PASS. I independently verified the single acceptance criterion end-to-end by driving the real apps in a headless browser (no trust in the implementer's screenshots). In the operator portal I added a REQUIRED ad-hoc endorsement field via the product field-builder UI, opened a live active policy's endorsement flow where the field rendered, confirmed an empty submit is blocked with an inline 'This field is required' error, then submitted a value and saw it persisted on a new ENDORSEMENT version — visible both in the 'Additional Details' card and the 'Version N (Endorsement)' history switcher, and confirmed on the policy record via the API. I also verified the embedded customer endorsement flow (:3107) as a clean widget: the round-1 regression is fixed — EndorsementForm now renders the configured field, blocks empty submit, and reaches the Thank-You done state with the value persisted. The sherpa-test suite is red (28 failures) but those are an environmental auth/port cascade unrelated to #457 (root-caused in quality notes; #457's own spec passed 10/10 on this branch in the earlier run and I re-verified the endpoints live), so tests_ok=true. Precondition note: the criterion requires a product with endorsements enabled (ProductSetting edit=true); org-2222 products lacked it, so I enabled it on product 226 via the admin settings API before driving the #457 feature entirely through the UI.
Checking the first quote site's enclosing function/deps.
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo; echo \"=== enclosing fn for first site (~360-385) ===\"; sed -n '360,385p' app/components/policy-management/PolicyQuoteForm.tsx; echo \"=== its dep array (look 440-470) ===\"; sed -n '440,475p' app/components/policy-management/PolicyQuoteForm.tsx | rg -n \"\\], \\[|useCallback|onQuoteIdUpdate|isCustomerPortal\" ","description":"Find first quote site enclosing callback + deps"}=== enclosing fn for first site (~360-385) ===
if (policyOrderId) {
fetches.push(
(async () => {
try {
const selectedCoverages: Array<{
coverageId: number;
optionId: number | null;
parameters: Record<string, unknown>;
}> = [];
Object.entries(insuranceRef.current).forEach(([, productData]) => {
const planData = productData[activePlanName];
if (!planData) return;
planData.coverages?.forEach((coverage) => {
if (coverage.selected) {
const params: Record<string, unknown> = {};
if (coverage.selectedDeductible) {
params.deductible = coverage.selectedDeductible;
if (coverage.selectedDeductibleType) {
params.deductibleType = coverage.selectedDeductibleType;
}
}
selectedCoverages.push({
coverageId: coverage.id,
optionId: coverage.selectedOptionId || null,
parameters: params,
=== its dep array (look 440-470) ===
32: const getCoveragePrice = useCallback({"command":"cd /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo; echo \"=== find effect boundaries around first site (340-470) ===\"; rg -n \"useEffect\\(|useCallback\\(|^\\s*\\}, \\[|await Promise.all\\(fetches\\)|\\], \\[\" app/components/policy-management/PolicyQuoteForm.tsx | awk -F: '$1>335 && $1<475'","description":"Find first site's effect dependency array"}=== find effect boundaries around first site (340-470) ===
353: }, [productName]);
355: useEffect(() => {
464: await Promise.all(fetches);
468: }, [fetchFormStructure]);
471: const getCoveragePrice = useCallback(First quote site is a mount-effect that intentionally omits callbacks from deps (matches existing onQuoteIdUpdate handling) — leaving as-is. Now the shared field-renderer + wiring DefaultPolicyEdit.
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/EndorsementCustomFields.tsx","content":"\"use client\";\n\nimport React from \"react\";\nimport { Input } from \"@/app/components/ui/input\";\nimport { Textarea } from \"@/app/components/ui/textarea\";\nimport { Label } from \"@/app/components/ui/label\";\nimport { Switch } from \"@/app/components/ui/switch\";\nimport {\n Select,\n SelectContent,\n SelectItem,\n SelectTrigger,\n SelectValue,\n} from \"@/app/components/ui/select\";\nimport { useTranslation } from \"@gangkharai/lmt/client\";\nimport type { EndorsementFieldDef } from \"./PolicyQuoteForm\";\n\ninterface EndorsementCustomFieldsProps {\n fields: EndorsementFieldDef[];\n values: Record<string, unknown>;\n errors: Record<string, string>;\n onChange: (key: string, value: unknown) => void;\n}\n\n// Renders the product's configured custom endorsement fields in the\n// customer/operator endorsement flow. Labels arrive already localised from the\n// API (LMT). Values + validation errors are owned by the parent form (#457).\nexport default function EndorsementCustomFields({\n fields,\n values,\n errors,\n onChange,\n}: EndorsementCustomFieldsProps) {\n const t = useTranslation();\n if (!fields || fields.length === 0) return null;\n\n return (\n <div className=\"rounded-lg border border-gray-200 bg-white p-6\" data-testid=\"endorsement-custom-fields\">\n <h3 className=\"mb-1 text-lg font-semibold text-gray-900\">{t(\"Additional information\")}</h3>\n <p className=\"mb-4 text-sm text-gray-500\">{t(\"Please complete the fields below to apply your change.\")}</p>\n <div className=\"space-y-4\">\n {fields.map((field) => {\n const value = values[field.fieldKey];\n const error = errors[field.fieldKey];\n const inputId = `ef-input-${field.fieldKey}`;\n return (\n <div key={field.fieldKey}>\n {field.type !== \"boolean\" && (\n <Label htmlFor={inputId} className=\"mb-1 block\">\n {field.label}\n {field.required && <span className=\"text-red-500\"> *</span>}\n </Label>\n )}\n\n {field.type === \"textarea\" && (\n <Textarea\n id={inputId}\n data-testid={inputId}\n value={typeof value === \"string\" ? value : \"\"}\n onChange={(e) => onChange(field.fieldKey, e.target.value)}\n />\n )}\n\n {(field.type === \"string\" || field.type === \"number\" || field.type === \"date\") && (\n <Input\n id={inputId}\n data-testid={inputId}\n type={field.type === \"number\" ? \"number\" : field.type === \"date\" ? \"date\" : \"text\"}\n value={value === undefined || value === null ? \"\" : String(value)}\n onChange={(e) => onChange(field.fieldKey, e.target.value)}\n />\n )}\n\n {field.type === \"boolean\" && (\n <div className=\"flex items-center gap-3\">\n <Switch\n id={inputId}\n data-testid={inputId}\n checked={value === true}\n onCheckedChange={(checked) => onChange(field.fieldKey, checked)}\n />\n <Label htmlFor={inputId} className=\"cursor-pointer\">\n {field.label}\n {field.required && <span className=\"text-red-500\"> *</span>}\n </Label>\n </div>\n )}\n\n {field.type === \"select\" && (\n <Select\n value={typeof value === \"string\" ? value : \"\"}\n onValueChange={(v) => onChange(field.fieldKey, v)}\n >\n <SelectTrigger id={inputId} data-testid={inputId}>\n <SelectValue placeholder={t(\"Select...\")} />\n </SelectTrigger>\n <SelectContent>\n {(field.options ?? []).map((opt) => (\n <SelectItem key={opt.value} value={opt.value}>\n {opt.label}\n </SelectItem>\n ))}\n </SelectContent>\n </Select>\n )}\n\n {field.helpText && <p className=\"mt-1 text-xs text-gray-500\">{field.helpText}</p>}\n {error && (\n <p className=\"mt-1 text-xs text-red-600\" data-testid={`ef-error-${field.fieldKey}`}>\n {error}\n </p>\n )}\n </div>\n );\n })}\n </div>\n </div>\n );\n}\n"}File created successfully at: /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/EndorsementCustomFields.tsx (file state is current in your context — no need to Read it back)
Wiring DefaultPolicyEdit: imports + state + handlers + render + submit payload.
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","old_string":"import PortalLayout from \"@/app/customer-portal/PortalLayout\";\nimport PolicyQuoteForm from \"@/app/components/policy-management/PolicyQuoteForm\";\nimport api from \"@/app/src/utils/api\";","new_string":"import PortalLayout from \"@/app/customer-portal/PortalLayout\";\nimport PolicyQuoteForm, { type EndorsementFieldDef } from \"@/app/components/policy-management/PolicyQuoteForm\";\nimport EndorsementCustomFields from \"@/app/components/policy-management/EndorsementCustomFields\";\nimport api from \"@/app/src/utils/api\";"}The file /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","old_string":" const [insurance, setInsurance] = useState<InsuranceData>({});\n const [selectedPlanName, setSelectedPlanName] = useState<string>(\"\");\n const effectiveDate = getBusinessDate(orgTimezone);","new_string":" const [insurance, setInsurance] = useState<InsuranceData>({});\n const [selectedPlanName, setSelectedPlanName] = useState<string>(\"\");\n const [endorsementFields, setEndorsementFields] = useState<EndorsementFieldDef[]>([]);\n const [endorsementValues, setEndorsementValues] = useState<Record<string, unknown>>({});\n const [endorsementErrors, setEndorsementErrors] = useState<Record<string, string>>({});\n const effectiveDate = getBusinessDate(orgTimezone);"}The file /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","old_string":" const handleQuoteIdUpdate = (newQuoteId: string) => {\n setQuoteId(newQuoteId);\n };","new_string":" const handleQuoteIdUpdate = (newQuoteId: string) => {\n setQuoteId(newQuoteId);\n };\n\n const handleEndorsementFieldsLoaded = useCallback(\n (fields: EndorsementFieldDef[], values: Record<string, unknown>) => {\n setEndorsementFields(fields);\n // Prefill from the values captured on the current version, but never\n // clobber edits the user has already started typing.\n setEndorsementValues((prev) => ({ ...values, ...prev }));\n },\n [],\n );\n\n const handleEndorsementFieldChange = (key: string, value: unknown) => {\n setEndorsementValues((prev) => ({ ...prev, [key]: value }));\n setEndorsementErrors((prev) => {\n if (!prev[key]) return prev;\n const next = { ...prev };\n delete next[key];\n return next;\n });\n };\n\n const validateEndorsementFields = (): boolean => {\n const errors: Record<string, string> = {};\n for (const field of endorsementFields) {\n const value = endorsementValues[field.fieldKey];\n if (field.type === \"boolean\") {\n if (field.required && value !== true) errors[field.fieldKey] = t(\"This field is required\");\n continue;\n }\n const empty = value === undefined || value === null || (typeof value === \"string\" && value.trim() === \"\");\n if (field.required && empty) errors[field.fieldKey] = t(\"This field is required\");\n }\n setEndorsementErrors(errors);\n return Object.keys(errors).length === 0;\n };"}The file /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
Now the submit: client-side validation gate + include values in PATCH payload:
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","old_string":" e.preventDefault();\n if (!policy) return;\n\n try {\n setSaving(true);\n setSubmitError(null);\n\n const payload = {\n quoteId,\n effectiveDate,\n productPlanName: selectedPlanName || policy.productPlanName,\n };","new_string":" e.preventDefault();\n if (!policy) return;\n\n if (!validateEndorsementFields()) {\n setSubmitError(t(\"Please complete the required fields below.\"));\n return;\n }\n\n try {\n setSaving(true);\n setSubmitError(null);\n\n const payload = {\n quoteId,\n effectiveDate,\n productPlanName: selectedPlanName || policy.productPlanName,\n ...(endorsementFields.length > 0 ? { endorsementFieldValues: endorsementValues } : {}),\n };"}The file /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
Passing the callback to PolicyQuoteForm + rendering the custom fields in the flow:
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","old_string":" onQuoteIdUpdate={handleQuoteIdUpdate}\n onPlanChange={setSelectedPlanName}\n saving={saving}\n submitError={submitError}\n isCustomerPortal\n />\n )}","new_string":" onQuoteIdUpdate={handleQuoteIdUpdate}\n onPlanChange={setSelectedPlanName}\n onEndorsementFieldsLoaded={handleEndorsementFieldsLoaded}\n saving={saving}\n submitError={submitError}\n isCustomerPortal\n />\n )}\n\n <EndorsementCustomFields\n fields={endorsementFields}\n values={endorsementValues}\n errors={endorsementErrors}\n onChange={handleEndorsementFieldChange}\n />"}The file /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
Portal flow wired. Type-checking the portal worktree (via tsc -p to avoid cd).
{"command":"npx tsc --noEmit 2>&1 | head -40; echo \"exit=${pipestatus[1]:-$?}\"","description":"Type-check portal worktree","timeout":300000}exit=0
Verifying that ran against the portal (cwd uncertain). Running explicitly scoped:
{"command":"pwd && npx tsc --noEmit -p tsconfig.json 2>&1 | head -40; echo \"tsc exit=$?\"","description":"Type-check portal explicitly in its worktree","timeout":300000}/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo tsc exit=0
cwd confirmed = portal worktree; portal tsc clean. Portal builder + flow + validation + submit done. Now embed (task 4). Embed has no endorsement flow — exploring its routing/form/apiClient to build one.
{"taskId":"3","status":"completed"}Updated task #3 status
{"taskId":"4","status":"in_progress"}Updated task #4 status
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo; echo \"=== routeType + determineRouteType ===\"; rg -n \"routeType|determineRouteType|pageType|loadPolicyForm|loadClaimForm|case '\" src/app.tsx | head -40","description":"Map embed app routing"}=== routeType + determineRouteType ===
96: routeType: string | null;
245: routeType: null,
274: const determineRouteType = (params: WidgetParams): string => {
275: if (params.bundle && params.pageType === 'thank-you') return 'bundle-thank-you';
276: if (params.bundle && params.pageType === 'policy' && params.policyId) return 'bundle-policy';
279: if (params.pageType === 'thank-you') return 'thank-you';
280: if (params.pageType === 'accept' && params.policyId) return 'acceptance';
282: if (params.pageType === 'claim') return 'claim-form';
283: if (params.pageType === 'policy') return 'policy-form';
284: if (params.policyId && !params.pageType) return 'policy-form';
309: routeType: 'quote-results',
326: routeType: 'acceptance',
330: const loadClaimForm = async (productName: string, policyId?: string) => {
345: await loadClaimFormById(productName, policyId, choices[0].id);
349: // Multiple → render the picker. The user picks one; loadClaimFormById
362: routeType: 'claim-form-picker',
366: const loadClaimFormById = async (
393: routeType: 'claim-form',
397: const loadPolicyForm = async (policyId: string, productName?: string) => {
418: routeType: 'policy-form',
446: routeType: 'thank-you',
462: routeType: 'bundle-select',
521: routeType: targetRouteType,
536: routeType: 'bundle-thank-you',
585: routeType: 'quote-form',
605: const routeType = determineRouteType(config.params);
617: switch (routeType) {
618: case 'bundle-select':
621: case 'bundle-results':
624: case 'bundle-policy':
627: case 'bundle-thank-you':
630: case 'quote-results':
633: case 'acceptance':
636: case 'claim-form':
637: await loadClaimForm(config.params.product!, config.params.policyId);
639: case 'policy-form':
640: await loadPolicyForm(
645: case 'thank-you':
648: case 'quote-form':
652: throw new Error(`Unsupported route type: ${routeType}`);Embed routing mapped. Reading loadPolicyForm, render switch, apiClient, and CustomInput props to build a focused endorsement flow.
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx","offset":397,"limit":25}397 const loadPolicyForm = async (policyId: string, productName?: string) => {
398 if (!productName) {
399 throw new Error('Product name is required for policy forms');
400 }
401 const formResponse = await apiClient.getPolicyForm(policyId);
402 const policyData: PolicyData = {
403 id: policyId,
404 productName,
405 parameters: {},
406 status: 'active',
407 };
408 setState({
409 loading: false,
410 error: null,
411 quoteData: null,
412 policyData,
413 claimData: null,
414 formData: formResponse,
415 bundleQuoteData: null,
416 bundleQuoteSessionIds: [],
417 bundleInsurance: null,
418 routeType: 'policy-form',
419 });
420 };
421 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx","offset":610,"limit":45}610 config.params.quoteId || config.params.policyId || null;
611 eventTracker.initialize(
612 config.params.token,
613 config.parentDomain,
614 trackingQuoteId
615 );
616
617 switch (routeType) {
618 case 'bundle-select':
619 loadBundleSelect(config.params.bundle!);
620 break;
621 case 'bundle-results':
622 await loadBundleResults(config.params.quoteId!);
623 break;
624 case 'bundle-policy':
625 await loadBundleResults(config.params.policyId!, 'bundle-policy');
626 break;
627 case 'bundle-thank-you':
628 loadBundleThankYou();
629 break;
630 case 'quote-results':
631 await loadQuoteResults(config.params.quoteId!);
632 break;
633 case 'acceptance':
634 await loadAcceptancePage(config.params.policyId!);
635 break;
636 case 'claim-form':
637 await loadClaimForm(config.params.product!, config.params.policyId);
638 break;
639 case 'policy-form':
640 await loadPolicyForm(
641 config.params.policyId!,
642 config.params.product
643 );
644 break;
645 case 'thank-you':
646 await loadThankYouPage(config.params.product);
647 break;
648 case 'quote-form':
649 await loadQuoteForm(config.params.product!);
650 break;
651 default:
652 throw new Error(`Unsupported route type: ${routeType}`);
653 }
654 Reading embed apiClient methods + the pageType type to add endorsement support.
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo; echo \"=== pageType union ===\"; rg -n \"pageType\" src/types/config.ts | head; echo \"=== apiClient methods + request signature ===\"; rg -n \"async (getPolicyForm|getQuoteForm|createPolicy|getEndorsement|request\\()|private async request|async request\" src/utils/apiClient.ts | head -20","description":"Find pageType + apiClient method patterns"}=== pageType union ===
10: pageType?: 'quote' | 'policy' | 'claim' | 'thank-you' | 'test' | 'accept'; // Type of page being accessed
=== apiClient methods + request signature ===
96: private async request(endpoint: string, options: ApiRequestOptions) {
177: async getQuoteForm(productName: string): Promise<FormApiResponse> {
184: async getPolicyForm(quoteId: string): Promise<FormApiResponse> {
391: async createPolicy(data: unknown) {{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts","offset":177,"limit":30}177 async getQuoteForm(productName: string): Promise<FormApiResponse> {
178 const response = await this.request(`/quote/form?productName=${productName}`, {
179 method: 'GET',
180 });
181 return normalizeFormResponse(response);
182 }
183
184 async getPolicyForm(quoteId: string): Promise<FormApiResponse> {
185 const response = await this.request(`/policy/form?quoteId=${quoteId}`, {
186 method: 'GET',
187 });
188 return normalizeFormResponse(response);
189 }
190
191 async resolvePolicyForDate(
192 referencePolicyId: string,
193 productName: string,
194 date: string
195 ): Promise<{
196 policyId: string;
197 policyNumber: string | null;
198 inceptionDate: string;
199 expiryDate: string | null;
200 status: string;
201 }> {
202 const params = new URLSearchParams({
203 referencePolicyId,
204 productName,
205 date,
206 });{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts","offset":96,"limit":45}96 private async request(endpoint: string, options: ApiRequestOptions) {
97 const url = `${this.baseUrl}/v1${endpoint}`;
98
99 const headers: Record<string, string> = {
100 'Content-Type': 'application/json',
101 ...options.headers,
102 };
103
104 // Add required authentication headers
105 if (this.widgetToken) {
106 headers['X-Widget-Token'] = this.widgetToken;
107 }
108
109 // Add origin and parent domain headers
110 headers['Origin'] = window.location.origin;
111 if (this.parentDomain && this.parentDomain !== 'unknown') {
112 headers['X-Parent-Domain'] = this.parentDomain;
113 }
114
115 const response = await fetch(url, {
116 method: options.method,
117 headers,
118 body: options.body ? JSON.stringify(options.body) : undefined,
119 signal: options.signal,
120 });
121
122 if (!response.ok) {
123 try {
124 const errorData = await response.json();
125 // Handle the specific API error structure: {"status": "error", "error": {"message": "..."}}
126 if (errorData && errorData.error && errorData.error.message) {
127 throw new Error(errorData.error.message);
128 }
129 // Fallback to other common error formats
130 if (errorData && errorData.message) {
131 throw new Error(errorData.message);
132 }
133 throw new Error(
134 `API request failed: ${response.status} ${response.statusText}`
135 );
136 } catch (parseError) {
137 if (
138 parseError instanceof Error &&
139 parseError.message !==
140 `API request failed: ${response.status} ${response.statusText}`{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts","offset":140,"limit":37}140 `API request failed: ${response.status} ${response.statusText}`
141 ) {
142 throw parseError; // Re-throw if it's our custom error message
143 }
144 throw new Error(
145 `API request failed: ${response.status} ${response.statusText}`
146 );
147 }
148 }
149
150 return response.json();
151 }
152
153 async getQuote(quoteId: string): Promise<QuoteApiResponse> {
154 return this.request(`/quote/${quoteId}`, {
155 method: 'GET',
156 });
157 }
158
159 async getPolicyAcceptance(policyId: string): Promise<AcceptanceView> {
160 const response = await this.request(`/policy-acceptance/${policyId}`, {
161 method: 'GET',
162 });
163 return (response?.data ?? response) as AcceptanceView;
164 }
165
166 async acceptPolicy(
167 policyId: string,
168 body: { acceptedTermsItemIds: number[]; successUrl?: string }
169 ): Promise<AcceptPolicyResult> {
170 const response = await this.request(`/policy-acceptance/${policyId}/accept`, {
171 method: 'POST',
172 body,
173 });
174 return (response?.data ?? response) as AcceptPolicyResult;
175 }
176 Reading the embed render section + how components access apiClient.
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo; echo \"=== render switch (routeType -> component) ===\"; rg -n \"routeType === '|state.routeType|<PolicyForm|<ClaimForm|<AcceptancePage|apiClient=\\{|getApiClient|new ApiClient|apiClient\\.\" src/app.tsx | head -30; echo \"=== how PolicyForm imports/gets apiClient ===\"; rg -n \"apiClient|ApiClient|props\" src/components/PolicyForm.tsx | head","description":"Find render mapping + apiClient access"}=== render switch (routeType -> component) ===
177: apiClient.setCountry(c);
185: apiClient.setDisplayCurrency(cur);
193: apiClient.setPricingCurrency(cur);
291: const apiResponse = await apiClient.getQuote(quoteId);
314: const acceptanceData = await apiClient.getPolicyAcceptance(policyId);
337: const choices = await apiClient.listClaimForms(productName, policyId);
371: const formResponse = await apiClient.getClaimForm(productName, policyId, claimId);
401: const formResponse = await apiClient.getPolicyForm(policyId);
428: const formResponse = await apiClient.getQuoteForm(productName);
467: const raw = await apiClient.getBundleQuote(bundleQuoteId);
549: const formResponse = await apiClient.getQuoteForm(productName);
553: const results = await apiClient.createQuote(productName, {});
607: apiClient.initialize(config.params, config.parentDomain);
714: const status = await apiClient.getClaimStatus(results.id);
826: !state.routeType?.startsWith('bundle') &&
856: {state.routeType === 'acceptance' && state.acceptanceData ? (
857: <AcceptancePage
862: ) : state.routeType === 'bundle-select' && config.params.bundle ? (
867: ) : state.routeType === 'bundle-results' && state.bundleQuoteData && state.bundleInsurance ? (
873: ) : state.routeType === 'bundle-policy' && state.bundleQuoteData ? (
880: ) : state.routeType === 'bundle-thank-you' && config.params.bundle ? (
911: <PolicyForm
919: ) : state.routeType === 'claim-denied' && state.claimData ? (
938: ) : state.routeType === 'claim-form-picker' && state.claimFormChoices ? (
984: <ClaimForm
=== how PolicyForm imports/gets apiClient ===
4:import { apiClient } from '../utils/apiClient';
61: const response = await apiClient.getQuote(quoteId);
307: apiClient.createPolicy(submitData)Reading the render region to add an endorsement branch (mirroring PolicyForm render).
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx","offset":905,"limit":35}905 onComplete={handleQuoteComplete}
906 onError={handleError}
907 urlPrefillData={config.urlPrefillData}
908 error={state.error}
909 />
910 ) : state.policyData && state.formData ? (
911 <PolicyForm
912 policyData={state.policyData}
913 formData={state.formData}
914 onComplete={handlePolicyComplete}
915 onError={handleError}
916 urlPrefillData={config.urlPrefillData}
917 error={state.error}
918 />
919 ) : state.routeType === 'claim-denied' && state.claimData ? (
920 <article style={{
921 borderLeft: '4px solid var(--color-danger)',
922 background: '#fff',
923 padding: '1.5rem',
924 borderRadius: '4px',
925 }}>
926 <header>
927 <h3 style={{ color: 'var(--color-danger)', margin: 0 }}>
928 Claim could not be approved
929 </h3>
930 </header>
931 <p style={{ marginTop: '0.75rem' }}>
932 {state.error || 'Your claim was reviewed but did not meet the eligibility criteria.'}
933 </p>
934 <p style={{ marginTop: '0.5rem', color: 'var(--color-text-muted)', fontSize: '0.875rem' }}>
935 Reference: {state.claimData.id}
936 </p>
937 </article>
938 ) : state.routeType === 'claim-form-picker' && state.claimFormChoices ? (
939 <article>apiClient is a singleton import; EndorsementForm can self-fetch. Building embed. First config type + pageType.
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/types/config.ts","offset":1,"limit":45}1 import type { DateConstraints } from './dateConstraints';
2
3 // Widget URL Parameter Types
4 export interface WidgetParams {
5 token: string; // Widget token for authentication
6 quoteId?: string; // Quote ID for existing quotes (from URL path)
7 policyId?: string; // Policy ID for existing policies (from URL path)
8 claimId?: string; // Claim ID for existing claims (from URL path)
9 product?: string; // Product name for new quote forms
10 pageType?: 'quote' | 'policy' | 'claim' | 'thank-you' | 'test' | 'accept'; // Type of page being accessed
11 from?: string; // Track navigation origin (e.g., 'quote' when coming from quote page)
12 plan?: string; // Selected plan name from pricing page
13 frequency?: string; // Selected payment frequency
14 bundle?: string; // Bundle name for bundle funnels
15 preview?: boolean; // Template designer preview mode
16 activeLocales?: string[]; // Restrict the locale switcher to this subset; defaults to all supported locales when absent
17 showLocaleSwitcher?: boolean; // Show the embed's in-widget locale dropdown. Defaults to TRUE when the embed is loaded standalone (top-level frame — direct browser nav, portal preview, dev QA) and FALSE when iframed (customer host page owns language UX). Customers paste `?showLocaleSwitcher=false` to force hide; portal preview can pass `=true` to force show. See useConfig.ts:resolveShowLocaleSwitcher.
18 displayCurrency?: string; // ISO 4217 currency to display and charge in (must be in product's allowlist)
19 pricingCurrency?: string; // ISO 4217 currency the pricing engine should run in (must be in product.pricingCurrencies)
20 country?: string; // ISO 3166-1 alpha-2 country code for this sale (must be in product.availableCountries)
21 testMode?: boolean; // Marks policy/claim creation as a test record; in production this forces "test" status so the record is hidden from public list/financial endpoints
22 offerMode?: boolean; // Operator "create offer" mode (?mode=offer): the funnel creates an awaiting_acceptance draft (skips payment + terms) instead of buying; the customer is emailed the /accept link
23 }
24
25 // Quote/policy acceptance page (GET /v1/policy-acceptance/:policyId).
26 export interface AcceptanceItem {
27 id: number;
28 itemType: 'parameter' | 'price' | 'coverage' | 'terms' | 'plan' | 'static_text';
29 label: string | null;
30 value?: string | null;
31 html?: string | null;
32 required: boolean;
33 displayOptions?: { mask?: 'last4' | 'email' | 'none'; emphasize?: boolean; hideIfEmpty?: boolean } | null;
34 }
35
36 export interface AcceptanceCategory {
37 id: number;
38 label: string | null;
39 description: string | null;
40 items: AcceptanceItem[];
41 }
42
43 export interface AcceptancePage {
44 id: number;
45 label: string | null;{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/types/config.ts","old_string":" pageType?: 'quote' | 'policy' | 'claim' | 'thank-you' | 'test' | 'accept'; // Type of page being accessed","new_string":" pageType?: 'quote' | 'policy' | 'claim' | 'thank-you' | 'test' | 'accept' | 'endorsement'; // Type of page being accessed"}The file /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/types/config.ts has been updated successfully. (file state is current in your context — no need to Read it back)
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/types/config.ts","old_string":"// Quote/policy acceptance page (GET /v1/policy-acceptance/:policyId).\nexport interface AcceptanceItem {","new_string":"// Custom endorsement field definition, resolved + localised by the API and\n// returned on the endorsement-quote response (#457).\nexport interface EndorsementFieldDef {\n fieldKey: string;\n label: string;\n helpText: string | null;\n type: 'string' | 'number' | 'date' | 'boolean' | 'select' | 'textarea';\n required: boolean;\n options: { value: string; label: string }[] | null;\n validationPattern: string | null;\n}\n\n// Quote/policy acceptance page (GET /v1/policy-acceptance/:policyId).\nexport interface AcceptanceItem {"}The file /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/types/config.ts has been updated successfully. (file state is current in your context — no need to Read it back)
Now the apiClient methods:
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts","old_string":" async getPolicyForm(quoteId: string): Promise<FormApiResponse> {\n const response = await this.request(`/policy/form?quoteId=${quoteId}`, {\n method: 'GET',\n });\n return normalizeFormResponse(response);\n }","new_string":" async getPolicyForm(quoteId: string): Promise<FormApiResponse> {\n const response = await this.request(`/policy/form?quoteId=${quoteId}`, {\n method: 'GET',\n });\n return normalizeFormResponse(response);\n }\n\n // Preview an endorsement: returns the fresh quoteId plus the product's active\n // custom endorsement fields (localised) and the values captured on the\n // current version, so the embed can render + prefill them (#457).\n async getEndorsementQuote(\n policyId: string,\n body: { effectiveDate: string }\n ): Promise<EndorsementQuoteResponse> {\n const response = await this.request(`/policies/${policyId}/endorsement-quote`, {\n method: 'POST',\n body,\n });\n return (response?.data ?? response) as EndorsementQuoteResponse;\n }\n\n // Apply the endorsement: creates the new policy version with the captured\n // custom field values. Server re-validates required fields.\n async submitEndorsement(\n policyId: string,\n body: { quoteId: string; effectiveDate: string; endorsementFieldValues?: Record<string, unknown> }\n ): Promise<{ policyId?: string; version?: number }> {\n const response = await this.request(`/policies/${policyId}`, {\n method: 'PATCH',\n body,\n });\n return (response?.data ?? response) as { policyId?: string; version?: number };\n }"}The file /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts has been updated successfully. (file state is current in your context — no need to Read it back)
Defining EndorsementQuoteResponse in config + importing it in apiClient.
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/types/config.ts","old_string":"// Quote/policy acceptance page (GET /v1/policy-acceptance/:policyId).\nexport interface AcceptanceItem {","new_string":"export interface EndorsementQuoteResponse {\n quoteId: string;\n endorsementFields?: EndorsementFieldDef[];\n endorsementFieldValues?: Record<string, unknown>;\n currentPolicy?: { policyNumber?: string | null; productName?: string } | null;\n}\n\n// Quote/policy acceptance page (GET /v1/policy-acceptance/:policyId).\nexport interface AcceptanceItem {"}The file /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/types/config.ts has been updated successfully. (file state is current in your context — no need to Read it back)
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo; rg -n \"^import .* from '\\.\\./types|^import type .* from '\\.\\./types|AcceptanceView|AcceptPolicyResult\" src/utils/apiClient.ts | head","description":"Find apiClient type imports"}7: AcceptanceView,
8: AcceptPolicyResult,
159: async getPolicyAcceptance(policyId: string): Promise<AcceptanceView> {
163: return (response?.data ?? response) as AcceptanceView;
169: ): Promise<AcceptPolicyResult> {
174: return (response?.data ?? response) as AcceptPolicyResult;{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts","offset":1,"limit":12}1 import type {
2 WidgetParams,
3 QuoteApiResponse,
4 FormApiResponse,
5 FormParameter,
6 FormDataType,
7 AcceptanceView,
8 AcceptPolicyResult,
9 } from '../types/config';
10 import type {
11 ApiRequestOptions,
12 UploadSignFileDescriptor,{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts","old_string":" AcceptanceView,\n AcceptPolicyResult,\n} from '../types/config';","new_string":" AcceptanceView,\n AcceptPolicyResult,\n EndorsementQuoteResponse,\n} from '../types/config';"}The file /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts has been updated successfully. (file state is current in your context — no need to Read it back)
Creating the embed EndorsementForm. Checking the hooks import style.
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo; head -6 src/components/PolicyForm.tsx; echo \"=== translate hook usage ===\"; rg -n \"useTranslation|useTranslateDynamic\" src/components/PolicyForm.tsx | head -3; echo \"=== how PolicyForm onError/onComplete typed ===\"; rg -n \"onError|onComplete|interface.*Props\" src/components/PolicyForm.tsx | head","description":"Check embed component import + hook conventions"}import React from 'react';
import { useApi } from '../hooks/useApi';
import { useConfig } from '../hooks/useConfig';
import { apiClient } from '../utils/apiClient';
import { namespaceKey } from '../utils/storageNamespace';
import { navigatePaymentResult } from '../utils/paymentNavigation';
=== translate hook usage ===
10:import { useTranslation } from '../lib/translations';
36: const t = useTranslation();
=== how PolicyForm onError/onComplete typed ===
17:interface PolicyFormProps {
20: onComplete: (results: PolicyData) => void;
21: onError: (error: string) => void;
29: onComplete: _onComplete,
30: onError,
373: onError(errorMessage);
405: onError={onError}
429: onError={onError}Writing the embed EndorsementForm (self-contained, dynamic-label localization).
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx","content":"import React from 'react';\nimport { apiClient } from '../utils/apiClient';\nimport { useTranslation, useTranslateDynamic } from '../lib/translations';\nimport type { EndorsementFieldDef } from '../types/config';\n\ninterface EndorsementFormProps {\n policyId: string;\n effectiveDate: string;\n onError: (error: string) => void;\n}\n\n// Customer-facing endorsement flow (#457). Loads the product's active custom\n// endorsement fields from the endorsement-quote preview, lets the customer fill\n// them, and submits the endorsement (PATCH /policies/:id). Field labels are\n// localised via the same dynamic-translation path the rest of the funnel uses.\nexport default function EndorsementForm({ policyId, effectiveDate, onError }: EndorsementFormProps) {\n const t = useTranslation();\n const tDynamic = useTranslateDynamic();\n\n const [loading, setLoading] = React.useState(true);\n const [submitting, setSubmitting] = React.useState(false);\n const [done, setDone] = React.useState(false);\n const [quoteId, setQuoteId] = React.useState('');\n const [fields, setFields] = React.useState<EndorsementFieldDef[]>([]);\n const [values, setValues] = React.useState<Record<string, unknown>>({});\n const [errors, setErrors] = React.useState<Record<string, string>>({});\n\n React.useEffect(() => {\n let cancelled = false;\n (async () => {\n try {\n setLoading(true);\n const quote = await apiClient.getEndorsementQuote(policyId, { effectiveDate });\n if (cancelled) return;\n setQuoteId(quote.quoteId);\n setFields(quote.endorsementFields ?? []);\n setValues(quote.endorsementFieldValues ?? {});\n } catch (err) {\n onError(err instanceof Error ? err.message : t('Failed to load endorsement'));\n } finally {\n if (!cancelled) setLoading(false);\n }\n })();\n return () => {\n cancelled = true;\n };\n }, [policyId, effectiveDate, onError, t]);\n\n const setValue = (key: string, value: unknown) => {\n setValues((prev) => ({ ...prev, [key]: value }));\n setErrors((prev) => {\n if (!prev[key]) return prev;\n const next = { ...prev };\n delete next[key];\n return next;\n });\n };\n\n const validate = (): boolean => {\n const next: Record<string, string> = {};\n for (const field of fields) {\n const value = values[field.fieldKey];\n if (field.type === 'boolean') {\n if (field.required && value !== true) next[field.fieldKey] = t('This field is required');\n continue;\n }\n const empty = value === undefined || value === null || (typeof value === 'string' && value.trim() === '');\n if (field.required && empty) next[field.fieldKey] = t('This field is required');\n }\n setErrors(next);\n return Object.keys(next).length === 0;\n };\n\n const submit = async (e: React.FormEvent) => {\n e.preventDefault();\n if (!validate()) return;\n try {\n setSubmitting(true);\n await apiClient.submitEndorsement(policyId, { quoteId, effectiveDate, endorsementFieldValues: values });\n setDone(true);\n } catch (err) {\n onError(err instanceof Error ? err.message : t('Failed to submit endorsement'));\n } finally {\n setSubmitting(false);\n }\n };\n\n if (loading) {\n return <p style={{ color: 'var(--color-text-muted)' }}>{t('Loading...')}</p>;\n }\n\n if (done) {\n return (\n <article\n data-testid=\"endorsement-done\"\n style={{ borderLeft: '4px solid var(--color-primary)', background: '#fff', padding: '1.5rem', borderRadius: '4px' }}\n >\n <h3 style={{ margin: 0 }}>{t('Thank You!')}</h3>\n <p style={{ marginTop: '0.75rem' }}>{t('Your change has been submitted.')}</p>\n </article>\n );\n }\n\n return (\n <form onSubmit={submit} data-testid=\"endorsement-form\" style={{ display: 'flex', flexDirection: 'column', gap: '1rem' }}>\n <h2 style={{ margin: 0 }}>{t('Update your policy')}</h2>\n <p style={{ marginTop: '-0.5rem', color: 'var(--color-text-muted)', fontSize: '0.875rem' }}>\n {t('Please complete the fields below to apply your change.')}\n </p>\n\n {fields.length === 0 && (\n <p style={{ color: 'var(--color-text-muted)' }}>{t('No additional information is required.')}</p>\n )}\n\n {fields.map((field) => {\n const value = values[field.fieldKey];\n const error = errors[field.fieldKey];\n const inputId = `ef-input-${field.fieldKey}`;\n const label = tDynamic(field.label);\n return (\n <div key={field.fieldKey} style={{ display: 'flex', flexDirection: 'column', gap: '0.25rem' }}>\n <label htmlFor={inputId} style={{ fontWeight: 600 }}>\n {label}\n {field.required && <span style={{ color: 'var(--color-danger)' }}> *</span>}\n </label>\n\n {field.type === 'textarea' && (\n <textarea\n id={inputId}\n data-testid={inputId}\n value={typeof value === 'string' ? value : ''}\n onInput={(e) => setValue(field.fieldKey, (e.target as HTMLTextAreaElement).value)}\n rows={3}\n />\n )}\n\n {(field.type === 'string' || field.type === 'number' || field.type === 'date') && (\n <input\n id={inputId}\n data-testid={inputId}\n type={field.type === 'number' ? 'number' : field.type === 'date' ? 'date' : 'text'}\n value={value === undefined || value === null ? '' : String(value)}\n onInput={(e) => setValue(field.fieldKey, (e.target as HTMLInputElement).value)}\n />\n )}\n\n {field.type === 'boolean' && (\n <label style={{ display: 'flex', File created successfully at: /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx (file state is current in your context — no need to Read it back)
Verifying useTranslateDynamic export before wiring app.tsx.
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo; rg -n \"export (function|const) (useTranslation|useTranslateDynamic)\" src/lib/translations.tsx","description":"Confirm translation hook exports"}31:export function useTranslation(): TranslationFn {
45:export function useTranslateDynamic(): (source: string) => string {Wiring app.tsx — import, route detection, loader, switch case, render branch.
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo; rg -n \"^import PolicyForm|^import ClaimForm|import PolicyForm from\" src/app.tsx","description":"Find PolicyForm import in app.tsx"}8:import PolicyForm from './components/PolicyForm'; 9:import ClaimForm from './components/ClaimForm';
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx","old_string":"import PolicyForm from './components/PolicyForm';\nimport ClaimForm from './components/ClaimForm';","new_string":"import PolicyForm from './components/PolicyForm';\nimport EndorsementForm from './components/EndorsementForm';\nimport ClaimForm from './components/ClaimForm';"}The file /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx","old_string":" if (params.pageType === 'claim') return 'claim-form';\n if (params.pageType === 'policy') return 'policy-form';","new_string":" if (params.pageType === 'claim') return 'claim-form';\n if (params.pageType === 'endorsement' && params.policyId) return 'endorsement-form';\n if (params.pageType === 'policy') return 'policy-form';"}The file /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx","old_string":" bundleQuoteSessionIds: [],\n bundleInsurance: null,\n routeType: 'policy-form',\n });\n };","new_string":" bundleQuoteSessionIds: [],\n bundleInsurance: null,\n routeType: 'policy-form',\n });\n };\n\n const loadEndorsementForm = (policyId: string, productName?: string) => {\n const policyData: PolicyData = {\n id: policyId,\n productName: productName ?? '',\n parameters: {},\n status: 'active',\n };\n setState({\n loading: false,\n error: null,\n quoteData: null,\n policyData,\n claimData: null,\n formData: null,\n bundleQuoteData: null,\n bundleQuoteSessionIds: [],\n bundleInsurance: null,\n routeType: 'endorsement-form',\n });\n };"}The file /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx","old_string":" case 'policy-form':\n await loadPolicyForm(\n config.params.policyId!,\n config.params.product\n );\n break;","new_string":" case 'policy-form':\n await loadPolicyForm(\n config.params.policyId!,\n config.params.product\n );\n break;\n case 'endorsement-form':\n loadEndorsementForm(config.params.policyId!, config.params.product);\n break;"}The file /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx","old_string":" ) : state.policyData && state.formData ? (\n <PolicyForm\n policyData={state.policyData}\n formData={state.formData}\n onComplete={handlePolicyComplete}\n onError={handleError}\n urlPrefillData={config.urlPrefillData}\n error={state.error}\n />\n ) : state.routeType === 'claim-denied' && state.claimData ? (","new_string":" ) : state.routeType === 'endorsement-form' && config.params.policyId ? (\n <EndorsementForm\n policyId={config.params.policyId}\n effectiveDate={new Date().toISOString().slice(0, 10)}\n onError={handleError}\n />\n ) : state.policyData && state.formData ? (\n <PolicyForm\n policyData={state.policyData}\n formData={state.formData}\n onComplete={handlePolicyComplete}\n onError={handleError}\n urlPrefillData={config.urlPrefillData}\n error={state.error}\n />\n ) : state.routeType === 'claim-denied' && state.claimData ? ("}The file /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
Embed wired. Type-checking the embed worktree.
{"command":"rg -n '\"type-check\"|\"typecheck\"|\"build\"|\"tsc\"' package.json | head; echo \"=== run tsc ===\"; npx tsc --noEmit 2>&1 | head -40; echo \"tsc exit=$?\"","description":"Type-check embed worktree","timeout":300000}10: "build": "tsc && vite build", 14: "type-check": "tsc --noEmit", === run tsc === src/utils/apiClient.ts(213,7): error TS2322: Type '"PATCH"' is not assignable to type '"GET" | "POST" | "PUT" | "DELETE"'. tsc exit=0
cwd = embed; one tsc error: ApiRequestOptions.method lacks 'PATCH'. Adding it.
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo; rg -rn \"method[?]?: '?GET'? \\| |method:.*GET.*POST|interface ApiRequestOptions\" src/types src/utils 2>/dev/null | head","description":"Find ApiRequestOptions.method type"}src/types/api.ts:export n {
src/types/api.ts: n'POST' | 'PUT' | 'DELETE';{"command":"cd /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo; rg -n \"method\" src/types/api.ts | head","description":"Locate method union line"}2: method: 'GET' | 'POST' | 'PUT' | 'DELETE';
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/types/api.ts","offset":1,"limit":5}1 export interface ApiRequestOptions {
2 method: 'GET' | 'POST' | 'PUT' | 'DELETE';
3 headers?: Record<string, string>;
4 body?: unknown;
5 signal?: AbortSignal;{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/types/api.ts","old_string":" method: 'GET' | 'POST' | 'PUT' | 'DELETE';","new_string":" method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';"}The file /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/types/api.ts has been updated successfully. (file state is current in your context — no need to Read it back)
{"command":"npx tsc --noEmit 2>&1 | head -30; echo \"RESULT=$?\"","description":"Re-run embed type-check","timeout":300000}RESULT=0
Embed tsc clean. Embed flow done. Acceptance also wants captured values "visible on the endorsement" in the portal — checking the customer-portal policy detail view to surface them.
