Customer Support Operations Command Center (Codex Mission Control)

This execution plan builds an operations-first command center focused on clarity, SLA risk detection, and role-specific decisioning. The work starts by locking down the operational spec (roles, SLAs, KPIs) so every view and metric has an explicit purpose. We then establish an integration-ready architecture in a greenfield Next.js app, with a domain layer for tickets, SLA computation, routing, and analytics, and adapter interfaces that keep Zendesk/Slack/email mocked but swappable. A local persistence layer and realistic seed generator come early to ensure every UI and algorithm can be validated against near-breach and breached scenarios. The SLA engine is implemented as a first-class module producing explainable SLA state and risk scoring per ticket; this feeds the triage UI (risk-sorted inbox), ticket detail explainability, and breach prediction signals. Escalation routing is rule-driven and capacity-aware, with every decision recorded as a timeline event to support audits and exports. On the UI side, the plan prioritizes a dense, readable operations layout with reusable components for SLA countdowns, risk badges, and queue tables. The omnichannel inbox is the primary control surface for triage and quick actions; the ticket detail page is the operational workspace with timeline, AI summary, and escalation controls. Role dashboards are delivered explicitly: agents get a focus queue, leads/ops get workload and rebalancing analytics, and executives get health reporting with trends and an auto-generated narrative. Finally, exports and quality gates ensure the system is usable in real operations: audits need transcripts and routing history, execs need report downloads, and engineering needs tests and observability hooks. The last hardening step ensures configuration, adapters, and auth placeholders make the repository production-ready in structure even while integrations remain mocked.

Personas: Support Agent, Team Lead, Ops Manager, Executive. Workflows: inbox triage (risk-first), escalation/routing (channel/priority/product/tier rules), weekly executive reporting. Ticket lifecycle: new/open/pending*/on_hold/solved/closed with tracked events (created, messages, status/assignment/priority/tag changes, escalation, SLA warning/breach). SLA: first/next/resolve timers with pause/applicability; priority thresholds P0-P3; warning window 30m; business hours mon-fri 09:00-17:00 org timezone (no holidays v1). Priority mapping: VIP minimum P1, outage/security => P0, slack+"urgent" upgrades, defaults P2/P3; manual override audited. KPIs: risk queue, backlog aging, workload, escalation rate, SLA attainment. AI v1: deterministic ticket summary fields + rules/heuristics risk score with reason codes and suggested actions. Sample data: Organization/User/Team/Customer/Ticket/TicketEvent/SLAStatus plus derived UI fields and 40-ticket seed distribution with required scenarios.

Next-response SLA resets on each new inbound after an agent reply; pauses in pending_internal/on_hold; does not apply in pending_customer/solved/closed. Resolution pauses in pending_customer/pending_internal/on_hold and stops at solved. Business-hours mode counts time only within schedule; tickets created after hours start next open; timers pause at close. Risk score is rules-based using time_to_breach, priority weight, inactivity, and unassigned status; always expose reason codes and raw timers to preserve trust.

Next.js App Router with Route Handlers (app/api/*/route.ts). Persistence: SQLite + Prisma (strong for timelines/events and analytics; easy migration to Postgres; deterministic local dev). Hexagonal layering: domain (pure), application (orchestration), ports (interfaces), infra (Prisma + mock connectors), API (validation/auth stub + service calls), UI (server components for read-heavy, client for interactive).

Root: app/, components/, lib/, types/, prisma/, scripts/, public/. app includes persona dashboards and ticket/report pages; app/api includes tickets, events, triage, routing, SLA risk, analytics, reports, exports, connector test/sync routes. lib split into domain (tickets, events, SLA, routing, analytics), application services, ports, infra (Prisma repos + mock adapters + export), and server (guards/validation/logging).

Ports: TicketRepository (list/get/create/update/assign/setStatus/addTags), EventRepository (append/listByTicket/listByTimeRange), ConnectorZendesk/Slack/Email methods as specified. Domain invariants: all state transitions produce immutable events; SLA timers derived from events+policy (snapshots allowed but reproducible); risk scoring returns numeric score + reason codes for auditability.

