Initial commit: Port Nimara CRM (Layers 0-4)
Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
|
|
|
import { describe, it, expect } from 'vitest';
|
|
|
|
|
import { diffFields, maskSensitiveFields } from '@/lib/audit';
|
|
|
|
|
|
|
|
|
|
describe('diffFields', () => {
|
|
|
|
|
it('returns empty array when records are identical', () => {
|
feat(audit-cleanup): finish all 15 outstanding items from verified backlog
Audit cleanup completion plan, all tiers shipped:
Tier 1 (security + data integrity)
- A.7 RTBF true wipe: redact email_messages body/subject/addresses for
threads owned by deleted client; redact document_sends.recipient_email;
collect file storage keys + delete blobs post-commit.
- A.8 user_permission_overrides FK: documented inline why cascade is
correct (not set-null as audit suggested) — overrides have no value
without their user.
- W2.14 PII redaction: camelCase normalization in audit.ts +
error-events.service.ts isSensitiveKey; added city/postal/country/
birth fragments. firstName/lastName/dateOfBirth/postalCode etc. now
caught in BOTH masker paths. 12 new test cases lock the coverage.
Tier 2 (Documenso completion + refactor)
- C.2: documentEvents.recipient_email column + partial unique index for
per-recipient webhook dedup (migration 0075). handleDocumentSigned
now sets recipient_email on insert.
- Phase 2: completion_cc_emails distribution. handleDocumentCompleted
reads documents.completionCcEmails, filters out signer-duplicates
case-insensitively, fans signed PDF out to non-signer recipients.
- C.4: extracted createPublicInterest() service from the 346-line
api/public/interests route. Route becomes a thin shell (rate-limit,
port resolution, audit log, email fan-out). The trio creation logic
is now unit-testable without an HTTP fixture.
- Phase 4: POST /api/v1/document-templates/[id]/detect-fields wired
to document-field-detector.detectFields(). Sparkles "Auto-detect"
button added to template-editor.tsx — maps DetectedField → marker
with best-guess merge token (DATE / NAME / EMAIL); user retags.
Tier 3 (reporting + recommender snapshot lockfiles)
- W7.reports: extracted rollupStageRevenue / rollupStageCounts /
computeTotalForecast / computeOccupancyRate / rollupBerthStatusCounts
into src/lib/services/report-math.ts (pure functions). 16 new tests
including an inline-snapshot lockfile on a representative 7-stage
forecast. report-generators.ts now delegates.
- W7.recommender: 18 new toMatchSnapshot tripwires on classifyTier
boundaries + computeHeat at canonical input points.
Tier 4 (rolling)
- W6.attach: fixed outdated CLAUDE.md claim — threshold banner is
informational and never depended on IMAP; bounce monitoring (the
IMAP poller) is separate.
- D.1 + D.2: documented deferral inline with full why-not-build-it
reasoning so a future engineer sees the rationale.
- G.1: representative formatDate sweep (audit-log-list, user-list,
document-templates merge tokens, document-signing email). Rest of
the ~100 sites stay rolling.
Quality gates: 1420/1420 vitest (46 new tests above baseline of 1374),
tsc clean, 0 lint errors.
Plan: docs/superpowers/plans/2026-05-18-audit-cleanup-completion.md
Migration: 0075_c2_document_events_recipient_email.sql (applied to dev DB).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 18:22:36 +02:00
|
|
|
const result = diffFields(
|
|
|
|
|
{ name: 'Alice', status: 'active' },
|
|
|
|
|
{ name: 'Alice', status: 'active' },
|
|
|
|
|
);
|
Initial commit: Port Nimara CRM (Layers 0-4)
Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
|
|
|
expect(result).toEqual([]);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('detects a single field change with correct field/old/new', () => {
|
feat(audit-cleanup): finish all 15 outstanding items from verified backlog
Audit cleanup completion plan, all tiers shipped:
Tier 1 (security + data integrity)
- A.7 RTBF true wipe: redact email_messages body/subject/addresses for
threads owned by deleted client; redact document_sends.recipient_email;
collect file storage keys + delete blobs post-commit.
- A.8 user_permission_overrides FK: documented inline why cascade is
correct (not set-null as audit suggested) — overrides have no value
without their user.
