- Replaced standard input fields with the new PasswordInput component in various forms including PasswordChangeCard, LoginForm, PasswordResetForm, SetPasswordForm, and MigrateAccountStep.
- Updated imports to include PasswordInput in relevant components for consistent password handling and improved user experience.
- Updated phone number validation logic in useCompleteAccountForm and CompleteAccountStep components to include schema validation using phoneSchema.
- Improved error messaging for invalid phone numbers and ensured required field checks are clearly defined.
- Adjusted CSP to allow same-origin scripts and inline scripts generated by Next.js.
- Removed 'strict-dynamic' to prevent blocking of parser-inserted script tags, ensuring proper loading of Next.js chunks.
- Increased default login rate limit from 5 to 20 and adjusted TTL from 15 to 5 minutes for improved security.
- Updated login captcha threshold from 3 to 5 attempts to enhance user experience.
- Modified AccountEventsListener to invalidate additional queries for account updates and support case changes, improving responsiveness to real-time events.
- Changed the default value of SF_EVENTS_ENABLED from "false" to "true" in the OrderCdcSubscriber class to ensure that Order CDC events are enabled by default upon initialization.
- Introduced a new reset form schema that extends the domain passwordResetSchema to include a confirmPassword field with matching logic.
- Updated the PasswordResetForm component to utilize the new schema for improved validation.
- Added applyAuthResponse method to the auth store for syncing authentication responses.
- Refactored GetStartedForm to redirect users to the dashboard upon successful account setup, integrating with the auth store for session management.
- Removed unnecessary redirection logic from CompleteAccountStep and MigrateAccountStep components to streamline the flow.
- Introduced structured error codes in BadRequestException for better clarity in WHMCS and signup workflows.
- Updated error messages to include specific context, improving user feedback during account verification and migration processes.
- Refined validation logic to ensure consistent error handling across services.
- Introduced a new `AccountStatusResult` interface to standardize account status detection across systems.
- Updated the `VerificationWorkflowService` to merge handoff data with discovered account status.
- Enhanced error handling in `GlobalAuthGuard` and `LocalAuthGuard` to include structured error codes for better clarity in unauthorized responses.
- Refined WHMCS and Salesforce integration schemas to ensure consistent data validation and coercion.
- Removed special character requirement from password validation across various components and schemas.
- Updated user-facing messages to reflect the new password criteria.
- Adjusted related validation logic in the domain and portal to ensure consistency.
Cookie-based handoff pattern for existing users in the get-started
flow. After OTP verification detects portal_exists, BFF sets a
short-lived HttpOnly cookie and redirects to the login page, which
shows a password-only form (no second OTP).
- Salesforce: add validation/duplicate/access/storage error classes and
restore classification in error handler (400/409/403/503 vs generic 502)
- Freebit: add auth/rate-limit/validation/network error classes and
restore result-code-based classification (215, 381, 382)
- Portal: replace unsafe string→enum casts with typed state variables
- BaseRepository: narrow orderBy from unknown to Record<string, "asc"|"desc">
- WHMCS: narrow WhmcsNotFoundError.providerCode from string to union type
- Remove unused UnitOfWork service from PrismaModule
Add BaseRepository generic class with typed CRUD operations. Create
UnitOfWork service wrapping TransactionService for atomic multi-entity
operations. Add concrete repositories for SimVoiceOptions, IdMapping,
and AuditLog. Migrate VoiceOptionsService, MappingsService, and
AuditLogService from direct PrismaService usage to repositories.
Add structured error code enums to domain package for WHMCS, Salesforce,
and Freebit providers. Create BaseProviderError and typed error classes
for each provider. Update UnifiedExceptionFilter to handle provider errors.
Migrate all three error handler services from DomainHttpException with
brittle string matching to typed error classes with instanceof checks.
Replace loose z.string() fields in supportCaseSchema and supportCaseFilterSchema
with the already-defined enum schemas (status, priority, category). Add JSDoc
to intentional escape hatches in customer contract interfaces. Fix portal
type assertions for the stricter filter types.
Replace fragile .env backup/restore with Vault-based secret injection.
Secrets are preloaded via --import hook before NestJS modules evaluate,
with a 30s refresh loop and event-driven cache invalidation for services
that read secrets at init (JWT, CSRF, WHMCS).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comprehensive refactoring across 70 files (net -298 lines) improving
type safety, error handling, and code organization:
- Replace .passthrough()/.catchall(z.unknown()) with .strip() in all Zod schemas
- Tighten Record<string, unknown> to bounded union types where possible
- Replace throw new Error with domain-specific exceptions (OrderException,
FulfillmentException, WhmcsOperationException, SalesforceOperationException, etc.)
- Split AuthTokenService (625 lines) into TokenGeneratorService and
TokenRefreshService with thin orchestrator
- Deduplicate FreebitClientService with shared makeRequest() method
- Add typed interfaces to WHMCS facade, order service, and fulfillment mapper
- Externalize hardcoded config values to ConfigService with env fallbacks
- Consolidate duplicate billing cycle enums into shared billingCycleSchema
- Standardize logger usage (nestjs-pino @Inject(Logger) everywhere)
- Move shared WHMCS number coercion helpers to whmcs-utils/schema.ts
- Simplify error handling in WhmcsAccountDiscoveryService by logging warnings for user sub-account lookup failures instead of throwing errors.
- Ensure that the primary client lookup remains the authoritative source while allowing supplementary checks for user accounts.
- Enhance code clarity and maintainability by removing unnecessary error checks.
