jason/cpas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

roadmap #24

Merged
jason merged 6 commits from roadmap into master 2026-03-07 09:46:39 -06:00
Conversation 0 Commits 6 Files Changed 6 +435 -34
6 changed files with 435 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
README.md
View File

@@ -53,6 +53,7 @@ docker run -d --name cpas-tracker -p 3001:3001 -v cpas-data:/data cpas-tracker
- **At-risk badge**: flags employees within 2 points of the next tier escalation - **At-risk badge**: flags employees within 2 points of the next tier escalation
- Search/filter by name, department, or supervisor - Search/filter by name, department, or supervisor
- Click any employee name to open their full profile modal - Click any employee name to open their full profile modal
- **📋 Audit Log** button — filterable, paginated view of all system write actions
### Violation Form ### Violation Form
- Select existing employee or enter new employee by name - Select existing employee or enter new employee by name
@@ -66,11 +67,24 @@ docker run -d --name cpas-tracker -p 3001:3001 -v cpas-data:/data cpas-tracker
- One-click PDF download immediately after submission - One-click PDF download immediately after submission
### Employee Profile Modal ### Employee Profile Modal
- Full violation history with resolution status - Full violation history with resolution status and **amendment count badge** per record
- **✎ Edit Employee** button — update name, department, or supervisor inline
- **Merge Duplicate** tab — reassign all violations from a duplicate record and delete it
- **Amend** button per active violation — edit non-scoring fields (location, notes, witness, etc.) with a full field-level diff history
- Negate / restore individual violations (soft delete with resolution type + notes) - Negate / restore individual violations (soft delete with resolution type + notes)
- Hard delete option for data entry errors - Hard delete option for data entry errors
- PDF download for any historical violation record - PDF download for any historical violation record
### Audit Log
- Append-only log of every write action: employee created/edited/merged, violation logged/amended/negated/restored/deleted
- Filterable by entity type (employee / violation) and action
- Paginated with load-more; accessible from the Dashboard toolbar
### Violation Amendment
- Edit submitted violations' non-scoring fields without delete-and-resubmit
- Point values, violation type, and incident date are immutable
- Every change is stored as a field-level diff (old → new value) with timestamp and actor
### CPAS Tier System ### CPAS Tier System
| Points | Tier | Label | | Points | Tier | Label |
@@ -100,14 +114,19 @@ Scores are computed over a **rolling 90-day window** (negated violations exclude
| GET | `/api/health` | Health check | | GET | `/api/health` | Health check |
| GET | `/api/employees` | List all employees | | GET | `/api/employees` | List all employees |
| POST | `/api/employees` | Create or upsert employee | | POST | `/api/employees` | Create or upsert employee |
| PATCH | `/api/employees/:id` | Edit employee name, department, or supervisor |
| POST | `/api/employees/:id/merge` | Merge duplicate employee into target; reassigns all violations |
| GET | `/api/employees/:id/score` | Get active CPAS score for employee | | GET | `/api/employees/:id/score` | Get active CPAS score for employee |
| GET | `/api/dashboard` | All employees with active points + violation counts | | GET | `/api/dashboard` | All employees with active points + violation counts |
| POST | `/api/violations` | Log a new violation | | POST | `/api/violations` | Log a new violation |
| GET | `/api/violations/employee/:id` | Get violation history for employee (with resolutions) | | GET | `/api/violations/employee/:id` | Get violation history for employee (with resolutions + amendment counts) |