- W2.14 PII redaction: camelCase normalization in audit.ts +
error-events.service.ts isSensitiveKey; added city/postal/country/
birth fragments. firstName/lastName/dateOfBirth/postalCode etc. now
caught in BOTH masker paths. 12 new test cases lock the coverage.
Tier 2 (Documenso completion + refactor)
- C.2: documentEvents.recipient_email column + partial unique index for
per-recipient webhook dedup (migration 0075). handleDocumentSigned
now sets recipient_email on insert.
- Phase 2: completion_cc_emails distribution. handleDocumentCompleted
reads documents.completionCcEmails, filters out signer-duplicates
case-insensitively, fans signed PDF out to non-signer recipients.
- C.4: extracted createPublicInterest() service from the 346-line
api/public/interests route. Route becomes a thin shell (rate-limit,
port resolution, audit log, email fan-out). The trio creation logic
is now unit-testable without an HTTP fixture.
- Phase 4: POST /api/v1/document-templates/[id]/detect-fields wired
to document-field-detector.detectFields(). Sparkles "Auto-detect"
button added to template-editor.tsx — maps DetectedField → marker
with best-guess merge token (DATE / NAME / EMAIL); user retags.
Tier 3 (reporting + recommender snapshot lockfiles)
- W7.reports: extracted rollupStageRevenue / rollupStageCounts /
computeTotalForecast / computeOccupancyRate / rollupBerthStatusCounts
into src/lib/services/report-math.ts (pure functions). 16 new tests
including an inline-snapshot lockfile on a representative 7-stage
forecast. report-generators.ts now delegates.
- W7.recommender: 18 new toMatchSnapshot tripwires on classifyTier
boundaries + computeHeat at canonical input points.
Tier 4 (rolling)
- W6.attach: fixed outdated CLAUDE.md claim — threshold banner is
informational and never depended on IMAP; bounce monitoring (the
IMAP poller) is separate.
- D.1 + D.2: documented deferral inline with full why-not-build-it
reasoning so a future engineer sees the rationale.
- G.1: representative formatDate sweep (audit-log-list, user-list,
document-templates merge tokens, document-signing email). Rest of
the ~100 sites stay rolling.
Quality gates: 1420/1420 vitest (46 new tests above baseline of 1374),
tsc clean, 0 lint errors.
Plan: docs/superpowers/plans/2026-05-18-audit-cleanup-completion.md
Migration: 0075_c2_document_events_recipient_email.sql (applied to dev DB).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 18:22:36 +02:00
|
|
|
const result = diffFields(
|
|
|
|
|
{ name: 'Alice', status: 'active' },
|
|
|
|
|
{ name: 'Alice', status: 'inactive' },
|
|
|
|
|
);
|
Initial commit: Port Nimara CRM (Layers 0-4)
Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
|
|
|
expect(result).toHaveLength(1);
|
|
|
|
|
expect(result[0]).toEqual({ field: 'status', oldValue: 'active', newValue: 'inactive' });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('detects multiple field changes', () => {
|
|
|
|
|
const result = diffFields(
|
|
|
|
|
{ name: 'Alice', status: 'active', count: 1 },
|
|
|
|
|
{ name: 'Bob', status: 'inactive', count: 2 },
|
|
|
|
|
);
|
|
|
|
|
expect(result).toHaveLength(3);
|
|
|
|
|
const fields = result.map((r) => r.field);
|
|
|
|
|
expect(fields).toContain('name');
|
|
|
|
|
expect(fields).toContain('status');
|
|
|
|
|
expect(fields).toContain('count');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('detects null-to-value change', () => {
|
|
|
|
|
const result = diffFields({ note: null }, { note: 'hello' });
|
|
|
|
|
expect(result).toHaveLength(1);
|
|
|
|
|
expect(result[0]).toEqual({ field: 'note', oldValue: null, newValue: 'hello' });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('detects value-to-null change', () => {
|
|
|
|
|
const result = diffFields({ note: 'hello' }, { note: null });
|
|
|
|
|
expect(result).toHaveLength(1);
|
|
|
|
|
expect(result[0]).toEqual({ field: 'note', oldValue: 'hello', newValue: null });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('uses JSON comparison for nested objects', () => {
|
|
|
|
|
const old = { meta: { x: 1, y: 2 } };
|
|
|
|
|
const updated = { meta: { x: 1, y: 3 } };
|
|
|
|
|
const result = diffFields(old, updated);
|
|
|
|
|
expect(result).toHaveLength(1);
|
