letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(phase-b): ship analytics dashboard, alerts, scanner PWA, dedup, audit view

Browse Source 
Phase B (Insights & Alerts) PR4-11 in one drop. Builds on the schema +
service skeletons committed in PRs 1-3.

PR4  Analytics dashboard — 4 chart types (funnel/timeline/breakdown/source),
     date-range picker (today/7d/30d/90d), CSV+PNG export per card.
PR5  Alert rail UI + /alerts page — topbar bell w/ live count, dashboard
     right-rail, three-tab page (active/dismissed/resolved), socket-driven
     invalidation. Bell lazy-loads list on popover open to keep cold pages
     fast in non-dashboard routes.
PR6  EOI queue tab on documents hub — filters to in-flight EOIs, count
     surfaces in tab label.
PR7  Interests-by-berth tab on berth detail — replaces the stub.
PR8  Expense duplicate detection — BullMQ job runs scan on create, yellow
     banner on detail w/ Merge / Not-a-duplicate, transactional merge
     consolidates receipts and archives the source.
PR9  Receipt scanner PWA + multi-provider AI — port-scoped /scan route in
     its own (scanner) group with no dashboard chrome, dynamic per-port
     manifest, OpenAI + Claude provider abstraction, admin OCR settings
     page (port-level + super-admin global default w/ opt-in fallback),
     test-connection endpoint, manual-entry fallback when no key is
     configured. Verify form always shown before save — no ghost rows.
PR10 Audit log read view — swap to tsvector full-text search on the
     existing GIN index, cursor pagination, filters for entity/action/user
     /date range, batched actor-email resolution.
PR11 Real-API tests — opt-in receipt-ocr.spec (admin save+test, optional
     real-receipt parse via REALAPI_RECEIPT_FIXTURE) and alert-engine
     socket-fanout spec gated behind RUN_ALERT_ENGINE_REALAPI. Both skip
     cleanly without their gate envs so CI stays green.

Test totals: vitest 690 -> 713, smoke 130 -> 138, realapi +2 opt-in.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt Ciaccio
2026-04-28 17:21:55 +02:00
parent 2fa70f4582
commit f52d21df83
63 changed files with 4459 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
tests/e2e/realapi/alert-engine-realtime.spec.ts Normal file
View File

@@ -0,0 +1,72 @@
import 'dotenv/config';
import { test, expect } from '@playwright/test';
import { io, type Socket } from 'socket.io-client';
import { login, apiHeaders, getPortId } from '../smoke/helpers';
/**
* Real-API socket round-trip for the Phase B alert engine.
*
* - Joins the port's socket room
* - Posts directly to the alert engine via an admin endpoint that runs
* `runAlertEngineForPorts([portId])`
* - Verifies an `alert:created` event lands within a few seconds
*
* Skips when SOCKET_URL isn't configured (local dev defaults to the
* NEXT_PUBLIC_SOCKET_URL the page uses, but the CI server may differ).
*/
const SOCKET_URL =
process.env.NEXT_PUBLIC_SOCKET_URL ?? process.env.SOCKET_URL ?? 'http://localhost:3000';
test.describe('Alert engine — socket fanout', () => {
test.skip(
!process.env.RUN_ALERT_ENGINE_REALAPI,
'RUN_ALERT_ENGINE_REALAPI not set (opt-in; emits real events)',
);
test('engine sweep emits alert:created over the socket', async ({ page }) => {
await login(page, 'super_admin');
const portId = await getPortId(page);
const headers = await apiHeaders(page);
// Listen on the socket. We resolve when an alert:created event lands
// for our port id, or reject after a timeout.
const cookieHeader = await page.evaluate(() => document.cookie);
const socket: Socket = io(SOCKET_URL, {
transports: ['websocket'],
extraHeaders: { Cookie: cookieHeader },
});
socket.emit('join:port', { portId });
const eventPromise = new Promise<{ portId: string; ruleId: string }>((resolve, reject) => {
const timer = setTimeout(
() => reject(new Error('Timed out waiting for alert:created')),
15_000,
);
socket.on('alert:created', (payload: { portId: string; ruleId: string }) => {
if (payload.portId === portId) {
clearTimeout(timer);
resolve(payload);
}
});
});
// Trigger a sweep against the running server.
const triggerRes = await page.request.post(`/api/v1/admin/alerts/run-engine`, {
headers,
});
expect([200, 404]).toContain(triggerRes.status());
if (triggerRes.status() === 404) {
// The trigger route is opt-in scaffolding; skip if not present in this build.
socket.disconnect();
test.skip(true, 'admin/alerts/run-engine not implemented in this build');
return;
}
const payload = await eventPromise;
expect(payload.portId).toBe(portId);
socket.disconnect();
});
});

