pieced/pieced-portal
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: pieced:v0.1.15
Branches Tags
pieced:main
pieced:v0.1.87 pieced:v0.1.86 pieced:v0.1.85 pieced:v0.1.84 pieced:v0.1.83 pieced:v0.1.82 pieced:v0.1.81 pieced:v0.1.80 pieced:v0.1.79 pieced:v0.1.78 pieced:v0.1.77 pieced:v0.1.76 pieced:v0.1.75 pieced:v0.1.74 pieced:v0.1.73 pieced:v0.1.72 pieced:v0.1.71 pieced:v0.1.70 pieced:v0.1.69 pieced:v0.1.68 pieced:v0.1.67 pieced:v0.1.66 pieced:v0.1.65 pieced:v0.1.64 pieced:v0.1.63 pieced:v0.1.62 pieced:v0.1.61 pieced:v0.1.60 pieced:v0.1.59 pieced:v0.1.58 pieced:v0.1.57 pieced:v0.1.56 pieced:v0.1.55 pieced:v0.1.54 pieced:v0.1.53 pieced:v0.1.52 pieced:v0.1.51 pieced:v0.1.50 pieced:v0.1.49 pieced:v0.1.48 pieced:v0.1.47 pieced:v0.1.46 pieced:v0.1.45 pieced:v0.1.44 pieced:v0.1.43 pieced:v0.1.42 pieced:v0.1.41 pieced:v0.1.40 pieced:v0.1.39 pieced:v0.1.38 pieced:v0.1.37 pieced:v0.1.36 pieced:v0.1.35 pieced:v0.1.34 pieced:v0.1.33 pieced:v0.1.32 pieced:v0.1.31 pieced:v0.1.30 pieced:v0.1.29 pieced:v0.1.28 pieced:v0.1.27 pieced:v0.1.26 pieced:v0.1.25 pieced:v0.1.24 pieced:v0.1.23 pieced:v0.1.22 pieced:v0.1.21 pieced:v0.1.20 pieced:v0.1.19 pieced:v0.1.18 pieced:v0.1.17 pieced:v0.1.16 pieced:v0.1.15 pieced:v0.1.14 pieced:v0.1.13 pieced:v0.1.12 pieced:v0.1.11 pieced:v0.1.10 pieced:v0.1.9 pieced:v0.1.8 pieced:v0.1.7 pieced:v0.1.6 pieced:v0.1.5
...
compare: pieced:v0.1.19
Branches Tags
pieced:main
pieced:v0.1.87 pieced:v0.1.86 pieced:v0.1.85 pieced:v0.1.84 pieced:v0.1.83 pieced:v0.1.82 pieced:v0.1.81 pieced:v0.1.80 pieced:v0.1.79 pieced:v0.1.78 pieced:v0.1.77 pieced:v0.1.76 pieced:v0.1.75 pieced:v0.1.74 pieced:v0.1.73 pieced:v0.1.72 pieced:v0.1.71 pieced:v0.1.70 pieced:v0.1.69 pieced:v0.1.68 pieced:v0.1.67 pieced:v0.1.66 pieced:v0.1.65 pieced:v0.1.64 pieced:v0.1.63 pieced:v0.1.62 pieced:v0.1.61 pieced:v0.1.60 pieced:v0.1.59 pieced:v0.1.58 pieced:v0.1.57 pieced:v0.1.56 pieced:v0.1.55 pieced:v0.1.54 pieced:v0.1.53 pieced:v0.1.52 pieced:v0.1.51 pieced:v0.1.50 pieced:v0.1.49 pieced:v0.1.48 pieced:v0.1.47 pieced:v0.1.46 pieced:v0.1.45 pieced:v0.1.44 pieced:v0.1.43 pieced:v0.1.42 pieced:v0.1.41 pieced:v0.1.40 pieced:v0.1.39 pieced:v0.1.38 pieced:v0.1.37 pieced:v0.1.36 pieced:v0.1.35 pieced:v0.1.34 pieced:v0.1.33 pieced:v0.1.32 pieced:v0.1.31 pieced:v0.1.30 pieced:v0.1.29 pieced:v0.1.28 pieced:v0.1.27 pieced:v0.1.26 pieced:v0.1.25 pieced:v0.1.24 pieced:v0.1.23 pieced:v0.1.22 pieced:v0.1.21 pieced:v0.1.20 pieced:v0.1.19 pieced:v0.1.18 pieced:v0.1.17 pieced:v0.1.16 pieced:v0.1.15 pieced:v0.1.14 pieced:v0.1.13 pieced:v0.1.12 pieced:v0.1.11 pieced:v0.1.10 pieced:v0.1.9 pieced:v0.1.8 pieced:v0.1.7 pieced:v0.1.6 pieced:v0.1.5

4 Commits
v0.1.15 ... v0.1.19

Author SHA1 Message Date
admin
9c50c9f054 Group C+ fixes
All checks were successful
Build and Push / build (push) Successful in 1m24s
Details
2026-04-29 21:34:52 +02:00
admin
49d81190d4 Group C fixes
All checks were successful
Build and Push / build (push) Successful in 1m47s
Details
2026-04-29 17:20:58 +02:00
admin
eeef108f7e Group B fixes
All checks were successful
Build and Push / build (push) Successful in 1m24s
Details
2026-04-29 15:43:12 +02:00
admin
c7df5c83a4 Fix user view tenant
All checks were successful
Build and Push / build (push) Successful in 1m32s
Details
2026-04-29 12:33:04 +02:00
27 changed files with 1701 additions and 369 deletions
Expand all files Collapse all files

32
src/app/[locale]/dashboard/new/page.tsx
View File

@@ -3,6 +3,9 @@ import { getTranslations } from "next-intl/server";
import { redirect } from "next/navigation"; import { redirect } from "next/navigation";
import { OnboardingFlow } from "@/components/onboarding/onboarding-flow"; import { OnboardingFlow } from "@/components/onboarding/onboarding-flow";
import { BackLink } from "@/components/ui/back-link"; import { BackLink } from "@/components/ui/back-link";
import { listTenants } from "@/lib/k8s";
import { listActiveTenantRequestsByOrgId } from "@/lib/db";
import { personalAccountAtCapacity } from "@/lib/personal-org";
/** /**
* /dashboard/new — wizard for creating an additional instance for an * /dashboard/new — wizard for creating an additional instance for an
@@ -21,6 +24,10 @@ import { BackLink } from "@/components/ui/back-link";
* may create new instances. The server-side POST handler enforces the * may create new instances. The server-side POST handler enforces the
* same; this redirect is purely UX so /user-role members don't land on * same; this redirect is purely UX so /user-role members don't land on
* a wizard that will 403 on submit. * a wizard that will 403 on submit.
*
* Bug 5: personal accounts that already hold a tenant or have one
* in-flight are sent back to the dashboard with the same UX rationale.
* Matching API guard lives in `/api/onboarding`.
*/ */
export default async function NewInstancePage() { export default async function NewInstancePage() {
const user = await getSessionUser(); const user = await getSessionUser();
@@ -28,6 +35,25 @@ export default async function NewInstancePage() {
if (user.isPlatform) redirect("/dashboard"); if (user.isPlatform) redirect("/dashboard");
if (!canMutate(user)) redirect("/dashboard"); if (!canMutate(user)) redirect("/dashboard");
if (user.isPersonal) {
const [allTenants, activeRequests] = await Promise.all([
listTenants(),
listActiveTenantRequestsByOrgId(user.orgId),
]);
const ownTenants = allTenants.filter(
(t) => t.metadata.labels?.["pieced.ch/zitadel-org-id"] === user.orgId
);
if (
personalAccountAtCapacity(
user.isPersonal,
ownTenants.length,
activeRequests.length
)
) {
redirect("/dashboard");
}
}
const t = await getTranslations("dashboard"); const t = await getTranslations("dashboard");
return ( return (
@@ -43,7 +69,11 @@ export default async function NewInstancePage() {
</div> </div>
<div className="animate-in animate-in-delay-1"> <div className="animate-in animate-in-delay-1">
<OnboardingFlow orgName={user.orgName} /> <OnboardingFlow
orgName={user.orgName}
userName={user.name}
userEmail={user.email}
/>
</div> </div>
</div> </div>
); );

19
src/app/[locale]/dashboard/page.tsx
View File

@@ -8,6 +8,7 @@ import {
canSeeInflightRequests, canSeeInflightRequests,
isUserScoped, isUserScoped,
} from "@/lib/visibility"; } from "@/lib/visibility";
import { personalAccountAtCapacity } from "@/lib/personal-org";
import { Card, CardHeader } from "@/components/ui/card"; import { Card, CardHeader } from "@/components/ui/card";
import { StatusBadge } from "@/components/ui/status-badge"; import { StatusBadge } from "@/components/ui/status-badge";
import { OnboardingFlow } from "@/components/onboarding/onboarding-flow"; import { OnboardingFlow } from "@/components/onboarding/onboarding-flow";
@@ -179,7 +180,17 @@ export default async function DashboardPage() {
// the admin panel anyway) see the "Create new instance" link. A // the admin panel anyway) see the "Create new instance" link. A
// `user`-role member sees the dashboard but not the create flow — // `user`-role member sees the dashboard but not the create flow —
// they need to ask an owner. // they need to ask an owner.
const canCreate = canMutate(user); //
// Bug 5: personal accounts are 1-instance by design. Once a personal
// account has either an active tenant OR an in-flight request, the
// create button must disappear. The matching server-side guard is
// in `/api/onboarding` so direct POSTs are also rejected.
const personalAtCapacity = personalAccountAtCapacity(
user.isPersonal,
orgScopedTenants.length,
inflightRequests.length
);
const canCreate = canMutate(user) && !personalAtCapacity;
// First-time / no-visibility branch. // First-time / no-visibility branch.
// //
@@ -262,7 +273,11 @@ export default async function DashboardPage() {
</div> </div>
<div className="animate-in animate-in-delay-1"> <div className="animate-in animate-in-delay-1">
<OnboardingFlow orgName={user.orgName} /> <OnboardingFlow
orgName={user.orgName}
userName={user.name}
userEmail={user.email}
/>
</div> </div>
</div> </div>
); );

