restrict admin access to club operations and rollout test environment
CI Pipeline / Backend Build & Test (pull_request) Successful in 53s
Details
CI Pipeline / Frontend Lint, Test & Build (pull_request) Failing after 16s
Details
CI Pipeline / Infrastructure Validation (pull_request) Successful in 3s
Details
2026-03-18 09:08:45 +01:00
32 changed files with 1784 additions and 202 deletions
Expand all files Collapse all files
.opencode/command/opsx-apply.md
+149
View File
@@ -0,0 +1,149 @@
---
description: Implement tasks from an OpenSpec change (Experimental)
---
Implement tasks from an OpenSpec change.
**Input**: Optionally specify a change name (e.g., `/opsx-apply add-auth`). If omitted, check if it can be inferred from conversation context. If vague or ambiguous you MUST prompt for available changes.
**Steps**
1. **Select the change**
If a name is provided, use it. Otherwise:
- Infer from conversation context if the user mentioned a change
- Auto-select if only one active change exists
- If ambiguous, run `openspec list --json` to get available changes and use the **AskUserQuestion tool** to let the user select
Always announce: "Using change: <name>" and how to override (e.g., `/opsx-apply <other>`).
2. **Check status to understand the schema**
```bash
openspec status --change "<name>" --json
```
Parse the JSON to understand:
- `schemaName`: The workflow being used (e.g., "spec-driven")
- Which artifact contains the tasks (typically "tasks" for spec-driven, check status for others)
3. **Get apply instructions**
```bash
openspec instructions apply --change "<name>" --json
```
This returns:
- Context file paths (varies by schema)
- Progress (total, complete, remaining)
- Task list with status
- Dynamic instruction based on current state
**Handle states:**
- If `state: "blocked"` (missing artifacts): show message, suggest using `/opsx-continue`
- If `state: "all_done"`: congratulate, suggest archive
- Otherwise: proceed to implementation
4. **Read context files**
Read the files listed in `contextFiles` from the apply instructions output.
The files depend on the schema being used:
- **spec-driven**: proposal, specs, design, tasks
- Other schemas: follow the contextFiles from CLI output
5. **Show current progress**
Display:
- Schema being used
- Progress: "N/M tasks complete"
- Remaining tasks overview
- Dynamic instruction from CLI
6. **Implement tasks (loop until done or blocked)**
For each pending task:
- Show which task is being worked on
- Make the code changes required
- Keep changes minimal and focused
- Mark task complete in the tasks file: `- [ ]` → `- [x]`
- Continue to next task
**Pause if:**
- Task is unclear → ask for clarification
- Implementation reveals a design issue → suggest updating artifacts
- Error or blocker encountered → report and wait for guidance
- User interrupts
7. **On completion or pause, show status**
Display:
- Tasks completed this session
- Overall progress: "N/M tasks complete"
- If all done: suggest archive
- If paused: explain why and wait for guidance
**Output During Implementation**
```
## Implementing: <change-name> (schema: <schema-name>)
Working on task 3/7: <task description>
[...implementation happening...]
✓ Task complete
Working on task 4/7: <task description>
[...implementation happening...]
✓ Task complete
```
**Output On Completion**
```
## Implementation Complete
**Change:** <change-name>
**Schema:** <schema-name>
**Progress:** 7/7 tasks complete ✓
### Completed This Session
- [x] Task 1
- [x] Task 2
...
All tasks complete! You can archive this change with `/opsx-archive`.
```
**Output On Pause (Issue Encountered)**
```
## Implementation Paused
**Change:** <change-name>
**Schema:** <schema-name>
**Progress:** 4/7 tasks complete
### Issue Encountered
<description of the issue>
**Options:**
1. <option 1>
2. <option 2>
3. Other approach
What would you like to do?
```
**Guardrails**
- Keep going through tasks until done or blocked
- Always read context files before starting (from the apply instructions output)
- If task is ambiguous, pause and ask before implementing
- If implementation reveals issues, pause and suggest artifact updates
- Keep code changes minimal and scoped to each task
- Update task checkbox immediately after completing each task
- Pause on errors, blockers, or unclear requirements - don't guess
- Use contextFiles from CLI output, don't assume specific file names
**Fluid Workflow Integration**
This skill supports the "actions on a change" model:
- **Can be invoked anytime**: Before all artifacts are done (if tasks exist), after partial implementation, interleaved with other actions
- **Allows artifact updates**: If implementation reveals design issues, suggest updating artifacts - not phase-locked, work fluidly
.opencode/command/opsx-archive.md
+154
View File
@@ -0,0 +1,154 @@
---
description: Archive a completed change in the experimental workflow
---
Archive a completed change in the experimental workflow.
**Input**: Optionally specify a change name after `/opsx-archive` (e.g., `/opsx-archive add-auth`). If omitted, check if it can be inferred from conversation context. If vague or ambiguous you MUST prompt for available changes.
**Steps**
1. **If no change name provided, prompt for selection**
Run `openspec list --json` to get available changes. Use the **AskUserQuestion tool** to let the user select.
Show only active changes (not already archived).
Include the schema used for each change if available.
**IMPORTANT**: Do NOT guess or auto-select a change. Always let the user choose.
2. **Check artifact completion status**
Run `openspec status --change "<name>" --json` to check artifact completion.
Parse the JSON to understand:
- `schemaName`: The workflow being used
- `artifacts`: List of artifacts with their status (`done` or other)
**If any artifacts are not `done`:**
- Display warning listing incomplete artifacts
- Prompt user for confirmation to continue
- Proceed if user confirms
3. **Check task completion status**
Read the tasks file (typically `tasks.md`) to check for incomplete tasks.
Count tasks marked with `- [ ]` (incomplete) vs `- [x]` (complete).
**If incomplete tasks found:**
- Display warning showing count of incomplete tasks
- Prompt user for confirmation to continue
- Proceed if user confirms
**If no tasks file exists:** Proceed without task-related warning.
4. **Assess delta spec sync state**
Check for delta specs at `openspec/changes/<name>/specs/`. If none exist, proceed without sync prompt.
**If delta specs exist:**
- Compare each delta spec with its corresponding main spec at `openspec/specs/<capability>/spec.md`
- Determine what changes would be applied (adds, modifications, removals, renames)
- Show a combined summary before prompting
**Prompt options:**
- If changes needed: "Sync now (recommended)", "Archive without syncing"
- If already synced: "Archive now", "Sync anyway", "Cancel"
If user chooses sync, use Task tool (subagent_type: "general-purpose", prompt: "Use Skill tool to invoke openspec-sync-specs for change '<name>'. Delta spec analysis: <include the analyzed delta spec summary>"). Proceed to archive regardless of choice.
5. **Perform the archive**
Create the archive directory if it doesn't exist:
```bash
mkdir -p openspec/changes/archive
```
Generate target name using current date: `YYYY-MM-DD-<change-name>`
**Check if target already exists:**
- If yes: Fail with error, suggest renaming existing archive or using different date
- If no: Move the change directory to archive
```bash
mv openspec/changes/<name> openspec/changes/archive/YYYY-MM-DD-<name>
```
6. **Display summary**
Show archive completion summary including:
- Change name
- Schema that was used
- Archive location
- Spec sync status (synced / sync skipped / no delta specs)
- Note about any warnings (incomplete artifacts/tasks)
**Output On Success**
```
## Archive Complete
**Change:** <change-name>
**Schema:** <schema-name>
**Archived to:** openspec/changes/archive/YYYY-MM-DD-<name>/
**Specs:** ✓ Synced to main specs
All artifacts complete. All tasks complete.
```
**Output On Success (No Delta Specs)**
```
## Archive Complete
**Change:** <change-name>
**Schema:** <schema-name>
**Archived to:** openspec/changes/archive/YYYY-MM-DD-<name>/
**Specs:** No delta specs
All artifacts complete. All tasks complete.
```
**Output On Success With Warnings**
```
## Archive Complete (with warnings)
**Change:** <change-name>
**Schema:** <schema-name>
**Archived to:** openspec/changes/archive/YYYY-MM-DD-<name>/
**Specs:** Sync skipped (user chose to skip)
**Warnings:**
- Archived with 2 incomplete artifacts
- Archived with 3 incomplete tasks
- Delta spec sync was skipped (user chose to skip)
Review the archive if this was not intentional.
```
**Output On Error (Archive Exists)**
```
## Archive Failed
**Change:** <change-name>
**Target:** openspec/changes/archive/YYYY-MM-DD-<name>/
Target archive directory already exists.
**Options:**
1. Rename the existing archive
2. Delete the existing archive if it's a duplicate
3. Wait until a different date to archive
```
**Guardrails**
- Always prompt for change selection if not provided
- Use artifact graph (openspec status --json) for completion checking
- Don't block archive on warnings - just inform and confirm
- Preserve .openspec.yaml when moving to archive (it moves with the directory)
- Show clear summary of what happened
- If sync is requested, use the Skill tool to invoke `openspec-sync-specs` (agent-driven)
- If delta specs exist, always run the sync assessment and show the combined summary before prompting
.opencode/command/opsx-explore.md
+170
View File
@@ -0,0 +1,170 @@
---
description: Enter explore mode - think through ideas, investigate problems, clarify requirements
---
Enter explore mode. Think deeply. Visualize freely. Follow the conversation wherever it goes.
