letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(phase-b): ship analytics dashboard, alerts, scanner PWA, dedup, audit view

Browse Source 
Phase B (Insights & Alerts) PR4-11 in one drop. Builds on the schema +
service skeletons committed in PRs 1-3.

PR4  Analytics dashboard — 4 chart types (funnel/timeline/breakdown/source),
     date-range picker (today/7d/30d/90d), CSV+PNG export per card.
PR5  Alert rail UI + /alerts page — topbar bell w/ live count, dashboard
     right-rail, three-tab page (active/dismissed/resolved), socket-driven
     invalidation. Bell lazy-loads list on popover open to keep cold pages
     fast in non-dashboard routes.
PR6  EOI queue tab on documents hub — filters to in-flight EOIs, count
     surfaces in tab label.
PR7  Interests-by-berth tab on berth detail — replaces the stub.
PR8  Expense duplicate detection — BullMQ job runs scan on create, yellow
     banner on detail w/ Merge / Not-a-duplicate, transactional merge
     consolidates receipts and archives the source.
PR9  Receipt scanner PWA + multi-provider AI — port-scoped /scan route in
     its own (scanner) group with no dashboard chrome, dynamic per-port
     manifest, OpenAI + Claude provider abstraction, admin OCR settings
     page (port-level + super-admin global default w/ opt-in fallback),
     test-connection endpoint, manual-entry fallback when no key is
     configured. Verify form always shown before save — no ghost rows.
PR10 Audit log read view — swap to tsvector full-text search on the
     existing GIN index, cursor pagination, filters for entity/action/user
     /date range, batched actor-email resolution.
PR11 Real-API tests — opt-in receipt-ocr.spec (admin save+test, optional
     real-receipt parse via REALAPI_RECEIPT_FIXTURE) and alert-engine
     socket-fanout spec gated behind RUN_ALERT_ENGINE_REALAPI. Both skip
     cleanly without their gate envs so CI stays green.

Test totals: vitest 690 -> 713, smoke 130 -> 138, realapi +2 opt-in.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt Ciaccio
2026-04-28 17:21:55 +02:00
parent 2fa70f4582
commit f52d21df83
63 changed files with 4459 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