| PATCH | `/api/violations/:id/negate` | Negate a violation (soft delete + resolution record) | | PATCH | `/api/violations/:id/negate` | Negate a violation (soft delete + resolution record) |
| PATCH | `/api/violations/:id/restore` | Restore a negated violation | | PATCH | `/api/violations/:id/restore` | Restore a negated violation |
| PATCH | `/api/violations/:id/amend` | Amend non-scoring fields with field-level diff logging |
| GET | `/api/violations/:id/amendments` | Get amendment history for a violation |
| DELETE | `/api/violations/:id` | Hard delete a violation | | DELETE | `/api/violations/:id` | Hard delete a violation |
| GET | `/api/violations/:id/pdf` | Download violation PDF | | GET | `/api/violations/:id/pdf` | Download violation PDF |
| GET | `/api/audit` | Paginated audit log (filterable by entity_type, entity_id) |
--- ---
@@ -121,7 +140,7 @@ cpas/
├── server.js # API + static file server ├── server.js # API + static file server
├── db/ ├── db/
│ ├── schema.sql # Tables + 90-day active score view │ ├── schema.sql # Tables + 90-day active score view
│ └── database.js # SQLite connection (better-sqlite3) │ └── database.js # SQLite connection (better-sqlite3) + auto-migrations
├── pdf/ ├── pdf/
│ └── generator.js # Puppeteer PDF generation │ └── generator.js # Puppeteer PDF generation
└── client/ # React frontend (Vite) └── client/ # React frontend (Vite)
@@ -138,9 +157,12 @@ cpas/
└── components/ └── components/
├── CpasBadge.jsx # Tier badge + color logic ├── CpasBadge.jsx # Tier badge + color logic
├── TierWarning.jsx # Pre-submit tier crossing alert ├── TierWarning.jsx # Pre-submit tier crossing alert
├── Dashboard.jsx # Company-wide leaderboard ├── Dashboard.jsx # Company-wide leaderboard + audit log trigger
├── ViolationForm.jsx # Violation entry form ├── ViolationForm.jsx # Violation entry form
├── EmployeeModal.jsx # Employee profile + history modal ├── EmployeeModal.jsx # Employee profile + history modal
├── EditEmployeeModal.jsx # Employee edit + merge duplicate
├── AmendViolationModal.jsx # Non-scoring field amendment + diff history
├── AuditLog.jsx # Filterable audit log panel
├── NegateModal.jsx # Negate/resolve violation dialog ├── NegateModal.jsx # Negate/resolve violation dialog
└── ViolationHistory.jsx # Violation list component └── ViolationHistory.jsx # Violation list component
``` ```
@@ -149,11 +171,13 @@ cpas/
## Database Schema ## Database Schema
Three tables + one view: Six tables + one view:
- **`employees`** — id, name, department, supervisor - **`employees`** — id, name, department, supervisor
- **`violations`** — full incident record including `prior_active_points` snapshot at time of logging - **`violations`** — full incident record including `prior_active_points` snapshot at time of logging
- **`violation_resolutions`** — resolution type, details, resolved_by (linked to violations) - **`violation_resolutions`** — resolution type, details, resolved_by (linked to violations)
- **`violation_amendments`** — field-level diff log for violation edits; one row per changed field per amendment
- **`audit_log`** — append-only record of every write action (action, entity_type, entity_id, performed_by, details, timestamp)
- **`active_cpas_scores`** (view) — sum of points for non-negated violations in rolling 90 days, grouped by employee - **`active_cpas_scores`** (view) — sum of points for non-negated violations in rolling 90 days, grouped by employee
--- ---
@@ -177,26 +201,33 @@ Three tables + one view:
| 4 | Tier crossing warning | Pre-submit alert when new points push employee to next tier | | 4 | Tier crossing warning | Pre-submit alert when new points push employee to next tier |
| 4 | Employee profile modal | Full history, negate/restore, hard delete, per-record PDF download | | 4 | Employee profile modal | Full history, negate/restore, hard delete, per-record PDF download |
