ui/src/router.tsx

import { Routes, Route, Navigate } from 'react-router';
import { LoginPage } from './auth/LoginPage';
import { CallbackPage } from './auth/CallbackPage';
import { ProtectedRoute } from './auth/ProtectedRoute';
import { OrgResolver } from './auth/OrgResolver';
import { Layout } from './components/Layout';
import { RequireScope } from './components/RequireScope';
import { useScopes } from './auth/useScopes';
import { useOrgStore } from './auth/useOrganization';

import { VendorTenantsPage } from './pages/vendor/VendorTenantsPage';
import { CreateTenantPage } from './pages/vendor/CreateTenantPage';
import { TenantDetailPage } from './pages/vendor/TenantDetailPage';
import { VendorAuditPage } from './pages/vendor/VendorAuditPage';
import { CertificatesPage } from './pages/vendor/CertificatesPage';
import { TenantDashboardPage } from './pages/tenant/TenantDashboardPage';
import { TenantLicensePage } from './pages/tenant/TenantLicensePage';
import { SsoPage } from './pages/tenant/SsoPage';
import { TeamPage } from './pages/tenant/TeamPage';
import { SettingsPage } from './pages/tenant/SettingsPage';
import { TenantAuditPage } from './pages/tenant/TenantAuditPage';

function LandingRedirect() {
  const scopes = useScopes();
  const { organizations, currentOrgId } = useOrgStore();
  const currentOrg = organizations.find((o) => o.id === currentOrgId);

  // Wait for scopes to be resolved — they're loaded async by OrgResolver.
  // An empty set means "not yet loaded" (even viewer gets observe:read).
  if (scopes.size === 0) {
    return null; // OrgResolver is still fetching tokens
  }

  // Vendor → vendor console
  if (scopes.has('platform:admin')) {
    return <Navigate to="/vendor/tenants" replace />;
  }
  // Tenant admin → tenant portal
  if (scopes.has('tenant:manage')) {
    return <Navigate to="/tenant" replace />;
  }
  // Regular user (operator/viewer) → server dashboard directly
  const serverUrl = currentOrg?.slug ? `/t/${currentOrg.slug}/` : '/server/';
  window.location.href = serverUrl;
  return null;
}

export function AppRouter() {
  return (
    <Routes>
      <Route path="/login" element={<LoginPage />} />
      <Route path="/callback" element={<CallbackPage />} />
      <Route element={<ProtectedRoute />}>
        <Route element={<OrgResolver />}>
          <Route element={<Layout />}>
            {/* Vendor console */}
            <Route path="/vendor/tenants" element={
              <RequireScope scope="platform:admin" fallback={<Navigate to="/tenant" replace />}>
                <VendorTenantsPage />
              </RequireScope>
            } />
            <Route path="/vendor/tenants/new" element={
              <RequireScope scope="platform:admin" fallback={<Navigate to="/tenant" replace />}>
                <CreateTenantPage />
              </RequireScope>
            } />
            <Route path="/vendor/tenants/:id" element={
              <RequireScope scope="platform:admin" fallback={<Navigate to="/tenant" replace />}>
                <TenantDetailPage />
              </RequireScope>
            } />
            <Route path="/vendor/audit" element={
              <RequireScope scope="platform:admin" fallback={<Navigate to="/tenant" replace />}>
                <VendorAuditPage />
              </RequireScope>
            } />
            <Route path="/vendor/certificates" element={
              <RequireScope scope="platform:admin" fallback={<Navigate to="/tenant" replace />}>
                <CertificatesPage />
              </RequireScope>
            } />

            {/* Tenant portal */}
            <Route path="/tenant" element={<TenantDashboardPage />} />
            <Route path="/tenant/license" element={<TenantLicensePage />} />
            <Route path="/tenant/sso" element={<SsoPage />} />
            <Route path="/tenant/team" element={<TeamPage />} />
            <Route path="/tenant/audit" element={<TenantAuditPage />} />
            <Route path="/tenant/settings" element={<SettingsPage />} />

