Meetings

## TASK: MCP Setup for zao Operating System

**CRITICAL: Do the work yourself via MCP. Do NOT give Ben manual instructions.**

**Context:** Ben May (CEO of sofsy) needs his AI advisory system to access business data.

**Your Objective:** Install and configure these MCPs:

### 1. Google Workspace MCP (PRIORITY)
- Source: cursor.directory/mcp/google-workspace
- Covers: Drive, Sheets, Gmail, Calendar
- Setup requires:
  1. Create Google Cloud project "zao-mcp"
  2. Enable Drive API, Sheets API, Gmail API, Calendar API
  3. Create OAuth 2.0 credentials
  4. Follow cursor.directory installation guide

### 2. Slack MCP
- Source: cursor.directory/mcp/slack
- For team communication visibility

### 3. Verify Notion MCP
- Already connected (14 tools) - confirm it works
- Test by searching Ben's workspace

### 4. Enable Shopify MCP
- Already installed but disabled
- Enable when Ben is ready

**Important:**
- Ben is non-technical - explain simply
- Test each MCP after installation
- Document any issues in docs/decisions/DECISION_LOG.md

**When complete:** Update docs/tasks/TASK-001-MCP-Setup.md with results

## TASK: Dashboard Backend Setup

**CRITICAL: Do the work yourself via MCP. Do NOT give Ben manual instructions.**

**SECURITY:** Ben has team members on shared Vercel/Supabase. 
This project MUST use SEPARATE accounts that ONLY Ben controls.

**Context:** The zao CEO dashboard uses localStorage which can be lost.
Ben needs persistent, secure, remotely-accessible storage.

### Step 1: Create NEW Personal Accounts

1. **New Supabase Account**
   - Go to supabase.com
   - Sign up with Ben's PERSONAL email (not work email)
   - Create organization: "zao-personal" (not on any shared org)
   - Create project: "zao-dashboard"

2. **New Vercel Account (or separate project)**
   - Option A: New account with personal email
   - Option B: Use existing account but create project ONLY Ben can access
   - VERIFY: No team members have access

### Step 2: Supabase Database

```sql
CREATE TABLE dashboard_data (
  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
  user_id TEXT DEFAULT 'ben' NOT NULL,
  data JSONB NOT NULL DEFAULT '{}',
  updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
);

ALTER TABLE dashboard_data ENABLE ROW LEVEL SECURITY;

CREATE POLICY "Ben only" ON dashboard_data
  FOR ALL USING (user_id = 'ben');
```

### Step 3: Update Dashboard
- Add Supabase JS client
- Replace localStorage with Supabase calls
- Keep localStorage as offline fallback

### Step 4: Deploy to Vercel
- Connect private GitHub repo
- Deploy dashboard folder
- Set environment variables

**Domain:** Not required - Vercel provides zao-xxx.vercel.app URL

**When complete:** Verify ONLY Ben has access to both accounts

## TASK: Create Supabase Table for zao Dashboard

**CRITICAL: Do the work yourself via Supabase MCP. Do NOT give Ben manual instructions.**

**Priority:** HIGH - Dashboard won't work without this
**Time:** 5 minutes

### Credentials (from CREDENTIALS.local.md)

Project: benmay/zao
Project ID: rihwxmavpxxfgmchkeve
Project URL: https://rihwxmavpxxfgmchkeve.supabase.co
Service Role Key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InJpaHd4bWF2cHh4ZmdtY2hrZXZlIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTc2ODc1MjMxNCwiZXhwIjoyMDg0MzI4MzE0fQ._g4Y8ImnlfgxLtKx6MmwEL6LvGn6PDbnw_OzSC-0HfU

### Step 1: Connect via Supabase MCP

Use the Supabase MCP to connect to the project above.