| 4 | Negate & restore | Soft-delete violations with resolution type + notes, fully reversible | | 4 | Negate & restore | Soft-delete violations with resolution type + notes, fully reversible |
| 5 | Employee edit / merge | Update employee name/dept/supervisor; merge duplicate records without losing history |
| 5 | Violation amendment | Edit non-scoring fields with field-level audit trail |
| 5 | Audit log | Append-only log of all system writes; filterable panel in the dashboard |
--- ---
### 🔲 Proposed ### 📋 In Progress
#### Reporting & Visibility
- **Expiration timeline** — per-employee view showing which active violations roll off the 90-day window and when; lets supervisors anticipate tier drops before they happen
- **Employee notes / flags** — free-text notes attached to an employee record (e.g. "on PIP", "union member") visible in the profile modal without affecting scoring
---
### 💡 Proposed
#### Reporting & Analytics #### Reporting & Analytics
- **Violation trends chart** — line/bar chart of violations per day/week/month, filterable by department or supervisor; useful for identifying systemic patterns vs. individual incidents - **Violation trends chart** — line/bar chart of violations per day/week/month, filterable by department or supervisor; useful for identifying systemic patterns vs. individual incidents
- **Department heat map** — grid view showing violation density and average CPAS score by department; helps supervisors identify team-level risk - **Department heat map** — grid view showing violation density and average CPAS score by department; helps supervisors identify team-level risk
- **Expiration timeline** — visual showing which active violations will roll off the 90-day window and when, so supervisors can anticipate tier drops
- **CSV / Excel export** — bulk export of violations or dashboard data for external reporting or payroll integration - **CSV / Excel export** — bulk export of violations or dashboard data for external reporting or payroll integration
#### Employee Management #### Employee Management
- **Employee edit / merge** — ability to update employee name, department, or supervisor without losing history; merge duplicate records created by name typos
- **Supervisor view** — scoped dashboard showing only the employees under a given supervisor, useful for multi-supervisor environments - **Supervisor view** — scoped dashboard showing only the employees under a given supervisor, useful for multi-supervisor environments
- **Employee notes / flags** — free-text notes attached to an employee record (e.g. "on PIP", "union member") visible in the profile modal without affecting scoring
#### Violation Workflow #### Violation Workflow
- **Acknowledgment signature field** — a "received by employee" name/date field on the violation form that prints on the PDF, replacing the blank signature line - **Acknowledgment signature field** — a "received by employee" name/date field on the violation form that prints on the PDF, replacing the blank signature line
- **Draft / pending violations** — save a violation as draft before finalizing, useful when incidents need review before being officially logged - **Draft / pending violations** — save a violation as draft before finalizing, useful when incidents need review before being officially logged
- **Violation amendment** — edit a submitted violation's details (not points) with an audit trail, rather than delete-and-resubmit
- **Bulk violation import** — CSV import for migrating historical records from paper logs or a prior system - **Bulk violation import** — CSV import for migrating historical records from paper logs or a prior system
#### Notifications & Escalation #### Notifications & Escalation
@@ -206,7 +237,6 @@ Three tables + one view:
