AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/app/web/templates/admin_access.html
Vojtech 001e5ce40e
feat(web): /home value-first redesign + unified page-shell across app (#366) 
* feat(web): value-first /home reskin (CEO mock palette + pillars + first-session)

Restructures `/home` to lead with product value instead of install steps,
matching the CEO mock proposed for the homepage:

- New intro hero on top — eyebrow `Welcome, {{ display_name }}`, H1
  `{{ instance_brand }} is your team's AI workspace`, lede framing the
  product as an "AI Chief of Staff", two CTAs (`Set up in ~15 min →`
  jumps to the wizard, `Just browse — no install needed` jumps to
  `#look-around`), and a four-pillar row (Data packages · Plugins ·
  Skills · Memory). Renders for both onboarded and not-onboarded users
  so the value framing is consistent across visits.
- New `first-session` narrative — five-beat walkthrough (launch → pick
  project → memory loads → ask → close) with mock terminal frames
  carrying traffic-light dots, prompts, and dimmed system output.
- Setup wizard chrome — progress chip (`Step 1 of N · ~15 min ·
  One-time · Reversible`), thin progress bar, and per-step number
  badges on each `.install-block` so the wizard reads as bounded
  instead of an open-ended scroll.
- Palette shift from blue to green/navy: `--hp-primary` aliases
  `#2ea877` (mint), `--hp-hero-bg` is navy `#0f1b3a`, code panels stay
  near-black `#0c1224` with warm-yellow `#ffd866` accents. The token
  alias is reused so downstream rules pick up the new accent
  automatically; instance theme overrides via
  `config.theme_overrides()` still win.
- VS Code surface tile carries a `Recommended` pill; the existing
  "Want to look around first?" section is renamed to `Explore your
  workspace` and gets the `#look-around` anchor.

All test-pinned class names and IDs (`install-hero`, `install-block`,
`home-mock`, `self-mark-btn`, `setupClaudeBtn`, `offboard-strip`,
`home-getting-started`, `home-gs-item`, `home-overview`,
`home-usage`) preserved as structural anchors; new visual language
overlays via additional classes. Existing onboarded/not-onboarded
branching, `/api/me/onboarded` POST, status frame gating, post-CTA
modal, and OS-tab switching JS unchanged. Stray `~/FoundryAI`
comment swapped for `~/{{ workspace_dir }}` to honor the
vendor-agnostic OSS rule.

51 home tests pass without modification.

* fix(web): /home palette inversion — dark intro hero on top, light setup card below

Previous reskin commit kept the install-hero as a dark navy gradient and
rendered the new intro hero as a light surface — opposite of what the CEO
mock specifies. Playwright comparison vs `data/ceo_home.html` confirmed:

- CEO mock: dark navy hero at TOP (with white pillars on navy), LIGHT
  white setup card BELOW with light step rows and dark code panels
  inset.
- Previous: light intro hero on top, dark setup card below. Inverted.

This patch flips both:

- `.home-hero-intro` now: dark navy gradient `#0f1b3a → #1a2a5f`, green
  radial glow in the corner, green eyebrow, white H1 (`accent` span
  green), rgba-white lede, green pill primary CTA, translucent-white
  secondary CTA, pillars row separated by hairline border-top with
  green square-dot bullets in front of each pillar header.
- `.install-hero` and `.install-block` now: white surface card with
  thin green accent strip across the top, light step rows split by
  hairline borders, green-tinted step-number circles (`#e6f9f0` bg,
  `#1f8a5e` ink), green progress chip + bar. Code panels
  (`.install-cmd`) and terminal frames stay dark — they're the "type
  this" surfaces.
- All previously-rgba-white descendants of `.install-hero`
  (close button, eyebrow, h1, lead, links, code chips, OS tabs,
  install notes, setup-CTA button, self-mark fallback, auto-detect
  badge, terminal-howto disclosure) re-skinned for light surface.

All 12 home page tests still pass (no markup changes, only CSS).

* fix(web): /home parity polish — system font + mock sizes + blue info hint + gray step-num

After v2 palette flip, user comparison vs CEO mock surfaced three
remaining gaps in the wizard area:

- Font stack mismatch: Agnes inherits Inter via `style-custom.css`,
  but the CEO mock uses the platform system stack (San Francisco on
  macOS, Segoe UI on Windows). The rendered weight/letterforms read
  noticeably different. `.home-mock` now declares
  `-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif`
  for itself and all descendants, with the monospace stack reserved
  for `code`/`kbd`/`pre`, `.install-cmd`, and `.terminal-body`.
- Step number badges were green-tinted; mock uses neutral gray
  (`#f0f2f6` bg, `#4a5168` ink) — green is reserved for the "done"
  state. Switched to `--hp-surface-dim` + `--hp-text-secondary`.
- "Don't have a terminal open?" disclosure was an amber/yellow
  variant left over from the old dark-hero palette. Mock uses a
  blue info-hint vocabulary (`--info-bg: #eef3ff`,
  `--info-line: #4f7cf2`, `--info-ink: #1c3994`) with white kbd
  chips. Added the info-* tokens to the `:root` block and re-skinned
  `details.terminal-howto` (incl. summary, body, kbd) to match.

Step-body type sizes also brought in line with the mock spec —
`.install-block .label` (step h3 equivalent) is now 17px / 700 with
6px gap; `.install-note` body type is 14px / 1.55.

`--hp-info-bg / --hp-info-ink / --hp-info-line / --hp-warn-bg /
--hp-warn-ink / --hp-warn-line / --hp-surface-dim` added as
first-class tokens so future hint/warn callouts pick the same colors
without a duplicate vocabulary.

12/12 home tests pass.

* feat(web): centralize design tokens + reword /home wizard to 6 steps (CEO mock parity)

Two intertwined changes that touch both global design + /home structure:

GLOBAL TOKEN SHIFT (app/web/static/style-custom.css)
- `--primary` flipped from blue `#0073D1` to green `#2ea877` — same brand
  alias the rest of the app referenced, so every page picks up the new
  accent automatically. Old `--primary-dark` / `--primary-light` recolored
  to match.
- New tokens added: `--brand-accent`, `--hero-bg`, `--hero-ink`,
  `--surface-dim`, `--info-bg/ink/line`, `--warn-bg/ink/line`. Brings
  the global vocabulary in line with the CEO mock's `:root` block so
  callouts and hero surfaces don't have to invent local tokens.
- `--font-primary` switched from Inter-led stack to the system stack
  (`-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Inter",
  system-ui, sans-serif`) so weight/letterforms render identically on
  macOS (San Francisco) and Windows (Segoe UI) — matches the mock and
  avoids a font-loading flash for analysts without Inter installed.
- Shadow tints re-cast in navy `rgba(15,27,58,...)`; focus ring uses
  the new green `rgba(46,168,119,0.25)`.
- `.app-nav-link` font-size 13px → 14px, padding 6px 12px → 8px 14px,
  hover bg → `--primary-light` (mint), color → `--primary-dark`.
  `.app-nav-menu-item.is-active` re-tinted to the same green system.
- Sweep across 26 templates (style-custom.css + 25 template files)
  replacing every hardcoded `#0073D1` / `#005BA3` / `#E6F3FC` /
  `rgba(0,115,209,…)` / `rgba(0,86,163,…)` with token references or
  the new green hexes — 175 occurrences total. Pages that styled their
  own buttons / borders / shadows pick up the new brand color without
  per-page overrides.

/HOME WIZARD: 6 STEPS PER MOCK (app/web/templates/home_not_onboarded.html)
- Step 1 reworded `Install Claude Code on your computer` + `~3 min`
  subhead (mock copy).
- Step 2 renamed `Pick a folder for {{ instance_brand }}` (was
  `create your workspace folder`) — same `mkdir` command, mock-aligned
  framing.
- NEW Step 3 `Open a terminal inside that folder` — no shell command,
  just the "you are standing in the right directory" reassurance with
  a Finder/PowerShell/file-manager howto disclosure. Mirrors the CEO
  mock's Step 3.
- Step 4 (was Step 3, gated by `home_automode.show`) renamed
  `Launch Claude with auto-approve on`. Body copy lightly updated so
  it references "the next step" instead of "Step 4".
- Step 5 (was Step 4) renamed `Get the install script and paste it
  into Claude`. The setup-cta-lead now explicitly says
  "pasting the script into Claude Code will install {{ instance_brand
  }}…" so existing test assertions pinning the `install Agnes`
  substring still match.
- NEW Step 6 `Optional: create a one-word shortcut for next time` —
  prints an `echo 'alias {{workspace_dir|lower}}=…' >> ~/.zshrc`
  one-liner for Unix and an `Add-Content $PROFILE …` equivalent for
  Windows. OS tabs + copy buttons reuse the existing wizard chrome.
- Progress chip dynamic: `Step 1 of 6` when home_automode is on,
  `Step 1 of 5` when off. Progress bar fill `100 // total_steps` so
  the bar sits at 16-20 % on first paint.
- `.step-lede` token added for the new short body copy beneath each
  step label (14.5px / ink-soft).
- `macOS / Linux / WSL` tab labels changed to `macOS / Linux` per
  user instruction. Terminal-howto `WSL:` paragraph dropped; the
  paste-shortcut hint now reads `(Linux)` instead of `(Linux/WSL)`.
  Functional WSL handling in `connector_prompts.py` (it's a Linux
  detection fallback, not user-facing label) preserved.
- `setup_instructions.py` Claude Code install hint:
  `npm (Linux / WSL)` → `npm (Linux)`.