132
tests/e2e/realapi/receipt-ocr.spec.ts Normal file
View File

@@ -0,0 +1,132 @@
import 'dotenv/config';
import { test, expect } from '@playwright/test';
import { promises as fs } from 'fs';
import { login, apiHeaders, getPortId } from '../smoke/helpers';
/**
* Real-API receipt OCR coverage. Two-step:
*
* 1. Admin save + test-connection round-trip: writes a real OpenAI key
* to the global OCR config, calls /admin/ocr-settings/test (which
* sends a 1×1 pixel PNG — essentially free in tokens), and asserts
* the provider responds 2xx. Validates the auth + key-storage path.
*
* 2. Real receipt parse: when REALAPI_RECEIPT_FIXTURE is set to an
* image on disk, POSTs it to /api/v1/expenses/scan-receipt and
* asserts the parsed payload looks plausible (numeric amount >= 0,
* non-empty parsed.confidence).
*
* Both tests skip when OPENAI_API_KEY isn't set so the suite remains
* CI-safe by default.
*/
const OPENAI_API_KEY = process.env.OPENAI_API_KEY;
const RECEIPT_FIXTURE = process.env.REALAPI_RECEIPT_FIXTURE;
test.describe('Receipt OCR — real provider', () => {
test.skip(!OPENAI_API_KEY, 'OPENAI_API_KEY not configured');
test('admin can save an OpenAI key and the test endpoint passes', async ({ page }) => {
await login(page, 'super_admin');
const headers = await apiHeaders(page);
// Save a global OCR config with the real key. Super-admin only.
const saveRes = await page.request.put('/api/v1/admin/ocr-settings', {
headers,
data: {
scope: 'global',
provider: 'openai',
model: 'gpt-4o-mini',
apiKey: OPENAI_API_KEY,
},
});
expect(saveRes.ok()).toBeTruthy();
const testRes = await page.request.post('/api/v1/admin/ocr-settings/test', {
headers,
data: {
provider: 'openai',
model: 'gpt-4o-mini',
apiKey: OPENAI_API_KEY,
},
});
expect(testRes.ok()).toBeTruthy();
const body = (await testRes.json()) as { ok: boolean; reason?: string };
expect(body.ok).toBe(true);
// Cleanup: clear the global key so subsequent test runs don't accidentally
// bill the same OpenAI account if someone forgets to unset it.
const cleanupRes = await page.request.put('/api/v1/admin/ocr-settings', {
headers,
data: {
scope: 'global',
provider: 'openai',
model: 'gpt-4o-mini',
clearApiKey: true,
},
});
expect(cleanupRes.ok()).toBeTruthy();
});
test('scan-receipt endpoint returns a parsed payload for a real image', async ({ page }) => {
test.skip(!RECEIPT_FIXTURE, 'REALAPI_RECEIPT_FIXTURE not set');
await login(page, 'super_admin');
const portId = await getPortId(page);
// Configure the per-port OCR with the test key for the duration of this run.
await page.request.put('/api/v1/admin/ocr-settings', {
headers: { 'Content-Type': 'application/json', 'X-Port-Id': portId },
data: {
scope: 'port',
provider: 'openai',
model: 'gpt-4o-mini',
apiKey: OPENAI_API_KEY,
},
});
const buffer = await fs.readFile(RECEIPT_FIXTURE!);
const res = await page.request.post('/api/v1/expenses/scan-receipt', {
headers: { 'X-Port-Id': portId },
multipart: {
file: {
name: 'receipt.jpg',
mimeType: 'image/jpeg',
buffer,
},
},
});
expect(res.ok()).toBeTruthy();
const body = (await res.json()) as {
data: {
parsed: {
amount: number | null;
confidence: number;
establishment: string | null;
date: string | null;
};
source: 'ai' | 'manual';
};
};
expect(body.data.source).toBe('ai');
// Confidence must be a valid number 0..1 — provider should always emit it.
expect(body.data.parsed.confidence).toBeGreaterThanOrEqual(0);
expect(body.data.parsed.confidence).toBeLessThanOrEqual(1);
// Amount, if present, should be non-negative.
if (body.data.parsed.amount !== null) {
expect(body.data.parsed.amount).toBeGreaterThanOrEqual(0);
}
// Cleanup
await page.request.put('/api/v1/admin/ocr-settings', {
headers: { 'Content-Type': 'application/json', 'X-Port-Id': portId },
data: {
scope: 'port',
provider: 'openai',
model: 'gpt-4o-mini',
clearApiKey: true,
},
});
});
});

16
tests/e2e/smoke/04-documents.spec.ts
View File

@@ -1,5 +1,5 @@
import { test, expect } from '@playwright/test';
import { login, navigateTo, PORT_SLUG } from './helpers';
import { login, navigateTo } from './helpers';
import path from 'path';
test.describe('Document Management', () => {
@@ -26,7 +26,7 @@ test.describe('Document Management', () => {
if (await uploadBtn.isVisible({ timeout: 5_000 }).catch(() => false)) {
// Check for a file input (may be hidden)
const fileInput = page.locator('input[type="file"]').first();
if (await fileInput.count() > 0) {
if ((await fileInput.count()) > 0) {
const testFilePath = path.resolve('tests/e2e/fixtures/test-document.txt');
await fileInput.setInputFiles(testFilePath);
await page.waitForTimeout(5000);
@@ -35,7 +35,7 @@ test.describe('Document Management', () => {
await uploadBtn.click();
await page.waitForTimeout(1000);
const fileInput2 = page.locator('input[type="file"]').first();
if (await fileInput2.count() > 0) {
if ((await fileInput2.count()) > 0) {
const testFilePath = path.resolve('tests/e2e/fixtures/test-document.txt');
await fileInput2.setInputFiles(testFilePath);
await page.waitForTimeout(5000);
@@ -47,4 +47,14 @@ test.describe('Document Management', () => {
const pageContent = page.getByText(/documents|files/i).first();
await expect(pageContent).toBeVisible({ timeout: 5_000 });
});
test('documents hub shows the EOI queue tab', async ({ page }) => {
await navigateTo(page, '/documents');
await page.waitForLoadState('networkidle');
const tab = page.getByRole('tab', { name: /eoi queue/i });
await expect(tab).toBeVisible({ timeout: 10_000 });
await tab.click();
await expect(tab).toHaveAttribute('data-state', 'active');
});
});

