- Updated the host bind mount from the restricted '/root' directory to '/opt/fasto_backups' to ensure the Docker daemon has the necessary permissions to read and write database dumps.
- Appended a version suffix to the `init_sql` config name to bypass Docker Swarm's immutable config cache and force the cluster to pick up the latest database schema changes on deployment.
- Dropped the 'node.role == manager' deployment constraint to allow the backup container to be scheduled on any available node or to run smoothly in non-swarm Docker Compose environments.
- Added `databack/mysql-backup` service to the production docker-compose Swarm stack, scheduling a daily 02:55 AM cron backup of the database with a 3-day local retention policy.
- Fixed a critical race condition in the backend JWT authentication middleware where an invalid token returning 401 could crash the response flow if the route executed before the defensive checks caught it.
- Added strict undefined defensive checks to the `getUserById` endpoint and RBAC middleware to gracefully reject requests that somehow bypass the token parser.
- Updated `GEMINI.md` technical documentation to fully match the real codebase logic.
- Fixed UX rule to prevent `manager` role from seeing Funnels or Origins tabs in the sidebar.
- Blocked `agent` role from modifying their own 'fullName' string in the Profile UI.
- Cleaned up the requireRole middleware across all Funnel and Origin API routes to strictly allow only 'admin' and 'super_admin' to perform structural changes.
- Updated the tenant creation script to assign the 'admin' role to new signups instead of 'owner'.
- The backend was returning 403 Forbidden when a token expired, causing the frontend apiFetch interceptor (which listens for 401) to ignore it and crash the session.
- Refactored POST /auth/login to issue a 15-minute Access Token and a 30-day Refresh Token.
- Added POST /auth/refresh endpoint to automatically issue new Access Tokens and extend the Refresh Token's lifespan by 30 days upon use (Sliding Expiration).
- Built an HTTP interceptor wrapper (apiFetch) in dataService.ts that automatically catches 401 Unauthorized errors, calls the refresh endpoint, updates localStorage, and silently retries the original request without logging the user out.
- Updated Dashboard origin chart to strictly reflect only configured origins, grouping unmapped data into an 'Outros' category.
- Added GET /api/integration/funnels and GET /api/integration/origins endpoints to allow external AIs to dynamically map stages and lead sources.
- Fixed database initialization where default origins were seeded without color_classes.
- Added a visual color picker to the Origens admin page to allow users to assign colors to origin tags.
- Updated Dashboard Pie Chart to read the color classes correctly and display them.
- Dropped simple origins table in favor of origin_groups and origin_items to match the Funnels architecture.
- Added origin_group_id to teams table to assign specific origins to specific teams.
- Updated /admin/origins page to support creating origin groups, adding origin items to them, and assigning teams to groups.
- Updated Dashboard and UserDetail pages to dynamically load the exact origin items belonging to the active team/user.
- Updated AuthGuard to intercept navigation to the standard dashboard ('/') for users with the 'super_admin' role and automatically redirect them to '/super-admin'.
- Updated Login.tsx to automatically redirect users to the dashboard if a valid token is already present in localStorage.
- Refactored getUserById to properly throw server/network errors instead of silently returning undefined.
- Updated AuthGuard in App.tsx to gracefully handle network errors without destroying the user's valid localStorage tokens.
- Fixed a bug where selecting a date in the native date picker resulted in the previous day being selected due to the browser converting the 'YYYY-MM-DD' string to UTC midnight and then shifting it back to local time (e.g. UTC-3 in Brazil).
- Explicitly parsed the date string and constructed the Date object using local time coordinates to ensure visual and data consistency.
- Updated the DateRangePicker component to visually display dates in DD/MM/YYYY format using a focus/blur technique, overriding the browser's default OS language formatting.
- Removed all hardcoded MOCK_ATTENDANCES, USERS, and TENANTS generators from constants.ts since the system is now production-ready.
- Renamed 'summary' to 'title' in the database and across all frontend components for clarity.
- Added 'full_summary' to the attendances schema to explicitly store the large, detailed AI analysis texts from n8n.
- Updated the 'Resumo da Interação' UI to render the 'full_summary' without adding any artificial filler text.
- Localized all dates and times across the dashboard to Brazilian formatting (pt-BR).