#### Infrastructure & Ops #### Infrastructure & Ops
- **Multi-user auth** — simple login with role-based access (admin, supervisor, read-only); currently the app has no auth and is assumed to run on a trusted internal network - **Multi-user auth** — simple login with role-based access (admin, supervisor, read-only); currently the app has no auth and is assumed to run on a trusted internal network
- **Audit log** — immutable log of all creates, negates, restores, and deletes with timestamp and acting user, stored separately from the violations table
- **Automated DB backup** — cron job or Docker health hook to snapshot `/data/cpas.db` to a mounted backup volume or remote location on a schedule - **Automated DB backup** — cron job or Docker health hook to snapshot `/data/cpas.db` to a mounted backup volume or remote location on a schedule
- **Dark/light theme toggle** — the UI is currently dark-only; a toggle would improve usability in bright environments - **Dark/light theme toggle** — the UI is currently dark-only; a toggle would improve usability in bright environments

21
client/src/components/EmployeeModal.jsx
View File

@@ -4,6 +4,8 @@ import CpasBadge, { getTier } from './CpasBadge';
import NegateModal from './NegateModal'; import NegateModal from './NegateModal';
import EditEmployeeModal from './EditEmployeeModal'; import EditEmployeeModal from './EditEmployeeModal';
import AmendViolationModal from './AmendViolationModal'; import AmendViolationModal from './AmendViolationModal';
import ExpirationTimeline from './ExpirationTimeline';
import EmployeeNotes from './EmployeeNotes';
const s = { const s = {
overlay: { overlay: {
@@ -201,7 +203,7 @@ export default function EmployeeModal({ employeeId, onClose }) {
</div> </div>
<div style={{ ...s.scoreCard, minWidth: '140px' }}> <div style={{ ...s.scoreCard, minWidth: '140px' }}>
<div style={{ fontSize: '13px', fontWeight: 700, color: tier?.color || '#f8f9fa' }}> <div style={{ fontSize: '13px', fontWeight: 700, color: tier?.color || '#f8f9fa' }}>
{tier ? tier.label : ''} {tier ? tier.label : ''}
</div> </div>
<div style={s.scoreLbl}>Current Tier</div> <div style={s.scoreLbl}>Current Tier</div>
</div> </div>
@@ -209,6 +211,23 @@ export default function EmployeeModal({ employeeId, onClose }) {
)} )}
{score && <CpasBadge points={score.active_points} style={{ marginBottom: '20px' }} />} {score && <CpasBadge points={score.active_points} style={{ marginBottom: '20px' }} />}
{/* ── Employee Notes ── */}
{employee && (
<EmployeeNotes
employeeId={employeeId}
initialNotes={employee.notes}
onSaved={(notes) => setEmployee(prev => ({ ...prev, notes }))}
/>
)}
{/* ── Expiration Timeline ── */}
{score && score.active_points > 0 && (
<ExpirationTimeline
employeeId={employeeId}
currentPoints={score.active_points}
/>
)}
{/* ── Active Violations ── */} {/* ── Active Violations ── */}
<div style={s.sectionHd}>Active Violations</div> <div style={s.sectionHd}>Active Violations</div>
{active.length === 0 ? ( {active.length === 0 ? (

146
client/src/components/EmployeeNotes.jsx Normal file
View File

@@ -0,0 +1,146 @@
import React, { useState } from 'react';
import axios from 'axios';
const s = {
wrapper: { marginTop: '20px' },
sectionHd: {
fontSize: '13px', fontWeight: 700, color: '#f8f9fa', textTransform: 'uppercase',
letterSpacing: '0.5px', marginBottom: '8px',
},
display: {
background: '#181924', border: '1px solid #2a2b3a', borderRadius: '6px',
padding: '10px 12px', fontSize: '13px', color: '#f8f9fa', minHeight: '36px',
cursor: 'pointer', position: 'relative',
},
displayEmpty: {
color: '#555770', fontStyle: 'italic',
},
editHint: {
position: 'absolute', right: '8px', top: '8px',
fontSize: '10px', color: '#555770',
},
textarea: {
width: '100%', background: '#0d1117', border: '1px solid #4d6fa8',
borderRadius: '6px', color: '#f8f9fa', fontSize: '13px',
padding: '10px 12px', resize: 'vertical', minHeight: '80px',
boxSizing: 'border-box', fontFamily: 'inherit', outline: 'none',
},
actions: { display: 'flex', gap: '8px', marginTop: '8px' },
saveBtn: {
background: '#1a3a6b', border: '1px solid #4d6fa8', color: '#90caf9',