323
src/app/[locale]/register/page.tsx
View File

@@ -6,42 +6,66 @@ import { useRouter } from "next/navigation";
import { Card } from "@/components/ui/card"; import { Card } from "@/components/ui/card";
type FormState = "idle" | "submitting" | "success" | "error"; type FormState = "idle" | "submitting" | "success" | "error";
type AccountType = "personal" | "company";
/** /**
* Slice 4: a "Register as individual" toggle distinguishes personal * Registration entry — Bug 1 redesign.
* accounts from company registrations. When the toggle is on: *
* - the company name field is hidden (and not sent) * Previously a hidden checkbox ("Register as an individual") sat on top
* - the server skips the duplicate-domain check * of the company-flavoured form, which buried personal accounts under a
* - the ZITADEL org is named "{givenName} {familyName} (Personal)" * single click that most users miss. The new layout puts a primary
* account-type chooser at the top: two large cards, one for Personal,
* one for Company. Selection is required before the form below
* appears, so the rest of the layout adapts cleanly without a
* collapsing-checkbox feel.
*
* Bug 12: per-field validation runs on submit. The native HTML required
* attribute already blocks empty submits at the browser level; the
* server-side Zod schema in `/api/register` is the authoritative
* second line of defence.
*
* Behaviour:
* - "Personal account": company-name field is hidden; on submit, the
* server generates an opaque `personal-{8hex}` org name (Bug 9).
* - "Company account": company-name field is required; the server
* additionally runs the duplicate-domain check.
* - Returning users (those who arrive here by accident) can switch
* types after picking — the choice cards stay clickable above the
* form. Field state is preserved across switches so they don't
* have to re-type their name.
*/ */
export default function RegisterPage() { export default function RegisterPage() {
const t = useTranslations("register"); const t = useTranslations("register");
const tCommon = useTranslations("common"); const tCommon = useTranslations("common");
const router = useRouter(); const router = useRouter();
const [accountType, setAccountType] = useState<AccountType | null>(null);
const [form, setForm] = useState({ const [form, setForm] = useState({
companyName: "", companyName: "",
givenName: "", givenName: "",
familyName: "", familyName: "",
email: "", email: "",
}); });
const [isPersonal, setIsPersonal] = useState(false);
const [state, setState] = useState<FormState>("idle"); const [state, setState] = useState<FormState>("idle");
const [error, setError] = useState(""); const [error, setError] = useState("");
const isPersonal = accountType === "personal";
const handleChange = (e: React.ChangeEvent<HTMLInputElement>) => { const handleChange = (e: React.ChangeEvent<HTMLInputElement>) => {
setForm((prev) => ({ ...prev, [e.target.name]: e.target.value })); setForm((prev) => ({ ...prev, [e.target.name]: e.target.value }));
}; };
const handleSubmit = async (e: React.FormEvent) => { const handleSubmit = async (e: React.FormEvent) => {
e.preventDefault(); e.preventDefault();
if (!accountType) return; // Should be impossible — submit button is gated
setError(""); setError("");
setState("submitting"); setState("submitting");
try { try {
// Build the request body explicitly. For personals we omit // Build the request body explicitly. For personals we omit
// companyName so the server knows to derive the org name from // companyName so the server generates an opaque ZITADEL org name
// the user's full name. The Zod schema accepts the omission. // (`personal-{8hex}`); the Zod schema accepts the omission.
const body: Record<string, unknown> = { const body: Record<string, unknown> = {
givenName: form.givenName, givenName: form.givenName,
familyName: form.familyName, familyName: form.familyName,
@@ -60,9 +84,6 @@ export default function RegisterPage() {
if (!res.ok) { if (!res.ok) {
const data = await res.json(); const data = await res.json();
// Localize known structured codes; fall back to server-supplied
// English message for everything else (validation, ZITADEL errors,
// generic 500s).
if (data.code === "duplicate_domain" && data.domain) { if (data.code === "duplicate_domain" && data.domain) {
throw new Error(t("duplicateDomain", { domain: data.domain })); throw new Error(t("duplicateDomain", { domain: data.domain }));
} }
@@ -118,120 +139,212 @@ export default function RegisterPage() {
<p className="text-sm text-text-secondary">{t("subtitle")}</p> <p className="text-sm text-text-secondary">{t("subtitle")}</p>
</div> </div>
<Card className="animate-in animate-in-delay-1"> {/* Account type chooser — required first step */}
<form onSubmit={handleSubmit} className="space-y-4"> <div
{/* Personal-account toggle */} role="radiogroup"
<label className="flex items-start gap-3 cursor-pointer select-none p-3 rounded-lg border border-border bg-surface-2 hover:border-accent/40 transition-colors"> aria-label={t("accountTypeLabel")}
<input className="grid grid-cols-2 gap-3 mb-6 animate-in animate-in-delay-1"
type="checkbox" >
checked={isPersonal} <AccountTypeCard
onChange={(e) => setIsPersonal(e.target.checked)} selected={accountType === "personal"}
className="mt-0.5 h-4 w-4 rounded border-border bg-surface-1 text-accent focus:ring-1 focus:ring-accent focus:ring-offset-0" onClick={() => setAccountType("personal")}
/> label={t("personalCardTitle")}
<div className="flex-1 min-w-0"> description={t("personalCardDescription")}
<div className="text-sm font-medium text-text-primary"> icon={
{t("individualToggle")} <svg
className="h-5 w-5"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
strokeWidth={1.5}
aria-hidden="true"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z"
/>
</svg>
}
/>
<AccountTypeCard
selected={accountType === "company"}
onClick={() => setAccountType("company")}
label={t("companyCardTitle")}
description={t("companyCardDescription")}
icon={
<svg
className="h-5 w-5"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
strokeWidth={1.5}
aria-hidden="true"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
d="M3 21V7l9-4 9 4v14M9 21V11h6v10M5 21h14"
/>
</svg>
}
/>
</div>
{/* Form — only shown after a choice is made. Animation
delay-2 lines up with the cards animating in first, so
the form feels like it appears in response to selection. */}
{accountType && (
<Card className="animate-in animate-in-delay-2">
<form onSubmit={handleSubmit} className="space-y-4" noValidate>
{/* Company name — only for company accounts (Bug 2 mirror) */}
{!isPersonal && (
<div>
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5">
{t("companyName")}
</label>
<input
name="companyName"
type="text"
required
value={form.companyName}
onChange={handleChange}
placeholder={t("companyNamePlaceholder")}
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary placeholder:text-text-muted focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors"
/>
</div> </div>
<div className="text-xs text-text-muted mt-0.5"> )}
{t("individualHint")}
{/* Name row */}
<div className="grid grid-cols-2 gap-3">
<div>
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5">
{t("givenName")}
</label>
<input
name="givenName"
type="text"
required
value={form.givenName}
onChange={handleChange}
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary placeholder:text-text-muted focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors"
/>
</div>
<div>
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5">
{t("familyName")}
</label>
<input
name="familyName"
type="text"
required
value={form.familyName}
onChange={handleChange}
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary placeholder:text-text-muted focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors"
/>
</div> </div>
</div> </div>
</label>
{/* Company name — hidden for personal */} {/* Email */}
{!isPersonal && (
<div> <div>
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5"> <label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5">
{t("companyName")} {t("email")}
</label> </label>
<input <input
name="companyName" name="email"
type="text" type="email"
required required
value={form.companyName} value={form.email}
onChange={handleChange} onChange={handleChange}
placeholder={t("companyNamePlaceholder")} placeholder={isPersonal ? "you@example.ch" : "you@company.ch"}
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary placeholder:text-text-muted focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors" className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary placeholder:text-text-muted focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors"
/> />
</div> </div>
)}
{/* Name row */} {error && (
<div className="grid grid-cols-2 gap-3"> <div className="text-xs text-red-400 bg-red-400/10 border border-red-400/20 rounded-lg px-3 py-2">
<div> {error}
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5"> </div>
{t("givenName")} )}
</label>
<input
name="givenName"
type="text"
required
value={form.givenName}
onChange={handleChange}
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary placeholder:text-text-muted focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors"
/>
</div>
<div>
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5">
{t("familyName")}
</label>
<input
name="familyName"
type="text"
required
value={form.familyName}
onChange={handleChange}
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary placeholder:text-text-muted focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors"
/>
</div>
</div>
{/* Email */} <button
<div> type="submit"
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5"> disabled={state === "submitting"}
{t("email")} className="w-full py-2.5 px-4 bg-accent text-white text-sm font-medium rounded-lg hover:bg-accent-dim transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
</label> >
<input {state === "submitting" ? tCommon("loading") : t("submit")}
name="email" </button>
type="email" </form>
required
value={form.email}
onChange={handleChange}
placeholder={isPersonal ? "you@example.ch" : "you@company.ch"}
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary placeholder:text-text-muted focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors"
/>
</div>
{error && ( <p className="text-xs text-text-muted text-center mt-4">
<div className="text-xs text-red-400 bg-red-400/10 border border-red-400/20 rounded-lg px-3 py-2"> {t("hasAccount")}{" "}
{error} <a
</div> href="/login"
)} className="text-accent hover:text-accent-dim transition-colors"
>
{tCommon("login")}
</a>
</p>
</Card>
)}
<button <p className="text-xs text-text-muted text-center mt-6 animate-in animate-in-delay-3">
type="submit"
disabled={state === "submitting"}
className="w-full py-2.5 px-4 bg-accent text-white text-sm font-medium rounded-lg hover:bg-accent-dim transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
>
{state === "submitting" ? tCommon("loading") : t("submit")}
</button>
</form>
<p className="text-xs text-text-muted text-center mt-4">
{t("hasAccount")}{" "}
<a
href="/login"
className="text-accent hover:text-accent-dim transition-colors"
>
{tCommon("login")}
</a>
</p>
</Card>
<p className="text-xs text-text-muted text-center mt-6 animate-in animate-in-delay-2">
{t("footer")} {t("footer")}
</p> </p>
</div> </div>
</div> </div>
); );
} }
/**
* Account-type radio card. Visually a card, semantically a radio: arrow
* keys move between cards, Space/Enter selects.
*
* Selected state is rendered with the accent ring + tinted background;
* unselected is the standard surface-2 with hover affordance. The icon
* and text colours intensify when selected to give a clear "this one
* is on" signal beyond just the border colour.
*/
function AccountTypeCard({
selected,
onClick,
label,
description,
icon,
}: {
selected: boolean;
onClick: () => void;
label: string;
description: string;
icon: React.ReactNode;
}) {
return (
<button
type="button"
role="radio"
aria-checked={selected}
onClick={onClick}
className={`text-left rounded-xl border p-4 transition-colors cursor-pointer focus:outline-none focus:ring-2 focus:ring-accent/40 ${
selected
? "border-accent bg-accent/10"
: "border-border bg-surface-2 hover:border-accent/40 hover:bg-surface-3/30"
}`}
>
<div
className={`mb-2 ${
selected ? "text-accent" : "text-text-muted"
}`}
>
{icon}
</div>
<div
className={`text-sm font-semibold mb-0.5 ${
selected ? "text-text-primary" : "text-text-primary"
}`}
>
{label}
</div>
<div className="text-xs text-text-muted leading-snug">{description}</div>
</button>
);
}

6
src/app/[locale]/team/page.tsx
View File

@@ -21,6 +21,12 @@ export default async function TeamPage() {
const user = await getSessionUser(); const user = await getSessionUser();
if (!user) redirect("/login"); if (!user) redirect("/login");
if (!canMutate(user)) redirect("/dashboard"); if (!canMutate(user)) redirect("/dashboard");
// Bug 8: personal accounts have no team to manage. The page is
// structurally meaningless and the invite form would create extra
// ZITADEL users in a single-user org. Redirect cleanly. The matching
// API guards in `/api/team` and `/api/team/invite` enforce the same
// rule on direct calls.
if (user.isPersonal) redirect("/dashboard");
const t = await getTranslations("team"); const t = await getTranslations("team");
const tDashboard = await getTranslations("dashboard"); const tDashboard = await getTranslations("dashboard");

90
src/app/[locale]/tenants/[name]/page.tsx
View File

@@ -9,6 +9,7 @@ import { PackageList } from "@/components/packages/package-list";
import { WorkspaceEditor } from "@/components/packages/workspace-editor"; import { WorkspaceEditor } from "@/components/packages/workspace-editor";
import { ChannelUsers } from "@/components/channel-users/channel-users"; import { ChannelUsers } from "@/components/channel-users/channel-users";
import { AssignedUsersPanel } from "@/components/tenants/assigned-users-panel"; import { AssignedUsersPanel } from "@/components/tenants/assigned-users-panel";
import { SubscriptionToggle } from "@/components/tenants/subscription-toggle";
import { formatDateTime, formatRelative } from "@/lib/format"; import { formatDateTime, formatRelative } from "@/lib/format";
const CHANNEL_PACKAGES = ["telegram", "discord", "email"]; const CHANNEL_PACKAGES = ["telegram", "discord", "email"];
@@ -40,6 +41,24 @@ export default async function TenantDetailPage({
// the same page but with edit controls hidden / fields read-only. // the same page but with edit controls hidden / fields read-only.
const canEdit = canMutate(user); const canEdit = canMutate(user);
// Bug 31: customer-side cancel/resume control. Same gate as canEdit
// — only owners (or platform staff) may toggle the subscription.
// The current state comes from spec.suspend on the CR.
const isSuspended = Boolean(tenant.spec.suspend);
// Bug 7: assigned-users panel is meaningless for personal tenants
// (sole-owner by definition; the only "assignee" is the owner
// themselves). We hide the panel when EITHER the CR carries the
// `pieced.ch/personal=true` label (set at approve time for new
// personal tenants) OR the viewer is on a personal account (covers
// legacy tenants approved before the label was added; the customer
// sees their own personal tenant). Platform admins viewing a legacy
// unlabeled personal tenant are the only case where this falls
// through to "show panel" — operators can `kubectl label` to fix.
const isPersonalTenant =
tenant.metadata.labels?.["pieced.ch/personal"] === "true" ||
user.isPersonal;
const enabledPackages = tenant.spec.packages || []; const enabledPackages = tenant.spec.packages || [];
const workspaceFiles = tenant.spec.workspaceFiles || {}; const workspaceFiles = tenant.spec.workspaceFiles || {};
const enabledChannels = enabledPackages.filter((pkg) => const enabledChannels = enabledPackages.filter((pkg) =>
@@ -89,6 +108,41 @@ export default async function TenantDetailPage({
)} )}
</div> </div>
{/* Bug 31: prominent banner when the subscription is cancelled.
Sits between header and content so it's the first thing the
owner sees. Says clearly what state means, and that data is
preserved. The Resume action lives in the SubscriptionToggle
at the bottom — duplicating it here would clutter the banner
for the much-more-common active case. */}
{isSuspended && (
<div className="mb-8 animate-in animate-in-delay-1 bg-amber-500/10 border border-amber-500/30 rounded-xl p-4">
<div className="flex items-start gap-3">
<svg
className="h-5 w-5 text-amber-400 shrink-0 mt-0.5"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
strokeWidth={1.5}
aria-hidden="true"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
d="M12 9v3.75m9-.75a9 9 0 11-18 0 9 9 0 0118 0zM12 15.75h.008v.008H12v-.008z"
/>
</svg>
<div className="min-w-0">
<div className="text-sm font-semibold text-amber-300">
{t("suspendedTitle")}
</div>
<div className="text-xs text-text-secondary mt-1">
{t("suspendedDescription")}
</div>
</div>
</div>
</div>
)}
{/* Usage */} {/* Usage */}
<section className="mb-8 animate-in animate-in-delay-1"> <section className="mb-8 animate-in animate-in-delay-1">
<h2 className="text-xs font-semibold uppercase tracking-wider text-text-muted mb-3"> <h2 className="text-xs font-semibold uppercase tracking-wider text-text-muted mb-3">
@@ -132,13 +186,35 @@ export default async function TenantDetailPage({
{/* Slice 7: Assigned users — visible to anyone who can see the {/* Slice 7: Assigned users — visible to anyone who can see the
tenant, editable only by owners/platform users. The component tenant, editable only by owners/platform users. The component
fetches its own data so the page doesn't need to await. */} fetches its own data so the page doesn't need to await.
<section className="mt-8 animate-in animate-in-delay-4"> Bug 7: hidden entirely for personal tenants. */}
<h2 className="text-xs font-semibold uppercase tracking-wider text-text-muted mb-3"> {!isPersonalTenant && (
{t("assignedUsers")} <section className="mt-8 animate-in animate-in-delay-4">
</h2> <h2 className="text-xs font-semibold uppercase tracking-wider text-text-muted mb-3">
<AssignedUsersPanel tenantName={name} canEdit={canEdit} /> {t("assignedUsers")}
</section> </h2>
<AssignedUsersPanel tenantName={name} canEdit={canEdit} />
</section>
)}
{/* Bug 31: subscription cancel/resume — owners + platform staff
only. Lives at the bottom of the page (rather than near the
status badge) to add deliberate friction; mis-clicking
"Cancel subscription" from the top would be too easy. The
control itself opens a confirmation modal before sending. */}
{canEdit && (
<section className="mt-12 pt-8 border-t border-border animate-in animate-in-delay-4">
<h2 className="text-xs font-semibold uppercase tracking-wider text-text-muted mb-3">
{t("subscriptionTitle")}
</h2>
<p className="text-sm text-text-secondary mb-4">
{isSuspended
? t("subscriptionDescriptionSuspended")
: t("subscriptionDescriptionActive")}
</p>
<SubscriptionToggle tenantName={name} suspended={isSuspended} />
</section>
)}
</div> </div>
); );
} }

9
src/app/api/admin/requests/[id]/approve/route.ts
View File

@@ -123,6 +123,15 @@ export async function POST(
}, },
{ {
"pieced.ch/zitadel-org-id": tenantRequest.zitadelOrgId, "pieced.ch/zitadel-org-id": tenantRequest.zitadelOrgId,
// Bug 7: stamp the personal flag on the CR so callers (notably
// the tenant detail page) can hide assignment-related UI
// without an extra DB join. Slice 4 already tracks this on the
// request row; the CR label is the same fact at the K8s layer.
// Legacy tenants approved before this change won't carry the
// label — operators can backfill with `kubectl label`.
...(tenantRequest.isPersonal
? { "pieced.ch/personal": "true" }
: {}),
} }
); );