            {/* Default redirect — vendor goes to /vendor/tenants, customer to /tenant */}
            <Route index element={<LandingRedirect />} />
          </Route>
        </Route>
      </Route>
    </Routes>
  );
}
feat: restructure frontend routes — vendor/tenant persona split Splits the flat 3-page UI into /vendor/* (platform:admin) and /tenant/* (all authenticated users) route trees, with stub pages, new API hooks, updated Layout with persona-aware sidebar, and SpaController forwarding. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-09 21:52:34 +02:00			`import { Routes, Route, Navigate } from 'react-router';`
feat: add sidebar layout, environment tree, and router Wires up AppShell + Sidebar compound component, a per-environment SidebarTree that lazy-fetches apps, React Router nested routes, and provider-wrapped main.tsx with ThemeProvider/ToastProvider/BreadcrumbProvider. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-04 21:55:21 +02:00			`import { LoginPage } from './auth/LoginPage';`
			`import { CallbackPage } from './auth/CallbackPage';`
			`import { ProtectedRoute } from './auth/ProtectedRoute';`
feat: bootstrap 2 users, tenant, org-scoped tokens, platform admin UI Bootstrap script now creates: - SaaS Owner (admin/admin) with platform-admin role - Tenant Admin (camel/camel) in Example Tenant org - Traditional Web App for cameleer3-server OIDC - DB records: tenant, default environment, license - Configures cameleer3-server OIDC via its admin API All credentials configurable via env vars. Backend: - Fix LogtoManagementClient resource URL (https://default.logto.app/api) - Add getUserRoles/getUserOrganizations to LogtoManagementClient - Add GET /api/me endpoint (user info, platform admin status, tenants) - Add GET /api/tenants list-all for platform admins - Remove insecure X-header forwarding from Traefik Frontend: - Org-scoped tokens: getAccessToken(resource, orgId) for tenant context - OrgResolver component populates org store from /api/me - useOrganization Zustand store (currentOrgId + currentTenantId) - Platform admin sidebar section + AdminTenantsPage - View Dashboard link points to cameleer3-server on port 8081 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-05 02:50:51 +02:00			`import { OrgResolver } from './auth/OrgResolver';`
feat: add sidebar layout, environment tree, and router Wires up AppShell + Sidebar compound component, a per-environment SidebarTree that lazy-fetches apps, React Router nested routes, and provider-wrapped main.tsx with ThemeProvider/ToastProvider/BreadcrumbProvider. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-04 21:55:21 +02:00			`import { Layout } from './components/Layout';`
feat: restructure frontend routes — vendor/tenant persona split Splits the flat 3-page UI into /vendor/* (platform:admin) and /tenant/* (all authenticated users) route trees, with stub pages, new API hooks, updated Layout with persona-aware sidebar, and SpaController forwarding. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-09 21:52:34 +02:00			`import { RequireScope } from './components/RequireScope';`
fix: vendor user now lands on /vendor/tenants after login LandingRedirect component checks scopes — platform:admin goes to vendor console, others go to tenant dashboard. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 22:37:28 +02:00			`import { useScopes } from './auth/useScopes';`
feat: role-based sidebar visibility and landing redirect - Vendor (platform:admin): sees only TENANTS in sidebar - Tenant admin (tenant:manage): sees Dashboard, License, OIDC, Team, Settings - Regular user (operator/viewer): redirected to server dashboard directly - LandingRedirect checks scopes in priority order: vendor > admin > server Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 23:24:22 +02:00			`import { useOrgStore } from './auth/useOrganization';`
feat: restructure frontend routes — vendor/tenant persona split Splits the flat 3-page UI into /vendor/* (platform:admin) and /tenant/* (all authenticated users) route trees, with stub pages, new API hooks, updated Layout with persona-aware sidebar, and SpaController forwarding. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-09 21:52:34 +02:00
			`import { VendorTenantsPage } from './pages/vendor/VendorTenantsPage';`
			`import { CreateTenantPage } from './pages/vendor/CreateTenantPage';`
			`import { TenantDetailPage } from './pages/vendor/TenantDetailPage';`