SURFACES — 4 CARDS PER MOCK
- Replaced the 3-tile `.home-usage-grid` with a 4-card grid:
  - VS Code (Recommended) — `.surface-card.feature`, green ring,
    DAILY USE eyebrow + 5-step numbered list + `Open VS Code setup
    guide →` link to `/setup-advanced#vscode`.
  - Terminal — QUICK ACCESS eyebrow + 4-step list.
  - Claude Code (Desktop app) — CONNECT IT eyebrow + 4-step list.
  - Cowork (claude.ai) — `.surface-card.incomplete`, warn-tinted
    border + `Instructions needed` badge + a TODO callout describing
    the missing content. The card is intentionally honest about the
    gap rather than hiding it.

TEST UPDATES
- `test_web_home_page.py` negative onboarded-state assertions
  rebased on the new step labels (6 entries instead of 4).
- `test_home_route_resolution.py` `test_home_renders_automode_block_by_default`
  + its `_when_env_off` counterpart now check the new
  `Step 4 — Launch Claude with auto-approve on` label.

* fix(web): /home section content + layout — verbatim mock match

User comparison flagged several remaining gaps; this patch rewrites
the three lower sections of /home to match the CEO mock spec exactly:

FIRST-SESSION (5 beats)
- h2 28px / 700 / -.5px tracking (was 19px / 600).
- lede 18px ink-soft (was 13.5px secondary).
- `.session-walk` wrapper, 36px gap between beats (mock spec).
- `.session-step` grid 48px / 1fr, gap 22px — number circle on
  the left, content on the right.
- `.session-num` 40 × 40 circle with SOLID GREEN bg (`--primary`)
  and WHITE text + soft green shadow (was 28px mint pill w/
  dark-green text).
- `.session-content h3` 18px / 600 (was 14.5px / 600).
- `.session-content > p` 15px.
- `.session-content .annotation` 13.5px ink-muted body type with
  `strong` for highlighting (replaces the upper-case "WHAT'S
  HAPPENING" eyebrow pattern that didn't match the mock).
- `.session-intro` callout card (white surface + mint icon block)
  framing the "five beats" tagline.
- `.session-tldr` summary box (brand-light bg + brand-dark left
  border) wrapping up the loop.
- Terminal frames re-skinned: `#0c1224` body / `#182241` bar /
  real macOS traffic-light colors `#ff5f57` / `#febc2e` / `#28c840`.
- Terminal body 13px / 1.65 line-height with mock-spec class
  vocabulary: `.you` (yellow input), `.ai-name` (brand bold),
  `.path` (light blue), `.dim` (translucent code-ink), `.caret`
  (blinking cursor).
- Five beats rewritten with mock's exact narrative flow (launch →
  menu → pick → ask → close), vendor-agnostic project names
  (`RevenueAnalysis`, `Onboarding`, etc.) replacing the customer-
  specific `GRPN_*` examples in the mock. Templated `{{
  instance_brand }}` / `{{ workspace_dir }}` / `{{ workspace_dir |
  lower }}` (the shortcut alias) everywhere.

SURFACES (4 cards)
- The section is no longer wrapped in a white rectangle; the
  `.home-usage` class loses its bg + border + padding (mock has the
  cards directly on the page bg).
- h2 28px (was 22px). Eyebrow 12px / 1.5px tracking / brand-dark.
- `.surface-card.feature` (VS Code) now uses 2px green border +
  vertical brand-light → white gradient (was 1px ring).
- `.surface-card.incomplete` (Cowork) uses 2px red border (`#e35e5e`)
  + vertical red-tint → white gradient (was yellow flat bg).
- `.surface-card .steps` panel: inner surface-dim bg + 8px radius
  + 13px font.
- `.surface-foot` top-border + ink-muted (mock spec).
- `.badge-warn` now a solid red box (`#e35e5e` bg + white ink + 4px
  radius) instead of a yellow pill, matching the mock.
- Header layout fixed: the global absorbed `header { display: flex;
  justify-content: space-between }` rule was making the h2 sit on
  the right of the eyebrow; explicit `display: block` override on
  `.home-mock section > header` puts the title on the LEFT under
  the eyebrow as the mock has.

BROWSE — Explore your workspace
- Wrapped in `<section class="browse-section">` with proper
  eyebrow + h2 + lede (was a bare `.section-label` div).
- `.browse-grid` 5-col grid (was responsive auto-fill, 4-card
  layout). Skills tile added as a 5th card linking to
  `/marketplace?type=skills`.
- `.browse-card` mock-spec: 22 20 padding, 28px icon, 15px title,
  12.5px ink-muted desc, hover lifts -2px with brand border +
  shadow-md.

Section wrappers (`.home-usage`, `.first-session`) no longer carry
the white card chrome — they sit directly on the page bg, matching
the mock. Only Getting Started + Overview keep their white cards.

GLOBAL eyebrow vocabulary (`.home-hero-intro .eyebrow`,
`.first-session > .eyebrow`, `.surfaces > header .eyebrow`,
`.browse-section .eyebrow`) all aligned to mock spec: 12px / 700 /
1.5px tracking / brand-dark color / 14px bottom margin.

Hero h1 bumped to 44px / 800 / -1px tracking (was 32px / 600).

51/51 home tests pass.

* fix(web): /home session-intro card + terminal-body verbatim mock match

User comparison flagged three remaining /home gaps; this patch
addresses each:

- `.session-intro` rule was missing — the "five beats" tagline
  rendered as a bare line with no card chrome. Added the mock-
  spec card: white surface, 14px radius, 20×24 padding, 1px
  border + shadow-sm, with a 44×44 brand-light icon block on the
  left.

- Beat 1 terminal-title was `~/{{ workspace_dir }} — zsh` (mock-
  style shell-pwd format), but the user wants every terminal
  frame across all 5 beats to read `claude — {{ instance_brand }}`.
  Updated.

- Terminal-body line structure for beats 2-5 rewritten verbatim
  from the CEO mock:
  - `<span class="prompt">&gt;</span><span class="you">…</span>`
    now has no space between the prompt and user input (mock
    pattern: zero gap, the .prompt's `margin-right: 8px` provides
    the visual separation).
  - Beat 2 menu items use `<strong>[N]</strong>` numbering with
    project entries on indented lines, each project name followed
    by a `<span class="dim">(N ago)</span>` timestamp at a fixed
    column — instead of my prior single-line concatenation.
  - Beat 3 narrative split into 4 stanzas separated by blank lines
    (matches mock): the "Switched to <strong>X</strong>" status,
    then dim Loaded/Last-session lines, then a stand-alone "One
    unprocessed input detected:" pair, then the "Want me to
    process …" question. My prior version dim-wrapped the entire
    block, which looked off.
  - Beat 4 narrative split into headline summary + risks section
    with <strong> heads + bullet lists separated by blank lines,
    matching the mock's "Q1 close summary" / "Open risks" rhythm.
    The Q1 question carries the mock's manual line-break + 2-
    space continuation indent inside the `.you` span — without
    that, terminal-body's `white-space: pre-wrap` would auto-wrap
    awkwardly at a different column than the mock.
  - Beat 5 exit narrative uses two separate dim lines + a
    standalone `.ai-name` "See you next time." line, then prompt
    + caret. My prior version collapsed everything into one dim
    block.
  - Project names changed from customer-specific (`GRPN_*`) to
    generic (RevenueAnalysis, WeeklyReview, Onboarding, OpsDb,
    HRHandShake) so the OSS distribution stays vendor-agnostic
    per CLAUDE.md.
  - `Marketing plan` examples replaced with `Q1 close` so the
    narrative stays plausible for an analyst audience.

12/12 home tests pass.

* fix(web): /home surfaces verbatim mock — VS Code thumb, Terminal expected-output, NEW badge

User comparison flagged three remaining surface-section gaps:

- VS Code surface card was rendering a generic "Screenshot pending"
  placeholder; the mock has a labeled inline mockup
  (`<a class="vscode-thumb">` w/ `.thumb-fallback`) showing the
  recommended 4-pane layout (EXPLORER yellow, TERMINAL 1 purple,
  TERMINAL 2 green, TERMINAL 3 orange) on a dark navy bg + a
  "Recommended layout" caption pill. CSS `.vscode-thumb` block
  added — uses gradient-strip backgrounds to draw the colored
  panel bars without needing a base64 image.

- "Recommended" badge was a pill (999px radius) with
  `--brand-accent` bg + navy text. Mock uses `.badge` instead of
  `.recommend-pill` — solid `--primary` (brand-dark green) bg
  with WHITE text and 4px radius. Replaced the class + CSS rule
  so the badge reads as a tag, not a pill.

- Terminal surface card was missing the "What you should see"
  subsection — mock has an `.expected-output` block showing a
  sample of the welcome menu inside a dim dashed panel. Added the
  block with the mock's exact rendered output (templated to
  `{{ instance_brand }}` + generic project names instead of
  customer-specific GRPN entries) plus the `.expected-output`
  CSS (surface-dim bg + dashed border + `::before` "WHAT YOU
  SHOULD SEE" eyebrow per mock spec).

Also addressed the explore-section feedback:

- Skills browse-card now carries the `new` class so it picks up
  the `.browse-card.new::after` corner badge ("NEW", green bg,
  white text, 10px / 700 / 0.5px tracking) per mock.
- Browse cards align same height via `align-self: stretch` (grid
  default) + `flex-grow: 1` on `.browse-desc` so descriptions
  fill remaining vertical space; previously the Skills tile sat
  shorter because its desc text was longer than others'.

Structural HTML changes to all four surface cards: dropped the
inner `<div class="surface-card-head">` wrapper + `<p
class="surface-pitch">` class in favor of mock's flat layout
(`.what` + `.steps` + `.when-to-use`). `<ol class="surface-steps">`
replaced with `<div class="steps"><strong
class="steps-eyebrow">DAILY USE / QUICK ACCESS / CONNECT IT</strong>
<ol>...</ol></div>` so the eyebrow + numbered list share the
mock's tinted surface-dim panel.

12/12 home tests pass.