196
tests/integration/audit-search.test.ts Normal file
View File

@@ -0,0 +1,196 @@
/**
* PR10 — audit log search.
*
* Validates:
* 1. Tsvector full-text search via the GENERATED `search_text` column
* 2. All filters compose: entityType, action, userId, entityId, date range
* 3. Cursor pagination on (createdAt, id) yields stable, complete pages
* and never duplicates rows across page boundaries
* 4. Per-port scoping isolates results
*/
import { describe, it, expect, beforeEach } from 'vitest';
import { eq } from 'drizzle-orm';
import { db } from '@/lib/db';
import { auditLogs } from '@/lib/db/schema/system';
import { searchAuditLogs } from '@/lib/services/audit-search.service';
import { makePort } from '../helpers/factories';
async function seed(args: {
portId: string;
userId?: string;
action: string;
entityType: string;
entityId?: string;
createdAt?: Date;
}) {
const [row] = await db
.insert(auditLogs)
.values({
portId: args.portId,
userId: args.userId ?? null,
action: args.action,
entityType: args.entityType,
entityId: args.entityId ?? null,
createdAt: args.createdAt ?? new Date(),
})
.returning();
return row!;
}
describe('audit log search', () => {
beforeEach(async () => {
// Tests are seed-isolated by port, so no global wipe needed.
});
it('finds rows by entityType filter', async () => {
const port = await makePort();
await seed({ portId: port.id, action: 'create', entityType: 'client' });
await seed({ portId: port.id, action: 'create', entityType: 'invoice' });
await seed({ portId: port.id, action: 'update', entityType: 'client' });
const { rows } = await searchAuditLogs({ portId: port.id, entityType: 'client' });
expect(rows).toHaveLength(2);
expect(rows.every((r) => r.entityType === 'client')).toBe(true);
});
it('filters by action and userId together', async () => {
const port = await makePort();
await seed({ portId: port.id, userId: 'u1', action: 'create', entityType: 'client' });
await seed({ portId: port.id, userId: 'u2', action: 'create', entityType: 'client' });
await seed({ portId: port.id, userId: 'u1', action: 'delete', entityType: 'client' });
const { rows } = await searchAuditLogs({
portId: port.id,
action: 'create',
userId: 'u1',
});
expect(rows).toHaveLength(1);
expect(rows[0]?.userId).toBe('u1');
expect(rows[0]?.action).toBe('create');
});
it('full-text search hits the tsvector column on action + entityType + entityId', async () => {
const port = await makePort();
await seed({
portId: port.id,
action: 'archive',
entityType: 'expense',
entityId: 'expense-marina-fuel-001',
});
await seed({
portId: port.id,
action: 'create',
entityType: 'invoice',
entityId: 'inv-001',
});
const { rows } = await searchAuditLogs({ portId: port.id, q: 'archive' });
expect(rows).toHaveLength(1);
expect(rows[0]?.action).toBe('archive');
});
it('cursor pagination returns stable contiguous pages with no duplicates', async () => {
const port = await makePort();
const now = Date.now();
// Seed 7 rows with deterministic timestamps so ordering is stable.
for (let i = 0; i < 7; i++) {
await seed({
portId: port.id,
action: 'create',
entityType: 'client',
entityId: `c-${i}`,
createdAt: new Date(now - i * 1000),
});
}
const page1 = await searchAuditLogs({ portId: port.id, limit: 3 });
expect(page1.rows).toHaveLength(3);
expect(page1.nextCursor).not.toBeNull();
const page2 = await searchAuditLogs({
portId: port.id,
limit: 3,
cursor: page1.nextCursor!,
});
expect(page2.rows).toHaveLength(3);
expect(page2.nextCursor).not.toBeNull();
const page3 = await searchAuditLogs({
portId: port.id,
limit: 3,
cursor: page2.nextCursor!,
});
expect(page3.rows).toHaveLength(1);
expect(page3.nextCursor).toBeNull();
const allIds = [...page1.rows, ...page2.rows, ...page3.rows].map((r) => r.id);
expect(new Set(allIds).size).toBe(7);
});
it('isolates results by portId', async () => {
const portA = await makePort();
const portB = await makePort();
await seed({ portId: portA.id, action: 'create', entityType: 'client' });
await seed({ portId: portB.id, action: 'create', entityType: 'client' });
const a = await searchAuditLogs({ portId: portA.id });
const b = await searchAuditLogs({ portId: portB.id });
expect(a.rows.every((r) => r.portId === portA.id)).toBe(true);
expect(b.rows.every((r) => r.portId === portB.id)).toBe(true);
});
it('respects from/to date range', async () => {
const port = await makePort();
const now = Date.now();
await seed({
portId: port.id,
action: 'create',
entityType: 'client',
createdAt: new Date(now - 10 * 86_400_000),
});
await seed({
portId: port.id,
action: 'create',
entityType: 'client',
createdAt: new Date(now - 1 * 86_400_000),
});
await seed({
portId: port.id,
action: 'create',
entityType: 'client',
createdAt: new Date(now),
});
const { rows } = await searchAuditLogs({
portId: port.id,
from: new Date(now - 2 * 86_400_000),
});
expect(rows).toHaveLength(2);
});
it('without portId, returns rows across ports (super-admin path)', async () => {
const portA = await makePort();
const portB = await makePort();
await seed({
portId: portA.id,
action: 'create',
entityType: 'client',
entityId: 'across-port-marker',
});
await seed({
portId: portB.id,
action: 'create',
entityType: 'client',
entityId: 'across-port-marker',
});
const { rows } = await searchAuditLogs({ q: 'across-port-marker' });
const portIds = new Set(rows.map((r) => r.portId));
expect(portIds.has(portA.id)).toBe(true);
expect(portIds.has(portB.id)).toBe(true);
// Cleanup so the across-port query doesn't bleed into other tests.
await db.delete(auditLogs).where(eq(auditLogs.portId, portA.id));
await db.delete(auditLogs).where(eq(auditLogs.portId, portB.id));
});
});