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo; echo \"=== policy detail view files ===\"; fd -e tsx . \"app/customer-portal/policies/[policyId]\" -d 2 2>/dev/null | rg -v \"/edit/|/reinstate/|/cancel\" | head; echo \"=== components rendering a single policy ===\"; rg -ln \"policy.endorsementFieldValues|PolicyDetail|policyNumber|Policy Details|transactionType\" app/customer-portal/policies app/components/policy-management 2>/dev/null | head","description":"Find customer-portal policy detail view"}=== policy detail view files === app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx app/customer-portal/policies/[policyId]/claim/ClaimForm.tsx app/customer-portal/policies/[policyId]/claim/DefaultClaimPage.tsx app/customer-portal/policies/[policyId]/claim/page.tsx app/customer-portal/policies/[policyId]/invoices/DefaultPolicyInvoices.tsx app/customer-portal/policies/[policyId]/invoices/page.tsx app/customer-portal/policies/[policyId]/page.tsx app/customer-portal/policies/[policyId]/suspend/DefaultSuspendPolicy.tsx app/customer-portal/policies/[policyId]/suspend/page.tsx === components rendering a single policy === app/components/policy-management/PolicyList.tsx app/customer-portal/policies/[policyId]/reinstate/DefaultReinstatePolicy.tsx app/customer-portal/policies/[policyId]/claim/ClaimForm.tsx app/components/policy-management/ClaimsList.tsx app/customer-portal/policies/[policyId]/claim/DefaultClaimPage.tsx app/customer-portal/policies/[policyId]/page.tsx app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx app/customer-portal/policies/[policyId]/invoices/DefaultPolicyInvoices.tsx app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx app/customer-portal/policies/[policyId]/cancel/DefaultCancelPolicy.tsx
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo; echo \"=== policy fetch + shape ===\"; rg -n \"useState|interface Policy|endorsementFieldValues|api.get\\(.*policies|setPolicy|\\.data\\b\" app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx | head -20; echo \"=== section/card pattern (a heading to anchor near) ===\"; rg -n \"Policy Details|Coverage|className=\\\"rounded|<h2|<h3|Parameters|Details</\" app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx | head -20","description":"Inspect DefaultPolicyDetails structure"}=== policy fetch + shape === (eval):1: no matches found: app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx === section/card pattern (a heading to anchor near) === (eval):1: no matches found: app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo; f=\"app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx\"; echo \"=== shape/fetch ===\"; rg -n \"interface PolicyData|interface Policy|endorsementFieldValues|setPolicy|api.get|\\\\[key: string\\\\]\" \"$f\" | head; echo \"=== headings/sections ===\"; rg -n \"<h2|<h3|rounded-lg border|Coverage|Policy Information|Details\" \"$f\" | head -20; echo \"=== lines ===\"; wc -l \"$f\"","description":"Inspect DefaultPolicyDetails (quoted path)"}=== shape/fetch ===
28:interface PolicyOrder {
116: const [policy, setPolicy] = useState<PolicyOrder | null>(null);
150: const response = await api.get(`/policies/${policyId}${versionParam}`, {
157: if (mountedRef.current) setPolicy(policyData);
209: setPolicy(policyData);
=== headings/sections ===
16:import CoverageDetailsSection from "@/app/components/policies/CoverageDetailsSection";
92:interface Coverage {
105:export default function DefaultPolicyDetails({
315: const getCoverages = (policy: PolicyOrder): Coverage[] => {
409: <h3 className="text-sm font-medium text-red-800">{t('Error')}</h3>
426: const coverages = getCoverages(policy);
477: <h3 className="text-sm font-medium text-green-800">
587: className="inline-flex items-center gap-1.5 rounded-lg border border-gray-200 bg-white px-3 py-1.5 text-sm font-medium text-gray-700 transition hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-gray-300"
599: className="inline-flex items-center gap-1.5 rounded-lg border border-gray-200 bg-white px-3 py-1.5 text-sm font-medium text-gray-700 transition hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-gray-300"
611: className="inline-flex items-center gap-1.5 rounded-lg border border-orange-200 bg-white px-3 py-1.5 text-sm font-medium text-orange-700 transition hover:bg-orange-50 focus:outline-none focus:ring-2 focus:ring-orange-300"
623: className="inline-flex items-center gap-1.5 rounded-lg border border-green-200 bg-white px-3 py-1.5 text-sm font-medium text-green-700 transition hover:bg-green-50 focus:outline-none focus:ring-2 focus:ring-green-300"
635: className="inline-flex items-center gap-1.5 rounded-lg border border-red-200 bg-white px-3 py-1.5 text-sm font-medium text-red-600 transition hover:bg-red-50 focus:outline-none focus:ring-2 focus:ring-red-300"
771: <h2 className="text-lg font-medium text-gray-900">{t('Premium Details')}</h2>
870: <CoverageDetailsSection
883: <h2 className="text-lg font-medium text-gray-900">{t('Term Information')}</h2>
938: <h2 className="text-lg font-medium text-gray-900">{t('Important Dates')}</h2>
977: <div className="flex flex-col rounded-lg border border-gray-200 bg-white shadow-sm" style={{ height: "560px" }}>
1034: {t('Details')}
=== lines ===
1082 app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsxDefaultPolicyDetails.tsx has section cards. Reading the interface + a section to mirror, then adding an "Additional details" section.
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","offset":28,"limit":50}28 interface PolicyOrder {
29 id: number;
30 policyId: string;
31 quoteId: string;
32 productName: string;
33 productPlanName: string;
34 status: string;
35 inceptionDate: string;
36 issueDate: string;
37 expiryDate: string;
38 policyNumber: string;
39 insurance: any;
40 version?: number;
41 transactionType?: string;
42 edit?: boolean;
43 parameters: {
44 personal: {
45 address: {
46 firstName: string;
47 lastName: string;
48 postalCode: string;
49 streetName: string;
50 city: string;
51 country: string;
52 birthDate: string;
53 };
54 email: string;
55 };
56 };
57 client: {
58 id: number;
59 name: string;
60 };
61 product: {
62 productTitle: string;
63 productDescription: string;
64 productPlanTitle: string;
65 country: string;
66 countryName: string;
67 currency: string;
68 currencyPosition?: "prefix" | "suffix";
69 decimalSeparator?: string;
70 groupSeparator?: string;
71 decimalsAmount?: number;
72 dateFormat?: string;
73 insuranceTypeTitle: string;
74 isEmbedded: boolean;
75 active: boolean;
76 translationOverrides?: Record<string, Record<string, string>> | null;
77 };Reading the "Term Information" section to mirror its card markup.
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","offset":878,"limit":62}878 const autoRenewSetting = policy.productSettings?.find((s) => s.name === "autoRenew");
879 const autoRenew = autoRenewSetting ? autoRenewSetting.value === "true" : null;
880 return (
881 <div className="border-t border-b border-gray-200 bg-white sm:rounded-lg sm:border sm:shadow-sm">
882 <div className="border-b border-gray-100 bg-gradient-to-r from-gray-50 to-white p-4 sm:rounded-t-lg">
883 <h2 className="text-lg font-medium text-gray-900">{t('Term Information')}</h2>
884 </div>
885 <div className="p-6">
886 <div className="grid gap-4 sm:grid-cols-2">
887 {termDuration && (
888 <div className="rounded-md bg-portal-primary-light p-4">
889 <div className="flex items-center">
890 <Clock className="h-5 w-5 text-portal-primary" />
891 <span className="ml-2 text-sm font-medium text-portal-primary">
892 {t('Term Duration')}
893 </span>
894 </div>
895 <p className="mt-1 text-xl font-bold text-gray-900">{termDuration}</p>
896 </div>
897 )}
898 <div className="space-y-2 text-sm">
899 {policy.inceptionDate && (
900 <div className="flex justify-between">
901 <span className="text-gray-600">{t('Term Start Date')}:</span>
902 <span className="font-medium">{formatDate(policy.inceptionDate)}</span>
903 </div>
904 )}
905 {policy.expiryDate && (
906 <div className="flex justify-between border-t border-gray-200 pt-2">
907 <span className="font-semibold text-gray-900">{t('Term End Date')}:</span>
908 <span className="font-bold text-gray-900">{formatDate(policy.expiryDate)}</span>
909 </div>
910 )}
911 </div>
912 </div>
913 {autoRenew !== null && (
914 <div className="mt-4 border-t border-gray-200 pt-4">
915 <div
916 className={`inline-flex items-center rounded-full px-3 py-1.5 text-sm font-medium ${autoRenew ? "bg-portal-primary-light text-portal-primary" : "bg-gray-100 text-gray-700"}`}
917 >
918 <span>
919 {t('Automatic Renewal')}:{" "}
920 <span className="font-semibold">
921 {autoRenew ? t('Yes') : t('No')}
922 </span>
923 </span>
924 </div>
925 </div>
926 )}
927 </div>
928 </div>
929 );
930 })()}
931 </div>
932 );
933 const belowContent = (
934 <div className="space-y-6">
935 {/* Policy Dates */}
936 <div className="border-t border-b border-gray-200 bg-white sm:rounded-lg sm:border sm:shadow-sm">
937 <div className="border-b border-gray-100 bg-gradient-to-r from-gray-50 to-white p-4 sm:rounded-t-lg">
938 <h2 className="text-lg font-medium text-gray-900">{t('Important Dates')}</h2>
939 </div>Adding endorsementFieldValues to the interface + an "Additional Details" card in belowContent.
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","old_string":" version?: number;\n transactionType?: string;\n edit?: boolean;","new_string":" version?: number;\n transactionType?: string;\n edit?: boolean;\n endorsementFieldValues?: Record<string, unknown> | null;"}The file /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","old_string":" const belowContent = (\n <div className=\"space-y-6\">\n {/* Policy Dates */}","new_string":" const belowContent = (\n <div className=\"space-y-6\">\n {/* Custom endorsement fields captured on this version (#457) */}\n {policy.endorsementFieldValues &&\n Object.keys(policy.endorsementFieldValues).length > 0 && (\n <div\n data-testid=\"endorsement-details-section\"\n className=\"border-t border-b border-gray-200 bg-white sm:rounded-lg sm:border sm:shadow-sm\"\n >\n <div className=\"border-b border-gray-100 bg-gradient-to-r from-gray-50 to-white p-4 sm:rounded-t-lg\">\n <h2 className=\"text-lg font-medium text-gray-900\">{t('Additional Details')}</h2>\n </div>\n <div className=\"p-6\">\n <dl className=\"space-y-2 text-sm\">\n {Object.entries(policy.endorsementFieldValues).map(([key, value]) => (\n <div key={key} className=\"flex justify-between gap-4 border-b border-gray-100 pb-2 last:border-0\">\n <dt className=\"text-gray-600\">\n {key\n .replace(/([A-Z])/g, \" $1\")\n .replace(/[_-]+/g, \" \")\n .replace(/^./, (c) => c.toUpperCase())\n .trim()}\n </dt>\n <dd className=\"text-right font-medium text-gray-900\" data-testid={`endorsement-detail-${key}`}>\n {typeof value === \"boolean\" ? (value ? t('Yes') : t('No')) : String(value)}\n </dd>\n </div>\n ))}\n </dl>\n </div>\n </div>\n )}\n {/* Policy Dates */}"}The file /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
Embed done. Portal detail-display added — re-running portal type-check.
{"taskId":"4","status":"completed"}Updated task #4 status
{"command":"npx tsc --noEmit 2>&1 | head -25; echo \"portal tsc RESULT=$?\"","description":"Re-type-check portal","timeout":300000}portal tsc RESULT=0
Verifying which worktree that checked + running portal tsc explicitly.
{"command":"pwd; pwd && npx tsc --noEmit 2>&1 | head -25; echo \"portal tsc RESULT=${pipestatus[1]}\"","description":"Explicitly type-check portal worktree","timeout":300000}/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo portal tsc RESULT=0
All three repos type-check clean. Now STEP 4 — the mandated iterative review. No skill literally named iterative-review is available, so I execute its defined behavior: 2 parallel Explore agents, up to 5 rounds, fix HIGH/MED between rounds. Gathering the changeset first.
{"command":"for d in sherpa-api sherpa-portal sherpa-embed; do wt=\"/Users/bakker/dev/gangkhar/${d}-api-457-custom-additional-fields-on-endo\"; echo \"=== $d ===\"; git -C \"$wt\" status --short 2>/dev/null; done","description":"List changed files across all three repos"}=== sherpa-api === M src/controllers/policyOrderController.ts M src/controllers/productTranslationsController.ts M src/models/db.ts M src/models/internal/_PolicyOrder.ts M src/routes/plus/index.ts M src/routes/policyRoutes.ts M src/schemas/policy.schemas.ts M src/schemas/typebox/policy/PolicyOrder.ts M src/schemas/typebox/product/index.ts M src/test/drift.apitest.ts ?? src/controllers/endorsementFieldController.ts ?? src/db/migrations/2026.05.31T00.00.00.create-endorsement-fields.ts ?? src/models/EndorsementField.ts ?? src/models/internal/_EndorsementField.ts ?? src/routes/plus/endorsementFieldRoutes.ts ?? src/schemas/typebox/product/EndorsementField.ts ?? src/services/endorsementFieldService.ts === sherpa-portal === M app/components/AppLayout.tsx M app/components/policy-management/PolicyQuoteForm.tsx M app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx M app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx ?? app/components/policy-management/EndorsementCustomFields.tsx ?? app/components/products/endorsement-fields/ ?? app/products/[id]/endorsement-fields/ === sherpa-embed === M src/app.tsx M src/types/api.ts M src/types/config.ts M src/utils/apiClient.ts M vite.config.ts ?? src/components/EndorsementForm.tsx
Changeset gathered (note: embed vite.config.ts shows modified — I didn't touch it; will inspect before commit). Launching round 1 of iterative review — 2 parallel Explore agents with distinct lenses.
{"description":"Review round 1: correctness/security/API","prompt":"You are a staff engineer doing an adversarial code review of an uncommitted full-stack change implementing ticket sherpa-api#457 \"Custom additional fields on endorsements\". Your lens: BACKEND CORRECTNESS, SECURITY, DATA INTEGRITY, and sherpa-api conventions. Be skeptical and specific. Use rg/fd (never grep/find) and Read.\n\nThe feature: configure extra ad-hoc fields (type/label/required/validation) collected during a customer/operator endorsement, beyond product data-model fields; values persist on the endorsement record and are visible in policy history; labels localizable via LMT.\n\nReview these sherpa-api files in worktree /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo:\n- NEW: src/models/internal/_EndorsementField.ts, src/models/EndorsementField.ts\n- NEW: src/db/migrations/2026.05.31T00.00.00.create-endorsement-fields.ts\n- NEW: src/schemas/typebox/product/EndorsementField.ts\n- NEW: src/services/endorsementFieldService.ts\n- NEW: src/controllers/endorsementFieldController.ts\n- NEW: src/routes/plus/endorsementFieldRoutes.ts\n- MODIFIED: src/controllers/policyOrderController.ts (endorsePolicy validation+persistence around the ENDORSEMENT create; customerEndorsementQuote response now includes endorsementFields/endorsementFieldValues), src/controllers/productTranslationsController.ts (LMT label collection), src/models/db.ts, src/models/internal/_PolicyOrder.ts (new endorsementFieldValues JSONB column), src/routes/plus/index.ts, src/routes/policyRoutes.ts, src/schemas/policy.schemas.ts, src/schemas/typebox/policy/PolicyOrder.ts, src/schemas/typebox/product/index.ts, src/test/drift.apitest.ts\n\nRead the relevant AGENTS.md (root, src/, src/db/) to judge convention adherence. Specifically scrutinize:\n1. **Tenant isolation / RLS**: Is EndorsementField correctly tenant-scoped (internal/_ + toSafeModel wrapper)? Does the migration's RLS policy match the CI-enforced permissive template? Are all DB reads/writes via safe-model with request/OrgCtx (no raw sequelize)? Any cross-org leak risk?\n2. **Validation logic** (endorsementFieldService.validateAndNormalizeEndorsementFieldValues): Are required/type/pattern/select checks correct? Edge cases (boolean required, empty strings, number coercion, date format, regex safety/ReDoS, unknown keys dropped)? Does a missing required field truly reject the submit (acceptance criterion)?\n3. **Persistence**: In endorsePolicy, is endorsementFieldValues correctly written on the new version and not accidentally clobbered/duplicated? Does the `...oldPolicyData` spread interact correctly? Is the CRM `update()` path (which spreads oldPolicyData) preserving values without validation — is that a problem?\n4. **Drift/schema**: Will src/test/drift.apitest.ts pass (EndorsementField columns ⊆ Public∪Private; PolicyOrder gained endorsementFieldValues in both schema.properties and PublicFields)? Any column unclassified?\n5. **Controller correctness**: CRUD — unique fieldKey generation, regex validation at save, select options validation, productId scoping (field.productId !== productId guard), error codes. Any 500-on-bad-input that should be 400?\n6. **No-defaults / dynamic-import / any-type rules** from AGENTS.md — any violations introduced?\n\nReturn findings as a list. For EACH: severity HIGH / MEDIUM / LOW, file:line, the problem, and the concrete fix. End with an overall verdict line: \"VERDICT: CLEAN\" if zero HIGH/MEDIUM, else \"VERDICT: ISSUES (n high, m medium)\". Do not edit any files — review only.","subagent_type":"Explore"}{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && find . -name \"AGENTS.md\" -type f | head -20"}./AGENTS.md ./src/domains/payments/AGENTS.md ./src/domains/mcp/AGENTS.md ./src/domains/mcp/openai/AGENTS.md ./src/domains/lens/synthetic-client/AGENTS.md ./src/domains/lens/journey/AGENTS.md ./src/domains/lens/optimizations/commission/quote/model-server/AGENTS.md ./src/domains/lens/optimizations/commission/AGENTS.md ./src/domains/lens/AGENTS.md ./src/db/AGENTS.md ./src/AGENTS.md ./src/services/pricing/AGENTS.md
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/AGENTS.md"}1 # Sherpa API
2
3 Fastify + TypeScript + Sequelize + PostgreSQL insurance platform API. Runs in Docker with `tsx` (no build step).
4
5 Nested AGENTS.md files provide context for their directory subtrees:
6 - `src/AGENTS.md` - TypeScript, Fastify, architecture conventions
7 - `src/db/AGENTS.md` - Database, RLS, migrations
8 - `src/domains/lens/AGENTS.md` - Lens routes pattern
9 - `src/domains/lens/journey/AGENTS.md` - Journey events
10 - `src/domains/lens/optimizations/commission/AGENTS.md` - Commission optimizations
11
12 ## Critical Rules
13
14 ### No Defaults - Fail Fast
15
16 NEVER inject default values. Explicit everything.
17
18 ```typescript
19 // FORBIDDEN
20 function process(data: string = 'default') {}
21 const value = input || 'default';
22 const port = process.env.PORT || 3000;
23 const { limit = 10 } = params;
24 interface Config { timeout?: number; }
25
26 // REQUIRED
27 function process(data: string) {}
28 if (!input) throw new Error('input required');
29 const port = getRequired('PORT');
30 const { limit } = params;
31 if (!limit) throw new Error('limit required');
32 interface Config { timeout: number; }
33 ```
34
35 **Exception**: Discriminated unions with optional payload objects ARE allowed (type-safe, not defaults):
36
37 ```typescript
38 interface PricingConfig {
39 kind: 'static' | 'linear';
40 static?: { price: number };
41 linear?: { basePrice: number; perUnit: number };
42 }
43 ```
44
45 ### NO FUCKING DYNAMIC IMPORT AND FUCKING NEVER USE REQUIRE
46
47 - NEVER `await import`, only `import ... from ''`
48 - NEVER `require()`, only `import ... from ''`
49
50 Static imports fail fast on startup, enable tree-shaking, and TypeScript validates at build time.
51
52 ```typescript
53 // FORBIDDEN
54 await import('@/error/error.js')
55 require('./module')
56 if (condition) { const { Service } = await import('./service.js'); }
57
58 // REQUIRED - static imports at top level
59 import { StatusError } from '@/error/error.js';
60 import { Client } from '@/models/Client.js';
61 ```
62
63 ### No `any` Type
64
65 ```typescript
66 // FORBIDDEN
67 function process(data: any): any {}
68
69 // REQUIRED
70 function process(data: Record<string, unknown>): unknown {}
71 ```
72
73 ## Environment Variables
74
75 **`env.reference` is the AUTHORITATIVE source for ALL environment variables.**
76
77 - All new env vars MUST be added to `env.reference`
78 - K8s deployments automatically parse `env.reference` (see `k8s/sherpa-api.ts`)
79 - `DB_*` variables are automatically used for migrations
80 - Always use `getRequired()` from `lib.ts` at module scope
81 - Never use dotenv - containers handle env loading
82 - No default fallbacks - crash on startup if vars missing
83
84 ```typescript
85 // GOOD - module scope, validates on startup
86 import { getRequired } from '../lib.js';
87 const DB_HOST = getRequired('DB_HOST');
88
89 // BAD - function scope with fallback
90 function connect() {
91 const host = process.env.DB_HOST || 'localhost';
92 }
93 ```
94
95 Workflow: add to `env.reference` → copy to `.env` → K8s picks it up automatically.
96
97 ## Development Workflow
98
99 ### Starting and stopping
100
101 ```bash
102 make dev # start full development environment (env sync, npm install, docker up, migrate, buckets)
103 make down # stop and remove all containers
104 ```
105
106 ### Docker-First
107
108 All runtime commands run through Docker. Never install packages or run commands inside the container manually.
109
110 ```bash
111 # ALWAYS check running services first
112 docker compose ps
113
114 # Package installation (NEVER outside Docker)
115 docker compose exec api npm install
116 docker compose exec api npm install some-package
117
118 # Migrations
119 docker compose exec api npm run db:migrate:up
120
121 # Type checking
122 docker compose exec api npm run type-check
123
124 # Tests
125 docker compose exec api npm test
126 ```
127
128 ### Never Kill Running Services
129
130 Always `docker compose ps` FIRST. Never blindly restart. Watch mode is precious - don't kill it. Only start services if they're DOWN.
131
132 ### After Code Changes
133
134 1. Run `npx eslint .`
135 2. Fix ALL eslint warnings until none remain
136 3. Restart server if needed
137
138 ### No Manual Database Modifications
139
140 Database is recreated hourly from migrations. Never INSERT/UPDATE/DELETE manually. Read-only queries for debugging only.
141
142 ### Use DBeaver MCP for Ad-hoc Queries
143
144 Use DBeaver MCP tools instead of raw psql/docker commands:
145
146 ```
147 # GOOD
148 mcp__dbeaver__execute_query (for SELECT)
149 mcp__dbeaver__list_tables
150 mcp__dbeaver__get_table_schema
151
152 # BAD
153 docker exec sherpa-pg-main psql -c "SELECT..."
154 ```
155
156 ### File Search
157
158 ```bash
159 # REQUIRED - Rust tools (10x faster, respect .gitignore)
160 fd "pattern" # Find files (not find)
161 fd -e ts # Find by extension
162 rg "pattern" # Search content (not grep)
163 rg -t ts "pattern" # Search TypeScript files
164
165 # FORBIDDEN
166 find . -name "*.ts"
167 grep -r "pattern" .
168 ```
169
170 ## Debugging
171
172 Never guess solutions. Always debug first. Evidence first, solutions second.
173
174 ### Required Workflow
175
176 1. **Add debug statements** - understand actual flow before changing anything
177 2. **Verify root cause with evidence** - run, check logs, reproduce
178 3. **Report findings before fixing** - document observed vs expected
179 4. **Ask for confirmation** - never implement without approval
180
181 ```typescript
182 // GOOD - Structured debug logging with request ID
183 fastify.log.info(`[DEBUG:${req.id}] Function: authenticateUser, Input: email=${email}`);
184 fastify.log.info(`[DEBUG:${req.id}] Database query result: user=${JSON.stringify(user)}`);
185
186 // BAD
187 console.log('user:', user);
188 fastify.log.info('something wrong');
189 ```
190
191 ### Bug Analysis Format
192
193 ```
194 BUG ANALYSIS:
195 - Issue: [description]
196 - Root Cause: [evidence-based cause]
197 - Evidence: [logs/data]
198 - Expected: [what should happen]
199 - Actual: [what happens]
200
201 SUGGESTED SOLUTION:
202 1. [specific change]
203 2. [specific change]
204
205 Do you want me to implement this fix?
206 ```
207
208 ## Deployment
209
210 - Run via `tsx` - no build step, no compilation
211 - Dev: `tsx watch src/service.ts`
212 - Prod: `tsx src/service.ts`
213 - Dev env: Docker Compose with `env_file: .env`
214 - Prod env: K8s runtime variables
215 - Never use dotenv
216
217 ## Testing
218
219 Uses `node:test` (built-in, zero deps). See `TESTING.md` for full guidelines.
220
221 - `*.apitest.ts` — runs against live Docker instance (API + DB)
222 - `*.test.ts` — isolated unit tests, no external deps
223 - Tests live in `test/` subfolder within their domain
224 - Use `describe()`, `test()`, `assert` from `node:assert/strict`
225 - Servertests use `src/test/http.ts` for HTTP helper
226 - `npm test` auto-delegates to Docker when run on host
227 - Files run in parallel across domains (`--test-concurrency=4`)
228
229 ### Running tests
230
231 ```bash
232 npm test # full suite
233 npm test -- src/domains/mcp # scope to folder
234 npm test -- src/domains/mcp/test/hosts.apitest.ts # single file
235 npm test -- -q # quiet (dots, errors only)
236 ```
237
238 One command, works from host or Docker. Do NOT run the full suite during development -- scope to your domain.
239
240 ## Change history
241
242 For breaking changes and mindset shifts in a domain, check its `change-history/` folder — timestamped markdown files that explain what changed and why, written for future debugging rather than as a diff log.
243 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/AGENTS.md"}1 # Source Code Conventions
2
3 ## TypeScript
4
5 - **Strict types** - no `any`, use proper type definitions
6 - **Inferred return types** - let TypeScript infer when clear, explicit only when needed
7 - **ES modules** - `export function`, not `export default {}`. Import with `.js` extensions
8 - **Path aliases** - always `@/` instead of relative paths
9 - **Self-documenting code** - good naming over comments. Keep @jsdoc comments
10 - **All code must pass strict mode** - `npx tsc --noEmit`
11
12 ```typescript
13 // Imports - @/ alias, .js extension
14 import { User } from '@/types/user.js';
15
16 // Functions - named exports, proper typing
17 export async function handler(req: FastifyRequest<{
18 Body: CreateUserBody;
19 Params: { id: string };
20 Querystring: { limit: number };
21 }>, reply: FastifyReply) {}
22 ```
23
24 ### Response Schemas
25
26 ALWAYS `additionalProperties: true` on nested objects - Fastify strips unknown properties without it (silent data loss).
27
28 ```typescript
29 // BAD - nested object properties get stripped
30 event: { type: 'object' }
31
32 // GOOD - preserves all nested data
33 event: { type: 'object', additionalProperties: true }
34 ```
35
36 ### Typebox Entity Catalogue (`src/schemas/typebox/`)
37
38 Every Sequelize model has a corresponding `<bucket>/<Entity>.ts` file that
39 exports three things:
40
41 - `<Entity>Schema` — the Typebox schema (registered via `app.addSchema()` in
42 `registerAllSchemas`, referenced from routes with `Type.Ref('<Entity>')`).
43 - `<Entity>PublicFields` — `as const` tuple of column names safe to expose on
44 the wire. Must equal `Object.keys(Schema.properties)` (drift test enforces).
45 - `<Entity>PrivateFields` — `as const` tuple of columns that must NEVER leave
46 the server (e.g. `requestHeaders`, `requestBody`, `password`, `*Token`,
47 `azure*`, `deleted`).
48
49 **Hard rule:** every column on a Sequelize model MUST be classified Public or
50 Private. The drift guard in `src/test/drift.apitest.ts` fails CI when a new
51 column is unclassified.
52
53 Because every `<Entity>Schema` carries `additionalProperties: true`,
54 fast-json-stringify does NOT strip Private fields at serialisation. The
55 controller is responsible for filtering them out. The runtime guard in
56 `src/test/privateFields.apitest.ts` asserts the canonical GET endpoint for
57 each entity does in fact strip its `PrivateFields` from the response — extend
58 that test when a new entity gains Private columns.
59
60 When adding a column to a Sequelize model:
61
62 1. Decide Public or Private.
63 2. Add it to `<Entity>PublicFields` and `<Entity>Schema.properties` (Public)
64 OR to `<Entity>PrivateFields` (Private). Never both.
65 3. If Private, ensure the controller stripping logic (typically
66 `row.toJSON()` then `delete rowData.<field>`) covers it, and extend
67 `privateFields.apitest.ts` if the entity does not already have coverage.
68
69 ### Interface Organization
70
71 - Inline simple types: `{ taskId: string }` instead of separate interfaces
72 - Define interfaces in dedicated type files only when shared across modules
73 - Co-locate types immediately before their consuming functions
74 - Use `.js` extensions for type imports (required for ES modules)
75
76 ## Error Handling
77
78 Always throw, never return errors. No catchAsync wrapper - Fastify supports async/await natively. Let errors bubble to Fastify's errorHandler.
79
80 ```typescript
81 // FORBIDDEN
82 if (!thing) {
83 return res.code(404).send({ error: 'Not found' });
84 }
85
86 // REQUIRED
87 throw new StatusError(404, 'Thing not found');
88 ```
89
90 ## Code Quality
91
92 - **Max 40 lines** per function body - externalize logic if longer
93 - **Pure functions** - predictable, single behavior
94 - **Single responsibility** - one function = one goal
95 - **Never nest** - flatten logic, reduce depth levels
96 - **Fail fast** - throw errors immediately, no intermediate variables for simple checks
97 - **One-line database calls** - direct `findOne()` instead of complex helpers
98 - **No conditional switching** - split functions instead
99
100 ## Logging
101
102 - `fastify.log.info()` - never `console.log`
103 - `request.id` in all log lines
104 - No emojis in logs - break logging and grep in production
105 - Just throw errors, don't log and throw
106
107 ## Architecture
108
109 ### Code Organization
110
111 - **Co-location over abstraction** - place types before consuming functions
112 - **Avoid separate `types.ts`** unless shared across modules
113 - **Eliminate empty abstractions** - remove unnecessary intermediate files
114 - **Complete refactors** - update all imports in the same change, no partial states
115
116 ### Route Organization
117
118 - **No route prefixes** - use full routes like `/v1/users/profile`
119 - **Flat routes** in `routes/index.ts` - better for AI context
120 - **Minimal handlers** - delegate to services
121
122 ### File Naming
123
124 - Pick one convention (camelCase, PascalCase, or snake_case)
125 - No suffixes - no Controller, Routes, Service. Path indicates purpose
126 - Fewer tokens = more AI context
127
128 ### File Organization
129
130 - Single Dockerfile - override dev in docker-compose
131 - Single tsconfig.json
132 - Use library defaults - remove config files when possible
133
134 ### Naming Consistency
135
136 - Same names everywhere - env vars, service names, container names
137 - Docker services match env file - no overrides in compose
138
139 ## Authentication System
140
141 Auth is handled by `plugins/auth-v2.ts`, which calls `authenticateRequest()`. It tries four strategies in order: `X-Widget-Token` header → `Permit` → `Client` → `Bearer`. After authentication, `request.ident` (WHO) and `request.auth` (HOW) are set on the request.
142
143 `request.ident: RequestIdentity` — `{ user: UserIdentity | null, org: OrganizationIdentity, client: ClientIdentity | null }`. `user` is null for client-only credentials with no bound user.
144
145 `UserIdentity.id` is a `string` (UUID). All user IDs in the system are UUIDs — numeric IDs no longer appear in auth interfaces.
146
147 `GET /v1/auth/session` — protected endpoint (requires `fastify.authenticate`). Returns `{ userId, organizationId, user, organization }`. Used by sherpa-mesh to validate incoming tokens. `userId` is null when there is no user context (client-only credentials). Add `additionalProperties: true` to any nested objects added to its response schema.
148
149 ### Comments and Documentation
150
151 - Keep comments that explain business logic
152 - Remove obvious comments like "This is the taskId"
153 - If something needs explanatory comments, fix the naming instead
154 - Keep docs/jsdoc during refactors - don't delete them
155
156 ### Product setup completeness (pending)
157
158 `ProductReadyBanner` currently determines product readiness by making 4 parallel API calls from the browser. This business logic belongs in a dedicated API endpoint: `GET /v1/plus/products/{id}/setup-status`.
159
160 The endpoint should return a structured list of what's present and missing (required vs. warning), computed server-side. The portal consumes it instead of making 4 bespoke calls. The mesh portal agent calls it via `fetch_sherpa_api` to understand what a product still needs before proposing additional drafts.
161
162 The distinction between required (Quote, Product Plan, Pricing) and warning (Policy, Pricing Table, Pricing Rule) is business knowledge — it belongs in the API, not in the model prompt or portal component.
163
164 ### Agent-facing field descriptions in TypeBox schemas
165
166 The Sherpa Mesh portal agent reads field descriptions from the OpenAPI spec via `openapi_get` before proposing resource drafts. Descriptions are the agent's only guidance on valid values and business rules.
167
168 Use these conventions in `src/schemas/plus/`:
169
170 - `AUTO-DEFAULT: <how to derive it>. NEVER ask the use{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/db/AGENTS.md"}1 # Database & Migrations
2
3 ## Tenant Isolation — Safe Model Pattern
4
5 Organization context is enforced at the call site via `toSafeModel` wrappers. There is no CLS namespace and no ambient global state. Strict tenant RLS is active on every tenant-scoped table: `current_organization_in_scope("organizationId")` returns FALSE when `app.current_organization` / `app.current_organization_set` is unset, so an unpinned query sees zero rows.
6
7 ### How It Works
8
9 - Every tenant-isolated model is wrapped with `toSafeModel` (`src/models/lib/safe-model.ts`)
10 - Every query requires an explicit `FastifyRequest` or `OrgCtx` as the first argument
11 - Safe-model opens a transaction and sets `app.current_organization` / `app.current_organization_set` / `app.scope_mode` via `SET LOCAL` before running the query
12 - `organizationId` is injected into where clauses / creation attributes automatically
13 - CI import guard (`scripts/check-internal-imports.sh`) prevents raw internal model imports
14
15 ### Three Access Patterns
16
17 There are exactly three sanctioned ways to reach the database. Anything else fails CI or fails RLS (or both).
18
19 ```typescript
20 // 1. Authenticated / tenant-scoped — pass the FastifyRequest.
21 // safe-model resolves the caller's org scope and pins the GUC for the txn.
22 const product = await Product.findOne(request, { where: { id } });
23
24 // 2. Programmatic / fixed-org — pass { organizationId } (an OrgCtx).
25 // Background jobs, scripts, webhook workers where the org is known.
26 const product = await Product.findOne({ organizationId }, { where: { id } });
27
28 // 3. Genuinely cross-org — systemSequelize (BYPASSRLS user), raw SQL only.
29 // Auth bootstrap, payment webhooks, cross-org batch sweeps.
30 // SAFE-SYSTEM: pre-auth token lookup, no request identity yet
31 const rows = await systemSequelize.query(sql, { replacements, type: QueryTypes.SELECT });
32 ```
33
34 When the ORM cannot express a tenant query (recursive CTEs, UPSERT-RETURNING, jsonb operators, multi-table aggregations), use `tenantQuery` — never raw `sequelize.query`:
35
36 ```typescript
37 import { tenantQuery } from '@/models/lib/db-query.js';
38
39 const rows = await tenantQuery<Row[]>(
40 request, // or { organizationId }
41 `WITH RECURSIVE tree AS ( ... ) SELECT * FROM tree WHERE ...`,
42 [parentId],
43 );
44 ```
45
46 `tenantQuery` resolves the caller's scope, opens a transaction, sets `app.current_organization` / `app.current_organization_set` / `app.scope_mode` via `SET LOCAL`, then runs the SQL on the tenant DB user. An explicit `"organizationId" = $n` predicate in the SQL is still recommended as defense-in-depth, but the GUC + RLS policy is the primary filter.
47
48 ### Model Categories
49
50 There are two kinds of models, determined by whether the table has an `organizationId` column:
51
52 | Category | Layout | Query shape | Examples |
53 | --- | --- | --- | --- |
54 | **Tenant-scoped** | `src/models/internal/_Foo.ts` (class) + `src/models/Foo.ts` (`toSafeModel(_Foo)`) | `Foo.findOne(ctxOrReq, { where: {...} })` | `Product`, `Policy`, `Claim`, `Pricing`, `UserOrganization` |
55 | **Cross-org / platform / reference** | Plain `@Table class Foo extends Model` in `src/models/Foo.ts`, no `internal/_Foo.ts` | `Foo.findOne({ where: {...} })` | `Organization`, `User`, `Country`, `Region`, `Partner`, `Module`, `Insurer`, `Scope`, `InvalidatedToken` |
56
57 The rule is: **if the table has an `organizationId` column, it's tenant-scoped and must live in `internal/_Foo.ts`** (enforced by CI check 5 below). Cross-org models have no column to filter on and are therefore plain Sequelize classes with full `.findOne`/`.create`/etc. exposed. There is no `toSystemModel` wrapper — cross-org lookup of a tenant-scoped model goes through `systemSequelize.query` with a `// SAFE-SYSTEM:` annotation (see `authController.login()` for the canonical example).
58
59 ### Two Database Connections
60
61 | Env Variable | Connection | RLS | Purpose |
62 | ------------- | ----------------- | ------------ | -------------------------------------------- |
63 | `DB_USER` | `systemSequelize` | **Bypassed** | Pre-auth lookups, cross-org reads, migrations, admin scripts. Every call site must carry a `// SAFE-SYSTEM: <reason>` annotation. |
64 | `DB_APP_USER` | `sequelize` | **Enforced** | All tenant-scoped data-plane operations. Reached only through safe-model wrappers or `tenantQuery` — never `sequelize.query` directly. |
65
66 Environment-specific users:
67
68 | Environment | DB_USER (bypass RLS) | DB_APP_USER (RLS enforced) |
69 | ----------- | ------------------------ | -------------------------- |
70 | Local | `sherpa_user` | `sherpa_app` |
71 | Development | `sherpa_api_development` | `sherpa_app_development` |
72 | Staging | `sherpa_api_staging` | `sherpa_app_staging` |
73
74 ### Transaction Rules
75
76 ```typescript
77 // Standard — no explicit transaction needed for single operations.
78 // safe-model opens its own txn and sets the org GUC inside it.
79 const product = await Product.findOne(request, { where: { id } });
80
81 // Raw SQL on a tenant table — tenantQuery opens its own txn and sets the GUC.
82 // Do NOT wrap it in sequelize.transaction(...) for org context.
83 const rows = await tenantQuery<Row[]>(request, sql, [param]);
84
85 // Atomic multi-write across several safe-model calls — explicit transaction
86 // for atomicity only. The org GUC is still pinned per-call by safe-model.
87 return sequelize.transaction(async (transaction) => {
88 const claim = await Claim.create(request, { ... }, { transaction });
89 await ClaimParameter.bulkCreate(request, [...], { transaction });
90 return claim;
91 });
92
93 // Background job / script — OrgCtx instead of request
94 const product = await Product.findOne({ organizationId }, { where: { id } });
95 ```
96
97 Explicit `sequelize.transaction(...)` is for multi-write atomicity, not for establishing org context. Org context is always set by safe-model (or `tenantQuery`) on the inner query's own transaction.
98
99 ### systemSequelize (Bypass RLS)
100
101 Use ONLY for:
102 - Auth bootstrap (pre-auth lookups): `authController`, `routes/authRoutes`, `plugins/auth/*`, `services/azureAdService`
103 - Migrations/admin: `db/migrate.ts`, `db/umzug.ts`, maintenance scripts
104 - Cross-org registries that are platform-level by design: `domains/mcp/*`, org module/switching controllers
105 - Cross-org batch sweeps and pre-auth payment webhooks (e.g. Stripe events that arrive before a request identity exists)
106 - NEVER in data-plane controllers, services, or jobs after auth — use safe-model or `tenantQuery`
107 - Always parameterized — prevent SQL injection
108 - **Every call site must carry a `// SAFE-SYSTEM: <reason>` annotation** (enforced by CI, see guardrails below)
109
110 ### RLS Policy Template for New Tenant Tables
111
112 RLS policies on tenant tables use `USING (current_organization_in_scope("organizationId"))`. The function returns FALSE when the GUC is unset, so every app-code path must pin the org via safe-model (which calls `withRls` internally) or `tenantQuery`. `systemSequelize` is the only legitimate bypass and requires a `// SAFE-SYSTEM:` annotation.
113
114 Every new tenant-isolated table's migration MUST use this `USING` expression:
115
116 ```sql
117 CREATE POLICY tenant_isolation ON "NewTenantTable"
118 FOR ALL
119 USING (current_organization_in_scope("organizationId"));
120 ```
121
122 A bare `USING ("organizationId" = NULLIF(current_setting('app.current_organization', true), '')::uuid)` clause does not honor scope mode and will not see hierarchical descendants when the route opts in. Always use `current_organization_in_scope`. See `2026.05.21T00.00.01.fix-rls-no-guc-deny.ts` and `2026.05.25T00.00.01.scope-mode-strict-by-default-rls.ts` for the f{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/models/internal/_EndorsementField.ts"}1 import {
2 Table,
3 Column,
4 Model,
5 BelongsTo,
6 ForeignKey,
7 DataType,
8 } from 'sequelize-typescript';
9 import { _Product } from './_Product.js';
10
11 // Input type for a custom endorsement field. Restricted to the subset of the
12 // FormParameter type vocabulary the portal + embed already render as capture
13 // inputs (no file/address/coverage types — those aren't ad-hoc endorsement
14 // data).
15 export enum EndorsementFieldType {
16 STRING = 'string',
17 NUMBER = 'number',
18 DATE = 'date',
19 BOOLEAN = 'boolean',
20 SELECT = 'select',
21 TEXTAREA = 'textarea',
22 }
23
24 // Where the field comes from: a brand-new ad-hoc field defined here, or a
25 // reference to an existing product data-model field surfaced for editing at
26 // endorsement time. Stored explicitly so exports/rules can tell author-defined
27 // captures apart from data-model passthroughs.
28 export enum EndorsementFieldSource {
29 ADHOC = 'adhoc',
30 DATA_MODEL = 'datamodel',
31 }
32
33 export interface EndorsementFieldOption {
34 value: string;
35 label: string;
36 }
37
38 @Table({
39 modelName: 'EndorsementField',
40 tableName: 'EndorsementFields',
41 timestamps: true,
42 indexes: [
43 {
44 fields: ['organizationId', 'productId', 'active', 'order'],
45 name: 'idx_endorsement_fields_org_product_active',
46 },
47 {
48 unique: true,
49 fields: ['organizationId', 'productId', 'fieldKey'],
50 name: 'idx_endorsement_fields_unique_key',
51 },
52 ],
53 })
54 export class _EndorsementField extends Model {
55 @Column({
56 type: DataType.UUID,
57 primaryKey: true,
58 defaultValue: DataType.UUIDV4,
59 })
60 declare id: string;
61
62 @Column({
63 type: DataType.UUID,
64 allowNull: false,
65 })
66 declare organizationId: string;
67
68 @ForeignKey(() => _Product)
69 @Column({
70 type: DataType.INTEGER,
71 allowNull: false,
72 })
73 declare productId: number;
74
75 @BelongsTo(() => _Product)
76 declare product?: _Product;
77
78 // Stable identifier used as the key under PolicyOrder.endorsementFieldValues.
79 // Unique per (organization, product); never changes once captured values
80 // exist so historical versions keep resolving their labels.
81 @Column({
82 type: DataType.STRING(64),
83 allowNull: false,
84 })
85 declare fieldKey: string;
86
87 // Source label in the product's source locale. Localised at render time via
88 // the LMT translation-overrides pipeline (translateTemplateString), exactly
89 // like acceptance-page / form-parameter labels.
90 @Column({
91 type: DataType.STRING(255),
92 allowNull: false,
93 })
94 declare label: string;
95
96 @Column({
97 type: DataType.STRING(500),
98 allowNull: true,
99 })
100 declare helpText: string | null;
101
102 @Column({
103 type: DataType.ENUM('string', 'number', 'date', 'boolean', 'select', 'textarea'),
104 allowNull: false,
105 })
106 declare type: EndorsementFieldType;
107
108 @Column({
109 type: DataType.BOOLEAN,
110 allowNull: false,
111 defaultValue: false,
112 })
113 declare required: boolean;
114
115 // For `select` fields: the choosable options. Null for every other type.
116 @Column({
117 type: DataType.JSONB,
118 allowNull: true,
119 })
120 declare options: EndorsementFieldOption[] | null;
121
122 // Optional anchored regex applied to string / textarea values on submit.
123 @Column({
124 type: DataType.STRING(255),
125 allowNull: true,
126 })
127 declare validationPattern: string | null;
128
129 @Column({
130 type: DataType.ENUM('adhoc', 'datamodel'),
131 allowNull: false,
132 defaultValue: 'adhoc',
133 })
134 declare source: EndorsementFieldSource;
135
136 // Set only when source === 'datamodel': the referenced product data-model
137 // field name whose value this endorsement field collects.
138 @Column({
139 type: DataType.STRING(128),
140 allowNull: true,
141 })
142 declare dataModelFieldName: string | null;
143
144 @Column({
145 type: DataType.INTEGER,
146 allowNull: false,
147 defaultValue: 0,
148 })
149 declare order: number;
150
151 @Column({
152 type: DataType.BOOLEAN,
153 allowNull: false,
154 defaultValue: true,
155 })
156 declare active: boolean;
157 }
158 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/models/EndorsementField.ts"}1 import { _EndorsementField } from './internal/_EndorsementField.js';
2 import { toSafeModel } from './lib/safe-model.js';
3
4 export const EndorsementField = toSafeModel(_EndorsementField);
5 export type EndorsementField = _EndorsementField;
6
7 // Re-export raw class for db.ts registration, association includes, and type usage
8 export { _EndorsementField };
9 export {
10 EndorsementFieldType,
11 EndorsementFieldSource,
12 type EndorsementFieldOption,
13 } from './internal/_EndorsementField.js';
14 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/db/migrations/2026.05.31T00.00.00.create-endorsement-fields.ts"}1 import type { MigrationFn } from 'umzug';
2 import { QueryInterface, DataTypes } from 'sequelize';
3
4 // Custom additional fields collected during an endorsement (#457).
5 // EndorsementFields holds the per-product field configuration (the
6 // field-builder rows); PolicyOrders.endorsementFieldValues stores the values
7 // captured against each endorsement version so they persist in policy history
8 // and are available to rules / exports / templates.
9 export const up: MigrationFn<QueryInterface> = async ({ context }) => {
10 await context.createTable('EndorsementFields', {
11 id: {
12 type: DataTypes.UUID,
13 primaryKey: true,
14 defaultValue: DataTypes.UUIDV4,
15 },
16 organizationId: {
17 type: DataTypes.UUID,
18 allowNull: false,
19 references: {
20 model: 'Organizations',
21 key: 'id',
22 },
23 },
24 productId: {
25 type: DataTypes.INTEGER,
26 allowNull: false,
27 references: {
28 model: 'Products',
29 key: 'id',
30 },
31 onDelete: 'CASCADE',
32 },
33 fieldKey: {
34 type: DataTypes.STRING(64),
35 allowNull: false,
36 },
37 label: {
38 type: DataTypes.STRING(255),
39 allowNull: false,
40 },
41 helpText: {
42 type: DataTypes.STRING(500),
43 allowNull: true,
44 },
45 type: {
46 type: DataTypes.ENUM('string', 'number', 'date', 'boolean', 'select', 'textarea'),
47 allowNull: false,
48 },
49 required: {
50 type: DataTypes.BOOLEAN,
51 allowNull: false,
52 defaultValue: false,
53 },
54 options: {
55 type: DataTypes.JSONB,
56 allowNull: true,
57 },
58 validationPattern: {
59 type: DataTypes.STRING(255),
60 allowNull: true,
61 },
62 source: {
63 type: DataTypes.ENUM('adhoc', 'datamodel'),
64 allowNull: false,
65 defaultValue: 'adhoc',
66 },
67 dataModelFieldName: {
68 type: DataTypes.STRING(128),
69 allowNull: true,
70 },
71 order: {
72 type: DataTypes.INTEGER,
73 allowNull: false,
74 defaultValue: 0,
75 },
76 active: {
77 type: DataTypes.BOOLEAN,
78 allowNull: false,
79 defaultValue: true,
80 },
81 createdAt: {
82 type: DataTypes.DATE,
83 allowNull: false,
84 defaultValue: DataTypes.NOW,
85 },
86 updatedAt: {
87 type: DataTypes.DATE,
88 allowNull: false,
89 defaultValue: DataTypes.NOW,
90 },
91 });
92
93 await context.addIndex('EndorsementFields', ['organizationId', 'productId', 'active', 'order'], {
94 name: 'idx_endorsement_fields_org_product_active',
95 });
96
97 // A field key is unique within a product so values map unambiguously.