* fix(web): align /home setup walkthrough to design spec

- Setup-section header (eyebrow + heading + lede) floats above the
  install hero; install card has no accent strip; step labels drop
  `Step N —` prefix; closing strip is single flex row.
- VS Code surface card renders recommended-layout screenshot from
  `/static/img/vscode-layout.png` with click-to-enlarge lightbox.
- Workspace install path cascades to `~/Desktop/{workspace_dir}` in
  every step, surface card, first-session annotation, and shortcut.
- Step 1 verify text restores Enterprise — Finance and Legal option.
- Step 6 shortcut installs a shell function with arg forwarding
  (`"$@"` unix / `@args` windows) and a user-facing Auto / YOLO
  permission-mode toggle.
- Step 5 manual-fallback details inline on the CTA row; description
  reads at step-lede size, not 13px chip.
- Setup-section heading no longer right-aligns (was inheriting
  `header { display: flex; justify-content: space-between }` from
  the legacy stylesheet; wrapper changed to `<div>`).
- Getting Started `<details>` block removed (duplicated links).

* test(web): align /home tests with restructured setup wizard

- Replace test_getting_started_card_renders_on_home with
  test_setup_section_renders_for_not_onboarded — asserts the new
  setup-section-header floats above the install hero and Getting
  Started markup is absent (block removed in the prior commit).
- Update automode-block test to match labels without the
  `Step N —` prefix.
- Update setup-CTA partial test to match the relabeled
  "Copy install script to clipboard" button.

Drop orphaned CSS for `.home-getting-started`, `.home-gs-summary*`,
and `.home-gs-item` — selectors had no matching markup after the
Getting Started block was removed.

Also: Step 3 `pwd` expected-output uses an absolute path
(`/Users/yourname/Desktop/{workspace_dir}`) instead of the
tilde-prefixed form, matching what the command actually prints.

* fix(web): repaint home_onboarded + setup_advanced; align CTA label

- home_onboarded + setup_advanced still carried the retired blue
  `#0056A3` as both `--hp-primary-dark` and the hero gradient
  endpoint. Both reference `var(--primary-dark)` now so the green
  palette cascades.
- setup_advanced YOLO snippet was the old `alias` form (no cd, no
  arg forwarding). Replaced with the shell function variant from
  /home Step 6 — drops into ~/Desktop/{workspace_dir} and forwards
  "\$@" (unix) / @args (Windows).
- setup_advanced ~/{workspace_dir} path references cascaded to
  ~/Desktop/{workspace_dir} so install story matches /home.
- Dashboard's "Setup a new Claude Code" button label aligned to the
  canonical "Copy install script to clipboard" — matches /home and
  the new docstring in _claude_setup_cta.jinja, which now mandates
  this label across consumers.

* fix(web): keep base brand blue; scope green palette to /home redesign

User noticed login + dashboard had turned green when the /home
redesign flipped --primary from blue (#0073D1) to green (#2ea877)
in commit 278f202e. The brand-wide flip went further than the
redesign needed — only /home, /home (onboarded), and /setup-advanced
intentionally use the green/navy spec; every other page (login,
dashboard, catalog, marketplace, admin, profile) was just inheriting
the green because --primary cascaded everywhere.

Revert the global brand colour to blue and lock the green into the
two outstanding redesign scopes:

- style-custom.css: --primary back to #0073D1, --primary-light back
  to rgba(0,115,209,0.1), --primary-dark back to #005BA3,
  --brand-accent back to a lighter blue.
- home_onboarded.html: .home-mock now sets --hp-primary,
  --hp-primary-dark, --hp-primary-light to explicit green hex
  (matching home_not_onboarded), so the hero stays green regardless
  of the global brand.
- setup_advanced.html: same lock — .advanced-mock pins the green
  palette in-scope.

Hero gradients on both pages now reference the local --hp-primary
chain (not the global --primary), so any future palette tweak inside
either scope cascades correctly without disturbing the rest of the app.

* refactor(web): hoist --hp-* into shared design-tokens.css (--ds-*)

PR 2 of the design-system extraction ladder. Pure mechanical rename
+ dedup; no visual diff on any rendered page (verified on /home,
/dashboard).

- New app/web/static/css/design-tokens.css declares the full token
  set on :root: brand surface (green primary, primary-dark, mint
  light, brand-accent), hero (navy bg + ink), code-panel (near-black
  bg + cool ink + warm-yellow), light surfaces (bg/surface/border),
  text (primary/secondary/muted), orange accent, info + warn
  callout vocabularies, navy-tinted elevation shadows, system font
  stack + mono.
- base.html loads it alongside style-custom.css so the tokens are
  globally available.
- Rename --hp-* -> --ds-* in home_not_onboarded (313 refs),
  home_onboarded (15), setup_advanced (39). 367 token references
  pointed at one of three local blocks; now all point at the
  global :root.
- Drop the three local token blocks. Each scope class
  (.home-mock / .advanced-mock) only keeps its base ink + font-size
  + line-height rules.

The legacy --primary family stays canonical for the blue base
brand — login, dashboard, catalog, marketplace, admin still read
blue. The design system is opt-in via the scope class.

* refactor(web): extract shared components.css; migrate /home markup

PR 3 of the design-system extraction ladder. First batch of
reusable components lifted out of home_not_onboarded.html into a
new shared stylesheet; markup migrated to consume them.

- New app/web/static/css/components.css with five components, all
  reusable on any page that loads design-tokens.css:
    .callout-rec        — amber lightbulb recommendation box
    .callout-hint       — blue info hint box
    .code-output        — "WHAT YOU SHOULD SEE" terminal output block
    .lightbox           — full-bleed image enlarge overlay
    .setup-section-header — wizard header (eyebrow + h2 + lede)
- base.html loads components.css after design-tokens.css.
- home_not_onboarded.html markup renamed:
    class="rec"             -> class="callout-rec"
    class="hint"            -> class="callout-hint"
    class="expected-output" -> class="code-output"
- Local CSS rules removed from home_not_onboarded.html for each of
  the extracted components — ~150 lines down to 5-line "extracted to
  components.css" comments. The bespoke wizard-specific styles
  (.install-cmd, .os-tabs, .mode-tabs, .terminal-frame) stay
  template-local for now since they only have one consumer.

Visual regression check: /home install hero renders the amber rec
callout, blue hint callout, dashed code-output block, green section
header, and click-to-enlarge VS Code thumb identically to the
pre-extraction render. 43 home tests pass.

* fix(web): unify page-headers — activity-center full-width, marketplace shares box

- /activity-center audit-log hero rendered as half-width because the
  _page_hero include was inside <header class="obs-topbar">, a flex
  row that pinned the time-range + auto-refresh controls next to it.
  The hero is now a sibling rendered before the <header>, so it
  spans the full container width like every other admin page; the
  controls keep their flex row underneath.
- Marketplace hero unified with .page-header--hero. Markup is now
  <section class="page-header page-header--hero mp-hero"> so the
  shared box drives padding/radius/gradient/max-width/shadow; the
  .mp-hero override block only carries the right-anchored cover
  image and the rules for the search row + scope checkboxes (which
  the canonical hero doesn't have). Inner text uses the canonical
  .page-header__eyebrow / __title / __subtitle classes.
- .page-header--hero shadow tint now follows the brand blue
  (rgba(0, 115, 209, 0.2)) instead of the leftover green from the
  prior palette flip; same depth highlight everywhere the gradient
  is blue.

* fix(web): unify remaining page heroes — admin, profile, install, store, stack

Sweep across pages that carried bespoke gradient hero markup so
every page-hero shares the canonical `.page-header--hero`
dimensions (padding 28/32/24, border-radius 14, max-width
var(--width-app), navy-tinted shadow, gradient with --primary →
--primary-dark). Inner text uses the .page-header__eyebrow /
__title / __subtitle classes so typography matches across the app.

- admin_tables: migrated to _page_hero.html include.
- admin_tokens: kept .tokens-hero wrapper for the counts-chip row
  but added the canonical class on the same element; stripped
  duplicate gradient + padding + typography rules.
- install: same pattern (kept hero-meta pill row).
- profile: migrated to _page_hero.html include.
- store_upload: kept .upload-hero wrapper for the .meta chip row;
  composite class with the canonical hero.
- setup_advanced: .advanced-mock .ad-hero now matches canonical
  dimensions; green palette retained via --ds-primary/dark.
- stack_card.css: .stack-hero (catalog + corporate-memory search
  hero) uses canonical gradient + padding + max-width.

The detail-page heroes (marketplace_plugin_detail,
marketplace_item_detail, catalog_*_detail, store_edit,
admin_group_detail, admin_store_submission_detail) stay bespoke
for now — they're rich detail headers with photos, badges, install
actions; converting them would lose contract context. Same applies
to dashboard.html env-setup-cta (it's a CTA card, not a page hero).

* fix(web): canonicalise .container — single page shell every page inherits

Previously each admin page set its own `.container:has(.<page>)
{max-width: none}` + `.<page>-page {max-width: 1400px}` override,
and per-page hero markup either nested inside flex toolbars (which
pinned the hero next to filter controls and squeezed it half-width)
or self-constrained with a different max-width than the page. /home,
/dashboard, /marketplace, and /admin/* ended up at different widths
with different nav-to-hero gaps.