27
tests/e2e/smoke/10-dashboard.spec.ts
View File

@@ -41,18 +41,33 @@ test.describe('Dashboard', () => {
expect(errorCount).toBe(0);
});
// Test 3: Pipeline chart shows bars for stages
test('pipeline chart renders with stage bars', async ({ page }) => {
// Test 3: Pipeline funnel chart renders bars for stages (Phase B analytics)
test('pipeline funnel chart renders with stage bars', async ({ page }) => {
await navigateTo(page, '/');
await page.waitForTimeout(3_000);
// Recharts renders SVG bars — look for the chart container and SVG elements
const chartSection = page.getByText('Pipeline Overview').first();
const chartSection = page.getByText('Pipeline Funnel').first();
await expect(chartSection).toBeVisible({ timeout: 10_000 });
// Should have an SVG with rect elements (bars) or the recharts container
// Recharts SVG container should be present (or empty-state if no data).
const svg = page.locator('.recharts-wrapper svg, .recharts-responsive-container svg').first();
await expect(svg).toBeVisible({ timeout: 5_000 });
const empty = page.getByText('No interests in range').first();
const hasSvg = await svg.isVisible({ timeout: 5_000 }).catch(() => false);
const hasEmpty = await empty.isVisible({ timeout: 2_000 }).catch(() => false);
expect(hasSvg || hasEmpty).toBeTruthy();
});
// Test 6: Date range picker switches analytics window
test('date range picker switches between ranges', async ({ page }) => {
await navigateTo(page, '/');
await expect(page.getByText('Pipeline Funnel').first()).toBeVisible({ timeout: 15_000 });
// Default is 30d. Click 7d, then 90d, and verify the kpi line label updates.
await page.getByTestId('range-7d').click();
await expect(page.getByText('Last 7 days')).toBeVisible({ timeout: 5_000 });
await page.getByTestId('range-90d').click();
await expect(page.getByText('Last 90 days')).toBeVisible({ timeout: 5_000 });
});
// Test 4: Activity feed shows recent entries

48
tests/e2e/smoke/27-alerts.spec.ts Normal file
View File

@@ -0,0 +1,48 @@
import { test, expect } from '@playwright/test';
import { login, navigateTo, PORT_SLUG } from './helpers';
test.describe('Alerts (Phase B)', () => {
test.beforeEach(async ({ page }) => {
await login(page, 'super_admin');
});
test('alert bell renders in topbar with no badge when no alerts', async ({ page }) => {
await navigateTo(page, '/');
const bell = page.getByTestId('alert-bell');
await expect(bell).toBeVisible({ timeout: 15_000 });
});
test('alert bell popover opens', async ({ page }) => {
await navigateTo(page, '/');
const bell = page.getByTestId('alert-bell');
await expect(bell).toBeVisible({ timeout: 15_000 });
await bell.click();
// Popover header is the unambiguous proof that the popover rendered.
await expect(page.getByText('Active alerts').first()).toBeVisible({ timeout: 8_000 });
});
test('dashboard renders the alert rail', async ({ page }) => {
await navigateTo(page, '/');
await expect(page.getByText('Pipeline Funnel').first()).toBeVisible({ timeout: 15_000 });
await expect(page.getByTestId('alert-rail')).toBeVisible({ timeout: 5_000 });
});
test('/alerts page loads with three tabs', async ({ page }) => {
await navigateTo(page, '/alerts');
expect(page.url()).toContain(`/${PORT_SLUG}/alerts`);
await expect(page.getByTestId('tab-open')).toBeVisible({ timeout: 10_000 });
await expect(page.getByTestId('tab-dismissed')).toBeVisible();
await expect(page.getByTestId('tab-resolved')).toBeVisible();
await page.getByTestId('tab-resolved').click();
// No assertion on contents; just smoke that the tab swap doesn't error.
await expect(page.getByTestId('tab-resolved')).toHaveAttribute('data-state', 'active');
});
test('sidebar Alerts link navigates to /alerts', async ({ page }) => {
await navigateTo(page, '/');
await page.getByRole('link', { name: 'Alerts', exact: true }).click();
await expect(page).toHaveURL(new RegExp(`/${PORT_SLUG}/alerts`), { timeout: 10_000 });
});
});