borderRadius: '5px', padding: '5px 14px', fontSize: '12px',
cursor: 'pointer', fontWeight: 600,
},
cancelBtn: {
background: 'none', border: '1px solid #444', color: '#888',
borderRadius: '5px', padding: '5px 14px', fontSize: '12px',
cursor: 'pointer',
},
saving: { fontSize: '12px', color: '#9ca0b8', alignSelf: 'center' },
tagRow: { display: 'flex', flexWrap: 'wrap', gap: '6px', marginBottom: '8px' },
tag: {
display: 'inline-block', padding: '2px 8px', borderRadius: '10px',
fontSize: '11px', fontWeight: 600, background: '#1a2a3a',
color: '#90caf9', border: '1px solid #2a3a5a', cursor: 'default',
},
};
// Quick-add tags for common HR flags
const QUICK_TAGS = ['On PIP', 'Union member', 'Probationary', 'Pending investigation', 'FMLA', 'ADA'];
export default function EmployeeNotes({ employeeId, initialNotes, onSaved }) {
const [editing, setEditing] = useState(false);
const [draft, setDraft] = useState(initialNotes || '');
const [saved, setSaved] = useState(initialNotes || '');
const [saving, setSaving] = useState(false);
const handleSave = async () => {
setSaving(true);
try {
await axios.patch(`/api/employees/${employeeId}/notes`, { notes: draft });
setSaved(draft);
setEditing(false);
if (onSaved) onSaved(draft);
} finally {
setSaving(false);
}
};
const handleCancel = () => {
setDraft(saved);
setEditing(false);
};
const addTag = (tag) => {
const current = draft.trim();
// Don't add a tag that's already present
if (current.includes(tag)) return;
setDraft(current ? `${current}\n${tag}` : tag);
};
// Parse saved notes into display lines
const lines = saved ? saved.split('\n').filter(Boolean) : [];
return (
<div style={s.wrapper}>
<div style={s.sectionHd}>Notes &amp; Flags</div>
{!editing ? (
<div
style={s.display}
onClick={() => { setDraft(saved); setEditing(true); }}
title="Click to edit"
>
<span style={s.editHint}> edit</span>
{lines.length === 0 ? (
<span style={s.displayEmpty}>No notes click to add</span>
) : (
<div style={s.tagRow}>
{lines.map((line, i) => (
<span key={i} style={s.tag}>{line}</span>
))}
</div>
)}
</div>
) : (
<div>
{/* Quick-add tag buttons */}
<div style={{ ...s.tagRow, marginBottom: '6px' }}>
{QUICK_TAGS.map(tag => (
<button
key={tag}
style={{
...s.tag,
cursor: 'pointer',
background: draft.includes(tag) ? '#0e2a3a' : '#1a2a3a',
opacity: draft.includes(tag) ? 0.5 : 1,
}}
onClick={() => addTag(tag)}
title="Add tag"
>
+ {tag}
</button>
))}
</div>
<textarea
style={s.textarea}
value={draft}
onChange={e => setDraft(e.target.value)}
placeholder="Free-text notes — one per line or comma-separated. Does not affect CPAS scoring."
autoFocus
/>
<div style={s.actions}>
<button style={s.saveBtn} onClick={handleSave} disabled={saving}>
{saving ? 'Saving…' : 'Save Notes'}
</button>
<button style={s.cancelBtn} onClick={handleCancel} disabled={saving}>
Cancel
</button>
{saving && <span style={s.saving}>Saving</span>}
</div>
</div>
)}
</div>
);
}

159
client/src/components/ExpirationTimeline.jsx Normal file
View File

@@ -0,0 +1,159 @@
import React, { useEffect, useState } from 'react';
import axios from 'axios';
// Tier thresholds used to compute what tier an employee would drop to
// after a given violation rolls off.
const TIER_THRESHOLDS = [
{ min: 30, label: 'Separation', color: '#ff1744' },
{ min: 25, label: 'Final Decision', color: '#ff6d00' },
{ min: 20, label: 'Risk Mitigation', color: '#ff9100' },
{ min: 15, label: 'Verification', color: '#ffc400' },
{ min: 10, label: 'Administrative Lockdown', color: '#ffea00' },
{ min: 5, label: 'Realignment', color: '#b2ff59' },
{ min: 0, label: 'Elite Standing', color: '#69f0ae' },
];
function getTier(pts) {
return TIER_THRESHOLDS.find(t => pts >= t.min) || TIER_THRESHOLDS[TIER_THRESHOLDS.length - 1];
}
function urgencyColor(days) {
if (days <= 7) return '#ff4d4f';
if (days <= 14) return '#ffa940';
if (days <= 30) return '#fadb14';
return '#52c41a';
}
const s = {