Auth: stub role header (x-role: ops|agent|manager|exec) for v1; replace with NextAuth later. Response shape: {data, error?, meta?}. Endpoints: GET /api/tickets (filters + pagination), GET /api/tickets/:id (detail + computed SLA snapshot + AI summary placeholder), POST /api/tickets/:id/events (append event; recompute SLA/risk), POST /api/triage (priority+policy+risk without persistence), GET /api/analytics/workload, GET /api/reports/executive.

Models: Ticket, TicketEvent (payloadJson), SlaSnapshot (riskScore + riskReasonsJson), Agent; optional Worklog/AssignmentHistory (v1.1 via events only). Notes: events as source of truth; snapshots for fast dashboards; payloadJson flexible now with path to normalization later.

File: src/domain/tickets/types.ts Defines Ticket (snapshot + cached SLA/escalation/AI), TicketEvent (monotonic per-ticket version + idempotencyKey), SLAState (targets/timers/risk), EscalationState/Route, Agent (skills/capacity/timezone), and WorkloadSnapshot metrics.

File: src/domain/tickets/persistence.ts Defines TicketRepository, TicketEventRepository (append + list + latest version), AgentRepository (upsert + list), WorkloadSnapshotRepository (create + latest). Intended for Prisma adapter + mocks.

File: prisma/schema.prisma Models: Ticket, TicketEvent, Agent, WorkloadSnapshot. Uses JSON-string columns (tagsJson/slaJson/escalationJson/aiJson etc.) with scalar indexed fields for operational queries (status/priority/assignee/group/channel/slaRiskLevel/slaDueAtNearest). Enforces unique(ticketId, version) for deterministic event ordering and supports idempotencyKey indexing.

File: docs/data-model-notes.md Events are source-of-truth; Ticket stores operational snapshot for fast UI filtering. SLA snapshot cached and recomputable from events + rules. Tags stored as JSON for SQLite simplicity (plan normalization later). TicketEvent ordering via per-ticket monotonic version. IdempotencyKey supports safe retries. WorkloadSnapshot enables precomputed dashboard/report metrics. Escalations cached on Ticket and recorded as events for history.

Prisma/SQLite schema includes Ticket, TicketEvent, Agent, OpsSettings (singleton), and SlaPolicy. Tickets cache SLA due/breach timestamps and risk fields for fast UI filtering; TicketEvent remains source-of-truth. Key indexes: Ticket(status, priority, channel, lastActivityAt, assigneeAgentId, queue) and SLA due timestamps; TicketEvent(ticketId+at, type). JSON blobs stored as strings; parse/serialize in repositories.

Prisma client singleton + transaction helper. TicketRepository supports CRUD, list with SLA risk window filters, addEvent with snapshot reducer (applyEventToSnapshot), timeline reads, and bulk upsert for seeding with deterministic IDs. AgentRepository supports list/create/update/get. SettingsRepository supports singleton OpsSettings and SLA policy CRUD/upsert.

Seed script (`npm run seed`, `tsx src/seed/seed.ts`) uses seeded PRNG (default SEED=42) and stable IDs. Generates: 1 SLA policy set (P1/P2/P3 timers, business hours + pause rules), Ops settings (routing, capacity model, escalation targets), 8 agents (2 teams, capacity weights/timezones/skills, on-call lead), 120 tickets across email/web/chat/slack over 14 days, and 3–12 events per ticket (created, inbound, triage, assignment, replies, status changes, notes, escalations, SLA checkpoints). Injected scenarios: first-response imminent breach (6), first-response breached (4), next-response near breach (8), resolve breached (5), paused SLA pending (10). Populates Ticket.riskScore and riskReasons (e.g., FIRST_RESPONSE_DUE_SOON/BREACHED, NEXT_RESPONSE_DUE_SOON, RESOLVE_BREACHED, HIGH_VALUE_ACCOUNT, UNASSIGNED_P1). Outputs summary counts and writes to SQLite via Prisma.