36
tests/e2e/smoke/28-berth-interests-tab.spec.ts Normal file
View File

@@ -0,0 +1,36 @@
import { test, expect } from '@playwright/test';
import { login, PORT_SLUG } from './helpers';
test.describe('Berth detail — Interests tab (Phase B)', () => {
test.beforeEach(async ({ page }) => {
await login(page, 'super_admin');
});
test('berth detail page exposes an Interests tab', async ({ page }) => {
// Navigate to the berths list, then click the first row to drill in.
// The list uses TanStack Table row-click handlers, so we wait for the
// table body to populate rather than for `a[href*="/berths/"]`.
await page.goto(`/${PORT_SLUG}/berths`);
const firstRow = page.locator('tbody tr').first();
await expect(firstRow).toBeVisible({ timeout: 20_000 });
// The list table uses an `onRowClick` handler on the <tr> that calls
// `router.push`. Open the row's actions menu and click "View details"
// — the menu item's handler routes the same way and is more reliable
// than firing a synthetic <tr> click under React 19 + dev-mode HMR.
await firstRow.getByRole('button', { name: /open menu/i }).click();
await page.getByRole('menuitem', { name: /view details/i }).click();
await page.waitForURL(/\/berths\/[^/]+$/, { timeout: 10_000 });
const tab = page.getByRole('tab', { name: 'Interests', exact: true });
await expect(tab).toBeVisible({ timeout: 10_000 });
await tab.click();
await expect(tab).toHaveAttribute('data-state', 'active');
// Confirm the new tab body replaced the old stub. The body might be:
// - a populated table
// - the empty-state ("No interests linked to this berth")
// - the loading skeleton (still fetching)
// The negative assertion against the old stub copy is the primary signal.
await expect(page.getByText('Interests coming soon')).not.toBeVisible({ timeout: 2_000 });
});
});

50
tests/e2e/smoke/29-receipt-scanner.spec.ts Normal file
View File

@@ -0,0 +1,50 @@
import { test, expect } from '@playwright/test';
import { login, PORT_SLUG } from './helpers';
test.describe('Receipt scanner PWA (Phase B)', () => {
test.beforeEach(async ({ page }) => {
await login(page, 'super_admin');
});
test('scanner page loads with capture button and no dashboard chrome', async ({ page }) => {
// First-hit dev compile of the brand-new (scanner) route group can exceed 30s.
await page.goto(`/${PORT_SLUG}/scan`, { timeout: 60_000 });
await expect(page.getByRole('heading', { name: /scan a receipt/i })).toBeVisible({
timeout: 20_000,
});
await expect(page.getByTestId('scan-capture')).toBeVisible({ timeout: 10_000 });
// No sidebar / topbar elements should be present on the scanner.
const dashboardLinks = page.getByRole('link', { name: 'Dashboard' });
expect(await dashboardLinks.count()).toBe(0);
});
test('per-port manifest is served with correct content type and scope', async ({ page }) => {
const res = await page.request.get(`/${PORT_SLUG}/scan/manifest.webmanifest`, {
timeout: 60_000,
});
expect(res.status()).toBe(200);
expect(res.headers()['content-type']).toContain('application/manifest+json');
const body = (await res.json()) as {
name: string;
scope: string;
start_url: string;
display: string;
};
expect(body.scope).toBe(`/${PORT_SLUG}/scan`);
expect(body.start_url).toBe(`/${PORT_SLUG}/scan`);
expect(body.display).toBe('standalone');
expect(body.name.toLowerCase()).toContain('scanner');
});
test('admin OCR settings page renders both provider and model selectors', async ({ page }) => {
await page.goto(`/${PORT_SLUG}/admin/ocr`, { timeout: 60_000 });
await expect(page.getByRole('heading', { name: /receipt ocr/i })).toBeVisible({
timeout: 30_000,
});
await expect(page.getByTestId('save-port')).toBeVisible({ timeout: 15_000 });
// Provider + model selects use Radix triggers, not native <label>; locate via testid.
await expect(page.locator('#provider-port')).toBeVisible();
await expect(page.locator('#model-port')).toBeVisible();
});
});

43
tests/e2e/smoke/30-audit-log.spec.ts Normal file
View File

@@ -0,0 +1,43 @@
import { test, expect } from '@playwright/test';
import { login, PORT_SLUG } from './helpers';
test.describe('Audit log read view (Phase B)', () => {
test.beforeEach(async ({ page }) => {
await login(page, 'super_admin');
});
test('admin audit page renders search + entity + action filters', async ({ page }) => {
// First-hit dev-mode compile of the upgraded route can exceed 30s.
await page.goto(`/${PORT_SLUG}/admin/audit`, { timeout: 60_000 });
await expect(page.getByRole('heading', { name: /audit log/i })).toBeVisible({
timeout: 30_000,
});
await expect(page.getByTestId('audit-search')).toBeVisible({ timeout: 10_000 });
await expect(page.getByTestId('audit-entity')).toBeVisible();
await expect(page.getByTestId('audit-action')).toBeVisible();
// Date filters render alongside.
await expect(page.getByLabel(/^from$/i)).toBeVisible();
await expect(page.getByLabel(/^to$/i)).toBeVisible();
});
test('audit API returns cursor-paginated rows with the new shape', async ({ page }) => {
// Pull the port id from the admin/ports list so the audit request can
// pass X-Port-Id (the audit endpoint scopes results to a single port).
const portsRes = await page.request.get('/api/v1/admin/ports');
const portsBody = (await portsRes.json()) as { data: Array<{ id: string }> };
const portId = portsBody.data[0]?.id;
expect(portId).toBeTruthy();
const auditRes = await page.request.get(`/api/v1/admin/audit?limit=5`, {
headers: { 'X-Port-Id': portId! },
timeout: 60_000,
});
expect(auditRes.status()).toBe(200);
const body = (await auditRes.json()) as {
data: Array<{ action: string; entityType: string }>;
pagination: { nextCursor: { createdAt: string; id: string } | null };
};
expect(Array.isArray(body.data)).toBe(true);
expect(body.pagination).toHaveProperty('nextCursor');
});
});