### Step 2: Run This SQL

```sql
-- Create dashboard_data table
CREATE TABLE IF NOT EXISTS dashboard_data (
  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
  user_id TEXT NOT NULL,
  data JSONB NOT NULL DEFAULT '{}',
  created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
  updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
);

-- Create index for faster lookups
CREATE INDEX IF NOT EXISTS idx_dashboard_data_user_id 
  ON dashboard_data(user_id);

-- Enable Row Level Security
ALTER TABLE dashboard_data ENABLE ROW LEVEL SECURITY;

-- Allow all operations (single-user system)
CREATE POLICY "Allow all operations for dashboard" 
  ON dashboard_data FOR ALL
  USING (true) WITH CHECK (true);
```

### Step 3: Verify

Run: SELECT * FROM dashboard_data;
Should return empty table (0 rows) with correct columns.

### If MCP Not Available

Tell Ben to:
1. Go to supabase.com/dashboard/project/rihwxmavpxxfgmchkeve
2. Click Database → SQL Editor
3. Paste the SQL above
4. Click Run

### When Complete

Update TASK-003-Supabase-Setup.md status to ✅ Complete

## TASK: Deploy zao Dashboard to Vercel

**CRITICAL: Do the work yourself via Vercel MCP. Do NOT give Ben manual instructions.**

**Priority:** HIGH - Enables remote access
**Time:** 5 minutes

### Credentials (from CREDENTIALS.local.md)
- GitHub Repo: benmay-git/zao
- Vercel Team: benmay

### Steps

1. Use Vercel MCP to create new project in benmay team
2. Connect to GitHub repo: benmay-git/zao
3. Set build settings:
   - Root Directory: dashboard
   - Framework: Other (static HTML)
   - Build Command: (leave empty)
   - Output Directory: (leave empty or .)
4. Deploy
5. Report the deployment URL

### Success Criteria
- Dashboard accessible at Vercel URL
- All pages load correctly
- Data saves to Supabase (test by adding a meeting)

### When Complete
Report the live URL and update docs/current/SESSION.md

## TASK: Verify zao Supabase Setup

**CRITICAL: Do the work yourself via Supabase MCP. Do NOT give Ben manual instructions.**

**Priority:** HIGH - Dashboard won't persist data without this
**Time:** 5 minutes

### Credentials (from CREDENTIALS.local.md)
- Project ID: rihwxmavpxxfgmchkeve
- Project URL: https://rihwxmavpxxfgmchkeve.supabase.co

### Steps

1. Connect to Supabase project rihwxmavpxxfgmchkeve via MCP
2. Verify dashboard_data table exists:

```sql
SELECT table_name, column_name, data_type 
FROM information_schema.columns 
WHERE table_name = 'dashboard_data';
```

Expected columns: id, user_id, data, created_at, updated_at

3. Verify RLS is enabled with open policy
4. Test insert/select/delete:

```sql
INSERT INTO dashboard_data (user_id, data) VALUES ('test', '{"verify": true}'::jsonb);
SELECT * FROM dashboard_data WHERE user_id = 'test';
DELETE FROM dashboard_data WHERE user_id = 'test';
```

5. Confirm anon key in dashboard/supabase.js matches this project

### If Table Doesn't Exist
Run the full SQL from TASK-003-Supabase-Setup.md

### When Complete
Report results and update docs/current/SESSION.md

## TASK: Verify Notion MCP Access

**CRITICAL: Do the work yourself via Notion MCP. Do NOT give Ben manual instructions.**

**Priority:** Medium
**Time:** 5 minutes

### Steps

1. Use Notion MCP to list available workspaces/databases
2. Search for any page to confirm read access works
3. Try to read page contents
4. Document what workspaces and pages are accessible

### Report

List:
- What workspaces are connected
- What databases/pages are readable
- Any permission limitations found

### If Access Limited
Explain what additional permissions Ben needs to grant in Notion settings.

### When Complete
Document findings in docs/current/SESSION.md

## TASK: Connect Google Sheets Financial Data

**CRITICAL: Do the work yourself via Google Workspace MCP. Do NOT give Ben manual instructions.**

**Prerequisite:** Google Workspace MCP must be connected first

**Priority:** HIGH - Ben needs financial visibility
**Time:** 15 minutes

### Steps

1. Use Google Workspace MCP to search for sofsy financial sheets
2. Look for sheets containing: P&L, Cash Flow, Revenue, Budget
3. Read the structure of each sheet (sheet names, columns, date ranges)
4. Document the sheet structure