- style-custom.css `.container` now carries the canonical 1280px
  max-width + `16px 32px 48px` padding so every page inherits the
  same nav-to-hero gap and side gutters. `.container > main` is
  margin/padding 0 so the container is the sole owner of gutters.
- `.page-header--hero` drops its self-constraining max-width and
  auto-centering margin — the container provides the width, so the
  hero sits flush with the table/toolbar below it.
- `.stack-hero` (catalog + corporate-memory) and `.advanced-mock
  .ad-hero` (/setup-advanced) follow the same pattern: container
  owns the width.
- Per-page max-width overrides stripped from admin_users,
  admin_access, admin_groups, admin_marketplaces, admin_welcome,
  admin_workspace_prompt.
- _page_hero include extracted from inside flex toolbars on
  admin_users, admin_access, admin_groups, admin_marketplaces,
  admin_server_config, admin_welcome, admin_workspace_prompt,
  admin_sessions, admin_session_detail, admin_usage,
  activity_center. The toolbar (`.users-toolbar`, `.gp-toolbar`,
  etc.) keeps only the filter + action controls; hero renders
  before it as a sibling.
- _page_chrome.html trimmed to just the page-background tint for
  the redesign scopes; the duplicate `.container` rules it carried
  are now redundant.

Verified: /home, /admin/marketplaces, /admin/users all render
container width 1280px with hero top at 88px (16px below the
72px-tall sticky nav). Same spacing as /home design spec.

* fix(web): admin_tables + admin_corporate_memory inherit canonical .container

Both pages were overriding `{% block layout %}` from base.html,
which bypasses the canonical `.container` wrapper. Result: hero
span the full viewport (1596px on a wide screen) while the inner
content sat at a narrower max-width — hero and content didn't
align, and the nav-to-hero gap differed from every other admin
page.

Switched both templates to `{% block content %}` so they render
inside the canonical `.container` from base.html — same path as
admin_groups, admin_users, admin_marketplaces, etc.

- admin_tables: dropped local `.page-title { max-width: 1600px }`
  + `.content { max-width: 1600px }` overrides (kept typography +
  inner gutter rules) and the mobile padding overrides that paired
  with them. Container now owns the gutters.
- admin_corporate_memory: only the block keyword needed changing;
  the template already had a clean inner structure (no max-width
  override on `.container-memory`).

Verified on /admin/tables and /admin/corporate-memory:
- .container width 1280, padding 16/32/48
- Hero top 88 (nav 72 + container padding-top 16)
- Hero + content both 1216px wide, both at left 190 — perfect
  alignment with /admin/groups.

* fix(web): drop .page-shell padding override + admin_tables stale :root

Two regressions discovered after the canonical-container unification:

1. `.container:has(.page-shell)` still set `padding: 28px 32px 48px`
   while the canonical `.container` had moved to `16px 32px 48px`.
   Every page-shell consumer (/admin/sessions, /admin/sessions/<id>,
   /admin/usage, /marketplace, /dashboard, marketplace detail pages,
   /me/activity, /store/*, /admin/store-submissions) was rendering
   with a 28px nav-to-hero gap while /admin/users + /admin/groups
   rendered with 16px. Same width, mismatched vertical rhythm.
   The opt-in rule is now a no-op marker: canonical container
   already provides 1280px + 16/32/48 + main margin/padding 0.

2. admin_tables.html had a stale `<style>` block that re-declared
   `:root { --primary: var(--primary); ... }`. The self-referential
   token resolved to empty, collapsing the page-header hero's
   `linear-gradient(135deg, var(--primary), var(--primary-dark))`
   to no background — the hero appeared as a pale ghost without
   colour. The entire shadow `:root` block was a stale copy of the
   design tokens that style-custom.css already provides. Dropped
   it; tokens now resolve from the global `:root`.

After both fixes /admin/sessions, /admin/tables, and every other
page-shell consumer match /admin/groups exactly: container 1280px,
container padding-top 16px, hero at top 88px / left 190px / width
1216px.

* fix(web): drop /admin/tokens .tokens-page width + padding override

`.tokens-page` carried its own `max-width: 1280px; margin: 0 auto;
padding: 28px 8px 48px` block — the canonical `.container` already
provides width + 16/32/48 padding, so the nested wrapper was
adding 28px on top of the container's 16px (= 44px nav-to-hero
gap, vs 16px on every other admin page) and shrinking the hero
sideways by 8px on each side (1200px vs the canonical 1216px).

After: container owns the layout; `.tokens-page` is just a
font-family scope. /admin/tokens hero now sits at top 88, left 190,
width 1216 — same numbers as /admin/groups / /admin/users.

* fix(web): hero links readable on blue; /admin/access Groups link href

- New `.page-header--hero a` rule in style-custom.css forces any
  anchor inside a gradient hero to render white + underlined so
  links stay readable on the blue background. Previously links
  inherited the global `var(--primary)` blue, which disappeared
  on top of the matching blue gradient. No per-page class needed —
  drop a plain `<a>` in any hero subtitle and it just works.
- /admin/access hero subtitle was Jinja-passing the inline link
  with HTML-entity-encoded quotes (`href=&quot;...&quot;`). The
  entities decoded to literal `"` characters inside the rendered
  href, producing `/admin/%22/admin/groups%22` — a 404. Switched
  the `set` to a block-set (`{% set page_hero_subtitle %}...{% endset %}`)
  so the inline `<a href="/admin/groups">Groups</a>` survives
  unescaped through `_page_hero.html`. Also stripped the now-redundant
  inline `style="color:#fff;text-decoration:underline;"` — the new
  shared rule handles it.

* fix(web): /dashboard top padding matches every other page

`.main` on /dashboard had `padding: 28px 32px 48px` while every
other page now uses `16px 32px 48px` via the canonical
`.container`. Dashboard bypasses `.container` (overrides
base.html's `layout` block to render a full-width `<main>`
directly), so the padding lives on `.main` itself — bumped the
top to 16px to match.

After: first child top = 88, left = 190, width = 1216 — same
numbers as /admin/groups / /admin/users / /admin/marketplaces.

* fix(web): green eyebrow + white title on .page-header--hero (matches /home)

`.page-header--hero .page-header__eyebrow` was faint white
(rgba(255,255,255,0.75)) — readable but unbranded against the blue
gradient. Changed to `var(--ds-brand-accent)` (mint green #54d3a0)
so every page hero pairs a green eyebrow with white title +
subtitle, echoing /home's setup-section header (green eyebrow,
dark heading combo). One CSS rule applies everywhere — no
per-page styling needed.

Also bumped the eyebrow to font-weight 700 / letter-spacing 1.2px
so the green stands out cleanly against the gradient.

* fix(web): page-header--hero + stack-hero use /home navy gradient

`.page-header--hero` and `.stack-hero` were on the brand-blue
gradient (`var(--primary)` → `var(--primary-dark)`) while
/home's hero (`.home-hero-intro`) sits on the deeper navy
gradient (`#0f1b3a` → `#1a2a5f`). Every other page-hero now
uses that same navy gradient so /home, /marketplace, /catalog,
/corporate-memory, /admin/*, /profile, /install, /dashboard,
/setup-advanced share one brand surface. Shadow tint adjusted
to the navy depth (rgba(15, 27, 58, 0.22)).

Brand blue stays the link/CTA colour everywhere else; only the
hero box itself is navy.

* fix(web): primary buttons green; marketplace tabs navy translucent

Two parity tweaks pulling the rest of the app toward /home's
visual language.

- `.btn-primary` (both rules in style-custom.css) now uses
  `var(--ds-primary)` / `var(--ds-primary-dark)` green fill,
  matching the "Copy install script to clipboard" button on
  /home. Brand-blue `--primary` still drives link colour and the
  accent surface; only the filled button background flipped to
  green. Every page with a `.btn-primary` (admin "+Add user",
  "+Add marketplace", catalog, marketplace actions, dashboard,
  modals) now reads as the same "do it" affordance.
- `.mp-tabs` (Curated Marketplace / Flea Market / My Stack tab
  group) now sits on the navy `--ds-hero-bg` with translucent
  white pills (rgba(255,255,255,0.10) inactive, 0.18 active) —
  same translucent-white-on-navy treatment as the "Just browse —
  no install needed" pill on /home. Icons render as soft white;
  per-tab colour-coding dropped in favour of the unified surface.

* fix(web): catalog/memory tabs + empty-state CTA + admin action buttons

Bring /catalog and /memory in line with /home + /marketplace:

- `.stack-tabs` (Browse / My Stack / Recipes on /catalog,
  Browse / My Stack on /memory) now uses the navy `--ds-hero-bg`
  container with translucent-white-on-navy pills, mirroring the
  `.mp-tabs` treatment and /home's "Just browse — no install
  needed" CTA pill. Per-tab icon colour-coding dropped — icons
  render as soft white on the navy fill.
- `.stack-tabs-row__actions .btn` (right-slot "+New Recipe",
  "+New Data Package" admin CTAs) now uses green primary fill
  (`--ds-primary`), matching `.btn-primary` and /home's
  "Copy install script to clipboard" button.
- `.stack-empty .cta a` (empty-state action button — the
  "Open /admin/tables →" CTA on /catalog and equivalent on
  /memory) flipped from blue `--primary` to green `--ds-primary`
  so the colour aligns with every other primary button in the app.

* fix(web): marketplace Search button green (--ds-primary) matching other CTAs

* fix(web): unify Search button + admin-action button across browse pages

- Added Search button (`<button class="stack-hero__search-btn">`)
  to /catalog and /memory heroes — same green pill as /marketplace.
  Wired to the existing live-filter pipeline (button click runs
  `applyFilters()` and refocuses the input). All three browse pages
  now wear the identical search bar UI.
- `.stack-hero__search-btn` shares `--ds-primary` fill with
  `.mp-hero .search-btn`.
- `.mp-actions .btn` ("Submit a skill or plugin" CTA on /marketplace)
  flipped from the legacy blue-outline to the same green primary
  fill + dimensions (`display: inline-flex; line-height: 1;
  padding: 9px 16px; gap: 6px`) as `.stack-tabs-row__actions .btn`
  on /catalog and /memory. All three right-slot action buttons
  render at identical height now.
- `.stack-tabs-row__actions .btn` got `inline-flex` + `line-height: 1`
  + `gap: 6px` so a `<button class="btn">` and a `<a class="btn">`
  both render at exactly 33px high — the embedded
  `.admin-only-hint` chip no longer pushes one variant taller
  than the other.