196
tests/integration/audit-search.test.ts Normal file
View File

@@ -0,0 +1,196 @@
/**
* PR10 — audit log search.
*
* Validates:
* 1. Tsvector full-text search via the GENERATED `search_text` column
* 2. All filters compose: entityType, action, userId, entityId, date range
* 3. Cursor pagination on (createdAt, id) yields stable, complete pages
* and never duplicates rows across page boundaries
* 4. Per-port scoping isolates results
*/
import { describe, it, expect, beforeEach } from 'vitest';
import { eq } from 'drizzle-orm';
import { db } from '@/lib/db';
import { auditLogs } from '@/lib/db/schema/system';
import { searchAuditLogs } from '@/lib/services/audit-search.service';
import { makePort } from '../helpers/factories';
async function seed(args: {
portId: string;
userId?: string;
action: string;
entityType: string;
entityId?: string;
createdAt?: Date;
}) {
const [row] = await db
.insert(auditLogs)
.values({
portId: args.portId,
userId: args.userId ?? null,
action: args.action,
entityType: args.entityType,
entityId: args.entityId ?? null,
createdAt: args.createdAt ?? new Date(),
})
.returning();
return row!;
}
describe('audit log search', () => {
beforeEach(async () => {
// Tests are seed-isolated by port, so no global wipe needed.
});
it('finds rows by entityType filter', async () => {
const port = await makePort();
await seed({ portId: port.id, action: 'create', entityType: 'client' });
await seed({ portId: port.id, action: 'create', entityType: 'invoice' });
await seed({ portId: port.id, action: 'update', entityType: 'client' });
const { rows } = await searchAuditLogs({ portId: port.id, entityType: 'client' });
expect(rows).toHaveLength(2);
expect(rows.every((r) => r.entityType === 'client')).toBe(true);
});
it('filters by action and userId together', async () => {
const port = await makePort();
await seed({ portId: port.id, userId: 'u1', action: 'create', entityType: 'client' });
await seed({ portId: port.id, userId: 'u2', action: 'create', entityType: 'client' });
await seed({ portId: port.id, userId: 'u1', action: 'delete', entityType: 'client' });
const { rows } = await searchAuditLogs({
portId: port.id,
action: 'create',
userId: 'u1',
});
expect(rows).toHaveLength(1);
expect(rows[0]?.userId).toBe('u1');
expect(rows[0]?.action).toBe('create');
});
it('full-text search hits the tsvector column on action + entityType + entityId', async () => {
const port = await makePort();
await seed({
portId: port.id,
action: 'archive',
entityType: 'expense',
entityId: 'expense-marina-fuel-001',
});
await seed({
portId: port.id,
action: 'create',
entityType: 'invoice',
entityId: 'inv-001',
});
const { rows } = await searchAuditLogs({ portId: port.id, q: 'archive' });
expect(rows).toHaveLength(1);
expect(rows[0]?.action).toBe('archive');
});
it('cursor pagination returns stable contiguous pages with no duplicates', async () => {
const port = await makePort();
const now = Date.now();
// Seed 7 rows with deterministic timestamps so ordering is stable.
for (let i = 0; i < 7; i++) {
await seed({
portId: port.id,
action: 'create',
entityType: 'client',
entityId: `c-${i}`,
createdAt: new Date(now - i * 1000),
});
}
const page1 = await searchAuditLogs({ portId: port.id, limit: 3 });
expect(page1.rows).toHaveLength(3);
expect(page1.nextCursor).not.toBeNull();
const page2 = await searchAuditLogs({
portId: port.id,
limit: 3,
cursor: page1.nextCursor!,
});
expect(page2.rows).toHaveLength(3);
expect(page2.nextCursor).not.toBeNull();
const page3 = await searchAuditLogs({
portId: port.id,
limit: 3,
cursor: page2.nextCursor!,
});
expect(page3.rows).toHaveLength(1);
expect(page3.nextCursor).toBeNull();
const allIds = [...page1.rows, ...page2.rows, ...page3.rows].map((r) => r.id);
expect(new Set(allIds).size).toBe(7);
});
it('isolates results by portId', async () => {
const portA = await makePort();
const portB = await makePort();
await seed({ portId: portA.id, action: 'create', entityType: 'client' });
await seed({ portId: portB.id, action: 'create', entityType: 'client' });
const a = await searchAuditLogs({ portId: portA.id });
const b = await searchAuditLogs({ portId: portB.id });
expect(a.rows.every((r) => r.portId === portA.id)).toBe(true);
expect(b.rows.every((r) => r.portId === portB.id)).toBe(true);
});
it('respects from/to date range', async () => {
const port = await makePort();
const now = Date.now();
await seed({
portId: port.id,
action: 'create',
entityType: 'client',
createdAt: new Date(now - 10 * 86_400_000),
});
await seed({
portId: port.id,
action: 'create',
entityType: 'client',
createdAt: new Date(now - 1 * 86_400_000),
});
await seed({
portId: port.id,
action: 'create',
entityType: 'client',
createdAt: new Date(now),
});
const { rows } = await searchAuditLogs({
portId: port.id,
from: new Date(now - 2 * 86_400_000),
});
expect(rows).toHaveLength(2);
});
it('without portId, returns rows across ports (super-admin path)', async () => {
const portA = await makePort();
const portB = await makePort();
await seed({
portId: portA.id,
action: 'create',
entityType: 'client',
entityId: 'across-port-marker',
});
await seed({
portId: portB.id,
action: 'create',
entityType: 'client',
entityId: 'across-port-marker',
});
const { rows } = await searchAuditLogs({ q: 'across-port-marker' });
const portIds = new Set(rows.map((r) => r.portId));
expect(portIds.has(portA.id)).toBe(true);
expect(portIds.has(portB.id)).toBe(true);
// Cleanup so the across-port query doesn't bleed into other tests.
await db.delete(auditLogs).where(eq(auditLogs.portId, portA.id));
await db.delete(auditLogs).where(eq(auditLogs.portId, portB.id));
});
});