**IMPORTANT: Explore mode is for thinking, not implementing.** You may read files, search code, and investigate the codebase, but you must NEVER write code or implement features. If the user asks you to implement something, remind them to exit explore mode first and create a change proposal. You MAY create OpenSpec artifacts (proposals, designs, specs) if the user asks—that's capturing thinking, not implementing.
**This is a stance, not a workflow.** There are no fixed steps, no required sequence, no mandatory outputs. You're a thinking partner helping the user explore.
**Input**: The argument after `/opsx-explore` is whatever the user wants to think about. Could be:
- A vague idea: "real-time collaboration"
- A specific problem: "the auth system is getting unwieldy"
- A change name: "add-dark-mode" (to explore in context of that change)
- A comparison: "postgres vs sqlite for this"
- Nothing (just enter explore mode)
---
## The Stance
- **Curious, not prescriptive** - Ask questions that emerge naturally, don't follow a script
- **Open threads, not interrogations** - Surface multiple interesting directions and let the user follow what resonates. Don't funnel them through a single path of questions.
- **Visual** - Use ASCII diagrams liberally when they'd help clarify thinking
- **Adaptive** - Follow interesting threads, pivot when new information emerges
- **Patient** - Don't rush to conclusions, let the shape of the problem emerge
- **Grounded** - Explore the actual codebase when relevant, don't just theorize
---
## What You Might Do
Depending on what the user brings, you might:
**Explore the problem space**
- Ask clarifying questions that emerge from what they said
- Challenge assumptions
- Reframe the problem
- Find analogies
**Investigate the codebase**
- Map existing architecture relevant to the discussion
- Find integration points
- Identify patterns already in use
- Surface hidden complexity
**Compare options**
- Brainstorm multiple approaches
- Build comparison tables
- Sketch tradeoffs
- Recommend a path (if asked)
**Visualize**
```
┌─────────────────────────────────────────┐
│ Use ASCII diagrams liberally │
├─────────────────────────────────────────┤
│ │
│ ┌────────┐ ┌────────┐ │
│ │ State │────────▶│ State │ │
│ │ A │ │ B │ │
│ └────────┘ └────────┘ │
│ │
│ System diagrams, state machines, │
│ data flows, architecture sketches, │
│ dependency graphs, comparison tables │
│ │
└─────────────────────────────────────────┘
```
**Surface risks and unknowns**
- Identify what could go wrong
- Find gaps in understanding
- Suggest spikes or investigations
---
## OpenSpec Awareness
You have full context of the OpenSpec system. Use it naturally, don't force it.
### Check for context
At the start, quickly check what exists:
```bash
openspec list --json
```
This tells you:
- If there are active changes
- Their names, schemas, and status
- What the user might be working on
If the user mentioned a specific change name, read its artifacts for context.
### When no change exists
Think freely. When insights crystallize, you might offer:
- "This feels solid enough to start a change. Want me to create a proposal?"
- Or keep exploring - no pressure to formalize
### When a change exists
If the user mentions a change or you detect one is relevant:
1. **Read existing artifacts for context**
- `openspec/changes/<name>/proposal.md`
- `openspec/changes/<name>/design.md`
- `openspec/changes/<name>/tasks.md`
- etc.
2. **Reference them naturally in conversation**
- "Your design mentions using Redis, but we just realized SQLite fits better..."
- "The proposal scopes this to premium users, but we're now thinking everyone..."
3. **Offer to capture when decisions are made**
| Insight Type | Where to Capture |
|--------------|------------------|
| New requirement discovered | `specs/<capability>/spec.md` |
| Requirement changed | `specs/<capability>/spec.md` |
| Design decision made | `design.md` |
| Scope changed | `proposal.md` |
| New work identified | `tasks.md` |
| Assumption invalidated | Relevant artifact |
Example offers:
- "That's a design decision. Capture it in design.md?"
- "This is a new requirement. Add it to specs?"
- "This changes scope. Update the proposal?"
4. **The user decides** - Offer and move on. Don't pressure. Don't auto-capture.
---
## What You Don't Have To Do
- Follow a script
- Ask the same questions every time
- Produce a specific artifact
- Reach a conclusion
- Stay on topic if a tangent is valuable
- Be brief (this is thinking time)
---
## Ending Discovery
There's no required ending. Discovery might:
- **Flow into a proposal**: "Ready to start? I can create a change proposal."
- **Result in artifact updates**: "Updated design.md with these decisions"
- **Just provide clarity**: User has what they need, moves on
- **Continue later**: "We can pick this up anytime"
When things crystallize, you might offer a summary - but it's optional. Sometimes the thinking IS the value.
---
## Guardrails
- **Don't implement** - Never write code or implement features. Creating OpenSpec artifacts is fine, writing application code is not.
- **Don't fake understanding** - If something is unclear, dig deeper
- **Don't rush** - Discovery is thinking time, not task time
- **Don't force structure** - Let patterns emerge naturally
- **Don't auto-capture** - Offer to save insights, don't just do it
- **Do visualize** - A good diagram is worth many paragraphs
- **Do explore the codebase** - Ground discussions in reality
- **Do question assumptions** - Including the user's and your own
.opencode/command/opsx-propose.md
+103
View File
@@ -0,0 +1,103 @@
---
description: Propose a new change - create it and generate all artifacts in one step
---
Propose a new change - create the change and generate all artifacts in one step.
I'll create a change with artifacts:
- proposal.md (what & why)
- design.md (how)
- tasks.md (implementation steps)
When ready to implement, run /opsx-apply
---
**Input**: The argument after `/opsx-propose` is the change name (kebab-case), OR a description of what the user wants to build.
**Steps**
1. **If no input provided, ask what they want to build**
Use the **AskUserQuestion tool** (open-ended, no preset options) to ask:
> "What change do you want to work on? Describe what you want to build or fix."
From their description, derive a kebab-case name (e.g., "add user authentication" → `add-user-auth`).
**IMPORTANT**: Do NOT proceed without understanding what the user wants to build.
2. **Create the change directory**
```bash
openspec new change "<name>"
```
This creates a scaffolded change at `openspec/changes/<name>/` with `.openspec.yaml`.
3. **Get the artifact build order**
```bash
openspec status --change "<name>" --json
```
Parse the JSON to get:
- `applyRequires`: array of artifact IDs needed before implementation (e.g., `["tasks"]`)
- `artifacts`: list of all artifacts with their status and dependencies
4. **Create artifacts in sequence until apply-ready**
Use the **TodoWrite tool** to track progress through the artifacts.
Loop through artifacts in dependency order (artifacts with no pending dependencies first):
a. **For each artifact that is `ready` (dependencies satisfied)**:
- Get instructions:
```bash
openspec instructions <artifact-id> --change "<name>" --json
```
- The instructions JSON includes:
- `context`: Project background (constraints for you - do NOT include in output)
- `rules`: Artifact-specific rules (constraints for you - do NOT include in output)
- `template`: The structure to use for your output file
- `instruction`: Schema-specific guidance for this artifact type
- `outputPath`: Where to write the artifact
- `dependencies`: Completed artifacts to read for context
- Read any completed dependency files for context
- Create the artifact file using `template` as the structure
- Apply `context` and `rules` as constraints - but do NOT copy them into the file
- Show brief progress: "Created <artifact-id>"
b. **Continue until all `applyRequires` artifacts are complete**
- After creating each artifact, re-run `openspec status --change "<name>" --json`
- Check if every artifact ID in `applyRequires` has `status: "done"` in the artifacts array
- Stop when all `applyRequires` artifacts are done
c. **If an artifact requires user input** (unclear context):
- Use **AskUserQuestion tool** to clarify
- Then continue with creation
5. **Show final status**
```bash
openspec status --change "<name>"
```
**Output**
After completing all artifacts, summarize:
- Change name and location
- List of artifacts created with brief descriptions
- What's ready: "All artifacts created! Ready for implementation."
- Prompt: "Run `/opsx-apply` to start implementing."
**Artifact Creation Guidelines**
- Follow the `instruction` field from `openspec instructions` for each artifact type
- The schema defines what each artifact should contain - follow it
- Read dependency artifacts for context before creating new ones
- Use `template` as the structure for your output file - fill in its sections
- **IMPORTANT**: `context` and `rules` are constraints for YOU, not content for the file
- Do NOT copy `<context>`, `<rules>`, `<project_context>` blocks into the artifact
- These guide what you write, but should never appear in the output
**Guardrails**
- Create ALL artifacts needed for implementation (as defined by schema's `apply.requires`)
- Always read dependency artifacts before creating a new one
- If context is critically unclear, ask the user - but prefer making reasonable decisions to keep momentum
- If a change with that name already exists, ask if user wants to continue it or create a new one
- Verify each artifact file exists after writing before proceeding to next
.opencode/skills/openspec-apply-change/SKILL.md
+156
View File
@@ -0,0 +1,156 @@
---
name: openspec-apply-change
description: Implement tasks from an OpenSpec change. Use when the user wants to start implementing, continue implementation, or work through tasks.
license: MIT
compatibility: Requires openspec CLI.
metadata:
author: openspec
version: "1.0"
generatedBy: "1.2.0"
---
Implement tasks from an OpenSpec change.
**Input**: Optionally specify a change name. If omitted, check if it can be inferred from conversation context. If vague or ambiguous you MUST prompt for available changes.