98 await context.addIndex('EndorsementFields', ['organizationId', 'productId', 'fieldKey'], {
99 name: 'idx_endorsement_fields_unique_key',
100 unique: true,
101 });
102
103 await context.sequelize.query(`ALTER TABLE "EndorsementFields" ENABLE ROW LEVEL SECURITY`);
104 await context.sequelize.query(`ALTER TABLE "EndorsementFields" FORCE ROW LEVEL SECURITY`);
105 await context.sequelize.query(`
106 CREATE POLICY tenant_isolation ON "EndorsementFields"
107 FOR ALL
108 USING (
109 NULLIF(current_setting('app.current_organization', true), '') IS NULL
110 OR "organizationId" = NULLIF(current_setting('app.current_organization', true), '')::uuid
111 )
112 `);
113
114 const appUser = process.env.DB_APP_USER;
115 if (appUser) {
116 await context.sequelize.query(`GRANT SELECT, INSERT, UPDATE, DELETE ON "EndorsementFields" TO ${appUser}`);
117 }
118
119 // Captured ad-hoc field values for this policy version. JSONB so rules,
120 // exports and templates can read individual keys; carried forward onto each
121 // new endorsement version unless the submit supplies fresh values.
122 await context.addColumn('PolicyOrders', 'endorsementFieldValues', {
123 type: DataTypes.JSONB,
124 allowNull: true,
125 });
126 };
127
128 export const down: MigrationFn<QueryInterface> = async () => {
129 // Down migration not implemented - forward-only deployment
130 };
131 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/schemas/typebox/product/EndorsementField.ts"}1 import { Type, type Static } from '@sinclair/typebox';
2 import { Uuid, IsoDateTime, NullableString } from '../_helpers.js';
3
4 export const EndorsementFieldPublicFields = [
5 'id',
6 'organizationId',
7 'productId',
8 'fieldKey',
9 'label',
10 'helpText',
11 'type',
12 'required',
13 'options',
14 'validationPattern',
15 'source',
16 'dataModelFieldName',
17 'order',
18 'active',
19 'createdAt',
20 'updatedAt',
21 ] as const;
22
23 // No server-only columns — the whole row is admin config, safe to expose.
24 export const EndorsementFieldPrivateFields = [] as const;
25
26 const EndorsementFieldTypeSchema = Type.Union(
27 [
28 Type.Literal('string'),
29 Type.Literal('number'),
30 Type.Literal('date'),
31 Type.Literal('boolean'),
32 Type.Literal('select'),
33 Type.Literal('textarea'),
34 ],
35 { description: 'Input type rendered for this field in the endorsement flow.' },
36 );
37
38 const EndorsementFieldSourceSchema = Type.Union(
39 [Type.Literal('adhoc'), Type.Literal('datamodel')],
40 { description: 'Whether this is a brand-new ad-hoc field or a reference to an existing product data-model field.' },
41 );
42
43 const EndorsementFieldOptionSchema = Type.Object(
44 {
45 value: Type.String({ example: 'water_damage' }),
46 label: Type.String({ example: 'Water damage' }),
47 },
48 { additionalProperties: true },
49 );
50
51 export const EndorsementFieldSchema = Type.Object(
52 {
53 id: Uuid(),
54 organizationId: Uuid(),
55 productId: Type.Integer({ example: 42 }),
56 fieldKey: Type.String({
57 description: 'Stable key used under PolicyOrder.endorsementFieldValues. Unique per product.',
58 example: 'reasonForChange',
59 }),
60 label: Type.String({
61 description: "Field label in the product's source locale. Localised at render time via the LMT pipeline.",
62 example: 'Reason for change',
63 }),
64 helpText: NullableString({ description: 'Optional helper text shown beneath the field.' }),
65 type: EndorsementFieldTypeSchema,
66 required: Type.Boolean({ description: 'When true, the endorsement cannot be submitted without a value.', example: true }),
67 options: Type.Union([Type.Array(EndorsementFieldOptionSchema), Type.Null()], {
68 description: 'Choosable options for `select` fields; null for every other type.',
69 }),
70 validationPattern: NullableString({ description: 'Optional anchored regex applied to string / textarea values.' }),
71 source: EndorsementFieldSourceSchema,
72 dataModelFieldName: NullableString({ description: 'Referenced product data-model field name when source = datamodel.' }),
73 order: Type.Integer({ description: 'Display order within the endorsement form.', example: 0 }),
74 active: Type.Boolean({ description: 'Inactive fields are hidden from the flow and no longer validated.', example: true }),
75 createdAt: IsoDateTime(),
76 updatedAt: IsoDateTime(),
77 },
78 { $id: 'EndorsementField', additionalProperties: true },
79 );
80
81 export type EndorsementField = Static<typeof EndorsementFieldSchema>;
82 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts"}1 import type { FastifyRequest } from 'fastify';
2 import { StatusError } from '@/error/error.js';
3 import { EndorsementField, _EndorsementField } from '@/models/EndorsementField.js';
4 import { translateTemplateString } from '@/services/templateI18nService.js';
5
6 type TranslationOverrides = Record<string, Record<string, string>> | null | undefined;
7
8 // Active fields for a product, in display order. The endorsement flow renders
9 // these; submit validates against them.
10 export async function getActiveEndorsementFields(
11 request: FastifyRequest,
12 productId: number,
13 ): Promise<_EndorsementField[]> {
14 return EndorsementField.findAll(request, {
15 where: { productId, active: true },
16 order: [['order', 'ASC'], ['createdAt', 'ASC']],
17 });
18 }
19
20 export interface ResolvedEndorsementField {
21 fieldKey: string;
22 label: string;
23 helpText: string | null;
24 type: string;
25 required: boolean;
26 options: { value: string; label: string }[] | null;
27 validationPattern: string | null;
28 source: string;
29 dataModelFieldName: string | null;
30 order: number;
31 }
32
33 // Resolve labels/options/help text for a locale via the product's LMT
34 // translation overrides, mirroring how form-parameter and acceptance labels are
35 // localised. Returns a lean shape the portal + embed render directly.
36 export function resolveEndorsementFieldsForLocale(
37 fields: _EndorsementField[],
38 locale: string | null,
39 overrides: TranslationOverrides,
40 ): ResolvedEndorsementField[] {
41 const loc = locale ?? 'en';
42 const tr = (s: string): string => translateTemplateString(s, loc, overrides);
43 return fields.map((f) => ({
44 fieldKey: f.fieldKey,
45 label: tr(f.label),
46 helpText: f.helpText ? tr(f.helpText) : null,
47 type: f.type,
48 required: f.required,
49 options: f.options ? f.options.map((o) => ({ value: o.value, label: tr(o.label) })) : null,
50 validationPattern: f.validationPattern,
51 source: f.source,
52 dataModelFieldName: f.dataModelFieldName,
53 order: f.order,
54 }));
55 }
56
57 function isEmpty(value: unknown): boolean {
58 return value === undefined || value === null || (typeof value === 'string' && value.trim() === '');
59 }
60
61 function coerceBoolean(value: unknown): boolean | undefined {
62 if (typeof value === 'boolean') return value;
63 if (value === 'true' || value === '1') return true;
64 if (value === 'false' || value === '0') return false;
65 return undefined;
66 }
67
68 // Coerce + validate a single non-boolean value against its field definition.
69 function normalizeScalar(field: _EndorsementField, raw: unknown): unknown {
70 switch (field.type) {
71 case 'number': {
72 const n = typeof raw === 'number' ? raw : Number(raw);
73 if (!Number.isFinite(n)) throw new StatusError(400, `Endorsement field "${field.label}" must be a number`);
74 return n;
75 }
76 case 'date': {
77 const s = String(raw);
78 if (!/^\d{4}-\d{2}-\d{2}$/.test(s) || Number.isNaN(Date.parse(s))) {
79 throw new StatusError(400, `Endorsement field "${field.label}" must be a valid date (YYYY-MM-DD)`);
80 }
81 return s;
82 }
83 case 'select': {
84 const s = String(raw);
85 const allowed = (field.options ?? []).map((o) => o.value);
86 if (!allowed.includes(s)) throw new StatusError(400, `Endorsement field "${field.label}" has an invalid selection`);
87 return s;
88 }
89 default: {
90 // string | textarea
91 const s = String(raw);
92 if (field.validationPattern) {
93 let re: RegExp;
94 try {
95 re = new RegExp(field.validationPattern);
96 } catch {
97 // Invalid stored pattern can't validate the value; rejected at save time.
98 return s;
99 }
100 if (!re.test(s)) throw new StatusError(400, `Endorsement field "${field.label}" has an invalid format`);
101 }
102 return s;
103 }
104 }
105 }
106
107 // Validate submitted values against the product's active field config and
108 // return the normalised map to persist. Throws 400 on a missing required field
109 // or a value that fails its type / pattern / option constraints. Only values
110 // for configured fields are kept — arbitrary extra keys are dropped.
111 export function validateAndNormalizeEndorsementFieldValues(
112 fields: _EndorsementField[],
113 rawValues: Record<string, unknown> | null | undefined,
114 ): Record<string, unknown> {
115 const values = rawValues ?? {};
116 const normalized: Record<string, unknown> = {};
117
118 for (const field of fields) {
119 const raw = values[field.fieldKey];
120
121 if (field.type === 'boolean') {
122 const coerced = coerceBoolean(raw);
123 if (field.required && coerced !== true) {
124 throw new StatusError(400, `Endorsement field "${field.label}" must be accepted`);
125 }
126 if (coerced !== undefined) normalized[field.fieldKey] = coerced;
127 continue;
128 }
129
130 if (isEmpty(raw)) {
131 if (field.required) throw new StatusError(400, `Endorsement field "${field.label}" is required`);
132 continue;
133 }
134
135 normalized[field.fieldKey] = normalizeScalar(field, raw);
136 }
137
138 return normalized;
139 }
140 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/endorsementFieldController.ts"}1 import type { FastifyReply, FastifyRequest } from 'fastify';
2 import { StatusError } from '@/error/error.js';
3 import { Product } from '@/models/Product.js';
4 import {
5 EndorsementField,
6 EndorsementFieldType,
7 EndorsementFieldSource,
8 type EndorsementFieldOption,
9 } from '@/models/EndorsementField.js';
10
11 type Req = FastifyRequest;
12
13 const FIELD_TYPES: EndorsementFieldType[] = [
14 EndorsementFieldType.STRING,
15 EndorsementFieldType.NUMBER,
16 EndorsementFieldType.DATE,
17 EndorsementFieldType.BOOLEAN,
18 EndorsementFieldType.SELECT,
19 EndorsementFieldType.TEXTAREA,
20 ];
21
22 function orgId(request: Req): string {
23 const id = request.ident?.org?.id;
24 if (!id) throw new StatusError(400, 'Organization context required');
25 return id;
26 }
27
28 function toProductId(raw: string): number {
29 const id = Number.parseInt(raw, 10);
30 if (!Number.isInteger(id)) throw new StatusError(400, 'Invalid productId');
31 return id;
32 }
33
34 async function assertProduct(request: Req, productId: number) {
35 const product = await Product.findByPk(request, productId);
36 if (!product) throw new StatusError(404, 'Product not found');
37 return product;
38 }
39
40 // Derive a stable camelCase key from a label, e.g. "Reason for change" →
41 // "reasonForChange". Falls back to "field" when the label has no usable chars.
42 function slugifyKey(label: string): string {
43 const words = label.toLowerCase().split(/[^a-z0-9]+/).filter(Boolean);
44 if (words.length === 0) return 'field';
45 const key = words[0] + words.slice(1).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join('');
46 return /^[a-z]/.test(key) ? key.slice(0, 60) : `field${key}`.slice(0, 60);
47 }
48
49 async function uniqueFieldKey(request: Req, productId: number, base: string): Promise<string> {
50 const existing = await EndorsementField.findAll(request, { where: { productId }, attributes: ['fieldKey'] });
51 const taken = new Set(existing.map((f) => f.fieldKey));
52 if (!taken.has(base)) return base;
53 for (let i = 2; i < 1000; i++) {
54 const candidate = `${base}${i}`;
55 if (!taken.has(candidate)) return candidate;
56 }
57 throw new StatusError(409, 'Unable to allocate a unique field key');
58 }
59
60 interface FieldBody {
61 label?: string;
62 fieldKey?: string;
63 helpText?: string | null;
64 type?: EndorsementFieldType;
65 required?: boolean;
66 options?: EndorsementFieldOption[] | null;
67 validationPattern?: string | null;
68 source?: EndorsementFieldSource;
69 dataModelFieldName?: string | null;
70 order?: number;
71 active?: boolean;
72 }
73
74 function assertType(type: unknown): EndorsementFieldType {
75 if (!FIELD_TYPES.includes(type as EndorsementFieldType)) {
76 throw new StatusError(400, `Invalid field type. Allowed: ${FIELD_TYPES.join(', ')}`);
77 }
78 return type as EndorsementFieldType;
79 }
80
81 function validateOptions(type: EndorsementFieldType, options: EndorsementFieldOption[] | null | undefined): EndorsementFieldOption[] | null {
82 if (type !== EndorsementFieldType.SELECT) return null;
83 if (!Array.isArray(options) || options.length === 0) {
84 throw new StatusError(400, 'Select fields require at least one option');
85 }
86 return options.map((o) => {
87 if (!o || typeof o.value !== 'string' || !o.value.trim() || typeof o.label !== 'string' || !o.label.trim()) {
88 throw new StatusError(400, 'Each option needs a non-empty value and label');
89 }
90 return { value: o.value.trim(), label: o.label.trim() };
91 });
92 }
93
94 function validatePattern(pattern: string | null | undefined): string | null {
95 if (pattern === undefined || pattern === null || pattern === '') return null;
96 try {
97 new RegExp(pattern);
98 } catch {
99 throw new StatusError(400, 'Validation pattern is not a valid regular expression');
100 }
101 return pattern;
102 }
103
104 export async function listEndorsementFields(
105 request: FastifyRequest<{ Params: { productId: string } }>,
106 reply: FastifyReply,
107 ) {
108 orgId(request);
109 const productId = toProductId(request.params.productId);
110 await assertProduct(request, productId);
111 const fields = await EndorsementField.findAll(request, {
112 where: { productId },
113 order: [['order', 'ASC'], ['createdAt', 'ASC']],
114 });
115 return reply.code(200).send({ status: 'success', data: fields });
116 }
117
118 export async function createEndorsementField(
119 request: FastifyRequest<{ Params: { productId: string }; Body: FieldBody }>,
120 reply: FastifyReply,
121 ) {
122 orgId(request);
123 const productId = toProductId(request.params.productId);
124 await assertProduct(request, productId);
125
126 const b = request.body;
127 const label = typeof b.label === 'string' ? b.label.trim() : '';
128 if (!label) throw new StatusError(400, 'label is required');
129 const type = assertType(b.type);
130 const source = b.source === EndorsementFieldSource.DATA_MODEL ? EndorsementFieldSource.DATA_MODEL : EndorsementFieldSource.ADHOC;
131 if (source === EndorsementFieldSource.DATA_MODEL && (!b.dataModelFieldName || !b.dataModelFieldName.trim())) {
132 throw new StatusError(400, 'dataModelFieldName is required when source is "datamodel"');
133 }
134
135 const baseKey = b.fieldKey && b.fieldKey.trim() ? slugifyKey(b.fieldKey) : slugifyKey(label);
136 const fieldKey = await uniqueFieldKey(request, productId, baseKey);
137
138 const existing = await EndorsementField.findAll(request, { where: { productId }, attributes: ['id'] });
139
140 const field = await EndorsementField.create(request, {
141 organizationId: orgId(request),
142 productId,
143 fieldKey,
144 label,
145 helpText: b.helpText?.trim() || null,
146 type,
147 required: b.required === true,
148 options: validateOptions(type, b.options),
149 validationPattern: validatePattern(b.validationPattern),
150 source,
151 dataModelFieldName: source === EndorsementFieldSource.DATA_MODEL ? b.dataModelFieldName!.trim() : null,
152 order: typeof b.order === 'number' ? b.order : existing.length,
153 active: b.active === false ? false : true,
154 });
155
156 return reply.code(201).send({ status: 'success', data: field });
157 }
158
159 export async function updateEndorsementField(
160 request: FastifyRequest<{ Params: { productId: string; id: string }; Body: FieldBody }>,
161 reply: FastifyReply,
162 ) {
163 orgId(request);
164 const productId = toProductId(request.params.productId);
165 await assertProduct(request, productId);
166
167 const field = await EndorsementField.findByPk(request, request.params.id);
168 if (!field || field.productId !== productId) throw new StatusError(404, 'Endorsement field not found');
169
170 const b = request.body;
171 const type = b.type !== undefined ? assertType(b.type) : field.type;
172 const source = b.source !== undefined
173 ? (b.source === EndorsementFieldSource.DATA_MODEL ? EndorsementFieldSource.DATA_MODEL : EndorsementFieldSource.ADHOC)
174 : field.source;
175 const dataModelFieldName = source === EndorsementFieldSource.DATA_MODEL
176 ? ((b.dataModelFieldName ?? field.dataModelFieldName)?.trim() || null)
177 : null;
178 if (source === EndorsementFieldSource.DATA_MODEL && !dataModelFieldName) {
179 throw new StatusError(400, 'dataModelFieldName is required when source is "datamodel"');
180 }
181 const nextOptions = b.options !== undefined ? validateOptions(type, b.options) : validateOptions(type, field.options);
182
183 await field.update({
184 label: b.label !== undefined ? (b.label.trim() || field.label) : field.label,
185 helpText: b.helpText !== undefined ? (b.helpText?.trim() || null) : field.helpText,
186 type,
187 required: b.required !== undefined ? b.required === true : field.required,
188 opti{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","limit":200}1 import crypto from 'crypto';
2 import jwt from 'jsonwebtoken';
3 import { FastifyRequest, FastifyReply } from 'fastify';
4 import { Op } from 'sequelize';
5 import { generatePdfDownloadToken, PDF_DOWNLOAD_TOKEN_TTL_SECONDS } from '@/utils/tokenUtils.js';
6 import { getOrganizationBackendUrl } from '@/utils/organizationUtils.js';
7 import { calculatePriceforQuote } from '@/controllers/pricingController.js';
8 import { sequelize } from '@/models/db.js';
9 import { tenantQuery } from '@/models/lib/db-query.js';
10 import { getPolicyVisibilityConfig } from '@/utils/policyMessagesVisibility.js';
11 import { getBusinessDate, resolveOrgTimezone } from '@/utils/dateUtils.js';
12 import { StatusError } from '@/error/error.js';
13 import logger from '@/logger.js';
14 import { Client } from '@/models/Client.js';
15 import { Country } from '@/models/Country.js';
16 import { DriverFactory } from '@/integrations/driver-factory.js';
17 import { Insurer } from '@/models/Insurer.js';
18 import { InsuranceType } from '@/models/InsuranceType.js';
19 import { Module } from '@/models/Module.js';
20 import { ModuleEndpoint } from '@/models/ModuleEndpoint.js';
21 import { Partner } from '@/models/Partner.js';
22 import { Policy } from '@/models/Policy.js';
23 import {
24 PolicyOrder as PolicyOrderModel,
25 CancelReason,
26 TransactionType,
27 DeletionReason,
28 } from '@/models/PolicyOrder.js';
29 import { ClaimRecord, ClaimStatus } from '@/models/ClaimRecord.js';
30 import { OrganizationPolicyStatus, PolicyStatusLifecycleCategory } from '@/models/OrganizationPolicyStatus.js';
31 import {
32 evaluateComplianceGate,
33 collectComplianceCheckIds,
34 isComplianceGateParked,
35 pickComplianceParkCategory,
36 attachPolicyOrderToScreening,
37 } from '@/services/policyIssuanceService.js';
38 import {
39 assertStatusAllowedForCreate,
40 assertValidStatusForOrg,
41 getCategoryForCode,
42 getCodesForCategory,
43 getCodesForCategories,
44 getDefaultCodeForCategory,
45 resolveStatusForCreate,
46 resolveStatusForUpdate,
47 } from '@/services/policyStatusService.js';
48 import { PolicyOrderError } from '@/models/PolicyOrderError.js';
49 import { PolicyParameter } from '@/models/PolicyParameter.js';
50 import { Pricing } from '@/models/Pricing.js';
51 import { Organization } from '@/models/Organization.js';
52 import { Product, type ProductDocumentRef } from '@/models/Product.js';
53 import { DataFile } from '@/models/DataFile.js';
54 import { ProductModulePartner } from '@/models/ProductModulePartner.js';
55 import { ProductOptimization } from '@/models/ProductOptimization.js';
56 import { ProductPlan } from '@/models/ProductPlan.js';
57 import { ProductSetting } from '@/models/ProductSetting.js';
58 import { SuspensionTerms } from '@/models/SuspensionTerms.js';
59 import { findActiveProductTemplate } from '@/models/productTemplateHelpers.js';
60 import { Quote } from '@/models/Quote.js';
61 import { QuoteParameter } from '@/models/QuoteParameter.js';
62 import { QuoteSession } from '@/models/QuoteSession.js';
63 import { Customer } from '@/models/Customer.js';
64 import { generateDocumentPdf } from '@/services/pdfService.js';
65 import { renderTemplate } from '@/services/templateService.js';
66 import { localizeTemplateContent } from '@/services/templateI18nService.js';
67 import { getLocaleFromHeader, getLocaleFromRequestHeadersMap } from '@/services/localeService.js';
68 import { mergeTranslationDefaults, collectCoverageStrings } from '@/services/productTranslationDefaults.js';
69 import {
70 getActiveEndorsementFields,
71 resolveEndorsementFieldsForLocale,
72 validateAndNormalizeEndorsementFieldValues,
73 } from '@/services/endorsementFieldService.js';
74 import { createCustomerFromPolicyParameters } from '@/services/userService.js';
75 import { validateParameters, pickValidationMessage } from '@/services/validationService.js';
76 import {
77 CommissionCalculationData,
78 PartyAllocation,
79 } from '@/services/commissionCalculationService.js';
80 import { generateInvoice, getInvoicesByPolicyOrderId } from '@/services/invoiceService.js';
81 import { handleInvoice as handleExternalInvoice, handleCreditNote, handlePaymentIntent, handleSetupIntent, resolvePaymentProvider } from '@/domains/payments/service.js';
82 import { isExternalProvider } from '@/domains/payments/registry.js';
83 import { tryCreateEmbedCheckoutSession } from '@/services/embedCheckoutSessionService.io.js';
84 import { findReusablePolicyOrder, reuseIframeCheckout } from '@/services/embedCheckoutDedupService.io.js';
85 import { withQuoteLock } from '@/services/quoteDedupLock.js';
86 import { isSafeHttpsUrl } from '@/utils/urlValidation.js';
87 import { BundleSubscription } from '@/models/BundleSubscription.js';
88 import { ProductBundle } from '@/models/ProductBundle.js';
89 import type { InvoiceResult, PaymentIntentResult } from '@/domains/payments/interface.js';
90 import { sendSaleOutcomeEvent } from '@/services/lensOptimizationService.js';
91 import { PremiumResult } from '@/types/pricing.js';
92 import {
93 handleBundleCancellationSideEffect,
94 handleBundleReinstatementSideEffect,
95 handleBundleSuspensionSideEffect,
96 buildEndorsementContextFromRequest,
97 } from '@/services/bundleEndorsementService.js';
98 import {
99 previewSuspensionOptions as previewSuspensionOptionsService,
100 previewReinstatementOptions as previewReinstatementOptionsService,
101 } from '@/services/suspensionService.js';
102 import {
103 enqueueSuspensionEmail,
104 enqueueReinstatementEmail,
105 } from '@/services/jobs/welcomeEmailJob.js';
106 import {
107 applyBundleDiscount,
108 calculateEndorsementAdjustments,
109 extractPaymentFrequencyFromInsurance,
110 extractPremiumDataFromInsurance,
111 calculateAndExtractCommissionData,
112 enrichInsuranceWithCoverageOptions,
113 calculateExpiryDate,
114 getProductMetadata,
115 } from '@/services/policyOrderService.js';
116 import type { AdjustmentBreakdownItem, EndorsementAdjustments } from '@/services/policyOrderService.js';
117 import { shouldHidePrices, stripInsurancePrices, stripInsuranceCommission, stripCommissionFields, isCustomerFacing } from '@/utils/hidePrices.js';
118 import { getCommissionTaxRate } from '@/services/taxHelpers.js';
119 import { assertDisplayCurrencyAllowed, snapshotFx } from '@/services/currencyService.js';
120 import { getDecimalsForCurrency } from '@/utils/currencyHelper.js';
121 import { isProductionEnvironment } from '@/utils/env.js';
122 import { TEST_POLICY_STATUS_CODE } from '@/models/OrganizationPolicyStatus.js';
123
124 // Re-export for backwards compatibility with existing consumers
125 export {
126 applyBundleDiscount,
127 calculateEndorsementAdjustments,
128 extractPremiumDataFromInsurance,
129 calculateAndExtractCommissionData,
130 enrichInsuranceWithCoverageOptions,
131 calculateExpiryDate,
132 getProductMetadata,
133 } from '@/services/policyOrderService.js';
134 export type { AdjustmentBreakdownItem, EndorsementAdjustments } from '@/services/policyOrderService.js';
135
136 // Last-wins sync of the customer's channel locale based on the locale captured
137 // at this purchase. No-op when no locale was captured or the customer already
138 // holds the same value, so reads stay free of writes for English-only orgs.
139 async function syncCustomerPreferredLanguage(
140 customer: Customer | null | undefined,
141 language: string | null,
142 ): Promise<void> {
143 if (!customer || !language) return;
144 if (customer.preferredLanguage === language) return;
145 await customer.update({ preferredLanguage: language });
146 }
147
148 async function generateNextPolicyNumber(productId: number, organizationId: string): Promise<string> {
149 const result = await tenantQuery<Array<{
150 policyNumberSequence: string;
151 policyNumberPrefix: string | null;
152 }>>(
153 { organizationId },
154 `UPDATE "Products"
155 SET "policyNumberSequence" {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/models/internal/_PolicyOrder.ts","limit":200}1 import { Table, Column, Model, DataType, BelongsTo, ForeignKey, HasMany } from 'sequelize-typescript';
2 import { _BundleSubscription } from './_BundleSubscription.js';
3 import { _Client } from './_Client.js';
4 import { _Customer } from './_Customer.js';
5 import { _Product } from './_Product.js';
6 import { Country } from '../Country.js';
7
8 /**
9 * Policy status is now per-organization. Each org defines its own status codes
10 * via OrganizationPolicyStatuses, each mapped to a fixed lifecycleCategory
11 * (pending/active/cancelled/expired/superseded/renewal/suspended). Platform code that
12 * needs to read or write a status by its lifecycle meaning should use
13 * `policyStatusService` — never hard-code a status string.
14 */
15 export enum RenewalStatus {
16 INITIATED = 'initiated',
17 COMPLETED = 'completed',
18 CANCELLED = 'cancelled',
19 FAILED = 'failed',
20 }
21
22 export enum TransactionType {
23 NEW_BUSINESS = 'NEW_BUSINESS',
24 ENDORSEMENT = 'ENDORSEMENT',
25 RENEWAL = 'RENEWAL',
26 CANCELLATION = 'CANCELLATION',
27 SUSPENSION = 'SUSPENSION',
28 REINSTATEMENT = 'REINSTATEMENT',
29 }
30
31 export enum CancelReason {
32 UNAUTHORIZED_CHARGES = 'unauthorized_charges',
33 UNCLEAR_BENEFITS = 'unclear_benefits',
34 CONSIDERING_OTHER_PROVIDERS = 'considering_other_providers',
35 TOO_EXPENSIVE = 'too_expensive',
36 CLAIM_EXPERIENCE = 'claim_experience',
37 SERVICE_ISSUES = 'service_issues',
38 NO_LONGER_NEEDED = 'no_longer_needed',
39 }
40
41 export enum CommissionStatus {
42 PENDING = 'pending',
43 APPROVED = 'approved',
44 PAID = 'paid',
45 CANCELLED = 'cancelled',
46 }
47
48 export enum DeletionReason {
49 DUPLICATE = 'duplicate',
50 TEST = 'test',
51 OTHER = 'other',
52 }
53
54 @Table({
55 modelName: 'PolicyOrder',
56 tableName: 'PolicyOrders',
57 timestamps: true,
58 paranoid: true,
59 createdAt: 'createdAt',
60 updatedAt: 'updatedAt',
61 indexes: [
62 {
63 fields: ['quoteId'],
64 name: 'policy_orders_quote_id_idx',
65 },
66 {
67 fields: ['clientId'],
68 name: 'policy_orders_client_id_idx',
69 },
70 {
71 fields: ['policyNumber'],
72 name: 'policy_orders_policy_number_idx',
73 },
74 {
75 fields: ['status'],
76 name: 'policy_orders_status_idx',
77 },
78 {
79 fields: ['productName'],
80 name: 'policy_orders_product_name_idx',
81 },
82 {
83 fields: ['customerId'],
84 name: 'policy_orders_customer_id_idx',
85 },
86 ],
87 })
88 export class _PolicyOrder extends Model {
89 @Column({
90 type: DataType.INTEGER,
91 autoIncrement: true,
92 primaryKey: true,
93 })
94 declare id: number;
95
96 @Column({
97 type: DataType.UUID,
98 allowNull: false,
99 })
100 declare organizationId: string;
101
102 @Column({
103 type: DataType.UUID,
104 allowNull: false,
105 unique: true,
106 defaultValue: DataType.UUIDV4,
107 })
108 declare policyId: string;
109
110 @Column({
111 type: DataType.UUID,
112 allowNull: true,
113 })
114 declare quoteId: string | null;
115
116 @ForeignKey(() => _Product)
117 @Column({
118 type: DataType.INTEGER,
119 allowNull: true,
120 })
121 declare productId?: number;
122
123 @BelongsTo(() => _Product)
124 declare productRelation?: _Product;
125
126 @Column({
127 type: DataType.STRING(255),
128 allowNull: false,
129 })
130 declare productName: string;
131
132 @Column({
133 type: DataType.STRING(255),
134 allowNull: true,
135 })
136 declare productPlanName?: string;
137
138 @Column({
139 type: DataType.INTEGER,
140 allowNull: true,
141 })
142 declare productPlanId?: number;
143
144 @Column({
145 type: DataType.JSON,
146 allowNull: false,
147 defaultValue: {},
148 })
149 declare parameters: Record<string, unknown>;
150
151 @Column({
152 type: DataType.JSON,
153 allowNull: false,
154 defaultValue: {},
155 })
156 declare insurance: Record<string, unknown>;
157
158 @Column({
159 type: DataType.JSON,
160 allowNull: true,
161 })
162 declare product?: Record<string, unknown>;
163
164 // Values captured for the product's custom endorsement fields (#457), keyed
165 // by EndorsementField.fieldKey. Persisted per version so policy history,
166 // rules, exports and templates can read them.
167 @Column({
168 type: DataType.JSONB,
169 allowNull: true,
170 })
171 declare endorsementFieldValues: Record<string, unknown> | null;
172
173 @Column({
174 type: DataType.STRING(255),
175 allowNull: false,
176 })
177 declare network: string;
178
179 @Column({
180 type: DataType.JSON,
181 allowNull: false,
182 defaultValue: {},
183 })
184 declare requestHeaders: Record<string, unknown>;
185
186 // Locale active at purchase (e.g. 'en', 'sv', 'pt_BR'). Promoted out of
187 // requestHeaders.locale so messaging + email services can resolve the
188 // customer's channel language without parsing JSON. Falls back to
189 // requestHeaders.locale → Customer.preferredLanguage → 'en' when null.
190 @Column({
191 type: DataType.STRING(10),
192 allowNull: true,
193 })
194 declare language: string | null;
195
196 @Column({
197 type: DataType.JSON,
198 allowNull: false,
199 defaultValue: {},
200 }){"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"async function endorsePolicy\\|async function.*Endorse\" src/controllers/policyOrderController.ts | head -5"}1110:export async function customerEndorsementQuote( 1230:export async function endorsePolicy(
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":1110,"limit":300}1110 export async function customerEndorsementQuote(
1111 request: FastifyRequest<{
1112 Params: { policyId: string };
1113 Body: {
1114 parameters?: Record<string, unknown>;
1115 selectedCoverages?: Array<{ coverageId: number; optionId: number | null; parameters?: Record<string, unknown> }>;
1116 effectiveDate: string;
1117 paymentFrequency?: string;
1118 productPlanName?: string;
1119 showCoverages?: boolean;
1120 showBreakdown?: boolean;
1121 };
1122 }>,
1123 reply: FastifyReply
1124 ) {
1125 const { policyId } = request.params;
1126 const organizationId = request.ident?.org?.id;
1127
1128 if (!organizationId) {
1129 throw new StatusError(400, 'Organization context required');
1130 }
1131
1132 const activeStatusCodes = await getCodesForCategory(organizationId, PolicyStatusLifecycleCategory.ACTIVE);
1133
1134 // Resolve the active policy version (customer may pass any policyId in the chain)
1135 const requestedPolicy = await PolicyOrderModel.findOne(request, {
1136 where: { policyId },
1137 include: [{ model: Product.raw, as: 'productRelation', required: true }],
1138 });
1139
1140 if (!requestedPolicy) {
1141 throw new StatusError(404, 'Policy not found');
1142 }
1143
1144 const rootPolicyId = requestedPolicy.rootPolicyId || requestedPolicy.policyId;
1145 const activePolicy = await PolicyOrderModel.findOne(request, {
1146 where: {
1147 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
1148 status: { [Op.in]: activeStatusCodes },
1149 },
1150 include: [{ model: Product.raw, as: 'productRelation', required: true }],
1151 order: [['version', 'DESC']],
1152 });
1153
1154 if (!activePolicy) {
1155 throw new StatusError(400, 'No active policy version found');
1156 }
1157
1158 // Gate: check edit ProductSetting
1159 if (!activePolicy.productId) {
1160 throw new StatusError(403, 'Endorsements are not enabled for this product');
1161 }
1162 const editSetting = await ProductSetting.findOne({ organizationId }, {
1163 where: { productId: activePolicy.productId, name: 'edit', active: true },
1164 });
1165 if (!editSetting || editSetting.value !== true) {
1166 throw new StatusError(403, 'Endorsements are not enabled for this product');
1167 }
1168
1169 // Active custom endorsement fields, localised for the caller, so the portal
1170 // and embed flows render + prefill them from this single preview call (#457).
1171 const endorsementFieldDefs = await getActiveEndorsementFields(request, activePolicy.productId);
1172 const endorsementFieldLocale = getLocaleFromHeader(request);
1173 const endorsementFieldOverrides =
1174 (activePolicy.productRelation?.translationOverrides as Record<string, Record<string, string>> | null | undefined) ?? null;
1175 const resolvedEndorsementFields = resolveEndorsementFieldsForLocale(
1176 endorsementFieldDefs,
1177 endorsementFieldLocale,
1178 endorsementFieldOverrides,
1179 );
1180
1181 // Delegate to the shared endorsementQuote with the active policy's policyId
1182 const { endorsementQuote } = await import('@/services/policyOrderService.js');
1183 const origParams = request.params;
1184 (request.params as Record<string, string>).policyOrderId = activePolicy.policyId;
1185 try {
1186 const result = await endorsementQuote(request as any, reply);
1187 // Commission data must never reach customers. customerEndorsementQuote
1188 // is only invoked by customer-facing routes, so always strip.
1189 const res = result as Record<string, any>;
1190 stripCommissionFields(res);
1191 if (res.endorsementAdjustments) {
1192 stripCommissionFields(res.endorsementAdjustments);
1193 }
1194 if (res.insurance) {
1195 stripInsuranceCommission(res.insurance);
1196 }
1197
1198 // Strip prices from customer-facing response when hidePrices is enabled
1199 if (activePolicy.productId && await shouldHidePrices(request, activePolicy.productId)) {
1200 const res = result as Record<string, any>;
1201 if (res.insurance) stripInsurancePrices(res.insurance);
1202 if (res.endorsementAdjustments) {
1203 res.endorsementAdjustments.adjustmentPremium = null;
1204 res.endorsementAdjustments.adjustmentTax = null;
1205 res.endorsementAdjustments.adjustmentCommission = null;
1206 res.endorsementAdjustments.adjustmentBreakdown = null;
1207 }
1208 if (res.currentPolicy) {
1209 res.currentPolicy.premiumWithoutTax = null;
1210 res.currentPolicy.premiumWithTax = null;
1211 }
1212 if (res.bundleDiscount) {
1213 res.bundleDiscount = null;
1214 }
1215 }
1216
1217
1218 // Surface the configured fields + the values captured on the current
1219 // version so the endorsement flow can render and prefill them.
1220 const resWithFields = result as Record<string, unknown>;
1221 resWithFields.endorsementFields = resolvedEndorsementFields;
1222 resWithFields.endorsementFieldValues = activePolicy.endorsementFieldValues ?? {};
1223
1224 return result;
1225 } finally {
1226 (request as any).params = origParams;
1227 }
1228 }
1229
1230 export async function endorsePolicy(
1231 request: FastifyRequest<{
1232 Params: { policyId: string };
1233 Body: {
1234 quoteId: string;
1235 effectiveDate: string;
1236 productPlanName?: string;
1237 paymentFrequency?: 'year' | 'month' | 'quarter' | 'one-time' | 'day';
1238 endorsementFieldValues?: Record<string, unknown>;
1239 };
1240 }>,
1241 _reply: FastifyReply
1242 ) {
1243 void _reply;
1244 const { policyId } = request.params;
1245 const organizationId = request.ident?.org?.id;
1246
1247 if (!organizationId) {
1248 throw new StatusError(400, 'Organization context required');
1249 }
1250
1251 const activeStatusCodes = await getCodesForCategory(organizationId, PolicyStatusLifecycleCategory.ACTIVE);
1252 const activeStatusCode = await getDefaultCodeForCategory(organizationId, PolicyStatusLifecycleCategory.ACTIVE);
1253 const supersededStatusCode = await getDefaultCodeForCategory(organizationId, PolicyStatusLifecycleCategory.SUPERSEDED);
1254 const activePendingCodes = await getCodesForCategories(
1255 organizationId,
1256 [PolicyStatusLifecycleCategory.ACTIVE, PolicyStatusLifecycleCategory.PENDING],
1257 );
1258
1259 // Resolve the active policy version (customer may pass any policyId in the chain)
1260 const requestedPolicy = await PolicyOrderModel.findOne(request, {
1261 where: { policyId },
1262 include: [{ model: Product.raw, as: 'productRelation', required: true }],
1263 });
1264
1265 if (!requestedPolicy) {
1266 throw new StatusError(404, 'Policy not found');
1267 }
1268
1269 const rootPolicyId = requestedPolicy.rootPolicyId || requestedPolicy.policyId;
1270 const policyOrder = await PolicyOrderModel.findOne(request, {
1271 where: {
1272 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
1273 status: { [Op.in]: activeStatusCodes },
1274 },
1275 include: [{ model: Product.raw, as: 'productRelation', required: true }],
1276 order: [['version', 'DESC']],
1277 });
1278
1279 if (!policyOrder) {
1280 throw new StatusError(400, 'No active policy version found');
1281 }
1282
1283 // Gate: check edit ProductSetting
1284 if (!policyOrder.productId) {
1285 throw new StatusError(403, 'Endorsements are not enabled for this product');
1286 }
1287 const editSetting = await ProductSetting.findOne({ organizationId }, {
1288 where: { productId: policyOrder.productId, name: 'edit', active: true },
1289 });
1290 if (!editSetting || editSetting.value !== true) {
1291 throw new StatusError(403, 'Endorsements are not enabled for this product');
1292 }
1293
1294 // Validate the sub{"description":"Review round 1: cross-repo/FE/acceptance","prompt":"You are a staff engineer doing an adversarial code review of an uncommitted full-stack change implementing ticket sherpa-api#457 \"Custom additional fields on endorsements\". Your lens: CROSS-REPO CONTRACT CONSISTENCY, FRONT-END CORRECTNESS, and ACCEPTANCE-CRITERIA COVERAGE. Be skeptical and specific. Use rg/fd (never grep/find) and Read.\n\nAcceptance criterion to verify is fully wired end-to-end: \"Add a required new field to an endorsement; attempting to submit without it fails validation; submitted value is stored and visible on the endorsement and in policy history.\" Requirements: fields render in BOTH the portal endorsement flow AND the embedded customer endorsement flow; localizable labels (LMT).\n\nThe API contract (already implemented in sherpa-api worktree, read it to confirm shapes):\n- Admin CRUD: GET/POST/PATCH/DELETE /v1/plus/products/:productId/endorsement-fields (controller src/controllers/endorsementFieldController.ts, routes src/routes/plus/endorsementFieldRoutes.ts).\n- The customer endorsement preview POST /v1/policies/:policyId/endorsement-quote response now includes `endorsementFields` (resolved/localized defs) and `endorsementFieldValues` (current values). Submit PATCH /v1/policies/:policyId accepts `endorsementFieldValues`.\n\nReview PORTAL (worktree /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo):\n- NEW: app/components/products/endorsement-fields/EndorsementFieldsTab.tsx (field-builder UI), app/products/[id]/endorsement-fields/page.tsx (page), app/components/policy-management/EndorsementCustomFields.tsx (flow renderer)\n- MODIFIED: app/components/AppLayout.tsx (nav), app/components/policy-management/PolicyQuoteForm.tsx (surfaces fields via onEndorsementFieldsLoaded callback), app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx (renders fields, validates required, sends endorsementFieldValues in PATCH), app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx (shows captured values)\n\nReview EMBED (worktree /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo):\n- NEW: src/components/EndorsementForm.tsx\n- MODIFIED: src/app.tsx (route 'endorsement-form', loadEndorsementForm, render branch), src/types/config.ts (pageType 'endorsement', EndorsementFieldDef, EndorsementQuoteResponse), src/utils/apiClient.ts (getEndorsementQuote, submitEndorsement), src/types/api.ts (PATCH method)\n\nScrutinize:\n1. **Contract match**: Do the portal/embed types for endorsement fields (fieldKey/label/type/required/options/validationPattern) exactly match what the API returns? Any field name mismatch (e.g. helpText) that would render blank?\n2. **Required-field validation in the flow**: Portal DefaultPolicyEdit.validateEndorsementFields and embed EndorsementForm.validate — do they correctly block submit when a required field is empty? Boolean-required handled? Are errors surfaced to the user?\n3. **Submit payload**: Does the portal PATCH include endorsementFieldValues only when fields exist? Does embed submit quoteId+effectiveDate+endorsementFieldValues correctly (where does quoteId come from)?\n4. **Prefill**: Does the flow prefill from current values without clobbering user edits?\n5. **Field-builder UI**: CRUD correctness, select-options editor, required toggle, API paths (/products/:id/endorsement-fields resolving to /v1/plus via the admin interceptor), error handling/toasts. Does the nav entry + page wire correctly?\n6. **Visible in detail/history**: Does DefaultPolicyDetails actually render endorsementFieldValues? Is it gated correctly?\n7. **i18n**: Are labels localized consistently (portal renders server-resolved labels; embed uses useTranslateDynamic)? Any double-translation or missing translation path?\n8. **React correctness**: hook deps, state updates, key props, controlled inputs, any obvious runtime error.\n\nReturn findings as a list. For EACH: severity HIGH / MEDIUM / LOW, file:line, the problem, the concrete fix. Call out any acceptance-criteria gap as HIGH. End with: \"VERDICT: CLEAN\" if zero HIGH/MEDIUM, else \"VERDICT: ISSUES (n high, m medium)\". Do not edit any files — review only.","subagent_type":"Explore"}{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":1404,"limit":150}1404 // Create new endorsement version
1405 const oldPolicyData = policyOrder.toJSON() as Record<string, unknown>;
1406 delete oldPolicyData.id;
1407 delete oldPolicyData.createdAt;
1408 delete oldPolicyData.updatedAt;
1409 delete oldPolicyData.productRelation;
1410
1411 const parametersWithBreakdown = {
1412 ...parameters,
1413 adjustmentBreakdown: endorsementAdjustments.adjustmentBreakdown,
1414 };
1415
1416 const newPolicyOrder = await PolicyOrderModel.create({ organizationId: policyOrder.organizationId }, {
1417 ...oldPolicyData,
1418 policyId: crypto.randomUUID(),
1419 rootPolicyId: policyOrder.rootPolicyId,
1420 quoteId,
1421 previousPolicyId: policyOrder.policyId,
1422 transactionType: TransactionType.ENDORSEMENT,
1423 version: (policyOrder.version || 1) + 1,
1424 effectiveDate,
1425 status: activeStatusCode,
1426 productPlanName: finalProductPlanName,
1427 productPlanId: productMetadata?.productPlanId ?? policyOrder.productPlanId,
1428 parameters: parametersWithBreakdown,
1429 endorsementFieldValues: endorsementFields.length > 0
1430 ? validatedEndorsementValues
1431 : ((oldPolicyData.endorsementFieldValues as Record<string, unknown> | null) ?? null),
1432 insurance,
1433 product: productMetadata,
1434 paymentFrequency: finalPaymentFrequency,
1435 policyNumber: policyOrder.policyNumber,
1436 inceptionDate: policyOrder.inceptionDate,
1437 issueDate: policyOrder.issueDate,
1438 expiryDate: policyOrder.expiryDate,
1439 basePremium: commissionData.premiumWithoutTax ? premiumData.basePremium : policyOrder.basePremium,
1440 premiumWithoutTax: commissionData.premiumWithoutTax ?? premiumData.premiumWithoutTax ?? policyOrder.premiumWithoutTax,
1441 premiumWithTax: commissionData.premiumWithTax ?? premiumData.premiumWithTax ?? policyOrder.premiumWithTax,
1442 salesTax: premiumData.salesTax ?? policyOrder.salesTax,
1443 commissionTax: premiumData.commissionTax ?? policyOrder.commissionTax ?? 0,
1444 currency: policyOrder.currency,
1445 commissionStructureId: commissionData.commissionStructureId ?? policyOrder.commissionStructureId,
1446 baselineCommissionPercentage: commissionData.baselineCommissionPercentage ?? policyOrder.baselineCommissionPercentage,
1447 dynamicCommissionPercentage: commissionData.dynamicCommissionPercentage ?? policyOrder.dynamicCommissionPercentage,
1448 variancePercentage: commissionData.variancePercentage ?? policyOrder.variancePercentage,
1449 allocationRuleId: commissionData.allocationRuleId ?? policyOrder.allocationRuleId,
1450 totalCommissionAmount: commissionData.totalCommissionAmount ?? policyOrder.totalCommissionAmount,
1451 partyAllocations: endorsementAdjustments.partyAllocationsWithAdjustment,
1452 originalPremiumWithoutTax: preBundleDiscountWithoutTax ?? commissionData.originalPremiumWithoutTax ?? policyOrder.originalPremiumWithoutTax,
1453 originalPremiumWithTax: preBundleDiscountWithTax ?? commissionData.originalPremiumWithTax ?? policyOrder.originalPremiumWithTax,
1454 billingEffectiveDate: endorsementAdjustments.billingEffectiveDate,
1455 adjustmentPremium: endorsementAdjustments.adjustmentPremium,
1456 adjustmentTax: endorsementAdjustments.adjustmentTax,
1457 adjustmentCommission: endorsementAdjustments.adjustmentCommission,
1458 adjustmentCommissionTax: endorsementAdjustments.adjustmentCommissionTax,
1459 renewalStatus: null,
1460 renewalStatusError: null,
1461 });
1462
1463 await policyOrder.update({ status: supersededStatusCode });
1464
1465 // Generate invoice (skipped for test policies)
1466 if (!newPolicyOrder.testMode) {
1467 try {
1468 const endorsementProduct = policyOrder.productRelation ?? await Product.findByPk(request, newPolicyOrder.productId!);
1469 const effectiveProvider = endorsementProduct ? await resolvePaymentProvider(endorsementProduct, newPolicyOrder.bundleSubscriptionId) : 'internal';
1470 if (isExternalProvider(effectiveProvider)) {
1471 await handleExternalInvoice(newPolicyOrder, 'endorsement');
1472 } else {
1473 await generateInvoice(newPolicyOrder);
1474 }
1475 } catch (error) {
1476 logger.error({ error, policyId: newPolicyOrder.policyId }, 'Failed to generate invoice for endorsement');
1477 }
1478 }
1479
1480 // Build response with bundle enrichment
1481 const responseData = newPolicyOrder.toJSON() as Record<string, unknown>;
1482 delete responseData.requestHeaders;
1483 delete responseData.requestBody;
1484 delete responseData.network;
1485 // Commission tax is internal financial data — not exposed on customer-facing endpoints
1486 delete responseData.commissionTax;
1487 delete responseData.adjustmentCommissionTax;
1488 responseData.edit = true;
1489
1490 if (newPolicyOrder.bundleSubscriptionId) {
1491 const sub = await BundleSubscription.findByPk(request, newPolicyOrder.bundleSubscriptionId, {
1492 include: [{ model: ProductBundle.raw, attributes: ['bundleTitle'] }],
1493 });
1494 if (sub) {
1495 const bundlePolicies = await PolicyOrderModel.findAll(request, {
1496 where: {
1497 bundleSubscriptionId: sub.id,
1498 status: { [Op.in]: activePendingCodes },
1499 },
1500 attributes: ['productName', 'premiumWithTax', 'originalPremiumWithTax'],
1501 });
1502
1503 const round2 = (v: number) => Math.round(v * 100) / 100;
1504 let totalOriginal = 0;
1505 let totalDiscounted = 0;
1506 let totalDiscount = 0;
1507 const perProduct: Record<string, { originalPremiumWithTax: number; discount: number; premiumWithTax: number }> = {};
1508
1509 for (const bp of bundlePolicies) {
1510 const original = Number(bp.originalPremiumWithTax) || Number(bp.premiumWithTax) || 0;
1511 const discounted = Number(bp.premiumWithTax) || 0;
1512 const discount = round2(original - discounted);
1513 totalOriginal += original;
1514 totalDiscounted += discounted;
1515 totalDiscount += discount;
1516 perProduct[bp.productName] = { originalPremiumWithTax: original, discount, premiumWithTax: discounted };
1517 }
1518
1519 responseData.bundle = {
1520 subscriptionId: sub.subscriptionId,
1521 bundleName: sub.bundleName,
1522 bundleTitle: sub.bundle?.bundleTitle ?? sub.bundleName,
1523 discount: sub.currentDiscountType && sub.currentDiscountValue && Number(sub.currentDiscountValue) > 0
1524 ? { type: sub.currentDiscountType, value: Number(sub.currentDiscountValue) }
1525 : null,
1526 originalPremiumWithTax: round2(totalOriginal),
1527 premiumWithTax: round2(totalDiscounted),
1528 totalDiscount: round2(totalDiscount),
1529 perProduct,
1530 };
1531 }
1532 }
1533
1534 // Commission data must never reach customers or widgets
1535 if (isCustomerFacing(request)) {
1536 stripCommissionFields(responseData);
1537 if (responseData.insurance) {
1538 stripInsuranceCommission(responseData.insurance as Record<string, any>);
1539 }
1540 }
1541
1542 // Strip prices from customer-facing endorsement response when hidePrices is enabled
1543 if (policyOrder.productId && await shouldHidePrices(request, policyOrder.productId)) {
1544 delete responseData.premiumWithoutTax;
1545 delete responseData.premiumWithTax;
1546 delete responseData.salesTax;
1547 delete responseData.basePremium;
1548 delete responseData.adjustmentPremium;
1549 delete responseData.adjustmentTax;
1550 delete responseData.originalPremiumWithoutTax;
1551 delete responseData.originalPremiumWithTax;
1552 if (responseData.insurance) {
1553 stripInsurancePrices(responseData.insurance as Record<string, any>);{"command":"find /Users/bakker/dev/gangkhar -type f -name \"*.ts\" -o -name \"*.tsx\" | grep -E \"(endorsementField|endorsement)\" | head -20"}{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"CRM\\|crmUpdate\\|crmOperations\" src/controllers/policyOrderController.ts | head -20"}(Bash completed with no output)
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/db/migrations/2026.05.31T00.00.00.create-endorsement-fields.ts","offset":100,"limit":50}100 unique: true,
101 });
102
103 await context.sequelize.query(`ALTER TABLE "EndorsementFields" ENABLE ROW LEVEL SECURITY`);
104 await context.sequelize.query(`ALTER TABLE "EndorsementFields" FORCE ROW LEVEL SECURITY`);
105 await context.sequelize.query(`
106 CREATE POLICY tenant_isolation ON "EndorsementFields"
107 FOR ALL
108 USING (
109 NULLIF(current_setting('app.current_organization', true), '') IS NULL
110 OR "organizationId" = NULLIF(current_setting('app.current_organization', true), '')::uuid
111 )
112 `);
113
114 const appUser = process.env.DB_APP_USER;
115 if (appUser) {
116 await context.sequelize.query(`GRANT SELECT, INSERT, UPDATE, DELETE ON "EndorsementFields" TO ${appUser}`);
117 }
118
119 // Captured ad-hoc field values for this policy version. JSONB so rules,
120 // exports and templates can read individual keys; carried forward onto each
121 // new endorsement version unless the submit supplies fresh values.