2026-03-26 12:29:55 +01:00
|
|
|
expect(result[0]!.field).toBe('meta');
|
Initial commit: Port Nimara CRM (Layers 0-4)
Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('no diff when nested objects are deeply equal', () => {
|
|
|
|
|
const result = diffFields({ meta: { x: 1 } }, { meta: { x: 1 } });
|
|
|
|
|
expect(result).toHaveLength(0);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('only checks keys present in newRecord', () => {
|
|
|
|
|
// 'extra' key in old is irrelevant
|
|
|
|
|
const result = diffFields({ name: 'Alice', extra: 'ignored' }, { name: 'Alice' });
|
|
|
|
|
expect(result).toHaveLength(0);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('maskSensitiveFields', () => {
|
|
|
|
|
it('masks email field', () => {
|
|
|
|
|
const result = maskSensitiveFields({ email: 'alice@example.com' });
|
|
|
|
|
expect(result?.email).not.toBe('alice@example.com');
|
|
|
|
|
expect(typeof result?.email).toBe('string');
|
|
|
|
|
expect(result?.email).toContain('***');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('masks phone field', () => {
|
|
|
|
|
const result = maskSensitiveFields({ phone: '+61400000000' });
|
|
|
|
|
expect(result?.phone).toContain('***');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('masks password field', () => {
|
|
|
|
|
const result = maskSensitiveFields({ password: 'mySecret123' });
|
|
|
|
|
expect(result?.password).toContain('***');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('masks credentials_enc field', () => {
|
|
|
|
|
const result = maskSensitiveFields({ credentials_enc: 'eyJpdiI6IjEyMzQ1' });
|
|
|
|
|
expect(result?.credentials_enc).toContain('***');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('masks token field', () => {
|
|
|
|
|
const result = maskSensitiveFields({ token: 'abc-def-ghi-jkl' });
|
|
|
|
|
expect(result?.token).toContain('***');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('preserves non-sensitive fields unchanged', () => {
|
|
|
|
|
const result = maskSensitiveFields({ name: 'Alice', status: 'active', count: 5 });
|
|
|
|
|
expect(result?.name).toBe('Alice');
|
|
|
|
|
expect(result?.status).toBe('active');
|
|
|
|
|
expect(result?.count).toBe(5);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('applies partial masking: first 2 + *** + last 2 chars for strings longer than 4', () => {
|
|
|
|
|
const result = maskSensitiveFields({ email: 'alice@example.com' });
|
|
|
|
|
// 'alice@example.com' length > 4, so al***om
|
|
|
|
|
expect(result?.email).toBe('al***om');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('replaces short strings (<=4 chars) with just ***', () => {
|
|
|
|
|
const result = maskSensitiveFields({ email: 'ab@c' }); // length 4
|
|
|
|
|
expect(result?.email).toBe('***');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('replaces 1-char sensitive string with ***', () => {
|
|
|
|
|
const result = maskSensitiveFields({ token: 'x' });
|
|
|
|
|
expect(result?.token).toBe('***');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('handles undefined input by returning undefined', () => {
|
|
|
|
|
expect(maskSensitiveFields(undefined)).toBeUndefined();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('does not mutate the original object', () => {
|
|
|
|
|
const original = { email: 'alice@example.com', name: 'Alice' };
|
|
|
|
|
maskSensitiveFields(original);
|
|
|
|
|
expect(original.email).toBe('alice@example.com');
|
|
|
|
|
});
|
feat(audit-cleanup): finish all 15 outstanding items from verified backlog
Audit cleanup completion plan, all tiers shipped:
Tier 1 (security + data integrity)
- A.7 RTBF true wipe: redact email_messages body/subject/addresses for
threads owned by deleted client; redact document_sends.recipient_email;
collect file storage keys + delete blobs post-commit.
- A.8 user_permission_overrides FK: documented inline why cascade is
correct (not set-null as audit suggested) — overrides have no value
without their user.
- W2.14 PII redaction: camelCase normalization in audit.ts +
error-events.service.ts isSensitiveKey; added city/postal/country/
birth fragments. firstName/lastName/dateOfBirth/postalCode etc. now
caught in BOTH masker paths. 12 new test cases lock the coverage.