51
src/app/api/onboarding/route.ts
View File

@@ -16,34 +16,10 @@ import {
import { sendAdminNotificationEmail } from "@/lib/email"; import { sendAdminNotificationEmail } from "@/lib/email";
import { encryptSecrets } from "@/lib/crypto"; import { encryptSecrets } from "@/lib/crypto";
import { isPersonalOrgName } from "@/lib/personal-org"; import { isPersonalOrgName } from "@/lib/personal-org";
import { onboardingSchema } from "@/lib/validation";
import type { OnboardingInput, PiecedTenant, TenantRequest } from "@/types"; import type { OnboardingInput, PiecedTenant, TenantRequest } from "@/types";
import { z } from "zod"; import { z } from "zod";
const onboardingSchema = z.object({
instanceName: z
.string()
.trim()
.max(80)
.optional()
// Empty string from a form input → drop to undefined so the DB stores NULL
.transform((v) => (v && v.length > 0 ? v : undefined)),
agentName: z.string().min(1).max(50),
soulMd: z.string().max(10_000).optional(),
agentsMd: z.string().max(10_000).optional(),
packages: z.array(z.string()).optional(),
packageSecrets: z
.record(z.string(), z.record(z.string(), z.string()))
.optional(),
billingAddress: z.object({
company: z.string().optional(),
street: z.string().optional(),
city: z.string().optional(),
postalCode: z.string().optional(),
country: z.string().optional(),
}),
billingNotes: z.string().max(2_000).optional(),
});
/** /**
* Helper: shape a TenantRequest row for client consumption. * Helper: shape a TenantRequest row for client consumption.
* Hides server-only fields (encryptedSecrets, internal db ids). * Hides server-only fields (encryptedSecrets, internal db ids).
@@ -217,6 +193,31 @@ export async function POST(request: Request) {
// the org-name check should agree.) // the org-name check should agree.)
const isPersonal = prior?.isPersonal ?? isPersonalOrgName(user.orgName); const isPersonal = prior?.isPersonal ?? isPersonalOrgName(user.orgName);
// Bug 5: personal accounts are 1-instance by design. If there's
// already an active tenant or an in-flight request for this user's
// org, reject the submission outright. Server-side only check;
// matching UI guards live on /dashboard (button hidden) and
// /dashboard/new (server-redirect to /dashboard).
if (isPersonal) {
const [allTenants, activeRequests] = await Promise.all([
listTenants(),
listActiveTenantRequestsByOrgId(user.orgId),
]);
const ownTenants = allTenants.filter(
(t) => t.metadata.labels?.["pieced.ch/zitadel-org-id"] === user.orgId
);
if (ownTenants.length > 0 || activeRequests.length > 0) {
return NextResponse.json(
{
error:
"Personal accounts are limited to one instance. Cancel your existing request or contact support to change plan.",
code: "personal_account_at_capacity",
},
{ status: 403 }
);
}
}
// Encrypt package secrets if provided // Encrypt package secrets if provided
let encryptedSecrets: Buffer | undefined; let encryptedSecrets: Buffer | undefined;
if (input.packageSecrets && Object.keys(input.packageSecrets).length > 0) { if (input.packageSecrets && Object.keys(input.packageSecrets).length > 0) {

32
src/app/api/register/route.ts
View File

@@ -2,6 +2,7 @@ import { NextRequest, NextResponse } from "next/server";
import { registerCustomer } from "@/lib/zitadel"; import { registerCustomer } from "@/lib/zitadel";
import { rateLimit } from "@/lib/rate-limit"; import { rateLimit } from "@/lib/rate-limit";
import { checkDuplicateDomain } from "@/lib/db"; import { checkDuplicateDomain } from "@/lib/db";
import { generatePersonalOrgName } from "@/lib/personal-org";
import type { RegistrationInput } from "@/types"; import type { RegistrationInput } from "@/types";
import { z } from "zod"; import { z } from "zod";
@@ -13,11 +14,10 @@ import { z } from "zod";
* - `companyName` is no longer always required. It's required when * - `companyName` is no longer always required. It's required when
* `isPersonal` is false/absent, ignored when `isPersonal` is true. * `isPersonal` is false/absent, ignored when `isPersonal` is true.
* - `isPersonal` flag distinguishes personal accounts. The server * - `isPersonal` flag distinguishes personal accounts. The server
* derives the ZITADEL org name from `${givenName} ${familyName} * derives the ZITADEL org name from a generated opaque ID
* (Personal)` for personals — the suffix is the canonical marker * (`personal-{8hex}`) — see `lib/personal-org.ts` for the format
* that downstream code (onboarding POST, admin views) uses to * spec. Customers cannot rename their own org, so the marker is
* distinguish personal orgs from companies. Customers cannot rename * stable.
* their own org, so the suffix is stable.
* - Personal accounts skip the duplicate-domain check entirely. Their * - Personal accounts skip the duplicate-domain check entirely. Their
* row is also excluded from future domain checks (see * row is also excluded from future domain checks (see
* `lib/domain-check.ts::findDuplicateInDb`). * `lib/domain-check.ts::findDuplicateInDb`).
@@ -44,15 +44,6 @@ const registrationSchema = z
const RATE_LIMIT = 3; const RATE_LIMIT = 3;
const RATE_WINDOW_MS = 3_600_000; // 1 hour const RATE_WINDOW_MS = 3_600_000; // 1 hour
/**
* Suffix appended to personal-account ZITADEL org names. Used here to
* build the org name and elsewhere (session.orgName check) to detect
* whether the current user is on a personal org.
*
* Keep this in sync with `isPersonalOrgName()` in `lib/personal-org.ts`.
*/
const PERSONAL_ORG_SUFFIX = " (Personal)";
export async function POST(request: NextRequest) { export async function POST(request: NextRequest) {
// --- Rate limiting --- // --- Rate limiting ---
const ip = const ip =
@@ -116,14 +107,13 @@ export async function POST(request: NextRequest) {
// //
// For company: use the customer-supplied companyName (already // For company: use the customer-supplied companyName (already
// validated to be present + ≥2 chars by the schema refinement). // validated to be present + ≥2 chars by the schema refinement).
// For personal: synthesise from full name + " (Personal)" suffix. // For personal: a fresh opaque ID like "personal-3f2a8b1c". The
// The suffix is the canonical marker for personal orgs. // user's actual display name is per-user (`session.user.name`),
// // so the GUI shows that instead — see `displayOrgNameFor()`.
// ZITADEL does NOT enforce org-name uniqueness, so two "Hans Müller // This keeps personal orgs collision-free (Bug 9: two people
// (Personal)" orgs can coexist; the org id is what matters for our // named "Eva Müller" both being able to register).
// labelling and lookups, the name is human-readable only.
const orgName = isPersonal const orgName = isPersonal
? `${input.givenName.trim()} ${input.familyName.trim()}${PERSONAL_ORG_SUFFIX}` ? generatePersonalOrgName()
: input.companyName!.trim(); : input.companyName!.trim();
const result = await registerCustomer({ const result = await registerCustomer({

6
src/app/api/team/[userId]/role/route.ts
View File

@@ -53,6 +53,12 @@ export async function PATCH(
if (!isCustomerOwner(user)) { if (!isCustomerOwner(user)) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 }); return NextResponse.json({ error: "Forbidden" }, { status: 403 });
} }
if (user.isPersonal) {
return NextResponse.json(
{ error: "Personal accounts have no team roles to change." },
{ status: 403 }
);
}
const { userId } = await params; const { userId } = await params;

10
src/app/api/team/invite/route.ts
View File

@@ -35,6 +35,16 @@ export async function POST(req: Request) {
if (!canMutate(user)) { if (!canMutate(user)) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 }); return NextResponse.json({ error: "Forbidden" }, { status: 403 });
} }
if (user.isPersonal) {
return NextResponse.json(
{
error:
"Personal accounts cannot invite additional members. Upgrade to a company account to add a team.",
code: "personal_account",
},
{ status: 403 }
);
}
const body = await req.json().catch(() => null); const body = await req.json().catch(() => null);
const parsed = inviteSchema.safeParse(body); const parsed = inviteSchema.safeParse(body);

6
src/app/api/team/route.ts
View File

@@ -24,6 +24,12 @@ export async function GET() {
if (!canMutate(user)) { if (!canMutate(user)) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 }); return NextResponse.json({ error: "Forbidden" }, { status: 403 });
} }
if (user.isPersonal) {
return NextResponse.json(
{ error: "Personal accounts do not have a team." },
{ status: 403 }
);
}
try { try {
const members = await getOrgMembers(user.orgId); const members = await getOrgMembers(user.orgId);

17
src/app/api/tenants/[name]/assignments/route.ts
View File

@@ -128,6 +128,23 @@ export async function POST(
{ status: 500 } { status: 500 }
); );
} }
// Bug 7 server-side counterpart: personal tenants are sole-owner
// by definition. Reject any assignment attempt — this matches the
// hidden panel on the detail page and stops a determined client
// (or platform user with a legacy unlabeled personal tenant) from
// creating spurious rows.
if (
tenant.metadata.labels?.["pieced.ch/personal"] === "true" ||
(!user.isPlatform && user.isPersonal)
) {
return NextResponse.json(
{
error: "Personal tenants do not support additional assignments.",
code: "personal_tenant",
},
{ status: 403 }
);
}
const body = await req.json().catch(() => null); const body = await req.json().catch(() => null);
const parsed = assignSchema.safeParse(body); const parsed = assignSchema.safeParse(body);

106
src/app/api/tenants/[name]/suspend/route.ts Normal file
View File

@@ -0,0 +1,106 @@
import { NextRequest, NextResponse } from "next/server";
import { z } from "zod";
import { getSessionUser, canMutate } from "@/lib/session";
import { getTenant, patchTenantSpec } from "@/lib/k8s";
import { canUserSeeTenant } from "@/lib/visibility";
import { safeError } from "@/lib/errors";
const patchSchema = z.object({
suspend: z.boolean(),
});
/**
* PATCH /api/tenants/[name]/suspend
*
* Customer-side "Cancel subscription" / "Resume" toggle (Bug 31).
*
* Sets `spec.suspend` on the PiecedTenant CR. The operator interprets
* this flag as "stop reconciling this tenant" — workloads, packages,
* and channel-user changes are no longer applied. Existing data is
* preserved (namespace, ConfigMaps, OpenBao secrets, CNPG database,
* billing records). Resuming sets the flag back to false and the
* operator picks up reconciliation on the next loop.
*
* Authorization
* -------------
* - Customer-side: only an `owner` of the tenant's org may call this.
* `canMutate` is the right gate (mirrors the rest of the customer
* API surface). User-role members cannot cancel a subscription.
* - Platform staff: allowed via `canMutate`'s isPlatform branch, but
* in practice they should use admin tooling for this — the action
* is exposed here for the customer's benefit.
*
* Visibility check is via `canUserSeeTenant` — same notFound() trick
* as the detail page, so we don't leak existence of tenants the
* caller can't see.
*
* Note on workload teardown
* -------------------------
* As of this writing, the operator's `suspend` handling is "skip
* reconciliation and set status.phase to Suspended". The underlying
* StatefulSet keeps running until next reconciliation, which won't
* happen while suspended. Group D will add scale-to-zero so cancelled
* subscriptions actually stop incurring compute. Until then, an
* operator following up with a `kubectl scale` is the workaround.
* Customer data is preserved either way.
*/
export async function PATCH(
req: NextRequest,
{ params }: { params: Promise<{ name: string }> }
) {
const user = await getSessionUser();
if (!user) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
if (!canMutate(user)) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const { name } = await params;
const tenant = await getTenant(name);
if (!tenant) {
return NextResponse.json({ error: "Not found" }, { status: 404 });
}
// Identical pattern to the detail page — don't leak existence.
if (!(await canUserSeeTenant(user, tenant))) {
return NextResponse.json({ error: "Not found" }, { status: 404 });
}
const body = await req.json().catch(() => null);
const parsed = patchSchema.safeParse(body);
if (!parsed.success) {
return NextResponse.json(
{ error: "Invalid input", details: parsed.error.flatten() },
{ status: 400 }
);
}
const { suspend } = parsed.data;
// No-op early exit. Avoids a needless K8s patch + status churn when
// the user double-clicks the button or the UI is briefly out of sync.
if (Boolean(tenant.spec.suspend) === suspend) {
return NextResponse.json(
{ message: "No change.", suspend },
{ status: 200 }
);
}
try {
await patchTenantSpec(name, { suspend });
return NextResponse.json(
{
message: suspend
? "Subscription cancelled. Your data is preserved."
: "Subscription resumed.",
suspend,
},
{ status: 200 }
);
} catch (e: any) {
console.error("Suspend toggle failed:", e);
return NextResponse.json(
{ error: safeError(e, "Failed to update subscription") },
{ status: e.statusCode || 500 }
);
}
}

17
src/components/admin/admin-panel.tsx
View File

@@ -199,7 +199,22 @@ export function AdminPanel({ initialTenants }: AdminPanelProps) {
throw new Error(data.error || "Delete failed"); throw new Error(data.error || "Delete failed");
} }
setDeleteModal(null); setDeleteModal(null);
await fetchTenants(); // Bug 32: K8s deletion is asynchronous — the resource enters a
// Terminating phase with a deletionTimestamp set, finalizers run,
// then the resource is fully removed. fetchTenants() right
// after the API call would race the K8s store and often still
// include the just-deleted row. Two complementary fixes:
// 1. Optimistically drop the row from local state so the UI
// reflects the user's intent immediately.
// 2. Schedule a delayed refetch (1.5s) to pick up any side
// effects (cascaded request rows, freshly-released names).
// The immediate fetchTenants() is kept as a "best chance" — if
// K8s does report the deletion synchronously (rare), we get the
// freshest data. If it doesn't, the optimistic update has us
// covered until the delayed refetch lands.
setTenants((prev) => prev.filter((t) => t.metadata.name !== name));
fetchTenants();
setTimeout(() => fetchTenants(), 1500);
} catch (e: any) { } catch (e: any) {
setError(e.message); setError(e.message);
} finally { } finally {

