management-todo
Last edited 3h ago by seed
RC
Edit skill
Description — one line, tells Larry when to use this skill
Management task lists and access-controlled data system for Formia Group. Use this skill whenever anyone asks about tasks, to-do lists, action items, what's on someone's plate, task assignments, or completing/adding/removing tasks. Also trigger when the slack-dm-request-handler receives ANY DM — this skill contains the access control rules that determine what each person can see and do. Trigger for casual phrasing like 'remind me to...', 'I need to...', 'what do I have coming up', 'my tasks', 'add to my list', 'mark done'. Also trigger when anyone asks for company information, H&S docs, their own records, or anything that requires checking what data they're allowed to access.
SKILL.md — full markdown including frontmatter
--- name: management-todo description: "Management task lists and access-controlled data system for Formia Group. Use this skill whenever anyone asks about tasks, to-do lists, action items, what's on someone's plate, task assignments, or completing/adding/removing tasks. Also trigger when the slack-dm-request-handler receives ANY DM — this skill contains the access control rules that determine what each person can see and do. Trigger for casual phrasing like 'remind me to...', 'I need to...', 'what do I have coming up', 'my tasks', 'add to my list', 'mark done'. Also trigger when anyone asks for company information, H&S docs, their own records, or anything that requires checking what data they're allowed to access." --- # Formia Group — Task Management & Access Control This skill manages two things: 1. **Task lists** for all Formia Group staff 2. **Access control** that determines what data each person can see when interacting via Slack DMs or sessions ## Access Control System ### How it works Every interaction from a staff member must be checked against `PKA/business/management/staff-access.json`. This file maps each person (by Slack user ID) to an access tier. ### Tiers **Superadmin** (Rohan Callander) - Unrestricted access to everything: HR, payroll, pay rates, personal data, financials, all task lists, all staff records - Can assign tasks to anyone - Can view and manage all task lists - Sees the full management dashboard **Management** (Ben Knight, Mark Bidlake) - Full operational access: staff records, H&S, vehicles, task lists for their company's staff, tool allowances, job descriptions - Can assign tasks to staff in their company - Can view task lists for staff in their company - **Cannot see**: pay rates, payroll data, pay slips — these are superadmin only - If they ask for pay-related info, respond: "That information is restricted to Rohan. I can pass on a message if you'd like." **Basic** (all other staff) - Can see: company-wide SOPs, H&S procedures, toolbox meeting minutes, hazardous substances register, risk registers, H&S forms, emergency plans - Can see: their OWN staff folder (training records, certs, employment docs) - Can see and manage: their OWN task list only - **Cannot see**: other people's records, pay rates, payroll, tool allowances, other people's task lists - If they ask for restricted info, respond: "I can help you with your own records and company procedures. For anything else, check with your manager." ### Identifying the person When handling a Slack DM: 1. Get the sender's Slack user ID 2. Look up the user in `staff-access.json` by `slack_id` 3. If the ID is not found, DO NOT provide any data. Respond: "I don't have you registered yet. I'll let Rohan know you've messaged — he can get you set up." 4. Then notify Rohan via DM that an unknown Slack ID tried to interact, include the ID so he can add them When Rohan is interacting directly in a Cowork session, he's always superadmin — no lookup needed. ### Access check flow Before answering ANY data request: 1. Identify the person and their tier 2. Check if the requested data falls within their tier's access 3. If yes → provide the data 4. If no → give the appropriate "restricted" message for their tier 5. Never hint at what restricted data contains — just say it's not available to them --- ## Task Management ### Data files Tasks are stored as JSON files in: ``` PKA/business/management/tasks/ ``` One file per person, created on demand when their first task is added. Management files (rohan-callander.json, ben-knight.json, mark-bidlake.json) are pre-created. ### JSON schema ```json { "owner": "Person Name", "role": "Their Role — Company", "tasks": [ { "id": "prefix-001", "description": "Clear task description", "priority": "high|normal|low", "status": "open|in_progress|done", "due": "2026-03-28 or null", "assigned_by": "Who created it", "created": "2026-03-26", "completed": "2026-03-28 or null", "notes": "Optional context" } ] } ``` ID prefixes: first initial + surname initial, lowercase (e.g. `rc-` for Rohan Callander, `bk-` for Ben Knight, `mh-` for Mark Haase). If two people share initials, use first three letters of surname. ### Task operations by tier **Superadmin** can: - Add tasks to anyone's list - View all task lists - Complete/remove tasks on any list - See the full dashboard **Management** can: - Add tasks to their own list - Add tasks to any basic-tier person in their company (Ben → BWJ staff, Mark → SRJ staff) - View task lists for staff in their company - Complete tasks on their own list - Cannot add tasks to the other manager's list or to superadmin's list **Basic** can: - View their own task list - Complete tasks on their own list - Add tasks to their own list - Cannot see or modify anyone else's tasks ### Creating a task file on demand When a basic-tier person gets their first task and no file exists yet: ```json { "owner": "Person Name", "role": "Role from staff-access.json or formia-group knowledge", "tasks": [] } ``` Save to `PKA/business/management/tasks/{task_file}` using the `task_file` value from staff-access.json. ### Handling task requests **Adding**: Read the JSON, generate next ID, append the task, write the file, regenerate dashboard. **Completing**: Fuzzy-match the description. Set status to "done", set completed to today's date. Write file, regenerate dashboard. **Viewing**: Sort open tasks by priority (high → normal → low), then by due date. Show status, due date, and who assigned it. --- ## Dashboard The dashboard is a React `.jsx` file at: ``` PKA/business/management/Management Tasks Dashboard.jsx ``` This is Rohan's superadmin view. It shows all three management-tier task lists (Rohan, Ben, Mark) with expandable sections, priority colour coding, due dates, and completion status. It also shows a summary count of open tasks assigned to basic-tier staff, grouped by company. **Regenerate the dashboard after EVERY task change.** The data is baked into the JSX as constants — read all task JSON files and embed the current state. ### Dashboard structure - Header with total open task count - One expandable card per manager (Rohan, Ben, Mark) showing their tasks - A "Team Tasks" summary section showing counts: how many open tasks assigned to BWJ basic staff, how many to SRJ basic staff - Priority colours: high = red/coral, normal = blue, low = grey - Open tasks sorted by priority then due date - Completed tasks collapsed at bottom of each section - Footer reminding that changes are made conversationally --- ## Slack DM integration When the DM handler receives a message, ALWAYS: 1. Look up the sender's Slack ID in staff-access.json 2. Determine their tier 3. Apply access rules before responding Common task patterns from DMs: - "add to my list: [task]" → Add task, assigned_by = self - "add to [name]'s list: [task]" → Check tier allows this, then add - "what's on my plate?" / "my tasks" → Show their open tasks - "done: [description]" → Mark matching task done - "what's due this week?" → Filter their visible tasks by due date After any task change, regenerate the dashboard. For non-task requests (documents, H&S info, company data), check access tier before responding.
Save
Archive