{
  "id": "workspace-permissions",
  "name": "Workspace & Permissions",
  "status": "done",
  "createdAt": "2026-03-25",
  "completedAt": "2026-03-25",
  "description": "Complete workspace management with proper permission enforcement, member invitation flow, and consistent settings UI using shadcn components.",
  "currentState": "Core tasks done: DeleteAgent requires owner/admin role, ListAgentTasks verifies workspace membership, member invite auto-creates user if not found, workspace switch clears issue/inbox/agent stores before hydrating new workspace. Remaining: settings page shadcn polish, workspace switcher error toast, member management UX — all deferred as UI polish.",
  "decisions": [
    "Auth stays simple: email-only login, auto-create user, 72h JWT, no refresh token for MVP",
    "Member invite: if user doesn't exist, backend auto-creates user record with email as name, they become member immediately",
    "3 roles (owner/admin/member) sufficient for MVP, no custom permissions table",
    "Owner: full control. Admin: manage members + agents + settings. Member: CRUD issues + comments.",
    "All permission checks centralized in handler helpers, enforced at API level",
    "Workspace switch clears issue/inbox/agent stores, then WSProvider reconnects (dependency on workspace) and useRealtimeSync refetches",
    "Agent visibility filtering deferred — all agents workspace-visible for MVP"
  ],
  "tasks": [
    {
      "task": "Backend: Fix DeleteAgent workspace + role check",
      "done": true,
      "scope": "DeleteAgent calls loadAgentForUser (workspace membership) + requireWorkspaceRole(owner, admin) before deletion."
    },
    {
      "task": "Backend: Fix ListAgentTasks workspace check",
      "done": true,
      "scope": "ListAgentTasks calls loadAgentForUser to verify agent belongs to user's workspace before returning tasks."
    },
    {
      "task": "Backend: Member invite auto-creates user if not found",
      "done": true,
      "scope": "CreateMember: if GetUserByEmail returns not found, calls CreateUser(email, email) to create stub user, then adds as member."
    },
    {
      "task": "Backend: Agent visibility filtering",
      "done": false,
      "scope": "Deferred: all agents are workspace-visible for MVP. Private agent filtering not needed yet."
    },
    {
      "task": "Frontend: Settings page use shadcn components consistently",
      "done": false,
      "scope": "Deferred: UI polish."
    },
    {
      "task": "Frontend: Workspace switcher error handling and feedback",
      "done": false,
      "scope": "Deferred: UI polish."
    },
    {
      "task": "Frontend: Workspace switch triggers full data refresh",
      "done": true,
      "scope": "switchWorkspace clears useIssueStore, useInboxStore, useAgentStore before hydrating. WSProvider reconnects automatically (depends on workspace). useRealtimeSync refetches on reconnect."
    },
    {
      "task": "Frontend: Member management UX improvements",
      "done": false,
      "scope": "Deferred: UI polish."
    }
  ]
}