31
src/components/layout/nav-shell.tsx
View File

@@ -13,8 +13,13 @@ function NavBar() {
const pathname = usePathname(); const pathname = usePathname();
const user = (session as any)?.platformUser; const user = (session as any)?.platformUser;
const isLogin = pathname === "/login"; // Hide the nav entirely on auth-only routes. These pages have no
if (isLogin) return null; // session yet — showing "Dashboard" / "Sign Out" is misleading at
// best (the buttons would 401 or redirect-loop). Keep this list
// narrow and route-exact: anything else we add to the auth flow
// (e.g. password reset) needs to be added here too.
const isAuthRoute = pathname === "/login" || pathname === "/register";
if (isAuthRoute) return null;
return ( return (
<header className="sticky top-0 z-50 border-b border-border bg-surface-1/80 backdrop-blur-md"> <header className="sticky top-0 z-50 border-b border-border bg-surface-1/80 backdrop-blur-md">
@@ -40,11 +45,14 @@ function NavBar() {
<NavLink href="/dashboard" active={pathname === "/dashboard"}> <NavLink href="/dashboard" active={pathname === "/dashboard"}>
{t("dashboard")} {t("dashboard")}
</NavLink> </NavLink>
{/* Slice 7: /team is owner+platform only. Match server-side {/* Slice 7: /team is owner+platform only AND personal
gate (canMutate). The roles array carries either "owner" accounts are excluded — they have no team to manage
or "user" for customer sessions; isPlatform covers the (Bug 8). Match server-side gates (`canMutate`,
platform side. */} `user.isPersonal === false`). The roles array carries
either "owner" or "user" for customer sessions;
isPlatform covers the platform side. */}
{user && {user &&
!user.isPersonal &&
(user.isPlatform || (user.isPlatform ||
(Array.isArray(user.roles) && user.roles.includes("owner"))) && ( (Array.isArray(user.roles) && user.roles.includes("owner"))) && (
<NavLink href="/team" active={pathname === "/team"}> <NavLink href="/team" active={pathname === "/team"}>
@@ -62,8 +70,17 @@ function NavBar() {
{/* Right side */} {/* Right side */}
<div className="flex items-center gap-4"> <div className="flex items-center gap-4">
{user && ( {user && (
// For personal accounts the orgName is opaque
// ("personal-3f2a8b1c") or a synthetic legacy
// "Name (Personal)" — neither is what we want in the nav.
// Show the user's display name instead. The detection logic
// and fallback chain live in `lib/personal-org.ts`; keeping
// a thin inline branch here avoids importing a server-only
// helper into a client component.
<span className="hidden md:inline text-xs text-text-secondary font-mono"> <span className="hidden md:inline text-xs text-text-secondary font-mono">
{user.orgName} {user.isPersonal
? user.name || (user.email ? user.email.split("@")[0] : user.orgName)
: user.orgName}
</span> </span>
)} )}
<LanguageSwitcher /> <LanguageSwitcher />

15
src/components/onboarding/onboarding-flow.tsx
View File

@@ -5,6 +5,13 @@ import { OnboardingWizard } from "./wizard";
interface OnboardingFlowProps { interface OnboardingFlowProps {
orgName: string; orgName: string;
/**
* The user's display name. Forwarded to the wizard so personal
* accounts can show the user's own name where they would otherwise
* see an opaque org name. Ignored for company accounts.
*/
userName?: string;
userEmail?: string;
} }
/** /**
@@ -18,12 +25,18 @@ interface OnboardingFlowProps {
* level (which renders one `<ProvisioningStatus>` per pending request), * level (which renders one `<ProvisioningStatus>` per pending request),
* so this wrapper does just one thing: show the wizard, then navigate. * so this wrapper does just one thing: show the wizard, then navigate.
*/ */
export function OnboardingFlow({ orgName }: OnboardingFlowProps) { export function OnboardingFlow({
orgName,
userName,
userEmail,
}: OnboardingFlowProps) {
const router = useRouter(); const router = useRouter();
return ( return (
<OnboardingWizard <OnboardingWizard
orgName={orgName} orgName={orgName}
userName={userName}
userEmail={userEmail}
onComplete={() => { onComplete={() => {
// Navigate back to /dashboard and re-fetch on the server. The // Navigate back to /dashboard and re-fetch on the server. The
// parent server component will see the new `pending` row and // parent server component will see the new `pending` row and

512
src/components/onboarding/wizard.tsx
View File

@@ -4,7 +4,15 @@ import { useState, useCallback, useEffect, useRef } from "react";
import { useTranslations } from "next-intl"; import { useTranslations } from "next-intl";
import { Card } from "@/components/ui/card"; import { Card } from "@/components/ui/card";
import { PACKAGE_CATALOG, type PackageDef } from "@/lib/packages"; import { PACKAGE_CATALOG, type PackageDef } from "@/lib/packages";
import { isPersonalOrgName, PERSONAL_ORG_SUFFIX } from "@/lib/personal-org"; import { isPersonalOrgName, displayOrgNameFor } from "@/lib/personal-org";
import {
configureStepSchema,
billingStepSchema,
onboardingSchema,
fieldErrors,
SUPPORTED_COUNTRIES,
type SupportedCountry,
} from "@/lib/validation";
type Step = "welcome" | "configure" | "billing" | "confirm"; type Step = "welcome" | "configure" | "billing" | "confirm";
@@ -48,23 +56,41 @@ const CATEGORIES = [
interface WizardProps { interface WizardProps {
orgName: string; orgName: string;
/**
* The user's display name. Used as the visible label for personal
* accounts (where `orgName` is an opaque ID like "personal-3f2a8b1c"
* or a synthetic legacy "{name} (Personal)" string). Ignored for
* company accounts.
*/
userName?: string;
userEmail?: string;
onComplete: () => void; onComplete: () => void;
} }
export function OnboardingWizard({ orgName, onComplete }: WizardProps) { export function OnboardingWizard({
orgName,
userName,
userEmail,
onComplete,
}: WizardProps) {
const t = useTranslations("onboarding"); const t = useTranslations("onboarding");
const tPkg = useTranslations("packages"); const tPkg = useTranslations("packages");
const tCommon = useTranslations("common"); const tCommon = useTranslations("common");
const tCountries = useTranslations("countries");
// Slice 4: personal accounts have an org name of the form // Personal accounts have an org name that is either the legacy
// "{givenName} {familyName} (Personal)". For SOUL.md and the billing // "{givenName} {familyName} (Personal)" or the current opaque
// company line, strip the suffix so the visible string is the user's // "personal-{8hex}" form. Either way, the customer-facing display
// actual name (no stray "(Personal)" leaking onto invoices or into // should be the user's own name — never the org name. SOUL.md
// the assistant's prompt). // interpolation and the billing form follow the same rule so
// invoices and prompts don't leak "(Personal)" or "personal-3f2a..".
const isPersonal = isPersonalOrgName(orgName); const isPersonal = isPersonalOrgName(orgName);
const displayOrgName = isPersonal const displayOrgName = displayOrgNameFor({
? orgName.slice(0, -PERSONAL_ORG_SUFFIX.length).trim() name: userName,
: orgName; email: userEmail,
orgName,
isPersonal,
});
const [step, setStep] = useState<Step>("welcome"); const [step, setStep] = useState<Step>("welcome");
const [submitting, setSubmitting] = useState(false); const [submitting, setSubmitting] = useState(false);
@@ -142,11 +168,70 @@ export function OnboardingWizard({ orgName, onComplete }: WizardProps) {
const stepIndex = STEPS.indexOf(step); const stepIndex = STEPS.indexOf(step);
// Bug 12 — per-step validation. `errors` holds field-path → message
// for the inline labels under each input. We only populate it on
// attempted advancement; touching a field clears its own error so
// valid input doesn't keep showing stale messages.
const [errors, setErrors] = useState<Record<string, string>>({});
const clearError = useCallback((path: string) => {
setErrors((prev) => {
if (!prev[path]) return prev;
const next = { ...prev };
delete next[path];
return next;
});
}, []);
/**
* Validate the current step against its schema. On success: clear
* errors and return true. On failure: populate errors and return
* false so the caller can refuse to advance.
*
* Welcome and configure-step have no schema interaction with billing
* fields — keeping the schemas narrow means we don't surface a
* billing error when the user is still typing on the configure step.
*/
const validateStep = (s: Step): boolean => {
if (s === "welcome") return true;
if (s === "configure") {
const r = configureStepSchema.safeParse({ agentName: config.agentName });
if (r.success) {
setErrors({});
return true;
}
setErrors(fieldErrors(r.error));
return false;
}
if (s === "billing") {
const r = billingStepSchema.safeParse({
billingAddress: config.billingAddress,
});
if (r.success) {
setErrors({});
return true;
}
setErrors(fieldErrors(r.error));
return false;
}
// confirm: validate the union (defence in depth — submit handler
// also runs onboardingSchema before POST).
const r = onboardingSchema.safeParse(config);
if (r.success) {
setErrors({});
return true;
}
setErrors(fieldErrors(r.error));
return false;
};
const goNext = () => { const goNext = () => {
if (!validateStep(step)) return;
if (stepIndex < STEPS.length - 1) setStep(STEPS[stepIndex + 1]); if (stepIndex < STEPS.length - 1) setStep(STEPS[stepIndex + 1]);
}; };
const goBack = () => { const goBack = () => {
// Going back never re-validates; the user's existing errors stay
// pinned to fields so they can fix them after navigating back.
if (stepIndex > 0) setStep(STEPS[stepIndex - 1]); if (stepIndex > 0) setStep(STEPS[stepIndex - 1]);
}; };
@@ -199,6 +284,17 @@ export function OnboardingWizard({ orgName, onComplete }: WizardProps) {
}; };
const handleSubmit = async () => { const handleSubmit = async () => {
// Defence in depth: re-run the full schema before sending. The
// server schema is the authoritative gate but we save a round trip
// by catching any client-side gaps here. In practice this should
// never fail at this point — the per-step validators have already
// caught everything — but a future regression in the per-step
// schemas would otherwise let the bad payload through.
if (!validateStep("confirm")) {
setError(t("validationError"));
return;
}
setSubmitting(true); setSubmitting(true);
setError(""); setError("");
@@ -339,19 +435,21 @@ export function OnboardingWizard({ orgName, onComplete }: WizardProps) {
</p> </p>
</div> </div>
<div> <FieldWithError error={errors.agentName}>
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5"> <label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5">
{t("agentName")} {t("agentName")} <RequiredMark />
</label> </label>
<input <input
type="text" type="text"
required
value={config.agentName} value={config.agentName}
onChange={(e) => onChange={(e) => {
setConfig((prev) => ({ ...prev, agentName: e.target.value })) clearError("agentName");
} setConfig((prev) => ({ ...prev, agentName: e.target.value }));
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors" }}
className={inputClass(errors.agentName)}
/> />
</div> </FieldWithError>
<div> <div>
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5"> <label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5">
@@ -618,106 +716,131 @@ export function OnboardingWizard({ orgName, onComplete }: WizardProps) {
</p> </p>
<div className="space-y-4"> <div className="space-y-4">
<div> {/* Bug 2: company line is meaningless for personal accounts.
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5"> Hide entirely rather than render an empty disabled field
{t("billingCompany")} — the latter would just suggest the customer should
</label> fill it in. */}
<input {!isPersonal && (
type="text" <div>
value={config.billingAddress.company} <label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5">
onChange={(e) => {t("billingCompany")}
setConfig((prev) => ({ </label>
...prev, <input
billingAddress: { type="text"
...prev.billingAddress, value={config.billingAddress.company}
company: e.target.value, onChange={(e) => {
}, clearError("billingAddress.company");
})) setConfig((prev) => ({
} ...prev,
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors" billingAddress: {
/> ...prev.billingAddress,
</div> company: e.target.value,
},
}));
}}
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors"
/>
</div>
)}
<div> <FieldWithError error={errors["billingAddress.street"]}>
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5"> <label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5">
{t("billingStreet")} {t("billingStreet")} <RequiredMark />
</label> </label>
<input <input
type="text" type="text"
required
value={config.billingAddress.street} value={config.billingAddress.street}
onChange={(e) => onChange={(e) => {
clearError("billingAddress.street");
setConfig((prev) => ({ setConfig((prev) => ({
...prev, ...prev,
billingAddress: { billingAddress: {
...prev.billingAddress, ...prev.billingAddress,
street: e.target.value, street: e.target.value,
}, },
})) }));
} }}
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors" className={inputClass(errors["billingAddress.street"])}
/> />
</div> </FieldWithError>
<div className="grid grid-cols-3 gap-3"> <div className="grid grid-cols-3 gap-3">
<div> <FieldWithError error={errors["billingAddress.postalCode"]}>
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5"> <label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5">
{t("billingPostalCode")} {t("billingPostalCode")} <RequiredMark />
</label> </label>
<input <input
type="text" type="text"
required
value={config.billingAddress.postalCode} value={config.billingAddress.postalCode}
onChange={(e) => onChange={(e) => {
clearError("billingAddress.postalCode");
setConfig((prev) => ({ setConfig((prev) => ({
...prev, ...prev,
billingAddress: { billingAddress: {
...prev.billingAddress, ...prev.billingAddress,
postalCode: e.target.value, postalCode: e.target.value,
}, },
})) }));
} }}
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors" className={inputClass(errors["billingAddress.postalCode"])}
/> />
</div> </FieldWithError>
<div className="col-span-2"> <div className="col-span-2">
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5"> <FieldWithError error={errors["billingAddress.city"]}>
{t("billingCity")} <label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5">
</label> {t("billingCity")} <RequiredMark />
<input </label>
type="text" <input
value={config.billingAddress.city} type="text"
onChange={(e) => required
setConfig((prev) => ({ value={config.billingAddress.city}
...prev, onChange={(e) => {
billingAddress: { clearError("billingAddress.city");
...prev.billingAddress, setConfig((prev) => ({
city: e.target.value, ...prev,
}, billingAddress: {
})) ...prev.billingAddress,
} city: e.target.value,
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors" },
/> }));
}}
className={inputClass(errors["billingAddress.city"])}
/>
</FieldWithError>
</div> </div>
</div> </div>
<div> {/* Bug 3: country was a free-text field — typos broke
invoicing. Now a fixed list of DACH+ neighbours. Add
more codes to SUPPORTED_COUNTRIES in lib/validation.ts
when expanding markets. */}
<FieldWithError error={errors["billingAddress.country"]}>
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5"> <label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5">
{t("billingCountry")} {t("billingCountry")} <RequiredMark />
</label> </label>
<input <select
type="text"
value={config.billingAddress.country} value={config.billingAddress.country}
onChange={(e) => onChange={(e) => {
clearError("billingAddress.country");
setConfig((prev) => ({ setConfig((prev) => ({
...prev, ...prev,
billingAddress: { billingAddress: {
...prev.billingAddress, ...prev.billingAddress,
country: e.target.value, country: e.target.value as SupportedCountry,
}, },
})) }));
} }}
className="w-full px-3 py-2 bg-surface-2 border border-border rounded-lg text-sm text-text-primary focus:outline-none focus:ring-1 focus:ring-accent focus:border-accent transition-colors" className={inputClass(errors["billingAddress.country"])}
/> >
</div> {SUPPORTED_COUNTRIES.map((code) => (
<option key={code} value={code}>
{tCountries(code)}
</option>
))}
</select>
</FieldWithError>
<div> <div>
<label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5"> <label className="block text-xs font-semibold uppercase tracking-wider text-text-muted mb-1.5">
@@ -765,67 +888,92 @@ export function OnboardingWizard({ orgName, onComplete }: WizardProps) {
{t("confirmDescription")} {t("confirmDescription")}
</p> </p>
{/* Bug 4 redesign: previously this step only showed agentName
and city — useless for actually reviewing what's about to
be submitted. Now it shows the real config: instance
name, agent name, packages, billing one-liner, contact
email, and notes. Each row uses two columns rather than
flex-justify-between so long values wrap underneath the
label rather than being squashed onto one line. */}
<div className="space-y-4"> <div className="space-y-4">
<div className="bg-surface-2 border border-border rounded-lg p-4 space-y-3"> <div className="bg-surface-2 border border-border rounded-lg p-4 divide-y divide-border">
{config.instanceName.trim() && ( <ReviewRow
<div className="flex justify-between text-sm"> label={t("instanceName")}
<span className="text-text-muted">{t("instanceName")}</span> value={
<span className="text-text-primary font-mono"> config.instanceName.trim() || (
{config.instanceName.trim()} <span className="text-text-muted italic">
</span> {t("reviewInstanceDefault")}
</div> </span>
)} )
<div className="flex justify-between text-sm"> }
<span className="text-text-muted">{t("agentName")}</span> mono
<span className="text-text-primary font-mono"> />
{config.agentName} <ReviewRow
</span> label={t("agentName")}
</div> value={config.agentName}
{config.packages.length > 0 && ( mono
<div className="flex justify-between text-sm"> />
<span className="text-text-muted">{t("packages")}</span> <ReviewRow
<div className="flex flex-wrap gap-1 justify-end"> label={t("packages")}
{config.packages.map((pkg) => ( value={
<span config.packages.length === 0 ? (
key={pkg} <span className="text-text-muted italic">
className="text-xs font-mono bg-accent/10 text-accent border border-accent/20 rounded-full px-2 py-0.5" {t("reviewNoPackages")}
> </span>
{pkg} ) : (
</span> <div className="flex flex-wrap gap-1 justify-end">
))} {config.packages.map((pkg) => (
<span
key={pkg}
className="text-xs font-mono bg-accent/10 text-accent border border-accent/20 rounded-full px-2 py-0.5"
>
{pkg}
</span>
))}
</div>
)
}
/>
<ReviewRow
label={t("reviewBillingTo")}
value={
<div className="text-text-primary text-right">
{/* For personal: skip the company line so the
invoice rendering matches what the user actually
entered. For company: include it as the first
line. */}
{!isPersonal &&
config.billingAddress.company &&
config.billingAddress.company.trim().length > 0 && (
<div>{config.billingAddress.company}</div>
)}
<div>{config.billingAddress.street}</div>
<div>
{config.billingAddress.postalCode}{" "}
{config.billingAddress.city}
</div>
<div className="text-text-muted">
{tCountries(
config.billingAddress.country as SupportedCountry
)}
</div>
</div> </div>
</div> }
)} />
{config.packages.some((id) => <ReviewRow
PACKAGE_CATALOG.find((p) => p.id === id)?.requiresSecrets label={t("reviewContactEmail")}
) && ( value={userEmail || ""}
<div className="flex justify-between text-sm"> mono
<span className="text-text-muted"> />
{t("credentialsProvided")} {config.billingNotes.trim().length > 0 && (
</span> <ReviewRow
<span className="text-emerald-400 text-xs font-medium"> label={t("billingNotes")}
value={
</span> <span className="text-text-primary whitespace-pre-wrap text-right">
</div> {config.billingNotes}
)} </span>
{config.billingAddress.company && ( }
<div className="flex justify-between text-sm"> />
<span className="text-text-muted">
{t("billingCompany")}
</span>
<span className="text-text-primary">
{config.billingAddress.company}
</span>
</div>
)}
{config.billingAddress.city && (
<div className="flex justify-between text-sm">
<span className="text-text-muted">{t("billingCity")}</span>
<span className="text-text-primary">
{config.billingAddress.postalCode}{" "}
{config.billingAddress.city}
</span>
</div>
)} )}
</div> </div>
@@ -838,6 +986,25 @@ export function OnboardingWizard({ orgName, onComplete }: WizardProps) {
</div> </div>
)} )}
{/* Aggregate validation errors — if any per-step schema check
missed something (it shouldn't, but defence in depth),
the user sees a consolidated list here rather than a
silent submit failure. */}
{Object.keys(errors).length > 0 && (
<div className="text-xs text-red-400 bg-red-400/10 border border-red-400/20 rounded-lg px-3 py-2 mt-4">
<div className="font-semibold mb-1">
{t("validationErrorsTitle")}
</div>
<ul className="list-disc list-inside space-y-0.5">
{Object.entries(errors).map(([path, msg]) => (
<li key={path}>
<span className="font-mono">{path}</span>: {msg}
</li>
))}
</ul>
</div>
)}
<div className="flex justify-between mt-6"> <div className="flex justify-between mt-6">
<button <button
onClick={goBack} onClick={goBack}
@@ -858,3 +1025,74 @@ export function OnboardingWizard({ orgName, onComplete }: WizardProps) {
</div> </div>
); );
} }
/**
* Two-column review row used by the confirm step. Right-aligned value
* with the label as a muted prefix on the left.
*/
function ReviewRow({
label,
value,
mono,
}: {
label: string;
value: React.ReactNode;
mono?: boolean;
}) {
return (
<div className="flex justify-between gap-4 text-sm py-2 first:pt-0 last:pb-0">
<span className="text-text-muted shrink-0">{label}</span>
<span
className={`text-text-primary text-right min-w-0 break-words ${
mono ? "font-mono" : ""
}`}
>
{value}
</span>
</div>
);
}
/**
* Renders children + an inline error message if present. Children
* supply the label and input; this wrapper just appends the message.
*/
function FieldWithError({
error,
children,
}: {
error?: string;
children: React.ReactNode;
}) {
return (
<div>
{children}
{error && (
<p className="text-xs text-red-400 mt-1" role="alert">
{error}
</p>
)}
</div>
);
}
function RequiredMark() {
return (
<span aria-hidden="true" className="text-accent">
*
</span>
);
}
/**
* Tailwind class for input/select with optional error-state ring.
* Centralised here to keep the wizard's many fields visually
* consistent without repeating the long class string.
*/
function inputClass(error?: string): string {
return `w-full px-3 py-2 bg-surface-2 border rounded-lg text-sm text-text-primary placeholder:text-text-muted focus:outline-none focus:ring-1 transition-colors ${
error
? "border-red-400/60 focus:ring-red-400 focus:border-red-400"
: "border-border focus:ring-accent focus:border-accent"
}`;
}