**Steps**
1. **Select the change**
If a name is provided, use it. Otherwise:
- Infer from conversation context if the user mentioned a change
- Auto-select if only one active change exists
- If ambiguous, run `openspec list --json` to get available changes and use the **AskUserQuestion tool** to let the user select
Always announce: "Using change: <name>" and how to override (e.g., `/opsx-apply <other>`).
2. **Check status to understand the schema**
```bash
openspec status --change "<name>" --json
```
Parse the JSON to understand:
- `schemaName`: The workflow being used (e.g., "spec-driven")
- Which artifact contains the tasks (typically "tasks" for spec-driven, check status for others)
3. **Get apply instructions**
```bash
openspec instructions apply --change "<name>" --json
```
This returns:
- Context file paths (varies by schema - could be proposal/specs/design/tasks or spec/tests/implementation/docs)
- Progress (total, complete, remaining)
- Task list with status
- Dynamic instruction based on current state
**Handle states:**
- If `state: "blocked"` (missing artifacts): show message, suggest using openspec-continue-change
- If `state: "all_done"`: congratulate, suggest archive
- Otherwise: proceed to implementation
4. **Read context files**
Read the files listed in `contextFiles` from the apply instructions output.
The files depend on the schema being used:
- **spec-driven**: proposal, specs, design, tasks
- Other schemas: follow the contextFiles from CLI output
5. **Show current progress**
Display:
- Schema being used
- Progress: "N/M tasks complete"
- Remaining tasks overview
- Dynamic instruction from CLI
6. **Implement tasks (loop until done or blocked)**
For each pending task:
- Show which task is being worked on
- Make the code changes required
- Keep changes minimal and focused
- Mark task complete in the tasks file: `- [ ]` → `- [x]`
- Continue to next task
**Pause if:**
- Task is unclear → ask for clarification
- Implementation reveals a design issue → suggest updating artifacts
- Error or blocker encountered → report and wait for guidance
- User interrupts
7. **On completion or pause, show status**
Display:
- Tasks completed this session
- Overall progress: "N/M tasks complete"
- If all done: suggest archive
- If paused: explain why and wait for guidance
**Output During Implementation**
```
## Implementing: <change-name> (schema: <schema-name>)
Working on task 3/7: <task description>
[...implementation happening...]
✓ Task complete
Working on task 4/7: <task description>
[...implementation happening...]
✓ Task complete
```
**Output On Completion**
```
## Implementation Complete
**Change:** <change-name>
**Schema:** <schema-name>
**Progress:** 7/7 tasks complete ✓
### Completed This Session
- [x] Task 1
- [x] Task 2
...
All tasks complete! Ready to archive this change.
```
**Output On Pause (Issue Encountered)**
```
## Implementation Paused
**Change:** <change-name>
**Schema:** <schema-name>
**Progress:** 4/7 tasks complete
### Issue Encountered
<description of the issue>
**Options:**
1. <option 1>
2. <option 2>
3. Other approach
What would you like to do?
```
**Guardrails**
- Keep going through tasks until done or blocked
- Always read context files before starting (from the apply instructions output)
- If task is ambiguous, pause and ask before implementing
- If implementation reveals issues, pause and suggest artifact updates
- Keep code changes minimal and scoped to each task
- Update task checkbox immediately after completing each task
- Pause on errors, blockers, or unclear requirements - don't guess
- Use contextFiles from CLI output, don't assume specific file names
**Fluid Workflow Integration**
This skill supports the "actions on a change" model:
- **Can be invoked anytime**: Before all artifacts are done (if tasks exist), after partial implementation, interleaved with other actions
- **Allows artifact updates**: If implementation reveals design issues, suggest updating artifacts - not phase-locked, work fluidly
.opencode/skills/openspec-archive-change/SKILL.md
+114
View File
@@ -0,0 +1,114 @@
---
name: openspec-archive-change
description: Archive a completed change in the experimental workflow. Use when the user wants to finalize and archive a change after implementation is complete.
license: MIT
compatibility: Requires openspec CLI.
metadata:
author: openspec
version: "1.0"
generatedBy: "1.2.0"
---
Archive a completed change in the experimental workflow.
**Input**: Optionally specify a change name. If omitted, check if it can be inferred from conversation context. If vague or ambiguous you MUST prompt for available changes.
**Steps**
1. **If no change name provided, prompt for selection**
Run `openspec list --json` to get available changes. Use the **AskUserQuestion tool** to let the user select.
Show only active changes (not already archived).
Include the schema used for each change if available.
**IMPORTANT**: Do NOT guess or auto-select a change. Always let the user choose.
2. **Check artifact completion status**
Run `openspec status --change "<name>" --json` to check artifact completion.
Parse the JSON to understand:
- `schemaName`: The workflow being used
- `artifacts`: List of artifacts with their status (`done` or other)
**If any artifacts are not `done`:**
- Display warning listing incomplete artifacts
- Use **AskUserQuestion tool** to confirm user wants to proceed
- Proceed if user confirms
3. **Check task completion status**
Read the tasks file (typically `tasks.md`) to check for incomplete tasks.
Count tasks marked with `- [ ]` (incomplete) vs `- [x]` (complete).
**If incomplete tasks found:**
- Display warning showing count of incomplete tasks
- Use **AskUserQuestion tool** to confirm user wants to proceed
- Proceed if user confirms
**If no tasks file exists:** Proceed without task-related warning.
4. **Assess delta spec sync state**
Check for delta specs at `openspec/changes/<name>/specs/`. If none exist, proceed without sync prompt.
**If delta specs exist:**
- Compare each delta spec with its corresponding main spec at `openspec/specs/<capability>/spec.md`
- Determine what changes would be applied (adds, modifications, removals, renames)
- Show a combined summary before prompting
**Prompt options:**
- If changes needed: "Sync now (recommended)", "Archive without syncing"
- If already synced: "Archive now", "Sync anyway", "Cancel"
If user chooses sync, use Task tool (subagent_type: "general-purpose", prompt: "Use Skill tool to invoke openspec-sync-specs for change '<name>'. Delta spec analysis: <include the analyzed delta spec summary>"). Proceed to archive regardless of choice.
5. **Perform the archive**
Create the archive directory if it doesn't exist:
```bash
mkdir -p openspec/changes/archive
```
Generate target name using current date: `YYYY-MM-DD-<change-name>`
**Check if target already exists:**
- If yes: Fail with error, suggest renaming existing archive or using different date
- If no: Move the change directory to archive
```bash
mv openspec/changes/<name> openspec/changes/archive/YYYY-MM-DD-<name>
```
6. **Display summary**
Show archive completion summary including:
- Change name
- Schema that was used
- Archive location
- Whether specs were synced (if applicable)
- Note about any warnings (incomplete artifacts/tasks)
**Output On Success**
```
## Archive Complete
**Change:** <change-name>
**Schema:** <schema-name>
**Archived to:** openspec/changes/archive/YYYY-MM-DD-<name>/
**Specs:** ✓ Synced to main specs (or "No delta specs" or "Sync skipped")
All artifacts complete. All tasks complete.
```
**Guardrails**
- Always prompt for change selection if not provided
- Use artifact graph (openspec status --json) for completion checking
- Don't block archive on warnings - just inform and confirm
- Preserve .openspec.yaml when moving to archive (it moves with the directory)
- Show clear summary of what happened
- If sync is requested, use openspec-sync-specs approach (agent-driven)
- If delta specs exist, always run the sync assessment and show the combined summary before prompting
.opencode/skills/openspec-explore/SKILL.md
+288
View File
@@ -0,0 +1,288 @@
---
name: openspec-explore
description: Enter explore mode - a thinking partner for exploring ideas, investigating problems, and clarifying requirements. Use when the user wants to think through something before or during a change.
license: MIT
compatibility: Requires openspec CLI.
metadata:
author: openspec
version: "1.0"
generatedBy: "1.2.0"
---
Enter explore mode. Think deeply. Visualize freely. Follow the conversation wherever it goes.
**IMPORTANT: Explore mode is for thinking, not implementing.** You may read files, search code, and investigate the codebase, but you must NEVER write code or implement features. If the user asks you to implement something, remind them to exit explore mode first and create a change proposal. You MAY create OpenSpec artifacts (proposals, designs, specs) if the user asks—that's capturing thinking, not implementing.
**This is a stance, not a workflow.** There are no fixed steps, no required sequence, no mandatory outputs. You're a thinking partner helping the user explore.
---
## The Stance
- **Curious, not prescriptive** - Ask questions that emerge naturally, don't follow a script
- **Open threads, not interrogations** - Surface multiple interesting directions and let the user follow what resonates. Don't funnel them through a single path of questions.