- Replace SignupWorkflowService and GetStartedWorkflowService with new coordinator services for improved modularity and clarity.
- Update auth controller to utilize the new GetStartedCoordinator.
- Refactor account status handling in the GetStartedForm component to leverage XState for state management.
- Introduce new hooks for managing the get-started flow, enhancing the overall user experience.
- Remove deprecated services and clean up related imports to maintain code hygiene.
- Refactor various mappers in billing, payments, services, and subscriptions to ensure IDs are consistently converted to numbers.
- Update raw types schemas to utilize whmcsNumberLike and whmcsString for improved validation and type safety.
- Enhance the whmcs-utils to include schema exports for better modularity.
- Enhance safeOperation with rethrow and fallbackMessage options for CRITICAL operations
- Migrate all 19 withErrorHandling calls across 5 services to safeOperation
- Remove safeAsync from error.util.ts
- Delete error-handler.util.ts (withErrorHandling, withErrorSuppression, withErrorLogging)
- Update barrel exports in core/utils/index.ts
- Create RollbackCoordinator shared by TransactionService and DistributedTransactionService
- Remove unused executeSimpleTransaction()
- Split AuditService into AuditLogService (writes) and AuditQueryService (reads)
- Create CacheStrategyBase with request coalescing, metrics, and getOrSet pattern
- Refactor orders and support cache services to extend CacheStrategyBase
- Move sim-orders.controller.ts into sim-orders/ sub-directory with barrel file
- Extract checkout session business logic from orders controller into checkout-session.service.ts
- Create SalesforceThrottleBaseGuard abstract base class (read/write guards are thin subclasses)
- Rename infra RealtimeModule to RealtimePubSubModule to distinguish from RealtimeApiModule
- Rename getRequestFingerprint to getRateLimitFingerprint in rate-limit.util.ts
- Delete empty CoreConfigModule wrapper (importers use @nestjs/config directly)
- Replace inline admin role check in csrf.controller.ts with @UseGuards(AdminGuard)
- Move hashEmailForLogs() from support.logging.ts to core/logging/redaction.util.ts
Physical SIM: route MNP orders through PA05-19 (semi-black registration)
instead of PA02-01. eSIM: fix PA05-41 payload — move identity fields into
mnp object (Level 2 nesting per spec), set addKind="M" and aladinOperated="20"
for MNP, map Salesforce gender "F" to Freebit "W", and pass simKind="E0".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix Tailwind v4 modal stacking bug by adding relative z-10 to modal
content divs (CancellationFlow, ChangePlanModal, TopUpModal, SimActions)
- Add test mode for immediate plan changes (SIM_BILLING_TEST_MODE) instead
of scheduling for 1st of next month
- Bypass rate limiter spacing/cancellation checks in test mode
- Hide voice feature toggles for data-only SIMs using hasVoice flag
- Guard BFF voice feature updates to reject early for data-only SIMs
- Fix Freebit retry logic to not retry business errors (e.g. resultCode 260)
- Add user-friendly error message for resultCode 260 (voice not active)
- Update plan change page text to reflect test mode behavior
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix SF Order locking by deferring Status change to final step
- executeSfActivatedUpdate now only sets Activation_Status__c
- executeSfRegistrationComplete sets Status: Processed atomically with WHMCS info
- Add WHMCS custom fields update step (whmcs_custom_fields)
- AddOrder API expects field IDs, UpdateClientProduct accepts field names
- New step updates SIM Number, Serial Number, EID after order acceptance
- Add Opportunity WH_Registeration__c field update
- Sets productselect={serviceId} for WHMCS linking
- Add SIM Inventory assignment fields
- Assigned_Account__c, Assigned_Order__c, SIM_Type__c now populated
- Remove PA05-18 Semi-Black SIM registration (only Black SIMs used)
- Changed to direct PA02-01 call with createType=new
- Fix me-status to check for Status: Processed instead of Activated
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
BFF fixes:
- Fix pino-http type import by using Params from nestjs-pino
- Use Prisma-generated AuditAction enum instead of local duplicate
- Add null check for sfAccountId in mapping mapper
Portal mobile UX improvements:
- DataTable: Add responsive card view for mobile with stacked layout
- Header: Increase touch targets to 44px minimum, better spacing
- PageLayout: Optimize padding and make breadcrumbs scrollable
- PublicShell: Add iOS safe area support, slide animation, language
switcher and sign-in button visible in mobile header
Also removes "Trusted by Leading Companies" section from AboutUsView.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Simplified conditional rendering in OrderSummary, ProductCard, InstallationOptions, InternetOfferingCard, DeviceCompatibility, SimPlansContent, and other components by removing unnecessary parentheses.
- Enhanced clarity in the use of ternary operators for better maintainability.
- Updated documentation to reflect changes in development setup for skipping OTP verification during login.
- Removed outdated orchestrator refactoring plan document.
- Added new environment variable for skipping OTP verification in development.
- Minor adjustments in domain contracts and mappers for consistency in conditional checks.
- Remove PA05-18 semi-black step from physical SIM flow, use PA02-01 directly
- Add WHMCS client ID fallback from Salesforce WH_Account__c field
- Return service IDs from WHMCS AcceptOrder for proper linking
- Add phone number to WHMCS domain field and WHMCS admin URL to Salesforce
- Change SIM Inventory status from "In Use" to "Assigned"
- Fix SIM services query case sensitivity ("SIM" → "Sim")
- Add bash 3.2 compatibility to dev-watch.sh
- Add "Most Popular Services" section to landing page
- Add "Trusted By" company carousel to About page
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