wrapper: { marginTop: '24px' },
sectionHd: {
fontSize: '13px', fontWeight: 700, color: '#f8f9fa', textTransform: 'uppercase',
letterSpacing: '0.5px', marginBottom: '10px',
},
empty: { color: '#777990', fontStyle: 'italic', fontSize: '12px' },
row: {
display: 'flex', alignItems: 'center', gap: '12px',
padding: '10px 12px', background: '#181924', borderRadius: '6px',
border: '1px solid #2a2b3a', marginBottom: '6px',
},
bar: (pct, color) => ({
flex: 1, height: '6px', background: '#2a2b3a', borderRadius: '3px', overflow: 'hidden',
position: 'relative',
}),
barFill: (pct, color) => ({
position: 'absolute', left: 0, top: 0, bottom: 0,
width: `${Math.min(100, Math.max(0, 100 - pct))}%`,
background: color, borderRadius: '3px',
transition: 'width 0.3s ease',
}),
pill: (color) => ({
display: 'inline-block', padding: '2px 8px', borderRadius: '10px',
fontSize: '11px', fontWeight: 700, background: `${color}22`,
color, border: `1px solid ${color}55`, whiteSpace: 'nowrap',
}),
pts: { fontSize: '13px', fontWeight: 700, color: '#f8f9fa', minWidth: '28px', textAlign: 'right' },
name: { fontSize: '12px', color: '#f8f9fa', fontWeight: 600, flex: '0 0 160px', overflow: 'hidden', textOverflow: 'ellipsis', whiteSpace: 'nowrap' },
date: { fontSize: '11px', color: '#9ca0b8', minWidth: '88px' },
projBox: {
marginTop: '16px', padding: '12px 14px', background: '#0d1117',
border: '1px solid #2a2b3a', borderRadius: '6px', fontSize: '12px', color: '#b5b5c0',
},
projRow: { display: 'flex', justifyContent: 'space-between', marginBottom: '4px' },
};
export default function ExpirationTimeline({ employeeId, currentPoints }) {
const [items, setItems] = useState([]);
const [loading, setLoading] = useState(true);
useEffect(() => {
setLoading(true);
axios.get(`/api/employees/${employeeId}/expiration`)
.then(r => setItems(r.data))
.finally(() => setLoading(false));
}, [employeeId]);
if (loading) return (
<div style={s.wrapper}>
<div style={s.sectionHd}>Point Expiration Timeline</div>
<div style={{ ...s.empty }}>Loading</div>
</div>
);
if (items.length === 0) return (
<div style={s.wrapper}>
<div style={s.sectionHd}>Point Expiration Timeline</div>
<div style={s.empty}>No active violations nothing to expire.</div>
</div>
);
// Build running totals: after each violation expires, what's the remaining score?
let running = currentPoints || 0;
const projected = items.map(item => {
const before = running;
running = Math.max(0, running - item.points);
const tierBefore = getTier(before);
const tierAfter = getTier(running);
const dropped = tierAfter.min < tierBefore.min;
return { ...item, pointsBefore: before, pointsAfter: running, tierBefore, tierAfter, tierDropped: dropped };
});
return (
<div style={s.wrapper}>
<div style={s.sectionHd}>Point Expiration Timeline</div>
{projected.map((item) => {
const color = urgencyColor(item.days_remaining);
const pct = (item.days_remaining / 90) * 100;
return (
<div key={item.id} style={s.row}>
{/* Violation name */}
<div style={s.name} title={item.violation_name}>{item.violation_name}</div>
{/* Points badge */}
<div style={s.pts}>{item.points}</div>
{/* Progress bar: how much of the 90 days has elapsed */}
<div style={s.bar(pct, color)}>
<div style={s.barFill(pct, color)} />
</div>
{/* Days remaining pill */}
<div style={s.pill(color)}>
{item.days_remaining <= 0 ? 'Expiring today' : `${item.days_remaining}d`}
</div>
{/* Expiry date */}
<div style={s.date}>{item.expires_on}</div>
{/* Tier drop indicator */}
{item.tierDropped && (
<div style={{ fontSize: '10px', color: '#69f0ae', whiteSpace: 'nowrap' }}>
{item.tierAfter.label}
</div>
)}
</div>
);
})}
{/* Projection summary */}
<div style={s.projBox}>
<div style={{ fontWeight: 700, color: '#f8f9fa', marginBottom: '8px', fontSize: '12px' }}>
Projected score after each expiration
</div>
{projected.map((item, i) => (
<div key={item.id} style={s.projRow}>
<span style={{ color: '#9ca0b8' }}>{item.expires_on} {item.violation_name}</span>
