- Migration 011: 4 new tables (user_referral_codes, user_referral_relationships,
user_point_transactions, user_point_balances)
- Referral service: user-level repositories, use cases, and controller endpoints
(GET /me/user, /me/circle, /me/points; POST /internal/user-register)
- Admin endpoints: user-circles, user-points, user-balances listing
- Auth service: fire-and-forget user referral registration on signup
- Flutter: 2-tab UI (企业推荐 / 我的圈子) with personal code card,
points balance, circle member list, and points history
- Web admin: 2 new tabs (用户圈子 / 用户积分) with transaction ledger and balance leaderboard
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
TypeScript strict check rejects NotificationItem|{} union as
Partial<CreateNotificationPayload>&{id?}. Add explicit cast to satisfy
the type checker without changing runtime behavior.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Backend: GET /api/v1/auth/my-org returns tenant info + member list
- Backend: GET /api/v1/auth/my-org/invites lists pending invites
- Backend: POST /api/v1/auth/my-org/invite creates invite link
- Frontend: /my-org page with member list and invite creation
- Frontend: add '用户管理' to tenant sidebar
- Frontend: add '套餐' (plans) to tenant billing section
- Frontend: admin layout initializes tenant store (fixes '租户:未选择')
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- auth-service: add SmsService (Aliyun SMS) + RedisProvider for OTP storage
- POST /api/v1/auth/sms/send — send OTP (rate limited 1/min per phone)
- POST /api/v1/auth/sms/verify — verify OTP only
- POST /api/v1/auth/login/otp — passwordless login with phone + OTP
- register endpoint now requires smsCode when registering with phone
- Web Admin register page: add OTP input + 60s countdown button for phone mode
- Flutter login page: add 验证码登录 tab with phone + OTP flow
- SMS enabled via ALIYUN_ACCESS_KEY_ID/SECRET + SMS_ENABLED=true env vars
- Falls back to mock mode (logs code) when env vars not set
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
After a platform admin sends an invite, the generated invite URL is
displayed inline with a one-click copy button so it can be shared via
any channel (email, WeChat, etc.). Link auto-dismisses when the invite
form is reopened.
Also adds i18n keys for invite link UI in en/zh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Each tenant row now has a Delete button with confirmation dialog.
Previously delete was only accessible from the detail page which
had no navigation link from the list.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The backend returns { data: User[], total: number } but the frontend
was treating usersData directly as User[], causing filteredUsers.map
to throw 'not a function' when the page loaded.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
billing/page.tsx, billing/plans/page.tsx, billing/invoices/page.tsx
were hardcoded in English. Added zh/billing.json and en/billing.json
covering overview, plans, and invoices sections. Registered billing
namespace in i18n config.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Platform admins operate across all tenants and don't belong to any
specific tenant — showing 'Tenant: Not selected' was misleading.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Ports the APK/IPA upgrade management UI from rwadurian/mobile-upgrade
into it0-web-admin, adapted exclusively for IT0 App's version-service.
New files:
- src/domain/entities/app-version.ts
Domain entity matching version-service response schema:
platform returned as ANDROID/IOS (normalized to lowercase),
fileSize as number (bigint), no versionCode/fileSha256 fields.
- src/infrastructure/repositories/api-app-version.repository.ts
CRUD via existing apiClient (→ /api/proxy/api/v1/versions).
Upload/parse use dedicated Next.js routes (/api/app-versions/*)
because the existing proxy uses request.text() which corrupts binary.
- src/app/api/app-versions/upload/route.ts
Multipart FormData upload proxy → API_BASE_URL/api/v1/versions/upload
maxDuration=300s for large APK files (up to 500 MB).
- src/app/api/app-versions/parse/route.ts
Multipart proxy → API_BASE_URL/api/v1/versions/parse
Forwards APK/IPA file to version-service for auto-parsing.
- src/app/(admin)/app-versions/page.tsx
Admin page: react-query list, platform filter (all/android/ios),
upload button, loading skeleton, delete/toggle with confirm.
Single-app (IT0 only) — no multi-app switcher from mobile-upgrade.
- src/presentation/components/app-versions/version-card.tsx
Version card with enable/disable/edit/delete/download actions.
Uses dark-theme CSS variables (bg-card, text-muted-foreground, etc.)
- src/presentation/components/app-versions/upload-modal.tsx
Upload modal: auto-detects platform from .apk/.ipa extension,
auto-parses version info via /parse endpoint, sonner toasts.
- src/presentation/components/app-versions/edit-modal.tsx
Edit modal: update changelog, force-update flag, enabled state,
min OS version. Loads version data on open via getVersionById.