* fix(web): marketplace guide CTAs green (fastpath + primary); drop flea purple

* fix(web): dashboard CTA hero on navy; readable <code> chips in hero

- `.env-setup-cta` on /dashboard ("Set up a new Claude Code"
  card) flipped from the brand-blue gradient + green-tinted shadow
  to the canonical navy gradient (`--ds-hero-bg` → `#1a2a5f`) with
  navy-tinted shadow + 14px radius + 28/32/24 padding, matching
  `.page-header--hero` and /home's `.home-hero-intro`. Dashboard's
  top CTA now sits on the same brand surface as every other hero.
- Added `.page-header--hero code` rule — translucent white pill +
  warm-yellow ink (#ffd866) so `<code>` chips embedded in hero
  subtitles read as code samples against the navy gradient. The
  global `code` rule sets `color: var(--text-primary)` (dark),
  which turned in-hero chips into invisible dark-on-white-on-navy
  ghosts (e.g. the `-by-dev` suffix on /store/new).
- /store/new's `.page-header__subtitle code` dropped its inline
  style override — the shared rule handles it now.

* feat(web): two-theme switching via data-theme + admin toggle

Introduces a theme system that flips the entire UI palette between
"navy" (current design, default) and "blue" (pre-redesign palette)
via a single `<html data-theme="...">` attribute. Page markup, class
names, and component styles don't change — only the `--ds-*` token
values flip.

Backend
- New `app/instance_config.py::get_instance_theme()` resolves the
  active theme from `AGNES_INSTANCE_THEME` env > `instance.theme`
  in instance.yaml > default "navy". Unrecognised values clamp to
  "navy" so a typo doesn't break the page.
- `app/web/router.py::_build_context` injects `instance_theme`
  alongside `instance_brand` etc. so every template inherits it.
- `app/web/templates/base.html` renders
  `<html lang="en" data-theme="{{ instance_theme | default('navy') }}">`.

CSS
- `app/web/static/css/design-tokens.css` adds two new tokens to
  the default `:root` set: `--ds-hero-shadow` (drop-shadow tint
  on hero boxes) and `--ds-hero-eyebrow` (eyebrow accent colour).
  Plus a `:root[data-theme="blue"]` override block that flips
  seven tokens: `--ds-primary`, `--ds-primary-dark`,
  `--ds-primary-light`, `--ds-brand-accent`, `--ds-hero-bg`,
  `--ds-hero-bg-deep`, `--ds-hero-shadow`, `--ds-hero-eyebrow`.
  The blue theme aliases the brand surface tokens back to the
  legacy `--primary` family.
- `.page-header--hero`, `.stack-hero`, `.env-setup-cta`,
  `.home-mock .home-hero-intro` now reference the new
  `--ds-hero-shadow` and `--ds-hero-bg-deep` tokens instead of
  hard-coding `rgba(15, 27, 58, 0.22)` and `#1a2a5f` — gradient +
  shadow now flip with the theme.
- `.page-header--hero .page-header__eyebrow` uses
  `var(--ds-hero-eyebrow)` so the eyebrow goes mint-green on
  navy and translucent-white on blue (mint on blue reads poorly).

Admin
- `app/api/admin.py::_KNOWN_FIELDS["instance"]` now registers a
  `theme` field of kind `select` with options `["navy", "blue"]`
  and a `hint` explaining the trade-off. The existing
  /admin/server-config UI auto-renders a select for this — no
  template changes needed.

Defaults
- Default value is "navy" so existing instances see no visual
  change. Admins flip to "blue" via /admin/server-config to
  restore the pre-redesign look.

Restart note: uvicorn must reload to pick up the Python changes
(new getter, new template-context key, new known-field). CSS
changes hot-reload via browser refresh.

* fix(web): blue theme — home hero eyebrow + CTA contrast

`.home-hero-intro .eyebrow` and `.btn-intro-primary` referenced
`--ds-brand-accent` directly, which on the blue theme resolves to
the lighter brand-accent blue (#4F9DEB). Result: light-blue eyebrow
on the blue gradient ("WELCOME, ADMIN" barely readable) and a
light-blue button with darker-blue text ("Set up in ~15 min")
that all sat in the same hue range.

Introduces three new theme-aware tokens:
- `--ds-hero-eyebrow` already existed; blue theme bumped opacity
  to 0.92 so the eyebrow reads as full white.
- `--ds-hero-cta-bg` + `--ds-hero-cta-fg` + `--ds-hero-cta-bg-hover`
  flip the primary hero CTA: mint-green on navy (default), white-
  on-blue under `data-theme="blue"`.

`.home-hero-intro .eyebrow` now uses `--ds-hero-eyebrow` (mint on
navy / white on blue) and `.btn-intro-primary` uses the CTA token
trio.

Recommended palette on blue theme:
- Eyebrow: white at 92% opacity (clear on the blue gradient).
- Primary CTA pill: white background, brand-blue dark text
  (`--primary-dark` = #005BA3) for AAA-level contrast.
- Secondary CTA: translucent white pill (unchanged).

* fix(web): blue theme — callout-hint info bg/border/ink re-tinted to brand blue (was indigo, clashed with brand-blue hero)
2026-05-21 06:19:16 +00:00