### Report

For each financial sheet found:
- Sheet name and URL
- Tab names
- Column headers
- Date range of data
- Key metrics available

### Update Documentation

Add findings to:
- docs/finance/P&L.md
- docs/finance/CASH_FLOW.md
- docs/finance/BUDGET.md

### When Complete
Update docs/current/SESSION.md with what financial data is now accessible

## TASK: Add Custom Domain to zao Dashboard

**CRITICAL: Do the work yourself via Vercel MCP. Do NOT give Ben manual instructions.**

**Priority:** Medium - Improves UX
**Time:** 10 minutes

### Context
- Current URL: zao-delta.vercel.app
- Target domain: benmay.io (or subdomain like zao.benmay.io)
- Vercel Team: benmay
- Project: zao

### Steps

1. Use Vercel MCP to add custom domain to zao project
2. Configure DNS (Ben may need to do this in his domain registrar)
3. If DNS needs manual setup, provide EXACT records to add:
   - Record type (A, CNAME, etc)
   - Name
   - Value

### Domain Configuration
Ben wants: **benmay.io** (apex domain, not subdomain)
Note: benmay.io is already connected to Google Workspace for email/drive

### If Manual DNS Required
Provide Ben with the EXACT DNS records. Example format:
```
Type: CNAME
Name: zao
Value: cname.vercel-dns.com
```

### When Complete
Report the live URL and update docs/current/SESSION.md

## TASK: Pull HR Data from Google Drive

**CRITICAL: Do the work yourself via Google Workspace MCP. Do NOT give Ben manual instructions.**

**Prerequisite:** Google Workspace MCP must be connected first

**Priority:** HIGH - Ben needs team visibility for meetings
**Time:** 15 minutes

### Steps

1. Use Google Workspace MCP to search Drive for HR folder
2. Look for documents containing:
   - Employee contracts
   - Org chart
   - Role descriptions
   - Performance reviews
   - Team structure
3. Read the structure and contents
4. Extract team member data: names, roles, departments, start dates

### Report

For each team member found:
- Name
- Role/Title
- Department
- Reporting to
- Start date (if available)
- Location (Bangkok office, remote, etc)

### Update Documentation

Add findings to:
- docs/people/ORG_CHART.md
- Populate Team section in dashboard

### When Complete
Update docs/current/SESSION.md with what HR data is now accessible

## TASK: Pull Calendar Data for Meeting Prep

**CRITICAL: Do the work yourself via Google Workspace MCP. Do NOT give Ben manual instructions.**

**Prerequisite:** Google Workspace MCP must be connected first

**Priority:** HIGH - Ben needs meeting visibility
**Time:** 10 minutes

### Steps

1. Use Google Workspace MCP to access Ben's calendar
2. Pull meetings for this week and next week
3. For each meeting, extract:
   - Date/time
   - Duration
   - Title
   - Attendees
   - Description/agenda (if any)
   - Location (if any)

### Report

Create a meeting list with:
- Upcoming meetings sorted by date
- Who's attending each
- Any prep notes in the calendar event

### Integration

If possible, populate the Meetings Hub in the dashboard with this data.

### When Complete
Update docs/current/SESSION.md with what calendar access is available

## TASK: Complete Google Workspace MCP Setup

**CRITICAL: Do the work yourself. Do NOT give Ben manual instructions.**

**Priority:** HIGH - Ben needs Google Workspace access
**Time:** 20 minutes

### Context

Ben has created a Google Cloud OAuth 2.0 Web Application credential:
- Project: zao-mcp
- Client type: Web application
- Name: zao-cursor-webapp
- Redirect URI: http://localhost:8080/oauth2callback