- **Visual** - Use ASCII diagrams liberally when they'd help clarify thinking
- **Adaptive** - Follow interesting threads, pivot when new information emerges
- **Patient** - Don't rush to conclusions, let the shape of the problem emerge
- **Grounded** - Explore the actual codebase when relevant, don't just theorize
---
## What You Might Do
Depending on what the user brings, you might:
**Explore the problem space**
- Ask clarifying questions that emerge from what they said
- Challenge assumptions
- Reframe the problem
- Find analogies
**Investigate the codebase**
- Map existing architecture relevant to the discussion
- Find integration points
- Identify patterns already in use
- Surface hidden complexity
**Compare options**
- Brainstorm multiple approaches
- Build comparison tables
- Sketch tradeoffs
- Recommend a path (if asked)
**Visualize**
```
┌─────────────────────────────────────────┐
│ Use ASCII diagrams liberally │
├─────────────────────────────────────────┤
│ │
│ ┌────────┐ ┌────────┐ │
│ │ State │────────▶│ State │ │
│ │ A │ │ B │ │
│ └────────┘ └────────┘ │
│ │
│ System diagrams, state machines, │
│ data flows, architecture sketches, │
│ dependency graphs, comparison tables │
│ │
└─────────────────────────────────────────┘
```
**Surface risks and unknowns**
- Identify what could go wrong
- Find gaps in understanding
- Suggest spikes or investigations
---
## OpenSpec Awareness
You have full context of the OpenSpec system. Use it naturally, don't force it.
### Check for context
At the start, quickly check what exists:
```bash
openspec list --json
```
This tells you:
- If there are active changes
- Their names, schemas, and status
- What the user might be working on
### When no change exists
Think freely. When insights crystallize, you might offer:
- "This feels solid enough to start a change. Want me to create a proposal?"
- Or keep exploring - no pressure to formalize
### When a change exists
If the user mentions a change or you detect one is relevant:
1. **Read existing artifacts for context**
- `openspec/changes/<name>/proposal.md`
- `openspec/changes/<name>/design.md`
- `openspec/changes/<name>/tasks.md`
- etc.
2. **Reference them naturally in conversation**
- "Your design mentions using Redis, but we just realized SQLite fits better..."
- "The proposal scopes this to premium users, but we're now thinking everyone..."
3. **Offer to capture when decisions are made**
| Insight Type | Where to Capture |
|--------------|------------------|
| New requirement discovered | `specs/<capability>/spec.md` |
| Requirement changed | `specs/<capability>/spec.md` |
| Design decision made | `design.md` |
| Scope changed | `proposal.md` |
| New work identified | `tasks.md` |
| Assumption invalidated | Relevant artifact |
Example offers:
- "That's a design decision. Capture it in design.md?"
- "This is a new requirement. Add it to specs?"
- "This changes scope. Update the proposal?"
4. **The user decides** - Offer and move on. Don't pressure. Don't auto-capture.
---
## What You Don't Have To Do
- Follow a script
- Ask the same questions every time
- Produce a specific artifact
- Reach a conclusion
- Stay on topic if a tangent is valuable
- Be brief (this is thinking time)
---
## Handling Different Entry Points
**User brings a vague idea:**
```
User: I'm thinking about adding real-time collaboration
You: Real-time collab is a big space. Let me think about this...
COLLABORATION SPECTRUM
════════════════════════════════════════════
Awareness Coordination Sync
│ │ │
▼ ▼ ▼
┌────────┐ ┌────────┐ ┌────────┐
│Presence│ │Cursors │ │ CRDT │
│ "3 │ │ Multi │ │Conflict│
│online" │ │ select │ │ free │
└────────┘ └────────┘ └────────┘
│ │ │
trivial moderate complex
Where's your head at?
```
**User brings a specific problem:**
```
User: The auth system is a mess
You: [reads codebase]
┌─────────────────────────────────────────────┐
│ CURRENT AUTH FLOW │
└─────────────────────────────────────────────┘
┌─────────────┼─────────────┐
▼ ▼ ▼
┌─────────┐ ┌─────────┐ ┌─────────┐
│ Google │ │ GitHub │ │ Email │
│ OAuth │ │ OAuth │ │ Magic │
└────┬────┘ └────┬────┘ └────┬────┘
│ │ │
└─────────────┼─────────────┘
┌───────────┐
│ Session │
└─────┬─────┘
┌───────────┐
│ Perms │
└───────────┘
I see three tangles. Which one's burning?
```
**User is stuck mid-implementation:**
```
User: /opsx-explore add-auth-system
The OAuth integration is more complex than expected
You: [reads change artifacts]
You're on task 4: "Implement OAuth flow"
Let me trace what's involved...
[draws diagram, explores options, suggests paths]
Want to update the design to reflect this?
Or add a spike task to investigate?
```
**User wants to compare options:**
```
User: Should we use Postgres or SQLite?
You: Generic answer is boring. What's the context?
User: A CLI tool that tracks local dev environments
You: That changes everything.
┌─────────────────────────────────────────────────┐
│ CLI TOOL DATA STORAGE │
└─────────────────────────────────────────────────┘
Key constraints:
• No daemon running
• Must work offline
• Single user
SQLite Postgres
Deployment embedded ✓ needs server ✗
Offline yes ✓ no ✗
Single file yes ✓ no ✗
SQLite. Not even close.
Unless... is there a sync component?
```
---
## Ending Discovery
There's no required ending. Discovery might:
- **Flow into a proposal**: "Ready to start? I can create a change proposal."
- **Result in artifact updates**: "Updated design.md with these decisions"
- **Just provide clarity**: User has what they need, moves on
- **Continue later**: "We can pick this up anytime"
When it feels like things are crystallizing, you might summarize:
```
## What We Figured Out
**The problem**: [crystallized understanding]
**The approach**: [if one emerged]
**Open questions**: [if any remain]
**Next steps** (if ready):
- Create a change proposal
- Keep exploring: just keep talking
```
But this summary is optional. Sometimes the thinking IS the value.
---
## Guardrails
- **Don't implement** - Never write code or implement features. Creating OpenSpec artifacts is fine, writing application code is not.
- **Don't fake understanding** - If something is unclear, dig deeper
- **Don't rush** - Discovery is thinking time, not task time
- **Don't force structure** - Let patterns emerge naturally
- **Don't auto-capture** - Offer to save insights, don't just do it
- **Do visualize** - A good diagram is worth many paragraphs
- **Do explore the codebase** - Ground discussions in reality
- **Do question assumptions** - Including the user's and your own
.opencode/skills/openspec-propose/SKILL.md
+110
View File
@@ -0,0 +1,110 @@
---
name: openspec-propose
description: Propose a new change with all artifacts generated in one step. Use when the user wants to quickly describe what they want to build and get a complete proposal with design, specs, and tasks ready for implementation.
license: MIT
compatibility: Requires openspec CLI.
metadata:
author: openspec
version: "1.0"
generatedBy: "1.2.0"
---
Propose a new change - create the change and generate all artifacts in one step.
I'll create a change with artifacts:
- proposal.md (what & why)
- design.md (how)
- tasks.md (implementation steps)
When ready to implement, run /opsx-apply
---
**Input**: The user's request should include a change name (kebab-case) OR a description of what they want to build.
**Steps**
1. **If no clear input provided, ask what they want to build**
Use the **AskUserQuestion tool** (open-ended, no preset options) to ask:
> "What change do you want to work on? Describe what you want to build or fix."
From their description, derive a kebab-case name (e.g., "add user authentication" → `add-user-auth`).
**IMPORTANT**: Do NOT proceed without understanding what the user wants to build.
2. **Create the change directory**
```bash
openspec new change "<name>"
```
This creates a scaffolded change at `openspec/changes/<name>/` with `.openspec.yaml`.
3. **Get the artifact build order**
```bash
openspec status --change "<name>" --json
```
Parse the JSON to get:
- `applyRequires`: array of artifact IDs needed before implementation (e.g., `["tasks"]`)
- `artifacts`: list of all artifacts with their status and dependencies
4. **Create artifacts in sequence until apply-ready**
Use the **TodoWrite tool** to track progress through the artifacts.
Loop through artifacts in dependency order (artifacts with no pending dependencies first):
a. **For each artifact that is `ready` (dependencies satisfied)**:
- Get instructions:
```bash
openspec instructions <artifact-id> --change "<name>" --json
```
- The instructions JSON includes:
- `context`: Project background (constraints for you - do NOT include in output)
- `rules`: Artifact-specific rules (constraints for you - do NOT include in output)
- `template`: The structure to use for your output file
- `instruction`: Schema-specific guidance for this artifact type
- `outputPath`: Where to write the artifact
- `dependencies`: Completed artifacts to read for context
- Read any completed dependency files for context
- Create the artifact file using `template` as the structure
- Apply `context` and `rules` as constraints - but do NOT copy them into the file
- Show brief progress: "Created <artifact-id>"
b. **Continue until all `applyRequires` artifacts are complete**
- After creating each artifact, re-run `openspec status --change "<name>" --json`
- Check if every artifact ID in `applyRequires` has `status: "done"` in the artifacts array
- Stop when all `applyRequires` artifacts are done
c. **If an artifact requires user input** (unclear context):
- Use **AskUserQuestion tool** to clarify
- Then continue with creation
5. **Show final status**
```bash
openspec status --change "<name>"
```
**Output**
After completing all artifacts, summarize:
- Change name and location
- List of artifacts created with brief descriptions
- What's ready: "All artifacts created! Ready for implementation."
- Prompt: "Run `/opsx-apply` or ask me to implement to start working on the tasks."