157
src/components/tenants/subscription-toggle.tsx Normal file
View File

@@ -0,0 +1,157 @@
"use client";
import { useState } from "react";
import { useRouter } from "next/navigation";
import { useTranslations } from "next-intl";
interface Props {
tenantName: string;
/**
* Current suspend state — server-derived. The control toggles this
* via PATCH /api/tenants/[name]/suspend, then refreshes the route
* so server-component-side data (status badge, suspended notice)
* re-renders.
*/
suspended: boolean;
}
/**
* SubscriptionToggle — owner-side cancel/resume control (Bug 31).
*
* Renders a single button that toggles between "Cancel subscription"
* (when active) and "Resume subscription" (when suspended). Cancellation
* is gated behind a confirmation modal because it's destructive
* looking from the user's POV — even though no data is lost, the
* AI assistant becomes unavailable until they resume. Resume has no
* modal; it's a strict subset of cancellation in terms of risk.
*
* The control intentionally lives at the bottom of the tenant detail
* page rather than next to the status badge — putting it near the
* top would invite mis-clicks. Customers who want to cancel scroll
* past the running configuration, billing-relevant info, and assigned
* users first; that's the right friction level.
*
* Suspended tenants render a top-of-page banner separately (see the
* detail page); this component focuses on the action itself.
*/
export function SubscriptionToggle({ tenantName, suspended }: Props) {
const t = useTranslations("tenantDetail");
const tCommon = useTranslations("common");
const router = useRouter();
const [confirmOpen, setConfirmOpen] = useState(false);
const [submitting, setSubmitting] = useState(false);
const [error, setError] = useState("");
const toggleSuspend = async (next: boolean) => {
setSubmitting(true);
setError("");
try {
const res = await fetch(
`/api/tenants/${encodeURIComponent(tenantName)}/suspend`,
{
method: "PATCH",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ suspend: next }),
}
);
if (!res.ok) {
const data = await res.json().catch(() => ({}));
throw new Error(data.error || t("subscriptionUpdateFailed"));
}
setConfirmOpen(false);
// The status badge + suspended banner are server-rendered, so
// a route refresh is the simplest way to reflect the new state.
// Optimistic local toggle would diverge from the actual CR if
// the operator hasn't observed the patch yet.
router.refresh();
} catch (e: any) {
setError(e.message);
} finally {
setSubmitting(false);
}
};
if (suspended) {
return (
<div>
<button
type="button"
onClick={() => toggleSuspend(false)}
disabled={submitting}
className="text-sm font-medium px-4 py-2 rounded-lg border border-success/30 text-success hover:bg-success/10 transition-colors disabled:opacity-50"
>
{submitting ? tCommon("loading") : t("resumeSubscription")}
</button>
{error && <p className="text-xs text-red-400 mt-2">{error}</p>}
</div>
);
}
return (
<div>
<button
type="button"
onClick={() => setConfirmOpen(true)}
className="text-sm font-medium px-4 py-2 rounded-lg border border-border text-text-secondary hover:text-text-primary hover:border-text-secondary transition-colors"
>
{t("cancelSubscription")}
</button>
{error && !confirmOpen && (
<p className="text-xs text-red-400 mt-2">{error}</p>
)}
{confirmOpen && (
<div
role="dialog"
aria-modal="true"
className="fixed inset-0 z-50 flex items-center justify-center p-4 bg-black/60 backdrop-blur-sm"
onClick={(e) => {
if (e.target === e.currentTarget) setConfirmOpen(false);
}}
>
<div className="bg-surface-1 border border-border rounded-xl p-6 max-w-md w-full">
<h3 className="font-display text-lg font-semibold text-text-primary mb-2">
{t("cancelConfirmTitle")}
</h3>
<p className="text-sm text-text-secondary mb-3">
{t("cancelConfirmDescription")}
</p>
<ul className="text-xs text-text-muted list-disc list-inside space-y-1 mb-5">
<li>{t("cancelConfirmBullet1")}</li>
<li>{t("cancelConfirmBullet2")}</li>
<li>{t("cancelConfirmBullet3")}</li>
</ul>
{error && (
<div className="text-xs text-red-400 bg-red-400/10 border border-red-400/20 rounded-lg px-3 py-2 mb-3">
{error}
</div>
)}
<div className="flex justify-end gap-2">
<button
type="button"
onClick={() => setConfirmOpen(false)}
disabled={submitting}
className="text-sm px-4 py-2 rounded-lg border border-border text-text-secondary hover:text-text-primary transition-colors"
>
{tCommon("cancel")}
</button>
<button
type="button"
onClick={() => toggleSuspend(true)}
disabled={submitting}
className="text-sm px-4 py-2 rounded-lg bg-amber-500 text-white hover:bg-amber-600 transition-colors disabled:opacity-50"
>
{submitting
? tCommon("loading")
: t("cancelSubscriptionConfirm")}
</button>
</div>
</div>
</div>
)}
</div>
);
}

43
src/components/ui/status-badge.tsx
View File

@@ -1,18 +1,39 @@
"use client";
import { useTranslations } from "next-intl";
/**
* Visual treatment per phase. Each entry is a Tailwind class string
* applied to the badge. The `Pending` style is also used as a fallback
* for unknown phases — it's the most neutral colour.
*
* Slice 7 / Bug 31 added `Suspended`. It uses an amber-on-muted scheme
* to read as "intentionally paused" — distinct from `Error` (red) and
* `Deleting` (mute grey).
*/
const phaseStyles: Record<string, string> = { const phaseStyles: Record<string, string> = {
Running: Running: "bg-success/10 text-success border-success/20",
"bg-success/10 text-success border-success/20", Ready: "bg-success/10 text-success border-success/20",
Provisioning: Provisioning: "bg-warning/10 text-warning border-warning/20",
"bg-warning/10 text-warning border-warning/20", Pending: "bg-text-muted/10 text-text-secondary border-border",
Pending: Suspended: "bg-amber-500/10 text-amber-400 border-amber-500/30",
"bg-text-muted/10 text-text-secondary border-border", Error: "bg-error/10 text-error border-error/20",
Error: Deleting: "bg-text-muted/10 text-text-muted border-border",
"bg-error/10 text-error border-error/20",
Deleting:
"bg-text-muted/10 text-text-muted border-border",
}; };
export function StatusBadge({ phase }: { phase: string }) { export function StatusBadge({ phase }: { phase: string }) {
const t = useTranslations("phase");
const style = phaseStyles[phase] ?? phaseStyles.Pending; const style = phaseStyles[phase] ?? phaseStyles.Pending;
// Translation lookup with fallback to the raw phase. Keeps things
// working if a new operator-side phase ships before the portal has
// a label for it.
const label = (() => {
try {
return t(phase);
} catch {
return phase;
}
})();
return ( return (
<span <span
className={`inline-flex items-center gap-1.5 rounded-full border px-2.5 py-0.5 text-xs font-medium ${style}`} className={`inline-flex items-center gap-1.5 rounded-full border px-2.5 py-0.5 text-xs font-medium ${style}`}
@@ -23,7 +44,7 @@ export function StatusBadge({ phase }: { phase: string }) {
{phase === "Provisioning" && ( {phase === "Provisioning" && (
<span className="status-pulse h-1.5 w-1.5 rounded-full bg-warning" /> <span className="status-pulse h-1.5 w-1.5 rounded-full bg-warning" />
)} )}
{phase} {label}
</span> </span>
); );
} }

