Matt
6b28459c45
Replaces the legacy 9-stage pipeline with 7 canonical stages
(enquiry → qualified → eoi → reservation → deposit_paid → contract →
nurturing) plus three doc sub-status columns (eoi_doc_status,
reservation_doc_status, contract_doc_status) that track sent/signed
within a single stage instead of branching it.
Schema (migration 0062):
- interests gains assigned_to, deposit_expected_amount/currency,
three doc-status columns, two documenso-id columns, and
date_reservation_signed.
- New tables: qualification_criteria (per-port admin-configurable),
interest_qualifications (per-interest state), payments (deposit /
balance / refund records keyed to interest + client).
- Default qualification criteria seeded for every existing port.
- Dummy-data UPDATEs collapse Sent/Signed pairs and 'completed' into
the new stage + doc-status + outcome shape.
Migration 0063 adds interest_contact_log.voice_transcript and
template_used columns for v1.1-A/B (quick-template buttons + voice
transcription via Web Speech API).
v1.1 phase work bundled here:
- A/B: Quick-template buttons (Call / Visit / Email) + mic toggle on
the contact-log compose dialog (useVoiceTranscription hook).
- C: berth-rules-engine wraps state writes in pg_advisory_xact_lock
with an idempotent re-read; emits rule_evaluated audit traces.
- D: Documenso webhook: reservation/contract sub-status stamping
moved out of the PDF-download try-block so a download failure
no longer swallows the stamp. New integration test coverage.
- E: /admin/qualification-criteria CRUD page + admin component.
- F: default_new_interest_owner exposed in System Settings.
- G: recentActivityCount + active_engagement deal-pulse signal
surfaced as a chip on interests + hot-deals card.
- H: interest_assigned notification on assignedTo change (skips
self-assign, uses a dedupe key).
Plus the supporting components: AssignedToChip, DealPulseChip,
PaymentsSection, QualificationChecklist, MultiEoiChip,
SkipAheadBanner, WonStatusPanel, InterestBerthStatusBanner,
SupplementalInfoRequestButton, UserPicker.
Tests: 1370/1370 vitest pass (added deal-health unit suite +
expanded constants/validators/pipeline-transitions coverage). tsc
clean, eslint clean.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
235 lines
7.3 KiB
TypeScript
235 lines
7.3 KiB
TypeScript
/**
|
|
* Port-scoping integration tests (SECURITY-CRITICAL).
|
|
*
|
|
* Codex Addenda: Two-port testing — every entity must be invisible
|
|
* when queried under a different portId.
|
|
*
|
|
* Skips gracefully when TEST_DATABASE_URL is not reachable.
|
|
*/
|
|
import { describe, it, expect, beforeAll, afterAll } from 'vitest';
|
|
|
|
import {
|
|
makeAuditMeta,
|
|
makeCreateClientInput,
|
|
makeCreateInterestInput,
|
|
} from '../helpers/factories';
|
|
|
|
const TEST_DB_URL =
|
|
process.env.TEST_DATABASE_URL || 'postgresql://test:test@localhost:5433/portnimara_test';
|
|
|
|
// ─── DB Availability Check ────────────────────────────────────────────────────
|
|
|
|
let dbAvailable = false;
|
|
|
|
beforeAll(async () => {
|
|
try {
|
|
const postgres = (await import('postgres')).default;
|
|
const sql = postgres(TEST_DB_URL, { max: 1, idle_timeout: 3, connect_timeout: 3 });
|
|
await sql`SELECT 1`;
|
|
await sql.end();
|
|
dbAvailable = true;
|
|
} catch {
|
|
console.warn('[port-scoping] Test database not available — skipping integration tests');
|
|
}
|
|
});
|
|
|
|
function itDb(name: string, fn: () => Promise<void>) {
|
|
it(name, async () => {
|
|
if (!dbAvailable) return;
|
|
await fn();
|
|
});
|
|
}
|
|
|
|
// ─── Helpers ─────────────────────────────────────────────────────────────────
|
|
|
|
async function seedPorts(): Promise<{ portA: string; portB: string }> {
|
|
const postgres = (await import('postgres')).default;
|
|
const sql = postgres(TEST_DB_URL, { max: 1 });
|
|
|
|
const portA = crypto.randomUUID();
|
|
const portB = crypto.randomUUID();
|
|
|
|
await sql`
|
|
INSERT INTO ports (id, name, slug, country, currency, timezone)
|
|
VALUES
|
|
(${portA}, 'Port Alpha', ${'alpha-' + portA.slice(0, 8)}, 'AU', 'AUD', 'UTC'),
|
|
(${portB}, 'Port Beta', ${'beta-' + portB.slice(0, 8)}, 'NZ', 'NZD', 'UTC')
|
|
`;
|
|
|
|
await sql.end();
|
|
return { portA, portB };
|
|
}
|
|
|
|
async function cleanupPorts(portA: string, portB: string): Promise<void> {
|
|
const postgres = (await import('postgres')).default;
|
|
const sql = postgres(TEST_DB_URL, { max: 1 });
|
|
await sql`DELETE FROM ports WHERE id = ANY(${[portA, portB]})`;
|
|
await sql.end();
|
|
}
|
|
|
|
// ─── Tests ────────────────────────────────────────────────────────────────────
|
|
|
|
describe('Port Scoping — Clients', () => {
|
|
let portA: string;
|
|
let portB: string;
|
|
|
|
beforeAll(async () => {
|
|
if (!dbAvailable) return;
|
|
({ portA, portB } = await seedPorts());
|
|