**Artifact Creation Guidelines**
- Follow the `instruction` field from `openspec instructions` for each artifact type
- The schema defines what each artifact should contain - follow it
- Read dependency artifacts for context before creating new ones
- Use `template` as the structure for your output file - fill in its sections
- **IMPORTANT**: `context` and `rules` are constraints for YOU, not content for the file
- Do NOT copy `<context>`, `<rules>`, `<project_context>` blocks into the artifact
- These guide what you write, but should never appear in the output
**Guardrails**
- Create ALL artifacts needed for implementation (as defined by schema's `apply.requires`)
- Always read dependency artifacts before creating a new one
- If context is critically unclear, ask the user - but prefer making reasonable decisions to keep momentum
- If a change with that name already exists, ask if user wants to continue it or create a new one
- Verify each artifact file exists after writing before proceeding to next
backend/WorkClub.Api/Auth/ClubRoleClaimsTransformation.cs
+1 -1
View File
@@ -85,7 +85,7 @@ public class ClubRoleClaimsTransformation : IClaimsTransformation
{
return clubRole switch
{
ClubRole.Admin => "Admin",
ClubRole.Manager => "Manager",
ClubRole.Member => "Member",
ClubRole.Viewer => "Viewer",
backend/WorkClub.Api/Endpoints/Clubs/AdminClubEndpoints.cs
+67
View File
@@ -0,0 +1,67 @@
using Microsoft.AspNetCore.Http.HttpResults;
using Microsoft.AspNetCore.Mvc;
using WorkClub.Api.Services;
using WorkClub.Application.Clubs.DTOs;
namespace WorkClub.Api.Endpoints.Clubs;
public static class AdminClubEndpoints
{
public static void MapAdminClubEndpoints(this IEndpointRouteBuilder app)
{
var group = app.MapGroup("/api/admin/clubs")
.RequireAuthorization("RequireGlobalAdmin")
.WithTags("AdminClubs");
group.MapGet("", GetClubs)
.WithName("AdminGetClubs");
group.MapPost("", CreateClub)
.WithName("AdminCreateClub");
group.MapPut("{id:guid}", UpdateClub)
.WithName("AdminUpdateClub");
group.MapDelete("{id:guid}", DeleteClub)
.WithName("AdminDeleteClub");
}
private static async Task<Ok<List<ClubDetailDto>>> GetClubs(AdminClubService adminClubService)
{
var result = await adminClubService.GetAllClubsAsync();
return TypedResults.Ok(result);
}
private static async Task<Created<ClubDetailDto>> CreateClub(
[FromBody] CreateClubRequest request,
AdminClubService adminClubService)
{
var result = await adminClubService.CreateClubAsync(request);
return TypedResults.Created($"/api/admin/clubs/{result.Id}", result);
}
private static async Task<Results<Ok<ClubDetailDto>, NotFound>> UpdateClub(
Guid id,
[FromBody] UpdateClubRequest request,
AdminClubService adminClubService)
{
var (result, error) = await adminClubService.UpdateClubAsync(id, request);
if (error != null)
return TypedResults.NotFound();
return TypedResults.Ok(result!);
}
private static async Task<Results<NoContent, NotFound>> DeleteClub(
Guid id,
AdminClubService adminClubService)
{
var success = await adminClubService.DeleteClubAsync(id);
if (!success)
return TypedResults.NotFound();
return TypedResults.NoContent();
}
}
backend/WorkClub.Api/Endpoints/Shifts/ShiftEndpoints.cs
+1 -1
View File
@@ -28,7 +28,7 @@ public static class ShiftEndpoints
.WithName("UpdateShift");
group.MapDelete("{id:guid}", DeleteShift)
.RequireAuthorization("RequireAdmin")
.RequireAuthorization("RequireManager")
.WithName("DeleteShift");
group.MapPost("{id:guid}/signup", SignUpForShift)
backend/WorkClub.Api/Endpoints/Tasks/TaskEndpoints.cs
+1 -1
View File
@@ -28,7 +28,7 @@ public static class TaskEndpoints
.WithName("UpdateTask");
group.MapDelete("{id:guid}", DeleteTask)
.RequireAuthorization("RequireAdmin")
.RequireAuthorization("RequireManager")
.WithName("DeleteTask");
group.MapPost("{id:guid}/assign", AssignTaskToMe)
backend/WorkClub.Api/Middleware/TenantValidationMiddleware.cs
+3 -2
View File
@@ -22,8 +22,9 @@ public class TenantValidationMiddleware
return;
}
// Exempt /api/clubs/me from tenant validation - this is the bootstrap endpoint
if (context.Request.Path.StartsWithSegments("/api/clubs/me"))
// Exempt bootstrap and admin endpoints from tenant validation
if (context.Request.Path.StartsWithSegments("/api/clubs/me") ||
context.Request.Path.StartsWithSegments("/api/admin"))
{
_logger.LogInformation("TenantValidationMiddleware: Exempting {Path} from tenant validation", context.Request.Path);
await _next(context);
backend/WorkClub.Api/Program.cs
+9 -3
View File
@@ -24,6 +24,7 @@ builder.Services.AddScoped<SeedDataService>();
builder.Services.AddScoped<TaskService>();
builder.Services.AddScoped<ShiftService>();
builder.Services.AddScoped<ClubService>();
builder.Services.AddScoped<AdminClubService>();
builder.Services.AddScoped<MemberService>();
builder.Services.AddScoped<MemberSyncService>();
@@ -49,9 +50,13 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
builder.Services.AddScoped<IClaimsTransformation, ClubRoleClaimsTransformation>();
builder.Services.AddAuthorizationBuilder()
.AddPolicy("RequireAdmin", policy => policy.RequireRole("Admin"))
.AddPolicy("RequireManager", policy => policy.RequireRole("Admin", "Manager"))
.AddPolicy("RequireMember", policy => policy.RequireRole("Admin", "Manager", "Member"))
.AddPolicy("RequireGlobalAdmin", policy => policy.RequireAssertion(context =>
{
var realmAccess = context.User.FindFirst("realm_access")?.Value;
return realmAccess != null && realmAccess.Contains("\"admin\"");
}))
.AddPolicy("RequireManager", policy => policy.RequireRole("Manager"))
.AddPolicy("RequireMember", policy => policy.RequireRole("Manager", "Member"))
.AddPolicy("RequireViewer", policy => policy.RequireAuthenticatedUser());
builder.Services.AddDbContext<AppDbContext>((sp, options) =>
@@ -122,6 +127,7 @@ app.MapGet("/api/test", () => Results.Ok(new { message = "Test endpoint" }))
app.MapTaskEndpoints();
app.MapShiftEndpoints();
app.MapClubEndpoints();
app.MapAdminClubEndpoints();
app.MapMemberEndpoints();
app.Run();
backend/WorkClub.Api/Services/AdminClubService.cs
+113
View File
@@ -0,0 +1,113 @@
using Microsoft.EntityFrameworkCore;
using Npgsql;
using WorkClub.Application.Clubs.DTOs;
using WorkClub.Domain.Entities;
using WorkClub.Infrastructure.Data;
namespace WorkClub.Api.Services;
public class AdminClubService
{
private readonly AppDbContext _context;
public AdminClubService(AppDbContext context)
{
_context = context;
}
public async Task<List<ClubDetailDto>> GetAllClubsAsync()
{
var strategy = _context.Database.CreateExecutionStrategy();
return await strategy.ExecuteAsync(async () =>
{
await using var transaction = await _context.Database.BeginTransactionAsync();
await _context.Database.ExecuteSqlRawAsync("SET LOCAL ROLE app_admin");
var clubs = await _context.Clubs.ToListAsync();
await _context.Database.ExecuteSqlRawAsync("RESET ROLE");
await transaction.CommitAsync();
return clubs.Select(c => new ClubDetailDto(
c.Id, c.Name, c.SportType.ToString(), c.Description, c.CreatedAt, c.UpdatedAt)).ToList();
});
}
public async Task<ClubDetailDto> CreateClubAsync(CreateClubRequest request)
{
var tenantId = Guid.NewGuid().ToString();
var club = new Club
{
Id = Guid.NewGuid(),
TenantId = tenantId,
Name = request.Name,
SportType = request.SportType,
Description = request.Description,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
};
var strategy = _context.Database.CreateExecutionStrategy();
await strategy.ExecuteAsync(async () =>
{
await using var transaction = await _context.Database.BeginTransactionAsync();
await _context.Database.ExecuteSqlRawAsync("SET LOCAL ROLE app_admin");
_context.Clubs.Add(club);
await _context.SaveChangesAsync();
await _context.Database.ExecuteSqlRawAsync("RESET ROLE");
await transaction.CommitAsync();
});
return new ClubDetailDto(club.Id, club.Name, club.SportType.ToString(), club.Description, club.CreatedAt, club.UpdatedAt);
}
public async Task<(ClubDetailDto? club, string? error)> UpdateClubAsync(Guid id, UpdateClubRequest request)
{
var strategy = _context.Database.CreateExecutionStrategy();
return await strategy.ExecuteAsync<(ClubDetailDto? club, string? error)>(async () =>
{
await using var transaction = await _context.Database.BeginTransactionAsync();
await _context.Database.ExecuteSqlRawAsync("SET LOCAL ROLE app_admin");
var club = await _context.Clubs.FindAsync(id);
if (club == null)
{
await _context.Database.ExecuteSqlRawAsync("RESET ROLE");
return (null, "Club not found");
}
club.Name = request.Name;
club.SportType = request.SportType;
club.Description = request.Description;
club.UpdatedAt = DateTimeOffset.UtcNow;
await _context.SaveChangesAsync();
await _context.Database.ExecuteSqlRawAsync("RESET ROLE");
await transaction.CommitAsync();
return (new ClubDetailDto(club.Id, club.Name, club.SportType.ToString(), club.Description, club.CreatedAt, club.UpdatedAt), null);
