Order wizard was skipping steps (jumping to add-ons) due to stale currentStep
persisting in localStorage from previous orders. Reset store on plan selection
and exclude currentStep from persistence. Also add max(11) validation on MNP
phone number to prevent Salesforce STRING_TOO_LONG errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Added rate limiting to the AuthController to prevent abuse of authentication endpoints.
- Updated OtpInput component to simplify completion logic for better usability.
- Refactored ForgotPasswordView to improve email confirmation handling and user feedback.
- Enhanced PaymentMethods components with refresh functionality for better payment management.
- Made minor UI adjustments across various components for improved consistency and clarity.
- Updated BillingController to use Promise.all for concurrent fetching of payment methods and WHMCS client ID, improving performance.
- Modified package.json in the portal to enable turbopack for faster development builds.
- Removed unused useInvoicesFilter hook from the billing feature, streamlining the codebase.
- Enhanced useCarousel hook to support auto-play functionality and pause on user interaction, improving user experience in the landing page carousel.
- Deleted subscription invoice-related methods and cache configurations from WhmcsCacheService and WhmcsInvoiceService.
- Updated BillingController to utilize WhmcsPaymentService and WhmcsSsoService directly, removing the BillingOrchestrator.
- Simplified SubscriptionDetail and InvoicesList components by eliminating unnecessary invoice loading logic.
- Adjusted API queries and hooks to streamline invoice data fetching, enhancing performance and maintainability.
- Changed the subject line in the SupportService to include the contact name for better context.
- Removed the subject field from the ContactForm state and schema, streamlining the form.
- Updated the HeroSection text to better reflect the services offered, enhancing clarity and appeal.
- Improved error logging in WhmcsHttpClientService by simplifying log messages.
- Introduced RequestWithCookies type for better type safety in auth controllers.
- Refactored ValidatedUser interface for internal consistency.
- Streamlined error handling by removing deprecated constants and consolidating token logic.
- Enhanced maintainability by removing unused methods in token services.
- Simplified error logging in WhmcsHttpClientService by removing action parameters from log messages for clarity.
- Introduced RequestWithCookies type to improve type safety in auth controllers and utilities.
- Refactored ValidatedUser interface to remove export, aligning with internal usage.
- Removed deprecated auth error constants and streamlined error handling in various auth services.
- Consolidated token handling logic by utilizing a shared hashToken utility across token services.
- Removed unused and redundant methods in token services, improving code maintainability.
- Removed WhmcsLinkWorkflowService and integrated its functionality into new AccountCreationWorkflowService and AccountMigrationWorkflowService.
- Introduced OtpEmailService for sending OTP emails, enhancing email handling in LoginOtpWorkflowService and VerificationWorkflowService.
- Replaced NewCustomerSignupWorkflowService and SfCompletionWorkflowService with AccountCreationWorkflowService, consolidating account creation logic.
- Updated GetStartedCoordinator to utilize new workflow services, improving clarity and maintainability of the authentication process.
- Enhanced error handling and logging across workflows to provide better feedback during account creation and migration.
Merge SfCompletionWorkflow and NewCustomerSignupWorkflow into a single
AccountCreationWorkflowService, remove legacy /auth/migrate endpoint
and WhmcsLinkWorkflow, extract shared OTP email pattern into
OtpEmailService, and improve PORTAL_EXISTS redirect UX with email
pre-fill.
- Consolidate signup/ directory services into steps/ (PortalUserCreationService,
WhmcsCleanupService) and new AccountCreationWorkflowService
- Rename WhmcsMigrationWorkflowService to AccountMigrationWorkflowService
- Remove dead code: WhmcsLinkWorkflowService, auth.controller /migrate endpoint
- Extract OtpEmailService from duplicated login/verification OTP email logic
- Pass email query param on PORTAL_EXISTS redirect for login pre-fill
- Delete 1977 lines of legacy code, add ~350 lines of consolidated logic
- Enhanced UnifiedExceptionFilter to handle ZodValidationException, extracting field errors for better user feedback.