122 await context.addColumn('PolicyOrders', 'endorsementFieldValues', {
123 type: DataTypes.JSONB,
124 allowNull: true,
125 });
126 };
127
128 export const down: MigrationFn<QueryInterface> = async () => {
129 // Down migration not implemented - forward-only deployment
130 };
131 {"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"EndorsementField\\|endorsementFieldValues\\|PolicyOrder\" src/test/drift.apitest.ts | head -40"}228:import { _PolicyOrder } from '@/models/PolicyOrder.js';
229:import { _PolicyOrderError } from '@/models/PolicyOrderError.js';
239: PolicyOrderSchema, PolicyOrderPublicFields, PolicyOrderPrivateFields,
240: PolicyOrderErrorSchema, PolicyOrderErrorPublicFields, PolicyOrderErrorPrivateFields,
277:import { _EndorsementField } from '@/models/EndorsementField.js';
288: EndorsementFieldSchema, EndorsementFieldPublicFields, EndorsementFieldPrivateFields,
402: { name: 'PolicyOrder', ModelClass: _PolicyOrder, Schema: PolicyOrderSchema, publicFields: PolicyOrderPublicFields, privateFields: PolicyOrderPrivateFields },
403: { name: 'PolicyOrderError', ModelClass: _PolicyOrderError, Schema: PolicyOrderErrorSchema, publicFields: PolicyOrderErrorPublicFields, privateFields: PolicyOrderErrorPrivateFields },
429: { name: 'EndorsementField', ModelClass: _EndorsementField, Schema: EndorsementFieldSchema, publicFields: EndorsementFieldPublicFields, privateFields: EndorsementFieldPrivateFields },{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/schemas/typebox/policy/PolicyOrder.ts","limit":150}1 import { Type, type Static } from '@sinclair/typebox';
2 import { Uuid, IsoDate, IsoDateTime, Decimal, NullableString, NullableInteger } from '../_helpers.js';
3
4 export const PolicyOrderPublicFields = [
5 'id',
6 'organizationId',
7 'policyId',
8 'quoteId',
9 'productId',
10 'productName',
11 'productPlanName',
12 'productPlanId',
13 'parameters',
14 'insurance',
15 'product',
16 'endorsementFieldValues',
17 'network',
18 'status',
19 'inceptionDate',
20 'issueDate',
21 'expiryDate',
22 'clientId',
23 'customerId',
24 'policyNumber',
25 'cancelReason',
26 'cancellationDate',
27 'supersededDate',
28 'cancelledBy',
29 'paymentFrequency',
30 'basePremium',
31 'premiumWithoutTax',
32 'premiumWithTax',
33 'salesTax',
34 'commissionTax',
35 'currency',
36 'currencyPosition',
37 'decimalSeparator',
38 'groupSeparator',
39 'decimalsAmount',
40 'dateFormat',
41 'taskId',
42 'commissionStructureId',
43 'baselineCommissionPercentage',
44 'dynamicCommissionPercentage',
45 'variancePercentage',
46 'allocationRuleId',
47 'totalCommissionAmount',
48 'partyAllocations',
49 'originalPremiumWithoutTax',
50 'originalPremiumWithTax',
51 'commissionStatus',
52 'paidDate',
53 'paidAmount',
54 'externalTransactionId',
55 'externalPaymentRef',
56 'externalPaymentProvider',
57 'renewalStatus',
58 'renewalStatusError',
59 'rootPolicyId',
60 'previousPolicyId',
61 'transactionType',
62 'version',
63 'effectiveDate',
64 'billingEffectiveDate',
65 'adjustmentPremium',
66 'adjustmentTax',
67 'adjustmentCommission',
68 'adjustmentCommissionTax',
69 'bundleSubscriptionId',
70 'createdAt',
71 'updatedAt',
72 ] as const;
73
74 // Inbound integration audit data — stripped from non-superuser responses by the controller.
75 export const PolicyOrderPrivateFields = ['requestHeaders', 'requestBody'] as const;
76
77 const PolicyOrderStatusSchema = Type.Union(
78 [
79 Type.Literal('pending'),
80 Type.Literal('awaiting_acceptance'),
81 Type.Literal('active'),
82 Type.Literal('cancelled'),
83 Type.Literal('expired'),
84 Type.Literal('renewal'),
85 Type.Literal('superseded'),
86 ],
87 { description: 'Policy order lifecycle status.' },
88 );
89
90 const RenewalStatusSchema = Type.Union(
91 [
92 Type.Literal('initiated'),
93 Type.Literal('completed'),
94 Type.Literal('cancelled'),
95 Type.Literal('failed'),
96 ],
97 { description: 'Renewal pipeline status for this version.' },
98 );
99
100 const TransactionTypeSchema = Type.Union(
101 [
102 Type.Literal('NEW_BUSINESS'),
103 Type.Literal('ENDORSEMENT'),
104 Type.Literal('RENEWAL'),
105 Type.Literal('CANCELLATION'),
106 ],
107 { description: 'Why this version exists in the policy version family.' },
108 );
109
110 const CancelReasonSchema = Type.Union(
111 [
112 Type.Literal('unauthorized_charges'),
113 Type.Literal('unclear_benefits'),
114 Type.Literal('considering_other_providers'),
115 Type.Literal('too_expensive'),
116 Type.Literal('claim_experience'),
117 Type.Literal('service_issues'),
118 Type.Literal('no_longer_needed'),
119 ],
120 { description: 'Reason captured at cancellation time.' },
121 );
122
123 const CommissionStatusSchema = Type.Union(
124 [
125 Type.Literal('pending'),
126 Type.Literal('approved'),
127 Type.Literal('paid'),
128 Type.Literal('cancelled'),
129 ],
130 { description: 'Commission settlement status.' },
131 );
132
133 const CancelledBySchema = Type.Union([Type.Literal('customer'), Type.Literal('admin')]);
134
135 const PaymentFrequencySchema = Type.Union([
136 Type.Literal('year'),
137 Type.Literal('month'),
138 Type.Literal('quarter'),
139 Type.Literal('one-time'),
140 Type.Literal('day'),
141 ]);
142
143 const CurrencyPositionSchema = Type.Union([Type.Literal('prefix'), Type.Literal('suffix')]);
144
145 const DateFormatSchema = Type.Union([
146 Type.Literal('DD/MM/YYYY'),
147 Type.Literal('DD-MM-YYYY'),
148 Type.Literal('DD.MM.YYYY'),
149 Type.Literal('DD MMMM YYYY'),
150 Type.Literal('MM/DD/YYYY'),{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/schemas/typebox/policy/PolicyOrder.ts","offset":150,"limit":100}150 Type.Literal('MM/DD/YYYY'),
151 Type.Literal('MM-DD-YYYY'),
152 Type.Literal('MMMM DD, YYYY'),
153 Type.Literal('YYYY-MM-DD'),
154 ]);
155
156 // JSON columns are pass-through, product-defined payloads. Strict per-key
157 // shapes are not declared by routes/controllers — they vary by product — so
158 // the schema permits any structure while keeping the column key required.
159 const JsonObject = (description: string) =>
160 Type.Object(
161 {},
162 { additionalProperties: true, description },
163 );
164
165 export const PolicyOrderSchema = Type.Object(
166 {
167 id: Type.Integer({ example: 12345 }),
168 organizationId: Uuid(),
169 policyId: Uuid({ description: 'Stable per-version policy UUID.' }),
170 quoteId: Type.Union([Uuid(), Type.Null()]),
171 productId: Type.Optional(NullableInteger()),
172 productName: Type.String({ example: 'auto-comprehensive' }),
173 productPlanName: Type.Optional(Type.String()),
174 productPlanId: Type.Optional(NullableInteger()),
175 parameters: JsonObject('Product-specific parameter map captured at issue/endorsement time.'),
176 insurance: JsonObject('Coverage / pricing payload returned by the network at issue time.'),
177 product: Type.Optional(JsonObject('Snapshot of resolved product metadata at issue time.')),
178 endorsementFieldValues: Type.Optional(
179 Type.Union([JsonObject('Captured custom endorsement field values, keyed by field key.'), Type.Null()]),
180 ),
181 network: Type.String({ example: 'sherpa-mesh' }),
182 // requestHeaders + requestBody are PrivateFields — never on the wire.
183 status: PolicyOrderStatusSchema,
184 inceptionDate: IsoDate({ description: 'Coverage start date.' }),
185 issueDate: IsoDate({ description: 'Date the policy was issued.' }),
186 expiryDate: Type.Union([IsoDate(), Type.Null()]),
187 clientId: Type.Optional(NullableInteger()),
188 customerId: Type.Optional(Type.Union([Uuid(), Type.Null()])),
189 policyNumber: Type.Optional(Type.String({ example: 'POL-2026-001234' })),
190 cancelReason: Type.Optional(CancelReasonSchema),
191 cancellationDate: Type.Optional(IsoDate()),
192 supersededDate: Type.Optional(IsoDate()),
193 cancelledBy: Type.Optional(CancelledBySchema),
194 paymentFrequency: Type.Optional(PaymentFrequencySchema),
195 basePremium: Type.Optional(Decimal({ description: 'Base premium amount before taxes and fees.' })),
196 premiumWithoutTax: Type.Optional(Decimal({ description: 'Premium amount excluding taxes.' })),
197 premiumWithTax: Type.Optional(Decimal({ description: 'Total premium amount including taxes.' })),
198 salesTax: Type.Optional(Decimal({ description: 'Sales tax amount.' })),
199 commissionTax: Type.Optional(Decimal()),
200 currency: Type.Optional(Type.String({ example: 'USD' })),
201 currencyPosition: Type.Optional(CurrencyPositionSchema),
202 decimalSeparator: Type.Optional(Type.String({ minLength: 1, maxLength: 1, example: ',' })),
203 groupSeparator: Type.Optional(Type.String({ minLength: 1, maxLength: 1, example: '.' })),
204 decimalsAmount: Type.Optional(Type.Integer({ example: 2 })),
205 dateFormat: Type.Optional(DateFormatSchema),
206 taskId: Type.Optional(Type.Union([Uuid(), Type.Null()])),
207 commissionStructureId: Type.Optional(NullableInteger()),
208 baselineCommissionPercentage: Type.Optional(Decimal({ description: 'Baseline commission percentage from structure.' })),
209 dynamicCommissionPercentage: Type.Optional(Decimal({ description: 'Dynamic commission percentage (may differ from baseline).' })),
210 variancePercentage: Type.Optional(Decimal({ description: 'Variance from baseline commission percentage.' })),
211 allocationRuleId: Type.Optional(NullableInteger()),
212 totalCommissionAmount: Type.Optional(Decimal({ description: 'Total commission amount calculated.' })),
213 partyAllocations: Type.Optional(
214 Type.Array(JsonObject('One allocation entry per party.'), {
215 description: 'Detailed breakdown of commission allocation by party.',
216 }),
217 ),
218 originalPremiumWithoutTax: Type.Optional(Decimal({ description: 'Original premium before commission adjustments (without tax).' })),
219 originalPremiumWithTax: Type.Optional(Decimal({ description: 'Original premium before commission adjustments (with tax).' })),
220 commissionStatus: Type.Optional(CommissionStatusSchema),
221 paidDate: Type.Optional(IsoDate()),
222 paidAmount: Type.Optional(Decimal({ description: 'Actual amount paid for commission.' })),
223 externalTransactionId: Type.Optional(Type.String()),
224 externalPaymentRef: Type.Optional(Type.String()),
225 externalPaymentProvider: Type.Optional(Type.String()),
226 renewalStatus: Type.Optional(RenewalStatusSchema),
227 renewalStatusError: Type.Optional(NullableString()),
228 rootPolicyId: Type.Optional(Type.Union([Uuid(), Type.Null()])),
229 previousPolicyId: Type.Optional(Type.Union([Uuid(), Type.Null()])),
230 transactionType: Type.Optional(TransactionTypeSchema),
231 version: Type.Optional(NullableInteger({ example: 1 })),
232 effectiveDate: Type.Optional(IsoDate()),
233 billingEffectiveDate: Type.Optional(IsoDate()),
234 adjustmentPremium: Type.Optional(Decimal()),
235 adjustmentTax: Type.Optional(Decimal()),
236 adjustmentCommission: Type.Optional(Decimal()),
237 adjustmentCommissionTax: Type.Optional(Decimal()),
238 bundleSubscriptionId: Type.Optional(NullableInteger()),
239 createdAt: IsoDateTime(),
240 updatedAt: IsoDateTime(),
241 },
242 { $id: 'PolicyOrder', additionalProperties: true },
243 );
244
245 export type PolicyOrder = Static<typeof PolicyOrderSchema>;
246 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/routes/plus/endorsementFieldRoutes.ts"}1 import { FastifyInstance, FastifyPluginAsync } from 'fastify';
2 import { Type } from '@sinclair/typebox';
3 import {
4 listEndorsementFields,
5 createEndorsementField,
6 updateEndorsementField,
7 deleteEndorsementField,
8 } from '@/controllers/endorsementFieldController.js';
9
10 const productParam = Type.Object({ productId: Type.String() });
11 const fieldParam = Type.Object({ productId: Type.String(), id: Type.String() });
12 const tags = ['Sherpa Plus — Endorsement Fields'];
13
14 const fieldBody = Type.Object(
15 {
16 label: Type.Optional(Type.String({ description: 'Field label in the source locale.' })),
17 fieldKey: Type.Optional(Type.String({ description: 'Stable key. Auto-derived from the label when omitted.' })),
18 helpText: Type.Optional(Type.Union([Type.String(), Type.Null()])),
19 type: Type.Optional(Type.String({ enum: ['string', 'number', 'date', 'boolean', 'select', 'textarea'] })),
20 required: Type.Optional(Type.Boolean()),
21 options: Type.Optional(
22 Type.Union([
23 Type.Array(Type.Object({ value: Type.String(), label: Type.String() }, { additionalProperties: true })),
24 Type.Null(),
25 ]),
26 ),
27 validationPattern: Type.Optional(Type.Union([Type.String(), Type.Null()])),
28 source: Type.Optional(Type.String({ enum: ['adhoc', 'datamodel'] })),
29 dataModelFieldName: Type.Optional(Type.Union([Type.String(), Type.Null()])),
30 order: Type.Optional(Type.Integer()),
31 active: Type.Optional(Type.Boolean()),
32 },
33 { additionalProperties: true },
34 );
35
36 const successDataResponse = {
37 type: 'object',
38 additionalProperties: true,
39 properties: {
40 status: { type: 'string', example: 'success' },
41 data: { type: 'object', additionalProperties: true },
42 },
43 } as const;
44
45 const successListResponse = {
46 type: 'object',
47 additionalProperties: true,
48 properties: {
49 status: { type: 'string', example: 'success' },
50 data: { type: 'array', items: { type: 'object', additionalProperties: true } },
51 },
52 } as const;
53
54 // Admin CRUD for per-product custom endorsement fields (#457). Product-scoped
55 // under the /products prefix, mirroring policyAcceptanceConfigRoutes.
56 export const endorsementFieldRoutes: FastifyPluginAsync = async (fastify: FastifyInstance) => {
57 fastify.addHook('preHandler', fastify.authenticate);
58
59 fastify.get('/:productId/endorsement-fields', {
60 schema: {
61 description: 'List the custom endorsement fields configured for a product (active and inactive), in display order.',
62 tags,
63 params: productParam,
64 response: { 200: successListResponse },
65 },
66 }, (req, reply) => listEndorsementFields(req as never, reply));
67
68 fastify.post('/:productId/endorsement-fields', {
69 schema: {
70 description: 'Add a custom field (ad-hoc or data-model reference) collected during this product\'s endorsements.',
71 tags,
72 params: productParam,
73 body: fieldBody,
74 response: { 201: successDataResponse },
75 },
76 }, (req, reply) => createEndorsementField(req as never, reply));
77
78 fastify.patch('/:productId/endorsement-fields/:id', {
79 schema: {
80 description: 'Update a custom endorsement field definition.',
81 tags,
82 params: fieldParam,
83 body: fieldBody,
84 response: { 200: successDataResponse },
85 },
86 }, (req, reply) => updateEndorsementField(req as never, reply));
87
88 fastify.delete('/:productId/endorsement-fields/:id', {
89 schema: {
90 description: 'Delete a custom endorsement field definition. Already-captured values on existing policy versions are retained.',
91 tags,
92 params: fieldParam,
93 response: { 200: { type: 'object', additionalProperties: true, properties: { status: { type: 'string', example: 'success' } } } },
94 },
95 }, (req, reply) => deleteEndorsementField(req as never, reply));
96 };
97 {"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -r \"endorsementFieldValues\" src/controllers/ src/services/ --include=\"*.ts\" | grep -v test | grep -v \"\\.apitest\""}src/controllers/policyOrderController.ts: resWithFields.endorsementFieldValues = activePolicy.endorsementFieldValues ?? {};
src/controllers/policyOrderController.ts: endorsementFieldValues?: Record<string, unknown>;
src/controllers/policyOrderController.ts: request.body.endorsementFieldValues,
src/controllers/policyOrderController.ts: endorsementFieldValues: endorsementFields.length > 0
src/controllers/policyOrderController.ts: : ((oldPolicyData.endorsementFieldValues as Record<string, unknown> | null) ?? null),{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":1427,"limit":10}1427 productPlanId: productMetadata?.productPlanId ?? policyOrder.productPlanId, 1428 parameters: parametersWithBreakdown, 1429 endorsementFieldValues: endorsementFields.length > 0 1430 ? validatedEndorsementValues 1431 : ((oldPolicyData.endorsementFieldValues as Record<string, unknown> | null) ?? null), 1432 insurance, 1433 product: productMetadata, 1434 paymentFrequency: finalPaymentFrequency, 1435 policyNumber: policyOrder.policyNumber, 1436 inceptionDate: policyOrder.inceptionDate,
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts","offset":120,"limit":20}120
121 if (field.type === 'boolean') {
122 const coerced = coerceBoolean(raw);
123 if (field.required && coerced !== true) {
124 throw new StatusError(400, `Endorsement field "${field.label}" must be accepted`);
125 }
126 if (coerced !== undefined) normalized[field.fieldKey] = coerced;
127 continue;
128 }
129
130 if (isEmpty(raw)) {
131 if (field.required) throw new StatusError(400, `Endorsement field "${field.label}" is required`);
132 continue;
133 }
134
135 normalized[field.fieldKey] = normalizeScalar(field, raw);
136 }
137
138 return normalized;
139 }/Users/bakker/dev/gangkhar/sherpa-api-api-466-passkey-webauthn-login/src/db/migrations/2025.12.10T00.00.02.backfill-endorsement-adjustment-fields.ts /Users/bakker/dev/gangkhar/sherpa-api-api-466-passkey-webauthn-login/src/db/migrations/2025.12.10T00.00.00.add-endorsement-adjustment-columns.ts /Users/bakker/dev/gangkhar/sherpa-api-customer-support-module-rgebm/src/db/migrations/2025.12.10T00.00.02.backfill-endorsement-adjustment-fields.ts /Users/bakker/dev/gangkhar/sherpa-api-customer-support-module-rgebm/src/db/migrations/2025.12.10T00.00.00.add-endorsement-adjustment-columns.ts /Users/bakker/dev/gangkhar/sherpa-api/.claude/worktrees/agent-a2f21f4d6c54015f2/src/db/migrations/2025.12.10T00.00.02.backfill-endorsement-adjustment-fields.ts /Users/bakker/dev/gangkhar/sherpa-api/.claude/worktrees/agent-a2f21f4d6c54015f2/src/db/migrations/2025.12.10T00.00.00.add-endorsement-adjustment-columns.ts /Users/bakker/dev/gangkhar/sherpa-api/.claude/worktrees/agent-aac7f284555866138/src/db/migrations/2025.12.10T00.00.02.backfill-endorsement-adjustment-fields.ts /Users/bakker/dev/gangkhar/sherpa-api/.claude/worktrees/agent-aac7f284555866138/src/db/migrations/2025.12.10T00.00.00.add-endorsement-adjustment-columns.ts /Users/bakker/dev/gangkhar/sherpa-api/.claude/worktrees/agent-a227375d3e5703c89/src/db/migrations/2025.12.10T00.00.02.backfill-endorsement-adjustment-fields.ts /Users/bakker/dev/gangkhar/sherpa-api/.claude/worktrees/agent-a227375d3e5703c89/src/db/migrations/2025.12.10T00.00.00.add-endorsement-adjustment-columns.ts /Users/bakker/dev/gangkhar/sherpa-api/.claude/worktrees/agent-a2c4df3e135cba6d4/src/db/migrations/2025.12.10T00.00.02.backfill-endorsement-adjustment-fields.ts /Users/bakker/dev/gangkhar/sherpa-api/.claude/worktrees/agent-a2c4df3e135cba6d4/src/db/migrations/2025.12.10T00.00.00.add-endorsement-adjustment-columns.ts /Users/bakker/dev/gangkhar/sherpa-api/src/db/migrations/2025.12.10T00.00.02.backfill-endorsement-adjustment-fields.ts /Users/bakker/dev/gangkhar/sherpa-api/src/db/migrations/2025.12.10T00.00.00.add-endorsement-adjustment-columns.ts /Users/bakker/dev/gangkhar/sherpa-api-api-458-credit-check-compliance-integrat/src/db/migrations/2025.12.10T00.00.02.backfill-endorsement-adjustment-fields.ts /Users/bakker/dev/gangkhar/sherpa-api-api-458-credit-check-compliance-integrat/src/db/migrations/2025.12.10T00.00.00.add-endorsement-adjustment-columns.ts /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/db/migrations/2026.05.31T00.00.00.create-endorsement-fields.ts /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/db/migrations/2025.12.10T00.00.02.backfill-endorsement-adjustment-fields.ts /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/db/migrations/2025.12.10T00.00.00.add-endorsement-adjustment-columns.ts /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/endorsementFieldController.ts
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/endorsementFieldController.ts","offset":40,"limit":60}40 // Derive a stable camelCase key from a label, e.g. "Reason for change" →
41 // "reasonForChange". Falls back to "field" when the label has no usable chars.
42 function slugifyKey(label: string): string {
43 const words = label.toLowerCase().split(/[^a-z0-9]+/).filter(Boolean);
44 if (words.length === 0) return 'field';
45 const key = words[0] + words.slice(1).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join('');
46 return /^[a-z]/.test(key) ? key.slice(0, 60) : `field${key}`.slice(0, 60);
47 }
48
49 async function uniqueFieldKey(request: Req, productId: number, base: string): Promise<string> {
50 const existing = await EndorsementField.findAll(request, { where: { productId }, attributes: ['fieldKey'] });
51 const taken = new Set(existing.map((f) => f.fieldKey));
52 if (!taken.has(base)) return base;
53 for (let i = 2; i < 1000; i++) {
54 const candidate = `${base}${i}`;
55 if (!taken.has(candidate)) return candidate;
56 }
57 throw new StatusError(409, 'Unable to allocate a unique field key');
58 }
59
60 interface FieldBody {
61 label?: string;
62 fieldKey?: string;
63 helpText?: string | null;
64 type?: EndorsementFieldType;
65 required?: boolean;
66 options?: EndorsementFieldOption[] | null;
67 validationPattern?: string | null;
68 source?: EndorsementFieldSource;
69 dataModelFieldName?: string | null;
70 order?: number;
71 active?: boolean;
72 }
73
74 function assertType(type: unknown): EndorsementFieldType {
75 if (!FIELD_TYPES.includes(type as EndorsementFieldType)) {
76 throw new StatusError(400, `Invalid field type. Allowed: ${FIELD_TYPES.join(', ')}`);
77 }
78 return type as EndorsementFieldType;
79 }
80
81 function validateOptions(type: EndorsementFieldType, options: EndorsementFieldOption[] | null | undefined): EndorsementFieldOption[] | null {
82 if (type !== EndorsementFieldType.SELECT) return null;
83 if (!Array.isArray(options) || options.length === 0) {
84 throw new StatusError(400, 'Select fields require at least one option');
85 }
86 return options.map((o) => {
87 if (!o || typeof o.value !== 'string' || !o.value.trim() || typeof o.label !== 'string' || !o.label.trim()) {
88 throw new StatusError(400, 'Each option needs a non-empty value and label');
89 }
90 return { value: o.value.trim(), label: o.label.trim() };
91 });
92 }
93
94 function validatePattern(pattern: string | null | undefined): string | null {
95 if (pattern === undefined || pattern === null || pattern === '') return null;
96 try {
97 new RegExp(pattern);
98 } catch {
99 throw new StatusError(400, 'Validation pattern is not a valid regular expression');{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/endorsementFieldController.ts"}1 import type { FastifyReply, FastifyRequest } from 'fastify';
2 import { StatusError } from '@/error/error.js';
3 import { Product } from '@/models/Product.js';
4 import {
5 EndorsementField,
6 EndorsementFieldType,
7 EndorsementFieldSource,
8 type EndorsementFieldOption,
9 } from '@/models/EndorsementField.js';
10
11 type Req = FastifyRequest;
12
13 const FIELD_TYPES: EndorsementFieldType[] = [
14 EndorsementFieldType.STRING,
15 EndorsementFieldType.NUMBER,
16 EndorsementFieldType.DATE,
17 EndorsementFieldType.BOOLEAN,
18 EndorsementFieldType.SELECT,
19 EndorsementFieldType.TEXTAREA,
20 ];
21
22 function orgId(request: Req): string {
23 const id = request.ident?.org?.id;
24 if (!id) throw new StatusError(400, 'Organization context required');
25 return id;
26 }
27
28 function toProductId(raw: string): number {
29 const id = Number.parseInt(raw, 10);
30 if (!Number.isInteger(id)) throw new StatusError(400, 'Invalid productId');
31 return id;
32 }
33
34 async function assertProduct(request: Req, productId: number) {
35 const product = await Product.findByPk(request, productId);
36 if (!product) throw new StatusError(404, 'Product not found');
37 return product;
38 }
39
40 // Derive a stable camelCase key from a label, e.g. "Reason for change" →
41 // "reasonForChange". Falls back to "field" when the label has no usable chars.
42 function slugifyKey(label: string): string {
43 const words = label.toLowerCase().split(/[^a-z0-9]+/).filter(Boolean);
44 if (words.length === 0) return 'field';
45 const key = words[0] + words.slice(1).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join('');
46 return /^[a-z]/.test(key) ? key.slice(0, 60) : `field${key}`.slice(0, 60);
47 }
48
49 async function uniqueFieldKey(request: Req, productId: number, base: string): Promise<string> {
50 const existing = await EndorsementField.findAll(request, { where: { productId }, attributes: ['fieldKey'] });
51 const taken = new Set(existing.map((f) => f.fieldKey));
52 if (!taken.has(base)) return base;
53 for (let i = 2; i < 1000; i++) {
54 const candidate = `${base}${i}`;
55 if (!taken.has(candidate)) return candidate;
56 }
57 throw new StatusError(409, 'Unable to allocate a unique field key');
58 }
59
60 interface FieldBody {
61 label?: string;
62 fieldKey?: string;
63 helpText?: string | null;
64 type?: EndorsementFieldType;
65 required?: boolean;
66 options?: EndorsementFieldOption[] | null;
67 validationPattern?: string | null;
68 source?: EndorsementFieldSource;
69 dataModelFieldName?: string | null;
70 order?: number;
71 active?: boolean;
72 }
73
74 function assertType(type: unknown): EndorsementFieldType {
75 if (!FIELD_TYPES.includes(type as EndorsementFieldType)) {
76 throw new StatusError(400, `Invalid field type. Allowed: ${FIELD_TYPES.join(', ')}`);
77 }
78 return type as EndorsementFieldType;
79 }
80
81 function validateOptions(type: EndorsementFieldType, options: EndorsementFieldOption[] | null | undefined): EndorsementFieldOption[] | null {
82 if (type !== EndorsementFieldType.SELECT) return null;
83 if (!Array.isArray(options) || options.length === 0) {
84 throw new StatusError(400, 'Select fields require at least one option');
85 }
86 return options.map((o) => {
87 if (!o || typeof o.value !== 'string' || !o.value.trim() || typeof o.label !== 'string' || !o.label.trim()) {
88 throw new StatusError(400, 'Each option needs a non-empty value and label');
89 }
90 return { value: o.value.trim(), label: o.label.trim() };
91 });
92 }
93
94 function validatePattern(pattern: string | null | undefined): string | null {
95 if (pattern === undefined || pattern === null || pattern === '') return null;
96 try {
97 new RegExp(pattern);
98 } catch {
99 throw new StatusError(400, 'Validation pattern is not a valid regular expression');
100 }
101 return pattern;
102 }
103
104 export async function listEndorsementFields(
105 request: FastifyRequest<{ Params: { productId: string } }>,
106 reply: FastifyReply,
107 ) {
108 orgId(request);
109 const productId = toProductId(request.params.productId);
110 await assertProduct(request, productId);
111 const fields = await EndorsementField.findAll(request, {
112 where: { productId },
113 order: [['order', 'ASC'], ['createdAt', 'ASC']],
114 });
115 return reply.code(200).send({ status: 'success', data: fields });
116 }
117
118 export async function createEndorsementField(
119 request: FastifyRequest<{ Params: { productId: string }; Body: FieldBody }>,
120 reply: FastifyReply,
121 ) {
122 orgId(request);
123 const productId = toProductId(request.params.productId);
124 await assertProduct(request, productId);
125
126 const b = request.body;
127 const label = typeof b.label === 'string' ? b.label.trim() : '';
128 if (!label) throw new StatusError(400, 'label is required');
129 const type = assertType(b.type);
130 const source = b.source === EndorsementFieldSource.DATA_MODEL ? EndorsementFieldSource.DATA_MODEL : EndorsementFieldSource.ADHOC;
131 if (source === EndorsementFieldSource.DATA_MODEL && (!b.dataModelFieldName || !b.dataModelFieldName.trim())) {
132 throw new StatusError(400, 'dataModelFieldName is required when source is "datamodel"');
133 }
134
135 const baseKey = b.fieldKey && b.fieldKey.trim() ? slugifyKey(b.fieldKey) : slugifyKey(label);
136 const fieldKey = await uniqueFieldKey(request, productId, baseKey);
137
138 const existing = await EndorsementField.findAll(request, { where: { productId }, attributes: ['id'] });
139
140 const field = await EndorsementField.create(request, {
141 organizationId: orgId(request),
142 productId,
143 fieldKey,
144 label,
145 helpText: b.helpText?.trim() || null,
146 type,
147 required: b.required === true,
148 options: validateOptions(type, b.options),
149 validationPattern: validatePattern(b.validationPattern),
150 source,
151 dataModelFieldName: source === EndorsementFieldSource.DATA_MODEL ? b.dataModelFieldName!.trim() : null,
152 order: typeof b.order === 'number' ? b.order : existing.length,
153 active: b.active === false ? false : true,
154 });
155
156 return reply.code(201).send({ status: 'success', data: field });
157 }
158
159 export async function updateEndorsementField(
160 request: FastifyRequest<{ Params: { productId: string; id: string }; Body: FieldBody }>,
161 reply: FastifyReply,
162 ) {
163 orgId(request);
164 const productId = toProductId(request.params.productId);
165 await assertProduct(request, productId);
166
167 const field = await EndorsementField.findByPk(request, request.params.id);
168 if (!field || field.productId !== productId) throw new StatusError(404, 'Endorsement field not found');
169
170 const b = request.body;
171 const type = b.type !== undefined ? assertType(b.type) : field.type;
172 const source = b.source !== undefined
173 ? (b.source === EndorsementFieldSource.DATA_MODEL ? EndorsementFieldSource.DATA_MODEL : EndorsementFieldSource.ADHOC)
174 : field.source;
175 const dataModelFieldName = source === EndorsementFieldSource.DATA_MODEL
176 ? ((b.dataModelFieldName ?? field.dataModelFieldName)?.trim() || null)
177 : null;
178 if (source === EndorsementFieldSource.DATA_MODEL && !dataModelFieldName) {
179 throw new StatusError(400, 'dataModelFieldName is required when source is "datamodel"');
180 }
181 const nextOptions = b.options !== undefined ? validateOptions(type, b.options) : validateOptions(type, field.options);
182
183 await field.update({
184 label: b.label !== undefined ? (b.label.trim() || field.label) : field.label,
185 helpText: b.helpText !== undefined ? (b.helpText?.trim() || null) : field.helpText,
186 type,
187 required: b.required !== undefined ? b.required === true : field.required,
188 opti{"command":"find /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo -name \"EndorsementField.ts\" -type f"}/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/models/EndorsementField.ts /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/schemas/typebox/product/EndorsementField.ts
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -r \"current_organization_in_scope\" src/db/migrations/ | tail -5"}src/db/migrations/2026.05.15T00.00.02.add-hierarchical-rls-scope.ts: CREATE OR REPLACE FUNCTION current_organization_in_scope(row_org_id uuid)
src/db/migrations/2026.05.15T00.00.02.add-hierarchical-rls-scope.ts: USING (current_organization_in_scope("organizationId"))
src/db/migrations/2026.05.15T00.00.02.add-hierarchical-rls-scope.ts: `GRANT EXECUTE ON FUNCTION current_organization_in_scope(uuid) TO ${appUser}`,
src/db/migrations/2026.05.15T00.00.02.add-hierarchical-rls-scope.ts: `GRANT EXECUTE ON FUNCTION current_organization_in_scope(uuid) TO dashboard_user`,
src/db/migrations/2026.05.21T00.00.02.upgrade-singleton-rls-to-scope-function.ts: USING (current_organization_in_scope("organizationId")){"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/models/EndorsementField.ts"}1 import { _EndorsementField } from './internal/_EndorsementField.js';
2 import { toSafeModel } from './lib/safe-model.js';
3
4 export const EndorsementField = toSafeModel(_EndorsementField);
5 export type EndorsementField = _EndorsementField;
6
7 // Re-export raw class for db.ts registration, association includes, and type usage
8 export { _EndorsementField };
9 export {
10 EndorsementFieldType,
11 EndorsementFieldSource,
12 type EndorsementFieldOption,
13 } from './internal/_EndorsementField.js';
14 {"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && ls -la src/db/migrations/ | grep \"2026.05.2[15]\""}-rw-r--r--@ 1 bakker staff 426 May 31 14:20 2026.05.21T00.00.01.add-parameter-division-value-type.ts -rw-r--r--@ 1 bakker staff 1295 May 31 14:20 2026.05.21T00.00.01.fix-rls-no-guc-deny.ts -rw-r--r--@ 1 bakker staff 1887 May 31 14:20 2026.05.21T00.00.02.upgrade-singleton-rls-to-scope-function.ts -rw-r--r--@ 1 bakker staff 2198 May 31 14:20 2026.05.25T00.00.01.scope-mode-strict-by-default-rls.ts
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/models/internal/_EndorsementField.ts"}1 import {
2 Table,
3 Column,
4 Model,
5 BelongsTo,
6 ForeignKey,
7 DataType,
8 } from 'sequelize-typescript';
9 import { _Product } from './_Product.js';
10
11 // Input type for a custom endorsement field. Restricted to the subset of the
12 // FormParameter type vocabulary the portal + embed already render as capture
13 // inputs (no file/address/coverage types — those aren't ad-hoc endorsement
14 // data).
15 export enum EndorsementFieldType {
16 STRING = 'string',
17 NUMBER = 'number',
18 DATE = 'date',
19 BOOLEAN = 'boolean',
20 SELECT = 'select',
21 TEXTAREA = 'textarea',
22 }
23
24 // Where the field comes from: a brand-new ad-hoc field defined here, or a
25 // reference to an existing product data-model field surfaced for editing at
26 // endorsement time. Stored explicitly so exports/rules can tell author-defined
27 // captures apart from data-model passthroughs.
28 export enum EndorsementFieldSource {
29 ADHOC = 'adhoc',
30 DATA_MODEL = 'datamodel',
31 }
32
33 export interface EndorsementFieldOption {
34 value: string;
35 label: string;
36 }
37
38 @Table({
39 modelName: 'EndorsementField',
40 tableName: 'EndorsementFields',
41 timestamps: true,
42 indexes: [
43 {
44 fields: ['organizationId', 'productId', 'active', 'order'],
45 name: 'idx_endorsement_fields_org_product_active',
46 },
47 {
48 unique: true,
49 fields: ['organizationId', 'productId', 'fieldKey'],
50 name: 'idx_endorsement_fields_unique_key',
51 },
52 ],
53 })
54 export class _EndorsementField extends Model {
55 @Column({
56 type: DataType.UUID,
57 primaryKey: true,
58 defaultValue: DataType.UUIDV4,
59 })
60 declare id: string;
61
62 @Column({
63 type: DataType.UUID,
64 allowNull: false,
65 })
66 declare organizationId: string;
67
68 @ForeignKey(() => _Product)
69 @Column({
70 type: DataType.INTEGER,
71 allowNull: false,
72 })
73 declare productId: number;
74
75 @BelongsTo(() => _Product)
76 declare product?: _Product;
77
78 // Stable identifier used as the key under PolicyOrder.endorsementFieldValues.
79 // Unique per (organization, product); never changes once captured values
80 // exist so historical versions keep resolving their labels.
81 @Column({
82 type: DataType.STRING(64),
83 allowNull: false,
84 })
85 declare fieldKey: string;
86
87 // Source label in the product's source locale. Localised at render time via
88 // the LMT translation-overrides pipeline (translateTemplateString), exactly
89 // like acceptance-page / form-parameter labels.
90 @Column({
91 type: DataType.STRING(255),
92 allowNull: false,
93 })
94 declare label: string;
95
96 @Column({
97 type: DataType.STRING(500),
98 allowNull: true,
99 })
100 declare helpText: string | null;
101
102 @Column({
103 type: DataType.ENUM('string', 'number', 'date', 'boolean', 'select', 'textarea'),
104 allowNull: false,
105 })
106 declare type: EndorsementFieldType;
107
108 @Column({
109 type: DataType.BOOLEAN,
110 allowNull: false,
111 defaultValue: false,
112 })
113 declare required: boolean;
114
115 // For `select` fields: the choosable options. Null for every other type.
116 @Column({
117 type: DataType.JSONB,
118 allowNull: true,
119 })
120 declare options: EndorsementFieldOption[] | null;
121
122 // Optional anchored regex applied to string / textarea values on submit.
123 @Column({
124 type: DataType.STRING(255),
125 allowNull: true,
126 })
127 declare validationPattern: string | null;
128
129 @Column({
130 type: DataType.ENUM('adhoc', 'datamodel'),
131 allowNull: false,
132 defaultValue: 'adhoc',
133 })
134 declare source: EndorsementFieldSource;
135
136 // Set only when source === 'datamodel': the referenced product data-model
137 // field name whose value this endorsement field collects.
138 @Column({
139 type: DataType.STRING(128),
140 allowNull: true,
141 })
142 declare dataModelFieldName: string | null;
143
144 @Column({
145 type: DataType.INTEGER,
146 allowNull: false,
147 defaultValue: 0,
148 })
149 declare order: number;
150
151 @Column({
152 type: DataType.BOOLEAN,
153 allowNull: false,
154 defaultValue: true,
155 })
156 declare active: boolean;
157 }
158 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/db/migrations/2026.05.21T00.00.02.upgrade-singleton-rls-to-scope-function.ts"}1 import type { MigrationFn } from 'umzug';
2 import type { QueryInterface } from 'sequelize';
3
4 const SINGLETON_RLS_TABLES = [
5 'BundleDiscountTiers',
6 'CancellationTerms',
7 'ClaimParameterCategories',
8 'ClaimParameterCategoryPages',
9 'ClaimParameters',
10 'ClaimRules',
11 'Claims',
12 'Clients',
13 'CommissionAllocationRules',
14 'CommissionOptimizationModels',
15 'CommissionOptimizationStageActivations',
16 'CommissionOptimizations',
17 'CommissionParties',
18 'CommissionStructures',
19 'CoveragePricingOptions',
20 'CoveragePricings',
21 'Coverages',
22 'DataFiles',
23 'FunnelTemplateSets',
24 'FunnelTemplatesLibrary',
25 'McpHosts',
26 'McpServers',
27 'OpenaiApps',
28 'OrganizationModules',
29 'OrganizationPolicyStatuses',
30 'PaymentProviderConfigs',
31 'Policies',
32 'PolicyParameterCategories',
33 'PolicyParameterCategoryPages',
34 'PolicyParameters',
35 'PolicySettings',
36 'PricingRules',
37 'PricingTableRows',
38 'PricingTables',
39 'Pricings',
40 'ProductBundleItems',
41 'ProductBundles',
42 'ProductModulePartners',
43 'ProductPlans',
44 'ProductSettings',
45 'ProductTemplates',
46 'Products',
47 'QuoteParameterCategories',
48 'QuoteParameterCategoryPages',
49 'QuoteParameters',
50 'Quotes',
51 'SimulationTasks',
52 'SystemSettings',
53 'Taxes',
54 'TemplateLibrary',
55 'UploadCredentials',
56 'Uploads',
57 'UserOrganizations',
58 'UserPermissions',
59 'WidgetTokens',
60 ] as const;
61
62 export const up: MigrationFn<QueryInterface> = async ({ context }) => {
63 for (const table of SINGLETON_RLS_TABLES) {
64 await context.sequelize.query(`DROP POLICY IF EXISTS tenant_isolation ON "${table}"`);
65 await context.sequelize.query(`
66 CREATE POLICY tenant_isolation ON "${table}"
67 FOR ALL
68 USING (current_organization_in_scope("organizationId"))
69 `);
70 }
71 };
72
73 export const down: MigrationFn<QueryInterface> = async () => {
74 // Down migration not implemented - forward-only deployment.