});
}
public async Task<bool> DeleteClubAsync(Guid id)
{
var strategy = _context.Database.CreateExecutionStrategy();
return await strategy.ExecuteAsync<bool>(async () =>
{
await using var transaction = await _context.Database.BeginTransactionAsync();
await _context.Database.ExecuteSqlRawAsync("SET LOCAL ROLE app_admin");
var club = await _context.Clubs.FindAsync(id);
if (club == null)
{
await _context.Database.ExecuteSqlRawAsync("RESET ROLE");
return false;
}
_context.Clubs.Remove(club);
await _context.SaveChangesAsync();
await _context.Database.ExecuteSqlRawAsync("RESET ROLE");
await transaction.CommitAsync();
return true;
});
}
}
backend/WorkClub.Api/Services/MemberSyncService.cs
-1
View File
@@ -60,7 +60,6 @@ public class MemberSyncService
var roleClaim = httpContext.User.FindFirst(System.Security.Claims.ClaimTypes.Role)?.Value ?? "Member";
var clubRole = roleClaim.ToLowerInvariant() switch
{
"admin" => ClubRole.Admin,
"manager" => ClubRole.Manager,
"member" => ClubRole.Member,
"viewer" => ClubRole.Viewer,
backend/WorkClub.Application/Clubs/DTOs/CreateClubRequest.cs
+9
View File
@@ -0,0 +1,9 @@
using WorkClub.Domain.Enums;
namespace WorkClub.Application.Clubs.DTOs;
public record CreateClubRequest(
string Name,
SportType SportType,
string? Description
);
backend/WorkClub.Application/Clubs/DTOs/UpdateClubRequest.cs
+9
View File
@@ -0,0 +1,9 @@
using WorkClub.Domain.Enums;
namespace WorkClub.Application.Clubs.DTOs;
public record UpdateClubRequest(
string Name,
SportType SportType,
string? Description
);
backend/WorkClub.Domain/Enums/ClubRole.cs
-1
View File
@@ -2,7 +2,6 @@ namespace WorkClub.Domain.Enums;
public enum ClubRole
{
Admin = 0,
Manager = 1,
Member = 2,
Viewer = 3
backend/WorkClub.Infrastructure/Seed/SeedDataService.cs
+17 -58
View File
@@ -26,7 +26,7 @@ public class SeedDataService
using var transaction = await context.Database.BeginTransactionAsync();
// Enable RLS on all tenant tables
// Enable RLS on all tenant tables (Must be table owner, which 'workclub' is)
await context.Database.ExecuteSqlRawAsync(@"
ALTER TABLE clubs ENABLE ROW LEVEL SECURITY;
ALTER TABLE clubs FORCE ROW LEVEL SECURITY;
@@ -62,22 +62,6 @@ public class SeedDataService
");
// Create admin bypass policies (idempotent)
await context.Database.ExecuteSqlRawAsync(@"
DO $$
BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_admin') THEN
CREATE ROLE app_admin;
END IF;
END
$$;
GRANT app_admin TO app;
GRANT USAGE ON SCHEMA public TO app_admin;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO app_admin;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO app_admin;
ALTER DEFAULT PRIVILEGES FOR ROLE app IN SCHEMA public GRANT ALL ON TABLES TO app_admin;
ALTER DEFAULT PRIVILEGES FOR ROLE app IN SCHEMA public GRANT ALL ON SEQUENCES TO app_admin;
");
await context.Database.ExecuteSqlRawAsync(@"
DO $$ BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_policies WHERE tablename='clubs' AND policyname='bypass_rls_policy') THEN
@@ -140,31 +124,7 @@ public class SeedDataService
{
var members = new List<Member>
{
// admin@test.com: Admin in Club 1, Member in Club 2
new Member
{
Id = Guid.NewGuid(),
TenantId = tennisClub.TenantId,
ExternalUserId = "admin-user-id",
DisplayName = "Admin User",
Email = "admin@test.com",
Role = ClubRole.Admin,
ClubId = tennisClub.Id,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
},
new Member
{
Id = Guid.NewGuid(),
TenantId = cyclingClub.TenantId,
ExternalUserId = "admin-user-id",
DisplayName = "Admin User",
Email = "admin@test.com",
Role = ClubRole.Member,
ClubId = cyclingClub.Id,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
},
// manager@test.com: Manager in Club 1
new Member
{
@@ -235,8 +195,7 @@ public class SeedDataService
await context.SaveChangesAsync();
}
// Get admin member IDs for work item creation
var adminMembers = context.Members.Where(m => m.Email == "admin@test.com").ToList();
var managerMember = context.Members.First(m => m.Email == "manager@test.com");
var member1Members = context.Members.Where(m => m.Email == "member1@test.com").ToList();
var member2Member = context.Members.First(m => m.Email == "member2@test.com");
@@ -255,7 +214,7 @@ public class SeedDataService
Description = "Resurface main court",
Status = WorkItemStatus.Open,
AssigneeId = null,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id,
CreatedById = managerMember.Id,
ClubId = tennisClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(14),
CreatedAt = DateTimeOffset.UtcNow,
@@ -269,7 +228,7 @@ public class SeedDataService
Description = "Purchase new tennis rackets and balls",
Status = WorkItemStatus.Assigned,
AssigneeId = managerMember.Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id,
CreatedById = managerMember.Id,
ClubId = tennisClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(7),
CreatedAt = DateTimeOffset.UtcNow,
@@ -283,7 +242,7 @@ public class SeedDataService
Description = "Organize annual summer tournament",
Status = WorkItemStatus.InProgress,
AssigneeId = member1Members.First(m => m.ClubId == tennisClub.Id).Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id,
CreatedById = managerMember.Id,
ClubId = tennisClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(30),
CreatedAt = DateTimeOffset.UtcNow,
@@ -297,7 +256,7 @@ public class SeedDataService
Description = "Update and review club rules handbook",
Status = WorkItemStatus.Review,
AssigneeId = member2Member.Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id,
CreatedById = managerMember.Id,
ClubId = tennisClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(21),
CreatedAt = DateTimeOffset.UtcNow,
@@ -311,7 +270,7 @@ public class SeedDataService
Description = "Update club website with new photos",
Status = WorkItemStatus.Done,
AssigneeId = managerMember.Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id,
CreatedById = managerMember.Id,
ClubId = tennisClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(-5),
CreatedAt = DateTimeOffset.UtcNow.AddDays(-10),
@@ -326,7 +285,7 @@ public class SeedDataService
Description = "Create new cycling routes for summer",
Status = WorkItemStatus.Open,
AssigneeId = null,
CreatedById = adminMembers.First(m => m.ClubId == cyclingClub.Id).Id,
CreatedById = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
ClubId = cyclingClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(21),
CreatedAt = DateTimeOffset.UtcNow,
@@ -340,7 +299,7 @@ public class SeedDataService
Description = "Organize safety and maintenance training",
Status = WorkItemStatus.Assigned,
AssigneeId = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
CreatedById = adminMembers.First(m => m.ClubId == cyclingClub.Id).Id,
CreatedById = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
ClubId = cyclingClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(14),
CreatedAt = DateTimeOffset.UtcNow,
@@ -353,8 +312,8 @@ public class SeedDataService
Title = "Group ride coordination",
Description = "Schedule and coordinate weekly group rides",
Status = WorkItemStatus.InProgress,
AssigneeId = adminMembers.First(m => m.ClubId == cyclingClub.Id).Id,
CreatedById = adminMembers.First(m => m.ClubId == cyclingClub.Id).Id,
AssigneeId = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
CreatedById = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
ClubId = cyclingClub.Id,
DueDate = DateTimeOffset.UtcNow.AddDays(7),
CreatedAt = DateTimeOffset.UtcNow,
@@ -384,7 +343,7 @@ public class SeedDataService
EndTime = now.AddDays(-1).Date.ToLocalTime().AddHours(12),
Capacity = 2,
ClubId = tennisClub.Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id,
CreatedById = managerMember.Id,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
},
@@ -399,7 +358,7 @@ public class SeedDataService
EndTime = now.Date.ToLocalTime().AddHours(18),
Capacity = 3,
ClubId = tennisClub.Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id,
CreatedById = managerMember.Id,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
},
@@ -414,7 +373,7 @@ public class SeedDataService
EndTime = now.AddDays(7).Date.ToLocalTime().AddHours(17),
Capacity = 5,
ClubId = tennisClub.Id,
CreatedById = adminMembers.First(m => m.ClubId == tennisClub.Id).Id,
CreatedById = managerMember.Id,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
},
@@ -430,7 +389,7 @@ public class SeedDataService
EndTime = now.Date.ToLocalTime().AddHours(9),
Capacity = 10,
ClubId = cyclingClub.Id,
CreatedById = adminMembers.First(m => m.ClubId == cyclingClub.Id).Id,
CreatedById = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
},
@@ -445,7 +404,7 @@ public class SeedDataService
EndTime = now.AddDays(7).Date.ToLocalTime().AddHours(14),
Capacity = 4,
ClubId = cyclingClub.Id,