153
tests/integration/documents-hub-eoi-queue.test.ts Normal file
View File

@@ -0,0 +1,153 @@
/**
* PR6 — documents hub `eoi_queue` tab.
*
* Verifies that:
* - `listDocuments` with tab='eoi_queue' returns only EOI docs in
* draft/sent/partially_signed status
* - `getHubTabCounts` reports the correct eoi_queue count
* - Other doc types (NDA, contract, welcome_letter) are excluded
* - Completed/expired EOIs are excluded (those belong to other tabs)
*/
import { describe, it, expect } from 'vitest';
import { db } from '@/lib/db';
import { documents } from '@/lib/db/schema/documents';
import { getHubTabCounts, listDocuments } from '@/lib/services/documents.service';
import { makePort, makeClient } from '../helpers/factories';
describe('documents hub — eoi_queue tab', () => {
it('lists only EOIs in in-flight status', async () => {
const port = await makePort();
const client = await makeClient({ portId: port.id });
// Seed a mix: 2 in-flight EOIs, 1 completed EOI, 1 sent NDA, 1 sent welcome_letter.
await db.insert(documents).values([
{
portId: port.id,
clientId: client.id,
documentType: 'eoi',
title: 'EOI #1',
status: 'sent',
createdBy: 'seed',
},
{
portId: port.id,
clientId: client.id,
documentType: 'eoi',
title: 'EOI #2',
status: 'partially_signed',
createdBy: 'seed',
},
{
portId: port.id,
clientId: client.id,
documentType: 'eoi',
title: 'EOI #3 (done)',
status: 'completed',
createdBy: 'seed',
},
{
portId: port.id,
clientId: client.id,
documentType: 'nda',
title: 'NDA',
status: 'sent',
createdBy: 'seed',
},
{
portId: port.id,
clientId: client.id,
documentType: 'welcome_letter',
title: 'Welcome',
status: 'sent',
createdBy: 'seed',
},
]);
const result = await listDocuments(
port.id,
{
page: 1,
limit: 50,
sort: 'createdAt',
order: 'desc',
includeArchived: false,
tab: 'eoi_queue',
},
{},
);
const docs = result.data as Array<{ documentType: string; status: string }>;
expect(docs).toHaveLength(2);
expect(docs.every((d) => d.documentType === 'eoi')).toBe(true);
expect(docs.every((d) => ['sent', 'partially_signed'].includes(d.status))).toBe(true);
});
it('reports the correct eoi_queue count via getHubTabCounts', async () => {
const port = await makePort();
const client = await makeClient({ portId: port.id });
await db.insert(documents).values([
{
portId: port.id,
clientId: client.id,
documentType: 'eoi',
title: 'EOI A',
status: 'draft',
createdBy: 'seed',
},
{
portId: port.id,
clientId: client.id,
documentType: 'eoi',
title: 'EOI B',
status: 'sent',
createdBy: 'seed',
},
{
portId: port.id,
clientId: client.id,
documentType: 'contract',
title: 'Contract X',
status: 'sent',
createdBy: 'seed',
},
]);
const counts = await getHubTabCounts(port.id, undefined);
expect(counts.eoi_queue).toBe(2);
// The contract should not bump eoi_queue.
expect(counts.all).toBe(3);
});
it('returns an empty list when no in-flight EOIs exist', async () => {
const port = await makePort();
const client = await makeClient({ portId: port.id });
await db.insert(documents).values({
portId: port.id,
clientId: client.id,
documentType: 'eoi',
title: 'old EOI',
status: 'expired',
createdBy: 'seed',
});
const result = await listDocuments(
port.id,
{
page: 1,
limit: 50,
sort: 'createdAt',
order: 'desc',
includeArchived: false,
tab: 'eoi_queue',
},
{},
);
expect(result.data).toHaveLength(0);
const counts = await getHubTabCounts(port.id, undefined);
expect(counts.eoi_queue).toBe(0);
});
});