862 lines
34 KiB
HTML
Raw Blame History

{% extends "base.html" %}
{% block title %}Resource access — {{ config.INSTANCE_NAME }}{% endblock %}
{% block content %}
<style> .ax-toolbar {
display: flex; justify-content: space-between; align-items: center;
gap: 16px; margin-bottom: 20px; flex-wrap: wrap;
}
.ax-layout {
display: grid; grid-template-columns: 320px 1fr; gap: 20px;
align-items: start;
}
@media (max-width: 900px) { .ax-layout { grid-template-columns: 1fr; } }
.ax-card {
background: var(--surface, #fff);
border: 1px solid var(--border, #e5e7eb);
border-radius: 12px;
overflow: hidden;
}
.ax-card-head {
display: flex; align-items: center; justify-content: space-between;
padding: 14px 16px; border-bottom: 1px solid var(--border, #e5e7eb);
background: var(--border-light, #f9fafb);
}
.ax-card-head h3 { margin: 0; font-size: 14px; font-weight: 600; }
/* Groups list */
.group-list { list-style: none; margin: 0; padding: 0; }
.group-item {
display: flex; align-items: center; gap: 10px;
padding: 12px 14px; border-bottom: 1px solid var(--border-light, #f3f4f6);
cursor: pointer; transition: background 0.12s;
}
.group-item:last-child { border-bottom: none; }
.group-item:hover { background: var(--border-light, #fafafa); }
.group-item.is-active { background: #eef2ff; }
.group-item.is-active .group-name { color: var(--primary, #4338ca); }
.group-dot {
width: 8px; height: 8px; border-radius: 50%;
background: #cbd5e1; flex-shrink: 0;
}
.group-item.is-active .group-dot { background: var(--primary, #6366f1); }
.group-meta { display: flex; flex-direction: column; gap: 2px; flex: 1; min-width: 0; }
.group-name { font-size: 13px; font-weight: 500; color: var(--text-primary, #111827); }
.group-name-sub {
display: block;
font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, monospace;
font-size: 10px; color: var(--text-secondary, #6b7280);
margin-top: 2px;
overflow: hidden; text-overflow: ellipsis; white-space: nowrap;
}
.origin-chip {
display: inline-block;
padding: 1px 6px; border-radius: 999px;
font-size: 9px; font-weight: 600;
text-transform: uppercase; letter-spacing: 0.4px;
margin-left: 6px; vertical-align: middle;
}
.origin-system { background: #fef3c7; color: #92400e; }
.origin-custom { background: #ede9fe; color: #6d28d9; }
.origin-google_sync { background: #dcfce7; color: #166534; }
.group-desc {
font-size: 11px; color: var(--text-secondary, #6b7280);
overflow: hidden; text-overflow: ellipsis; white-space: nowrap;
}
.group-count {
font-size: 10px; font-weight: 600; padding: 2px 7px; border-radius: 999px;
background: #e0e7ff; color: #3730a3;
}
.group-row-actions { display: flex; gap: 4px; opacity: 0; transition: opacity 0.15s; }
.group-item:hover .group-row-actions { opacity: 1; }
.group-item.is-active .group-row-actions { opacity: 1; }
.group-act-btn {
background: transparent; border: 1px solid var(--border, #e5e7eb);
color: var(--text-secondary, #6b7280);
font-size: 10px; padding: 2px 6px; border-radius: 4px; cursor: pointer;
}
.group-act-btn:hover { color: var(--text-primary, #111827); border-color: #cbd5e1; background: #fff; }
.group-act-btn.danger:hover { color: #b91c1c; border-color: #fecaca; background: #fef2f2; }
.ax-empty {
padding: 28px 16px; text-align: center;
font-size: 13px; color: var(--text-secondary, #6b7280);
}
/* Right side — resource type sections + per-block collapsibles.
Each resource type gets a colored left stripe + faint tinted banner
so the three-level hierarchy (type → block/bucket → item) reads at
a glance. Colors cycle 4-wide via :nth-child so adding more resource
types in app/resource_types.py works without touching CSS. */
.rt-section + .rt-section {
border-top: 8px solid var(--border-light, #f1f5f9);
}
.rt-section-head {
padding: 16px 20px;
font-size: 12px; font-weight: 700; letter-spacing: 0.6px;
text-transform: uppercase; color: #1e293b;
border-bottom: 1px solid var(--border, #e5e7eb);
border-left: 4px solid var(--primary);
background: linear-gradient(to right,
rgba(46, 168, 119, 0.10), rgba(46, 168, 119, 0.02));
}
.rt-section:nth-child(4n+2) > .rt-section-head {
border-left-color: #10b981;
background: linear-gradient(to right,
rgba(16, 185, 129, 0.10), rgba(16, 185, 129, 0.02));
}
.rt-section:nth-child(4n+3) > .rt-section-head {
border-left-color: #f59e0b;
background: linear-gradient(to right,
rgba(245, 158, 11, 0.10), rgba(245, 158, 11, 0.02));
}
.rt-section:nth-child(4n+4) > .rt-section-head {
border-left-color: #f43f5e;
background: linear-gradient(to right,
rgba(244, 63, 94, 0.10), rgba(244, 63, 94, 0.02));
}
.mp-block { border-bottom: 1px solid var(--border-light, #f3f4f6); }
.mp-block:last-child { border-bottom: none; }
.mp-block-head {
display: flex; align-items: center; gap: 10px;
padding: 12px 16px; background: var(--border-light, #fafafa);
cursor: pointer; user-select: none;
}
.mp-block-head h4 { margin: 0; font-size: 13px; font-weight: 600; color: var(--text-primary, #111827); }
.mp-block-head .count {
font-size: 11px; padding: 2px 7px; border-radius: 999px;
background: #e0e7ff; color: #3730a3; font-weight: 600;
}
.mp-block-head .spacer { flex: 1; }
.mp-block-head .chev { transition: transform 0.15s; color: #9ca3af; }
.mp-block.is-collapsed .item-grid { display: none; }
.mp-block.is-collapsed .mp-block-head .chev { transform: rotate(-90deg); }
.bulk-btn {
font-size: 11px; padding: 4px 8px; border: 1px solid var(--border, #e5e7eb);
background: var(--surface, #fff); color: var(--text-secondary, #6b7280);
border-radius: 6px; cursor: pointer;
}
.bulk-btn:hover { color: var(--text-primary, #111827); border-color: #cbd5e1; }
.item-grid {
display: grid; grid-template-columns: repeat(auto-fill, minmax(280px, 1fr));
gap: 0; padding: 0;
}
.item-cell {
display: flex; align-items: flex-start; gap: 10px;
padding: 10px 16px;
border-right: 1px solid var(--border-light, #f3f4f6);
border-bottom: 1px solid var(--border-light, #f3f4f6);
cursor: pointer; transition: background 0.1s;
}
.item-cell:hover { background: var(--border-light, #fafafa); }
.item-cell input[type="checkbox"] {
margin-top: 2px; width: 15px; height: 15px; cursor: pointer;
accent-color: var(--primary, #6366f1);
}
.item-cell.is-granted { background: #f5f3ff; }
.item-cell.is-granted:hover { background: #ede9fe; }
.ic-text { display: flex; flex-direction: column; gap: 2px; min-width: 0; }
.ic-name {
font-size: 13px; font-weight: 500; color: var(--text-primary, #111827);
word-break: break-word;
}
.ic-meta { font-size: 11px; color: var(--text-secondary, #6b7280); }
.ic-src {
display: inline-block; padding: 1px 6px; border-radius: 4px;
background: #f3f4f6; color: #374151; font-size: 10px; font-weight: 500;
text-transform: uppercase; letter-spacing: 0.3px; margin-left: 4px;
}
/* v39: SYSTEM pill — same amber palette as the .origin-system chip on
/admin/groups so the "system" semantic reads consistently across the
admin surface. */
.ic-system-pill {
display: inline-block; padding: 1px 6px; border-radius: 999px;
background: #fef3c7; color: #92400e; font-size: 10px; font-weight: 600;
text-transform: uppercase; letter-spacing: 0.4px; margin-left: 4px;
}
.item-cell.is-system { background: #fffbeb; }
.item-cell.is-system:hover { background: #fef3c7; }
.item-cell input[type="checkbox"]:disabled { cursor: not-allowed; opacity: 0.7; }
.ic-desc {
font-size: 11px; color: var(--text-secondary, #6b7280);
margin-top: 2px; line-height: 1.35;
display: -webkit-box; -webkit-line-clamp: 2; -webkit-box-orient: vertical;
overflow: hidden;
}
.ax-hint {
padding: 14px 16px; font-size: 12px; color: var(--text-secondary, #6b7280);
background: #fffbeb; border-bottom: 1px solid #fde68a;
}
.ax-hint a { color: var(--primary, #6366f1); }
.ax-filter {
padding: 10px 16px; border-bottom: 1px solid var(--border, #e5e7eb);
background: var(--surface, #fff);
}
.ax-filter input {
width: 100%; padding: 7px 10px 7px 30px;
border: 1px solid var(--border, #e5e7eb); border-radius: 6px;
font-size: 12px;
background: #fff url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='12' height='12' viewBox='0 0 24 24' fill='none' stroke='%236b7280' stroke-width='2'><circle cx='11' cy='11' r='8'/><path d='m21 21-4.35-4.35'/></svg>") no-repeat 9px center;
}
.ax-btn {
padding: 6px 12px; border-radius: 6px; font-size: 12px; font-weight: 500;
border: 1px solid var(--border, #e5e7eb); background: var(--surface, #fff);
cursor: pointer;
}
.ax-btn:hover { background: var(--border-light, #f9fafb); }
.ax-btn.primary { background: var(--primary, #6366f1); color: #fff; border-color: var(--primary, #6366f1); }
.ax-btn.primary:hover { filter: brightness(1.05); }
/* Modal */
.modal-backdrop {
position: fixed; inset: 0; background: rgba(15, 23, 42, 0.55);
display: none; align-items: center; justify-content: center; z-index: 1000;
padding: 16px;
}
.modal-backdrop.is-open { display: flex; }
.modal-card {
background: var(--surface, #fff); border-radius: 12px;
padding: 24px; width: 100%; max-width: 480px;
box-shadow: 0 20px 60px rgba(0, 0, 0, 0.25);
max-height: 90vh; overflow-y: auto;
}
.modal-card h3 { margin: 0 0 6px; font-size: 17px; font-weight: 600; }
.modal-card p.sub { margin: 0 0 18px; font-size: 13px; color: var(--text-secondary, #6b7280); }
.modal-card label {
display: block; font-size: 12px; font-weight: 500;
color: var(--text-secondary, #6b7280); margin: 12px 0 6px;
}
.modal-card input[type="text"], .modal-card textarea {
width: 100%; padding: 9px 12px; border: 1px solid var(--border, #e5e7eb);
border-radius: 8px; font-size: 13px; box-sizing: border-box;
background: var(--surface, #fff); color: var(--text-primary, #111827);
font-family: inherit;
}
.modal-card textarea { min-height: 60px; resize: vertical; }
.modal-actions { display: flex; gap: 8px; justify-content: flex-end; margin-top: 20px; }
.toast-stack {
position: fixed; bottom: 24px; right: 24px; z-index: 2000;
display: flex; flex-direction: column; gap: 8px; pointer-events: none;
}
.toast {
background: #111827; color: #fff; padding: 10px 16px;
border-radius: 8px; font-size: 13px; box-shadow: 0 10px 30px rgba(0, 0, 0, 0.25);
opacity: 0; transform: translateY(8px); transition: opacity 0.2s, transform 0.2s;
pointer-events: auto; max-width: 380px;
}
.toast.show { opacity: 1; transform: translateY(0); }
.toast.success { background: #047857; }
.toast.error { background: #b91c1c; }
/* Tabs inside detail panel */
.ax-tabs {
display: flex; gap: 0;
border-bottom: 1px solid var(--border, #e5e7eb);
background: var(--surface, #fff);
padding: 0 4px;