feat: add audit log viewing for vendor and tenant personas Vendor sees all audit events with tenant filter at /vendor/audit. Tenant admin sees only their own events at /tenant/audit. Both support pagination, action/result filters, and text search. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-10 13:07:18 +02:00			`import { VendorAuditPage } from './pages/vendor/VendorAuditPage';`
feat: certificate management with stage/activate/restore lifecycle Provider-based architecture (Docker now, K8s later): - CertificateManager interface + DockerCertificateManager (file-based) - Atomic swap via .wip files for safe cert replacement - Stage -> Activate -> Archive lifecycle with one-deep rollback - Bootstrap supports user-supplied certs via CERT_FILE/KEY_FILE/CA_FILE - CA bundle aggregates platform + tenant CAs, distributed to containers - Vendor UI: Certificates page with upload, activate, restore, discard - Stale tenant tracking (ca_applied_at) with restart banner - Conditional TLS skip removal when CA bundle exists Includes design spec, migration V012, service + controller tests. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-10 18:29:02 +02:00			`import { CertificatesPage } from './pages/vendor/CertificatesPage';`
feat: restructure frontend routes — vendor/tenant persona split Splits the flat 3-page UI into /vendor/* (platform:admin) and /tenant/* (all authenticated users) route trees, with stub pages, new API hooks, updated Layout with persona-aware sidebar, and SpaController forwarding. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-09 21:52:34 +02:00			`import { TenantDashboardPage } from './pages/tenant/TenantDashboardPage';`
			`import { TenantLicensePage } from './pages/tenant/TenantLicensePage';`
feat: replace tenant OIDC page with Enterprise SSO connector management - Add LogtoManagementClient methods for SSO connector CRUD + org JIT - Add TenantSsoService with tenant isolation (validates connector-org link) - Add TenantSsoController at /api/tenant/sso with test endpoint - Create SsoPage with provider selection, dynamic config form, test button - Remove old OIDC config endpoints from tenant portal (server OIDC is now platform-managed, set during provisioning) - Sidebar: OIDC -> SSO with Shield icon Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-10 15:48:51 +02:00			`import { SsoPage } from './pages/tenant/SsoPage';`
feat: restructure frontend routes — vendor/tenant persona split Splits the flat 3-page UI into /vendor/* (platform:admin) and /tenant/* (all authenticated users) route trees, with stub pages, new API hooks, updated Layout with persona-aware sidebar, and SpaController forwarding. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-09 21:52:34 +02:00			`import { TeamPage } from './pages/tenant/TeamPage';`
			`import { SettingsPage } from './pages/tenant/SettingsPage';`
feat: add audit log viewing for vendor and tenant personas Vendor sees all audit events with tenant filter at /vendor/audit. Tenant admin sees only their own events at /tenant/audit. Both support pagination, action/result filters, and text search. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-10 13:07:18 +02:00			`import { TenantAuditPage } from './pages/tenant/TenantAuditPage';`
feat: add sidebar layout, environment tree, and router Wires up AppShell + Sidebar compound component, a per-environment SidebarTree that lazy-fetches apps, React Router nested routes, and provider-wrapped main.tsx with ThemeProvider/ToastProvider/BreadcrumbProvider. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-04 21:55:21 +02:00
fix: vendor user now lands on /vendor/tenants after login LandingRedirect component checks scopes — platform:admin goes to vendor console, others go to tenant dashboard. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 22:37:28 +02:00			`function LandingRedirect() {`
			`const scopes = useScopes();`
feat: role-based sidebar visibility and landing redirect - Vendor (platform:admin): sees only TENANTS in sidebar - Tenant admin (tenant:manage): sees Dashboard, License, OIDC, Team, Settings - Regular user (operator/viewer): redirected to server dashboard directly - LandingRedirect checks scopes in priority order: vendor > admin > server Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 23:24:22 +02:00			`const { organizations, currentOrgId } = useOrgStore();`
			`const currentOrg = organizations.find((o) => o.id === currentOrgId);`