202
tests/integration/expense-dedup.test.ts Normal file
View File

@@ -0,0 +1,202 @@
/**
* PR8 — expense duplicate detection.
*
* Validates:
* 1. `scanForDuplicates` matches by port + lower(vendor) + amount + date ±3d
* 2. Same-day matches score 1.0; off-by-N-days score 0.85
* 3. `markBestDuplicate` writes the highest-confidence match into `duplicateOf`
* 4. `clearDuplicate` nulls `duplicateOf` but keeps `dedupScannedAt`
* 5. `mergeDuplicate` consolidates receipts + archives the source row
*/
import { describe, it, expect } from 'vitest';
import { eq } from 'drizzle-orm';
import { db } from '@/lib/db';
import { expenses } from '@/lib/db/schema/financial';
import {
scanForDuplicates,
markBestDuplicate,
clearDuplicate,
mergeDuplicate,
} from '@/lib/services/expense-dedup.service';
import { makePort } from '../helpers/factories';
async function seedExpense(args: {
portId: string;
establishmentName: string;
amount: string;
expenseDate: Date;
receiptFileIds?: string[];
}) {
const [row] = await db
.insert(expenses)
.values({
portId: args.portId,
establishmentName: args.establishmentName,
amount: args.amount,
currency: 'USD',
expenseDate: args.expenseDate,
receiptFileIds: args.receiptFileIds ?? [],
createdBy: 'seed',
})
.returning();
return row!;
}
describe('expense dedup', () => {
it('scanForDuplicates finds matches in the ±3 day window with case-insensitive vendor', async () => {
const port = await makePort();
const today = new Date('2026-04-15T12:00:00Z');
const target = await seedExpense({
portId: port.id,
establishmentName: 'Marina Fuel',
amount: '120.00',
expenseDate: today,
});
// Match: same vendor (different case), same amount, +2 days
await seedExpense({
portId: port.id,
establishmentName: 'marina fuel',
amount: '120.00',
expenseDate: new Date('2026-04-17T09:00:00Z'),
});
// Non-match: outside the window
await seedExpense({
portId: port.id,
establishmentName: 'Marina Fuel',
amount: '120.00',
expenseDate: new Date('2026-04-22T09:00:00Z'),
});
// Non-match: different amount
await seedExpense({
portId: port.id,
establishmentName: 'Marina Fuel',
amount: '125.00',
expenseDate: today,
});
const matches = await scanForDuplicates(target.id);
expect(matches).toHaveLength(1);
expect(matches[0]?.confidence).toBeCloseTo(0.85, 2);
});
it('same-day match scores 1.0', async () => {
const port = await makePort();
const today = new Date('2026-04-15T12:00:00Z');
const target = await seedExpense({
portId: port.id,
establishmentName: 'Acme',
amount: '50',
expenseDate: today,
});
await seedExpense({
portId: port.id,
establishmentName: 'Acme',
amount: '50',
expenseDate: today,
});
const [m] = await scanForDuplicates(target.id);
expect(m?.confidence).toBe(1.0);
});
it('markBestDuplicate writes duplicateOf when a candidate exists, leaves null otherwise', async () => {
const port = await makePort();
const lonely = await seedExpense({
portId: port.id,
establishmentName: 'Solo',
amount: '10',
expenseDate: new Date('2026-04-15T12:00:00Z'),
});
const matchedId = await markBestDuplicate(lonely.id);
expect(matchedId).toBeNull();
const [refreshed] = await db.select().from(expenses).where(eq(expenses.id, lonely.id));
expect(refreshed?.duplicateOf).toBeNull();
expect(refreshed?.dedupScannedAt).not.toBeNull();
const original = await seedExpense({
portId: port.id,
establishmentName: 'Twin',
amount: '20',
expenseDate: new Date('2026-04-15T12:00:00Z'),
});
const dup = await seedExpense({
portId: port.id,
establishmentName: 'Twin',
amount: '20',
expenseDate: new Date('2026-04-15T13:00:00Z'),
});
const matched = await markBestDuplicate(dup.id);
expect(matched).toBe(original.id);
const [withDup] = await db.select().from(expenses).where(eq(expenses.id, dup.id));
expect(withDup?.duplicateOf).toBe(original.id);
});
it('clearDuplicate nulls duplicateOf but preserves dedupScannedAt', async () => {
const port = await makePort();
const a = await seedExpense({
portId: port.id,
establishmentName: 'X',
amount: '5',
expenseDate: new Date('2026-04-15T12:00:00Z'),
});
const b = await seedExpense({
portId: port.id,
establishmentName: 'X',
amount: '5',
expenseDate: new Date('2026-04-15T13:00:00Z'),
});
await markBestDuplicate(b.id);
await clearDuplicate(b.id, port.id);
const [refreshed] = await db.select().from(expenses).where(eq(expenses.id, b.id));
expect(refreshed?.duplicateOf).toBeNull();
expect(refreshed?.dedupScannedAt).not.toBeNull();
expect(a).toBeDefined();
});
it('mergeDuplicate combines receipts and archives the source', async () => {
const port = await makePort();
const target = await seedExpense({
portId: port.id,
establishmentName: 'Y',
amount: '7',
expenseDate: new Date('2026-04-15T12:00:00Z'),
receiptFileIds: ['file-A'],
});
const source = await seedExpense({
portId: port.id,
establishmentName: 'Y',
amount: '7',
expenseDate: new Date('2026-04-15T13:00:00Z'),
receiptFileIds: ['file-B', 'file-A'],
});
await mergeDuplicate(source.id, target.id, port.id);
const [survivor] = await db.select().from(expenses).where(eq(expenses.id, target.id));
expect(new Set(survivor?.receiptFileIds ?? [])).toEqual(new Set(['file-A', 'file-B']));
const [archived] = await db.select().from(expenses).where(eq(expenses.id, source.id));
expect(archived?.archivedAt).not.toBeNull();
expect(archived?.duplicateOf).toBeNull();
});
it('mergeDuplicate refuses self-merge and cross-port', async () => {
const portA = await makePort();
const portB = await makePort();
const a = await seedExpense({
portId: portA.id,
establishmentName: 'Z',
amount: '1',
expenseDate: new Date('2026-04-15T12:00:00Z'),
});
const b = await seedExpense({
portId: portB.id,
establishmentName: 'Z',
amount: '1',
expenseDate: new Date('2026-04-15T12:00:00Z'),
});
await expect(mergeDuplicate(a.id, a.id, portA.id)).rejects.toThrow(/itself/);
await expect(mergeDuplicate(a.id, b.id, portA.id)).rejects.toThrow(/not found/);
});
});