<span>
<span style={{ color: '#f8f9fa', fontWeight: 700 }}>{item.pointsAfter} pts</span>
{item.tierDropped && (
<span style={{ marginLeft: '8px', color: item.tierAfter.color, fontWeight: 700 }}>
{item.tierAfter.label}
</span>
)}
</span>
</div>
))}
</div>
</div>
);
}

4
db/database.js
View File

@@ -20,6 +20,10 @@ if (!cols.includes('negated_at')) db.exec("ALTER TABLE violations ADD C
if (!cols.includes('prior_active_points')) db.exec("ALTER TABLE violations ADD COLUMN prior_active_points INTEGER"); if (!cols.includes('prior_active_points')) db.exec("ALTER TABLE violations ADD COLUMN prior_active_points INTEGER");
if (!cols.includes('prior_tier_label')) db.exec("ALTER TABLE violations ADD COLUMN prior_tier_label TEXT"); if (!cols.includes('prior_tier_label')) db.exec("ALTER TABLE violations ADD COLUMN prior_tier_label TEXT");
// Employee notes column (free-text, does not affect scoring)
const empCols = db.prepare('PRAGMA table_info(employees)').all().map(c => c.name);
if (!empCols.includes('notes')) db.exec("ALTER TABLE employees ADD COLUMN notes TEXT");
// Ensure resolutions table exists // Ensure resolutions table exists
db.exec(`CREATE TABLE IF NOT EXISTS violation_resolutions ( db.exec(`CREATE TABLE IF NOT EXISTS violation_resolutions (
id INTEGER PRIMARY KEY AUTOINCREMENT, id INTEGER PRIMARY KEY AUTOINCREMENT,

59
server.js
View File

@@ -29,7 +29,7 @@ app.get('/api/health', (req, res) => res.json({ status: 'ok', timestamp: new Dat
// ── Employees ───────────────────────────────────────────────────────────────── // ── Employees ─────────────────────────────────────────────────────────────────
app.get('/api/employees', (req, res) => { app.get('/api/employees', (req, res) => {
const rows = db.prepare('SELECT id, name, department, supervisor FROM employees ORDER BY name ASC').all(); const rows = db.prepare('SELECT id, name, department, supervisor, notes FROM employees ORDER BY name ASC').all();
res.json(rows); res.json(rows);
}); });
@@ -51,13 +51,13 @@ app.post('/api/employees', (req, res) => {
}); });
// ── Employee Edit ───────────────────────────────────────────────────────────── // ── Employee Edit ─────────────────────────────────────────────────────────────
// PATCH /api/employees/:id — update name, department, or supervisor // PATCH /api/employees/:id — update name, department, supervisor, or notes
app.patch('/api/employees/:id', (req, res) => { app.patch('/api/employees/:id', (req, res) => {
const id = parseInt(req.params.id); const id = parseInt(req.params.id);
const emp = db.prepare('SELECT * FROM employees WHERE id = ?').get(id); const emp = db.prepare('SELECT * FROM employees WHERE id = ?').get(id);
if (!emp) return res.status(404).json({ error: 'Employee not found' }); if (!emp) return res.status(404).json({ error: 'Employee not found' });
const { name, department, supervisor, performed_by } = req.body; const { name, department, supervisor, notes, performed_by } = req.body;
// Prevent name collision with a different employee // Prevent name collision with a different employee
if (name && name.trim() !== emp.name) { if (name && name.trim() !== emp.name) {
@@ -68,16 +68,17 @@ app.patch('/api/employees/:id', (req, res) => {
const newName = (name || emp.name).trim(); const newName = (name || emp.name).trim();
const newDept = department !== undefined ? (department || null) : emp.department; const newDept = department !== undefined ? (department || null) : emp.department;
const newSupervisor = supervisor !== undefined ? (supervisor || null) : emp.supervisor; const newSupervisor = supervisor !== undefined ? (supervisor || null) : emp.supervisor;
const newNotes = notes !== undefined ? (notes || null) : emp.notes;
db.prepare('UPDATE employees SET name = ?, department = ?, supervisor = ? WHERE id = ?') db.prepare('UPDATE employees SET name = ?, department = ?, supervisor = ?, notes = ? WHERE id = ?')