fix: vendor scoping, sidebar visibility, and landing redirect - OrgResolver merges global + org-scoped token scopes so vendor's platform:admin (from global saas-vendor role) is always visible - LandingRedirect waits for scopes to load before redirecting (prevents premature redirect to server dashboard) - Layout hides tenant portal sidebar items when vendor is on /vendor/* routes; shows them when navigating to tenant context Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 23:39:12 +02:00			`// Wait for scopes to be resolved — they're loaded async by OrgResolver.`
			`// An empty set means "not yet loaded" (even viewer gets observe:read).`
			`if (scopes.size === 0) {`
			`return null; // OrgResolver is still fetching tokens`
			`}`

feat: role-based sidebar visibility and landing redirect - Vendor (platform:admin): sees only TENANTS in sidebar - Tenant admin (tenant:manage): sees Dashboard, License, OIDC, Team, Settings - Regular user (operator/viewer): redirected to server dashboard directly - LandingRedirect checks scopes in priority order: vendor > admin > server Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 23:24:22 +02:00			`// Vendor → vendor console`
fix: vendor user now lands on /vendor/tenants after login LandingRedirect component checks scopes — platform:admin goes to vendor console, others go to tenant dashboard. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 22:37:28 +02:00			`if (scopes.has('platform:admin')) {`
			`return <Navigate to="/vendor/tenants" replace />;`
			`}`
feat: role-based sidebar visibility and landing redirect - Vendor (platform:admin): sees only TENANTS in sidebar - Tenant admin (tenant:manage): sees Dashboard, License, OIDC, Team, Settings - Regular user (operator/viewer): redirected to server dashboard directly - LandingRedirect checks scopes in priority order: vendor > admin > server Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 23:24:22 +02:00			`// Tenant admin → tenant portal`
			`if (scopes.has('tenant:manage')) {`
			`return <Navigate to="/tenant" replace />;`
			`}`
			`// Regular user (operator/viewer) → server dashboard directly`
			const serverUrl = currentOrg?.slug ? `/t/${currentOrg.slug}/` : '/server/';
			`window.location.href = serverUrl;`
			`return null;`
fix: vendor user now lands on /vendor/tenants after login LandingRedirect component checks scopes — platform:admin goes to vendor console, others go to tenant dashboard. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 22:37:28 +02:00			`}`