CreatedById = adminMembers.First(m => m.ClubId == cyclingClub.Id).Id,
CreatedById = member1Members.First(m => m.ClubId == cyclingClub.Id).Id,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
}
backend/WorkClub.Tests.Integration/Clubs/ClubEndpointsTests.cs
+1 -1
View File
@@ -69,7 +69,7 @@ public class ClubEndpointsTests : IntegrationTestBase
ExternalUserId = adminUserId,
DisplayName = "Admin User",
Email = "admin@test.com",
Role = ClubRole.Admin,
Role = ClubRole.Manager,
ClubId = club1Id,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
backend/WorkClub.Tests.Integration/Members/MemberEndpointsTests.cs
+1 -1
View File
@@ -60,7 +60,7 @@ public class MemberEndpointsTests : IntegrationTestBase
ExternalUserId = "admin-user-id",
DisplayName = "Admin User",
Email = "admin@test.com",
Role = ClubRole.Admin,
Role = ClubRole.Manager,
ClubId = club1Id,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
backend/WorkClub.Tests.Integration/Shifts/ShiftCrudTests.cs
+10 -50
View File
@@ -303,55 +303,7 @@ public class ShiftCrudTests : IntegrationTestBase
}
[Fact]
public async Task DeleteShift_AsAdmin_DeletesShift()
{
// Arrange
var shiftId = Guid.NewGuid();
var clubId = Guid.NewGuid();
var createdBy = Guid.NewGuid();
var now = DateTimeOffset.UtcNow;
using (var scope = Factory.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService<AppDbContext>();
context.Shifts.Add(new Shift
{
Id = shiftId,
TenantId = "tenant1",
Title = "Test Shift",
StartTime = now.AddDays(1),
EndTime = now.AddDays(1).AddHours(4),
Capacity = 5,
ClubId = clubId,
CreatedById = createdBy,
CreatedAt = now,
UpdatedAt = now
});
await context.SaveChangesAsync();
}
SetTenant("tenant1");
AuthenticateAs("admin@test.com", new Dictionary<string, string> { ["tenant1"] = "Admin" });
// Act
var response = await Client.DeleteAsync($"/api/shifts/{shiftId}");
// Assert
Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
// Verify shift is deleted
using (var scope = Factory.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService<AppDbContext>();
var shift = await context.Shifts.FindAsync(shiftId);
Assert.Null(shift);
}
}
[Fact]
public async Task DeleteShift_AsManager_ReturnsForbidden()
public async Task DeleteShift_AsManager_DeletesShift()
{
// Arrange
var shiftId = Guid.NewGuid();
@@ -387,7 +339,15 @@ public class ShiftCrudTests : IntegrationTestBase
var response = await Client.DeleteAsync($"/api/shifts/{shiftId}");
// Assert
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
// Verify shift is deleted
using (var scope = Factory.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService<AppDbContext>();
var shift = await context.Shifts.FindAsync(shiftId);
Assert.Null(shift);
}
}
[Fact]
backend/WorkClub.Tests.Integration/Tasks/TaskCrudTests.cs
+10 -47
View File
@@ -387,52 +387,7 @@ public class TaskCrudTests : IntegrationTestBase
}
[Fact]
public async Task DeleteTask_AsAdmin_DeletesTask()
{
// Arrange
var taskId = Guid.NewGuid();
var club1 = Guid.NewGuid();
var createdBy = Guid.NewGuid();
using (var scope = Factory.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService<AppDbContext>();
context.WorkItems.Add(new WorkItem
{
Id = taskId,
TenantId = "tenant1",
Title = "Test Task",
Status = WorkItemStatus.Open,
ClubId = club1,
CreatedById = createdBy,
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
});
await context.SaveChangesAsync();
}
SetTenant("tenant1");
AuthenticateAs("admin@test.com", new Dictionary<string, string> { ["tenant1"] = "Admin" });
// Act
var response = await Client.DeleteAsync($"/api/tasks/{taskId}");
// Assert
Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
// Verify task is deleted
using (var scope = Factory.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService<AppDbContext>();
var task = await context.WorkItems.FindAsync(taskId);
Assert.Null(task);
}
}
[Fact]
public async Task DeleteTask_AsManager_ReturnsForbidden()
public async Task DeleteTask_AsManager_DeletesTask()
{
// Arrange
var taskId = Guid.NewGuid();
@@ -465,7 +420,15 @@ public class TaskCrudTests : IntegrationTestBase
var response = await Client.DeleteAsync($"/api/tasks/{taskId}");
// Assert
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
// Verify task is deleted
using (var scope = Factory.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService<AppDbContext>();
var task = await context.WorkItems.FindAsync(taskId);
Assert.Null(task);
}
}
}
frontend/src/app/(protected)/admin/clubs/page.tsx
+12
View File
@@ -0,0 +1,12 @@
import { ClubManagement } from '@/components/admin/club-management';
export default function AdminClubsPage() {
return (
<div className="max-w-6xl mx-auto space-y-6">
<div className="flex items-center justify-between">
<h1 className="text-3xl font-bold">Club Management</h1>
</div>
<ClubManagement />
</div>
);
}
frontend/src/app/(protected)/layout.tsx
+29 -15
View File
@@ -1,13 +1,19 @@
'use client';
import { AuthGuard } from '@/components/auth-guard';
import { ClubSwitcher } from '@/components/club-switcher';
import Link from 'next/link';
import { SignOutButton } from '@/components/sign-out-button';
import { useSession } from 'next-auth/react';
export default function ProtectedLayout({
children,
}: {
children: React.ReactNode;
}) {
const { data } = useSession();
const isAdmin = data?.user?.isAdmin;
return (
<AuthGuard>
<div className="flex min-h-screen bg-gray-50">
@@ -15,26 +21,34 @@ export default function ProtectedLayout({
<div className="p-4 border-b">
<h1 className="text-xl font-bold">WorkClub</h1>
</div>
<nav className="flex-1 p-4 space-y-2">
<Link href="/dashboard" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
Dashboard
</Link>
<Link href="/tasks" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
Tasks
</Link>
<Link href="/shifts" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
Shifts
</Link>
<Link href="/members" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
Members
</Link>
</nav>
{isAdmin ? (
<nav className="flex-1 p-4 space-y-2">
<Link href="/admin/clubs" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
Club Management
</Link>
</nav>
) : (
<nav className="flex-1 p-4 space-y-2">
<Link href="/dashboard" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
Dashboard
</Link>
<Link href="/tasks" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
Tasks
</Link>
<Link href="/shifts" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
Shifts
</Link>
<Link href="/members" className="flex items-center px-4 py-2 text-sm font-medium rounded-md hover:bg-gray-100">
Members
</Link>
</nav>
)}
</aside>
<div className="flex-1 flex flex-col">
<header className="bg-white border-b h-16 flex items-center justify-between px-6">
<div className="flex items-center gap-4">
<ClubSwitcher />
{!isAdmin && <ClubSwitcher />}
</div>
<div className="flex items-center gap-4">
<SignOutButton />
frontend/src/app/(protected)/shifts/[id]/page.tsx
-2
View File
@@ -7,7 +7,6 @@ import { Button } from '@/components/ui/button';
import { Progress } from '@/components/ui/progress';
import { Badge } from '@/components/ui/badge';
import { useRouter } from 'next/navigation';
import { useSession } from 'next-auth/react';
export default function ShiftDetailPage({ params }: { params: Promise<{ id: string }> }) {
const resolvedParams = use(params);
@@ -15,7 +14,6 @@ export default function ShiftDetailPage({ params }: { params: Promise<{ id: stri
const signUpMutation = useSignUpShift();
const cancelMutation = useCancelSignUp();
const router = useRouter();
const { data: session } = useSession();
if (isLoading) return <div>Loading shift...</div>;
if (!shift) return <div>Shift not found</div>;
frontend/src/auth/auth.ts
+13 -2
View File
@@ -9,6 +9,7 @@ declare module "next-auth" {
email?: string | null
image?: string | null
clubs?: Record<string, string>
isAdmin?: boolean
}
accessToken?: string
}
@@ -16,6 +17,7 @@ declare module "next-auth" {
interface JWT {
clubs?: Record<string, string>
accessToken?: string
isAdmin?: boolean
}
}
@@ -43,10 +45,18 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
],
callbacks: {
async jwt({ token, account }) {
if (account) {
if (account && account.access_token) {
// Add clubs claim from Keycloak access token
token.clubs = (account as Record<string, unknown>).clubs as Record<string, string> || {}
token.clubs = (account as { clubs?: Record<string, string> }).clubs || {}
token.accessToken = account.access_token
try {
const payload = JSON.parse(Buffer.from((token.accessToken as string).split('.')[1], 'base64').toString());
const roles = (payload.realm_access?.roles as string[]) || [];
token.isAdmin = roles.includes('admin');
} catch {
token.isAdmin = false;
}
}
return token
},
@@ -54,6 +64,7 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
// Expose clubs to client
if (session.user) {