Expected entities: SlaPolicy=1, OpsSettings=1, Agent=8, Ticket=120, TicketEvent≈700–1100. Sample checks: (1) status in new/open AND first-response due <= now+10m AND not breached => >=6. (2) first-response breached not null => >=4. (3) status=pending AND riskScore>=70 => 0 (paused SLA not risky). Acceptance checklist indicates CRUD for tickets/events/agents/settings+SLA, deterministic seed, multichannel realism, near-breach/breach cases, seeded capacity, and integration-ready architecture.

Path: src/core/ports/integrations.ts Interfaces: TicketSourceAdapter, NotificationAdapter, IntegrationConfigRepository, IntegrationSecretsProvider Types: ExternalTicketRef, ExternalTicket, ExternalTicketEvent, IngestCursor, IngestResult, NotifyMessage, NotifyResult, IntegrationName, IntegrationAuthType, IntegrationConnectionState Notes: TicketSourceAdapter exposes health(), listChanges(cursor), fetchTicket(ref), ack(cursor) to support at-least-once ingest; NotificationAdapter exposes health(), send(message) for slack/email targets; secrets via IntegrationSecretsProvider (no tokens in DB); async structured results with error codes for retries/dashboards.

Path: src/core/application/ingest/IngestTicketsService.ts Responsibilities: orchestrate ingest across enabled sources; normalize external payloads into domain Ticket + TicketEvent stream; upsert snapshots and append events idempotently; update per-connection cursor; emit ingest metrics (counts/lag/errors). Idempotency: dedupeKey = `${integration}:${externalTicketId}:${externalEventId||externalUpdatedAt}` stored on events (or ingest log). If dedupeKey exists, skip event write; update snapshot only if newer/different.

Zendesk mock (src/infra/integrations/mock/MockZendeskAdapter.ts): Prisma-backed seeded tickets; listChanges after cursor.since with deterministic ordering; fetchTicket returns normalized ExternalTicket (channel='zendesk'); ack persists cursor; health {ok:true, mode:'mock', latencyMs:5}; oauth2 config stub with optional strict token presence validation. Slack mock notifications (src/infra/integrations/mock/MockSlackNotificationAdapter.ts): writes NotificationOutbox with destination, blocks/text, correlationId; status='sent'; health {ok:true, mode:'mock'}; expects slack.botToken via secrets provider for real adapter. Email mock notifications (src/infra/integrations/mock/MockEmailNotificationAdapter.ts): writes outbox with to/cc/bcc, subject, html/text; transitions queued->sent; providerMessageId UUID; health {ok:true, mode:'mock'}; aligns with SMTP/SendGrid style fields.

Integration registry (src/infra/integrations/IntegrationRegistry.ts): central wiring by IntegrationName; INTEGRATIONS_MODE=mock returns mock adapters; INTEGRATIONS_MODE=prod returns real placeholders and fails fast if secrets missing; exports getTicketSourceAdapters(), getNotificationAdapters(). API route (src/app/api/ingest/route.ts): POST body supports integrationNames?, dryRun?, maxItems?; response includes ingestRunId, perIntegration IngestResult[], and totals (ticketsUpserted/eventsAppended/deduped/errors); used by mission-control dashboard and scheduled/manual runs.

Prisma schema delta: new models IntegrationConnection (name/authType/state/accountLabel/metadataJson/lastHealthAt/lastError/etc), IntegrationCursor (cursorJson per connection), NotificationOutbox (provider, destination, payloadJson, status, error, correlationId, timestamps). Updated models: TicketEvent adds externalSource, externalEventId, dedupeKey (indexed); Ticket adds externalSource, externalTicketId, externalUrl. .env.example delta: INTEGRATIONS_MODE plus placeholders for Zendesk/Slack OAuth and Email SMTP; secrets accessed via IntegrationSecretsProvider to enable env/vault swaps.

Dashboards: integration health (state, lastHealthAt, lastError), ingest status (last run totals, lag per integration, errors), notification outbox audit (queued/sent/failed). Mock flows: Zendesk(mock) -> IngestTicketsService -> Ticket/TicketEvent; future escalation workflow -> NotificationAdapter -> NotificationOutbox.