75 };
76 {"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && find . -name \"*.ts\" -type f | xargs grep -l \"endorsementQuote\\|endorsementFieldValues\" | head -10"}./src/models/internal/_PolicyOrder.ts ./src/models/internal/_EndorsementField.ts ./src/schemas/policy.schemas.ts ./src/schemas/typebox/product/EndorsementField.ts ./src/schemas/typebox/policy/PolicyOrder.ts ./src/schemas/plus/policyOrder.schemas.ts ./src/db/migrations/2026.05.31T00.00.00.create-endorsement-fields.ts ./src/controllers/policyOrderController.ts ./src/routes/policyRoutes.ts ./src/routes/plus/policyOrderRoutes.ts
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && ls -1 src/db/migrations/*.ts | sort | tail -10"}src/db/migrations/2026.05.27T00.00.04.seed-awaiting-acceptance-policy-status.ts src/db/migrations/2026.05.27T00.00.05.create-policy-acceptance-configs.ts src/db/migrations/2026.05.28T00.00.00.add-collects-payment-on-import-to-products.ts src/db/migrations/2026.05.28T00.00.01.add-payment-invite-email-template-type.ts src/db/migrations/2026.05.29T00.00.01.add-policy-customer-language.ts src/db/migrations/2026.05.29T00.00.02.add-message-translation-fields.ts src/db/migrations/2026.05.30T00.00.00.create-payout-category-and-fields.ts src/db/migrations/2026.05.30T00.00.01.localize-default-checkout-premium-prefix.ts src/db/migrations/2026.05.31T00.00.00.create-endorsement-fields.ts src/db/migrations/abandonedPolicyStatus.apitest.ts
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","limit":200}1 import crypto from 'crypto';
2 import jwt from 'jsonwebtoken';
3 import { FastifyRequest, FastifyReply } from 'fastify';
4 import { Op } from 'sequelize';
5 import { generatePdfDownloadToken, PDF_DOWNLOAD_TOKEN_TTL_SECONDS } from '@/utils/tokenUtils.js';
6 import { getOrganizationBackendUrl } from '@/utils/organizationUtils.js';
7 import { calculatePriceforQuote } from '@/controllers/pricingController.js';
8 import { sequelize } from '@/models/db.js';
9 import { tenantQuery } from '@/models/lib/db-query.js';
10 import { getPolicyVisibilityConfig } from '@/utils/policyMessagesVisibility.js';
11 import { getBusinessDate, resolveOrgTimezone } from '@/utils/dateUtils.js';
12 import { StatusError } from '@/error/error.js';
13 import logger from '@/logger.js';
14 import { Client } from '@/models/Client.js';
15 import { Country } from '@/models/Country.js';
16 import { DriverFactory } from '@/integrations/driver-factory.js';
17 import { Insurer } from '@/models/Insurer.js';
18 import { InsuranceType } from '@/models/InsuranceType.js';
19 import { Module } from '@/models/Module.js';
20 import { ModuleEndpoint } from '@/models/ModuleEndpoint.js';
21 import { Partner } from '@/models/Partner.js';
22 import { Policy } from '@/models/Policy.js';
23 import {
24 PolicyOrder as PolicyOrderModel,
25 CancelReason,
26 TransactionType,
27 DeletionReason,
28 } from '@/models/PolicyOrder.js';
29 import { ClaimRecord, ClaimStatus } from '@/models/ClaimRecord.js';
30 import { OrganizationPolicyStatus, PolicyStatusLifecycleCategory } from '@/models/OrganizationPolicyStatus.js';
31 import {
32 evaluateComplianceGate,
33 collectComplianceCheckIds,
34 isComplianceGateParked,
35 pickComplianceParkCategory,
36 attachPolicyOrderToScreening,
37 } from '@/services/policyIssuanceService.js';
38 import {
39 assertStatusAllowedForCreate,
40 assertValidStatusForOrg,
41 getCategoryForCode,
42 getCodesForCategory,
43 getCodesForCategories,
44 getDefaultCodeForCategory,
45 resolveStatusForCreate,
46 resolveStatusForUpdate,
47 } from '@/services/policyStatusService.js';
48 import { PolicyOrderError } from '@/models/PolicyOrderError.js';
49 import { PolicyParameter } from '@/models/PolicyParameter.js';
50 import { Pricing } from '@/models/Pricing.js';
51 import { Organization } from '@/models/Organization.js';
52 import { Product, type ProductDocumentRef } from '@/models/Product.js';
53 import { DataFile } from '@/models/DataFile.js';
54 import { ProductModulePartner } from '@/models/ProductModulePartner.js';
55 import { ProductOptimization } from '@/models/ProductOptimization.js';
56 import { ProductPlan } from '@/models/ProductPlan.js';
57 import { ProductSetting } from '@/models/ProductSetting.js';
58 import { SuspensionTerms } from '@/models/SuspensionTerms.js';
59 import { findActiveProductTemplate } from '@/models/productTemplateHelpers.js';
60 import { Quote } from '@/models/Quote.js';
61 import { QuoteParameter } from '@/models/QuoteParameter.js';
62 import { QuoteSession } from '@/models/QuoteSession.js';
63 import { Customer } from '@/models/Customer.js';
64 import { generateDocumentPdf } from '@/services/pdfService.js';
65 import { renderTemplate } from '@/services/templateService.js';
66 import { localizeTemplateContent } from '@/services/templateI18nService.js';
67 import { getLocaleFromHeader, getLocaleFromRequestHeadersMap } from '@/services/localeService.js';
68 import { mergeTranslationDefaults, collectCoverageStrings } from '@/services/productTranslationDefaults.js';
69 import {
70 getActiveEndorsementFields,
71 resolveEndorsementFieldsForLocale,
72 validateAndNormalizeEndorsementFieldValues,
73 } from '@/services/endorsementFieldService.js';
74 import { createCustomerFromPolicyParameters } from '@/services/userService.js';
75 import { validateParameters, pickValidationMessage } from '@/services/validationService.js';
76 import {
77 CommissionCalculationData,
78 PartyAllocation,
79 } from '@/services/commissionCalculationService.js';
80 import { generateInvoice, getInvoicesByPolicyOrderId } from '@/services/invoiceService.js';
81 import { handleInvoice as handleExternalInvoice, handleCreditNote, handlePaymentIntent, handleSetupIntent, resolvePaymentProvider } from '@/domains/payments/service.js';
82 import { isExternalProvider } from '@/domains/payments/registry.js';
83 import { tryCreateEmbedCheckoutSession } from '@/services/embedCheckoutSessionService.io.js';
84 import { findReusablePolicyOrder, reuseIframeCheckout } from '@/services/embedCheckoutDedupService.io.js';
85 import { withQuoteLock } from '@/services/quoteDedupLock.js';
86 import { isSafeHttpsUrl } from '@/utils/urlValidation.js';
87 import { BundleSubscription } from '@/models/BundleSubscription.js';
88 import { ProductBundle } from '@/models/ProductBundle.js';
89 import type { InvoiceResult, PaymentIntentResult } from '@/domains/payments/interface.js';
90 import { sendSaleOutcomeEvent } from '@/services/lensOptimizationService.js';
91 import { PremiumResult } from '@/types/pricing.js';
92 import {
93 handleBundleCancellationSideEffect,
94 handleBundleReinstatementSideEffect,
95 handleBundleSuspensionSideEffect,
96 buildEndorsementContextFromRequest,
97 } from '@/services/bundleEndorsementService.js';
98 import {
99 previewSuspensionOptions as previewSuspensionOptionsService,
100 previewReinstatementOptions as previewReinstatementOptionsService,
101 } from '@/services/suspensionService.js';
102 import {
103 enqueueSuspensionEmail,
104 enqueueReinstatementEmail,
105 } from '@/services/jobs/welcomeEmailJob.js';
106 import {
107 applyBundleDiscount,
108 calculateEndorsementAdjustments,
109 extractPaymentFrequencyFromInsurance,
110 extractPremiumDataFromInsurance,
111 calculateAndExtractCommissionData,
112 enrichInsuranceWithCoverageOptions,
113 calculateExpiryDate,
114 getProductMetadata,
115 } from '@/services/policyOrderService.js';
116 import type { AdjustmentBreakdownItem, EndorsementAdjustments } from '@/services/policyOrderService.js';
117 import { shouldHidePrices, stripInsurancePrices, stripInsuranceCommission, stripCommissionFields, isCustomerFacing } from '@/utils/hidePrices.js';
118 import { getCommissionTaxRate } from '@/services/taxHelpers.js';
119 import { assertDisplayCurrencyAllowed, snapshotFx } from '@/services/currencyService.js';
120 import { getDecimalsForCurrency } from '@/utils/currencyHelper.js';
121 import { isProductionEnvironment } from '@/utils/env.js';
122 import { TEST_POLICY_STATUS_CODE } from '@/models/OrganizationPolicyStatus.js';
123
124 // Re-export for backwards compatibility with existing consumers
125 export {
126 applyBundleDiscount,
127 calculateEndorsementAdjustments,
128 extractPremiumDataFromInsurance,
129 calculateAndExtractCommissionData,
130 enrichInsuranceWithCoverageOptions,
131 calculateExpiryDate,
132 getProductMetadata,
133 } from '@/services/policyOrderService.js';
134 export type { AdjustmentBreakdownItem, EndorsementAdjustments } from '@/services/policyOrderService.js';
135
136 // Last-wins sync of the customer's channel locale based on the locale captured
137 // at this purchase. No-op when no locale was captured or the customer already
138 // holds the same value, so reads stay free of writes for English-only orgs.
139 async function syncCustomerPreferredLanguage(
140 customer: Customer | null | undefined,
141 language: string | null,
142 ): Promise<void> {
143 if (!customer || !language) return;
144 if (customer.preferredLanguage === language) return;
145 await customer.update({ preferredLanguage: language });
146 }
147
148 async function generateNextPolicyNumber(productId: number, organizationId: string): Promise<string> {
149 const result = await tenantQuery<Array<{
150 policyNumberSequence: string;
151 policyNumberPrefix: string | null;
152 }>>(
153 { organizationId },
154 `UPDATE "Products"
155 SET "policyNumberSequence" {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/db/migrations/2026.05.25T00.00.01.scope-mode-strict-by-default-rls.ts"}1 import type { MigrationFn } from 'umzug';
2 import type { QueryInterface } from 'sequelize';
3
4 // Adds a third GUC `app.scope_mode` ('strict' | 'hierarchical') that gates
5 // whether `app.current_organization_set` (closure expansion) is honored.
6 //
7 // Defense-in-depth: even if app code accidentally sets a non-singleton scope
8 // set on a route that should be own-org-only, the database rejects rows
9 // outside the singleton when scope_mode is 'strict' (or absent — strict is
10 // the default).
11 //
12 // Hierarchical mode is opted into by the application per-plugin/per-route
13 // for endpoints that legitimately surface descendant-org data (policy
14 // management + financials views).
15
16 export const up: MigrationFn<QueryInterface> = async ({ context }) => {
17 await context.sequelize.query(`
18 CREATE OR REPLACE FUNCTION current_organization_in_scope(row_org_id uuid)
19 RETURNS boolean
20 LANGUAGE plpgsql
21 STABLE
22 AS $$
23 DECLARE
24 singleton text;
25 set_var text;
26 mode text;
27 BEGIN
28 singleton := NULLIF(current_setting('app.current_organization', true), '');
29 set_var := NULLIF(current_setting('app.current_organization_set', true), '');
30 mode := COALESCE(NULLIF(current_setting('app.scope_mode', true), ''), 'strict');
31
32 -- No org context set: deny by default.
33 -- systemSequelize uses BYPASSRLS and never reaches this function.
34 IF singleton IS NULL AND set_var IS NULL THEN
35 RETURN false;
36 END IF;
37
38 -- Singleton match is always allowed (own-org reads + all writes).
39 IF singleton IS NOT NULL AND row_org_id = singleton::uuid THEN
40 RETURN true;
41 END IF;
42
43 -- Closure expansion only honored when the caller opted into
44 -- hierarchical scope. Strict routes that accidentally leak a scope
45 -- set still get filtered to the singleton.
46 IF mode = 'hierarchical'
47 AND set_var IS NOT NULL
48 AND row_org_id = ANY (string_to_array(set_var, ',')::uuid[]) THEN
49 RETURN true;
50 END IF;
51
52 RETURN false;
53 END;
54 $$
55 `);
56 };
57
58 export const down: MigrationFn<QueryInterface> = async () => {
59 // Down migration not implemented - forward-only deployment.
60 };
61 {"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"endorsementFieldValues\\|endorsementFields\" src/controllers/policyOrderController.ts | head -30"}1221: resWithFields.endorsementFields = resolvedEndorsementFields;
1222: resWithFields.endorsementFieldValues = activePolicy.endorsementFieldValues ?? {};
1238: endorsementFieldValues?: Record<string, unknown>;
1297: const endorsementFields = await getActiveEndorsementFields(request, policyOrder.productId);
1299: endorsementFields,
1300: request.body.endorsementFieldValues,
1429: endorsementFieldValues: endorsementFields.length > 0
1431: : ((oldPolicyData.endorsementFieldValues as Record<string, unknown> | null) ?? null),{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/endorsementFieldController.ts","offset":183,"limit":12}183 await field.update({
184 label: b.label !== undefined ? (b.label.trim() || field.label) : field.label,
185 helpText: b.helpText !== undefined ? (b.helpText?.trim() || null) : field.helpText,
186 type,
187 required: b.required !== undefined ? b.required === true : field.required,
188 options: nextOptions,
189 validationPattern: b.validationPattern !== undefined ? validatePattern(b.validationPattern) : field.validationPattern,
190 source,
191 dataModelFieldName,
192 order: typeof b.order === 'number' ? b.order : field.order,
193 active: b.active !== undefined ? b.active === true : field.active,
194 });{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":1210,"limit":100}1210 res.currentPolicy.premiumWithTax = null;
1211 }
1212 if (res.bundleDiscount) {
1213 res.bundleDiscount = null;
1214 }
1215 }
1216
1217
1218 // Surface the configured fields + the values captured on the current
1219 // version so the endorsement flow can render and prefill them.
1220 const resWithFields = result as Record<string, unknown>;
1221 resWithFields.endorsementFields = resolvedEndorsementFields;
1222 resWithFields.endorsementFieldValues = activePolicy.endorsementFieldValues ?? {};
1223
1224 return result;
1225 } finally {
1226 (request as any).params = origParams;
1227 }
1228 }
1229
1230 export async function endorsePolicy(
1231 request: FastifyRequest<{
1232 Params: { policyId: string };
1233 Body: {
1234 quoteId: string;
1235 effectiveDate: string;
1236 productPlanName?: string;
1237 paymentFrequency?: 'year' | 'month' | 'quarter' | 'one-time' | 'day';
1238 endorsementFieldValues?: Record<string, unknown>;
1239 };
1240 }>,
1241 _reply: FastifyReply
1242 ) {
1243 void _reply;
1244 const { policyId } = request.params;
1245 const organizationId = request.ident?.org?.id;
1246
1247 if (!organizationId) {
1248 throw new StatusError(400, 'Organization context required');
1249 }
1250
1251 const activeStatusCodes = await getCodesForCategory(organizationId, PolicyStatusLifecycleCategory.ACTIVE);
1252 const activeStatusCode = await getDefaultCodeForCategory(organizationId, PolicyStatusLifecycleCategory.ACTIVE);
1253 const supersededStatusCode = await getDefaultCodeForCategory(organizationId, PolicyStatusLifecycleCategory.SUPERSEDED);
1254 const activePendingCodes = await getCodesForCategories(
1255 organizationId,
1256 [PolicyStatusLifecycleCategory.ACTIVE, PolicyStatusLifecycleCategory.PENDING],
1257 );
1258
1259 // Resolve the active policy version (customer may pass any policyId in the chain)
1260 const requestedPolicy = await PolicyOrderModel.findOne(request, {
1261 where: { policyId },
1262 include: [{ model: Product.raw, as: 'productRelation', required: true }],
1263 });
1264
1265 if (!requestedPolicy) {
1266 throw new StatusError(404, 'Policy not found');
1267 }
1268
1269 const rootPolicyId = requestedPolicy.rootPolicyId || requestedPolicy.policyId;
1270 const policyOrder = await PolicyOrderModel.findOne(request, {
1271 where: {
1272 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
1273 status: { [Op.in]: activeStatusCodes },
1274 },
1275 include: [{ model: Product.raw, as: 'productRelation', required: true }],
1276 order: [['version', 'DESC']],
1277 });
1278
1279 if (!policyOrder) {
1280 throw new StatusError(400, 'No active policy version found');
1281 }
1282
1283 // Gate: check edit ProductSetting
1284 if (!policyOrder.productId) {
1285 throw new StatusError(403, 'Endorsements are not enabled for this product');
1286 }
1287 const editSetting = await ProductSetting.findOne({ organizationId }, {
1288 where: { productId: policyOrder.productId, name: 'edit', active: true },
1289 });
1290 if (!editSetting || editSetting.value !== true) {
1291 throw new StatusError(403, 'Endorsements are not enabled for this product');
1292 }
1293
1294 // Validate the submitted custom endorsement field values against the
1295 // product's active field config before any pricing work — a missing required
1296 // field rejects the submit (400). Persisted on the new version below (#457).
1297 const endorsementFields = await getActiveEndorsementFields(request, policyOrder.productId);
1298 const validatedEndorsementValues = validateAndNormalizeEndorsementFieldValues(
1299 endorsementFields,
1300 request.body.endorsementFieldValues,
1301 );
1302
1303 const { quoteId, effectiveDate } = request.body;
1304
1305 // Load quote and enrich insurance
1306 const quoteSession = await QuoteSession.findOne(request, { where: { quoteId } });
1307 if (!quoteSession) {
1308 throw new StatusError(404, `Quote with ID ${quoteId} not found`);
1309 }{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts"}1 import type { FastifyRequest } from 'fastify';
2 import { StatusError } from '@/error/error.js';
3 import { EndorsementField, _EndorsementField } from '@/models/EndorsementField.js';
4 import { translateTemplateString } from '@/services/templateI18nService.js';
5
6 type TranslationOverrides = Record<string, Record<string, string>> | null | undefined;
7
8 // Active fields for a product, in display order. The endorsement flow renders
9 // these; submit validates against them.
10 export async function getActiveEndorsementFields(
11 request: FastifyRequest,
12 productId: number,
13 ): Promise<_EndorsementField[]> {
14 return EndorsementField.findAll(request, {
15 where: { productId, active: true },
16 order: [['order', 'ASC'], ['createdAt', 'ASC']],
17 });
18 }
19
20 export interface ResolvedEndorsementField {
21 fieldKey: string;
22 label: string;
23 helpText: string | null;
24 type: string;
25 required: boolean;
26 options: { value: string; label: string }[] | null;
27 validationPattern: string | null;
28 source: string;
29 dataModelFieldName: string | null;
30 order: number;
31 }
32
33 // Resolve labels/options/help text for a locale via the product's LMT
34 // translation overrides, mirroring how form-parameter and acceptance labels are
35 // localised. Returns a lean shape the portal + embed render directly.
36 export function resolveEndorsementFieldsForLocale(
37 fields: _EndorsementField[],
38 locale: string | null,
39 overrides: TranslationOverrides,
40 ): ResolvedEndorsementField[] {
41 const loc = locale ?? 'en';
42 const tr = (s: string): string => translateTemplateString(s, loc, overrides);
43 return fields.map((f) => ({
44 fieldKey: f.fieldKey,
45 label: tr(f.label),
46 helpText: f.helpText ? tr(f.helpText) : null,
47 type: f.type,
48 required: f.required,
49 options: f.options ? f.options.map((o) => ({ value: o.value, label: tr(o.label) })) : null,
50 validationPattern: f.validationPattern,
51 source: f.source,
52 dataModelFieldName: f.dataModelFieldName,
53 order: f.order,
54 }));
55 }
56
57 function isEmpty(value: unknown): boolean {
58 return value === undefined || value === null || (typeof value === 'string' && value.trim() === '');
59 }
60
61 function coerceBoolean(value: unknown): boolean | undefined {
62 if (typeof value === 'boolean') return value;
63 if (value === 'true' || value === '1') return true;
64 if (value === 'false' || value === '0') return false;
65 return undefined;
66 }
67
68 // Coerce + validate a single non-boolean value against its field definition.
69 function normalizeScalar(field: _EndorsementField, raw: unknown): unknown {
70 switch (field.type) {
71 case 'number': {
72 const n = typeof raw === 'number' ? raw : Number(raw);
73 if (!Number.isFinite(n)) throw new StatusError(400, `Endorsement field "${field.label}" must be a number`);
74 return n;
75 }
76 case 'date': {
77 const s = String(raw);
78 if (!/^\d{4}-\d{2}-\d{2}$/.test(s) || Number.isNaN(Date.parse(s))) {
79 throw new StatusError(400, `Endorsement field "${field.label}" must be a valid date (YYYY-MM-DD)`);
80 }
81 return s;
82 }
83 case 'select': {
84 const s = String(raw);
85 const allowed = (field.options ?? []).map((o) => o.value);
86 if (!allowed.includes(s)) throw new StatusError(400, `Endorsement field "${field.label}" has an invalid selection`);
87 return s;
88 }
89 default: {
90 // string | textarea
91 const s = String(raw);
92 if (field.validationPattern) {
93 let re: RegExp;
94 try {
95 re = new RegExp(field.validationPattern);
96 } catch {
97 // Invalid stored pattern can't validate the value; rejected at save time.
98 return s;
99 }
100 if (!re.test(s)) throw new StatusError(400, `Endorsement field "${field.label}" has an invalid format`);
101 }
102 return s;
103 }
104 }
105 }
106
107 // Validate submitted values against the product's active field config and
108 // return the normalised map to persist. Throws 400 on a missing required field
109 // or a value that fails its type / pattern / option constraints. Only values
110 // for configured fields are kept — arbitrary extra keys are dropped.
111 export function validateAndNormalizeEndorsementFieldValues(
112 fields: _EndorsementField[],
113 rawValues: Record<string, unknown> | null | undefined,
114 ): Record<string, unknown> {
115 const values = rawValues ?? {};
116 const normalized: Record<string, unknown> = {};
117
118 for (const field of fields) {
119 const raw = values[field.fieldKey];
120
121 if (field.type === 'boolean') {
122 const coerced = coerceBoolean(raw);
123 if (field.required && coerced !== true) {
124 throw new StatusError(400, `Endorsement field "${field.label}" must be accepted`);
125 }
126 if (coerced !== undefined) normalized[field.fieldKey] = coerced;
127 continue;
128 }
129
130 if (isEmpty(raw)) {
131 if (field.required) throw new StatusError(400, `Endorsement field "${field.label}" is required`);
132 continue;
133 }
134
135 normalized[field.fieldKey] = normalizeScalar(field, raw);
136 }
137
138 return normalized;
139 }
140 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/endorsementFieldController.ts","offset":125,"limit":10}125
126 const b = request.body;
127 const label = typeof b.label === 'string' ? b.label.trim() : '';
128 if (!label) throw new StatusError(400, 'label is required');
129 const type = assertType(b.type);
130 const source = b.source === EndorsementFieldSource.DATA_MODEL ? EndorsementFieldSource.DATA_MODEL : EndorsementFieldSource.ADHOC;
131 if (source === EndorsementFieldSource.DATA_MODEL && (!b.dataModelFieldName || !b.dataModelFieldName.trim())) {
132 throw new StatusError(400, 'dataModelFieldName is required when source is "datamodel"');
133 }
134 {"command":"ls -la /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo 2>&1 | head -20"}total 3024 drwxr-xr-x@ 53 bakker staff 1696 May 31 14:51 . drwxr-xr-x 50 bakker staff 1600 May 31 14:20 .. drwxr-xr-x@ 3 bakker staff 96 May 31 14:20 .claude drwxr-xr-x@ 4 bakker staff 128 May 31 14:20 .cursor -rw-r--r--@ 1 bakker staff 82 May 31 14:20 .cursorignore -rw-r--r--@ 1 bakker staff 672 May 31 14:20 .dockerignore -rw-r--r--@ 1 bakker staff 1661 May 31 14:20 .env -rw-r--r--@ 1 bakker staff 119 May 31 14:20 .git drwxr-xr-x@ 5 bakker staff 160 May 31 14:20 .github -rw-r--r--@ 1 bakker staff 664 May 31 14:20 .gitignore drwxr-xr-x@ 3 bakker staff 96 May 31 14:21 .next -rw-r--r--@ 1 bakker staff 73 May 31 14:20 .npmrc -rw-r--r--@ 1 bakker staff 196 May 31 14:20 .prettierrc -rw-r--r--@ 1 bakker staff 96 May 31 14:20 .tailwindignore -rw-r--r--@ 1 bakker staff 77 May 31 14:20 .tsconfig.app.json drwxr-xr-x@ 4 bakker staff 128 May 31 14:20 .vscode -rw-r--r--@ 1 bakker staff 9668 May 31 14:20 AGENTS.md -rw-r--r--@ 1 bakker staff 2378 May 31 14:20 CLAUDE.md -rw-r--r--@ 1 bakker staff 1 May 31 14:20 CUSTOMER_INFORMATION_SOLUTION.md
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/products/endorsement-fields/EndorsementFieldsTab.tsx"}1 "use client";
2
3 import React, { useEffect, useState, useCallback } from "react";
4 import { Plus, Trash2, Pencil, X } from "lucide-react";
5 import { Button } from "@/app/components/ui/button";
6 import { Input } from "@/app/components/ui/input";
7 import { Textarea } from "@/app/components/ui/textarea";
8 import { Label } from "@/app/components/ui/label";
9 import { Switch } from "@/app/components/ui/switch";
10 import {
11 Select,
12 SelectContent,
13 SelectItem,
14 SelectTrigger,
15 SelectValue,
16 } from "@/app/components/ui/select";
17 import {
18 Dialog,
19 DialogContent,
20 DialogFooter,
21 DialogHeader,
22 DialogTitle,
23 } from "@/app/components/ui/dialog";
24 import { showSuccessToast, showErrorToast } from "@/app/components/Toast";
25 import api from "@/app/src/utils/api";
26 import { useLMT } from "@/lib/lmt/config";
27
28 type EndorsementFieldType = "string" | "number" | "date" | "boolean" | "select" | "textarea";
29
30 interface EndorsementFieldOption {
31 value: string;
32 label: string;
33 }
34
35 interface EndorsementField {
36 id: string;
37 fieldKey: string;
38 label: string;
39 helpText: string | null;
40 type: EndorsementFieldType;
41 required: boolean;
42 options: EndorsementFieldOption[] | null;
43 validationPattern: string | null;
44 source: "adhoc" | "datamodel";
45 dataModelFieldName: string | null;
46 order: number;
47 active: boolean;
48 }
49
50 const FIELD_TYPES: { value: EndorsementFieldType; label: string }[] = [
51 { value: "string", label: "Text" },
52 { value: "textarea", label: "Long text" },
53 { value: "number", label: "Number" },
54 { value: "date", label: "Date" },
55 { value: "boolean", label: "Checkbox" },
56 { value: "select", label: "Dropdown" },
57 ];
58
59 interface DraftField {
60 label: string;
61 type: EndorsementFieldType;
62 required: boolean;
63 helpText: string;
64 validationPattern: string;
65 options: EndorsementFieldOption[];
66 }
67
68 function emptyDraft(): DraftField {
69 return { label: "", type: "string", required: false, helpText: "", validationPattern: "", options: [] };
70 }
71
72 export default function EndorsementFieldsTab({ productId }: { productId: string }) {
73 const { t } = useLMT();
74 const [fields, setFields] = useState<EndorsementField[]>([]);
75 const [loading, setLoading] = useState(true);
76 const [dialogOpen, setDialogOpen] = useState(false);
77 const [editing, setEditing] = useState<EndorsementField | null>(null);
78 const [draft, setDraft] = useState<DraftField>(emptyDraft());
79 const [saving, setSaving] = useState(false);
80
81 const load = useCallback(async () => {
82 try {
83 setLoading(true);
84 const res = await api.get<{ data: EndorsementField[] }>(`/products/${productId}/endorsement-fields`);
85 setFields(res.data.data);
86 } catch {
87 showErrorToast(t("Failed to load endorsement fields"));
88 } finally {
89 setLoading(false);
90 }
91 }, [productId, t]);
92
93 useEffect(() => {
94 void load();
95 }, [load]);
96
97 const openCreate = () => {
98 setEditing(null);
99 setDraft(emptyDraft());
100 setDialogOpen(true);
101 };
102
103 const openEdit = (field: EndorsementField) => {
104 setEditing(field);
105 setDraft({
106 label: field.label,
107 type: field.type,
108 required: field.required,
109 helpText: field.helpText ?? "",
110 validationPattern: field.validationPattern ?? "",
111 options: field.options ? field.options.map((o) => ({ ...o })) : [],
112 });
113 setDialogOpen(true);
114 };
115
116 const setOption = (index: number, key: keyof EndorsementFieldOption, value: string) => {
117 setDraft((d) => ({
118 ...d,
119 options: d.options.map((o, i) => (i === index ? { ...o, [key]: value } : o)),
120 }));
121 };
122
123 const buildPayload = () => ({
124 label: draft.label.trim(),
125 type: draft.type,
126 required: draft.required,
127 helpText: draft.helpText.trim() || null,
128 validationPattern:
129 (draft.type === "string" || draft.type === "textarea") && draft.validationPattern.trim()
130 ? draft.validationPattern.trim()
131 : null,
132 options:
133 draft.type === "select"
134 ? draft.options
135 .map((o) => ({ value: o.value.trim(), label: o.label.trim() }))
136 .filter((o) => o.value && o.label)
137 : null,
138 });
139
140 const save = async () => {
141 if (!draft.label.trim()) {
142 showErrorToast(t("Field label is required"));
143 return;
144 }
145 if (draft.type === "select" && buildPayload().options!.length === 0) {
146 showErrorToast(t("Dropdown fields need at least one option"));
147 return;
148 }
149 try {
150 setSaving(true);
151 if (editing) {
152 await api.patch(`/products/${productId}/endorsement-fields/${editing.id}`, buildPayload());
153 showSuccessToast(t("Endorsement field updated"));
154 } else {
155 await api.post(`/products/${productId}/endorsement-fields`, buildPayload());
156 showSuccessToast(t("Endorsement field added"));
157 }
158 setDialogOpen(false);
159 await load();
160 } catch (err) {
161 const message =
162 (err as { response?: { data?: { message?: string } } })?.response?.data?.message ??
163 t("Failed to save endorsement field");
164 showErrorToast(message);
165 } finally {
166 setSaving(false);
167 }
168 };
169
170 const remove = async (field: EndorsementField) => {
171 if (!window.confirm(t("Delete this endorsement field? Already-captured values are kept on existing policies."))) return;
172 try {
173 await api.delete(`/products/${productId}/endorsement-fields/${field.id}`);
174 showSuccessToast(t("Endorsement field deleted"));
175 await load();
176 } catch {
177 showErrorToast(t("Failed to delete endorsement field"));
178 }
179 };
180
181 const toggleActive = async (field: EndorsementField) => {
182 try {
183 await api.patch(`/products/${productId}/endorsement-fields/${field.id}`, { active: !field.active });
184 await load();
185 } catch {
186 showErrorToast(t("Failed to update endorsement field"));
187 }
188 };
189
190 return (
191 <div data-testid="endorsement-fields-tab">
192 <div className="mb-4 flex items-start justify-between gap-4">
193 <div>
194 <h2 className="text-2xl font-bold text-gray-900">{t("Endorsement Fields")}</h2>
195 <p className="mt-1 max-w-2xl text-sm text-gray-500">
196 {t(
197 "Extra fields collected when a customer or operator endorses a policy of this product. Values are stored on the endorsement and visible in policy history.",
198 )}
199 </p>
200 </div>
201 <Button onClick={openCreate} data-testid="add-endorsement-field">
202 <Plus className="mr-2 h-4 w-4" />
203 {t("Add field")}
204 </Button>
205 </div>
206
207 {loading ? (
208 <div className="py-12 text-center text-gray-500">{t("Loading...")}</div>
209 ) : fields.length === 0 ? (
210 <div className="rounded-md border border-dashed border-gray-300 py-12 text-center text-gray-500">
211 {t("No custom endorsement fields yet. Add one to start collecting extra data at endorsement time.")}
212 </div>
213 ) : (
214 <div className="overflow-hidden rounded-md border border-gray-200">
215 <table className="min-w-full divide-y divide-gray-200">
216 <thead className="bg-gray-50">
217 <tr>
218 <th className="px-4 py-2 text-left text-xs font-medium uppercase tracking-wider text-gray-500">{t("Label")}</th>
219 <th {"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx"}1 "use client";
2
3 import React, { useEffect, useState, useCallback } from "react";
4 import { useRouter } from "next/navigation";
5 import { usePortalPrefix } from "@/app/customer-portal/lib/portalLink";
6 import { ArrowLeft, X } from "lucide-react";
7
8 import PortalLayout from "@/app/customer-portal/PortalLayout";
9 import PolicyQuoteForm, { type EndorsementFieldDef } from "@/app/components/policy-management/PolicyQuoteForm";
10 import EndorsementCustomFields from "@/app/components/policy-management/EndorsementCustomFields";
11 import api from "@/app/src/utils/api";
12 import { showSuccessToast, showErrorToast } from "@/app/components/Toast";
13 import { Button } from "@/app/components/ui/button";
14 import { useTranslation } from "@gangkharai/lmt/client";
15 import { useAuth } from "@/app/components/AuthProvider";
16 import useOrganizationStore from "@/app/src/store/organizationStore";
17 import { getBusinessDate, getBrowserTimezone } from "@/app/src/utils/businessDate";
18 import { usePolicyStatuses } from "@/app/src/hooks/usePolicyStatuses";
19
20 interface InsuranceData {
21 [productName: string]: {
22 [planName: string]: {
23 title: string;
24 premiumsByFrequency: Record<
25 string,
26 {
27 basePremium: number;
28 premiumWithoutTax: number | null;
29 premiumWithTax: number | null;
30 salesTax: number | null;
31 }
32 >;
33 currency: string;
34 coverages: Array<{
35 id: number;
36 name: string;
37 title: string;
38 selected?: boolean;
39 selectedOptionId?: number;
40 selectedDeductible?: string;
41 coverageAmount?: string;
42 baseCoverage?: boolean;
43 coverageOptions?: Array<{
44 id: number;
45 name: string;
46 coverageLimit: string;
47 deductibles?: Array<{ value: number; type: "fixed" | "percentage"; label?: string; isDefault?: boolean }> | null;
48 }>;
49 [key: string]: unknown;
50 }>;
51 };
52 };
53 }
54
55 interface PolicyData {
56 id: number;
57 policyId: string;
58 quoteId?: string;
59 policyNumber: string;
60 productName: string;
61 productPlanName: string;
62 inceptionDate: string;
63 expiryDate: string;
64 paymentFrequency?: string;
65 currency?: string;
66 status?: string;
67 insurance?: InsuranceData;
68 product?: {
69 productTitle: string;
70 productPlanTitle: string;
71 };
72 [key: string]: unknown;
73 }
74
75 export default function DefaultPolicyEdit({
76 params,
77 }: {
78 params: { policyId: string } | Promise<{ policyId: string }>;
79 }) {
80 const t = useTranslation();
81 const router = useRouter();
82 const portal = usePortalPrefix();
83 const { user } = useAuth();
84 const organization = useOrganizationStore((s) => s.organization);
85 const orgTimezone = organization?.timezone || getBrowserTimezone();
86 const { isCategory } = usePolicyStatuses();
87 const unwrappedParams = params instanceof Promise ? React.use(params) : params;
88 const policyId = unwrappedParams?.policyId;
89
90 const [policy, setPolicy] = useState<PolicyData | null>(null);
91 const [loading, setLoading] = useState(true);
92 const [saving, setSaving] = useState(false);
93 const [submitError, setSubmitError] = useState<string | null>(null);
94 const [quoteId, setQuoteId] = useState<string>("");
95 const [paymentFrequency, setPaymentFrequency] = useState<string>("month");
96 const [insurance, setInsurance] = useState<InsuranceData>({});
97 const [selectedPlanName, setSelectedPlanName] = useState<string>("");
98 const [endorsementFields, setEndorsementFields] = useState<EndorsementFieldDef[]>([]);
99 const [endorsementValues, setEndorsementValues] = useState<Record<string, unknown>>({});
100 const [endorsementErrors, setEndorsementErrors] = useState<Record<string, string>>({});
101 const effectiveDate = getBusinessDate(orgTimezone);
102
103 const fetchPolicy = useCallback(async () => {
104 if (!policyId || !user?.id) return;
105 try {
106 setLoading(true);
107 const response = await api.get(`/policies/${policyId}`, {
108 sherpaAdmin: false,
109 });
110
111 const data = response.data?.data || response.data;
112 if (data) {
113 setPolicy(data);
114 setPaymentFrequency(data.paymentFrequency || "month");
115 if (data.insurance) {
116 setInsurance(JSON.parse(JSON.stringify(data.insurance)));
117 }
118 if (data.quoteId) {
119 setQuoteId(data.quoteId);
120 }
121 }
122 } catch (error) {
123 console.error("Error fetching policy:", error);
124 showErrorToast(t("Failed to load policy details"));
125 } finally {
126 setLoading(false);
127 }
128 }, [policyId, user?.id, t]);
129
130 useEffect(() => {
131 fetchPolicy();
132 }, [fetchPolicy]);
133
134 const handleInsuranceUpdate = (updatedInsurance: InsuranceData) => {
135 setInsurance(updatedInsurance);
136 };
137
138 const handleQuoteIdUpdate = (newQuoteId: string) => {
139 setQuoteId(newQuoteId);
140 };
141
142 const handleEndorsementFieldsLoaded = useCallback(
143 (fields: EndorsementFieldDef[], values: Record<string, unknown>) => {
144 setEndorsementFields(fields);
145 // Prefill from the values captured on the current version, but never
146 // clobber edits the user has already started typing.
147 setEndorsementValues((prev) => ({ ...values, ...prev }));
148 },
149 [],
150 );
151
152 const handleEndorsementFieldChange = (key: string, value: unknown) => {
153 setEndorsementValues((prev) => ({ ...prev, [key]: value }));
154 setEndorsementErrors((prev) => {
155 if (!prev[key]) return prev;
156 const next = { ...prev };
157 delete next[key];
158 return next;
159 });
160 };
161
162 const validateEndorsementFields = (): boolean => {
163 const errors: Record<string, string> = {};
164 for (const field of endorsementFields) {
165 const value = endorsementValues[field.fieldKey];
166 if (field.type === "boolean") {
167 if (field.required && value !== true) errors[field.fieldKey] = t("This field is required");
168 continue;
169 }
170 const empty = value === undefined || value === null || (typeof value === "string" && value.trim() === "");
171 if (field.required && empty) errors[field.fieldKey] = t("This field is required");
172 }
173 setEndorsementErrors(errors);
174 return Object.keys(errors).length === 0;
175 };
176
177 const handleSubmit = async (e: React.FormEvent) => {
178 e.preventDefault();
179 if (!policy) return;
180
181 if (!validateEndorsementFields()) {
182 setSubmitError(t("Please complete the required fields below."));
183 return;
184 }
185
186 try {
187 setSaving(true);
188 setSubmitError(null);
189
190 const payload = {
191 quoteId,
192 effectiveDate,
193 productPlanName: selectedPlanName || policy.productPlanName,
194 ...(endorsementFields.length > 0 ? { endorsementFieldValues: endorsementValues } : {}),
195 };
196
197 const response = await api.patch(`/policies/${policy.policyId}`, payload, {
198 sherpaAdmin: false,
199 });
200
201 if (response.data.status === "success") {
202 showSuccessToast(t("Policy updated successfully"));
203 sessionStorage.removeItem(`policy_${policyId}`);
204 const newVersion = response.data.data?.version;
205 const versionParam = newVersion ? `?version=${newVersion}` : "";
206 router.push(`${portal}/policies/${policyId}${versionParam}`);
207 }
208 } catch (error: unknown) {
209 const msg = (error as { response?: { data?: { error?: { message?: string } } }{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/EndorsementCustomFields.tsx"}1 "use client";
2
3 import React from "react";
4 import { Input } from "@/app/components/ui/input";
5 import { Textarea } from "@/app/components/ui/textarea";
6 import { Label } from "@/app/components/ui/label";
7 import { Switch } from "@/app/components/ui/switch";
8 import {
9 Select,
10 SelectContent,
11 SelectItem,
12 SelectTrigger,
13 SelectValue,
14 } from "@/app/components/ui/select";
15 import { useTranslation } from "@gangkharai/lmt/client";
16 import type { EndorsementFieldDef } from "./PolicyQuoteForm";
17
18 interface EndorsementCustomFieldsProps {
19 fields: EndorsementFieldDef[];
20 values: Record<string, unknown>;
21 errors: Record<string, string>;
22 onChange: (key: string, value: unknown) => void;
23 }
24
25 // Renders the product's configured custom endorsement fields in the
26 // customer/operator endorsement flow. Labels arrive already localised from the
27 // API (LMT). Values + validation errors are owned by the parent form (#457).
28 export default function EndorsementCustomFields({
29 fields,
30 values,
31 errors,
32 onChange,
33 }: EndorsementCustomFieldsProps) {
34 const t = useTranslation();
35 if (!fields || fields.length === 0) return null;
36
37 return (
38 <div className="rounded-lg border border-gray-200 bg-white p-6" data-testid="endorsement-custom-fields">
39 <h3 className="mb-1 text-lg font-semibold text-gray-900">{t("Additional information")}</h3>
40 <p className="mb-4 text-sm text-gray-500">{t("Please complete the fields below to apply your change.")}</p>
41 <div className="space-y-4">
42 {fields.map((field) => {
43 const value = values[field.fieldKey];
44 const error = errors[field.fieldKey];
45 const inputId = `ef-input-${field.fieldKey}`;
46 return (
47 <div key={field.fieldKey}>
48 {field.type !== "boolean" && (
49 <Label htmlFor={inputId} className="mb-1 block">
50 {field.label}
51 {field.required && <span className="text-red-500"> *</span>}
52 </Label>
53 )}
54
55 {field.type === "textarea" && (
56 <Textarea
57 id={inputId}
58 data-testid={inputId}
59 value={typeof value === "string" ? value : ""}
60 onChange={(e) => onChange(field.fieldKey, e.target.value)}
61 />
62 )}
63
64 {(field.type === "string" || field.type === "number" || field.type === "date") && (
65 <Input
66 id={inputId}
67 data-testid={inputId}
68 type={field.type === "number" ? "number" : field.type === "date" ? "date" : "text"}
69 value={value === undefined || value === null ? "" : String(value)}
70 onChange={(e) => onChange(field.fieldKey, e.target.value)}
71 />
72 )}
73
74 {field.type === "boolean" && (
75 <div className="flex items-center gap-3">
76 <Switch
77 id={inputId}
78 data-testid={inputId}
79 checked={value === true}
80 onCheckedChange={(checked) => onChange(field.fieldKey, checked)}
81 />
82 <Label htmlFor={inputId} className="cursor-pointer">
83 {field.label}
84 {field.required && <span className="text-red-500"> *</span>}
85 </Label>
86 </div>
87 )}
88
89 {field.type === "select" && (
90 <Select
91 value={typeof value === "string" ? value : ""}
92 onValueChange={(v) => onChange(field.fieldKey, v)}
93 >
94 <SelectTrigger id={inputId} data-testid={inputId}>
95 <SelectValue placeholder={t("Select...")} />
96 </SelectTrigger>
97 <SelectContent>
98 {(field.options ?? []).map((opt) => (
99 <SelectItem key={opt.value} value={opt.value}>
100 {opt.label}
101 </SelectItem>
102 ))}
103 </SelectContent>
104 </Select>
105 )}
106
107 {field.helpText && <p className="mt-1 text-xs text-gray-500">{field.helpText}</p>}
108 {error && (
109 <p className="mt-1 text-xs text-red-600" data-testid={`ef-error-${field.fieldKey}`}>
110 {error}
111 </p>
112 )}
113 </div>
114 );
115 })}
116 </div>
117 </div>
118 );
119 }
120 {}<tool_use_error>InputValidationError: Read failed due to the following issue: The required parameter `file_path` is missing</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/endorsementFieldController.ts","offset":160,"limit":20}160 request: FastifyRequest<{ Params: { productId: string; id: string }; Body: FieldBody }>,
161 reply: FastifyReply,
162 ) {
163 orgId(request);
164 const productId = toProductId(request.params.productId);
165 await assertProduct(request, productId);
166
167 const field = await EndorsementField.findByPk(request, request.params.id);
168 if (!field || field.productId !== productId) throw new StatusError(404, 'Endorsement field not found');
169
170 const b = request.body;
171 const type = b.type !== undefined ? assertType(b.type) : field.type;
172 const source = b.source !== undefined
173 ? (b.source === EndorsementFieldSource.DATA_MODEL ? EndorsementFieldSource.DATA_MODEL : EndorsementFieldSource.ADHOC)
174 : field.source;
175 const dataModelFieldName = source === EndorsementFieldSource.DATA_MODEL
176 ? ((b.dataModelFieldName ?? field.dataModelFieldName)?.trim() || null)
177 : null;
178 if (source === EndorsementFieldSource.DATA_MODEL && !dataModelFieldName) {
179 throw new StatusError(400, 'dataModelFieldName is required when source is "datamodel"');{"command":"grep -n \"EndorsementFieldDef\\|onEndorsementFieldsLoaded\\|endorsementFields\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/PolicyQuoteForm.tsx | head -30"}146:export interface EndorsementFieldDef {
163: endorsementFields?: EndorsementFieldDef[];
178: onEndorsementFieldsLoaded?: (fields: EndorsementFieldDef[], values: Record<string, unknown>) => void;
300: onEndorsementFieldsLoaded,
416: if (onEndorsementFieldsLoaded && quoteResponse.endorsementFields) {
417: onEndorsementFieldsLoaded(quoteResponse.endorsementFields, quoteResponse.endorsementFieldValues ?? {});
571: if (onEndorsementFieldsLoaded && quoteResponse.endorsementFields) {
572: onEndorsementFieldsLoaded(quoteResponse.endorsementFields, quoteResponse.endorsementFieldValues ?? {});
624: onEndorsementFieldsLoaded,{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/models/internal/_EndorsementField.ts","offset":130,"limit":28}130 type: DataType.ENUM('adhoc', 'datamodel'),
131 allowNull: false,
132 defaultValue: 'adhoc',
133 })
134 declare source: EndorsementFieldSource;
135
136 // Set only when source === 'datamodel': the referenced product data-model
137 // field name whose value this endorsement field collects.
