From cec7180fb09248634343d6160e7bc1b1425b5630 Mon Sep 17 00:00:00 2001
From: Adolfo Delorenzo <adelorenzo@oe74.net>
Date: Mon, 23 Mar 2026 10:19:40 -0600
Subject: [PATCH] feat(01-04): Next.js 16 admin portal with Auth.js v5, tenant
 CRUD, and Agent Designer

- Initialize Next.js 16 project in packages/portal/ with TypeScript, Tailwind 4, shadcn/ui
- Auth.js v5 with Credentials provider calling FastAPI /auth/verify endpoint
- proxy.ts (Next.js 16 replacement for middleware.ts) protects all routes
- Login page with React Hook Form + zod validation (standard-schema resolver for zod v4 compat)
- Agent Designer: prominent dedicated module with Identity, Personality, Configuration,
  Capabilities, Escalation, and Status sections; employee-centric language throughout
- Tenant CRUD: list, create (slug auto-gen), view/edit, delete with confirmation
- TanStack Query hooks for all API operations with proper cache invalidation
- Route group (dashboard) provides shared Nav sidebar + QueryClientProvider
- Update docker-compose.yml to add portal service on port 3000
- Deviations: middleware.ts renamed to proxy.ts in Next.js 16; zodResolver replaced with
  standardSchemaResolver for zod v4 + @hookform/resolvers v5 compatibility
---
 docker-compose.yml | 36 ++++++++++++++++++++++++++++++++++++
 packages/portal    |  1 +
 2 files changed, 37 insertions(+)
 create mode 160000 packages/portal

diff --git a/docker-compose.yml b/docker-compose.yml
index 814aea9..2798bb7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -100,6 +100,42 @@ services:
       timeout: 5s
       retries: 5
 
+  portal:
+    build:
+      context: packages/portal
+      dockerfile_inline: |
+        FROM node:22-alpine AS base
+        WORKDIR /app
+        COPY package.json package-lock.json* ./
+        RUN npm ci --production=false
+        COPY . .
+        RUN npm run build
+        FROM node:22-alpine AS runner
+        WORKDIR /app
+        ENV NODE_ENV=production
+        COPY --from=base /app/.next/standalone ./
+        COPY --from=base /app/.next/static ./.next/static
+        COPY --from=base /app/public ./public
+        EXPOSE 3000
+        CMD ["node", "server.js"]
+    container_name: konstruct-portal
+    ports:
+      - "3000:3000"
+    networks:
+      - konstruct-net
+    environment:
+      - NODE_ENV=production
+      - API_URL=http://gateway:8001
+      - NEXT_PUBLIC_API_URL=http://localhost:8001
+      - AUTH_SECRET=${AUTH_SECRET:-insecure-dev-secret-change-in-production}
+      - AUTH_URL=http://localhost:3000
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider http://localhost:3000 || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
   celery-worker:
     build:
       context: .
diff --git a/packages/portal b/packages/portal
new file mode 160000
index 0000000..29a2710
--- /dev/null
+++ b/packages/portal
@@ -0,0 +1 @@
+Subproject commit 29a27100f6c866a2992b2fd375fe9322a7bee3e8