Context
Depends on #18 (DB schema). Next Novas publishes apps to a catalog. Tenants browse and install them via App Store. This issue covers both the admin-side publish flow and the tenant-side install flow.
Screen 1 — Admin App Catalog
Route: `/dashboard/admin/apps` (super_admin only)
List view
- Table: App Name, Slug, Type badge (n8n_workflow / collection_bundle), Visibility badge (public / tenant_specific), Version, Published, Actions
- "New App" button → opens create dialog
Create/Edit App dialog
Fields:
- Name, slug (auto-generated, editable)
- Description, icon (lucide name)
- Type: n8n_workflow | collection_bundle
- Visibility: public | tenant_specific
- If tenant_specific: multi-select tenant picker
- Version
- n8n Template Workflow ID (text input — Next Novas enters manually after vibe-coding in n8n)
- Config Schema builder — add fields:
- key, label, type: text | cron | credential | select | boolean
- For credential type: n8n_credential_type (e.g. "sftpCredentials", "httpBasicAuth")
- required flag
- Publish / Save as Draft toggle
App detail
- Shows all tenants who have installed this app
- Usage stats: installs, last run, error rate
- "Update workflow" (bumps version, optionally re-deploys to existing installs with breaking change warning)
Screen 2 — App Store (Tenant)
Route: `/dashboard/studio/app-store`
Browse view
- Card grid: icon, name, "Built by Next Novas" badge, short description, type badge
- Filter tabs: All | Installed | Available
- Tenant-specific apps only shown to allowed tenants (server-side filter)
- Card states: "Install" button | "Installed ✓" | "Coming Soon" (unpublished)
Install flow — wizard dialog
Step 1: Overview (app name, description, what it does)
Step 2: Config — rendered dynamically from `platform_apps.config_schema`:
- Regular fields (text, cron, select, boolean) → stored in `tenant_installed_apps.config`
- Credential fields → show masked input, on submit: POST to n8n credentials API (server action), store returned `n8n_credential_id` in `tenant_app_credentials`
Step 3: Access policy
- Who can view workflow definition: role picker (tenant_admin / IT_support / custom roles)
- Who can view logs: role picker
Step 4: Confirm + Install
- Server action: clone n8n workflow (POST n8n API with workflow JSON from platform_apps), tag with `[tenant-slug].[app-slug]`, activate, store `n8n_workflow_id`
- Create `tenant_installed_apps` record
- Toast success, redirect to Automata dashboard
Cron field UX
- Input: cron expression string
- Below input: plain English preview ("Every day at 6:00 AM")
- Use a lightweight cron-parser lib or write a simple translator for common patterns
Server Actions Required
- `publishApp(formData)` — create/update platform_apps (super_admin only)
- `installApp(appId, config, accessPolicy)` — clone workflow + create tenant_installed_apps
- `uninstallApp(tenantInstalledAppId)` — deactivate n8n workflow + soft-delete record
- `updateCredential(tenantInstalledAppId, credentialKey, value)` — PATCH n8n credential
Security
- Install action checks: app is published, tenant is in allowed_tenant_ids (if tenant_specific)
- All n8n API calls in server actions only — never from client
- Credential values written to n8n, never logged or stored in PulseBox
Acceptance Criteria
Context
Depends on #18 (DB schema). Next Novas publishes apps to a catalog. Tenants browse and install them via App Store. This issue covers both the admin-side publish flow and the tenant-side install flow.
Screen 1 — Admin App Catalog
Route: `/dashboard/admin/apps` (super_admin only)
List view
Create/Edit App dialog
Fields:
App detail
Screen 2 — App Store (Tenant)
Route: `/dashboard/studio/app-store`
Browse view
Install flow — wizard dialog
Step 1: Overview (app name, description, what it does)
Step 2: Config — rendered dynamically from `platform_apps.config_schema`:
Step 3: Access policy
Step 4: Confirm + Install
Cron field UX
Server Actions Required
Security
Acceptance Criteria