24
src/lib/auth.ts
View File

@@ -1,6 +1,7 @@
import NextAuth from "next-auth"; import NextAuth from "next-auth";
import type { NextAuthConfig } from "next-auth"; import type { NextAuthConfig } from "next-auth";
import type { PlatformRole, Role, SessionUser, ZitadelClaims } from "@/types"; import type { PlatformRole, Role, SessionUser, ZitadelClaims } from "@/types";
import { isPersonalOrgName } from "@/lib/personal-org";
const PLATFORM_ROLES: PlatformRole[] = ["platform_admin", "platform_operator"]; const PLATFORM_ROLES: PlatformRole[] = ["platform_admin", "platform_operator"];
@@ -57,21 +58,42 @@ export const authConfig: NextAuthConfig = {
claims["urn:zitadel:iam:org:project:roles"] claims["urn:zitadel:iam:org:project:roles"]
); );
token.accessToken = account.access_token; token.accessToken = account.access_token;
// Pin token.sub to the OIDC subject. Auth.js v5 otherwise puts a
// freshly generated UUID in token.sub on initial sign-in,
// ignoring what profile() returns for `id`. That UUID then
// becomes session.user.id everywhere downstream — including
// `tenant_user_assignments.assigned_by` and (more importantly)
// the WHERE clause used to look up the invited user's
// assignments on the dashboard. With a UUID in the session and
// a ZITADEL snowflake in the DB, the lookup matches nothing
// and assigned tenants never appear (Bug 27).
//
// Reference: https://github.com/nextauthjs/next-auth/issues/11174
// Auth.js respects an explicit token.sub assignment; the
// override below is preserved across subsequent jwt() calls.
if (typeof profile.sub === "string") {
token.sub = profile.sub;
}
} }
return token; return token;
}, },
async session({ session, token }) { async session({ session, token }) {
const roles = (token.roles as Role[]) ?? []; const roles = (token.roles as Role[]) ?? [];
const orgName = (token.orgName as string) ?? "";
const sessionUser: SessionUser = { const sessionUser: SessionUser = {
id: token.sub!, id: token.sub!,
name: session.user?.name ?? "", name: session.user?.name ?? "",
email: session.user?.email ?? "", email: session.user?.email ?? "",
orgId: token.orgId as string, orgId: token.orgId as string,
orgName: token.orgName as string, orgName,
roles, roles,
isPlatform: roles.some((r) => isPlatform: roles.some((r) =>
PLATFORM_ROLES.includes(r as PlatformRole) PLATFORM_ROLES.includes(r as PlatformRole)
), ),
// Derived from orgName — see lib/personal-org.ts. Recognises
// both legacy " (Personal)" suffix and current "personal-{8hex}"
// opaque names.
isPersonal: isPersonalOrgName(orgName),
}; };
(session as any).platformUser = sessionUser; (session as any).platformUser = sessionUser;
return session; return session;

153
src/lib/personal-org.ts
View File

@@ -1,40 +1,147 @@
/** /**
* Personal-account helpers. * Personal-account helpers.
* *
* Slice 4 establishes the convention that ZITADEL org names for personal * Two ZITADEL org-name formats may identify a personal account:
* accounts end with the literal " (Personal)" suffix. This file
* centralises the suffix and the predicate so both registration (which
* sets the suffix) and onboarding (which reads it from the session) use
* the same canonical form.
* *
* Why a name suffix and not ZITADEL org metadata? * 1. Legacy (Slice 4 .. 7-pre-Bug9):
* ----------------------------------------------- * "{givenName} {familyName} (Personal)"
* 1. The suffix is visible in ZITADEL Console, admin tools, JWT claims, * Embedded the user's name in the org name. Hit a uniqueness
* etc. — useful debugging signal at zero cost. * collision on common Swiss names (Bug 9: two people named "Eva
* 2. Customers cannot rename their own org (requires IAM_OWNER, which * Müller" can't both register). Suffix is detected via
* only the SA holds), so the suffix is stable for the lifetime of * `PERSONAL_ORG_SUFFIX`.
* the org.
* 3. No extra ZITADEL API calls at onboarding time to fetch metadata.
* 4. No extra portal DB tables.
* *
* The trade-off: an admin who manually renames a personal org via * 2. Current (Slice 7+):
* ZITADEL Console could remove the suffix, after which onboarding * "personal-{8 hex chars}"
* would treat that org as a company. That's a deliberate destructive * Opaque, structurally collision-free, no PII. The user's display
* action and the worst outcome is a misnamed K8s CR; nothing breaks. * name lives only in the per-user fields (`session.user.name`),
* which is what the GUI shows wherever it would otherwise have
* shown the org name. See `displayOrgNameFor()` below.
*
* Both formats are recognised as personal by `isPersonalOrgName()`.
* Existing legacy orgs continue to work; new orgs are created in the
* opaque format.
*
* Why a name pattern and not ZITADEL org metadata?
* ------------------------------------------------
* - Visible in ZITADEL Console, JWT claims, admin tools — useful debug
* signal at zero cost.
* - Customers cannot rename their own org (requires IAM_OWNER, which
* only the SA holds), so the marker is stable for the life of the
* org.
* - No extra ZITADEL API calls at onboarding time.
* - No extra portal DB tables.
*
* Trade-off: an admin who manually renames a personal org via Console
* could remove the marker. That's a deliberate destructive action; the
* worst outcome is a misnamed K8s CR. Nothing breaks.
*/ */
/** Suffix used by the legacy " (Personal)" naming scheme. */
export const PERSONAL_ORG_SUFFIX = " (Personal)"; export const PERSONAL_ORG_SUFFIX = " (Personal)";
/**
* Pattern for the current opaque-id naming scheme. The hex chunk is
* generated from `crypto.randomUUID()` — eight hex digits give 4 billion
* distinct values, far more than the pilot will ever need, while
* keeping the org name short and copy-pasteable.
*/
const PERSONAL_ORG_OPAQUE_RE = /^personal-[0-9a-f]{8}$/;
/**
* Generate a fresh opaque org name for a personal account.
*
* The result is uniformly random in the form "personal-XXXXXXXX". Caller
* doesn't need a duplicate check — at 4e9 cardinality the birthday
* collision probability is negligible at pilot scale, and ZITADEL would
* reject a duplicate creation with a clean error which we let surface.
*
* `crypto.randomUUID()` is used because it's available natively in
* Node 20+ and edge runtimes. We slice the hex digits we need from
* the UUID rather than calling a separate randomBytes API; the result
* is the same.
*/
export function generatePersonalOrgName(): string {
const uuid = crypto.randomUUID(); // 8-4-4-4-12 hex digits
const hex = uuid.replace(/-/g, "").slice(0, 8);
return `personal-${hex}`;
}
/** /**
* Returns true when the given ZITADEL org name marks a personal account. * Returns true when the given ZITADEL org name marks a personal account.
* *
* The check is exact-suffix match (after trimming). Whitespace inside * Recognises both the legacy " (Personal)" suffix and the current
* the suffix is significant — `" (personal)"` lowercase or `"(Personal)"` * "personal-{8hex}" opaque form. Whitespace inside the legacy suffix is
* without the leading space are not matches and not personal orgs. * significant — `" (personal)"` lowercase or `"(Personal)"` without the
* leading space are NOT matches and are treated as company orgs.
* *
* Pass `session.orgName` from the SessionUser at the call site. * Pass `session.orgName` from the SessionUser at the call site.
*/ */
export function isPersonalOrgName(orgName: string | null | undefined): boolean { export function isPersonalOrgName(
orgName: string | null | undefined
): boolean {
if (!orgName) return false; if (!orgName) return false;
return orgName.trimEnd().endsWith(PERSONAL_ORG_SUFFIX); const trimmed = orgName.trimEnd();
if (PERSONAL_ORG_OPAQUE_RE.test(trimmed)) return true;
if (trimmed.endsWith(PERSONAL_ORG_SUFFIX)) return true;
return false;
}
/**
* The label to show wherever the GUI would otherwise show the user's
* org name. For company accounts this is the org name; for personal
* accounts the org name itself is opaque (or a synthetic legacy
* "Name (Personal)" string), so we substitute the user's display name.
*
* Use this anywhere a customer-facing string would render the
* organisation: nav header, billing forms, SOUL.md interpolation, etc.
*/
export function displayOrgNameFor(user: {
name?: string | null;
email?: string | null;
orgName?: string | null;
isPersonal?: boolean;
}): string {
const orgName = user.orgName ?? "";
// Defensive: if `isPersonal` wasn't set on the session (older sessions
// pre-Slice-7-Bug-9), fall back to detecting from the name itself.
const personal = user.isPersonal ?? isPersonalOrgName(orgName);
if (!personal) return orgName;
// Legacy legacy "Name (Personal)" — strip the suffix and use what's
// left as a sensible display, since it's already the user's name.
if (orgName.trimEnd().endsWith(PERSONAL_ORG_SUFFIX)) {
return orgName.slice(0, -PERSONAL_ORG_SUFFIX.length).trim();
}
// New opaque form — show the user's display name. Fall back to email
// local-part if no display name is available, which is rare but
// possible during the brief window between user creation and the
// user setting their profile.
if (user.name && user.name.trim().length > 0) return user.name.trim();
if (user.email) return user.email.split("@")[0];
return orgName;
}
/**
* One-instance-per-account rule for personal accounts (Bug 5).
*
* Personal accounts are 1-instance by design: a single user, a single
* tenant. After the first tenant or in-flight request exists, the
* customer is over quota and any further onboarding submission must
* be blocked. Company accounts are unaffected.
*
* `tenantCount` and `requestCount` are measured against the customer's
* own org — caller is responsible for filtering before passing them
* in. Both values are non-negative integers; the predicate is true
* iff at least one of them is > 0.
*
* Used by the dashboard (hide the "+ Create new instance" button),
* /dashboard/new (server-redirect), and /api/onboarding (return 403).
* Keeping the rule in one place avoids three separate copies of the
* same boolean drifting apart.
*/
export function personalAccountAtCapacity(
isPersonal: boolean,
tenantCount: number,
requestCount: number
): boolean {
return isPersonal && (tenantCount > 0 || requestCount > 0);
} }

164
src/lib/validation.ts Normal file
View File

@@ -0,0 +1,164 @@
import { z } from "zod";
/**
* Shared validation schemas for the onboarding wizard and the
* registration form. Both client and server import from here so the
* rules can't drift apart.
*
* Bug 12 motivation: until now, all wizard fields could be empty and
* still submit — the server schema in `/api/onboarding` had every
* billing field optional, and the client did no validation at all.
* Required fields are now declared once, here, and used in three
* places:
* 1. The wizard's per-step `validateStep()` to gate `goNext()`.
* 2. The wizard's submit handler to render inline errors.
* 3. The server route's `safeParse()` so the rules are also
* enforced on direct API calls.
*
* Don't mix UX-only state (e.g. "did the user touch this field yet")
* into these schemas — that belongs in the wizard's render layer.
* These schemas describe what the data has to look like, not the
* progressive-disclosure rules.
*/
// ISO-3166-1 alpha-2 codes accepted in the country dropdown. DACH+
// neighbours: Switzerland, Germany, Austria, France, Italy, plus
// Liechtenstein (Swiss customers with LI billing addresses are common
// enough to include without inflating the list). Add to this set when
// expanding into new markets.
export const SUPPORTED_COUNTRIES = ["CH", "DE", "AT", "FR", "IT", "LI"] as const;
export type SupportedCountry = (typeof SUPPORTED_COUNTRIES)[number];
/**
* Country-specific postal-code patterns. Bug 33: previously a postal
* code could be anything (e.g. "abc"), which broke invoicing.
*
* Patterns are deliberately conservative — they reject obviously wrong
* input but don't try to be exhaustive valid-range checkers (e.g. CH
* codes are 1000-9999 in practice but \d{4} accepts 0000; the post
* office will reject downstream if it matters). If a future country
* has multi-format codes (e.g. UK postcodes with the inner-outer
* structure), add it as a regex here rather than trying to fit
* every country into the same shape.
*/
const POSTAL_CODE_PATTERNS: Record<SupportedCountry, RegExp> = {
CH: /^\d{4}$/,
DE: /^\d{5}$/,
AT: /^\d{4}$/,
FR: /^\d{5}$/,
IT: /^\d{5}$/,
LI: /^\d{4}$/,
};
/**
* Postal-code expectation in human terms — used in error messages so
* the user gets a useful hint ("expected 4 digits") rather than just
* a regex failure. Keep in sync with POSTAL_CODE_PATTERNS.
*/
const POSTAL_CODE_HINTS: Record<SupportedCountry, string> = {
CH: "4 digits",
DE: "5 digits",
AT: "4 digits",
FR: "5 digits",
IT: "5 digits",
LI: "4 digits",
};
/**
* Billing address — every field required at minimum non-empty length.
* Postal code is validated against the chosen country (Bug 33). Country
* is a fixed enum to prevent free-text typos that break invoicing.
*
* `superRefine` is the right hook here because we need to look at two
* fields (country + postalCode) together. The error path is set on
* `postalCode` so the wizard renders the inline error under the right
* input rather than at the form root.
*/
export const billingAddressSchema = z
.object({
// Company line is structurally optional — personal accounts leave it
// empty by design (Bug 2). Server-side, the wizard's UI hides the
// field for personals; the schema just doesn't require it.
company: z.string().trim().max(100).optional().default(""),
street: z.string().trim().min(1, "required").max(200),
postalCode: z.string().trim().min(1, "required").max(12),
city: z.string().trim().min(1, "required").max(100),
country: z.enum(SUPPORTED_COUNTRIES, {
message: "Please choose a country from the list",
}),
})
.superRefine((data, ctx) => {
const pattern = POSTAL_CODE_PATTERNS[data.country];
if (!pattern.test(data.postalCode)) {
ctx.addIssue({
code: "custom",
path: ["postalCode"],
message: `Invalid postal code (expected ${POSTAL_CODE_HINTS[data.country]})`,
});
}
});
export type BillingAddressInput = z.infer<typeof billingAddressSchema>;
/**
* Per-step schemas for progressive validation. Each step validates only
* the fields visible up to that point, so the user gets feedback at the
* step they're on rather than at the end.
*
* The `welcome` step has nothing to validate.
* The `configure` step requires a non-empty agentName.
* The `billing` step requires a complete billing address (with the
* optional company line).
* The `confirm` step is the final submission and validates the union.
*/
export const configureStepSchema = z.object({
agentName: z.string().trim().min(1, "required").max(50),
});
export const billingStepSchema = z.object({
billingAddress: billingAddressSchema,
});
/**
* Full onboarding payload. Used by the API route and by the wizard's
* submit handler. `packageSecrets` is a free-shape map that gets
* encrypted by the server before it touches the DB.
*/
export const onboardingSchema = z.object({
instanceName: z
.string()
.trim()
.max(80)
.optional()
// Empty string from a form input → undefined so the DB stores NULL.
.transform((v) => (v && v.length > 0 ? v : undefined)),
agentName: z.string().trim().min(1, "required").max(50),
soulMd: z.string().max(10_000).optional(),
agentsMd: z.string().max(10_000).optional(),
packages: z.array(z.string()).optional(),
packageSecrets: z
.record(z.string(), z.record(z.string(), z.string()))
.optional(),
billingAddress: billingAddressSchema,
billingNotes: z.string().max(2_000).optional(),
});
export type OnboardingPayload = z.infer<typeof onboardingSchema>;
/**
* Helper: flatten a Zod error into a flat field-path → message map.
* The wizard uses this to look up errors per input by their path.
*
* Returns `{}` on success (i.e. caller shouldn't call this on a parsed
* value; only on `safeParse(...).error`). Kept here rather than inline
* so both the wizard and any future field-level form (e.g. settings
* page reusing billingAddressSchema) can share it.
*/
export function fieldErrors(err: z.ZodError): Record<string, string> {
const out: Record<string, string> = {};
for (const issue of err.issues) {
const key = issue.path.join(".");
if (!(key in out)) out[key] = issue.message;
}
return out;
}