});
|
|
|
|
afterAll(async () => {
|
|
if (!dbAvailable) return;
|
|
await cleanupPorts(portA, portB);
|
|
});
|
|
|
|
itDb('client created in Port A is invisible to Port B list', async () => {
|
|
const { createClient, listClients } = await import('@/lib/services/clients.service');
|
|
|
|
const meta = makeAuditMeta({ portId: portA });
|
|
|
|
const client = await createClient(
|
|
portA,
|
|
makeCreateClientInput({ fullName: 'Alice Scope' }),
|
|
meta,
|
|
);
|
|
|
|
expect(client.portId).toBe(portA);
|
|
|
|
const result = await listClients(portB, {
|
|
page: 1,
|
|
limit: 50,
|
|
sort: 'updatedAt',
|
|
order: 'desc',
|
|
includeArchived: false,
|
|
});
|
|
|
|
const ids = (result.data as Array<{ id: string }>).map((c) => c.id);
|
|
expect(ids).not.toContain(client.id);
|
|
});
|
|
|
|
itDb('getClientById throws NotFoundError when portId does not match', async () => {
|
|
const { createClient, getClientById } = await import('@/lib/services/clients.service');
|
|
const { NotFoundError } = await import('@/lib/errors');
|
|
|
|
const meta = makeAuditMeta({ portId: portA });
|
|
const client = await createClient(
|
|
portA,
|
|
makeCreateClientInput({ fullName: 'Bob Scope' }),
|
|
meta,
|
|
);
|
|
|
|
await expect(getClientById(client.id, portB)).rejects.toThrow(NotFoundError);
|
|
});
|
|
|
|
itDb('updateClient on wrong port throws NotFoundError', async () => {
|
|
const { createClient, updateClient } = await import('@/lib/services/clients.service');
|
|
const { NotFoundError } = await import('@/lib/errors');
|
|
|
|
const meta = makeAuditMeta({ portId: portA });
|
|
const client = await createClient(
|
|
portA,
|
|
makeCreateClientInput({ fullName: 'Carol Scope' }),
|
|
meta,
|
|
);
|
|
|
|
await expect(updateClient(client.id, portB, { fullName: 'Hacked' }, meta)).rejects.toThrow(
|
|
NotFoundError,
|
|
);
|
|
});
|
|
|
|
itDb('archiveClient on wrong port throws NotFoundError', async () => {
|
|
const { createClient, archiveClient } = await import('@/lib/services/clients.service');
|
|
const { NotFoundError } = await import('@/lib/errors');
|
|
|
|
const meta = makeAuditMeta({ portId: portA });
|
|
const client = await createClient(
|
|
portA,
|
|
makeCreateClientInput({ fullName: 'Dave Scope' }),
|
|
meta,
|
|
);
|
|
|
|
await expect(archiveClient(client.id, portB, meta)).rejects.toThrow(NotFoundError);
|
|
});
|
|
});
|
|
|
|
describe('Port Scoping — Interests', () => {
|
|
let portA: string;
|
|
let portB: string;
|
|
let clientIdA: string;
|
|
|
|
beforeAll(async () => {
|
|
if (!dbAvailable) return;
|
|
({ portA, portB } = await seedPorts());
|
|
|
|
const { createClient } = await import('@/lib/services/clients.service');
|
|
const meta = makeAuditMeta({ portId: portA });
|
|
const client = await createClient(
|
|
portA,
|
|
makeCreateClientInput({ fullName: 'Scope Test Client' }),
|
|
meta,
|
|
);
|
|
clientIdA = client.id;
|
|
});
|
|
|
|
afterAll(async () => {
|
|
if (!dbAvailable) return;
|
|
await cleanupPorts(portA, portB);
|
|
});
|
|
|
|
itDb('interest created in Port A is invisible to Port B list', async () => {
|
|
const { createInterest, listInterests } = await import('@/lib/services/interests.service');
|
|
|
|
const meta = makeAuditMeta({ portId: portA });
|
|
const interest = await createInterest(
|
|
portA,
|
|
makeCreateInterestInput({ clientId: clientIdA }),
|
|
meta,
|
|
);
|
|
|
|
expect(interest.portId).toBe(portA);
|
|
|
|
const result = await listInterests(portB, {
|
|
page: 1,
|
|
limit: 50,
|
|
sort: 'updatedAt',
|
|
order: 'desc',
|
|
includeArchived: false,
|
|
});
|
|
|
|
const ids = (result.data as unknown as Array<{ id: string }>).map((i) => i.id);
|
|
expect(ids).not.toContain(interest.id);
|
|
});
|
|
|
|
itDb('getInterestById throws NotFoundError when portId does not match', async () => {
|
|
const { createInterest, getInterestById } = await import('@/lib/services/interests.service');
|
|
const { NotFoundError } = await import('@/lib/errors');
|
|
|
|
const meta = makeAuditMeta({ portId: portA });
|
|
const interest = await createInterest(
|
|
portA,
|
|
makeCreateInterestInput({ clientId: clientIdA }),
|
|
meta,
|
|
);
|
|
|
|
await expect(getInterestById(interest.id, portB)).rejects.toThrow(NotFoundError);
|
|
});
|
|
|
|
itDb('changeInterestStage on wrong port throws NotFoundError', async () => {
|
|
const { createInterest, changeInterestStage } =
|
|
await import('@/lib/services/interests.service');
|
|
const { NotFoundError } = await import('@/lib/errors');
|
|
|
|
const meta = makeAuditMeta({ portId: portA });
|
|
const interest = await createInterest(
|
|
portA,
|
|
makeCreateInterestInput({ clientId: clientIdA }),
|
|
meta,
|
|
);
|
|
|
|
await expect(
|
|
changeInterestStage(interest.id, portB, { pipelineStage: 'qualified' }, meta),
|
|
).rejects.toThrow(NotFoundError);
|
|
});
|
|
});
|