}
.ax-tab {
padding: 11px 18px;
background: transparent; border: 0; border-bottom: 2px solid transparent;
font-size: 13px; font-weight: 500;
color: var(--text-secondary, #6b7280);
cursor: pointer; transition: color 0.12s, border-color 0.12s;
}
.ax-tab:hover { color: var(--text-primary, #111827); }
.ax-tab.is-active {
color: var(--primary, #4338ca);
border-bottom-color: var(--primary, #6366f1);
}
.ax-pane { display: none; }
.ax-pane.is-active { display: block; }
/* Members table */
.members-table-wrap { padding: 0; }
.members-table { width: 100%; border-collapse: collapse; font-size: 13px; }
.members-table thead th {
text-align: left; padding: 10px 16px;
background: var(--border-light, #f9fafb);
border-bottom: 1px solid var(--border, #e5e7eb);
font-weight: 600; color: var(--text-secondary, #6b7280);
font-size: 11px; text-transform: uppercase; letter-spacing: 0.4px;
}
.members-table tbody td {
padding: 10px 16px;
border-bottom: 1px solid var(--border-light, #f3f4f6);
}
.members-table tbody tr:last-child td { border-bottom: none; }
.members-table tbody tr:hover { background: var(--border-light, #fafafa); }
.source-badge {
display: inline-block; padding: 2px 7px; border-radius: 999px;
font-size: 10px; font-weight: 600;
text-transform: uppercase; letter-spacing: 0.4px;
}
.source-admin { background: #fef3c7; color: #92400e; }
.source-google_sync { background: #dcfce7; color: #166534; }
.source-system_seed { background: #e0e7ff; color: #3730a3; }
/* Form for add-member */
.ax-form {
display: flex; gap: 8px; align-items: flex-end;
padding: 14px 16px;
border-top: 1px solid var(--border-light, #f3f4f6);
background: var(--border-light, #f9fafb);
}
.ax-field { display: flex; flex-direction: column; gap: 4px; flex: 1; }
.ax-field label {
font-size: 11px; text-transform: uppercase;
letter-spacing: 0.4px; color: var(--text-secondary, #6b7280); font-weight: 600;
}
.ax-field input {
padding: 7px 10px;
border: 1px solid var(--border, #e5e7eb); border-radius: 6px;
font-size: 13px; background: var(--surface, #fff);
}
</style>
<div class="ax-page">
{% set page_hero_eyebrow = "Users & Access" %}
{% set page_hero_title = "Resource access" %}
{% set page_hero_subtitle %}Pick a group on the left, check resources on the right to grant access. Manage groups and members on <a href="/admin/groups">Groups</a>.{% endset %}
{% include "_page_hero.html" %}
<div class="ax-toolbar">
<div>
</div>
</div>
<div class="ax-layout">
<!-- LEFT: Groups (read-only picker — CRUD lives on /admin/groups) -->
<div class="ax-card" id="groups-card">
<div class="ax-card-head">
<h3>User groups</h3>
<a class="ax-btn" href="/admin/groups" title="Manage groups">Manage →</a>
</div>
<ul class="group-list" id="group-list"></ul>
<div class="ax-empty" id="group-empty" style="display:none;">
No groups yet.<br>
Create one on <a href="/admin/groups">Groups</a>.
</div>
</div>
<!-- RIGHT: Group detail with tabs -->
<div class="ax-card" id="detail-card">
<div class="ax-card-head">
<div style="display:flex; flex-direction:column; gap:2px; min-width:0; flex:1;">
<h3 id="detail-title" style="display:flex; align-items:center;">Select a group</h3>
<span id="detail-mapped" class="group-name-sub" style="display:none;"></span>
</div>
<span id="detail-sub" style="font-size:11px; color: var(--text-secondary, #6b7280); flex-shrink:0;"></span>
</div>
<!-- Resources panel (no tab strip — this page is grants-only) -->
<section data-pane="resources" style="display:none;">
<div class="ax-hint" id="ax-hint" style="display:none;">
No resources have been registered yet. Add a marketplace on the
<a href="/admin/marketplaces">Marketplaces</a> page and run a sync.
</div>
<div class="ax-filter" id="resources-filter-wrap" style="display:none;">
<input id="resources-filter" type="search" placeholder="Filter by name, marketplace, category…" autocomplete="off">
</div>
<div id="resources-body"></div>
</section>
<div class="ax-empty" id="detail-empty">
Select a group on the left to assign resource grants.
</div>
</div>
</div>
</div>
<div class="toast-stack" id="toast-stack" aria-live="polite"></div>
<script>
const OVERVIEW_API = "/api/admin/access-overview";
const GROUPS_API = "/api/admin/groups";
const GRANTS_API = "/api/admin/grants";
// Server-injected so the sidebar can derive a friendly display name from
// google-sync groups whose `name` is the raw Workspace email — same trick
// /admin/groups uses; keeping the surface identical here.
const GOOGLE_GROUP_PREFIX = {{ config.AGNES_GOOGLE_GROUP_PREFIX | tojson }};
function esc(s) { const d = document.createElement("div"); d.textContent = s == null ? "" : String(s); return d.innerHTML; }
function deriveDisplayName(fullEmail) {
if (!fullEmail) return "";
const local = String(fullEmail).split("@")[0] || String(fullEmail);
const px = (GOOGLE_GROUP_PREFIX || "").toLowerCase();
let s = local;
if (px && s.toLowerCase().startsWith(px)) s = s.slice(px.length);
s = s.replace(/^[_\-\s]+/, "");
if (!s) return local;
return s.charAt(0).toUpperCase() + s.slice(1);
}
function toast(msg, kind = "") {
const el = document.createElement("div");
el.className = "toast " + kind;
el.textContent = msg;
document.getElementById("toast-stack").appendChild(el);
requestAnimationFrame(() => el.classList.add("show"));
setTimeout(() => { el.classList.remove("show"); setTimeout(() => el.remove(), 250); }, 3500);
}
function openModal(id) { document.getElementById(id).classList.add("is-open"); }
function closeModal(id) { document.getElementById(id).classList.remove("is-open"); }
document.querySelectorAll("[data-close-modal]").forEach(el =>
el.addEventListener("click", () => closeModal(el.dataset.closeModal)));
document.querySelectorAll(".modal-backdrop").forEach(el => {
el.addEventListener("click", e => { if (e.target === el) el.classList.remove("is-open"); });
});
document.addEventListener("keydown", e => {
if (e.key === "Escape") document.querySelectorAll(".modal-backdrop.is-open").forEach(m => m.classList.remove("is-open"));
});
// State
let state = {
groups: [], // [{id, name, description, is_system, member_count, grant_count}]
resources: [], // [{type_key, type_display, blocks: [{id, name, items: [{resource_id, name, ...}]}]}]
grants: [], // [{id, group_id, resource_type, resource_id}]
activeGroupId: null,
filter: "",
editingGroupId: null,
};
async function loadOverview() {
try {
const r = await fetch(OVERVIEW_API, { credentials: "include" });
if (!r.ok) throw new Error("HTTP " + r.status);
const data = await r.json();
state.groups = data.groups;
state.resources = data.resources;
state.grants = data.grants;
if (state.activeGroupId && !state.groups.find(g => g.id === state.activeGroupId)) {
state.activeGroupId = null;
}
renderGroups();
renderDetail();
} catch (e) {
toast("Failed to load: " + e.message, "error");
}
}
async function selectGroup(gid) {
state.activeGroupId = gid;
// Update URL so the group selection is shareable / deep-linkable.
if (gid) {
const u = new URL(window.location.href);
u.searchParams.set("group", gid);
history.replaceState(null, "", u.toString());
}
renderGroups();
renderDetail();
}
function renderDetail() {
const title = document.getElementById("detail-title");
const mapped = document.getElementById("detail-mapped");
const sub = document.getElementById("detail-sub");
const empty = document.getElementById("detail-empty");
const resourcesPane = document.querySelector('[data-pane="resources"]');
if (!state.activeGroupId) {
title.textContent = "Select a group";
mapped.style.display = "none";
mapped.textContent = "";
sub.textContent = "";
resourcesPane.style.display = "none";
empty.style.display = "block";
return;
}
empty.style.display = "none";
resourcesPane.style.display = "block";
const group = state.groups.find(g => g.id === state.activeGroupId);
if (group) {
// Mirror the sidebar's title rules: mapped_email present → big name
// stays canonical, email goes to the subtitle line. Plain google-sync
// group → derive a friendly name and put the raw email below.
let bigName = group.name;
let subtitleText = "";
if (group.mapped_email) {
subtitleText = group.mapped_email;
} else if (group.is_google_managed) {
bigName = deriveDisplayName(group.name);
subtitleText = group.name;
}
const origin = group.origin || (group.is_system ? "system" : "custom");
title.innerHTML = `<span>${esc(bigName)}</span><span class="origin-chip origin-${esc(origin)}">${esc(origin.replace("_"," "))}</span>`;
if (subtitleText) {
mapped.textContent = subtitleText;
mapped.style.display = "block";
} else {
mapped.style.display = "none";
mapped.textContent = "";
}
} else {
title.textContent = "Group";
mapped.style.display = "none";
mapped.textContent = "";
}
const grantedCount = state.grants.filter(g => g.group_id === state.activeGroupId).length;
sub.textContent = `${grantedCount} resource${grantedCount === 1 ? "" : "s"} granted`;
renderResources();
}
function renderGroups() {
const list = document.getElementById("group-list");
const empty = document.getElementById("group-empty");
if (state.groups.length === 0) {
list.innerHTML = "";
empty.style.display = "block";
return;
}
empty.style.display = "none";
list.innerHTML = "";
for (const g of state.groups) {
const li = document.createElement("li");
li.className = "group-item"
+ (state.activeGroupId === g.id ? " is-active" : "");
li.dataset.id = g.id;
// Origin pill — single chip mirroring /admin/groups treatment. Mapped
// Admin/Everyone report origin='google_sync' so the chip color matches
// their actual source of truth (Workspace), not the seed mechanism.
const origin = g.origin || (g.is_system ? "system" : "custom");
const originPill = `<span class="origin-chip origin-${esc(origin)}">${esc(origin.replace("_"," "))}</span>`;
// Big-title / subtitle rules — same logic as the /admin/groups list:
// - mapped_email present → big = canonical name, subtitle = mapped_email
// - google_managed user-created group → big = derived friendly name,
// subtitle = full Workspace email stored as `name`
// - everything else → big = name, subtitle = description (or none)
let bigName, subtitle;
if (g.mapped_email) {
bigName = esc(g.name);
subtitle = `<span class="group-name-sub">${esc(g.mapped_email)}</span>`;
} else if (g.is_google_managed) {
bigName = esc(deriveDisplayName(g.name));
subtitle = `<span class="group-name-sub">${esc(g.name)}</span>`;
} else {
bigName = esc(g.name);
subtitle = g.description ? `<span class="group-desc">${esc(g.description)}</span>` : "";