52
src/messages/de.json
View File

@@ -20,11 +20,11 @@
"button": "Weiter mit ZITADEL", "button": "Weiter mit ZITADEL",
"footer": "On-Premises gehostet in der Schweiz", "footer": "On-Premises gehostet in der Schweiz",
"noAccount": "Noch kein Konto?", "noAccount": "Noch kein Konto?",
"register": "Firma registrieren" "register": "Konto erstellen"
}, },
"register": { "register": {
"title": "Konto erstellen", "title": "Konto erstellen",
"subtitle": "Registrieren Sie Ihre Firma für einen in der Schweiz gehosteten KI-Assistenten", "subtitle": "Richten Sie Ihren Schweizer KI-Assistenten ein",
"companyName": "Firmenname", "companyName": "Firmenname",
"companyNamePlaceholder": "Muster GmbH", "companyNamePlaceholder": "Muster GmbH",
"givenName": "Vorname", "givenName": "Vorname",
@@ -38,7 +38,12 @@
"goToLogin": "Zur Anmeldung", "goToLogin": "Zur Anmeldung",
"duplicateDomain": "Für die E-Mail-Domain {domain} ist bereits ein Konto registriert. Bitte wenden Sie sich an Ihren Firmenadministrator, um eingeladen zu werden, oder kontaktieren Sie den PieCed-IT-Support, falls dies ein Fehler ist.", "duplicateDomain": "Für die E-Mail-Domain {domain} ist bereits ein Konto registriert. Bitte wenden Sie sich an Ihren Firmenadministrator, um eingeladen zu werden, oder kontaktieren Sie den PieCed-IT-Support, falls dies ein Fehler ist.",
"individualToggle": "Als Privatperson registrieren", "individualToggle": "Als Privatperson registrieren",
"individualHint": "Aktivieren Sie diese Option, wenn Sie sich nicht im Namen eines Unternehmens registrieren. Ihr Konto wird als persönlicher Arbeitsbereich eingerichtet." "individualHint": "Aktivieren Sie diese Option, wenn Sie sich nicht im Namen eines Unternehmens registrieren. Ihr Konto wird als persönlicher Arbeitsbereich eingerichtet.",
"accountTypeLabel": "Kontotyp",
"personalCardTitle": "Privat",
"personalCardDescription": "Für Sie persönlich.",
"companyCardTitle": "Unternehmen",
"companyCardDescription": "Für Ihr Unternehmen oder Team."
}, },
"onboarding": { "onboarding": {
"loading": "Status wird geladen…", "loading": "Status wird geladen…",
@@ -89,7 +94,13 @@
"submittedAt": "Eingereicht", "submittedAt": "Eingereicht",
"instanceName": "Instanzname", "instanceName": "Instanzname",
"instanceNamePlaceholder": "z.B. Produktion, Dev, Vertrieb", "instanceNamePlaceholder": "z.B. Produktion, Dev, Vertrieb",
"instanceNameHint": "Optionaler lesbarer Name, um diese Instanz von anderen in Ihrem Dashboard zu unterscheiden. Leer lassen, um den Firmennamen zu verwenden." "instanceNameHint": "Optionaler lesbarer Name, um diese Instanz von anderen in Ihrem Dashboard zu unterscheiden. Leer lassen, um den Firmennamen zu verwenden.",
"validationError": "Bitte korrigieren Sie die Fehler vor dem Absenden.",
"validationErrorsTitle": "Einige Pflichtfelder fehlen oder sind ungültig:",
"reviewInstanceDefault": "(Standard — verwendet Firmenname)",
"reviewNoPackages": "Keine ausgewählt",
"reviewBillingTo": "Rechnungsempfänger",
"reviewContactEmail": "Kontakt-E-Mail"
}, },
"dashboard": { "dashboard": {
"title": "Dashboard", "title": "Dashboard",
@@ -118,7 +129,21 @@
"notFound": "Tenant nicht gefunden.", "notFound": "Tenant nicht gefunden.",
"usage": "Nutzung & Kosten", "usage": "Nutzung & Kosten",
"provisioned": "Bereitgestellt", "provisioned": "Bereitgestellt",
"assignedUsers": "Zugewiesene Benutzer" "assignedUsers": "Zugewiesene Benutzer",
"subscriptionTitle": "Abonnement",
"subscriptionDescriptionActive": "Kündigen Sie Ihr Abonnement, wenn Sie diesen Assistenten nicht mehr benötigen. Ihre Daten bleiben erhalten und Sie können jederzeit wieder aktivieren.",
"subscriptionDescriptionSuspended": "Ihr Abonnement ist gekündigt. Aktivieren Sie es wieder, um den Assistenten online zu bringen.",
"cancelSubscription": "Abonnement kündigen",
"cancelSubscriptionConfirm": "Ja, kündigen",
"resumeSubscription": "Abonnement reaktivieren",
"cancelConfirmTitle": "Dieses Abonnement kündigen?",
"cancelConfirmDescription": "Ihr Assistent wird nicht mehr verfügbar sein. Sie können jederzeit reaktivieren — Ihre Daten bleiben erhalten.",
"cancelConfirmBullet1": "Workspace-Dateien (SOUL.md, AGENTS.md) bleiben erhalten",
"cancelConfirmBullet2": "Paket-Anmeldedaten bleiben gespeichert",
"cancelConfirmBullet3": "Rechnungsdaten bleiben gespeichert",
"subscriptionUpdateFailed": "Abonnement konnte nicht aktualisiert werden.",
"suspendedTitle": "Abonnement gekündigt",
"suspendedDescription": "Ihr Assistent ist pausiert. Konfiguration und Daten bleiben erhalten. Verwenden Sie die Reaktivierungs-Schaltfläche unten auf dieser Seite, um ihn wieder online zu bringen."
}, },
"usage": { "usage": {
"inputTokens": "Input-Tokens", "inputTokens": "Input-Tokens",
@@ -304,5 +329,22 @@
"pickUser": "Benutzer auswählen…", "pickUser": "Benutzer auswählen…",
"assign": "Zuweisen", "assign": "Zuweisen",
"revoke": "Entfernen" "revoke": "Entfernen"
},
"countries": {
"CH": "Schweiz",
"DE": "Deutschland",
"AT": "Österreich",
"FR": "Frankreich",
"IT": "Italien",
"LI": "Liechtenstein"
},
"phase": {
"Pending": "Ausstehend",
"Provisioning": "Wird bereitgestellt",
"Running": "Aktiv",
"Ready": "Bereit",
"Suspended": "Pausiert",
"Error": "Fehler",
"Deleting": "Wird gelöscht"
} }
} }

52
src/messages/en.json
View File

@@ -20,11 +20,11 @@
"button": "Continue with ZITADEL", "button": "Continue with ZITADEL",
"footer": "Hosted on-premises in Switzerland", "footer": "Hosted on-premises in Switzerland",
"noAccount": "No account yet?", "noAccount": "No account yet?",
"register": "Register your company" "register": "Create an account"
}, },
"register": { "register": {
"title": "Create your account", "title": "Create your account",
"subtitle": "Register your company for a Swiss-hosted AI assistant", "subtitle": "Set up your Swiss-hosted AI assistant",
"companyName": "Company Name", "companyName": "Company Name",
"companyNamePlaceholder": "Acme GmbH", "companyNamePlaceholder": "Acme GmbH",
"givenName": "First Name", "givenName": "First Name",
@@ -38,7 +38,12 @@
"goToLogin": "Go to Sign In", "goToLogin": "Go to Sign In",
"duplicateDomain": "An account for the email domain {domain} is already registered. Please contact your company administrator to be invited, or reach out to PieCed IT support if you believe this is in error.", "duplicateDomain": "An account for the email domain {domain} is already registered. Please contact your company administrator to be invited, or reach out to PieCed IT support if you believe this is in error.",
"individualToggle": "Register as an individual", "individualToggle": "Register as an individual",
"individualHint": "Tick this if you're not registering on behalf of a company. Your account will be set up as a personal workspace." "individualHint": "Tick this if you're not registering on behalf of a company. Your account will be set up as a personal workspace.",
"accountTypeLabel": "Account type",
"personalCardTitle": "Personal",
"personalCardDescription": "For yourself.",
"companyCardTitle": "Company",
"companyCardDescription": "For your business or team."
}, },
"onboarding": { "onboarding": {
"loading": "Loading status…", "loading": "Loading status…",
@@ -89,7 +94,13 @@
"submittedAt": "Submitted", "submittedAt": "Submitted",
"instanceName": "Instance name", "instanceName": "Instance name",
"instanceNamePlaceholder": "e.g. Production, Dev, Sales", "instanceNamePlaceholder": "e.g. Production, Dev, Sales",
"instanceNameHint": "Optional human-readable name to distinguish this instance from others on your dashboard. Leave blank to use your company name." "instanceNameHint": "Optional human-readable name to distinguish this instance from others on your dashboard. Leave blank to use your company name.",
"validationError": "Please fix the errors before submitting.",
"validationErrorsTitle": "Some required fields are missing or invalid:",
"reviewInstanceDefault": "(default — uses company name)",
"reviewNoPackages": "None selected",
"reviewBillingTo": "Billing to",
"reviewContactEmail": "Contact email"
}, },
"dashboard": { "dashboard": {
"title": "Dashboard", "title": "Dashboard",
@@ -118,7 +129,21 @@
"notFound": "Tenant not found.", "notFound": "Tenant not found.",
"usage": "Usage & Spend", "usage": "Usage & Spend",
"provisioned": "Provisioned", "provisioned": "Provisioned",
"assignedUsers": "Assigned users" "assignedUsers": "Assigned users",
"subscriptionTitle": "Subscription",
"subscriptionDescriptionActive": "Cancel your subscription if you no longer need this assistant. Your data will be preserved and you can resume anytime.",
"subscriptionDescriptionSuspended": "Your subscription is cancelled. Resume to bring the assistant back online.",
"cancelSubscription": "Cancel subscription",
"cancelSubscriptionConfirm": "Yes, cancel",
"resumeSubscription": "Resume subscription",
"cancelConfirmTitle": "Cancel this subscription?",
"cancelConfirmDescription": "Your assistant will become unavailable. You can resume anytime — your data is preserved.",
"cancelConfirmBullet1": "Workspace files (SOUL.md, AGENTS.md) are kept",
"cancelConfirmBullet2": "Package credentials remain stored",
"cancelConfirmBullet3": "Billing information is kept on file",
"subscriptionUpdateFailed": "Could not update subscription.",
"suspendedTitle": "Subscription cancelled",
"suspendedDescription": "Your assistant is paused. Configuration and data are preserved. Use the Resume control at the bottom of this page to bring it back online."
}, },
"usage": { "usage": {
"inputTokens": "Input Tokens", "inputTokens": "Input Tokens",
@@ -304,5 +329,22 @@
"pickUser": "Select a user…", "pickUser": "Select a user…",
"assign": "Assign", "assign": "Assign",
"revoke": "Remove" "revoke": "Remove"
},
"countries": {
"CH": "Switzerland",
"DE": "Germany",
"AT": "Austria",
"FR": "France",
"IT": "Italy",
"LI": "Liechtenstein"
},
"phase": {
"Pending": "Pending",
"Provisioning": "Provisioning",
"Running": "Running",
"Ready": "Ready",
"Suspended": "Suspended",
"Error": "Error",
"Deleting": "Deleting"
} }
} }