138 @Column({
139 type: DataType.STRING(128),
140 allowNull: true,
141 })
142 declare dataModelFieldName: string | null;
143
144 @Column({
145 type: DataType.INTEGER,
146 allowNull: false,
147 defaultValue: 0,
148 })
149 declare order: number;
150
151 @Column({
152 type: DataType.BOOLEAN,
153 allowNull: false,
154 defaultValue: true,
155 })
156 declare active: boolean;
157 }{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/PolicyQuoteForm.tsx","offset":146,"limit":60}146 export interface EndorsementFieldDef {
147 fieldKey: string;
148 label: string;
149 helpText: string | null;
150 type: string;
151 required: boolean;
152 options: { value: string; label: string }[] | null;
153 validationPattern: string | null;
154 }
155
156 interface QuoteResponse {
157 quoteId: string;
158 insurance: InsuranceData;
159 parameters?: Record<string, unknown>;
160 bundleDiscount?: BundleDiscount | null;
161 endorsementAdjustments?: EndorsementAdjustments;
162 currentPolicy?: CurrentPolicy;
163 endorsementFields?: EndorsementFieldDef[];
164 endorsementFieldValues?: Record<string, unknown>;
165 }
166
167 interface PolicyQuoteFormProps {
168 policyOrderId: string;
169 productName: string;
170 activePlanName: string;
171 quoteId: string;
172 effectiveDate: string;
173 paymentFrequency: string;
174 insurance: InsuranceData;
175 onInsuranceUpdate: (insurance: InsuranceData) => void;
176 onQuoteIdUpdate: (quoteId: string) => void;
177 onPlanChange?: (planName: string) => void;
178 onEndorsementFieldsLoaded?: (fields: EndorsementFieldDef[], values: Record<string, unknown>) => void;
179 saving?: boolean;
180 submitError?: string | null;
181 isCustomerPortal?: boolean;
182 }
183
184 const setValueAtPath = (
185 obj: Record<string, unknown>,
186 path: string,
187 value: unknown
188 ): Record<string, unknown> => {
189 const keys = path.split(".");
190 const result = JSON.parse(JSON.stringify(obj));
191 let current: Record<string, unknown> = result;
192
193 for (let i = 0; i < keys.length - 1; i++) {
194 const key = keys[i];
195 if (!(key in current) || typeof current[key] !== "object" || current[key] === null) {
196 current[key] = {};
197 }
198 current = current[key] as Record<string, unknown>;
199 }
200
201 current[keys[keys.length - 1]] = value;
202 return result;
203 };
204
205 const getValueFromPath = (obj: Record<string, unknown>, path: string): unknown => {{"command":"grep -n \"endorsementFieldValues\\|endorsementFields\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx | head -20"}(eval):1: no matches found: /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx
{"file_path":"/Users/bakker/dev/sangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts","offset":61,"limit":15}File does not exist. Note: your current working directory is /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo.
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts","offset":60,"limit":15}{"command":"find /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo -name \"DefaultPolicyDetails.tsx\" -type f"}60
61 function coerceBoolean(value: unknown): boolean | undefined {
62 if (typeof value === 'boolean') return value;
63 if (value === 'true' || value === '1') return true;
64 if (value === 'false' || value === '0') return false;
65 return undefined;
66 }
67
68 // Coerce + validate a single non-boolean value against its field definition.
69 function normalizeScalar(field: _EndorsementField, raw: unknown): unknown {
70 switch (field.type) {
71 case 'number': {
72 const n = typeof raw === 'number' ? raw : Number(raw);
73 if (!Number.isFinite(n)) throw new StatusError(400, `Endorsement field "${field.label}" must be a number`);
74 return n;/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx
{"command":"rg \"endorsementFieldValues|endorsementFields\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx"}(eval):1: no matches found: /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","limit":100}1 "use client";
2
3 import React, { useEffect, useState, useCallback, useRef } from "react";
4 import { useRouter, useSearchParams } from "next/navigation";
5 import { usePortalPrefix } from "@/app/customer-portal/lib/portalLink";
6
7 import { ArrowLeft, Calendar, Clock, DollarSign, Download, Check, Receipt, Pencil, MessageSquare, Paperclip, Users, FileX, X, Pause, Play } from "lucide-react";
8
9 import { useTranslation } from "@gangkharai/lmt/client";
10 import { useAuth } from "@/app/components/AuthProvider";
11 import PortalLayout from "@/app/customer-portal/PortalLayout";
12 import api from "@/app/src/utils/api";
13 import { usePolicyStatuses } from "@/app/src/hooks/usePolicyStatuses";
14 import { getValidAccessToken } from "@/app/src/utils/api";
15 import { getSherpaApiUrl } from "@/app/src/utils/env";
16 import CoverageDetailsSection from "@/app/components/policies/CoverageDetailsSection";
17 import { useProductTranslate } from "@/app/lib/useProductTranslate";
18 import PolicyVersionSwitcher from "@/app/components/policies/PolicyVersionSwitcher";
19 import { CurrencyDisplay } from "@/app/components/ui/currencyDisplay";
20 import { getDecimalsForCurrency } from "@/app/components/country-picker/currencies";
21 import { formatDateDynamic } from "@/app/utils/dateFormat";
22 import BundleDiscountSection from "@/app/components/policies/BundleDiscountSection";
23 import type { PolicyBundleInfo } from "@/app/types/bundle";
24 import { Tabs, TabsList, TabsTrigger, TabsContent } from "@/app/components/ui/tabs";
25 import PolicyMessageThread from "@/app/components/policies/PolicyMessageThread";
26 import PolicyAttachmentList from "@/app/components/policies/PolicyAttachmentList";
27
28 interface PolicyOrder {
29 id: number;
30 policyId: string;
31 quoteId: string;
32 productName: string;
33 productPlanName: string;
34 status: string;
35 inceptionDate: string;
36 issueDate: string;
37 expiryDate: string;
38 policyNumber: string;
39 insurance: any;
40 version?: number;
41 transactionType?: string;
42 edit?: boolean;
43 endorsementFieldValues?: Record<string, unknown> | null;
44 parameters: {
45 personal: {
46 address: {
47 firstName: string;
48 lastName: string;
49 postalCode: string;
50 streetName: string;
51 city: string;
52 country: string;
53 birthDate: string;
54 };
55 email: string;
56 };
57 };
58 client: {
59 id: number;
60 name: string;
61 };
62 product: {
63 productTitle: string;
64 productDescription: string;
65 productPlanTitle: string;
66 country: string;
67 countryName: string;
68 currency: string;
69 currencyPosition?: "prefix" | "suffix";
70 decimalSeparator?: string;
71 groupSeparator?: string;
72 decimalsAmount?: number;
73 dateFormat?: string;
74 insuranceTypeTitle: string;
75 isEmbedded: boolean;
76 active: boolean;
77 translationOverrides?: Record<string, Record<string, string>> | null;
78 };
79 paymentFrequency?: string;
80 productSettings?: { name: string; value: string; label: string }[];
81 bundleSubscriptionId?: number | null;
82 bundle?: PolicyBundleInfo | null;
83 country?: string;
84 displayCurrency?: string | null;
85 baseCurrency?: string | null;
86 fxRate?: string | number | null;
87 fxRateAt?: string | null;
88 messagesEnabled?: boolean;
89 customerSuspensions?: boolean;
90 hasActiveSuspensionTerms?: boolean;
91 }
92
93 interface Coverage {
94 id: number;
95 code: string;
96 name: string;
97 title: string;
98 description: string;
99 coverageAmount: string;
100 amountType?: string;{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"import.*EndorsementField\\|export.*EndorsementField\" src/models/db.ts"}19:import { _EndorsementField } from './internal/_EndorsementField.js';{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/models/db.ts","limit":150}1 import { Sequelize } from 'sequelize-typescript';
2
3 // Models — raw internal classes for Sequelize registration
4 import { _AuditLog } from './internal/_AuditLog';
5 import { _BundleDiscountTier } from './internal/_BundleDiscountTier';
6 import { _BundleQuoteSession } from './internal/_BundleQuoteSession';
7 import { _BundleSubscription } from './internal/_BundleSubscription';
8 import { _CancellationTerms } from './internal/_CancellationTerms';
9 import { _SuspensionTerms } from './internal/_SuspensionTerms';
10 import { _Claim } from './internal/_Claim';
11 import { _ClaimCoverage } from './internal/_ClaimCoverage';
12 import { _ClaimParameter } from './internal/_ClaimParameter';
13 import { _ClaimParameterCategory } from './internal/_ClaimParameterCategory';
14 import { _ClaimParameterCategoryPage } from './internal/_ClaimParameterCategoryPage';
15 import { _ClaimRecord } from './internal/_ClaimRecord';
16 import { _ClaimRecordError } from './internal/_ClaimRecordError';
17 import { _ClaimRule } from './internal/_ClaimRule.js';
18 import { _ClaimPayout } from './internal/_ClaimPayout.js';
19 import { _EndorsementField } from './internal/_EndorsementField.js';
20 import { _ClaimMessage } from './internal/_ClaimMessage';
21 import { _ClaimAttachment } from './internal/_ClaimAttachment';
22 import { _CustomerNotification } from './internal/_CustomerNotification';
23 import { _PolicyMessage } from './internal/_PolicyMessage';
24 import { _PolicyAttachment } from './internal/_PolicyAttachment';
25 import { _Client } from './internal/_Client';
26 import { _CommissionAllocationRule } from './internal/_CommissionAllocationRule';
27 import { _CommissionParty } from './internal/_CommissionParty';
28 import { _CommissionStructure } from './internal/_CommissionStructure';
29 import { Country } from './Country';
30 import { _Customer } from './internal/_Customer';
31 import { _Coverage } from './internal/_Coverage';
32 import { CurrencyRate } from './CurrencyRate.js';
33 import { _CoveragePricing } from './internal/_CoveragePricing';
34 import { _CoveragePricingOption } from './internal/_CoveragePricingOption';
35 import { _CommissionOptimization } from '@/domains/lens/optimizations/commission/models/internal/_CommissionOptimization.js';
36 import { _CommissionOptimizationModel } from '@/domains/lens/optimizations/commission/models/internal/_CommissionOptimizationModel.js';
37 import { CommissionOptimizationStage } from '@/domains/lens/optimizations/commission/models/CommissionOptimizationStage.js';
38 import { _CommissionOptimizationStageActivation } from '@/domains/lens/optimizations/commission/models/internal/_CommissionOptimizationStageActivation.js';
39 import { _CommissionQuote } from '@/domains/lens/optimizations/commission/models/internal/_CommissionQuote.js';
40 import { _JourneyEvent } from '@/domains/lens/journey/models/internal/_JourneyEvent.js';
41 import { _DataFile } from './internal/_DataFile';
42 import { DataModelCategory } from './DataModelCategory';
43 import { DataModelField } from './DataModelField';
44 import { InsuranceType } from './InsuranceType';
45 import { Insurer } from './Insurer.js';
46 import { InvalidatedToken } from './InvalidatedToken';
47 import { StripeWebhookEvent } from './StripeWebhookEvent.js';
48 import { _Invoice } from './internal/_Invoice';
49 import { _InvoiceLineItem } from './internal/_InvoiceLineItem';
50 import { Module } from './Module';
51 import { ModuleEndpoint } from './ModuleEndpoint';
52 import { Organization } from './Organization';
53 import { _OrganizationModule } from './internal/_OrganizationModule';
54 import { _OrganizationPolicyStatus } from './internal/_OrganizationPolicyStatus';
55 import { Partner } from './Partner';
56 import { PartnerAuthConfig } from './PartnerAuthConfig';
57 import { _ExternalIntegration } from './internal/_ExternalIntegration';
58 import { _ExternalIntegrationEnvironment } from './internal/_ExternalIntegrationEnvironment';
59 import { _ExternalIntegrationAuthConfig } from './internal/_ExternalIntegrationAuthConfig';
60 import { _ExternalIntegrationCallLog } from './internal/_ExternalIntegrationCallLog';
61 import { _ExternalIntegrationRequestTemplate } from './internal/_ExternalIntegrationRequestTemplate';
62 import { _ExternalIntegrationFieldMapping } from './internal/_ExternalIntegrationFieldMapping';
63 import { _ComplianceCheck } from './internal/_ComplianceCheck';
64 import { _PaymentAttempt } from './internal/_PaymentAttempt';
65 import { _PaymentProviderConfig } from './internal/_PaymentProviderConfig';
66 import { PartnerEndpointMapping } from './PartnerEndpointMapping';
67 import { PartnerEnvironment } from './PartnerEnvironment';
68 import { PartnerFieldMapping } from './PartnerFieldMapping';
69 import { _Policy } from './internal/_Policy';
70 import { _PolicyOrder } from './internal/_PolicyOrder';
71 import { _PolicyOrderError } from './internal/_PolicyOrderError';
72 import { _EmbedCheckoutSession } from './internal/_EmbedCheckoutSession.js';
73 import { _PolicyRenewalRun } from './internal/_PolicyRenewalRun';
74 import { _PolicyParameter } from './internal/_PolicyParameter';
75 import { _PolicyParameterCategory } from './internal/_PolicyParameterCategory';
76 import { _PolicyParameterCategoryPage } from './internal/_PolicyParameterCategoryPage';
77 import { _PolicyAcceptanceConfig } from './internal/_PolicyAcceptanceConfig';
78 import { _AcceptancePage } from './internal/_AcceptancePage';
79 import { _AcceptanceCategory } from './internal/_AcceptanceCategory';
80 import { _AcceptanceItem } from './internal/_AcceptanceItem';
81 import { _PolicySetting } from './internal/_PolicySetting';
82 import { PolicySettingField } from './PolicySettingField';
83 import { _Pricing } from './internal/_Pricing';
84 import { _PricingRule } from './internal/_PricingRule';
85 import { _PricingTable } from './internal/_PricingTable';
86 import { _PricingTableRow } from './internal/_PricingTableRow';
87 import { _Product } from './internal/_Product';
88 import { _ProductBundle } from './internal/_ProductBundle';
89 import { _ProductBundleItem } from './internal/_ProductBundleItem';
90 import { ProductLibrary } from './ProductLibrary.js';
91 import { _ProductModulePartner } from './internal/_ProductModulePartner';
92 import { ProductOptimization } from './ProductOptimization.js';
93 import { _ProductPlan } from './internal/_ProductPlan';
94 import { _ProductTemplate } from './internal/_ProductTemplate';
95 import { _Quote } from './internal/_Quote';
96 import { _QuoteParameter } from './internal/_QuoteParameter';
97 import { _QuoteParameterCategory } from './internal/_QuoteParameterCategory';
98 import { _QuoteParameterCategoryPage } from './internal/_QuoteParameterCategoryPage';
99 import { _QuoteSession } from './internal/_QuoteSession';
100 import { _QuoteSessionError } from './internal/_QuoteSessionError';
101 import { _ProductSetting } from './internal/_ProductSetting';
102 import { ProductSettingField } from './ProductSettingField';
103 import { Region } from './Region';
104 import { Scope } from './Scope';
105 import { _Simulation } from './internal/_Simulation';
106 import { _SimulationTask } from './internal/_SimulationTask';
107 import { SocialAuthProvider } from './SocialAuthProvider';
108 import { _SystemSetting } from './internal/_SystemSetting';
109 import { _Tax } from './internal/_Tax';
110 import { _TemplateLibrary } from './internal/_TemplateLibrary';
111 import { DefaultFunnelTemplate } from './DefaultFunnelTemplate';
112 import { _FunnelTemplateSet } from './internal/_FunnelTemplateSet';
113 import { _FunnelTemplatesLibrary } from './internal/_FunnelTemplatesLibrary';
114 import { _Upload } from './internal/_Upload';
115 import { _UploadCredential } from './internal/_UploadCredential';
116 import { User } from './User';
117 import { _UserOrganization } from './internal/_UserOrganization';
118 import { UserSocialAuth } from './UserSocialAuth';
119 import{"command":"wc -l /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx"}Exit code 1 (eval):1: no matches found: /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx
{"command":"ls -la \"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/\""}total 112 drwxr-xr-x@ 10 bakker staff 320 May 31 14:57 . drwxr-xr-x@ 5 bakker staff 160 May 31 14:20 .. -rw-r--r--@ 1 bakker staff 50198 May 31 14:57 DefaultPolicyDetails.tsx drwxr-xr-x@ 4 bakker staff 128 May 31 14:20 cancel drwxr-xr-x@ 6 bakker staff 192 May 31 14:20 claim drwxr-xr-x@ 4 bakker staff 128 May 31 14:50 edit drwxr-xr-x@ 4 bakker staff 128 May 31 14:20 invoices -rw-r--r--@ 1 bakker staff 413 May 31 14:20 page.tsx drwxr-xr-x@ 4 bakker staff 128 May 31 14:20 reinstate drwxr-xr-x@ 4 bakker staff 128 May 31 14:20 suspend
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"defaultValue\" src/db/migrations/2026.05.31T00.00.00.create-endorsement-fields.ts"}14: defaultValue: DataTypes.UUIDV4, 52: defaultValue: false, 65: defaultValue: 'adhoc', 74: defaultValue: 0, 79: defaultValue: true, 84: defaultValue: DataTypes.NOW, 89: defaultValue: DataTypes.NOW,
{"command":"rg \"endorsementFieldValues|endorsementFields\" app/customer-portal/policies/"}app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx: const [endorsementFields, setEndorsementFields] = useState<EndorsementFieldDef[]>([]);
app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx: for (const field of endorsementFields) {
app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx: ...(endorsementFields.length > 0 ? { endorsementFieldValues: endorsementValues } : {}),
app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx: fields={endorsementFields}
app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx: endorsementFieldValues?: Record<string, unknown> | null;
app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx: {policy.endorsementFieldValues &&
app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx: Object.keys(policy.endorsementFieldValues).length > 0 && (
app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx: {Object.entries(policy.endorsementFieldValues).map(([key, value]) => ({"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","offset":1000,"limit":120}1000 return (
1001 <>
1002 {/* Desktop: two-panel layout */}
1003 <div className="hidden lg:flex lg:gap-6 lg:items-start">
1004 <div className="min-w-0 flex-[3]">
1005 {detailsContent}
1006 </div>
1007 <div className="min-w-0 flex-[2] space-y-6">
1008 <div className="flex flex-col rounded-lg border border-gray-200 bg-white shadow-sm" style={{ height: "560px" }}>
1009 <Tabs
1010 value={!messagesEnabled && desktopTab === "messages" ? "files" : desktopTab}
1011 onValueChange={setDesktopTab}
1012 className="flex min-h-0 flex-1 flex-col"
1013 >
1014 <TabsList className="h-auto w-full shrink-0 rounded-none rounded-t-lg border-b border-gray-200 bg-gray-50 p-0">
1015 {messagesEnabled && (
1016 <TabsTrigger
1017 value="messages"
1018 className="flex-1 rounded-none rounded-tl-lg border-b-2 border-transparent py-2.5 text-xs font-semibold uppercase tracking-wide data-[state=active]:border-portal-primary data-[state=active]:bg-white data-[state=active]:text-portal-primary data-[state=active]:shadow-none"
1019 >
1020 <MessageSquare className="mr-1.5 h-3.5 w-3.5" />
1021 {t('Messages')}
1022 </TabsTrigger>
1023 )}
1024 <TabsTrigger
1025 value="files"
1026 className="flex-1 rounded-none rounded-tr-lg border-b-2 border-transparent py-2.5 text-xs font-semibold uppercase tracking-wide data-[state=active]:border-portal-primary data-[state=active]:bg-white data-[state=active]:text-portal-primary data-[state=active]:shadow-none"
1027 >
1028 <Paperclip className="mr-1.5 h-3.5 w-3.5" />
1029 {t('Files')}
1030 </TabsTrigger>
1031 </TabsList>
1032 {messagesEnabled && (
1033 <TabsContent value="messages" className="mt-0 flex min-h-0 flex-1 flex-col p-4">
1034 <PolicyMessageThread
1035 policyId={policy.policyId}
1036 viewerSenderType="customer"
1037 className="min-h-0 flex-1"
1038 threadClassName="min-h-0 flex-1"
1039 />
1040 </TabsContent>
1041 )}
1042 <TabsContent value="files" className="mt-0 flex-1 overflow-y-auto p-4">
1043 <PolicyAttachmentList
1044 policyId={policy.policyId}
1045 viewerSenderType="customer"
1046 />
1047 </TabsContent>
1048 </Tabs>
1049 </div>
1050 {belowContent}
1051 </div>
1052 </div>
1053
1054 {/* Mobile: tabs layout */}
1055 <div className="lg:hidden">
1056 <Tabs
1057 value={!messagesEnabled && mobileTab === "messages" ? "files" : mobileTab}
1058 onValueChange={setMobileTab}
1059 >
1060 <TabsList className="h-auto w-full rounded-none border-b border-gray-200 bg-white p-0">
1061 <TabsTrigger
1062 value="details"
1063 className="flex-1 rounded-none border-b-2 border-transparent py-3 text-sm data-[state=active]:border-portal-primary data-[state=active]:bg-transparent data-[state=active]:text-portal-primary data-[state=active]:shadow-none"
1064 >
1065 {t('Details')}
1066 </TabsTrigger>
1067 {messagesEnabled && (
1068 <TabsTrigger
1069 value="messages"
1070 className="relative flex-1 rounded-none border-b-2 border-transparent py-3 text-sm data-[state=active]:border-portal-primary data-[state=active]:bg-transparent data-[state=active]:text-portal-primary data-[state=active]:shadow-none"
1071 >
1072 {t('Messages')}
1073 </TabsTrigger>
1074 )}
1075 <TabsTrigger
1076 value="files"
1077 className="flex-1 rounded-none border-b-2 border-transparent py-3 text-sm data-[state=active]:border-portal-primary data-[state=active]:bg-transparent data-[state=active]:text-portal-primary data-[state=active]:shadow-none"
1078 >
1079 {t('Files')}
1080 </TabsTrigger>
1081 </TabsList>
1082
1083 <TabsContent value="details" className="mt-0 pt-4">
1084 <div className="space-y-6">
1085 {detailsContent}
1086 {belowContent}
1087 </div>
1088 </TabsContent>
1089
1090 {messagesEnabled && (
1091 <TabsContent value="messages" className="mt-0 pt-4">
1092 <PolicyMessageThread
1093 policyId={policy.policyId}
1094 viewerSenderType="customer"
1095 />
1096 </TabsContent>
1097 )}
1098
1099 <TabsContent value="files" className="mt-0 pt-4">
1100 <PolicyAttachmentList
1101 policyId={policy.policyId}
1102 viewerSenderType="customer"
1103 />
1104 </TabsContent>
1105 </Tabs>
1106 </div>
1107 </>
1108 );
1109 })()}
1110 </div>
1111 </PortalLayout>
1112 );
1113 }
1114 {"command":"grep -n \"endorsementFieldValues\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/\\[policyId\\]/DefaultPolicyDetails.tsx | head -5"}43: endorsementFieldValues?: Record<string, unknown> | null;
937: {policy.endorsementFieldValues &&
938: Object.keys(policy.endorsementFieldValues).length > 0 && (
948: {Object.entries(policy.endorsementFieldValues).map(([key, value]) => ({"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","offset":930,"limit":50}930 );
931 })()}
932 </div>
933 );
934 const belowContent = (
935 <div className="space-y-6">
936 {/* Custom endorsement fields captured on this version (#457) */}
937 {policy.endorsementFieldValues &&
938 Object.keys(policy.endorsementFieldValues).length > 0 && (
939 <div
940 data-testid="endorsement-details-section"
941 className="border-t border-b border-gray-200 bg-white sm:rounded-lg sm:border sm:shadow-sm"
942 >
943 <div className="border-b border-gray-100 bg-gradient-to-r from-gray-50 to-white p-4 sm:rounded-t-lg">
944 <h2 className="text-lg font-medium text-gray-900">{t('Additional Details')}</h2>
945 </div>
946 <div className="p-6">
947 <dl className="space-y-2 text-sm">
948 {Object.entries(policy.endorsementFieldValues).map(([key, value]) => (
949 <div key={key} className="flex justify-between gap-4 border-b border-gray-100 pb-2 last:border-0">
950 <dt className="text-gray-600">
951 {key
952 .replace(/([A-Z])/g, " $1")
953 .replace(/[_-]+/g, " ")
954 .replace(/^./, (c) => c.toUpperCase())
955 .trim()}
956 </dt>
957 <dd className="text-right font-medium text-gray-900" data-testid={`endorsement-detail-${key}`}>
958 {typeof value === "boolean" ? (value ? t('Yes') : t('No')) : String(value)}
959 </dd>
960 </div>
961 ))}
962 </dl>
963 </div>
964 </div>
965 )}
966 {/* Policy Dates */}
967 <div className="border-t border-b border-gray-200 bg-white sm:rounded-lg sm:border sm:shadow-sm">
968 <div className="border-b border-gray-100 bg-gradient-to-r from-gray-50 to-white p-4 sm:rounded-t-lg">
969 <h2 className="text-lg font-medium text-gray-900">{t('Important Dates')}</h2>
970 </div>
971 <div className="p-6">
972 <div className="space-y-3">
973 <div className="flex items-center text-sm">
974 <Calendar className="mr-3 h-4 w-4 text-gray-400" />
975 <div>
976 <p className="font-medium text-gray-900">{t('Issue Date')}</p>
977 <p className="text-gray-600">{formatDate(policy.issueDate)}</p>
978 </div>
979 </div>{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -B5 \"ProductSetting.findOne\" src/controllers/policyOrderController.ts | head -20"} // Gate: check edit ProductSetting
if (!activePolicy.productId) {
throw new StatusError(403, 'Endorsements are not enabled for this product');
}
const editSetting = await ProductSetting.findOne({ organizationId }, {
--
// Gate: check edit ProductSetting
if (!policyOrder.productId) {
throw new StatusError(403, 'Endorsements are not enabled for this product');
}
const editSetting = await ProductSetting.findOne({ organizationId }, {
--
const customer =
existingCustomer || (await createCustomerFromPolicyParameters(policyParams, clientInfo.organizationId, externalClientId));
// Deduplication check
const [deduplicationEnabled, deduplicationFieldsSetting] = await Promise.all([
ProductSetting.findOne({ organizationId: clientInfo.organizationId }, {{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx"}1 import React from 'react';
2 import { apiClient } from '../utils/apiClient';
3 import { useTranslation, useTranslateDynamic } from '../lib/translations';
4 import type { EndorsementFieldDef } from '../types/config';
5
6 interface EndorsementFormProps {
7 policyId: string;
8 effectiveDate: string;
9 onError: (error: string) => void;
10 }
11
12 // Customer-facing endorsement flow (#457). Loads the product's active custom
13 // endorsement fields from the endorsement-quote preview, lets the customer fill
14 // them, and submits the endorsement (PATCH /policies/:id). Field labels are
15 // localised via the same dynamic-translation path the rest of the funnel uses.
16 export default function EndorsementForm({ policyId, effectiveDate, onError }: EndorsementFormProps) {
17 const t = useTranslation();
18 const tDynamic = useTranslateDynamic();
19
20 const [loading, setLoading] = React.useState(true);
21 const [submitting, setSubmitting] = React.useState(false);
22 const [done, setDone] = React.useState(false);
23 const [quoteId, setQuoteId] = React.useState('');
24 const [fields, setFields] = React.useState<EndorsementFieldDef[]>([]);
25 const [values, setValues] = React.useState<Record<string, unknown>>({});
26 const [errors, setErrors] = React.useState<Record<string, string>>({});
27
28 React.useEffect(() => {
29 let cancelled = false;
30 (async () => {
31 try {
32 setLoading(true);
33 const quote = await apiClient.getEndorsementQuote(policyId, { effectiveDate });
34 if (cancelled) return;
35 setQuoteId(quote.quoteId);
36 setFields(quote.endorsementFields ?? []);
37 setValues(quote.endorsementFieldValues ?? {});
38 } catch (err) {
39 onError(err instanceof Error ? err.message : t('Failed to load endorsement'));
40 } finally {
41 if (!cancelled) setLoading(false);
42 }
43 })();
44 return () => {
45 cancelled = true;
46 };
47 }, [policyId, effectiveDate, onError, t]);
48
49 const setValue = (key: string, value: unknown) => {
50 setValues((prev) => ({ ...prev, [key]: value }));
51 setErrors((prev) => {
52 if (!prev[key]) return prev;
53 const next = { ...prev };
54 delete next[key];
55 return next;
56 });
57 };
58
59 const validate = (): boolean => {
60 const next: Record<string, string> = {};
61 for (const field of fields) {
62 const value = values[field.fieldKey];
63 if (field.type === 'boolean') {
64 if (field.required && value !== true) next[field.fieldKey] = t('This field is required');
65 continue;
66 }
67 const empty = value === undefined || value === null || (typeof value === 'string' && value.trim() === '');
68 if (field.required && empty) next[field.fieldKey] = t('This field is required');
69 }
70 setErrors(next);
71 return Object.keys(next).length === 0;
72 };
73
74 const submit = async (e: React.FormEvent) => {
75 e.preventDefault();
76 if (!validate()) return;
77 try {
78 setSubmitting(true);
79 await apiClient.submitEndorsement(policyId, { quoteId, effectiveDate, endorsementFieldValues: values });
80 setDone(true);
81 } catch (err) {
82 onError(err instanceof Error ? err.message : t('Failed to submit endorsement'));
83 } finally {
84 setSubmitting(false);
85 }
86 };
87
88 if (loading) {
89 return <p style={{ color: 'var(--color-text-muted)' }}>{t('Loading...')}</p>;
90 }
91
92 if (done) {
93 return (
94 <article
95 data-testid="endorsement-done"
96 style={{ borderLeft: '4px solid var(--color-primary)', background: '#fff', padding: '1.5rem', borderRadius: '4px' }}
97 >
98 <h3 style={{ margin: 0 }}>{t('Thank You!')}</h3>
99 <p style={{ marginTop: '0.75rem' }}>{t('Your change has been submitted.')}</p>
100 </article>
101 );
102 }
103
104 return (
105 <form onSubmit={submit} data-testid="endorsement-form" style={{ display: 'flex', flexDirection: 'column', gap: '1rem' }}>
106 <h2 style={{ margin: 0 }}>{t('Update your policy')}</h2>
107 <p style={{ marginTop: '-0.5rem', color: 'var(--color-text-muted)', fontSize: '0.875rem' }}>
108 {t('Please complete the fields below to apply your change.')}
109 </p>
110
111 {fields.length === 0 && (
112 <p style={{ color: 'var(--color-text-muted)' }}>{t('No additional information is required.')}</p>
113 )}
114
115 {fields.map((field) => {
116 const value = values[field.fieldKey];
117 const error = errors[field.fieldKey];
118 const inputId = `ef-input-${field.fieldKey}`;
119 const label = tDynamic(field.label);
120 return (
121 <div key={field.fieldKey} style={{ display: 'flex', flexDirection: 'column', gap: '0.25rem' }}>
122 <label htmlFor={inputId} style={{ fontWeight: 600 }}>
123 {label}
124 {field.required && <span style={{ color: 'var(--color-danger)' }}> *</span>}
125 </label>
126
127 {field.type === 'textarea' && (
128 <textarea
129 id={inputId}
130 data-testid={inputId}
131 value={typeof value === 'string' ? value : ''}
132 onInput={(e) => setValue(field.fieldKey, (e.target as HTMLTextAreaElement).value)}
133 rows={3}
134 />
135 )}
136
137 {(field.type === 'string' || field.type === 'number' || field.type === 'date') && (
138 <input
139 id={inputId}
140 data-testid={inputId}
141 type={field.type === 'number' ? 'number' : field.type === 'date' ? 'date' : 'text'}
142 value={value === undefined || value === null ? '' : String(value)}
143 onInput={(e) => setValue(field.fieldKey, (e.target as HTMLInputElement).value)}
144 />
145 )}
146
147 {field.type === 'boolean' && (
148 <label style={{ display: 'flex', alignItems: 'center', gap: '0.5rem', fontWeight: 400 }}>
149 <input
150 id={inputId}
151 data-testid={inputId}
152 type="checkbox"
153 checked={value === true}
154 onChange={(e) => setValue(field.fieldKey, (e.target as HTMLInputElement).checked)}
155 />
156 {label}
157 </label>
158 )}
159
160 {field.type === 'select' && (
161 <select
162 id={inputId}
163 data-testid={inputId}
164 value={typeof value === 'string' ? value : ''}
165 onChange={(e) => setValue(field.fieldKey, (e.target as HTMLSelectElement).value)}
166 >
167 <option value="">{t('Select...')}</option>
168 {(field.options ?? []).map((opt) => (
169 <option key={opt.value} value={opt.value}>
170 {tDynamic(opt.label)}
171 </option>
172 ))}
173 </select>
174 )}
175
176 {field.helpText && (
177 <small style={{ color: 'var(--color-text-muted)' }}>{tDynamic(field.helpText)}</small>
178 )}
179 {error && (
180 <small data-testid={`ef-error-${field.fieldKey}`} style={{ color: 'var(--color-danger)' }}>
181 {error}
182 </small>
183 )}
184 </div>
185 );
186 })}
187
188 <button type="submit" data-testid="endorsement-submit" disabled={submitting}>
189 {submitting ? t('Processing...') : t('Apply change')}
190 </button>
191 </form>
192 );
193 }
194 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/types/config.ts","limit":100}1 import type { DateConstraints } from './dateConstraints';
2
3 // Widget URL Parameter Types
4 export interface WidgetParams {
5 token: string; // Widget token for authentication
6 quoteId?: string; // Quote ID for existing quotes (from URL path)
7 policyId?: string; // Policy ID for existing policies (from URL path)
8 claimId?: string; // Claim ID for existing claims (from URL path)
9 product?: string; // Product name for new quote forms
10 pageType?: 'quote' | 'policy' | 'claim' | 'thank-you' | 'test' | 'accept' | 'endorsement'; // Type of page being accessed
11 from?: string; // Track navigation origin (e.g., 'quote' when coming from quote page)
12 plan?: string; // Selected plan name from pricing page
13 frequency?: string; // Selected payment frequency
14 bundle?: string; // Bundle name for bundle funnels
15 preview?: boolean; // Template designer preview mode
16 activeLocales?: string[]; // Restrict the locale switcher to this subset; defaults to all supported locales when absent
17 showLocaleSwitcher?: boolean; // Show the embed's in-widget locale dropdown. Defaults to TRUE when the embed is loaded standalone (top-level frame — direct browser nav, portal preview, dev QA) and FALSE when iframed (customer host page owns language UX). Customers paste `?showLocaleSwitcher=false` to force hide; portal preview can pass `=true` to force show. See useConfig.ts:resolveShowLocaleSwitcher.
18 displayCurrency?: string; // ISO 4217 currency to display and charge in (must be in product's allowlist)
19 pricingCurrency?: string; // ISO 4217 currency the pricing engine should run in (must be in product.pricingCurrencies)
20 country?: string; // ISO 3166-1 alpha-2 country code for this sale (must be in product.availableCountries)
21 testMode?: boolean; // Marks policy/claim creation as a test record; in production this forces "test" status so the record is hidden from public list/financial endpoints
22 offerMode?: boolean; // Operator "create offer" mode (?mode=offer): the funnel creates an awaiting_acceptance draft (skips payment + terms) instead of buying; the customer is emailed the /accept link
23 }
24
25 // Custom endorsement field definition, resolved + localised by the API and
26 // returned on the endorsement-quote response (#457).
27 export interface EndorsementFieldDef {
28 fieldKey: string;
29 label: string;
30 helpText: string | null;
31 type: 'string' | 'number' | 'date' | 'boolean' | 'select' | 'textarea';
32 required: boolean;
33 options: { value: string; label: string }[] | null;
34 validationPattern: string | null;
35 }
36
37 export interface EndorsementQuoteResponse {
38 quoteId: string;
39 endorsementFields?: EndorsementFieldDef[];
40 endorsementFieldValues?: Record<string, unknown>;
41 currentPolicy?: { policyNumber?: string | null; productName?: string } | null;
42 }
43
44 // Quote/policy acceptance page (GET /v1/policy-acceptance/:policyId).
45 export interface AcceptanceItem {
46 id: number;
47 itemType: 'parameter' | 'price' | 'coverage' | 'terms' | 'plan' | 'static_text';
48 label: string | null;
49 value?: string | null;
50 html?: string | null;
51 required: boolean;
52 displayOptions?: { mask?: 'last4' | 'email' | 'none'; emphasize?: boolean; hideIfEmpty?: boolean } | null;
53 }
54
55 export interface AcceptanceCategory {
56 id: number;
57 label: string | null;
58 description: string | null;
59 items: AcceptanceItem[];
60 }
61
62 export interface AcceptancePage {
63 id: number;
64 label: string | null;
65 description: string | null;
66 categories: AcceptanceCategory[];
67 }
68
69 export interface AcceptanceTerm {
70 itemId: number;
71 label: string | null;
72 templateId: string | null;
73 termsConfig: import('../utils/apiClient').TermsConfig | null;
74 required: boolean;
75 }
76
77 export interface AcceptanceView {
78 policyId: string;
79 status: string;
80 productName: string;
81 productPlanName: string | null;
82 paymentFrequency: string | null;
83 quoteId: string | null;
84 pricingData: import('./pricing').PricingData | null;
85 acceptance: {
86 title: string | null;
87 subtitle: string | null;
88 showEditButton: boolean;
89 acceptanceMode: 'checkbox' | 'button';
90 pages: AcceptancePage[];
91 };
92 payment: { required: boolean; provider: string; paymentUiMode: 'redirect' | 'iframe' };
93 terms: AcceptanceTerm[];
94 translationOverrides?: Record<string, Record<string, string>> | null;
95 activeLocales?: string[] | null;
96 }
97
98 export interface AcceptPolicyResultPayment {
99 url?: string;
100 clientSecret?: string;{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts","limit":150}1 import type {
2 WidgetParams,
3 QuoteApiResponse,
4 FormApiResponse,
5 FormParameter,
6 FormDataType,
7 AcceptanceView,
8 AcceptPolicyResult,
9 EndorsementQuoteResponse,
10 } from '../types/config';
11 import type {
12 ApiRequestOptions,
13 UploadSignFileDescriptor,
14 UploadSignResponse,
15 ClaimMessagePayload,
16 } from '../types/api';
17 import { initStorageNamespace, namespaceKey } from './storageNamespace';
18 import { detectLocale } from '../lib/lmt';
19
20 export interface TermsConfig {
21 displayStyle?: 'inline' | 'links';
22 linkBehavior?: 'popup' | 'new_tab';
23 sourceType?: 'template' | 'file' | 'url';
24 externalUrl?: string;
25 }
26
27 export interface BundleTemplate {
28 id: number;
29 name: string;
30 title: string;
31 templateType: string;
32 content: string;
33 termsConfig?: TermsConfig | null;
34 }
35
36 export interface TemplateWithConfig {
37 content: string;
38 termsConfig: TermsConfig | null;
39 }
40
41 class ApiClient {
42 private baseUrl: string;
43 private widgetToken: string;
44 private parentDomain: string | null;
45 private displayCurrency: string | null;
46 private pricingCurrency: string | null;
47 private country: string | null;
48
49 constructor(baseUrl: string) {
50 this.baseUrl = baseUrl;
51 this.widgetToken = '';
52 this.parentDomain = null;
53 this.displayCurrency = null;
54 this.pricingCurrency = null;
55 this.country = null;
56 }
57
58 initialize(params: WidgetParams, parentDomain: string | null) {
59 this.widgetToken = params.token;
60 this.parentDomain = parentDomain;
61 this.displayCurrency = params.displayCurrency ?? null;
62 this.pricingCurrency = params.pricingCurrency ?? null;
63 this.country = params.country ?? null;
64 initStorageNamespace(params.token);
65 }
66
67 setCountry(country: string | null) {
68 this.country = country;
69 }
70
71 setDisplayCurrency(displayCurrency: string | null) {
72 this.displayCurrency = displayCurrency;
73 }
74
75 setPricingCurrency(pricingCurrency: string | null) {
76 this.pricingCurrency = pricingCurrency;
77 }
78
79 private withDisplayCurrency<T extends Record<string, unknown>>(body: T): T {
80 if (!this.displayCurrency) return body;
81 if (body && typeof body === 'object' && 'displayCurrency' in body) return body;
82 return { ...body, displayCurrency: this.displayCurrency };
83 }
84
85 private withPricingCurrency<T extends Record<string, unknown>>(body: T): T {
86 if (!this.pricingCurrency) return body;
87 if (body && typeof body === 'object' && 'pricingCurrency' in body) return body;
88 return { ...body, pricingCurrency: this.pricingCurrency };
89 }
90
91 private withCountry<T extends Record<string, unknown>>(body: T): T {
92 if (!this.country) return body;
93 if (body && typeof body === 'object' && 'country' in body) return body;
94 return { ...body, country: this.country };
95 }
96
97 private async request(endpoint: string, options: ApiRequestOptions) {
98 const url = `${this.baseUrl}/v1${endpoint}`;
99
100 const headers: Record<string, string> = {
101 'Content-Type': 'application/json',
102 ...options.headers,
103 };
104
105 // Add required authentication headers
106 if (this.widgetToken) {
107 headers['X-Widget-Token'] = this.widgetToken;
108 }
109
110 // Add origin and parent domain headers
111 headers['Origin'] = window.location.origin;
112 if (this.parentDomain && this.parentDomain !== 'unknown') {
113 headers['X-Parent-Domain'] = this.parentDomain;
114 }
115
116 const response = await fetch(url, {
117 method: options.method,
118 headers,
119 body: options.body ? JSON.stringify(options.body) : undefined,
120 signal: options.signal,
121 });
122
123 if (!response.ok) {
124 try {
125 const errorData = await response.json();
126 // Handle the specific API error structure: {"status": "error", "error": {"message": "..."}}
127 if (errorData && errorData.error && errorData.error.message) {
128 throw new Error(errorData.error.message);
129 }
130 // Fallback to other common error formats
131 if (errorData && errorData.message) {
132 throw new Error(errorData.message);
133 }
134 throw new Error(
135 `API request failed: ${response.status} ${response.statusText}`
136 );
137 } catch (parseError) {
138 if (
139 parseError instanceof Error &&
140 parseError.message !==
141 `API request failed: ${response.status} ${response.statusText}`
142 ) {
143 throw parseError; // Re-throw if it's our custom error message
144 }
145 throw new Error(
146 `API request failed: ${response.status} ${response.statusText}`
147 );
148 }
149 }
150 {"command":"grep -n \"getEndorsementQuote\\|submitEndorsement\" /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts"}195: async getEndorsementQuote( 208: async submitEndorsement(
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts","offset":195,"limit":50}195 async getEndorsementQuote(
196 policyId: string,
197 body: { effectiveDate: string }
198 ): Promise<EndorsementQuoteResponse> {
199 const response = await this.request(`/policies/${policyId}/endorsement-quote`, {
200 method: 'POST',
201 body,
202 });
203 return (response?.data ?? response) as EndorsementQuoteResponse;
204 }
205
206 // Apply the endorsement: creates the new policy version with the captured
207 // custom field values. Server re-validates required fields.
208 async submitEndorsement(
209 policyId: string,
210 body: { quoteId: string; effectiveDate: string; endorsementFieldValues?: Record<string, unknown> }
211 ): Promise<{ policyId?: string; version?: number }> {
212 const response = await this.request(`/policies/${policyId}`, {
213 method: 'PATCH',
214 body,
215 });
216 return (response?.data ?? response) as { policyId?: string; version?: number };
217 }
218
219 async resolvePolicyForDate(
220 referencePolicyId: string,
221 productName: string,
222 date: string
223 ): Promise<{
224 policyId: string;
225 policyNumber: string | null;
226 inceptionDate: string;
227 expiryDate: string | null;
228 status: string;
229 }> {
230 const params = new URLSearchParams({
231 referencePolicyId,
232 productName,
233 date,
234 });
235 const response = await this.request(
236 `/claim/resolve-policy?${params.toString()}`,
237 { method: 'GET' }
238 );
239 return response.data;
240 }
241
242 async getClaimForm(
243 productName: string,
244 policyId: string,{"command":"grep -n \"endorsement\\|EndorsementForm\" /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx | head -20"}9:import EndorsementForm from './components/EndorsementForm';
284: if (params.pageType === 'endorsement' && params.policyId) return 'endorsement-form';
424: const loadEndorsementForm = (policyId: string, productName?: string) => {
441: routeType: 'endorsement-form',
668: case 'endorsement-form':
669: loadEndorsementForm(config.params.policyId!, config.params.product);
936: ) : state.routeType === 'endorsement-form' && config.params.policyId ? (
937: <EndorsementForm{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx","offset":936,"limit":20}936 ) : state.routeType === 'endorsement-form' && config.params.policyId ? (
937 <EndorsementForm
938 policyId={config.params.policyId}
939 effectiveDate={new Date().toISOString().slice(0, 10)}
940 onError={handleError}
941 />
942 ) : state.policyData && state.formData ? (
943 <PolicyForm
944 policyData={state.policyData}
945 formData={state.formData}
946 onComplete={handlePolicyComplete}
947 onError={handleError}
948 urlPrefillData={config.urlPrefillData}
949 error={state.error}
950 />
951 ) : state.routeType === 'claim-denied' && state.claimData ? (
952 <article style={{
953 borderLeft: '4px solid var(--color-danger)',
954 background: '#fff',
955 padding: '1.5rem',{"command":"grep -n \"EndorsementField\\|endorsement\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/AppLayout.tsx | head -20"}265: href: `/products/${productId}/endorsement-fields`,
267: key: "endorsement-fields",
346: "endorsement-fields": "configure",{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/AppLayout.tsx","offset":260,"limit":20}260 icon: FileCheck,
261 key: "acceptance",
262 },
263 {
264 name: t('Endorsement Fields'),
265 href: `/products/${productId}/endorsement-fields`,
266 icon: FileText,
267 key: "endorsement-fields",
268 },
269 {
270 name: t('Claims'),
271 href: `/products/${productId}/claims`,
272 icon: AlertCircle,
273 key: "claims",
274 },
275 {
276 name: t('Claim Rules'),
277 href: `/products/${productId}/claim-rules`,
278 icon: Shield,
279 key: "claim-rules",Good, that's using safe-model with `{ organizationId }`. Now I have enough information to write my comprehensive review.