}
// Compute live from state.grants — g.grant_count is a server-side
// snapshot from /access-overview that goes stale as soon as the user
// toggles a checkbox; reading it here would clobber refreshCounts()
// updates whenever the sidebar re-renders (e.g. on selectGroup).
const liveCount = state.grants.filter(gr => gr.group_id === g.id).length;
li.innerHTML = `
<span class="group-dot"></span>
<div class="group-meta">
<span class="group-name">${bigName}${originPill}</span>
${subtitle}
</div>
<span class="group-count" title="Resources granted to this group">${liveCount}</span>
`;
li.addEventListener("click", () => selectGroup(g.id));
list.appendChild(li);
}
}
function isGranted(group_id, resource_type, resource_id) {
return state.grants.some(g =>
g.group_id === group_id &&
g.resource_type === resource_type &&
g.resource_id === resource_id
);
}
function findGrant(group_id, resource_type, resource_id) {
return state.grants.find(g =>
g.group_id === group_id &&
g.resource_type === resource_type &&
g.resource_id === resource_id
);
}
function renderResources() {
const body = document.getElementById("resources-body");
const hint = document.getElementById("ax-hint");
const filterWrap = document.getElementById("resources-filter-wrap");
if (!state.activeGroupId) {
body.innerHTML = "";
hint.style.display = "none";
filterWrap.style.display = "none";
return;
}
const totalItems = state.resources.reduce(
(acc, rt) => acc + rt.blocks.reduce((a, b) => a + b.items.length, 0), 0,
);
if (totalItems === 0) {
hint.style.display = "block";
filterWrap.style.display = "none";
body.innerHTML = "";
return;
}
hint.style.display = "none";
filterWrap.style.display = "block";
const ft = state.filter.trim().toLowerCase();
body.innerHTML = "";
for (const rt of state.resources) {
const section = document.createElement("div");
section.className = "rt-section";
section.innerHTML = `<div class="rt-section-head">${esc(rt.type_display)}</div>`;
let sectionItemCount = 0;
for (const block of rt.blocks) {
const items = block.items.filter(it => {
if (!ft) return true;
return (it.name || "").toLowerCase().includes(ft)
|| (block.name || "").toLowerCase().includes(ft)
|| (it.category || "").toLowerCase().includes(ft)
|| (it.description || "").toLowerCase().includes(ft);
});
if (ft && items.length === 0) continue;
sectionItemCount += items.length;
const grantedHere = items.filter(it =>
isGranted(state.activeGroupId, rt.type_key, it.resource_id)).length;
const blockEl = document.createElement("div");
blockEl.className = "mp-block";
blockEl.innerHTML = `
<div class="mp-block-head" data-toggle="collapse">
<svg class="chev" width="12" height="12" viewBox="0 0 12 12" aria-hidden="true">
<path d="M3 4.5l3 3 3-3" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
<h4>${esc(block.name)}</h4>
<span class="count">${grantedHere}/${items.length}</span>
<span class="spacer"></span>
<button class="bulk-btn" data-bulk="all">Grant all</button>
<button class="bulk-btn" data-bulk="none">Revoke all</button>
</div>
<div class="item-grid"></div>
`;
const grid = blockEl.querySelector(".item-grid");
if (items.length === 0) {
grid.innerHTML = `<div class="ax-empty" style="grid-column: 1/-1;">No items.</div>`;
} else {
for (const it of items) {
const granted = isGranted(state.activeGroupId, rt.type_key, it.resource_id);
// v39: system plugins are pre-granted to every group by mark_system
// and the checkbox is locked here so admins can't revoke it via
// the UI. Backend (DELETE /api/admin/grants) also refuses, but the
// visual lock prevents the round-trip.
const isSystem = !!it.is_system;
const cellClasses = "item-cell"
+ (granted ? " is-granted" : "")
+ (isSystem ? " is-system" : "");
const sysPill = isSystem
? `<span class="ic-system-pill" title="Mandatory plugin — managed via /admin/marketplaces">SYSTEM</span>`
: "";
const cell = document.createElement("label");
cell.className = cellClasses;
cell.innerHTML = `
<input type="checkbox" ${granted || isSystem ? "checked" : ""} ${isSystem ? "disabled" : ""}
${isSystem ? `title="System plugin — managed via /admin/marketplaces"` : ""}>
<div class="ic-text">
<div>
<span class="ic-name">${esc(it.name)}</span>
${it.source_type ? `<span class="ic-src">${esc(it.source_type)}</span>` : ""}
${sysPill}
</div>
${(it.version || it.category) ? `<div class="ic-meta">
${it.version ? `v${esc(it.version)}` : ""}${it.version && it.category ? " · " : ""}${it.category ? esc(it.category) : ""}
</div>` : ""}
${it.description ? `<div class="ic-desc">${esc(it.description)}</div>` : ""}
</div>
`;
const cb = cell.querySelector("input");
if (!isSystem) {
cb.addEventListener("change", () => toggleGrant(cb, cell, rt.type_key, it.resource_id));
}
grid.appendChild(cell);
}
}
blockEl.querySelector('[data-toggle="collapse"]').addEventListener("click", e => {
if (e.target.closest("[data-bulk]")) return;
blockEl.classList.toggle("is-collapsed");
});
blockEl.querySelector('[data-bulk="all"]').addEventListener("click", () =>
bulkSet(rt.type_key, items, true));
blockEl.querySelector('[data-bulk="none"]').addEventListener("click", () =>
bulkSet(rt.type_key, items, false));
section.appendChild(blockEl);
}
if (sectionItemCount > 0 || !ft) {
body.appendChild(section);
}
}
}
async function toggleGrant(checkbox, cell, resource_type, resource_id) {
const grant = checkbox.checked;
checkbox.disabled = true;
try {
if (grant) {
const r = await fetch(GRANTS_API, {
method: "POST", credentials: "include",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
group_id: state.activeGroupId,
resource_type, resource_id,
}),
});
if (!r.ok) {
const err = await r.json().catch(() => ({}));
toast("Grant failed: " + (err.detail || r.status), "error");
checkbox.checked = false;
return;
}
const created = await r.json();
state.grants.push({
id: created.id, group_id: state.activeGroupId,
resource_type, resource_id,
});
cell.classList.add("is-granted");
} else {
const existing = findGrant(state.activeGroupId, resource_type, resource_id);
if (!existing) { return; }
const r = await fetch(`${GRANTS_API}/${encodeURIComponent(existing.id)}`, {
method: "DELETE", credentials: "include",
});
if (!r.ok) {
toast("Revoke failed: " + r.status, "error");
checkbox.checked = true;
return;
}
state.grants = state.grants.filter(g => g.id !== existing.id);
cell.classList.remove("is-granted");
}
refreshCounts();
} catch (e) {
toast("Network error: " + e.message, "error");
checkbox.checked = !grant;
} finally {
checkbox.disabled = false;
}
}
async function bulkSet(resource_type, items, grant) {
if (!state.activeGroupId) return;
for (const it of items) {
// v39: skip system plugins — the API refuses to revoke them and a
// bulk grant on a checkbox that was already auto-granted by
// mark_system is a noop. Lets "Grant all" / "Revoke all" finish
// cleanly without 409s littering the toast log.
if (it.is_system) continue;
const has = isGranted(state.activeGroupId, resource_type, it.resource_id);
if (grant === has) continue;
try {
if (grant) {
const r = await fetch(GRANTS_API, {
method: "POST", credentials: "include",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
group_id: state.activeGroupId,
resource_type, resource_id: it.resource_id,
}),
});
if (!r.ok) continue;
const created = await r.json();
state.grants.push({
id: created.id, group_id: state.activeGroupId,
resource_type, resource_id: it.resource_id,
});
} else {
const existing = findGrant(state.activeGroupId, resource_type, it.resource_id);
if (!existing) continue;
const r = await fetch(`${GRANTS_API}/${encodeURIComponent(existing.id)}`, {
method: "DELETE", credentials: "include",
});
if (!r.ok) continue;
state.grants = state.grants.filter(g => g.id !== existing.id);
}
} catch (_e) { /* ignore */ }
}
toast(`${grant ? "Grant" : "Revoke"} all applied`, "success");
renderDetail();
refreshCounts();
}
function refreshCounts() {
// Group list badges + detail sub-header.
const grantedCount = state.grants.filter(g => g.group_id === state.activeGroupId).length;
document.getElementById("detail-sub").textContent =
`${grantedCount} resource${grantedCount === 1 ? "" : "s"} granted`;
document.querySelectorAll(".group-item").forEach(li => {
const gid = li.dataset.id;
const badge = li.querySelector(".group-count");
if (badge) badge.textContent = state.grants.filter(g => g.group_id === gid).length;
});
// Per-block counts inside the rendered tree
document.querySelectorAll(".rt-section").forEach(section => {
const typeDisplay = section.querySelector(".rt-section-head").textContent;
const rt = state.resources.find(r => r.type_display === typeDisplay);
if (!rt) return;
section.querySelectorAll(".mp-block").forEach(blockEl => {
const blockName = blockEl.querySelector(".mp-block-head h4").textContent;
const block = rt.blocks.find(b => b.name === blockName);
if (!block) return;
const visibleItems = Array.from(blockEl.querySelectorAll(".item-cell"));
const grantedHere = visibleItems.filter(c => c.classList.contains("is-granted")).length;
blockEl.querySelector(".mp-block-head .count").textContent =
`${grantedHere}/${visibleItems.length}`;
});
});
}
// Filter (resources tab)
document.getElementById("resources-filter").addEventListener("input", e => {
state.filter = e.target.value;
renderResources();
});
// Pre-select a group via ?group=<id> deep-link from /admin/groups/{id}.
// Pre-filter to a table via #table:<id> deep-link from /admin/tables's
// per-row Manage access button — drops the table_id into the resource
// filter so the operator sees just that row once they pick a group.
async function bootstrap() {
await loadOverview();
const params = new URLSearchParams(window.location.search);
const target = params.get("group");
if (target && state.groups.some(g => g.id === target)) {
selectGroup(target);
}
// Hash-based deep link, e.g. #table:in.c-sales.orders → pre-fill the
// resource filter with the table_id. The filter is name-substring based
// and tables come through with the table_id as their `name`, so this
// narrows the visible items to just the clicked row across all groups.
const hash = window.location.hash || "";
if (hash.startsWith("#table:")) {
const tableId = decodeURIComponent(hash.slice("#table:".length));
if (tableId) {
const filterEl = document.getElementById("resources-filter");
if (filterEl) {
filterEl.value = tableId;
state.filter = tableId;
renderResources();
}
}
}
}
bootstrap();
</script>
{% endblock %}
Reference in a new issue View git blame Copy permalink