Path: src/domain/sla/SlaEngine.ts Exports: - computeTicketSlaState(input: ComputeSlaInput): TicketSlaState - computeSlaDueAt(startedAt: string, targetMs: number, policy: BusinessHoursPolicyV1): string - computeRemainingMs(now: string, dueAt: string, policy: BusinessHoursPolicyV1): number - computeRiskScore(ctx: RiskContext): { riskScore: number; riskReasons: RiskReasonCode[] } Notes: Pure functions; no DB access. Time arithmetic in ms with ISO timestamps. Policy/thresholds injected.

Path: src/domain/sla/types.ts BusinessHoursPolicyV1: timezone (IANA), workDays default [1..5], workStart '09:00', workEnd '17:00', skipWeekends true, holidays ISO dates optional. TicketSlaState: policyVersion 'bh_v1'; timers (firstResponse/nextResponse/resolution with startedAt/dueAt/breached/remainingMs); overall (breached, soonestDueAt, soonestTimer, status ok|at_risk|breached); risk (score 0-100, reasons RiskReasonCode[]). RiskReasonCode includes: TIME_TO_DUE_CRITICAL/WARNING, ALREADY_BREACHED, UNASSIGNED, BACKLOG_HIGH, AGENT_LOAD_HIGH, CHANNEL_LIVE_CHAT, CHANNEL_SOCIAL, STATUS_PENDING_CUSTOMER, STATUS_ON_HOLD, PRIORITY_P0_BOOST, PRIORITY_P1_BOOST, AFTER_HOURS_START.

Path: src/application/tickets/RecomputeSlaForTicket.ts Inputs: ticketId, now (optional), policyId (optional). Reads: ticket snapshot; ticket events timeline; SLA policy + targets; agent workload snapshot (optional with defaults). Writes: Ticket.slaStateJson, Ticket.riskScore, Ticket.riskReasonsJson, Ticket.slaDueAt, Ticket.slaBreached. Trigger points: on ticket created/ingested; on message events; on assignment change; on status change; periodic refresh for dashboard accuracy.

Path: src/app/api/tickets/[id]/sla/route.ts GET returns TicketSlaState (UI explainability/debugging). POST action 'recompute' returns TicketSlaState (manual refresh; future webhook trigger).

Path: src/domain/sla/RiskModel.md Base from time ratio: ratio = 1 - (remainingWorkingMs/targetWorkingMs) clamped 0..1; base = ratio*70. Breach override: if breached => base >= 90; include ALREADY_BREACHED. Agent load: add up to 15 when load>0.8. Backlog: add up to 10 when queue>0.7. Modifiers: UNASSIGNED +8; CHANNEL_LIVE_CHAT +6; CHANNEL_SOCIAL +4; STATUS_PENDING_CUSTOMER -10 (floor 0); STATUS_ON_HOLD -15 (floor 0); PRIORITY_P0_BOOST +8; PRIORITY_P1_BOOST +4. Bands: 0-39 ok; 40-69 at_risk; 70-100 critical (display at_risk unless breached). Explainability: emit top 1-4 reasons by contribution magnitude, plus ALREADY_BREACHED when applicable.

DueAt computation: forward business-hours accumulation from start timestamp; skip non-working hours/weekends; policy timezone boundaries; store timestamps in UTC ISO but compute windows in local tz. Start times: firstResponse from ticket.createdAt (or first inbound customer msg); nextResponse from last inbound customer msg after last agent reply (null if none pending); resolution from ticket.createdAt/first inbound (v1 no pause; PendingCustomer/OnHold only affect risk). Event derivation: first response satisfied by first agent public reply; next response applies when customer last spoke and not terminal; satisfied by agent reply after customer msg; resolution satisfied on Resolved/Closed. Caching fields: slaDueAt, slaBreached, riskScore, riskReasonsJson, slaStateJson for fast list sorting/filtering.

Status: conceptual-executed. Deterministic routing assigning to agent/queue/oncall/teamLead using priority, SLA riskScore, customerTier (mock), tags, and agent capacity; manual override actions; audit timeline events with inputs, selected rule, final assignment.