Modified:
- sidebar.tsx: added Smartphone icon + appVersions nav item → /app-versions
- locales/zh/sidebar.json: "appVersions": "App 版本管理"
- locales/en/sidebar.json: "appVersions": "App Versions"
Backend: IT0 version-service at /api/v1/versions (no auth guard required)
Flutter: it0_app/lib/core/updater/version_checker.dart calls
GET /api/app/version/check (public) for client-side update check.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Backend APIs return arrays directly, not { data, total } wrappers.
Changed 21 interface declarations to type aliases matching actual
API response format.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All pages expected API responses in { data: [], total } format but
backend APIs return plain arrays. Changed data?.data ?? [] to data ?? []
across 22 page components.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When API returns 401, clear stored tokens and redirect to /login
instead of showing an error message.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The web-admin frontend was calling incorrect API paths that didn't match
the actual backend service routes through Kong gateway, causing all
requests to fail with 404 or route-mismatch errors.
URL corrections:
- servers: /api/v1/servers → /api/v1/inventory/servers
- runbooks: /api/v1/runbooks → /api/v1/ops/runbooks
- risk-rules: /api/v1/security/risk-rules → /api/v1/agent/risk-rules
- credentials: /api/v1/security/credentials → /api/v1/inventory/credentials
- roles: /api/v1/security/roles → /api/v1/auth/roles
- permissions: /api/v1/security/permissions → /api/v1/auth/permissions
- tenants: /api/v1/tenants → /api/v1/admin/tenants
- communication: /api/v1/communication → /api/v1/comm
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Web Admin:
- Update browser title to "iAgent Admin Console"
- Translation: en appTitle "iAgent", zh appTitle "我智能体"
- Sidebar: en "iAgent Admin", zh "我智能体"
- Settings placeholder: "iAgent Platform" / "我智能体平台"
- Update alt tags on logo images
Flutter:
- MaterialApp title: "iAgent"
- Chat: "Ask iAgent..." / "Start a conversation with iAgent"
- Terminal: "iAgent Remote Terminal"
- Agent call: "iAgent Calling" / "iAgent"
Logo SVG: text changed from "AI AGENT" to "iAgent"
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Next.js standalone mode does not include the public/ directory automatically.
The favicon and logo SVGs were returning 404 because they were not copied
to the production image.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add logo.svg (green robot character) to project root
- Web admin: replace text "IT" badge with SVG logo in sidebar
- Web admin: add logo image to login, register, invite pages
- Web admin: add SVG favicon and apple-touch-icon metadata
- Flutter: add flutter_svg dependency, replace text "IT0" with logo on login page
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add react-i18next with browser language auto-detection and localStorage persistence
- Create Zustand locale store with UI language selector in Settings > General
- Add 17 translation namespace files for both English and Chinese (34 JSON files)
- Convert all 37 pages (auth, admin, settings) to use useTranslation hooks
- Convert sidebar and topbar layout components to i18n
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Backend:
- Enhanced register endpoint to accept companyName for self-service
tenant creation with schema provisioning and admin user setup
- Added TenantInvite entity with token-based invitation system
- Added invite CRUD endpoints to TenantController (create/list/revoke)
- Added public endpoints for invite validation and acceptance
Frontend:
- Created registration page with optional organization name field
- Created invitation acceptance page at /invite/[token]
- Added invite management UI to tenant detail page
- Updated login page with link to registration
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add lucide icons to all navigation items
- Collapsible sidebar with icon-only mode and tooltips
- Narrower sidebar (w-60 vs w-64), compact top bar (h-12 vs h-14)
- Better search bar UX in top bar with keyboard shortcut hint
- Refined dark theme with better contrast and separation
- Custom thin scrollbar styling
- Backdrop blur for sidebar and top bar
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add UsersController to auth-service for user CRUD (GET/POST/PUT/DELETE /api/v1/auth/users)
- Add Kong route /api/v1/admin -> auth-service for tenant management
- Remove AuthGuard from TenantController (Kong handles JWT)
- Fix frontend agent-config API paths from /api/v1/agent/config to /api/v1/agent-config
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Frontend alert-rules paths changed from /monitoring/alert-rules to
/monitor/alerts/rules to match backend routes
- Removed Kong ACL plugin on audit-routes (JWT auth is sufficient)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add kid claim to auth-service JWT for Kong validation
- Add Kong consumer with JWT credential (shared secret via env)
- Add agent-config route to Kong for /api/v1/agent-config
- Kong Dockerfile uses entrypoint script to inject JWT_SECRET at runtime
- Fix frontend login path (/auth/login → /api/v1/auth/login)
- Extract tenantId from JWT on login and store as current_tenant
- Add auth guard in admin layout (redirect to /login if no token)
- Pass JWT_SECRET env var to Kong container in docker-compose
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
hailin