feat: add sidebar layout, environment tree, and router Wires up AppShell + Sidebar compound component, a per-environment SidebarTree that lazy-fetches apps, React Router nested routes, and provider-wrapped main.tsx with ThemeProvider/ToastProvider/BreadcrumbProvider. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-04 21:55:21 +02:00			`export function AppRouter() {`
			`return (`
			`<Routes>`
			`<Route path="/login" element={<LoginPage />} />`
			`<Route path="/callback" element={<CallbackPage />} />`
feat: restructure frontend routes — vendor/tenant persona split Splits the flat 3-page UI into /vendor/* (platform:admin) and /tenant/* (all authenticated users) route trees, with stub pages, new API hooks, updated Layout with persona-aware sidebar, and SpaController forwarding. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-09 21:52:34 +02:00			`<Route element={<ProtectedRoute />}>`
			`<Route element={<OrgResolver />}>`
			`<Route element={<Layout />}>`
			`{/* Vendor console */}`
			`<Route path="/vendor/tenants" element={`
			`<RequireScope scope="platform:admin" fallback={<Navigate to="/tenant" replace />}>`
			`<VendorTenantsPage />`
			`</RequireScope>`
			`} />`
			`<Route path="/vendor/tenants/new" element={`
			`<RequireScope scope="platform:admin" fallback={<Navigate to="/tenant" replace />}>`
			`<CreateTenantPage />`
			`</RequireScope>`
			`} />`
			`<Route path="/vendor/tenants/:id" element={`
			`<RequireScope scope="platform:admin" fallback={<Navigate to="/tenant" replace />}>`
			`<TenantDetailPage />`
			`</RequireScope>`
			`} />`
feat: add audit log viewing for vendor and tenant personas Vendor sees all audit events with tenant filter at /vendor/audit. Tenant admin sees only their own events at /tenant/audit. Both support pagination, action/result filters, and text search. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-10 13:07:18 +02:00			`<Route path="/vendor/audit" element={`
			`<RequireScope scope="platform:admin" fallback={<Navigate to="/tenant" replace />}>`
			`<VendorAuditPage />`
			`</RequireScope>`
			`} />`
feat: certificate management with stage/activate/restore lifecycle Provider-based architecture (Docker now, K8s later): - CertificateManager interface + DockerCertificateManager (file-based) - Atomic swap via .wip files for safe cert replacement - Stage -> Activate -> Archive lifecycle with one-deep rollback - Bootstrap supports user-supplied certs via CERT_FILE/KEY_FILE/CA_FILE - CA bundle aggregates platform + tenant CAs, distributed to containers - Vendor UI: Certificates page with upload, activate, restore, discard - Stale tenant tracking (ca_applied_at) with restart banner - Conditional TLS skip removal when CA bundle exists Includes design spec, migration V012, service + controller tests. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-10 18:29:02 +02:00			`<Route path="/vendor/certificates" element={`
			`<RequireScope scope="platform:admin" fallback={<Navigate to="/tenant" replace />}>`
			`<CertificatesPage />`
			`</RequireScope>`
			`} />`
feat: restructure frontend routes — vendor/tenant persona split Splits the flat 3-page UI into /vendor/* (platform:admin) and /tenant/* (all authenticated users) route trees, with stub pages, new API hooks, updated Layout with persona-aware sidebar, and SpaController forwarding. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-09 21:52:34 +02:00
			`{/* Tenant portal */}`
			`<Route path="/tenant" element={<TenantDashboardPage />} />`
			`<Route path="/tenant/license" element={<TenantLicensePage />} />`
feat: replace tenant OIDC page with Enterprise SSO connector management - Add LogtoManagementClient methods for SSO connector CRUD + org JIT - Add TenantSsoService with tenant isolation (validates connector-org link) - Add TenantSsoController at /api/tenant/sso with test endpoint - Create SsoPage with provider selection, dynamic config form, test button - Remove old OIDC config endpoints from tenant portal (server OIDC is now platform-managed, set during provisioning) - Sidebar: OIDC -> SSO with Shield icon Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-10 15:48:51 +02:00			`<Route path="/tenant/sso" element={<SsoPage />} />`
feat: restructure frontend routes — vendor/tenant persona split Splits the flat 3-page UI into /vendor/* (platform:admin) and /tenant/* (all authenticated users) route trees, with stub pages, new API hooks, updated Layout with persona-aware sidebar, and SpaController forwarding. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-09 21:52:34 +02:00			`<Route path="/tenant/team" element={<TeamPage />} />`
feat: add audit log viewing for vendor and tenant personas Vendor sees all audit events with tenant filter at /vendor/audit. Tenant admin sees only their own events at /tenant/audit. Both support pagination, action/result filters, and text search. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-10 13:07:18 +02:00			`<Route path="/tenant/audit" element={<TenantAuditPage />} />`
feat: restructure frontend routes — vendor/tenant persona split Splits the flat 3-page UI into /vendor/* (platform:admin) and /tenant/* (all authenticated users) route trees, with stub pages, new API hooks, updated Layout with persona-aware sidebar, and SpaController forwarding. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-09 21:52:34 +02:00			`<Route path="/tenant/settings" element={<SettingsPage />} />`

fix: vendor user now lands on /vendor/tenants after login LandingRedirect component checks scopes — platform:admin goes to vendor console, others go to tenant dashboard. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 22:37:28 +02:00			`{/* Default redirect — vendor goes to /vendor/tenants, customer to /tenant */}`
			`<Route index element={<LandingRedirect />} />`
feat: restructure frontend routes — vendor/tenant persona split Splits the flat 3-page UI into /vendor/* (platform:admin) and /tenant/* (all authenticated users) route trees, with stub pages, new API hooks, updated Layout with persona-aware sidebar, and SpaController forwarding. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-09 21:52:34 +02:00			`</Route>`
			`</Route>`
feat: add sidebar layout, environment tree, and router Wires up AppShell + Sidebar compound component, a per-environment SidebarTree that lazy-fetches apps, React Router nested routes, and provider-wrapped main.tsx with ThemeProvider/ToastProvider/BreadcrumbProvider. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-04 21:55:21 +02:00			`</Route>`
			`</Routes>`
			`);`
			`}`