- Updated WhmcsRequestQueueService and WhmcsHttpClientService to use logger.warn for non-critical errors, improving log clarity.
- Introduced Redis-backed caching in JapanPostFacade for postal code lookups, reducing redundant API calls.
- Refactored address handling in AddressWriterService to deduplicate concurrent Japan Post lookups, optimizing API usage.
- Improved error parsing in various forms and hooks to provide clearer error messages and field-specific feedback.
- Integrated AddressWriterService into GuestEligibilityWorkflowService and NewCustomerSignupWorkflowService for improved address writing to Salesforce.
- Updated AddressModule to include SalesforceModule and export AddressWriterService.
- Refactored address handling in various workflows to utilize the new address structure, ensuring consistency and reliability in address processing.
- Removed deprecated address building logic from eligibility check store, streamlining address management across components.
- Replaced standard input fields with the new PasswordInput component in various forms including PasswordChangeCard, LoginForm, PasswordResetForm, SetPasswordForm, and MigrateAccountStep.
- Updated imports to include PasswordInput in relevant components for consistent password handling and improved user experience.
- Increased default login rate limit from 5 to 20 and adjusted TTL from 15 to 5 minutes for improved security.
- Updated login captcha threshold from 3 to 5 attempts to enhance user experience.
- Modified AccountEventsListener to invalidate additional queries for account updates and support case changes, improving responsiveness to real-time events.
- Introduced structured error codes in BadRequestException for better clarity in WHMCS and signup workflows.
- Updated error messages to include specific context, improving user feedback during account verification and migration processes.
- Refined validation logic to ensure consistent error handling across services.
- Introduced a new `AccountStatusResult` interface to standardize account status detection across systems.
- Updated the `VerificationWorkflowService` to merge handoff data with discovered account status.
- Enhanced error handling in `GlobalAuthGuard` and `LocalAuthGuard` to include structured error codes for better clarity in unauthorized responses.
- Refined WHMCS and Salesforce integration schemas to ensure consistent data validation and coercion.
- Removed special character requirement from password validation across various components and schemas.
- Updated user-facing messages to reflect the new password criteria.
- Adjusted related validation logic in the domain and portal to ensure consistency.
Replace loose z.string() fields in supportCaseSchema and supportCaseFilterSchema
with the already-defined enum schemas (status, priority, category). Add JSDoc
to intentional escape hatches in customer contract interfaces. Fix portal
type assertions for the stricter filter types.
Replace fragile .env backup/restore with Vault-based secret injection.
Secrets are preloaded via --import hook before NestJS modules evaluate,
with a 30s refresh loop and event-driven cache invalidation for services
that read secrets at init (JWT, CSRF, WHMCS).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comprehensive refactoring across 70 files (net -298 lines) improving
type safety, error handling, and code organization:
- Replace .passthrough()/.catchall(z.unknown()) with .strip() in all Zod schemas
- Tighten Record<string, unknown> to bounded union types where possible
- Replace throw new Error with domain-specific exceptions (OrderException,
FulfillmentException, WhmcsOperationException, SalesforceOperationException, etc.)
- Split AuthTokenService (625 lines) into TokenGeneratorService and
TokenRefreshService with thin orchestrator
- Deduplicate FreebitClientService with shared makeRequest() method
- Add typed interfaces to WHMCS facade, order service, and fulfillment mapper
- Externalize hardcoded config values to ConfigService with env fallbacks
- Consolidate duplicate billing cycle enums into shared billingCycleSchema
- Standardize logger usage (nestjs-pino @Inject(Logger) everywhere)
- Move shared WHMCS number coercion helpers to whmcs-utils/schema.ts
- Replace SignupWorkflowService and GetStartedWorkflowService with new coordinator services for improved modularity and clarity.
- Update auth controller to utilize the new GetStartedCoordinator.
- Refactor account status handling in the GetStartedForm component to leverage XState for state management.
- Introduce new hooks for managing the get-started flow, enhancing the overall user experience.
