- Added `databack/mysql-backup` service to the production docker-compose Swarm stack, scheduling a daily 02:55 AM cron backup of the database with a 3-day local retention policy.
- Fixed a critical race condition in the backend JWT authentication middleware where an invalid token returning 401 could crash the response flow if the route executed before the defensive checks caught it.
- Added strict undefined defensive checks to the `getUserById` endpoint and RBAC middleware to gracefully reject requests that somehow bypass the token parser.
- Updated `GEMINI.md` technical documentation to fully match the real codebase logic.
- Fixed UX rule to prevent `manager` role from seeing Funnels or Origins tabs in the sidebar.
- Blocked `agent` role from modifying their own 'fullName' string in the Profile UI.
- Extracted API Key generation and management from UserProfile to a new /super-admin/api-keys route.
- Added cross-tenant selection in the new ApiKeys page so Super Admins can manage integrations for any organization.
- Added api_keys table to database schema.
- Added API Key authentication middleware to express router.
- Created GET /api/integration/users endpoint for n8n to map agents.
- Created POST /api/integration/attendances endpoint to accept webhooks from n8n.
- Added UI in UserProfile (for Admins/Owners) to generate, view, and revoke API keys.
- Added sound_enabled column to users table with a default of true.
- Implemented a pleasant pop sound (notification.mp3) that plays when a new unread notification arrives.
- Added a toggle in the User Profile page allowing users to enable/disable the sound.
- Restricted Agent view to own dashboard and hid management tabs.
- Allowed Managers to create teams and members but restricted them from editing roles or emails.
- Allowed Admins to update their own email via profile.
- Protected Admin roles from being modified by anyone other than Super Admins.
- Enforced tenant isolation and Role-Based Access Control across all API routes
- Implemented secure profile avatar upload using multer and UUIDs
- Redesigned UI with a premium "Onyx & Gold" Charcoal dark mode
- Added Funnel Stage and Origin filters to Dashboard and User Detail pages
- Replaced "Referral" with "Indicação" across the platform and database
- Optimized Dockerfile and local environment setup for reliable deployments
- Fixed frontend syntax errors and improved KPI/Chart visualizations
Adds initial backend API endpoints for fetching users and attendances, including basic filtering. Sets up the frontend routing with a layout component and includes placeholder pages for dashboard, users, and login. Refactors the README for local development setup.