Types: RoutingInput, RoutingDecision (decisionId, ticketId, createdAt, policyVersion, inputsHash, ruleId, target, alternatives[], reasons[], deterministicSeed, overriddenByEventId?), RoutingTarget (agent|queue|oncall|teamLead), RoutingRule, RoutingPolicy, AgentCapacitySnapshot, ManualOverrideAction. Engine: routeTicket(input, policy, capacitySnapshot, priorDecisions); hashRoutingInputs(normalized priority,riskScore,customerTier,tags(sorted),channel,createdAtBucket(5m),ticketId); stablePickWeighted(candidates, seed). Logic: manual override precedence; ordered rule evaluation; capacity/skill filtering; deterministic weighted pick via HMAC(inputsHash, policy.salt); fallback to rule queue or default queue:triage; emit alternatives + reason codes.

Policy (routing.v1): defaultQueueId queue:triage; queues triage/billing/bugs/outage/vip/oncall; rules R1 outage/P0->oncall(primary) fallback queue:outage; R2 enterprise & risk>=80->teamLead(support) fallback queue:vip; R3 billing->queue:billing then assign skill:billing; R4 bug->queue:bugs then assign skill:bugs; R5 risk 50-79->triage then assign skill:general; R6 risk<50->triage then assign any_active. Services: RouteTicketService loads ticket/tags/tier, capacity snapshot, runs engine, persists decision events + updates snapshot, idempotent via ticketId+inputsHash+policyVersion; ManualOverrideService emits ROUTING_OVERRIDE_APPLIED (and optional ROUTING_DECISION referencing override). API: POST /tickets/[ticketId]/route {mode auto|dryRun, policyVersion?, recomputeCapacity?} => {decision, applied}; POST /tickets/[ticketId]/route/override {action, target, reason, expiresAt?} => {overrideEventId, ticket}. Persistence: Ticket routing fields + Event types ROUTING_DECISION/OVERRIDE_APPLIED/OVERRIDE_CLEARED with payload (decisionId, inputsHash, ruleId, reasons, candidates, selectedTarget) and indexes. UI: timeline renderers for decision/override; routing actions + dry-run preview. Audit payload examples provided.

Port: Summarizer.summarize(input, options) -> output with shortSummary, keyEntities (type/value/confidence), sentiment (label/score), recommendedResponseType, suggestedNextActions (action/rationale/confidence), suggestedEscalationReason, provider metadata, inputsHash, generatedAt.

Deterministic heuristics: regex/dictionaries for entity extraction (invoice/order IDs, ERR_* codes, product/integrations/platform terms); lexicon-based sentiment scoring; response type selection (billing/troubleshooting/escalate/informational); escalation reason rules (SLA risk>=75/breached, outage, payment failure, enterprise, security); map to 2–4 next actions (e.g., request_info, collect_logs, reassign_specialist, page_oncall).

New model fields include ticketId, version (monotonic per ticket), inputsHash, providerName/model, promptVersion, summaryShort, entities/actions JSON, sentiment label/score, recommendedResponseType, suggestedEscalationReason, createdAt; constraints unique(ticketId, version) and optional unique(ticketId, inputsHash) for idempotency.

SummarizeTicket loads ticket+recent events, canonicalizes inputs (limit last N message events), computes sha256 inputsHash, returns latest if unchanged unless force, otherwise generates and persists version+1; API GET /api/tickets/:ticketId/summary returns latest+history; POST triggers regeneration with optional dryRun; emits TICKET_SUMMARY_GENERATED audit event.

src/domain/ai/Summarizer.ts; src/domain/ai/types.ts; src/application/ai/SummarizeTicket.ts; src/infra/ai/providers/mock/MockSummarizer.ts; src/infra/ai/providers/index.ts; src/config/aiPrompts.ts; prisma/schema.prisma (delta); src/infra/db/repositories/TicketSummaryRepositoryPrisma.ts; src/app/api/tickets/[ticketId]/summary/route.ts; src/domain/events/EventTypes.ts (delta).