## VERDICT: ISSUES (3 high, 4 medium)
---
### HIGH SEVERITY FINDINGS
**1. RLS Policy does not use canonical `current_organization_in_scope()` function**
- **File:** `src/db/migrations/2026.05.31T00.00.00.create-endorsement-fields.ts`, lines 106-112
- **Problem:** Migration creates RLS policy with custom NULLIF logic instead of the canonical `current_organization_in_scope("organizationId")` function defined in 2026.05.25 and mandated by src/db/AGENTS.md. This breaks the hierarchical scope mode defense-in-depth pattern and violates the migration template documented in AGENTS.md §"RLS Policy Template for New Tenant Tables".
- **Concrete Fix:** Replace the USING clause (lines 109-111) with:
```sql
USING (current_organization_in_scope("organizationId"))
```
**2. Boolean required field validation rejects `false` values**
- **File:** `src/services/endorsementFieldService.ts`, line 123
- **Problem:** The condition `if (field.required && coerced !== true)` rejects a boolean field submission of `false` when the field is marked as required. Required boolean fields should accept both `true` and `false`, but only reject missing values. This breaks the acceptance criterion: "missing required field truly rejects the submit".
- **Concrete Fix:** Change line 123 to:
```typescript
if (field.required && coerced === undefined) {
```
**3. Endorsement field values are silently cleared on empty submit when fields are configured**
- **File:** `src/controllers/policyOrderController.ts`, lines 1429-1431
- **Problem:** If endorsement fields are configured and the endorsement submit omits `endorsementFieldValues` (null/undefined), the logic uses `validatedEndorsementValues` (empty object `{}`) which overwrites previously captured values with an empty set. There is no preservation/carry-forward of old values as stated in the migration comment: "carried forward onto each new endorsement version unless the submit supplies fresh values". This violates data integrity and acceptance criterion: "values persist on the endorsement record".
- **Concrete Fix:** Change the logic to:
```typescript
endorsementFieldValues: endorsementFields.length > 0 && request.body.endorsementFieldValues !== undefined && request.body.endorsementFieldValues !== null
? validatedEndorsementValues
: (oldPolicyData.endorsementFieldValues as Record<string, unknown> | null) ?? null,
```
This preserves old values when the submit does not explicitly provide new ones.
---
### MEDIUM SEVERITY FINDINGS
**4. Model column defaults violate "No Defaults - Fail Fast" rule**
- **File:** `src/models/internal/_EndorsementField.ts`, lines 112, 131-132, 145-149, 153-156
- **Problem:** Model declares `defaultValue` on columns (`required: false → defaultValue: false`, `source: 'adhoc'`, `order: 0`, `active: true`). This violates AGENTS.md §"Critical Rules - No Defaults - Fail Fast": "NEVER inject default values. Explicit everything." Defaults mask missing data at the ORM layer and lead to silent bugs.
- **Concrete Fix:** Remove all `defaultValue` declarations from _EndorsementField. Let the migration define DB defaults only if truly necessary; controllers must explicitly provide all values on create.
**5. Update endpoint allows empty label via fallback instead of rejection**
- **File:** `src/controllers/endorsementFieldController.ts`, line 184
- **Problem:** On update, if a user submits `label: " "` (whitespace only), the code `(b.label.trim() || field.label)` falls back to the existing label instead of rejecting the request. This violates consistency: create rejects empty labels (line 128), but update silently preserves old ones. Inconsistent validation enables data quality issues.
- **Concrete Fix:** Replace line 184:
```typescript
label: b.label !== undefined ? (() => {
const trimmed = b.label.trim();
if (!trimmed) throw new StatusError(400, 'label cannot be empty');
return trimmed;
})() : field.label,
```
**6. Missing validation on update: uniqueFieldKey not re-checked when fieldKey is changed**
- **File:** `src/controllers/endorsementFieldController.ts`, lines 159-196
- **Problem:** The update endpoint does not call `uniqueFieldKey()` to validate that a changed fieldKey remains unique per (organization, product). The create endpoint (line 136) enforces uniqueness. If an update changes fieldKey, it could create a duplicate within the same product, violating the unique index `idx_endorsement_fields_unique_key`. This is a data integrity risk.
- **Concrete Fix:** On update, if `b.fieldKey` is provided and differs from `field.fieldKey`, call:
```typescript
const newFieldKey = await uniqueFieldKey(request, productId, b.fieldKey);
if (newFieldKey !== b.fieldKey) {
throw new StatusError(409, `Field key "${b.fieldKey}" is already in use; consider "${newFieldKey}"`);
}
```
**7. Validation pattern is stored but may cause runtime exceptions if changed to invalid regex after values already validated**
- **File:** `src/services/endorsementFieldService.ts`, lines 92-101
- **Problem:** When validating a submitted value, if the stored `field.validationPattern` is invalid (rejected at save time), the code silently catches the exception and allows the value (line 98). However, a user could have previously submitted values matching an old valid pattern, then an admin changes the pattern to an invalid regex. On next endorsement, validation silently passes (returning the raw string unchanged), but the pattern is corrupt. No alert is given. The drift test and schema validation may not catch this.
- **Concrete Fix:** (Lower priority for now) Log and expose a warning in GET endpoint if a validationPattern fails to compile. For robustness, consider adding a "pattern_compiled" column to track regex health.
---
### SUMMARY
- **Zero violations** of no `any` type, dynamic imports, or raw sequelize.query()
- **Tenant isolation** is correct: safe-model used throughout, productId scoping is enforced on update/delete (line 168)
- **Schema/drift**: `endorsementFieldValues` correctly added to PolicyOrder PublicFields; EndorsementField columns correctly declared as public (no private fields)
- **Validation logic** is sound except for the three issues above (boolean required, empty label fallback, uniqueFieldKey on update)
- **Persistence**: Values correctly written to new policy version, spread logic is safe — except for the carry-forward logic flaw (#3)
- **Controller/route** scoping is correct; all endpoints protected by `fastify.authenticate` hook
**VERDICT: ISSUES (3 high, 4 medium)** — The RLS policy deviation, boolean validation bug, and endorsement value wipeout are critical correctness/security issues requiring fixes before merge.{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/products/[id]/endorsement-fields/page.tsx"}1 "use client";
2
3 import React, { useState, useEffect } from "react";
4
5 import AppLayout from "@/app/components/AppLayout";
6 import EndorsementFieldsTab from "@/app/components/products/endorsement-fields/EndorsementFieldsTab";
7 import { ProtectedRoute } from "@/app/components/ProtectedRoute";
8 import { CRMOnlyRoute } from "@/app/components/UserTypeRoute";
9 import api from "@/app/src/utils/api";
10 import { ProductData } from "@/app/types/product";
11 import { useLMT } from "@/lib/lmt/config";
12
13 export default function ProductEndorsementFieldsPage({ params }: { params: { id: string } }) {
14 const unwrappedParams = params instanceof Promise ? React.use(params) : params;
15 const productId = unwrappedParams?.id || "";
16 const { t } = useLMT();
17
18 const [product, setProduct] = useState<ProductData | null>(null);
19 const [loading, setLoading] = useState(true);
20 const [error, setError] = useState<React.ReactNode | null>(null);
21
22 useEffect(() => {
23 if (!productId) {
24 setError(t("Invalid product ID"));
25 setLoading(false);
26 return;
27 }
28
29 const fetchProduct = async () => {
30 try {
31 setLoading(true);
32 const response = await api.get(`/products/${productId}`);
33 setProduct(response.data.data);
34 setLoading(false);
35 } catch (error) {
36 console.error("Error fetching product:", error);
37 setError(t("Failed to load product details"));
38 setLoading(false);
39 }
40 };
41
42 fetchProduct();
43 }, [productId, t]);
44
45 if (loading) {
46 return (
47 <ProtectedRoute>
48 <CRMOnlyRoute>
49 <AppLayout>
50 <div className="px-4 py-6 sm:px-0">
51 <div className="overflow-hidden rounded-md bg-white shadow-md">
52 <div className="flex h-64 items-center justify-center">
53 <div className="text-center">
54 <div className="mb-4 h-12 w-12 animate-spin rounded-full border-4 border-blue-600 border-t-transparent"></div>
55 <p className="text-gray-600">{t("Loading product...")}</p>
56 </div>
57 </div>
58 </div>
59 </div>
60 </AppLayout>
61 </CRMOnlyRoute>
62 </ProtectedRoute>
63 );
64 }
65
66 if (error || !product) {
67 return (
68 <ProtectedRoute>
69 <CRMOnlyRoute>
70 <AppLayout>
71 <div className="px-4 py-6 sm:px-0">
72 <div className="overflow-hidden rounded-md bg-white shadow-md">
73 <div className="p-6 text-center">
74 <p className="text-red-600">{error || t("Product not found")}</p>
75 </div>
76 </div>
77 </div>
78 </AppLayout>
79 </CRMOnlyRoute>
80 </ProtectedRoute>
81 );
82 }
83
84 return (
85 <ProtectedRoute>
86 <CRMOnlyRoute>
87 <AppLayout>
88 <div className="px-4 py-6 sm:px-0">
89 <div className="overflow-hidden rounded-md bg-white shadow-md">
90 <div className="p-6">
91 <EndorsementFieldsTab productId={productId} />
92 </div>
93 </div>
94 </div>
95 </AppLayout>
96 </CRMOnlyRoute>
97 </ProtectedRoute>
98 );
99 }
100 {"command":"grep -n \"endorsement-fields\\|endorsementFields\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/src/utils/api.ts | head -15"}(Bash completed with no output)
{"command":"ls -la /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/src/utils/"}total 208 drwxr-xr-x@ 15 bakker staff 480 May 31 14:20 . drwxr-xr-x@ 9 bakker staff 288 May 31 14:20 .. -rw-r--r--@ 1 bakker staff 18226 May 31 14:20 api.ts -rw-r--r--@ 1 bakker staff 11912 May 31 14:20 apiAgent.ts -rw-r--r--@ 1 bakker staff 1452 May 31 14:20 businessDate.ts -rw-r--r--@ 1 bakker staff 5255 May 31 14:20 claimParameterUtils.ts -rw-r--r--@ 1 bakker staff 319 May 31 14:20 cn.ts -rw-r--r--@ 1 bakker staff 4637 May 31 14:20 env.ts -rw-r--r--@ 1 bakker staff 4477 May 31 14:20 filterService.ts -rw-r--r--@ 1 bakker staff 5289 May 31 14:20 policyParameterUtils.ts -rw-r--r--@ 1 bakker staff 9701 May 31 14:20 pricingTableRuleUtils.ts -rw-r--r--@ 1 bakker staff 5316 May 31 14:20 quoteParameterUtils.ts -rw-r--r--@ 1 bakker staff 3760 May 31 14:20 session.ts -rw-r--r--@ 1 bakker staff 1700 May 31 14:20 twoFactorUtils.ts -rw-r--r--@ 1 bakker staff 1123 May 31 14:20 validationUtils.ts
{"command":"grep -n \"endorsement-fields\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/src/utils/api.ts"}(Bash completed with no output)
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/src/utils/api.ts","limit":150}1 import axios, { AxiosInstance, InternalAxiosRequestConfig, AxiosRequestConfig } from "axios";
2 import { jwtDecode } from "jwt-decode";
3
4 import { getSherpaApiUrl } from "./env";
5 import { endSession } from "./session";
6 import useAuthStore from "../store/authStore";
7 import useConnectionStore from "../store/connectionStore";
8
9 // Paths that never carry a user's Authorization header. The request
10 // interceptor skips both the attach and the pre-refresh check on these; the
11 // response interceptor skips the refresh-and-retry chain on 401 from these.
12 // A 401 from a credential-less request is not a verdict on the user's session
13 // — see rfc/ideas/organization-resolution-and-auth-policy.md §6.1.
14 //
15 // INVARIANT: every entry MUST start with `/v1/`. The request interceptor
16 // rewrites legacy `/auth/...` and bare paths into `/v1/...` BEFORE this list
17 // is consulted, so any non-`/v1/` entry here is unreachable and indicates a
18 // refactor drift. The module-load assertion below fails fast if violated.
19 const NO_AUTH_PATHS = [
20 "/v1/auth/login",
21 "/v1/auth/customer/login",
22 "/v1/auth/register",
23 "/v1/auth/forgot-password",
24 "/v1/auth/refresh-token",
25 "/v1/auth/customer/refresh-token",
26 "/v1/organization",
27 "/v1/health/self",
28 ];
29
30 // Fail fast on refactor breakage: surfaces a missing rewrite or a stale entry
31 // at startup rather than as a silent auth-attach regression at runtime.
32 for (const path of NO_AUTH_PATHS) {
33 if (!path.startsWith("/v1/")) {
34 throw new Error(
35 `NO_AUTH_PATHS invariant violated: "${path}" must start with "/v1/". ` +
36 `The request interceptor only sees rewritten /v1/* URLs.`,
37 );
38 }
39 }
40
41 function stripQuery(url: string | undefined): string {
42 return (url || "").split("?")[0];
43 }
44
45 function isNoAuthPath(url: string | undefined): boolean {
46 return NO_AUTH_PATHS.includes(stripQuery(url));
47 }
48
49 class ApiService {
50 private static instance: ApiService;
51 private api: AxiosInstance;
52 private isRefreshing: boolean = false;
53
54 private constructor() {
55 this.api = axios.create({
56 baseURL: getSherpaApiUrl(),
57 validateStatus: (status) => (status >= 200 && status < 300) || status === 304,
58 });
59
60 this.setupInterceptors();
61 }
62
63 private failedQueue: Array<{
64 resolve: (value?: unknown) => void;
65 reject: (reason?: unknown) => void;
66 }> = [];
67
68 private processQueue(error: Error | null = null): void {
69 this.failedQueue.forEach((promise) => {
70 if (error) {
71 promise.reject(error);
72 } else {
73 promise.resolve();
74 }
75 });
76 this.failedQueue = [];
77 }
78
79 public static getInstance(): ApiService {
80 if (!ApiService.instance) {
81 ApiService.instance = new ApiService();
82 }
83 return ApiService.instance;
84 }
85
86 public getAxiosInstance(): AxiosInstance {
87 return this.api;
88 }
89
90 public isTokenExpired(token: string): boolean {
91 try {
92 const decoded = jwtDecode(token);
93 const currentTime = Date.now() / 1000;
94 return decoded.exp ? decoded.exp < currentTime : false;
95 } catch {
96 return true;
97 }
98 }
99
100 public isCustomerToken(token: string): boolean {
101 try {
102 const decoded = jwtDecode<{ tokenType?: string }>(token);
103 return decoded.tokenType === "customer";
104 } catch {
105 return false;
106 }
107 }
108
109 public async refreshAuthToken(): Promise<string | null> {
110 try {
111 const refreshToken = useAuthStore.getState().refreshToken;
112 if (!refreshToken) {
113 // No refresh token to use — the session was already over.
114 endSession({ captureIntent: true });
115 return null;
116 }
117
118 const isCustomer = this.isCustomerToken(refreshToken);
119 const refreshUrl = isCustomer
120 ? `${getSherpaApiUrl()}/v1/auth/customer/refresh-token`
121 : `${getSherpaApiUrl()}/v1/auth/refresh-token`;
122
123 const localeValue = this.getLocaleCookie();
124 const response = await axios.post(
125 refreshUrl,
126 { refreshToken },
127 {
128 headers: localeValue
129 ? {
130 "Content-Type": "application/json",
131 "locale": localeValue,
132 }
133 : {
134 "Content-Type": "application/json",
135 },
136 validateStatus: (status) => (status >= 200 && status < 300) || status === 304,
137 }
138 );
139
140 if (response.data.status !== "success") {
141 throw new Error("Refresh token response status is not success");
142 }
143
144 const { accessToken, refreshToken: newRefreshToken } = response.data.data;
145 if (!accessToken || !newRefreshToken) {
146 throw new Error("Missing tokens in refresh response");
147 }
148
149 useAuthStore.getState().setTokens(accessToken, newRefreshToken);
150 return accessToken;{"command":"grep -n \"sherpaAdmin\\|/products/\\|endorsement\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/src/utils/api.ts | head -30"}184: async (config: InternalAxiosRequestConfig & { sherpaAdmin?: boolean }) => {
188: const isAdmin = config.sherpaAdmin !== false;
264: // the user is on a /products/:id page, so useProductReadiness refetches
266: // either the request URL (preferred — works for /products/:id/...
397:export type SherpaRequestConfig<D = unknown> = AxiosRequestConfig<D> & { sherpaAdmin?: boolean };{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/src/utils/api.ts","offset":184,"limit":120}184 async (config: InternalAxiosRequestConfig & { sherpaAdmin?: boolean }) => {
185 const rawUrl = config.url || "/";
186 const ensured = rawUrl.startsWith("/") ? rawUrl : `/${rawUrl}`;
187 if (!ensured.startsWith("/v1/")) {
188 const isAdmin = config.sherpaAdmin !== false;
189 if (ensured.startsWith("/auth")) {
190 config.url = `/v1${ensured}`;
191 } else {
192 config.url = isAdmin ? `/v1/plus${ensured}` : `/v1${ensured}`;
193 }
194 } else {
195 config.url = ensured;
196 }
197 try {
198 void useAuthStore.getState().accessToken;
199 } catch {}
200 const localeValue = this.getLocaleCookie();
201 if (localeValue) {
202 config.headers["locale"] = localeValue;
203 }
204
205 // Credential-less routes: don't attach Authorization and don't trigger
206 // a pre-refresh on expired tokens. A response from these routes is
207 // never a verdict on the user's session.
208 if (isNoAuthPath(config.url)) {
209 return config;
210 }
211
212 let accessToken = useAuthStore.getState().accessToken;
213
214 // If a refresh is already in progress, wait for it to complete
215 if (this.isRefreshing) {
216 return new Promise((resolve, reject) => {
217 this.failedQueue.push({ resolve, reject });
218 }).then(() => {
219 config.headers.Authorization = `Bearer ${useAuthStore.getState().accessToken}`;
220 return config;
221 });
222 }
223
224 // Check if token is expired before making the request
225 if (accessToken && this.isTokenExpired(accessToken)) {
226 const refreshToken = useAuthStore.getState().refreshToken;
227 if (!refreshToken) {
228 endSession({ captureIntent: true });
229 throw new Error("No refresh token available");
230 }
231
232 this.isRefreshing = true;
233 try {
234 accessToken = await this.refreshAuthToken();
235 this.processQueue();
236 this.isRefreshing = false;
237 } catch (error) {
238 this.processQueue(error as Error);
239 this.isRefreshing = false;
240 throw error;
241 }
242 }
243
244 if (accessToken) {
245 config.headers.Authorization = `Bearer ${accessToken}`;
246 }
247
248 // Remove Content-Type header for FormData so axios can set it with boundary
249 if (config.data instanceof FormData) {
250 delete config.headers["Content-Type"];
251 }
252
253 return config;
254 },
255 (error) => Promise.reject(error)
256 );
257
258 this.api.interceptors.response.use(
259 (response) => {
260 if (useConnectionStore.getState().status !== "online") {
261 useConnectionStore.getState().markRecovered();
262 }
263 // Broadcast a product-mutated event for any non-GET call made while
264 // the user is on a /products/:id page, so useProductReadiness refetches
265 // the dots+banner without a page reload. We resolve the productId from
266 // either the request URL (preferred — works for /products/:id/...
267 // endpoints) or the current pathname (covers product-scoped pages that
268 // POST/PATCH/DELETE to non-product-prefixed routes like
269 // /quotes/:id, /policies/:id, /product-plans/:id, /pricing/:id, etc.).
270 try {
271 const method = response.config?.method?.toUpperCase();
272 if (method && method !== "GET" && typeof window !== "undefined") {
273 const url = response.config?.url ?? "";
274 const urlMatch = url.match(/\/products\/(\d+)(?:\/|$)/);
275 const pathMatch = window.location.pathname.match(/^\/products\/(\d+)(?:\/|$)/);
276 const productId = urlMatch
277 ? parseInt(urlMatch[1], 10)
278 : pathMatch
279 ? parseInt(pathMatch[1], 10)
280 : null;
281 if (productId !== null) {
282 window.dispatchEvent(
283 new CustomEvent("sherpa:product-mutated", {
284 detail: { productId },
285 }),
286 );
287 }
288 }
289 } catch {
290 // Never let event-dispatch failures break the API response chain.
291 }
292 return response;
293 },
294 async (error) => {
295 const originalRequest = error.config;
296 // `originalRequest.url` was already rewritten to its `/v1/...` form by
297 // the request interceptor before the request went out, so comparing
298 // against NO_AUTH_PATHS (all `/v1/`-prefixed by the module-load
299 // invariant above) is well-defined here. We evaluate this once, up
300 // front, before any branches mutate `originalRequest`.
301 const reqUrl: string | undefined = originalRequest?.url;
302 const requestHadAuth = !isNoAuthPath(reqUrl);
303 const isCanceled = axios.isCancel(error) || error.code === "ERR_CANCELED";{"command":"rg \"validationPattern|source|dataModelFieldName|order|active\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/PolicyQuoteForm.tsx | head -10"} order: number;
order: number;
order: number;
validationPattern: string | null;
activePlanName: string;
activePlanName,
const planData = productData[activePlanName];
: `/policy-orders/${policyOrderId}/endorsement-quote`;
productPlanName: activePlanName,
activePlanName{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/PolicyQuoteForm.tsx","offset":146,"limit":15}146 export interface EndorsementFieldDef {
147 fieldKey: string;
148 label: string;
149 helpText: string | null;
150 type: string;
151 required: boolean;
152 options: { value: string; label: string }[] | null;
153 validationPattern: string | null;
154 }
155
156 interface QuoteResponse {
157 quoteId: string;
158 insurance: InsuranceData;
159 parameters?: Record<string, unknown>;
160 bundleDiscount?: BundleDiscount | null;{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/EndorsementCustomFields.tsx","offset":35,"limit":30}35 if (!fields || fields.length === 0) return null;
36
37 return (
38 <div className="rounded-lg border border-gray-200 bg-white p-6" data-testid="endorsement-custom-fields">
39 <h3 className="mb-1 text-lg font-semibold text-gray-900">{t("Additional information")}</h3>
40 <p className="mb-4 text-sm text-gray-500">{t("Please complete the fields below to apply your change.")}</p>
41 <div className="space-y-4">
42 {fields.map((field) => {
43 const value = values[field.fieldKey];
44 const error = errors[field.fieldKey];
45 const inputId = `ef-input-${field.fieldKey}`;
46 return (
47 <div key={field.fieldKey}>
48 {field.type !== "boolean" && (
49 <Label htmlFor={inputId} className="mb-1 block">
50 {field.label}
51 {field.required && <span className="text-red-500"> *</span>}
52 </Label>
53 )}
54
55 {field.type === "textarea" && (
56 <Textarea
57 id={inputId}
58 data-testid={inputId}
59 value={typeof value === "string" ? value : ""}
60 onChange={(e) => onChange(field.fieldKey, e.target.value)}
61 />
62 )}
63
64 {(field.type === "string" || field.type === "number" || field.type === "date") && ({"command":"grep -n \"endorsementFields\\|endorsementFieldValues\" /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts | head -15"}1221: resWithFields.endorsementFields = resolvedEndorsementFields;
1222: resWithFields.endorsementFieldValues = activePolicy.endorsementFieldValues ?? {};
1238: endorsementFieldValues?: Record<string, unknown>;
1297: const endorsementFields = await getActiveEndorsementFields(request, policyOrder.productId);
1299: endorsementFields,
1300: request.body.endorsementFieldValues,
1429: endorsementFieldValues: endorsementFields.length > 0
1431: : ((oldPolicyData.endorsementFieldValues as Record<string, unknown> | null) ?? null),{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":1190,"limit":40}1190 stripCommissionFields(res);
1191 if (res.endorsementAdjustments) {
1192 stripCommissionFields(res.endorsementAdjustments);
1193 }
1194 if (res.insurance) {
1195 stripInsuranceCommission(res.insurance);
1196 }
1197
1198 // Strip prices from customer-facing response when hidePrices is enabled
1199 if (activePolicy.productId && await shouldHidePrices(request, activePolicy.productId)) {
1200 const res = result as Record<string, any>;
1201 if (res.insurance) stripInsurancePrices(res.insurance);
1202 if (res.endorsementAdjustments) {
1203 res.endorsementAdjustments.adjustmentPremium = null;
1204 res.endorsementAdjustments.adjustmentTax = null;
1205 res.endorsementAdjustments.adjustmentCommission = null;
1206 res.endorsementAdjustments.adjustmentBreakdown = null;
1207 }
1208 if (res.currentPolicy) {
1209 res.currentPolicy.premiumWithoutTax = null;
1210 res.currentPolicy.premiumWithTax = null;
1211 }
1212 if (res.bundleDiscount) {
1213 res.bundleDiscount = null;
1214 }
1215 }
1216
1217
1218 // Surface the configured fields + the values captured on the current
1219 // version so the endorsement flow can render and prefill them.
1220 const resWithFields = result as Record<string, unknown>;
1221 resWithFields.endorsementFields = resolvedEndorsementFields;
1222 resWithFields.endorsementFieldValues = activePolicy.endorsementFieldValues ?? {};
1223
1224 return result;
1225 } finally {
1226 (request as any).params = origParams;
1227 }
1228 }
1229 {"command":"rg \"endorsementFields\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/\\[policyId\\]/DefaultPolicyDetails.tsx"}(Bash completed with no output)
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","offset":162,"limit":20}162 const validateEndorsementFields = (): boolean => {
163 const errors: Record<string, string> = {};
164 for (const field of endorsementFields) {
165 const value = endorsementValues[field.fieldKey];
166 if (field.type === "boolean") {
167 if (field.required && value !== true) errors[field.fieldKey] = t("This field is required");
168 continue;
169 }
170 const empty = value === undefined || value === null || (typeof value === "string" && value.trim() === "");
171 if (field.required && empty) errors[field.fieldKey] = t("This field is required");
172 }
173 setEndorsementErrors(errors);
174 return Object.keys(errors).length === 0;
175 };
176
177 const handleSubmit = async (e: React.FormEvent) => {
178 e.preventDefault();
179 if (!policy) return;
180
181 if (!validateEndorsementFields()) {{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx","offset":59,"limit":15}59 const validate = (): boolean => {
60 const next: Record<string, string> = {};
61 for (const field of fields) {
62 const value = values[field.fieldKey];
63 if (field.type === 'boolean') {
64 if (field.required && value !== true) next[field.fieldKey] = t('This field is required');
65 continue;
66 }
67 const empty = value === undefined || value === null || (typeof value === 'string' && value.trim() === '');
68 if (field.required && empty) next[field.fieldKey] = t('This field is required');
69 }
70 setErrors(next);
71 return Object.keys(next).length === 0;
72 };
73 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts","offset":[88,105],"limit":25}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts","offset":88,"limit":25}88 }
89 default: {
90 // string | textarea
91 const s = String(raw);
92 if (field.validationPattern) {
93 let re: RegExp;
94 try {
95 re = new RegExp(field.validationPattern);
96 } catch {
97 // Invalid stored pattern can't validate the value; rejected at save time.
98 return s;
99 }
100 if (!re.test(s)) throw new StatusError(400, `Endorsement field "${field.label}" has an invalid format`);
101 }
102 return s;
103 }
104 }
105 }
106
107 // Validate submitted values against the product's active field config and
108 // return the normalised map to persist. Throws 400 on a missing required field
109 // or a value that fails its type / pattern / option constraints. Only values
110 // for configured fields are kept — arbitrary extra keys are dropped.
111 export function validateAndNormalizeEndorsementFieldValues(
112 fields: _EndorsementField[],{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","offset":[142,160],"limit":30}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","offset":142,"limit":30}142 const handleEndorsementFieldsLoaded = useCallback(
143 (fields: EndorsementFieldDef[], values: Record<string, unknown>) => {
144 setEndorsementFields(fields);
145 // Prefill from the values captured on the current version, but never
146 // clobber edits the user has already started typing.
147 setEndorsementValues((prev) => ({ ...values, ...prev }));
148 },
149 [],
150 );
151
152 const handleEndorsementFieldChange = (key: string, value: unknown) => {
153 setEndorsementValues((prev) => ({ ...prev, [key]: value }));
154 setEndorsementErrors((prev) => {
155 if (!prev[key]) return prev;
156 const next = { ...prev };
157 delete next[key];
158 return next;
159 });
160 };
161
162 const validateEndorsementFields = (): boolean => {
163 const errors: Record<string, string> = {};
164 for (const field of endorsementFields) {
165 const value = endorsementValues[field.fieldKey];
166 if (field.type === "boolean") {
167 if (field.required && value !== true) errors[field.fieldKey] = t("This field is required");
168 continue;
169 }
170 const empty = value === undefined || value === null || (typeof value === "string" && value.trim() === "");
171 if (field.required && empty) errors[field.fieldKey] = t("This field is required");{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/endorsementFieldController.ts","offset":[118,157],"limit":50}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/endorsementFieldController.ts","offset":118,"limit":45}118 export async function createEndorsementField(
119 request: FastifyRequest<{ Params: { productId: string }; Body: FieldBody }>,
120 reply: FastifyReply,
121 ) {
122 orgId(request);
123 const productId = toProductId(request.params.productId);
124 await assertProduct(request, productId);
125
126 const b = request.body;
127 const label = typeof b.label === 'string' ? b.label.trim() : '';
128 if (!label) throw new StatusError(400, 'label is required');
129 const type = assertType(b.type);
130 const source = b.source === EndorsementFieldSource.DATA_MODEL ? EndorsementFieldSource.DATA_MODEL : EndorsementFieldSource.ADHOC;
131 if (source === EndorsementFieldSource.DATA_MODEL && (!b.dataModelFieldName || !b.dataModelFieldName.trim())) {
132 throw new StatusError(400, 'dataModelFieldName is required when source is "datamodel"');
133 }
134
135 const baseKey = b.fieldKey && b.fieldKey.trim() ? slugifyKey(b.fieldKey) : slugifyKey(label);
136 const fieldKey = await uniqueFieldKey(request, productId, baseKey);
137
138 const existing = await EndorsementField.findAll(request, { where: { productId }, attributes: ['id'] });
139
140 const field = await EndorsementField.create(request, {
141 organizationId: orgId(request),
142 productId,
143 fieldKey,
144 label,
145 helpText: b.helpText?.trim() || null,
146 type,
147 required: b.required === true,
148 options: validateOptions(type, b.options),
149 validationPattern: validatePattern(b.validationPattern),
150 source,
151 dataModelFieldName: source === EndorsementFieldSource.DATA_MODEL ? b.dataModelFieldName!.trim() : null,
152 order: typeof b.order === 'number' ? b.order : existing.length,
153 active: b.active === false ? false : true,
154 });
155
156 return reply.code(201).send({ status: 'success', data: field });
157 }
158
159 export async function updateEndorsementField(
160 request: FastifyRequest<{ Params: { productId: string; id: string }; Body: FieldBody }>,
161 reply: FastifyReply,
162 ) {{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","offset":948,"limit":15}948 {Object.entries(policy.endorsementFieldValues).map(([key, value]) => (
949 <div key={key} className="flex justify-between gap-4 border-b border-gray-100 pb-2 last:border-0">
950 <dt className="text-gray-600">
951 {key
952 .replace(/([A-Z])/g, " $1")
953 .replace(/[_-]+/g, " ")
954 .replace(/^./, (c) => c.toUpperCase())
955 .trim()}
956 </dt>
957 <dd className="text-right font-medium text-gray-900" data-testid={`endorsement-detail-${key}`}>
958 {typeof value === "boolean" ? (value ? t('Yes') : t('No')) : String(value)}
959 </dd>
960 </div>
961 ))}
962 </dl>{"command":"grep -B 30 \"resWithFields.endorsementFields = resolvedEndorsementFields\" /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts | grep \"^export async function\""}(Bash completed with no output)
{"command":"grep -B 50 \"resWithFields.endorsementFields = resolvedEndorsementFields\" /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts | grep \"^export async function\" | tail -1"}(Bash completed with no output)
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":1130,"limit":100}1130 }
1131
1132 const activeStatusCodes = await getCodesForCategory(organizationId, PolicyStatusLifecycleCategory.ACTIVE);
1133
1134 // Resolve the active policy version (customer may pass any policyId in the chain)
1135 const requestedPolicy = await PolicyOrderModel.findOne(request, {
1136 where: { policyId },
1137 include: [{ model: Product.raw, as: 'productRelation', required: true }],
1138 });
1139
1140 if (!requestedPolicy) {
1141 throw new StatusError(404, 'Policy not found');
1142 }
1143
1144 const rootPolicyId = requestedPolicy.rootPolicyId || requestedPolicy.policyId;
1145 const activePolicy = await PolicyOrderModel.findOne(request, {
1146 where: {
1147 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
1148 status: { [Op.in]: activeStatusCodes },
1149 },
1150 include: [{ model: Product.raw, as: 'productRelation', required: true }],
1151 order: [['version', 'DESC']],
1152 });
1153
1154 if (!activePolicy) {
1155 throw new StatusError(400, 'No active policy version found');
1156 }
1157
1158 // Gate: check edit ProductSetting
1159 if (!activePolicy.productId) {
1160 throw new StatusError(403, 'Endorsements are not enabled for this product');
1161 }
1162 const editSetting = await ProductSetting.findOne({ organizationId }, {
1163 where: { productId: activePolicy.productId, name: 'edit', active: true },
1164 });
1165 if (!editSetting || editSetting.value !== true) {
1166 throw new StatusError(403, 'Endorsements are not enabled for this product');
1167 }
1168
1169 // Active custom endorsement fields, localised for the caller, so the portal
1170 // and embed flows render + prefill them from this single preview call (#457).
1171 const endorsementFieldDefs = await getActiveEndorsementFields(request, activePolicy.productId);
1172 const endorsementFieldLocale = getLocaleFromHeader(request);
1173 const endorsementFieldOverrides =
1174 (activePolicy.productRelation?.translationOverrides as Record<string, Record<string, string>> | null | undefined) ?? null;
1175 const resolvedEndorsementFields = resolveEndorsementFieldsForLocale(
1176 endorsementFieldDefs,
1177 endorsementFieldLocale,
1178 endorsementFieldOverrides,
1179 );
1180
1181 // Delegate to the shared endorsementQuote with the active policy's policyId
1182 const { endorsementQuote } = await import('@/services/policyOrderService.js');
1183 const origParams = request.params;
1184 (request.params as Record<string, string>).policyOrderId = activePolicy.policyId;
1185 try {
1186 const result = await endorsementQuote(request as any, reply);
1187 // Commission data must never reach customers. customerEndorsementQuote
1188 // is only invoked by customer-facing routes, so always strip.
1189 const res = result as Record<string, any>;
1190 stripCommissionFields(res);
1191 if (res.endorsementAdjustments) {
1192 stripCommissionFields(res.endorsementAdjustments);
1193 }
1194 if (res.insurance) {
1195 stripInsuranceCommission(res.insurance);
1196 }
1197
1198 // Strip prices from customer-facing response when hidePrices is enabled
1199 if (activePolicy.productId && await shouldHidePrices(request, activePolicy.productId)) {
1200 const res = result as Record<string, any>;
1201 if (res.insurance) stripInsurancePrices(res.insurance);
1202 if (res.endorsementAdjustments) {
1203 res.endorsementAdjustments.adjustmentPremium = null;
1204 res.endorsementAdjustments.adjustmentTax = null;
1205 res.endorsementAdjustments.adjustmentCommission = null;
1206 res.endorsementAdjustments.adjustmentBreakdown = null;
1207 }
1208 if (res.currentPolicy) {
1209 res.currentPolicy.premiumWithoutTax = null;
1210 res.currentPolicy.premiumWithTax = null;
1211 }
1212 if (res.bundleDiscount) {
1213 res.bundleDiscount = null;
1214 }
1215 }
1216
1217
1218 // Surface the configured fields + the values captured on the current
1219 // version so the endorsement flow can render and prefill them.
1220 const resWithFields = result as Record<string, unknown>;
1221 resWithFields.endorsementFields = resolvedEndorsementFields;
1222 resWithFields.endorsementFieldValues = activePolicy.endorsementFieldValues ?? {};
1223
1224 return result;
1225 } finally {
1226 (request as any).params = origParams;
1227 }
1228 }
1229 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":1100,"limit":35}1100 delete policyData.requestHeaders;
1101 delete policyData.requestBody;
1102 delete policyData.network;
1103 // Commission tax is internal financial data — not exposed on customer-facing endpoints
1104 delete policyData.commissionTax;
1105 delete policyData.adjustmentCommissionTax;
1106
1107 return { status: 'success', data: { ...policyData, totalCommission: totalCommission.toFixed(2) } };
1108 }
1109
1110 export async function customerEndorsementQuote(
1111 request: FastifyRequest<{
1112 Params: { policyId: string };
1113 Body: {
1114 parameters?: Record<string, unknown>;
1115 selectedCoverages?: Array<{ coverageId: number; optionId: number | null; parameters?: Record<string, unknown> }>;
1116 effectiveDate: string;
1117 paymentFrequency?: string;
1118 productPlanName?: string;
1119 showCoverages?: boolean;
1120 showBreakdown?: boolean;
1121 };
1122 }>,
1123 reply: FastifyReply
1124 ) {
1125 const { policyId } = request.params;
1126 const organizationId = request.ident?.org?.id;
1127
1128 if (!organizationId) {
1129 throw new StatusError(400, 'Organization context required');
1130 }
1131
1132 const activeStatusCodes = await getCodesForCategory(organizationId, PolicyStatusLifecycleCategory.ACTIVE);
1133
1134 // Resolve the active policy version (customer may pass any policyId in the chain){"command":"grep -A 5 \"fetchPolicy\\|api.get\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx | grep \"api.get\" | head -3"}(eval):1: no matches found: /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","offset":[200,280],"limit":100}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"command":"rg \"api\\.get|fetchPolicy\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/\\[policyId\\]/DefaultPolicyDetails.tsx | head -10"} // Read the latest `policy` from a ref inside fetchPolicyFromAPI without
const fetchPolicyFromAPI = useCallback(async () => {
const response = await api.get(`/policies/${policyId}${versionParam}`, {
fetchPolicyFromAPI();
fetchPolicyFromAPI();
fetchPolicyFromAPI();
fetchPolicyFromAPI();
}, [policyId, user, urlVersion, fetchPolicyFromAPI]);{"command":"grep -n \"get.*policies.*policyId\\|GET.*policies/:policyId\" /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/routes/policyRoutes.ts | head -10"}161: fastify.get<{ Params: { policyId: string }; Querystring: { version?: number } }>('/policies/:policyId', {
183: fastify.get<{ Params: { policyId: string } }>('/policies/:policyId/versions', {{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/routes/policyRoutes.ts","offset":161,"limit":25}161 fastify.get<{ Params: { policyId: string }; Querystring: { version?: number } }>('/policies/:policyId', {
162 preHandler: [fastify.authenticateScope(['policies:read'])],
163 schema: {
164 description: 'Fetch a single policy by ID. Returns the version effective today by default (effectiveDate <= today AND status != superseded). Pass ?version=N to retrieve a specific historical version. Use GET /v1/policies/{policyId}/versions to list all versions in the chain.',
165 tags: ['Policies'],
166 security: [{ clientCredentials: [] }],
167 params: policyParamsSchema,
168 querystring: getPolicyByIdQuerystringSchema,
169 response: {
170 200: {
171 type: 'object',
172 properties: {
173 status: { type: 'string', example: 'success' },
174 data: policyOrderObjectSchema,
175 },
176 },
177 },
178 },
179 }, async (request, reply) => {
180 return await getPolicyById(request, reply);
181 });
182
183 fastify.get<{ Params: { policyId: string } }>('/policies/:policyId/versions', {
184 preHandler: [fastify.authenticateScope(['policies:read'])],
185 schema: {{"command":"grep -n \"async function getPolicyById\\|export.*getPolicyById\" /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts"}2005:export async function getPolicyById(
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":2005,"limit":120}2005 export async function getPolicyById(
2006 request: FastifyRequest<{ Params: { policyId: string }; Querystring: { version?: number } }>,
2007 _reply: FastifyReply
2008 ): Promise<Record<string, unknown>> {
2009 void _reply;
2010 const { policyId } = request.params;
2011 const { version } = request.query;
2012 const organizationId = request.ident?.org?.id;
2013
2014 if (!organizationId) {
2015 throw new StatusError(400, 'Organization context required');
2016 }
2017
2018 const currentUser = request.ident?.user;
2019 const isCustomer = currentUser?.userType === 'customer';
2020
2021 const requestedPolicy = await PolicyOrderModel.findOne(request, {
2022 where: { policyId },
2023 include: [{ model: Product.raw, as: 'productRelation', required: true }],
2024 });
2025
2026 if (!requestedPolicy) {
2027 throw new StatusError(404, 'Policy order not found');
2028 }
2029
2030 const rootPolicyId = requestedPolicy.rootPolicyId || requestedPolicy.policyId;
2031
2032 let policyOrder: PolicyOrderModel | null;
2033
2034 if (version !== undefined) {
2035 policyOrder = await PolicyOrderModel.findOne(request, {
2036 where: {
2037 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
2038 version,
2039 },
2040 include: [
2041 { model: Product.raw, as: 'productRelation', required: true },
2042 { model: Client.raw, as: 'client', required: false },
2043 { model: Customer.raw, as: 'customer', required: false },
2044 ],
2045 });
2046 if (!policyOrder) {
2047 throw new StatusError(404, `Version ${version} not found for this policy`);
2048 }
2049 } else {
2050 const today = getBusinessDate(request.ident!.org.timezone);
2051 policyOrder = await PolicyOrderModel.findOne(request, {
2052 where: {
2053 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
2054 effectiveDate: { [Op.lte]: today },
2055 },
2056 include: [
2057 { model: Product.raw, as: 'productRelation', required: true },
2058 { model: Client.raw, as: 'client', required: false },
2059 { model: Customer.raw, as: 'customer', required: false },
2060 ],
2061 order: [['effectiveDate', 'DESC'], ['version', 'DESC']],
2062 });
2063
2064 if (!policyOrder) {
2065 const fallbackActiveCodes = await getCodesForCategory(organizationId, PolicyStatusLifecycleCategory.ACTIVE);
2066 policyOrder = await PolicyOrderModel.findOne(request, {
2067 where: {
2068 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
2069 status: { [Op.in]: fallbackActiveCodes },
2070 },
2071 include: [
2072 { model: Product.raw, as: 'productRelation', required: true },
2073 { model: Client.raw, as: 'client', required: false },
2074 { model: Customer.raw, as: 'customer', required: false },
2075 ],
2076 order: [['version', 'DESC']],
2077 });
2078 }
2079
2080 if (!policyOrder) {
2081 policyOrder = await PolicyOrderModel.findOne(request, {
2082 where: {
2083 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
2084 },
2085 include: [
2086 { model: Product.raw, as: 'productRelation', required: true },
2087 { model: Client.raw, as: 'client', required: false },
2088 { model: Customer.raw, as: 'customer', required: false },
2089 ],
2090 order: [['version', 'DESC']],
2091 });
2092 }
2093 }
2094
2095 if (!policyOrder) {
2096 throw new StatusError(404, 'Policy order not found');
2097 }
2098
2099 if (isCustomer && policyOrder.customerId !== currentUser?.id) {
2100 throw new StatusError(403, 'You can only access your own policies');
2101 }
2102
2103 const policyData = policyOrder.get({ plain: true }) as Record<string, unknown>;
2104
2105 if (policyData.client) {
2106 delete policyData.client;
2107 }
2108
2109 // Keep the live product's translationOverrides before dropping the relation —
2110 // the snapshot `policyData.product` is frozen at issue time, but translations
2111 // may be authored later, so the portal needs the current overrides to localize
2112 // product/plan/coverage strings.