- Extracted API Key generation and management from UserProfile to a new /super-admin/api-keys route.
- Added cross-tenant selection in the new ApiKeys page so Super Admins can manage integrations for any organization.
- Added api_keys table to database schema.
- Added API Key authentication middleware to express router.
- Created GET /api/integration/users endpoint for n8n to map agents.
- Created POST /api/integration/attendances endpoint to accept webhooks from n8n.
- Added UI in UserProfile (for Admins/Owners) to generate, view, and revoke API keys.
- Fixed audio playback by downloading a valid mp3 file and importing it directly via Vite.
- Fixed the route collision where DELETE /notifications/clear-all was being captured by /notifications/:id.
- The notification badge now automatically clears (optimistic UI update) when the tray is opened.
- The backend no longer throws a 500 error when querying users during impersonation handoffs.
- Fixed audio playback by rendering a hidden audio tag to comply with browser policies.
- Renamed DELETE /notifications to /notifications/clear-all to prevent route conflicts.
- Notifications badge now clears automatically when the tray is opened.
- Translated notification types to Portuguese (SUCESSO, AVISO, ERRO, INFO).
- Implemented team deletion functionality for Admins.
- Updated DB schema to support multiple funnels (funnels table) and their stages (funnel_stages table).
- Added funnel_id to teams table to link teams to specific funnels.
- Redesigned /admin/funnels page ('Meus Funis') to allow creating multiple funnels, managing their stages, and assigning them to teams.
- Updated Dashboard, UserDetail, and AttendanceDetail to dynamically load the correct funnel based on the selected team or user's assigned team.
- Modified attendances.funnel_stage in DB from ENUM to VARCHAR.
- Created tenant_funnels table and backend API routes to manage custom stages.
- Added /admin/funnels page for Admins/Managers to create, edit, order, and color-code their funnel stages.
- Updated Dashboard, UserDetail, and AttendanceDetail to fetch and render dynamic funnel stages instead of hardcoded enums.
- Added defensive checks and logging to GET /users/:idOrSlug to fix sporadic 500 errors during impersonation handoffs.
- Prevented the browser's atob() function from throwing a 'String contains an invalid character' exception by adding proper Base64 padding to the JWT payload before decoding.
- Updated Layout and SuperAdmin to explicitly set window.location.hash before triggering window.location.reload() to guarantee correct routing after state resets.
- Added POST /api/impersonate/:tenantId to generate a specialized tenant-scoped JWT.
- Added UI button in SuperAdmin page to trigger impersonation.
- Saved original super_admin token to localStorage to allow returning without re-login.
- Added 'Retornar ao Painel Central' button in sidebar to quickly revert to super admin status.
- Stripped literal quotes from SMTP credentials in nodemailer config to prevent '535 Incorrect auth data' in Docker Swarm.
- Reduced notification polling interval from 60s to 10s for real-time updates.
- Fixed browser autoplay block for audio notifications by properly initializing the audio context.
- Added sound_enabled column to users table with a default of true.
- Implemented a pleasant pop sound (notification.mp3) that plays when a new unread notification arrives.
- Added a toggle in the User Profile page allowing users to enable/disable the sound.
- Added notifications table with auto-migration on startup.
- Created backend endpoints for fetching and managing notifications.
- Implemented interactive notification tray in the header with unread badges.
- Added automated triggers for organization creation and user registration completion.
- Agents see 'Buscar atendimentos...'
- Super admins see 'Buscar membros, equipes, atendimentos ou organizações...'
- Admin and managers see 'Buscar membros, equipes ou atendimentos...'
- Restricted Agent search to Attendances only.
- Enabled Super Admin search for Organizations (Tenants).
- Fixed user avatar URL construction in search results.
- Added Organizations category to search dropdown for Super Admins.
- Moved search bar to the left/center for better accessibility.
- Increased search bar width to max-w-2xl.
- Refined search results dropdown layout and styling.
- Added /api/search endpoint with strict role-based data isolation.
- Created searchGlobal function in dataService.
- Refined header UI with an interactive, categorized search results dropdown.
- Prevented API error messages from leaking system roles.
- Updated POST /users to safely allow managers to create users while strictly forcing them to be agents assigned to the manager's team.