- Remove deprecated services and clean up related imports to maintain code hygiene.
- Enhance safeOperation with rethrow and fallbackMessage options for CRITICAL operations
- Migrate all 19 withErrorHandling calls across 5 services to safeOperation
- Remove safeAsync from error.util.ts
- Delete error-handler.util.ts (withErrorHandling, withErrorSuppression, withErrorLogging)
- Update barrel exports in core/utils/index.ts
- Create RollbackCoordinator shared by TransactionService and DistributedTransactionService
- Remove unused executeSimpleTransaction()
- Split AuditService into AuditLogService (writes) and AuditQueryService (reads)
- Create CacheStrategyBase with request coalescing, metrics, and getOrSet pattern
- Refactor orders and support cache services to extend CacheStrategyBase
- Move sim-orders.controller.ts into sim-orders/ sub-directory with barrel file
- Extract checkout session business logic from orders controller into checkout-session.service.ts
- Rename getRequestFingerprint to getRateLimitFingerprint in rate-limit.util.ts
- Delete empty CoreConfigModule wrapper (importers use @nestjs/config directly)
- Replace inline admin role check in csrf.controller.ts with @UseGuards(AdminGuard)
- Move hashEmailForLogs() from support.logging.ts to core/logging/redaction.util.ts
Physical SIM: route MNP orders through PA05-19 (semi-black registration)
instead of PA02-01. eSIM: fix PA05-41 payload — move identity fields into
mnp object (Level 2 nesting per spec), set addKind="M" and aladinOperated="20"
for MNP, map Salesforce gender "F" to Freebit "W", and pass simKind="E0".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix Tailwind v4 modal stacking bug by adding relative z-10 to modal
content divs (CancellationFlow, ChangePlanModal, TopUpModal, SimActions)
- Add test mode for immediate plan changes (SIM_BILLING_TEST_MODE) instead
of scheduling for 1st of next month
- Bypass rate limiter spacing/cancellation checks in test mode
- Hide voice feature toggles for data-only SIMs using hasVoice flag
- Guard BFF voice feature updates to reject early for data-only SIMs
- Fix Freebit retry logic to not retry business errors (e.g. resultCode 260)
- Add user-friendly error message for resultCode 260 (voice not active)
- Update plan change page text to reflect test mode behavior
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix SF Order locking by deferring Status change to final step
- executeSfActivatedUpdate now only sets Activation_Status__c
- executeSfRegistrationComplete sets Status: Processed atomically with WHMCS info
- Add WHMCS custom fields update step (whmcs_custom_fields)
- AddOrder API expects field IDs, UpdateClientProduct accepts field names
- New step updates SIM Number, Serial Number, EID after order acceptance
- Add Opportunity WH_Registeration__c field update
- Sets productselect={serviceId} for WHMCS linking
- Add SIM Inventory assignment fields
- Assigned_Account__c, Assigned_Order__c, SIM_Type__c now populated
- Remove PA05-18 Semi-Black SIM registration (only Black SIMs used)
- Changed to direct PA02-01 call with createType=new
- Fix me-status to check for Status: Processed instead of Activated
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Simplified conditional rendering in OrderSummary, ProductCard, InstallationOptions, InternetOfferingCard, DeviceCompatibility, SimPlansContent, and other components by removing unnecessary parentheses.
- Enhanced clarity in the use of ternary operators for better maintainability.
- Updated documentation to reflect changes in development setup for skipping OTP verification during login.
- Removed outdated orchestrator refactoring plan document.
- Added new environment variable for skipping OTP verification in development.
- Minor adjustments in domain contracts and mappers for consistency in conditional checks.
