# Tasks: 009-ops-audit-overview

## Phase A — Schema & Store

- [ ] T001 SQLite migrations `audit_domains`, `audit_checks` em `init_db()`
- [ ] T002 Módulo `audit_store.py` — upsert checks, list domains, aggregate score
- [ ] T003 Job auto-register domains from `webhook_events` (account.created)

## Phase B — Collectors

- [ ] T004 `collectors/vm112.py` — carbonio, nginx_vhost, cert_le via portal API
- [ ] T005 `collectors/dns.py` — mx, spf, dkim, dmarc
- [ ] T006 `collectors/webmail.py` — HTTPS status mail.{domain}
- [ ] T007 `collectors/base.py` — runner `run_audit(tenant_id, domain)`
- [ ] T008 Unit smoke: run_audit domínio conhecido VM112

## Phase C — API

- [ ] T009 `GET /api/v1/audit/overview`
- [ ] T010 `GET /api/v1/audit/tenants/{id}/scorecard?domain=`
- [ ] T011 `POST /api/v1/audit/run/{tenant_id}?domain=` (manual trigger)

## Phase D — Worker

- [ ] T012 `worker/audit_runner.py` — ciclo periódico
- [ ] T013 Env `AUDIT_INTERVAL_SEC=600` docker-compose VM122
- [ ] T014 Integrar runner no worker existente (Redis ou loop)

## Phase E — UI

- [ ] T015 Nav tab **Overview** + view container
- [ ] T016 Grid cards tenant (status, score, issues)
- [ ] T017 Drill-down scorecard panel (8 checks)
- [ ] T018 CSS health grid (healthy/degraded/critical badges)
- [ ] T019 Merge dashboard: funil 004 + overview 009 + tickets (se 004 pronto)

## Phase F — Validação & Deploy

- [ ] T020 Script `scripts/verify-audit-overview.sh`
- [ ] T021 Deploy VM122 + confirmar worker cycle
- [ ] T022 Documentar domínio seed e intervalo em quickstart

## Dependencies

- T009-T011 dependem de T001-T008
- T012-T014 dependem de T007
- T015-T019 dependem de T009-T010
- T019 opcional até feature 004 UI funil existir

## Parallel with 004

| 004 | 009 | Paralelo? |
|-----|-----|-----------|
| Ops funnel API | Schema + collectors | ✅ |
| Portal hooks | Worker | ✅ |
| UI funil | UI overview | ⚠️ sequencial ou merge final dashboard |