.run(newName, newDept, newSupervisor, id); .run(newName, newDept, newSupervisor, newNotes, id);
audit('employee_edited', 'employee', id, performed_by, { audit('employee_edited', 'employee', id, performed_by, {
before: { name: emp.name, department: emp.department, supervisor: emp.supervisor }, before: { name: emp.name, department: emp.department, supervisor: emp.supervisor, notes: emp.notes },
after: { name: newName, department: newDept, supervisor: newSupervisor }, after: { name: newName, department: newDept, supervisor: newSupervisor, notes: newNotes },
}); });
res.json({ id, name: newName, department: newDept, supervisor: newSupervisor }); res.json({ id, name: newName, department: newDept, supervisor: newSupervisor, notes: newNotes });
}); });
// ── Employee Merge ──────────────────────────────────────────────────────────── // ── Employee Merge ────────────────────────────────────────────────────────────
@@ -112,12 +113,54 @@ app.post('/api/employees/:id/merge', (req, res) => {
res.json({ success: true, violations_reassigned: violationsMoved }); res.json({ success: true, violations_reassigned: violationsMoved });
}); });
// ── Employee notes (PATCH shorthand) ─────────────────────────────────────────
// PATCH /api/employees/:id/notes — save free-text notes only
app.patch('/api/employees/:id/notes', (req, res) => {
const id = parseInt(req.params.id);
const emp = db.prepare('SELECT * FROM employees WHERE id = ?').get(id);
if (!emp) return res.status(404).json({ error: 'Employee not found' });
const { notes, performed_by } = req.body;
const newNotes = notes !== undefined ? (notes || null) : emp.notes;
db.prepare('UPDATE employees SET notes = ? WHERE id = ?').run(newNotes, id);
audit('employee_notes_updated', 'employee', id, performed_by, { notes: newNotes });
res.json({ id, notes: newNotes });
});
// Employee score (current snapshot) // Employee score (current snapshot)
app.get('/api/employees/:id/score', (req, res) => { app.get('/api/employees/:id/score', (req, res) => {
const row = db.prepare('SELECT * FROM active_cpas_scores WHERE employee_id = ?').get(req.params.id); const row = db.prepare('SELECT * FROM active_cpas_scores WHERE employee_id = ?').get(req.params.id);
res.json(row || { employee_id: req.params.id, active_points: 0, violation_count: 0 }); res.json(row || { employee_id: req.params.id, active_points: 0, violation_count: 0 });
}); });
// ── Expiration Timeline ───────────────────────────────────────────────────────
// GET /api/employees/:id/expiration — active violations sorted by roll-off date
// Returns each active violation with days_remaining until it exits the 90-day window.
app.get('/api/employees/:id/expiration', (req, res) => {
const rows = db.prepare(`
SELECT
v.id,
v.violation_name,
v.violation_type,
v.category,
v.points,
v.incident_date,
DATE(v.incident_date, '+90 days') AS expires_on,
CAST(
JULIANDAY(DATE(v.incident_date, '+90 days')) -
JULIANDAY(DATE('now'))
AS INTEGER
) AS days_remaining
FROM violations v
WHERE v.employee_id = ?
AND v.negated = 0
AND v.incident_date >= DATE('now', '-90 days')
ORDER BY v.incident_date ASC
`).all(req.params.id);
res.json(rows);
});
// Dashboard // Dashboard
app.get('/api/dashboard', (req, res) => { app.get('/api/dashboard', (req, res) => {
const rows = db.prepare(` const rows = db.prepare(`