pnannery/Mastermind

Fork 0

Go to file

pnannery df7bc9ff71 Skip CSRF host checks in non-prod (reverse proxy friendly)

2026-03-03 18:38:00 -05:00

scripts

security hardening + drafts/attachments

2026-02-21 19:10:56 -05:00

test

Merge MVP startup defaults with memory-db mode + tests

2026-03-01 19:24:59 -05:00

web

Skip CSRF host checks in non-prod (reverse proxy friendly)

2026-03-03 18:38:00 -05:00

worker

Merge MVP startup defaults with memory-db mode + tests

2026-03-01 19:24:59 -05:00

.env.example

Fix local startup defaults and add MVP tests

2026-03-01 16:52:05 -05:00

.gitignore

security hardening + drafts/attachments

2026-02-21 19:10:56 -05:00

CHANGELOG.md

security hardening + drafts/attachments

2026-02-21 19:10:56 -05:00

DEVELOPMENT.md

Merge MVP startup defaults with memory-db mode + tests

2026-03-01 19:24:59 -05:00

docker-compose.yml

Fix docker-compose duplicate bootstrap env

2026-03-01 19:27:09 -05:00

INSTALL.md

Merge MVP startup defaults with memory-db mode + tests

2026-03-01 19:24:59 -05:00

OPERATIONS.md

security hardening + drafts/attachments

2026-02-21 19:10:56 -05:00

package.json

Merge MVP startup defaults with memory-db mode + tests

2026-03-01 19:24:59 -05:00

README.md

Merge MVP startup defaults with memory-db mode + tests

2026-03-01 19:24:59 -05:00

README.md

Mastermind MVP — Assistant Project Manager Dashboard

Language: JavaScript (Node.js)

Stack:

Web/API: Node.js + Express + Passport (local + Google + Microsoft auth)
Views: EJS (mobile-friendly)
Worker: Node.js (stub for later ingestion/sync)
Database: Postgres
Deployment: Docker Compose

What this MVP is

A portable, self-hosted dashboard that supports an Assistant PM workflow (starting with electrical contractor, expandable to GC). It focuses on:

fast project setup
inbox triage (manual import now, OAuth connectors later)
auditable actions (audit log)
draft-first workflows (no auto-sending)

Features implemented (so far)

Auth

Local login (server sessions stored in Postgres)
Optional Google OAuth (enabled when GOOGLE_CLIENT_ID/SECRET provided)
Optional Microsoft OAuth (enabled when MICROSOFT_CLIENT_ID/SECRET provided)

User Management (owner only)

Create local users, reset local passwords, disable/enable, delete
Pages:
- /admin/users

Audit Logs (owner only)

Captures auth, admin actions, project changes, inbox imports/assignments
Page:
- /admin/audit

Projects

2-minute project wizard
Edit project profile + keywords for sorting
Pages:
- /projects
- /projects/:id

Inbox (no OAuth required yet)

Upload .eml files (manual import)
Unsorted queue
Assign emails to projects
Auto-assign on import when rules match
Pages:
- /inbox
- /inbox/:id

Email Connectors + Rules (owner only)

Connector status exists for gmail and microsoft from day 1
Rules engine to auto-sort/auto-assign
Pages:
- /admin/email
- /admin/email-rules

Quick start

See INSTALL.md.

Common local commands:

npm test — run the repo test suite
docker compose up -d --build — start Postgres, web, and worker
docker compose logs -f web worker — follow app logs
docker compose down — stop the stack

Repo layout

docker-compose.yml — portable dev deploy
web/ — Express app + views
worker/ — background worker (stub)
data/ — persisted data volume (Postgres + uploads)

Security notes (MVP)

First run can bootstrap a local owner account from BOOTSTRAP_OWNER_EMAIL and BOOTSTRAP_OWNER_PASSWORD.
OAuth secrets live in .env (do not commit)
This MVP is intended to be run privately (LAN/Tailscale) until hardened.

License

Internal MVP (no license declared yet).