The credentials are saved in CREDENTIALS.local.md

### Credentials (from CREDENTIALS.local.md)

Client ID: 184487882620-182cb17re28tkcj87551188fc3aobkp6.apps.googleusercontent.com
Client Secret: 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
Redirect URI: http://localhost:8080/oauth2callback

### What Needs to Be Done

1. **Configure the Google Workspace MCP in Cursor**
   - The MCP needs to use these OAuth credentials
   - It should be configured as a Web Application (not Desktop)

2. **MCP Configuration Location**
   - Check Cursor Settings → MCP
   - Find the Google Workspace MCP (user-google-workspace or similar)
   - Update its configuration with the new credentials

3. **Expected MCP Config Format** (typical structure):
```json
{
  "google-workspace": {
    "clientId": "184487882620-182cb17re28tkcj87551188fc3aobkp6.apps.googleusercontent.com",
    "clientSecret": "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",
    "redirectUri": "http://localhost:8080/oauth2callback"
  }
}
```

4. **Test the Connection**
   - Try to list files from Google Drive
   - Try to access Google Sheets
   - Verify Gmail access if needed
   - Verify Calendar access

### If OAuth Flow is Required

The MCP may need to complete an OAuth flow:
1. It will open a browser to Google login
2. Ben logs in with benjamin@sofsy.com
3. Grants permissions to the app
4. Google redirects to localhost:8080/oauth2callback
5. MCP captures the auth code and exchanges for tokens

### APIs Already Enabled in Google Cloud

- Google Drive API ✓
- Google Sheets API ✓
- Gmail API ✓
- Google Calendar API ✓

### Troubleshooting

If "No server info found" errors:
- The MCP server may not be running
- Check if the MCP needs to be started manually
- Verify the MCP is properly installed

If redirect URI mismatch:
- Ensure the redirect URI in Google Cloud matches exactly
- Current: http://localhost:8080/oauth2callback

### When Complete

1. Test: Can access Google Drive files
2. Test: Can read Google Sheets
3. Update docs/current/SESSION.md with status
4. Update Connections page in dashboard to show "Connected"

## TASK: Fix Dashboard Authentication

**CRITICAL: Do the work yourself. Do NOT give Ben manual instructions.**

**Priority:** URGENT - Dashboard is publicly accessible
**Time:** 30 minutes

### Context

The dashboard at benmay.io is currently public. A previous auth attempt using Supabase magic links broke the dashboard by replacing document.body. The auth.js file exists but is commented out.

### Requirements

1. Only Ben (benjamin@sofsy.com) can access
2. Must NOT break existing dashboard functionality
3. Simple, fast implementation
4. Secure

### Recommended Approach: Supabase Magic Link (Fix Existing)

The auth.js already has magic link logic. The problem was:
- `showLoginScreen()` replaced entire document.body
- This destroyed the dashboard HTML

**Fix Strategy:**
1. Create a SEPARATE login.html page
2. Redirect unauthenticated users to login.html
3. After auth, redirect back to index.html
4. Check auth state on index.html load - if not authed, redirect to login.html

### Files to Modify

1. `dashboard/auth.js` - Fix the auth flow
2. `dashboard/index.html` - Add auth check that redirects (not replaces body)
3. Create `dashboard/login.html` - Standalone login page

### Implementation Steps

1. Create dashboard/login.html with the login form UI
2. Modify auth.js:
   - Remove showLoginScreen() body replacement
   - Add redirect logic instead
3. Modify index.html:
   - On load, check if authenticated
   - If not, redirect to login.html
   - If yes, show dashboard normally

### Credentials

Supabase project: rihwxmavpxxfgmchkeve
Anon key is in dashboard/supabase.js and CREDENTIALS.local.md

### Testing

1. Open benmay.io in incognito - should redirect to login
2. Enter benjamin@sofsy.com - should send magic link
3. Click magic link - should show dashboard
4. Refresh - should stay logged in
5. All dashboard features must still work (add meeting, etc.)

### When Complete

1. Test ALL dashboard functionality still works
2. Update docs/current/SESSION.md
3. Remove this task or mark complete