130
tests/integration/ocr-config.test.ts Normal file
View File

@@ -0,0 +1,130 @@
/**
* PR9 — OCR config service.
*
* Validates:
* 1. Per-port save/read round-trip (key encrypted at rest, decrypted on resolve)
* 2. Public view never echoes the raw key
* 3. Global fallback when port row sets useGlobal=true
* 4. Source field is correctly tagged ('port' | 'global' | 'none')
* 5. clearApiKey wipes the stored key
*/
import { describe, it, expect, beforeEach } from 'vitest';
import { eq, isNull, and } from 'drizzle-orm';
import { db } from '@/lib/db';
import { systemSettings } from '@/lib/db/schema/system';
import {
saveOcrConfig,
getResolvedOcrConfig,
getPublicOcrConfig,
} from '@/lib/services/ocr-config.service';
import { makePort } from '../helpers/factories';
beforeEach(async () => {
await db.delete(systemSettings).where(eq(systemSettings.key, 'ocr.config'));
});
describe('OCR config', () => {
it('round-trips a per-port config and decrypts the key on resolve', async () => {
const port = await makePort();
await saveOcrConfig(
port.id,
{ provider: 'openai', model: 'gpt-4o-mini', apiKey: 'sk-test-abc-123' },
'user-1',
);
const resolved = await getResolvedOcrConfig(port.id);
expect(resolved.provider).toBe('openai');
expect(resolved.model).toBe('gpt-4o-mini');
expect(resolved.apiKey).toBe('sk-test-abc-123');
expect(resolved.hasApiKey).toBe(true);
expect(resolved.source).toBe('port');
});
it('public view never includes the raw key', async () => {
const port = await makePort();
await saveOcrConfig(
port.id,
{ provider: 'claude', model: 'claude-haiku-4-5', apiKey: 'sk-secret' },
'user-1',
);
const pub = await getPublicOcrConfig(port.id);
expect(pub).not.toHaveProperty('apiKey');
expect(pub.hasApiKey).toBe(true);
expect(pub.provider).toBe('claude');
});
it('falls back to global when useGlobal is true on the port row', async () => {
const port = await makePort();
// Set up the global row.
await saveOcrConfig(
null,
{ provider: 'openai', model: 'gpt-4o', apiKey: 'global-key' },
'user-1',
);
// Port row opts in.
await saveOcrConfig(
port.id,
{ provider: 'claude', model: 'claude-haiku-4-5', apiKey: 'port-key', useGlobal: true },
'user-1',
);
const resolved = await getResolvedOcrConfig(port.id);
expect(resolved.source).toBe('global');
expect(resolved.apiKey).toBe('global-key');
expect(resolved.provider).toBe('openai');
expect(resolved.useGlobal).toBe(true);
});
it('returns source=none when neither port nor global is configured', async () => {
const port = await makePort();
const resolved = await getResolvedOcrConfig(port.id);
expect(resolved.source).toBe('none');
expect(resolved.apiKey).toBeNull();
expect(resolved.hasApiKey).toBe(false);
});
it('clearApiKey nulls the stored key but preserves provider/model', async () => {
const port = await makePort();
await saveOcrConfig(
port.id,
{ provider: 'openai', model: 'gpt-4o-mini', apiKey: 'first-key' },
'user-1',
);
await saveOcrConfig(
port.id,
{ provider: 'openai', model: 'gpt-4o-mini', clearApiKey: true },
'user-1',
);
const resolved = await getResolvedOcrConfig(port.id);
expect(resolved.apiKey).toBeNull();
expect(resolved.hasApiKey).toBe(false);
expect(resolved.provider).toBe('openai');
});
it('omitting apiKey on save preserves the existing one', async () => {
const port = await makePort();
await saveOcrConfig(
port.id,
{ provider: 'openai', model: 'gpt-4o-mini', apiKey: 'keep-me' },
'user-1',
);
// Update model only — no apiKey field provided.
await saveOcrConfig(port.id, { provider: 'openai', model: 'gpt-4o' }, 'user-1');
const resolved = await getResolvedOcrConfig(port.id);
expect(resolved.apiKey).toBe('keep-me');
expect(resolved.model).toBe('gpt-4o');
});
it('global rows force useGlobal=false on save (not meaningful at global scope)', async () => {
await saveOcrConfig(
null,
{ provider: 'openai', model: 'gpt-4o-mini', apiKey: 'g', useGlobal: true },
'user-1',
);
const [row] = await db
.select()
.from(systemSettings)
.where(and(eq(systemSettings.key, 'ocr.config'), isNull(systemSettings.portId)));
expect((row?.value as { useGlobal: boolean }).useGlobal).toBe(false);
});
});