- Refactored POST /auth/login to issue a 15-minute Access Token and a 30-day Refresh Token.
- Added POST /auth/refresh endpoint to automatically issue new Access Tokens and extend the Refresh Token's lifespan by 30 days upon use (Sliding Expiration).
- Built an HTTP interceptor wrapper (apiFetch) in dataService.ts that automatically catches 401 Unauthorized errors, calls the refresh endpoint, updates localStorage, and silently retries the original request without logging the user out.
- Updated Dashboard origin chart to strictly reflect only configured origins, grouping unmapped data into an 'Outros' category.
- Added GET /api/integration/funnels and GET /api/integration/origins endpoints to allow external AIs to dynamically map stages and lead sources.
- Fixed database initialization where default origins were seeded without color_classes.
- Added a visual color picker to the Origens admin page to allow users to assign colors to origin tags.
- Updated Dashboard Pie Chart to read the color classes correctly and display them.
- Dropped simple origins table in favor of origin_groups and origin_items to match the Funnels architecture.
- Added origin_group_id to teams table to assign specific origins to specific teams.
- Updated /admin/origins page to support creating origin groups, adding origin items to them, and assigning teams to groups.
- Updated Dashboard and UserDetail pages to dynamically load the exact origin items belonging to the active team/user.
- Removed all hardcoded MOCK_ATTENDANCES, USERS, and TENANTS generators from constants.ts since the system is now production-ready.
- Renamed 'summary' to 'title' in the database and across all frontend components for clarity.
- Added 'full_summary' to the attendances schema to explicitly store the large, detailed AI analysis texts from n8n.
- Updated the 'Resumo da Interação' UI to render the 'full_summary' without adding any artificial filler text.
- Localized all dates and times across the dashboard to Brazilian formatting (pt-BR).
- Added api_keys table to database schema.
- Added API Key authentication middleware to express router.
- Created GET /api/integration/users endpoint for n8n to map agents.
- Created POST /api/integration/attendances endpoint to accept webhooks from n8n.
- Added UI in UserProfile (for Admins/Owners) to generate, view, and revoke API keys.
- Fixed audio playback by downloading a valid mp3 file and importing it directly via Vite.
- Fixed the route collision where DELETE /notifications/clear-all was being captured by /notifications/:id.
- The notification badge now automatically clears (optimistic UI update) when the tray is opened.
- The backend no longer throws a 500 error when querying users during impersonation handoffs.
- Fixed audio playback by rendering a hidden audio tag to comply with browser policies.
- Renamed DELETE /notifications to /notifications/clear-all to prevent route conflicts.
- Notifications badge now clears automatically when the tray is opened.
- Translated notification types to Portuguese (SUCESSO, AVISO, ERRO, INFO).
- Implemented team deletion functionality for Admins.
- Updated DB schema to support multiple funnels (funnels table) and their stages (funnel_stages table).
- Added funnel_id to teams table to link teams to specific funnels.
- Redesigned /admin/funnels page ('Meus Funis') to allow creating multiple funnels, managing their stages, and assigning them to teams.
- Updated Dashboard, UserDetail, and AttendanceDetail to dynamically load the correct funnel based on the selected team or user's assigned team.
- Modified attendances.funnel_stage in DB from ENUM to VARCHAR.
- Created tenant_funnels table and backend API routes to manage custom stages.
- Added /admin/funnels page for Admins/Managers to create, edit, order, and color-code their funnel stages.
- Updated Dashboard, UserDetail, and AttendanceDetail to fetch and render dynamic funnel stages instead of hardcoded enums.
- Added defensive checks and logging to GET /users/:idOrSlug to fix sporadic 500 errors during impersonation handoffs.
- Stripped literal quotes from SMTP credentials in nodemailer config to prevent '535 Incorrect auth data' in Docker Swarm.
- Reduced notification polling interval from 60s to 10s for real-time updates.
- Fixed browser autoplay block for audio notifications by properly initializing the audio context.
- Added sound_enabled column to users table with a default of true.
- Implemented a pleasant pop sound (notification.mp3) that plays when a new unread notification arrives.
- Added a toggle in the User Profile page allowing users to enable/disable the sound.
- Added notifications table with auto-migration on startup.
- Created backend endpoints for fetching and managing notifications.
- Implemented interactive notification tray in the header with unread badges.
- Added automated triggers for organization creation and user registration completion.
- Restricted Agent search to Attendances only.
- Enabled Super Admin search for Organizations (Tenants).
- Fixed user avatar URL construction in search results.
- Added Organizations category to search dropdown for Super Admins.
- Added /api/search endpoint with strict role-based data isolation.
- Created searchGlobal function in dataService.
- Refined header UI with an interactive, categorized search results dropdown.
- Prevented API error messages from leaking system roles.
- Updated POST /users to safely allow managers to create users while strictly forcing them to be agents assigned to the manager's team.
- Backend now only returns users, teams, and attendances from a manager's own team.
- Hidden 'Todas as Equipes' filter from manager dashboard.
- Removed manager ability to create or edit teams.
- Restricted Agent view to own dashboard and hid management tabs.
- Allowed Managers to create teams and members but restricted them from editing roles or emails.
- Allowed Admins to update their own email via profile.
- Protected Admin roles from being modified by anyone other than Super Admins.
- Updated all email templates to a clean light theme and changed button text to 'Finalizar Cadastro'.
- Enforced a strict 15-minute expiration on all auth/reset tokens.
- Created SetupAccount flow distinct from ResetPassword to capture user name during admin init.
- Refined dark mode to a premium True Black (Onyx) palette using Zinc.
- Fixed Dashboard KPI visibility and true period-over-period trend logic.
- Enhanced TeamManagement with global tenant filtering for Super Admins.
- Implemented secure User URL routing via slugs instead of raw UUIDs.
- Enforced strict Agent-level RBAC for viewing attendances.
- Fixed real backend deletion for tenants
- Allowed super_admins to manage other super_admins in Global Users
- Filtered teams based on selected tenant in user creation
- Protected system tenant from deletion
- Enforced tenant isolation and Role-Based Access Control across all API routes
- Implemented secure profile avatar upload using multer and UUIDs
- Redesigned UI with a premium "Onyx & Gold" Charcoal dark mode
- Added Funnel Stage and Origin filters to Dashboard and User Detail pages
- Replaced "Referral" with "Indicação" across the platform and database
- Optimized Dockerfile and local environment setup for reliable deployments
- Fixed frontend syntax errors and improved KPI/Chart visualizations
- Implemented real JWT authentication and persistent user sessions
- Replaced all hardcoded mock data with dynamic MySQL-backed API calls
- Created new 'Times' (Teams) dashboard with performance metrics
- Renamed 'Equipe' to 'Membros' and centralized team management
- Added Role-Based Access Control (RBAC) for Admin/Manager/Agent roles
- Implemented secure invite-only member creation and password setup flow
- Enhanced Login with password visibility and real-time validation
- Added safe delete confirmation modal and custom Toast notifications
Adds initial backend API endpoints for fetching users and attendances, including basic filtering. Sets up the frontend routing with a layout component and includes placeholder pages for dashboard, users, and login. Refactors the README for local development setup.