session.user.clubs = token.clubs as Record<string, string> | undefined
session.user.isAdmin = token.isAdmin as boolean | undefined
}
session.accessToken = token.accessToken as string | undefined
return session
frontend/src/components/admin/club-management.tsx
+168
View File
@@ -0,0 +1,168 @@
'use client';
import { useState, useEffect } from 'react';
import { useSession } from 'next-auth/react';
type Club = {
id: string;
name: string;
sportType: string;
description?: string;
};
export function ClubManagement() {
const { data: session } = useSession();
const [clubs, setClubs] = useState<Club[]>([]);
const [loading, setLoading] = useState(true);
const [isCreating, setIsCreating] = useState(false);
const [newClub, setNewClub] = useState({ name: '', sportType: 'Tennis', description: '' });
useEffect(() => {
const fetchClubsLocally = async () => {
try {
const res = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/api/admin/clubs`, {
headers: { Authorization: `Bearer ${session?.accessToken}` },
});
if (res.ok) {
const data = await res.json();
setClubs(data);
}
} catch (error) {
console.error('Failed to fetch clubs', error);
} finally {
setLoading(false);
}
};
if (session) fetchClubsLocally();
}, [session]);
const fetchClubs = async () => {
try {
const res = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/api/admin/clubs`, {
headers: { Authorization: `Bearer ${session?.accessToken}` },
});
if (res.ok) {
const data = await res.json();
setClubs(data);
}
} catch (error) {
console.error('Failed to fetch clubs', error);
} finally {
setLoading(false);
}
};
const handleCreate = async (e: React.FormEvent) => {
e.preventDefault();
try {
const res = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/api/admin/clubs`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${session?.accessToken}`,
},
body: JSON.stringify({
name: newClub.name,
sportType: newClub.sportType === 'Tennis' ? 0 : 1, // Mapping Enum or keep string if api accepts
description: newClub.description,
}),
});
if (res.ok) {
setNewClub({ name: '', sportType: 'Tennis', description: '' });
setIsCreating(false);
fetchClubs();
}
} catch (e) {
console.error(e);
}
};
const handleDelete = async (id: string) => {
if (!confirm('Are you sure you want to delete this club?')) return;
try {
const res = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/api/admin/clubs/${id}`, {
method: 'DELETE',
headers: { Authorization: `Bearer ${session?.accessToken}` },
});
if (res.ok) {
fetchClubs();
}
} catch (e) {
console.error(e);
}
};
if (loading) return <div>Loading clubs...</div>;
return (
<div className="space-y-6">
<div className="flex justify-between">
<h2 className="text-xl font-semibold">All Clubs</h2>
<button
onClick={() => setIsCreating(true)}
className="bg-blue-600 text-white px-4 py-2 rounded shadow hover:bg-blue-700"
>
Create New Club
</button>
</div>
{isCreating && (
<form onSubmit={handleCreate} className="bg-white p-4 rounded shadow space-y-4 border">
<h3 className="font-semibold text-lg">New Club</h3>
<div>
<label className="block text-sm font-medium">Name</label>
<input
required
className="mt-1 block w-full p-2 border rounded"
value={newClub.name}
onChange={e => setNewClub({ ...newClub, name: e.target.value })}
/>
</div>
<div>
<label className="block text-sm font-medium">Sport Type</label>
<select
className="mt-1 block w-full p-2 border rounded"
value={newClub.sportType}
onChange={e => setNewClub({ ...newClub, sportType: e.target.value })}
>
<option value="Tennis">Tennis</option>
<option value="Cycling">Cycling</option>
</select>
</div>
<div>
<label className="block text-sm font-medium">Description</label>
<textarea
className="mt-1 block w-full p-2 border rounded"
value={newClub.description}
onChange={e => setNewClub({ ...newClub, description: e.target.value })}
/>
</div>
<div className="flex gap-2">
<button type="submit" className="bg-blue-600 text-white px-4 py-2 rounded hover:bg-blue-700">Save</button>
<button type="button" onClick={() => setIsCreating(false)} className="px-4 py-2 border rounded hover:bg-gray-50">Cancel</button>
</div>
</form>
)}
<div className="grid gap-4 md:grid-cols-2 lg:grid-cols-3">
{clubs.map(club => (
<div key={club.id} className="bg-white p-4 rounded shadow border">
<h3 className="font-bold text-lg">{club.name}</h3>
<p className="text-sm text-gray-500 mb-2">{club.sportType}</p>
<p className="text-sm line-clamp-2 mb-4">{club.description || 'No description'}</p>
<div className="flex justify-end gap-2">
<button
onClick={() => handleDelete(club.id)}
className="text-red-600 hover:text-red-800 text-sm font-medium"
>
Delete
</button>
</div>
</div>
))}
{clubs.length === 0 && <p className="text-gray-500 col-span-full">No clubs found.</p>}
</div>
</div>
);
}
frontend/src/components/auth-guard.tsx
+23 -9
View File
@@ -6,7 +6,7 @@ import { ReactNode, useEffect } from 'react';
import { useTenant } from '../contexts/tenant-context';
export function AuthGuard({ children }: { children: ReactNode }) {
const { status } = useSession();
const { data, status } = useSession();
const { activeClubId, clubs, setActiveClub, clubsLoading } = useTenant();
const router = useRouter();
@@ -17,14 +17,27 @@ export function AuthGuard({ children }: { children: ReactNode }) {
}, [status, router]);
useEffect(() => {
if (status === 'authenticated' && clubs.length > 0) {
if (clubs.length === 1 && !activeClubId) {
setActiveClub(clubs[0].id);
} else if (clubs.length > 1 && !activeClubId) {
router.push('/select-club');
if (status === 'authenticated') {
const isAdmin = data?.user?.isAdmin;
// Admin routing
if (isAdmin) {
if (!window.location.pathname.startsWith('/admin')) {
router.push('/admin/clubs');
}
return;
}
// Normal user routing
if (clubs.length > 0) {
if (clubs.length === 1 && !activeClubId) {
setActiveClub(clubs[0].id);
} else if (clubs.length > 1 && !activeClubId) {
router.push('/select-club');
}
}
}
}, [status, clubs, activeClubId, router, setActiveClub]);
}, [status, clubs, activeClubId, router, setActiveClub, data]);
if (status === 'loading') {
return (
@@ -46,7 +59,8 @@ export function AuthGuard({ children }: { children: ReactNode }) {
);
}
if (clubs.length === 0 && status === 'authenticated') {
const isAdmin = data?.user?.isAdmin;
if (clubs.length === 0 && status === 'authenticated' && !isAdmin) {
const handleSwitchAccount = () => {
const keycloakLogoutUrl = `${process.env.NEXT_PUBLIC_KEYCLOAK_ISSUER || 'http://localhost:8080/realms/workclub'}/protocol/openid-connect/logout?redirect_uri=${encodeURIComponent(window.location.origin + '/login')}`;
signOut({ redirect: false }).then(() => {
@@ -68,7 +82,7 @@ export function AuthGuard({ children }: { children: ReactNode }) {
);
}
if (clubs.length > 1 && !activeClubId) {
if (clubs.length > 1 && !activeClubId && !isAdmin) {
return null;
}
infra/keycloak/realm-export.json
+23 -7
View File
@@ -162,7 +162,7 @@
"firstName": "Admin",
"lastName": "User",
"attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383,3b4afcfa-1352-8fc7-b497-8ab52a0d5fda"]
"clubs": []
},
"credentials": [
{
@@ -171,7 +171,10 @@
"temporary": false
}
],
"requiredActions": []
"requiredActions": [],
"realmRoles": [
"admin"
]
},
{
"username": "manager@test.com",
@@ -181,7 +184,9 @@
"firstName": "Manager",
"lastName": "User",
"attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383"]
"clubs": [
"64e05b5e-ef45-81d7-f2e8-3d14bd197383"
]
},
"credentials": [
{
@@ -200,7 +205,9 @@
"firstName": "Member",
"lastName": "One",
"attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383,3b4afcfa-1352-8fc7-b497-8ab52a0d5fda"]
"clubs": [
"64e05b5e-ef45-81d7-f2e8-3d14bd197383,3b4afcfa-1352-8fc7-b497-8ab52a0d5fda"
]
},
"credentials": [
{
@@ -219,7 +226,9 @@
"firstName": "Member",
"lastName": "Two",
"attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383"]
"clubs": [
"64e05b5e-ef45-81d7-f2e8-3d14bd197383"
]
},
"credentials": [
{
@@ -238,7 +247,9 @@
"firstName": "Viewer",
"lastName": "User",
"attributes": {
"clubs": ["64e05b5e-ef45-81d7-f2e8-3d14bd197383"]
"clubs": [
"64e05b5e-ef45-81d7-f2e8-3d14bd197383"
]
},
"credentials": [
{
@@ -251,7 +262,12 @@
}
],
"roles": {
"realm": [],
"realm": [
{
"name": "admin",
"description": "System Admin"
}
],
"client": {}
},
"groups": [],
openspec/config.yaml
+20
View File
@@ -0,0 +1,20 @@
schema: spec-driven
# Project context (optional)
# This is shown to AI when creating artifacts.
# Add your tech stack, conventions, style guides, domain knowledge, etc.
# Example:
# context: |
# Tech stack: TypeScript, React, Node.js
# We use conventional commits
# Domain: e-commerce platform
# Per-artifact rules (optional)
# Add custom rules for specific artifacts.
# Example:
# rules:
# proposal:
# - Keep proposals under 500 words
# - Always include a "Non-goals" section
# tasks:
# - Break tasks into chunks of max 2 hours