52
src/messages/fr.json
View File

@@ -20,11 +20,11 @@
"button": "Continuer avec ZITADEL", "button": "Continuer avec ZITADEL",
"footer": "Hébergé on-premises en Suisse", "footer": "Hébergé on-premises en Suisse",
"noAccount": "Pas encore de compte ?", "noAccount": "Pas encore de compte ?",
"register": "Enregistrer votre entreprise" "register": "Créer un compte"
}, },
"register": { "register": {
"title": "Créer votre compte", "title": "Créer votre compte",
"subtitle": "Enregistrez votre entreprise pour un assistant IA hébergé en Suisse", "subtitle": "Configurez votre assistant IA hébergé en Suisse",
"companyName": "Nom de l'entreprise", "companyName": "Nom de l'entreprise",
"companyNamePlaceholder": "Exemple SA", "companyNamePlaceholder": "Exemple SA",
"givenName": "Prénom", "givenName": "Prénom",
@@ -38,7 +38,12 @@
"goToLogin": "Aller à la connexion", "goToLogin": "Aller à la connexion",
"duplicateDomain": "Un compte pour le domaine de courriel {domain} est déjà enregistré. Veuillez contacter l'administrateur de votre entreprise pour être invité, ou contactez le support PieCed IT si vous pensez qu'il s'agit d'une erreur.", "duplicateDomain": "Un compte pour le domaine de courriel {domain} est déjà enregistré. Veuillez contacter l'administrateur de votre entreprise pour être invité, ou contactez le support PieCed IT si vous pensez qu'il s'agit d'une erreur.",
"individualToggle": "S'inscrire en tant que particulier", "individualToggle": "S'inscrire en tant que particulier",
"individualHint": "Cochez cette case si vous ne vous inscrivez pas au nom d'une entreprise. Votre compte sera configuré comme espace de travail personnel." "individualHint": "Cochez cette case si vous ne vous inscrivez pas au nom d'une entreprise. Votre compte sera configuré comme espace de travail personnel.",
"accountTypeLabel": "Type de compte",
"personalCardTitle": "Particulier",
"personalCardDescription": "Pour vous.",
"companyCardTitle": "Entreprise",
"companyCardDescription": "Pour votre entreprise ou équipe."
}, },
"onboarding": { "onboarding": {
"loading": "Chargement du statut…", "loading": "Chargement du statut…",
@@ -89,7 +94,13 @@
"submittedAt": "Soumis", "submittedAt": "Soumis",
"instanceName": "Nom de l'instance", "instanceName": "Nom de l'instance",
"instanceNamePlaceholder": "ex. Production, Dev, Ventes", "instanceNamePlaceholder": "ex. Production, Dev, Ventes",
"instanceNameHint": "Nom lisible facultatif pour distinguer cette instance des autres sur votre tableau de bord. Laisser vide pour utiliser le nom de votre entreprise." "instanceNameHint": "Nom lisible facultatif pour distinguer cette instance des autres sur votre tableau de bord. Laisser vide pour utiliser le nom de votre entreprise.",
"validationError": "Veuillez corriger les erreurs avant l'envoi.",
"validationErrorsTitle": "Certains champs obligatoires manquent ou sont invalides :",
"reviewInstanceDefault": "(par défaut — utilise le nom de l'entreprise)",
"reviewNoPackages": "Aucun sélectionné",
"reviewBillingTo": "Facturer à",
"reviewContactEmail": "E-mail de contact"
}, },
"dashboard": { "dashboard": {
"title": "Tableau de bord", "title": "Tableau de bord",
@@ -118,7 +129,21 @@
"notFound": "Locataire non trouvé.", "notFound": "Locataire non trouvé.",
"usage": "Utilisation et coûts", "usage": "Utilisation et coûts",
"provisioned": "Provisionné", "provisioned": "Provisionné",
"assignedUsers": "Utilisateurs attribués" "assignedUsers": "Utilisateurs attribués",
"subscriptionTitle": "Abonnement",
"subscriptionDescriptionActive": "Annulez votre abonnement si vous n'avez plus besoin de cet assistant. Vos données seront conservées et vous pourrez reprendre à tout moment.",
"subscriptionDescriptionSuspended": "Votre abonnement est annulé. Reprenez pour remettre l'assistant en ligne.",
"cancelSubscription": "Annuler l'abonnement",
"cancelSubscriptionConfirm": "Oui, annuler",
"resumeSubscription": "Reprendre l'abonnement",
"cancelConfirmTitle": "Annuler cet abonnement ?",
"cancelConfirmDescription": "Votre assistant sera indisponible. Vous pouvez reprendre à tout moment — vos données sont préservées.",
"cancelConfirmBullet1": "Les fichiers de l'espace de travail (SOUL.md, AGENTS.md) sont conservés",
"cancelConfirmBullet2": "Les identifiants des packages restent stockés",
"cancelConfirmBullet3": "Les informations de facturation sont conservées",
"subscriptionUpdateFailed": "Impossible de mettre à jour l'abonnement.",
"suspendedTitle": "Abonnement annulé",
"suspendedDescription": "Votre assistant est en pause. La configuration et les données sont préservées. Utilisez le contrôle Reprendre en bas de cette page pour le remettre en ligne."
}, },
"usage": { "usage": {
"inputTokens": "Tokens d'entrée", "inputTokens": "Tokens d'entrée",
@@ -304,5 +329,22 @@
"pickUser": "Sélectionner un utilisateur…", "pickUser": "Sélectionner un utilisateur…",
"assign": "Attribuer", "assign": "Attribuer",
"revoke": "Retirer" "revoke": "Retirer"
},
"countries": {
"CH": "Suisse",
"DE": "Allemagne",
"AT": "Autriche",
"FR": "France",
"IT": "Italie",
"LI": "Liechtenstein"
},
"phase": {
"Pending": "En attente",
"Provisioning": "Mise en service",
"Running": "Actif",
"Ready": "Prêt",
"Suspended": "Suspendu",
"Error": "Erreur",
"Deleting": "Suppression"
} }
} }

52
src/messages/it.json
View File

@@ -20,11 +20,11 @@
"button": "Continua con ZITADEL", "button": "Continua con ZITADEL",
"footer": "Ospitato on-premises in Svizzera", "footer": "Ospitato on-premises in Svizzera",
"noAccount": "Non hai ancora un account?", "noAccount": "Non hai ancora un account?",
"register": "Registra la tua azienda" "register": "Crea un account"
}, },
"register": { "register": {
"title": "Crea il tuo account", "title": "Crea il tuo account",
"subtitle": "Registra la tua azienda per un assistente IA ospitato in Svizzera", "subtitle": "Configuri il suo assistente IA ospitato in Svizzera",
"companyName": "Nome azienda", "companyName": "Nome azienda",
"companyNamePlaceholder": "Esempio SA", "companyNamePlaceholder": "Esempio SA",
"givenName": "Nome", "givenName": "Nome",
@@ -38,7 +38,12 @@
"goToLogin": "Vai all'accesso", "goToLogin": "Vai all'accesso",
"duplicateDomain": "Un account per il dominio e-mail {domain} è già registrato. Contatta l'amministratore della tua azienda per essere invitato, oppure contatta il supporto PieCed IT se ritieni che si tratti di un errore.", "duplicateDomain": "Un account per il dominio e-mail {domain} è già registrato. Contatta l'amministratore della tua azienda per essere invitato, oppure contatta il supporto PieCed IT se ritieni che si tratti di un errore.",
"individualToggle": "Registrati come privato", "individualToggle": "Registrati come privato",
"individualHint": "Seleziona questa opzione se non ti stai registrando per conto di un'azienda. Il tuo account sarà configurato come area di lavoro personale." "individualHint": "Seleziona questa opzione se non ti stai registrando per conto di un'azienda. Il tuo account sarà configurato come area di lavoro personale.",
"accountTypeLabel": "Tipo di account",
"personalCardTitle": "Privato",
"personalCardDescription": "Per lei.",
"companyCardTitle": "Azienda",
"companyCardDescription": "Per la sua azienda o team."
}, },
"onboarding": { "onboarding": {
"loading": "Caricamento stato…", "loading": "Caricamento stato…",
@@ -89,7 +94,13 @@
"submittedAt": "Inviato", "submittedAt": "Inviato",
"instanceName": "Nome istanza", "instanceName": "Nome istanza",
"instanceNamePlaceholder": "es. Produzione, Dev, Vendite", "instanceNamePlaceholder": "es. Produzione, Dev, Vendite",
"instanceNameHint": "Nome leggibile facoltativo per distinguere questa istanza dalle altre nella dashboard. Lasciare vuoto per usare il nome dell'azienda." "instanceNameHint": "Nome leggibile facoltativo per distinguere questa istanza dalle altre nella dashboard. Lasciare vuoto per usare il nome dell'azienda.",
"validationError": "Correggere gli errori prima di inviare.",
"validationErrorsTitle": "Alcuni campi obbligatori sono mancanti o non validi:",
"reviewInstanceDefault": "(predefinito — usa il nome dell'azienda)",
"reviewNoPackages": "Nessuno selezionato",
"reviewBillingTo": "Fatturare a",
"reviewContactEmail": "Email di contatto"
}, },
"dashboard": { "dashboard": {
"title": "Dashboard", "title": "Dashboard",
@@ -118,7 +129,21 @@
"notFound": "Tenant non trovato.", "notFound": "Tenant non trovato.",
"usage": "Utilizzo e costi", "usage": "Utilizzo e costi",
"provisioned": "Attivato", "provisioned": "Attivato",
"assignedUsers": "Utenti assegnati" "assignedUsers": "Utenti assegnati",
"subscriptionTitle": "Abbonamento",
"subscriptionDescriptionActive": "Annulli il suo abbonamento se non ha più bisogno di questo assistente. I suoi dati saranno preservati e potrà riprendere in qualsiasi momento.",
"subscriptionDescriptionSuspended": "Il suo abbonamento è annullato. Riprenda per riportare l'assistente online.",
"cancelSubscription": "Annulla abbonamento",
"cancelSubscriptionConfirm": "Sì, annulla",
"resumeSubscription": "Riprendi abbonamento",
"cancelConfirmTitle": "Annullare questo abbonamento?",
"cancelConfirmDescription": "Il suo assistente diventerà non disponibile. Può riprendere in qualsiasi momento — i suoi dati sono preservati.",
"cancelConfirmBullet1": "I file del workspace (SOUL.md, AGENTS.md) sono mantenuti",
"cancelConfirmBullet2": "Le credenziali dei pacchetti rimangono memorizzate",
"cancelConfirmBullet3": "Le informazioni di fatturazione sono mantenute",
"subscriptionUpdateFailed": "Impossibile aggiornare l'abbonamento.",
"suspendedTitle": "Abbonamento annullato",
"suspendedDescription": "Il suo assistente è in pausa. Configurazione e dati sono preservati. Usi il controllo Riprendi in fondo a questa pagina per riportarlo online."
}, },
"usage": { "usage": {
"inputTokens": "Token di input", "inputTokens": "Token di input",
@@ -304,5 +329,22 @@
"pickUser": "Seleziona un utente…", "pickUser": "Seleziona un utente…",
"assign": "Assegna", "assign": "Assegna",
"revoke": "Rimuovi" "revoke": "Rimuovi"
},
"countries": {
"CH": "Svizzera",
"DE": "Germania",
"AT": "Austria",
"FR": "Francia",
"IT": "Italia",
"LI": "Liechtenstein"
},
"phase": {
"Pending": "In attesa",
"Provisioning": "In provisioning",
"Running": "Attivo",
"Ready": "Pronto",
"Suspended": "Sospeso",
"Error": "Errore",
"Deleting": "Eliminazione"
} }
} }

39
src/types/index.ts
View File

@@ -47,6 +47,23 @@ export interface SessionUser {
orgName: string; orgName: string;
roles: Role[]; roles: Role[];
isPlatform: boolean; isPlatform: boolean;
/**
* True when the user's ZITADEL org is a personal account — i.e. a
* single-user org provisioned by the registration flow with
* `isPersonal: true`. Derived from `orgName` in the session callback;
* see `lib/personal-org.ts::isPersonalOrgName` for the detection
* rules (recognises both the legacy " (Personal)" suffix and the
* current "personal-{8hex}" opaque form).
*
* Drives several customer-facing behaviours:
* - /team page is hidden (Bug 8): there's no team to manage.
* - "Create new instance" is gated to a single tenant + request
* (Bug 5): personal accounts are 1-instance by design.
* - The assigned-users panel on /tenants/[name] is hidden (Bug 7).
* - Wherever the GUI would otherwise show `orgName`, it shows the
* user's display name instead (Bug 9 — the org name is opaque).
*/
isPersonal: boolean;
} }
// PiecedTenant CR (pieced.ch/v1alpha1) // PiecedTenant CR (pieced.ch/v1alpha1)
@@ -61,7 +78,14 @@ export interface PiecedTenantSpec {
} }
export interface PiecedTenantStatus { export interface PiecedTenantStatus {
phase: "Pending" | "Provisioning" | "Running" | "Ready" | "Error" | "Deleting"; phase:
| "Pending"
| "Provisioning"
| "Running"
| "Ready"
| "Suspended"
| "Error"
| "Deleting";
message?: string; message?: string;
observedGeneration?: number; observedGeneration?: number;
/** /**
@@ -112,8 +136,8 @@ export interface UsageSummary {
export interface RegistrationInput { export interface RegistrationInput {
/** /**
* Required for company registrations. Ignored when `isPersonal` is true — * Required for company registrations. Ignored when `isPersonal` is true —
* the server then derives the ZITADEL org name from the user's full name * the server then generates an opaque ZITADEL org name of the form
* with a "(Personal)" suffix. * `personal-{8hex}` (see `lib/personal-org.ts::generatePersonalOrgName`).
*/ */
companyName?: string; companyName?: string;
givenName: string; givenName: string;
@@ -121,10 +145,11 @@ export interface RegistrationInput {
email: string; email: string;
preferredLanguage?: string; preferredLanguage?: string;
/** /**
* Slice 4: when true, registration creates a personal account (one * Slice 4 + Bug 9: when true, registration creates a personal account
* person, no company). Domain-uniqueness check is skipped, ZITADEL org * (one person, no company). Domain-uniqueness check is skipped, the
* is named "{givenName} {familyName} (Personal)", subsequent tenants * ZITADEL org is named `personal-{8hex}` (opaque, collision-free),
* are named with the `p-{requestId[:8]}` convention. * the user's display name lives only on the user record, and
* subsequent tenants are named with the `p-{requestId[:8]}` convention.
*/ */
isPersonal?: boolean; isPersonal?: boolean;
} }