alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 15 Packages Projects Releases Wiki Activity
PSA/ee/docs/plans/2026-01-04-tenant-owned-google-oauth/features.json
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

55 lines
7.1 KiB
JSON
Raw Blame History

[
{ "id": "F001", "description": "Add a new Settings → Integrations → Providers → Google settings panel entry.", "implemented": false },
{ "id": "F002", "description": "Design Google settings panel UX with inline, step-by-step Google Cloud setup guidance (same flow/config for CE and EE).", "implemented": false },
{ "id": "F003", "description": "Show required redirect URIs for Gmail and Calendar callbacks with copy-to-clipboard actions.", "implemented": false },
{ "id": "F004", "description": "Show required OAuth scopes for Gmail and Calendar with copy-to-clipboard actions.", "implemented": false },
{ "id": "F005", "description": "Add a server action to fetch Google integration configuration status for the current tenant (masked/boolean only).", "implemented": false },
{ "id": "F006", "description": "Add a server action to save/update tenant Google OAuth credentials via Secrets Provider (tenant secrets).", "implemented": false },
{ "id": "F007", "description": "Add a server action to save/update tenant Google Pub/Sub service account JSON via Secrets Provider (tenant secret).", "implemented": false },
{ "id": "F008", "description": "Validate client ID format and require client secret non-empty before saving.", "implemented": false },
{ "id": "F009", "description": "Validate Google Cloud project ID is present before saving Gmail/PubSub-dependent settings.", "implemented": false },
{ "id": "F010", "description": "Validate uploaded service account key JSON is valid JSON and contains required fields (client_email, private_key).", "implemented": false },
{ "id": "F011", "description": "Support a toggle to reuse the same OAuth app credentials for Gmail and Calendar (write both secret key sets when enabled).", "implemented": false },
{ "id": "F012", "description": "Persist Google OAuth credentials exclusively in tenant secrets (no app-secret fallback for Google).", "implemented": false },
{ "id": "F013", "description": "Ensure secret read APIs never return raw secrets to the browser (mask or boolean only).", "implemented": false },
{ "id": "F014", "description": "Update Gmail OAuth initiation (`server/src/lib/actions/email-actions/oauthActions.ts`) to always use tenant secrets for Google.", "implemented": false },
{ "id": "F015", "description": "Update Gmail OAuth callback (`server/src/app/api/auth/google/callback/route.ts`) to always use tenant secrets for Google.", "implemented": false },
{ "id": "F016", "description": "Update calendar OAuth initiation (`server/src/lib/actions/calendarActions.ts`) to always use tenant secrets for Google.", "implemented": false },
{ "id": "F017", "description": "Update calendar OAuth callback (`server/src/app/api/auth/google/calendar/callback/route.ts`) to always use tenant secrets for Google.", "implemented": false },
{ "id": "F018", "description": "Update Gmail provider persistence to stop overriding with hosted Gmail config (`getHostedGmailConfig`) for Google.", "implemented": false },
{ "id": "F019", "description": "Update Gmail provider persistence to stop storing client secret in `google_email_provider_config` (prefer tenant secrets).", "implemented": false },
{ "id": "F020", "description": "Update GmailProviderForm UI to remove per-provider Client ID/Secret inputs and rely on tenant Google setup.", "implemented": false },
{ "id": "F021", "description": "Update GmailProviderForm UI to show a blocking 'Google not configured' state with link to Google settings panel when missing required secrets.", "implemented": false },
{ "id": "F022", "description": "Update GmailProviderForm flow to still complete OAuth and Pub/Sub setup using tenant configuration.", "implemented": false },
{ "id": "F023", "description": "Update GoogleCalendarProviderForm UI to show which tenant Google configuration it uses and missing-config CTA when needed.", "implemented": false },
{ "id": "F024", "description": "Update calendar provider persistence to avoid storing client secrets in provider config where possible (prefer tenant secrets).", "implemented": false },
{ "id": "F025", "description": "Update Pub/Sub provisioning (`server/src/lib/actions/email-actions/setupPubSub.ts`) to read `google_service_account_key` from tenant secrets, not app secrets.", "implemented": false },
{ "id": "F026", "description": "Update any other Google Pub/Sub flows that read app secrets to prefer tenant secrets.", "implemented": false },
{ "id": "F027", "description": "Add UI status indicators in Google settings panel (configured, partially configured, missing).", "implemented": false },
{ "id": "F028", "description": "Add an in-UI 'Test configuration' action that verifies required secrets exist and that displayed redirect URIs use the current deployment base URL.", "implemented": false },
{ "id": "F029", "description": "Update Settings navigation so the Provider → Google panel is discoverable from Gmail/Calendar screens (deep link).", "implemented": false },
{ "id": "F030", "description": "Add a deprecation notice for legacy Alga-owned Google app flows (fresh cutover messaging).", "implemented": false },
{ "id": "F031", "description": "Update docs: Gmail provider setup guide to reference new Google settings panel and tenant secrets.", "implemented": false },
{ "id": "F032", "description": "Update docs: Calendar sync operations runbook to reference new Google settings panel.", "implemented": false },
{ "id": "F033", "description": "Add logging (server-side) for which credential source is used (tenant secrets only) without leaking sensitive values.", "implemented": false },
{ "id": "F034", "description": "Add feature-flag or configuration guard so Google integrations fail fast with a clear error when tenant secrets are missing.", "implemented": false },
{ "id": "F035", "description": "Ensure RBAC enforcement: only system settings admins can modify Google tenant secrets.", "implemented": false },
{ "id": "F036", "description": "Ensure tenant isolation: saving and reading Google secrets always scopes to the current tenant.", "implemented": false },
{ "id": "F037", "description": "Implement Google Calendar notification provisioning so Alga receives callbacks for calendar updates (Pub/Sub push or native Calendar channels, whichever is feasible).", "implemented": false },
{ "id": "F038", "description": "Implement calendar notification verification/repair job so Google Calendar callbacks remain healthy over time (wired through the job runner abstraction: PG Boss in CE, Temporal in EE).", "implemented": false },
{ "id": "F039", "description": "Implement Gmail watch renewal maintenance job to refresh watch subscriptions before expiration (wired through the job runner abstraction: PG Boss in CE, Temporal in EE).", "implemented": false },
{ "id": "F040", "description": "Implement Google token preflight refresh maintenance job (email + calendar) to refresh near-expiry tokens and surface invalid refresh tokens as provider errors.", "implemented": false },
{ "id": "F041", "description": "Add an admin action to reset existing Google providers to an initial/disconnected state (clear tokens, mark status disconnected) to support fresh cutover.", "implemented": false }
]
Reference in New Issue View Git Blame Copy Permalink