Tier 2 (Documenso completion + refactor)
- C.2: documentEvents.recipient_email column + partial unique index for
per-recipient webhook dedup (migration 0075). handleDocumentSigned
now sets recipient_email on insert.
- Phase 2: completion_cc_emails distribution. handleDocumentCompleted
reads documents.completionCcEmails, filters out signer-duplicates
case-insensitively, fans signed PDF out to non-signer recipients.
- C.4: extracted createPublicInterest() service from the 346-line
api/public/interests route. Route becomes a thin shell (rate-limit,
port resolution, audit log, email fan-out). The trio creation logic
is now unit-testable without an HTTP fixture.
- Phase 4: POST /api/v1/document-templates/[id]/detect-fields wired
to document-field-detector.detectFields(). Sparkles "Auto-detect"
button added to template-editor.tsx — maps DetectedField → marker
with best-guess merge token (DATE / NAME / EMAIL); user retags.
Tier 3 (reporting + recommender snapshot lockfiles)
- W7.reports: extracted rollupStageRevenue / rollupStageCounts /
computeTotalForecast / computeOccupancyRate / rollupBerthStatusCounts
into src/lib/services/report-math.ts (pure functions). 16 new tests
including an inline-snapshot lockfile on a representative 7-stage
forecast. report-generators.ts now delegates.
- W7.recommender: 18 new toMatchSnapshot tripwires on classifyTier
boundaries + computeHeat at canonical input points.
Tier 4 (rolling)
- W6.attach: fixed outdated CLAUDE.md claim — threshold banner is
informational and never depended on IMAP; bounce monitoring (the
IMAP poller) is separate.
- D.1 + D.2: documented deferral inline with full why-not-build-it
reasoning so a future engineer sees the rationale.
- G.1: representative formatDate sweep (audit-log-list, user-list,
document-templates merge tokens, document-signing email). Rest of
the ~100 sites stay rolling.
Quality gates: 1420/1420 vitest (46 new tests above baseline of 1374),
tsc clean, 0 lint errors.
Plan: docs/superpowers/plans/2026-05-18-audit-cleanup-completion.md
Migration: 0075_c2_document_events_recipient_email.sql (applied to dev DB).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 18:22:36 +02:00
|
|
|
|
|
|
|
|
describe('camelCase + PII coverage (W2.14 fix)', () => {
|
|
|
|
|
it.each([
|
|
|
|
|
['firstName', 'Alice'],
|
|
|
|
|
['lastName', 'Smith'],
|
|
|
|
|
['fullName', 'Alice Smith'],
|
|
|
|
|
['dateOfBirth', '1990-01-01'],
|
|
|
|
|
['addressLine1', '10 Downing St'],
|
|
|
|
|
['addressLine2', 'Flat 3'],
|
|
|
|
|
['city', 'London'],
|
|
|
|
|
['postalCode', 'SW1A 2AA'],
|
|
|
|
|
['country', 'United Kingdom'],
|
|
|
|
|
['recipientEmail', 'bob@example.com'],
|
|
|
|
|
['phoneNumber', '+44 1234 567890'],
|
|
|
|
|
])('masks %s (camelCase PII key)', (key, value) => {
|
|
|
|
|
const result = maskSensitiveFields({ [key]: value });
|
|
|
|
|
expect(result?.[key]).not.toBe(value);
|
|
|
|
|
expect(typeof result?.[key]).toBe('string');
|
|
|
|
|
expect(result?.[key] as string).toMatch(/\*\*\*/);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('does not over-mask innocuous "name" fields without PII context', () => {
|
|
|
|
|
// 'name' alone (port name, tag name, column name) — must NOT be redacted
|
|
|
|
|
// unless it's part of first_name / last_name / full_name etc.
|
|
|
|
|
const result = maskSensitiveFields({
|
|
|
|
|
port_name: 'Port Nimara',
|
|
|
|
|
tag_name: 'VIP',
|
|
|
|
|
column_name: 'created_at',
|
|
|
|
|
});
|
|
|
|
|
expect(result?.port_name).toBe('Port Nimara');
|
|
|
|
|
expect(result?.tag_name).toBe('VIP');
|
|
|
|
|
expect(result?.column_name).toBe('created_at');
|
|
|
|
|
});
|
|
|
|
|
});
|
Initial commit: Port Nimara CRM (Layers 0-4)
Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
|
|
|
});
|