stack/docs/TASKS.md

Tasks — MS21 Multi-Tenant RBAC Data Migration

Single-writer: orchestrator (Jarvis/OpenClaw) only. Workers read but never modify.

id	status	milestone	description	pr	agent	notes
MS21-PLAN-001	done	phase-1	Write PRD, init mission, populate TASKS.md	—	orchestrator	PRD at docs/PRD-MS21.md
MS21-DB-001	not-started	phase-1	Prisma migration: add deactivatedAt, isLocalAuth, passwordHash, invitedBy, invitationToken, invitedAt to User model	—	—	Schema changes for auth + admin
MS21-API-001	not-started	phase-1	AdminModule: admin.module.ts, admin.service.ts, admin.controller.ts with AdminGuard	—	—	Full CRUD for user management
MS21-API-002	not-started	phase-1	Admin user endpoints: GET /admin/users, POST /admin/users/invite, PATCH /admin/users/:id, DELETE /admin/users/:id	—	—	Requires MS21-DB-001
MS21-API-003	not-started	phase-1	Workspace member management: POST/PATCH/DELETE /workspaces/:id/members endpoints	—	—	Role hierarchy enforcement
MS21-API-004	not-started	phase-1	Team management: POST /workspaces/:id/teams, team member CRUD	—	—	Extends existing Team model
MS21-API-005	not-started	phase-1	Admin workspace endpoints: POST/PATCH /admin/workspaces with owner assignment	—	—
MS21-TEST-001	not-started	phase-1	Unit tests for AdminService and AdminController (spec files)	—	—	Minimum coverage: 85%
MS21-AUTH-001	not-started	phase-2	LocalAuthModule: local-auth.controller.ts, local-auth.service.ts	—	—	bcrypt password hashing
MS21-AUTH-002	not-started	phase-2	Break-glass setup endpoint: /api/auth/local/setup with BREAKGLASS_SETUP_TOKEN validation	—	—	First-time admin creation
MS21-AUTH-003	not-started	phase-2	Break-glass login endpoint: /api/auth/local/login with session creation	—	—	BetterAuth session compat
MS21-AUTH-004	not-started	phase-2	Deactivation session invalidation: deactivating user kills all active sessions	—	—	Security requirement
MS21-TEST-002	not-started	phase-2	Unit tests for LocalAuthService and LocalAuthController	—	—
MS21-MIG-001	not-started	phase-3	Migration script: scripts/migrate-brain.ts — read jarvis-brain data files	—	—	v2.0 format parsing
MS21-MIG-002	not-started	phase-3	Migration mapping: status/priority/domain mapping + metadata preservation	—	—	See PRD field mapping
MS21-MIG-003	not-started	phase-3	Migration execution: dry-run + apply modes, idempotent, activity logging	—	—
MS21-MIG-004	not-started	phase-3	Import API endpoints: POST /api/import/tasks, POST /api/import/projects	—	—	For future bulk imports
MS21-TEST-003	not-started	phase-3	Migration script tests: validate dry-run output, mapping accuracy	—	—
MS21-UI-001	not-started	phase-4	Settings/users page: user management table with search, sort, filter	—	—
MS21-UI-002	not-started	phase-4	User detail/edit dialog and invite user dialog	—	—
MS21-UI-003	not-started	phase-4	Settings/workspaces page: workspace list, member counts, detail view	—	—
MS21-UI-004	not-started	phase-4	Workspace member management: add/remove dialog with role picker	—	—
MS21-UI-005	not-started	phase-4	Settings/teams page: team list, create dialog, member management	—	—
MS21-TEST-004	not-started	phase-4	Frontend component tests for admin pages	—	—
MS21-RBAC-001	not-started	phase-5	Sidebar navigation: show/hide admin items based on user role	—	—
MS21-RBAC-002	not-started	phase-5	Settings pages: restrict access to admin-only routes	—	—
MS21-RBAC-003	not-started	phase-5	Action buttons: disable/hide based on permission level	—	—
MS21-RBAC-004	not-started	phase-5	User profile: show current role and workspace memberships	—	—
MS21-VER-001	not-started	phase-6	Full quality gate pass: pnpm lint && pnpm build && pnpm test	—	—	All 4772+ tests + new
MS21-VER-002	not-started	phase-6	Deploy to mosaic.woltje.com, smoke test all pages	—	—
MS21-VER-003	not-started	phase-6	Tag v0.0.21, update PRD status to complete	—	—