- Remove PA05-18 semi-black step from physical SIM flow, use PA02-01 directly
- Add WHMCS client ID fallback from Salesforce WH_Account__c field
- Return service IDs from WHMCS AcceptOrder for proper linking
- Add phone number to WHMCS domain field and WHMCS admin URL to Salesforce
- Change SIM Inventory status from "In Use" to "Assigned"
- Fix SIM services query case sensitivity ("SIM" → "Sim")
- Add bash 3.2 compatibility to dev-watch.sh
- Add "Most Popular Services" section to landing page
- Add "Trusted By" company carousel to About page
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Extracted case detail logic into a custom hook `useCaseDetailState` for better separation of concerns.
- Created sub-components: `CaseNotFoundView`, `CaseHeaderCard`, `CaseMetaInfoRow`, `CaseConversationSection`, `ReplyForm`, and `ClosedCaseNotice` to enhance readability and maintainability.
- Updated message bubble rendering to use `MessageBubbleHeader` and `MessageBubbleStatus` for clearer status indication.
- Improved loading and error handling in `ResidenceCardVerificationSettingsView` by creating dedicated content components for different states.
- Refactored `transformWhmcsSubscriptionListResponse` to enhance readability and maintainability.
- Minor code style adjustments for consistency and clarity across various files.
- Implement AddressReconcileQueueService to handle address reconciliation jobs between WHMCS and Salesforce.
- Define job data structure and queue configuration for retries and error handling.
- Add methods for enqueueing reconciliation jobs and retrieving queue health metrics.
feat: create loading components for various services in the portal
- Add loading skeletons for Internet, SIM, VPN, and public services configuration.
- Implement loading states for account-related views including account details, services, and verification settings.
- Introduce loading states for support case details and subscription actions.
feat: implement OTP input component for user verification
- Create OtpInput component to handle 6-digit OTP input with auto-focus and navigation.
- Add LoginOtpStep component for OTP verification during login, including countdown timer and error handling.
feat: define address domain constants for validation
- Establish constants for address field length limits to ensure compliance with WHMCS API constraints.
- Include maximum lengths for address fields and user input fields to maintain data integrity.
Physical SIM activation was failing with error 210 "アカウント不在エラー"
(Account not found) because PA02-01 requires the SIM to be pre-registered
in Freebit's system. This adds PA05-18 (Semi-Black Account Registration)
as the first step before PA02-01.
New flow: PA05-18 → PA02-01 → PA05-05
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace animated blob hero background with dot grid pattern
- Add gradient bleed transitions between all landing page sections
- Apply same gradient bleed technique to About page sections
- Remove unused blob-float animations from globals.css
- Make Trust and Values sections full-width for visual consistency
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace PA05-33 OTA API with the proper two-step activation flow:
- PA02-01: Account Registration (/master/addAcnt/)
- PA05-05: Voice Options Registration (/mvno/talkoption/addOrder/)
Changes:
- Add FreebitAccountRegistrationService for PA02-01 account registration
- Add FreebitVoiceOptionsService for PA05-05 voice options
- Update SimFulfillmentService to use new APIs instead of PA05-33 OTA
- Add SalesforceSIMInventoryService for fetching SIM inventory data
- Remove deprecated FreebitOtaService (PA05-33 no longer used)
- Remove debug console.log statements
The new flow:
1. Fetch SIM inventory from Salesforce (phone number, PT number)
2. Call PA02-01 to register MVNO account with plan code
3. Call PA05-05 to configure voice options with customer identity
4. Update SIM inventory status to "In Use"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add Eligibility_Address_Key__c field (postcode:streetAddress format) to Case records
for eligibility check requests. Salesforce Flow will use this field to detect duplicate
requests for the same address within a time period.
Changes:
- Add eligibilityAddressKey to CreateCaseParams and CASE_FIELDS mapping
- Add streetAddress param to EligibilityCheckCaseParams for passing from callers
- Add createAddressKey() helper in WorkflowCaseManager to generate the key
- Update raw.types.ts schema with new field
- Note in internet-eligibility.service.ts that basic flow skips duplicate detection
feat: implement unified SIM notification service for internal and customer notifications
feat: create SIM schedule service for date validation and resolution
feat: develop subscriptions orchestrator service for managing subscription operations and statistics