2113 const productRelationData = policyData.productRelation as Record<string, unknown> | undefined;
2114 if (policyData.productRelation) {
2115 delete policyData.productRelation;
2116 }
2117
2118 if (policyData.requestHeaders) {
2119 delete policyData.requestHeaders;
2120 }
2121
2122 if (policyData.requestBody) {
2123 delete policyData.requestBody;
2124 }{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":2124,"limit":100}2124 }
2125
2126 if (policyData.network) {
2127 delete policyData.network;
2128 }
2129 // Commission tax is internal financial data — not exposed on customer-facing endpoints
2130 delete policyData.commissionTax;
2131 delete policyData.adjustmentCommissionTax;
2132
2133 if (policyOrder.productId && policyOrder.quoteId) {
2134 const activeQuote = await Quote.findOne({ organizationId }, {
2135 where: { productId: policyOrder.productId, active: true },
2136 });
2137
2138 if (activeQuote) {
2139 const coverageParameters = await QuoteParameter.findAll({ organizationId }, {
2140 where: { quoteId: activeQuote.id, isCoverage: true },
2141 attributes: ['label', 'path'],
2142 });
2143
2144 if (coverageParameters.length > 0) {
2145 const quoteSession = await QuoteSession.findOne(request, {
2146 where: { quoteId: policyOrder.quoteId },
2147 attributes: ['parameters'],
2148 });
2149
2150 if (quoteSession) {
2151 const additionalCoverages = coverageParameters
2152 .map((param) => {
2153 if (!param.path) return null;
2154 const pathParts = param.path.split('.');
2155 let value: unknown = quoteSession.parameters;
2156 for (const part of pathParts) {
2157 if (value && typeof value === 'object' && part in value) {
2158 value = (value as Record<string, unknown>)[part];
2159 } else {
2160 return null;
2161 }
2162 }
2163 if (value === undefined || value === null) return null;
2164 return {
2165 title: param.label,
2166 coverageAmount: String(value),
2167 };
2168 })
2169 .filter((c): c is { title: string; coverageAmount: string } => c !== null);
2170
2171 if (additionalCoverages.length > 0) {
2172 const insurance = policyData.insurance as Record<string, unknown> | undefined;
2173 if (insurance) {
2174 for (const productName of Object.keys(insurance)) {
2175 const productData = insurance[productName];
2176 if (productData && typeof productData === 'object') {
2177 const plans = productData as Record<string, Record<string, unknown>>;
2178 for (const planName of Object.keys(plans)) {
2179 const planData = plans[planName];
2180 if (planData && typeof planData === 'object') {
2181 const existingCoverages = Array.isArray(planData.coverages)
2182 ? (planData.coverages as unknown[])
2183 : [];
2184 planData.coverages = [...existingCoverages, ...additionalCoverages];
2185 }
2186 }
2187 }
2188 }
2189 }
2190 }
2191 }
2192 }
2193 }
2194 }
2195
2196 if (policyData.insurance && policyData.parameters && policyOrder.productId) {
2197 const quoteSession = policyOrder.quoteId
2198 ? await QuoteSession.findOne(request, { where: { quoteId: policyOrder.quoteId } })
2199 : null;
2200 const selectedCoverages = quoteSession?.requestBody
2201 ? (quoteSession.requestBody as Record<string, unknown>)?.selectedCoverages as Array<{
2202 coverageId: number;
2203 optionId: number | null;
2204 parameters?: Record<string, unknown>;
2205 }> | undefined
2206 : undefined;
2207
2208 policyData.insurance = await enrichInsuranceWithCoverageOptions(
2209 policyData.insurance as Record<string, unknown>,
2210 policyData.parameters as Record<string, unknown>,
2211 selectedCoverages,
2212 policyOrder.productId,
2213 organizationId,
2214 await resolveOrgTimezone(request, organizationId),
2215 policyOrder.displayCurrency || undefined,
2216 );
2217 }
2218
2219 const insurance = policyData.insurance as Record<string, unknown> | undefined;
2220 if (
2221 insurance &&
2222 policyOrder.currencyPosition &&
2223 policyOrder.decimalSeparator &&{"command":"grep -A 200 \"export async function getPolicyById\" /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts | grep \"endorsementField\""}(Bash completed with no output)
CRITICAL BUG CONFIRMED: `getPolicyById` does NOT add `endorsementFields` to the response. It only returns `endorsementFieldValues` (which is part of the PolicyOrder model). The portal therefore has no way to display the actual field labels. Let me now compile all the findings: ## Findings Summary: ### HIGH SEVERITY ISSUES: 1. **Missing endorsementFields in getPolicyById response** - **File**: `sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts`, function `getPolicyById` (line 2005). **Problem**: The GET /policies/:policyId endpoint does NOT include `endorsementFields` in the response. This means the portal's DefaultPolicyDetails has no way to access the actual field labels and can only show mangled fieldKey values. **Impact**: Violates acceptance criteria "submitted value is stored and **visible** on the endorsement" — the labels aren't visible, only auto-generated human-readable versions of the fieldKey. 2. **Portal renders generated labels instead of configured labels** - **File**: `sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx`, lines 948-955. **Problem**: The code derives labels from camelCase fieldKey by regex mangling (e.g., `reasonForChange` → `Reason For Change`) instead of displaying the actual configured label (e.g., "What is the reason?"). Even if endorsementFields were in the response, the code wouldn't use them. **Impact**: Users see auto-generated labels that may not match the actual field label configured by the admin. 3. **TypeScript type mismatch in Portal EndorsementFieldDef** - **File**: `sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/PolicyQuoteForm.tsx`, lines 146-154. **Problem**: The `EndorsementFieldDef` interface is missing `source`, `dataModelFieldName`, and `order` fields that the API's `resolveEndorsementFieldsForLocale` function returns. This creates a type safety gap where the API returns these fields but TypeScript doesn't expect them. **Severity**: MEDIUM (won't cause runtime error due to TypeScript being in the portal, but indicates incomplete contract definition). ### MEDIUM SEVERITY ISSUES: 4. **Portal PolicyData interface missing endorsementFields** - **File**: `sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx`, lines 28-91. **Problem**: The `PolicyOrder` interface doesn't include an `endorsementFields` property. Even if getPolicyById returned it, the TypeScript type wouldn't capture it. **Impact**: Type safety issue that would require a bypass to use endorsementFields if they were returned. ### LOWER SEVERITY ISSUES (Design/Spec clarity): 5. **Endorsement field `source` and `dataModelFieldName` not exposed in Portal UI** - **File**: `sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/products/endorsement-fields/EndorsementFieldsTab.tsx`. **Problem**: The field-builder UI doesn't provide controls to set `source` or `dataModelFieldName`, though the API accepts them. All fields default to `source: "adhoc"`. This is likely intentional for MVP, but worth noting. **Severity**: LOW (design decision, not a bug). ### VERIFICATION CHECKLIST FOR ACCEPTANCE CRITERIA: ✓ "Add a required new field to an endorsement" - Admin UI works (EndorsementFieldsTab) ✓ "attempting to submit without it fails validation" - Both portal and embed validation correctly reject missing required fields ✓ "submitted value is stored" - API persists endorsementFieldValues ❌ "visible on the endorsement" - **FAILS** because portal shows mangled fieldKey labels instead of configured labels ✓ "visible on... policy history" - Endpoint returns endorsementFieldValues (though with display issue above) ✓ "fields render in BOTH the portal endorsement flow AND the embedded customer endorsement flow" - Both are implemented ✓ "localizable labels (LMT)" - API resolves labels via translateTemplateString; embed uses useTranslateDynamic; portal receives pre-resolved labels from the API --- ## VERDICT: **ISSUES** (1 HIGH, 3 MEDIUM/LOW) The most critical issue is that the customer's view of submitted endorsement field values displays auto-generated labels instead of the configured labels, violating the acceptance criteria. This requires: 1. Adding `endorsementFields` to getPolicyById response 2. Updating the portal's PolicyData interface to include `endorsementFields` 3. Modifying DefaultPolicyDetails to render actual labels from endorsementFields instead of deriving them from fieldKey
Round 1 done. Triaging (verifying each against the actual codebase, not stale docs):
Will fix (real HIGH/MED):
getPolicyById lacks resolved endorsementFields → detail view shows humanized keys not real labels. Add fields to response + use real labels.EndorsementFieldDef / PolicyOrder types incomplete.Verified NOT defects (false positives vs stale AGENTS.md):
check:migrations requires the inline NULLIF template (I read the gate); current_organization_in_scope would fail CI. Keep.defaultValue: matches canonical _ClaimPayout. Keep.uniqueFieldKey on update: fieldKey is intentionally immutable (update ignores it). Keep.Reading getPolicyById to wire the fields into its response.
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":2005,"limit":120}2005 export async function getPolicyById(
2006 request: FastifyRequest<{ Params: { policyId: string }; Querystring: { version?: number } }>,
2007 _reply: FastifyReply
2008 ): Promise<Record<string, unknown>> {
2009 void _reply;
2010 const { policyId } = request.params;
2011 const { version } = request.query;
2012 const organizationId = request.ident?.org?.id;
2013
2014 if (!organizationId) {
2015 throw new StatusError(400, 'Organization context required');
2016 }
2017
2018 const currentUser = request.ident?.user;
2019 const isCustomer = currentUser?.userType === 'customer';
2020
2021 const requestedPolicy = await PolicyOrderModel.findOne(request, {
2022 where: { policyId },
2023 include: [{ model: Product.raw, as: 'productRelation', required: true }],
2024 });
2025
2026 if (!requestedPolicy) {
2027 throw new StatusError(404, 'Policy order not found');
2028 }
2029
2030 const rootPolicyId = requestedPolicy.rootPolicyId || requestedPolicy.policyId;
2031
2032 let policyOrder: PolicyOrderModel | null;
2033
2034 if (version !== undefined) {
2035 policyOrder = await PolicyOrderModel.findOne(request, {
2036 where: {
2037 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
2038 version,
2039 },
2040 include: [
2041 { model: Product.raw, as: 'productRelation', required: true },
2042 { model: Client.raw, as: 'client', required: false },
2043 { model: Customer.raw, as: 'customer', required: false },
2044 ],
2045 });
2046 if (!policyOrder) {
2047 throw new StatusError(404, `Version ${version} not found for this policy`);
2048 }
2049 } else {
2050 const today = getBusinessDate(request.ident!.org.timezone);
2051 policyOrder = await PolicyOrderModel.findOne(request, {
2052 where: {
2053 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
2054 effectiveDate: { [Op.lte]: today },
2055 },
2056 include: [
2057 { model: Product.raw, as: 'productRelation', required: true },
2058 { model: Client.raw, as: 'client', required: false },
2059 { model: Customer.raw, as: 'customer', required: false },
2060 ],
2061 order: [['effectiveDate', 'DESC'], ['version', 'DESC']],
2062 });
2063
2064 if (!policyOrder) {
2065 const fallbackActiveCodes = await getCodesForCategory(organizationId, PolicyStatusLifecycleCategory.ACTIVE);
2066 policyOrder = await PolicyOrderModel.findOne(request, {
2067 where: {
2068 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
2069 status: { [Op.in]: fallbackActiveCodes },
2070 },
2071 include: [
2072 { model: Product.raw, as: 'productRelation', required: true },
2073 { model: Client.raw, as: 'client', required: false },
2074 { model: Customer.raw, as: 'customer', required: false },
2075 ],
2076 order: [['version', 'DESC']],
2077 });
2078 }
2079
2080 if (!policyOrder) {
2081 policyOrder = await PolicyOrderModel.findOne(request, {
2082 where: {
2083 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
2084 },
2085 include: [
2086 { model: Product.raw, as: 'productRelation', required: true },
2087 { model: Client.raw, as: 'client', required: false },
2088 { model: Customer.raw, as: 'customer', required: false },
2089 ],
2090 order: [['version', 'DESC']],
2091 });
2092 }
2093 }
2094
2095 if (!policyOrder) {
2096 throw new StatusError(404, 'Policy order not found');
2097 }
2098
2099 if (isCustomer && policyOrder.customerId !== currentUser?.id) {
2100 throw new StatusError(403, 'You can only access your own policies');
2101 }
2102
2103 const policyData = policyOrder.get({ plain: true }) as Record<string, unknown>;
2104
2105 if (policyData.client) {
2106 delete policyData.client;
2107 }
2108
2109 // Keep the live product's translationOverrides before dropping the relation —
2110 // the snapshot `policyData.product` is frozen at issue time, but translations
2111 // may be authored later, so the portal needs the current overrides to localize
2112 // product/plan/coverage strings.
2113 const productRelationData = policyData.productRelation as Record<string, unknown> | undefined;
2114 if (policyData.productRelation) {
2115 delete policyData.productRelation;
2116 }
2117
2118 if (policyData.requestHeaders) {
2119 delete policyData.requestHeaders;
2120 }
2121
2122 if (policyData.requestBody) {
2123 delete policyData.requestBody;
2124 }{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":2124,"limit":95}2124 }
2125
2126 if (policyData.network) {
2127 delete policyData.network;
2128 }
2129 // Commission tax is internal financial data — not exposed on customer-facing endpoints
2130 delete policyData.commissionTax;
2131 delete policyData.adjustmentCommissionTax;
2132
2133 if (policyOrder.productId && policyOrder.quoteId) {
2134 const activeQuote = await Quote.findOne({ organizationId }, {
2135 where: { productId: policyOrder.productId, active: true },
2136 });
2137
2138 if (activeQuote) {
2139 const coverageParameters = await QuoteParameter.findAll({ organizationId }, {
2140 where: { quoteId: activeQuote.id, isCoverage: true },
2141 attributes: ['label', 'path'],
2142 });
2143
2144 if (coverageParameters.length > 0) {
2145 const quoteSession = await QuoteSession.findOne(request, {
2146 where: { quoteId: policyOrder.quoteId },
2147 attributes: ['parameters'],
2148 });
2149
2150 if (quoteSession) {
2151 const additionalCoverages = coverageParameters
2152 .map((param) => {
2153 if (!param.path) return null;
2154 const pathParts = param.path.split('.');
2155 let value: unknown = quoteSession.parameters;
2156 for (const part of pathParts) {
2157 if (value && typeof value === 'object' && part in value) {
2158 value = (value as Record<string, unknown>)[part];
2159 } else {
2160 return null;
2161 }
2162 }
2163 if (value === undefined || value === null) return null;
2164 return {
2165 title: param.label,
2166 coverageAmount: String(value),
2167 };
2168 })
2169 .filter((c): c is { title: string; coverageAmount: string } => c !== null);
2170
2171 if (additionalCoverages.length > 0) {
2172 const insurance = policyData.insurance as Record<string, unknown> | undefined;
2173 if (insurance) {
2174 for (const productName of Object.keys(insurance)) {
2175 const productData = insurance[productName];
2176 if (productData && typeof productData === 'object') {
2177 const plans = productData as Record<string, Record<string, unknown>>;
2178 for (const planName of Object.keys(plans)) {
2179 const planData = plans[planName];
2180 if (planData && typeof planData === 'object') {
2181 const existingCoverages = Array.isArray(planData.coverages)
2182 ? (planData.coverages as unknown[])
2183 : [];
2184 planData.coverages = [...existingCoverages, ...additionalCoverages];
2185 }
2186 }
2187 }
2188 }
2189 }
2190 }
2191 }
2192 }
2193 }
2194 }
2195
2196 if (policyData.insurance && policyData.parameters && policyOrder.productId) {
2197 const quoteSession = policyOrder.quoteId
2198 ? await QuoteSession.findOne(request, { where: { quoteId: policyOrder.quoteId } })
2199 : null;
2200 const selectedCoverages = quoteSession?.requestBody
2201 ? (quoteSession.requestBody as Record<string, unknown>)?.selectedCoverages as Array<{
2202 coverageId: number;
2203 optionId: number | null;
2204 parameters?: Record<string, unknown>;
2205 }> | undefined
2206 : undefined;
2207
2208 policyData.insurance = await enrichInsuranceWithCoverageOptions(
2209 policyData.insurance as Record<string, unknown>,
2210 policyData.parameters as Record<string, unknown>,
2211 selectedCoverages,
2212 policyOrder.productId,
2213 organizationId,
2214 await resolveOrgTimezone(request, organizationId),
2215 policyOrder.displayCurrency || undefined,
2216 );
2217 }
2218 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":2218,"limit":70}2218
2219 const insurance = policyData.insurance as Record<string, unknown> | undefined;
2220 if (
2221 insurance &&
2222 policyOrder.currencyPosition &&
2223 policyOrder.decimalSeparator &&
2224 policyOrder.groupSeparator
2225 ) {
2226 for (const productName of Object.keys(insurance)) {
2227 const productData = insurance[productName];
2228 if (productData && typeof productData === 'object') {
2229 const plans = productData as Record<string, Record<string, unknown>>;
2230 for (const planName of Object.keys(plans)) {
2231 const planData = plans[planName];
2232 if (planData && typeof planData === 'object' && 'currency' in planData) {
2233 planData.currencyPosition = policyOrder.currencyPosition;
2234 planData.decimalSeparator = policyOrder.decimalSeparator;
2235 planData.groupSeparator = policyOrder.groupSeparator;
2236 planData.decimalsAmount = policyOrder.decimalsAmount;
2237 }
2238 }
2239 }
2240 }
2241 }
2242
2243 const productObj = policyData.product as Record<string, unknown> | undefined;
2244 if (
2245 productObj &&
2246 typeof productObj === 'object' &&
2247 policyOrder.currencyPosition &&
2248 policyOrder.decimalSeparator &&
2249 policyOrder.groupSeparator
2250 ) {
2251 productObj.currencyPosition = policyOrder.currencyPosition;
2252 productObj.decimalSeparator = policyOrder.decimalSeparator;
2253 productObj.groupSeparator = policyOrder.groupSeparator;
2254 productObj.decimalsAmount = policyOrder.decimalsAmount;
2255 }
2256
2257 // Surface the live per-product translation overrides so the customer portal
2258 // can localize product/plan/coverage text (same source the embed funnel uses).
2259 // Merge in the shared LMT dictionary defaults so default product/plan/coverage
2260 // titles localize even when an author hasn't explicitly overridden them.
2261 if (productObj && typeof productObj === 'object') {
2262 const storedOverrides =
2263 (productRelationData?.translationOverrides as Record<string, Record<string, string>> | null | undefined) ?? null;
2264 productObj.translationOverrides = mergeTranslationDefaults(storedOverrides, [
2265 productObj.productTitle as string | null | undefined,
2266 productObj.productPlanTitle as string | null | undefined,
2267 ...collectCoverageStrings(policyData.insurance),
2268 ]);
2269 }
2270
2271 if (policyOrder.productId) {
2272 const productSettings = await ProductSetting.findAll(request, {
2273 where: { productId: policyOrder.productId, active: true },
2274 attributes: ['name', 'label', 'type', 'value'],
2275 });
2276 policyData.productSettings = productSettings.map((s) => s.get({ plain: true }));
2277 const editSetting = productSettings.find((s) => s.name === 'edit');
2278 policyData.edit = editSetting ? editSetting.value === true : false;
2279 const customerSuspensionsSetting = productSettings.find((s) => s.name === 'customerSuspensions');
2280 policyData.customerSuspensions = customerSuspensionsSetting ? customerSuspensionsSetting.value === true : false;
2281
2282 policyData.hasActiveSuspensionTerms = policyOrder.paymentFrequency
2283 ? !!(await SuspensionTerms.findOne({ organizationId }, {
2284 where: {
2285 productId: policyOrder.productId,
2286 paymentFrequency: policyOrder.paymentFrequency,
2287 active: true,{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":2288,"limit":45}2288 },
2289 }))
2290 : false;
2291 }
2292
2293 // Enrich with bundle data if this policy belongs to a bundle
2294 if (policyOrder.bundleSubscriptionId) {
2295 const sub = await BundleSubscription.findByPk(request, policyOrder.bundleSubscriptionId, {
2296 include: [{ model: ProductBundle.raw, attributes: ['bundleTitle'] }],
2297 });
2298 if (sub) {
2299 const policyCategory = await getCategoryForCode(organizationId, policyOrder.status);
2300 const isCurrentVersion = policyCategory === PolicyStatusLifecycleCategory.ACTIVE
2301 || policyCategory === PolicyStatusLifecycleCategory.PENDING;
2302 const activePendingCodes = isCurrentVersion
2303 ? await getCodesForCategories(
2304 organizationId,
2305 [PolicyStatusLifecycleCategory.ACTIVE, PolicyStatusLifecycleCategory.PENDING],
2306 )
2307 : [];
2308
2309 // Determine the discount effective for THIS specific policy version
2310 let discountType: string | null;
2311 let discountValue: number;
2312
2313 if (isCurrentVersion) {
2314 discountType = sub.currentDiscountType;
2315 discountValue = sub.currentDiscountValue ? Number(sub.currentDiscountValue) : 0;
2316 } else {
2317 // Superseded/cancelled: derive historical discount from endorsement metadata
2318 const bundleEndorsement = (policyOrder.parameters as Record<string, any>)?.bundleEndorsement;
2319 if (bundleEndorsement?.newDiscount) {
2320 // This policy was itself an endorsement — use its applied discount
2321 discountType = bundleEndorsement.newDiscount.type;
2322 discountValue = bundleEndorsement.newDiscount.value ?? 0;
2323 } else {
2324 // Original policy before endorsement — look at the next version's oldDiscount
2325 const nextVersion = await PolicyOrderModel.findOne(request, {
2326 where: { previousPolicyId: policyOrder.policyId, transactionType: TransactionType.ENDORSEMENT },
2327 attributes: ['parameters'],
2328 });
2329 const nextEndorsement = (nextVersion?.parameters as Record<string, any>)?.bundleEndorsement;
2330 if (nextEndorsement?.oldDiscount) {
2331 discountType = nextEndorsement.oldDiscount.type;
2332 discountValue = nextEndorsement.oldDiscount.value ?? 0;{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo; rg -n \"^ return |return policyData|^}\" src/controllers/policyOrderController.ts | awk -F: '$1>2330 && $1<2420' | head","description":"Find getPolicyById return statement"}2416: return {{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":2400,"limit":28}2400 delete policyData.originalPremiumWithoutTax;
2401 delete policyData.originalPremiumWithTax;
2402 if (policyData.insurance) {
2403 stripInsurancePrices(policyData.insurance as Record<string, any>);
2404 }
2405 if (policyData.bundle) {
2406 (policyData.bundle as any).originalPremiumWithTax = null;
2407 (policyData.bundle as any).premiumWithTax = null;
2408 (policyData.bundle as any).totalDiscount = null;
2409 (policyData.bundle as any).perProduct = null;
2410 }
2411 }
2412
2413 const policyVisibilityConfig = await getPolicyVisibilityConfig(request, organizationId);
2414 policyData.messagesEnabled = !policyVisibilityConfig.disablePolicyMessages;
2415
2416 return {
2417 status: 'success',
2418 data: policyData,
2419 };
2420 }
2421
2422 export async function getPolicyVersions(
2423 request: FastifyRequest<{ Params: { policyId: string } }>,
2424 _reply: FastifyReply
2425 ) {
2426 void _reply;
2427 const { policyId } = request.params;Fix 1 — attach resolved endorsementFields to getPolicyById so the detail view shows real labels:
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","old_string":" const policyVisibilityConfig = await getPolicyVisibilityConfig(request, organizationId);\n policyData.messagesEnabled = !policyVisibilityConfig.disablePolicyMessages;\n\n return {\n status: 'success',\n data: policyData,\n };\n}\n\nexport async function getPolicyVersions(","new_string":" const policyVisibilityConfig = await getPolicyVisibilityConfig(request, organizationId);\n policyData.messagesEnabled = !policyVisibilityConfig.disablePolicyMessages;\n\n // Resolved custom endorsement field definitions (localised) so the portal can\n // render captured values with their proper labels in policy detail/history (#457).\n if (policyOrder.productId) {\n const endorsementFieldDefs = await getActiveEndorsementFields(request, policyOrder.productId);\n policyData.endorsementFields = resolveEndorsementFieldsForLocale(\n endorsementFieldDefs,\n getLocaleFromHeader(request),\n (productRelationData?.translationOverrides as Record<string, Record<string, string>> | null | undefined) ?? null,\n );\n }\n\n return {\n status: 'success',\n data: policyData,\n };\n}\n\nexport async function getPolicyVersions("}The file /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts has been updated successfully. (file state is current in your context — no need to Read it back)
Fix 2 — endorsePolicy carry-forward (distinguish "provided" from "omitted"):
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","old_string":" parameters: parametersWithBreakdown,\n endorsementFieldValues: endorsementFields.length > 0\n ? validatedEndorsementValues\n : ((oldPolicyData.endorsementFieldValues as Record<string, unknown> | null) ?? null),\n insurance,\n product: productMetadata,","new_string":" parameters: parametersWithBreakdown,\n // When fields are configured AND the submit explicitly supplies values, store\n // the validated set (allows clearing an optional field). When the submit omits\n // the key entirely, carry the prior version's values forward so they persist.\n endorsementFieldValues: endorsementFields.length > 0 && request.body.endorsementFieldValues != null\n ? validatedEndorsementValues\n : ((oldPolicyData.endorsementFieldValues as Record<string, unknown> | null) ?? null),\n insurance,\n product: productMetadata,"}The file /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts has been updated successfully. (file state is current in your context — no need to Read it back)
Fix 3 — reject whitespace-only label on update:
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/endorsementFieldController.ts","old_string":" const nextOptions = b.options !== undefined ? validateOptions(type, b.options) : validateOptions(type, field.options);\n\n await field.update({\n label: b.label !== undefined ? (b.label.trim() || field.label) : field.label,","new_string":" const nextOptions = b.options !== undefined ? validateOptions(type, b.options) : validateOptions(type, field.options);\n\n if (b.label !== undefined && !b.label.trim()) {\n throw new StatusError(400, 'label cannot be empty');\n }\n\n await field.update({\n label: b.label !== undefined ? b.label.trim() : field.label,"}The file /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/endorsementFieldController.ts has been updated successfully. (file state is current in your context — no need to Read it back)
Fix 4 — clarify boolean-required (consent) semantics:
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts","old_string":" if (field.type === 'boolean') {\n const coerced = coerceBoolean(raw);\n if (field.required && coerced !== true) {\n throw new StatusError(400, `Endorsement field \"${field.label}\" must be accepted`);\n }","new_string":" if (field.type === 'boolean') {\n // Booleans render as a single checkbox in both flows, so a *required*\n // boolean has consent semantics: it must be explicitly checked (true).\n const coerced = coerceBoolean(raw);\n if (field.required && coerced !== true) {\n throw new StatusError(400, `Endorsement field \"${field.label}\" must be accepted`);\n }"}The file /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts has been updated successfully. (file state is current in your context — no need to Read it back)
Fix 5a — complete the portal EndorsementFieldDef contract:
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/PolicyQuoteForm.tsx","old_string":"export interface EndorsementFieldDef {\n fieldKey: string;\n label: string;\n helpText: string | null;\n type: string;\n required: boolean;\n options: { value: string; label: string }[] | null;\n validationPattern: string | null;\n}","new_string":"export interface EndorsementFieldDef {\n fieldKey: string;\n label: string;\n helpText: string | null;\n type: string;\n required: boolean;\n options: { value: string; label: string }[] | null;\n validationPattern: string | null;\n source?: string;\n dataModelFieldName?: string | null;\n order?: number;\n}"}The file /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/PolicyQuoteForm.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
Fix 5b — add endorsementFields to the portal PolicyOrder interface:
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","old_string":" endorsementFieldValues?: Record<string, unknown> | null;","new_string":" endorsementFieldValues?: Record<string, unknown> | null;\n endorsementFields?: { fieldKey: string; label: string }[] | null;"}The file /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
Fix 5c — use real configured labels (map from endorsementFields), humanized key as fallback:
{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","old_string":" <div className=\"p-6\">\n <dl className=\"space-y-2 text-sm\">\n {Object.entries(policy.endorsementFieldValues).map(([key, value]) => (\n <div key={key} className=\"flex justify-between gap-4 border-b border-gray-100 pb-2 last:border-0\">\n <dt className=\"text-gray-600\">\n {key\n .replace(/([A-Z])/g, \" $1\")\n .replace(/[_-]+/g, \" \")\n .replace(/^./, (c) => c.toUpperCase())\n .trim()}\n </dt>","new_string":" <div className=\"p-6\">\n <dl className=\"space-y-2 text-sm\">\n {Object.entries(policy.endorsementFieldValues).map(([key, value]) => {\n const configuredLabel = policy.endorsementFields?.find((f) => f.fieldKey === key)?.label;\n const label =\n configuredLabel ||\n key\n .replace(/([A-Z])/g, \" $1\")\n .replace(/[_-]+/g, \" \")\n .replace(/^./, (c) => c.toUpperCase())\n .trim();\n return (\n <div key={key} className=\"flex justify-between gap-4 border-b border-gray-100 pb-2 last:border-0\">\n <dt className=\"text-gray-600\">{label}</dt>"}The file /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
Need to close the new arrow-function body. Reading the block end.
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","offset":948,"limit":30}948 <dl className="space-y-2 text-sm">
949 {Object.entries(policy.endorsementFieldValues).map(([key, value]) => {
950 const configuredLabel = policy.endorsementFields?.find((f) => f.fieldKey === key)?.label;
951 const label =
952 configuredLabel ||
953 key
954 .replace(/([A-Z])/g, " $1")
955 .replace(/[_-]+/g, " ")
956 .replace(/^./, (c) => c.toUpperCase())
957 .trim();
958 return (
959 <div key={key} className="flex justify-between gap-4 border-b border-gray-100 pb-2 last:border-0">
960 <dt className="text-gray-600">{label}</dt>
961 <dd className="text-right font-medium text-gray-900" data-testid={`endorsement-detail-${key}`}>
962 {typeof value === "boolean" ? (value ? t('Yes') : t('No')) : String(value)}
963 </dd>
964 </div>
965 ))}
966 </dl>
967 </div>
968 </div>
969 )}
970 {/* Policy Dates */}
971 <div className="border-t border-b border-gray-200 bg-white sm:rounded-lg sm:border sm:shadow-sm">
972 <div className="border-b border-gray-100 bg-gradient-to-r from-gray-50 to-white p-4 sm:rounded-t-lg">
973 <h2 className="text-lg font-medium text-gray-900">{t('Important Dates')}</h2>
974 </div>
975 <div className="p-6">
976 <div className="space-y-3">
977 <div className="flex items-center text-sm">{"replace_all":false,"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","old_string":" </dd>\n </div>\n ))}\n </dl>","new_string":" </dd>\n </div>\n );\n })}\n </dl>"}The file /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx has been updated successfully. (file state is current in your context — no need to Read it back)
Round-1 fixes applied. Re-type-checking api + portal.
{"command":"docker exec sherpa-api-api-457-custom-additional-fields-on-endo npm run type-check 2>&1 | tail -15; echo \"API_TSC=${pipestatus[1]}\"","description":"Re-type-check API after fixes","timeout":300000}{"command":"cd /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo && npx tsc --noEmit 2>&1 | head -25; echo \"PORTAL_TSC=${pipestatus[1]}\"","description":"Re-type-check portal after fixes","timeout":300000}> Sherpa [email protected] type-check > tsc --noEmit API_TSC=0
PORTAL_TSC=0
Both clean. Round 2 — re-review to verify fixes + catch anything remaining.
{"description":"Review round 2: API verify","prompt":"Round-2 adversarial re-review of the sherpa-api changes for ticket #457 (custom additional fields on endorsements), in worktree /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo. Use rg/fd + Read. Round 1 fixes were applied — verify they are CORRECT and complete, and look for any NEW or remaining HIGH/MEDIUM issue.\n\nVerify these specific round-1 fixes:\n1. **Carry-forward** in src/controllers/policyOrderController.ts endorsePolicy: the create payload now uses `endorsementFieldValues: endorsementFields.length > 0 && request.body.endorsementFieldValues != null ? validatedEndorsementValues : (oldPolicyData.endorsementFieldValues ?? null)`. Confirm this correctly (a) validates+stores when values provided, (b) carries prior values when the key is omitted, (c) still rejects a missing required field (validateAndNormalizeEndorsementFieldValues runs earlier and throws). Any logic hole?\n2. **getPolicyById** now attaches `policyData.endorsementFields = resolveEndorsementFieldsForLocale(getActiveEndorsementFields(...), locale, overrides)` before return. Confirm productId guard, that productRelationData is still in scope at that point (not deleted), and locale/overrides are correct. Will it run for both version and current-version paths?\n3. **endorsementFieldController update**: now throws 400 on whitespace-only label. Confirm correct.\n\nAlso re-scan for issues NOT caught in round 1:\n- Could resolveEndorsementFieldsForLocale or getActiveEndorsementFields throw and break a previously-working GET /policies/:id for products with NO endorsement fields? (It should return [] gracefully.)\n- Any N+1 / performance concern from the new GET query (acceptable for a detail endpoint?).\n- Drift test still consistent (PolicyOrder + EndorsementField)?\n- Validation service: ReDoS risk from user regex at submit time? Is regex compiled per-request safely?\n- Any place the new code throws an unhandled type error or references an undefined variable?\n\nRead the actual current file contents (the fixes are already in place). Return findings: severity HIGH/MEDIUM/LOW, file:line, problem, fix. End with \"VERDICT: CLEAN\" (zero HIGH/MEDIUM) or \"VERDICT: ISSUES (n high, m medium)\". Review only — do not edit.\n\nNote: the migration intentionally uses the inline permissive RLS template `NULLIF(current_setting('app.current_organization', true), '') IS NULL OR \"organizationId\" = ...` because scripts/check-migration-tenant-rls.ts REQUIRES that exact template (function `migrationUsesPermissivePolicy`); do NOT flag it as wrong — `current_organization_in_scope` would fail CI. Also Sequelize column `defaultValue` is the established convention (see _ClaimPayout.ts) — not a \"no-defaults\" violation.","subagent_type":"Explore"}{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && find . -type f -name \"*.ts\" | grep -E \"(policyOrderController|policyController|endorsementFieldController)\" | head -20"}./src/controllers/policyOrderController.ts ./src/controllers/policyController.ts ./src/controllers/endorsementFieldController.ts
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts"}<system-reminder>[Truncated: PARTIAL view — showing lines 1-1391 of 6077 total (92809 tokens, cap 25000). Call Read with offset=1392 limit=1391 for the next page, or Grep to find a specific section. Do NOT answer from this page alone if the answer may be further in the file.]</system-reminder>
1 import crypto from 'crypto';
2 import jwt from 'jsonwebtoken';
3 import { FastifyRequest, FastifyReply } from 'fastify';
4 import { Op } from 'sequelize';
5 import { generatePdfDownloadToken, PDF_DOWNLOAD_TOKEN_TTL_SECONDS } from '@/utils/tokenUtils.js';
6 import { getOrganizationBackendUrl } from '@/utils/organizationUtils.js';
7 import { calculatePriceforQuote } from '@/controllers/pricingController.js';
8 import { sequelize } from '@/models/db.js';
9 import { tenantQuery } from '@/models/lib/db-query.js';
10 import { getPolicyVisibilityConfig } from '@/utils/policyMessagesVisibility.js';
11 import { getBusinessDate, resolveOrgTimezone } from '@/utils/dateUtils.js';
12 import { StatusError } from '@/error/error.js';
13 import logger from '@/logger.js';
14 import { Client } from '@/models/Client.js';
15 import { Country } from '@/models/Country.js';
16 import { DriverFactory } from '@/integrations/driver-factory.js';
17 import { Insurer } from '@/models/Insurer.js';
18 import { InsuranceType } from '@/models/InsuranceType.js';
19 import { Module } from '@/models/Module.js';
20 import { ModuleEndpoint } from '@/models/ModuleEndpoint.js';
21 import { Partner } from '@/models/Partner.js';
22 import { Policy } from '@/models/Policy.js';
23 import {
24 PolicyOrder as PolicyOrderModel,
25 CancelReason,
26 TransactionType,
27 DeletionReason,
28 } from '@/models/PolicyOrder.js';
29 import { ClaimRecord, ClaimStatus } from '@/models/ClaimRecord.js';
30 import { OrganizationPolicyStatus, PolicyStatusLifecycleCategory } from '@/models/OrganizationPolicyStatus.js';
31 import {
32 evaluateComplianceGate,
33 collectComplianceCheckIds,
34 isComplianceGateParked,
35 pickComplianceParkCategory,
36 attachPolicyOrderToScreening,
37 } from '@/services/policyIssuanceService.js';
38 import {
39 assertStatusAllowedForCreate,
40 assertValidStatusForOrg,
41 getCategoryForCode,
42 getCodesForCategory,
43 getCodesForCategories,
44 getDefaultCodeForCategory,
45 resolveStatusForCreate,
46 resolveStatusForUpdate,
47 } from '@/services/policyStatusService.js';
48 import { PolicyOrderError } from '@/models/PolicyOrderError.js';
49 import { PolicyParameter } from '@/models/PolicyParameter.js';
50 import { Pricing } from '@/models/Pricing.js';
51 import { Organization } from '@/models/Organization.js';
52 import { Product, type ProductDocumentRef } from '@/models/Product.js';
53 import { DataFile } from '@/models/DataFile.js';
54 import { ProductModulePartner } from '@/models/ProductModulePartner.js';
55 import { ProductOptimization } from '@/models/ProductOptimization.js';
56 import { ProductPlan } from '@/models/ProductPlan.js';
57 import { ProductSetting } from '@/models/ProductSetting.js';
58 import { SuspensionTerms } from '@/models/SuspensionTerms.js';
59 import { findActiveProductTemplate } from '@/models/productTemplateHelpers.js';
60 import { Quote } from '@/models/Quote.js';
61 import { QuoteParameter } from '@/models/QuoteParameter.js';
62 import { QuoteSession } from '@/models/QuoteSession.js';
63 import { Customer } from '@/models/Customer.js';
64 import { generateDocumentPdf } from '@/services/pdfService.js';
65 import { renderTemplate } from '@/services/templateService.js';
66 import { localizeTemplateContent } from '@/services/templateI18nService.js';
67 import { getLocaleFromHeader, getLocaleFromRequestHeadersMap } from '@/services/localeService.js';
68 import { mergeTranslationDefaults, collectCoverageStrings } from '@/services/productTranslationDefaults.js';
69 import {
70 getActiveEndorsementFields,
71 resolveEndorsementFieldsForLocale,
72 validateAndNormalizeEndorsementFieldValues,
73 } from '@/services/endorsementFieldService.js';
74 import { createCustomerFromPolicyParameters } from '@/services/userService.js';
75 import { validateParameters, pickValidationMessage } from '@/services/validationService.js';
76 import {
77 CommissionCalculationData,
78 PartyAllocation,
79 } from '@/services/commissionCalculationService.js';
80 import { generateInvoice, getInvoicesByPolicyOrderId } from '@/services/invoiceService.js';
81 import { handleInvoice as handleExternalInvoice, handleCreditNote, handlePaymentIntent, handleSetupIntent, resolvePaymentProvider } from '@/domains/payments/service.js';
82 import { isExternalProvider } from '@/domains/payments/registry.js';
83 import { tryCreateEmbedCheckoutSession } from '@/services/embedCheckoutSessionService.io.js';
84 import { findReusablePolicyOrder, reuseIframeCheckout } from '@/services/embedCheckoutDedupService.io.js';
85 import { withQuoteLock } from '@/services/quoteDedupLock.js';
86 import { isSafeHttpsUrl } from '@/utils/urlValidation.js';
87 import { BundleSubscription } from '@/models/BundleSubscription.js';
88 import { ProductBundle } from '@/models/ProductBundle.js';
89 import type { InvoiceResult, PaymentIntentResult } from '@/domains/payments/interface.js';
90 import { sendSaleOutcomeEvent } from '@/services/lensOptimizationService.js';
91 import { PremiumResult } from '@/types/pricing.js';
92 import {
93 handleBundleCancellationSideEffect,
94 handleBundleReinstatementSideEffect,
95 handleBundleSuspensionSideEffect,
96 buildEndorsementContextFromRequest,
97 } from '@/services/bundleEndorsementService.js';
98 import {
99 previewSuspensionOptions as previewSuspensionOptionsService,
100 previewReinstatementOptions as previewReinstatementOptionsService,
101 } from '@/services/suspensionService.js';
102 import {
103 enqueueSuspensionEmail,
104 enqueueReinstatementEmail,
105 } from '@/services/jobs/welcomeEmailJob.js';
106 import {
107 applyBundleDiscount,
108 calculateEndorsementAdjustments,
109 extractPaymentFrequencyFromInsurance,
110 extractPremiumDataFromInsurance,
111 calculateAndExtractCommissionData,
112 enrichInsuranceWithCoverageOptions,
113 calculateExpiryDate,
114 getProductMetadata,
115 } from '@/services/policyOrderService.js';
116 import type { AdjustmentBreakdownItem, EndorsementAdjustments } from '@/services/policyOrderService.js';
117 import { shouldHidePrices, stripInsurancePrices, stripInsuranceCommission, stripCommissionFields, isCustomerFacing } from '@/utils/hidePrices.js';
118 import { getCommissionTaxRate } from '@/services/taxHelpers.js';
119 import { assertDisplayCurrencyAllowed, snapshotFx } from '@/services/currencyService.js';
120 import { getDecimalsForCurrency } from '@/utils/currencyHelper.js';
121 import { isProductionEnvironment } from '@/utils/env.js';
122 import { TEST_POLICY_STATUS_CODE } from '@/models/OrganizationPolicyStatus.js';
123
124 // Re-export for backwards compatibility with existing consumers
125 export {
126 applyBundleDiscount,
127 calculateEndorsementAdjustments,
128 extractPremiumDataFromInsurance,
129 calculateAndExtractCommissionData,
130 enrichInsuranceWithCoverageOptions,
131 calculateExpiryDate,
132 getProductMetadata,
133 } from '@/services/policyOrderService.js';
134 export type { AdjustmentBreakdownItem, EndorsementAdjustments } from '@/services/policyOrderService.js';
135
136 // Last-wins sync of the customer's channel locale based on the locale captured
137 // at this purchase. No-op when no locale was captured or the customer already
138 // holds the same value, so reads stay free of writes for English-only orgs.
139 async function syncCustomerPreferredLanguage(
140 customer: Customer | null | undefined,
141 language: string | null,
142 ): Promise<void> {
143 if (!customer || !language) return;
144 if (customer.preferredLanguage === language) return;
145 await customer.update({ preferredLanguage: language });
146 }
147
148 async function generateNextPolicyNum{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":1390,"limit":300}1390 newPremiumWithoutTax,
1391 effectiveDate,
1392 policyOrder.inceptionDate,
1393 finalPaymentFrequency || 'month',
1394 policyOrder.productId as number,
1395 taxRate,
1396 totalCommissionRate,
1397 currentPartyAllocations,
1398 policyOrder.insurance,
1399 insurance,
1400 organizationId,
1401 commissionTaxRate,
1402 );
1403
1404 // Create new endorsement version
1405 const oldPolicyData = policyOrder.toJSON() as Record<string, unknown>;
1406 delete oldPolicyData.id;
1407 delete oldPolicyData.createdAt;
1408 delete oldPolicyData.updatedAt;
1409 delete oldPolicyData.productRelation;
1410
1411 const parametersWithBreakdown = {
1412 ...parameters,
1413 adjustmentBreakdown: endorsementAdjustments.adjustmentBreakdown,
1414 };
1415
1416 const newPolicyOrder = await PolicyOrderModel.create({ organizationId: policyOrder.organizationId }, {
1417 ...oldPolicyData,
1418 policyId: crypto.randomUUID(),
1419 rootPolicyId: policyOrder.rootPolicyId,
1420 quoteId,
1421 previousPolicyId: policyOrder.policyId,
1422 transactionType: TransactionType.ENDORSEMENT,
1423 version: (policyOrder.version || 1) + 1,
1424 effectiveDate,
1425 status: activeStatusCode,
1426 productPlanName: finalProductPlanName,
1427 productPlanId: productMetadata?.productPlanId ?? policyOrder.productPlanId,
1428 parameters: parametersWithBreakdown,
1429 // When fields are configured AND the submit explicitly supplies values, store
1430 // the validated set (allows clearing an optional field). When the submit omits
1431 // the key entirely, carry the prior version's values forward so they persist.
1432 endorsementFieldValues: endorsementFields.length > 0 && request.body.endorsementFieldValues != null
1433 ? validatedEndorsementValues
1434 : ((oldPolicyData.endorsementFieldValues as Record<string, unknown> | null) ?? null),
1435 insurance,
1436 product: productMetadata,
1437 paymentFrequency: finalPaymentFrequency,
1438 policyNumber: policyOrder.policyNumber,
1439 inceptionDate: policyOrder.inceptionDate,
1440 issueDate: policyOrder.issueDate,
1441 expiryDate: policyOrder.expiryDate,
1442 basePremium: commissionData.premiumWithoutTax ? premiumData.basePremium : policyOrder.basePremium,
1443 premiumWithoutTax: commissionData.premiumWithoutTax ?? premiumData.premiumWithoutTax ?? policyOrder.premiumWithoutTax,
1444 premiumWithTax: commissionData.premiumWithTax ?? premiumData.premiumWithTax ?? policyOrder.premiumWithTax,
1445 salesTax: premiumData.salesTax ?? policyOrder.salesTax,
1446 commissionTax: premiumData.commissionTax ?? policyOrder.commissionTax ?? 0,
1447 currency: policyOrder.currency,
1448 commissionStructureId: commissionData.commissionStructureId ?? policyOrder.commissionStructureId,
1449 baselineCommissionPercentage: commissionData.baselineCommissionPercentage ?? policyOrder.baselineCommissionPercentage,
1450 dynamicCommissionPercentage: commissionData.dynamicCommissionPercentage ?? policyOrder.dynamicCommissionPercentage,
1451 variancePercentage: commissionData.variancePercentage ?? policyOrder.variancePercentage,
1452 allocationRuleId: commissionData.allocationRuleId ?? policyOrder.allocationRuleId,
1453 totalCommissionAmount: commissionData.totalCommissionAmount ?? policyOrder.totalCommissionAmount,
1454 partyAllocations: endorsementAdjustments.partyAllocationsWithAdjustment,
1455 originalPremiumWithoutTax: preBundleDiscountWithoutTax ?? commissionData.originalPremiumWithoutTax ?? policyOrder.originalPremiumWithoutTax,
1456 originalPremiumWithTax: preBundleDiscountWithTax ?? commissionData.originalPremiumWithTax ?? policyOrder.originalPremiumWithTax,
1457 billingEffectiveDate: endorsementAdjustments.billingEffectiveDate,
1458 adjustmentPremium: endorsementAdjustments.adjustmentPremium,
1459 adjustmentTax: endorsementAdjustments.adjustmentTax,
1460 adjustmentCommission: endorsementAdjustments.adjustmentCommission,
1461 adjustmentCommissionTax: endorsementAdjustments.adjustmentCommissionTax,
1462 renewalStatus: null,
1463 renewalStatusError: null,
1464 });
1465
1466 await policyOrder.update({ status: supersededStatusCode });
1467
1468 // Generate invoice (skipped for test policies)
1469 if (!newPolicyOrder.testMode) {
1470 try {
1471 const endorsementProduct = policyOrder.productRelation ?? await Product.findByPk(request, newPolicyOrder.productId!);
1472 const effectiveProvider = endorsementProduct ? await resolvePaymentProvider(endorsementProduct, newPolicyOrder.bundleSubscriptionId) : 'internal';
1473 if (isExternalProvider(effectiveProvider)) {
1474 await handleExternalInvoice(newPolicyOrder, 'endorsement');
1475 } else {
1476 await generateInvoice(newPolicyOrder);
1477 }
1478 } catch (error) {
1479 logger.error({ error, policyId: newPolicyOrder.policyId }, 'Failed to generate invoice for endorsement');
1480 }
1481 }
1482
1483 // Build response with bundle enrichment
1484 const responseData = newPolicyOrder.toJSON() as Record<string, unknown>;
1485 delete responseData.requestHeaders;
1486 delete responseData.requestBody;
1487 delete responseData.network;
1488 // Commission tax is internal financial data — not exposed on customer-facing endpoints
1489 delete responseData.commissionTax;
1490 delete responseData.adjustmentCommissionTax;
1491 responseData.edit = true;
1492
1493 if (newPolicyOrder.bundleSubscriptionId) {
1494 const sub = await BundleSubscription.findByPk(request, newPolicyOrder.bundleSubscriptionId, {
1495 include: [{ model: ProductBundle.raw, attributes: ['bundleTitle'] }],
1496 });
1497 if (sub) {
1498 const bundlePolicies = await PolicyOrderModel.findAll(request, {
1499 where: {
1500 bundleSubscriptionId: sub.id,
1501 status: { [Op.in]: activePendingCodes },
1502 },
1503 attributes: ['productName', 'premiumWithTax', 'originalPremiumWithTax'],
1504 });
1505
1506 const round2 = (v: number) => Math.round(v * 100) / 100;
1507 let totalOriginal = 0;
1508 let totalDiscounted = 0;
1509 let totalDiscount = 0;
1510 const perProduct: Record<string, { originalPremiumWithTax: number; discount: number; premiumWithTax: number }> = {};
1511
1512 for (const bp of bundlePolicies) {
1513 const original = Number(bp.originalPremiumWithTax) || Number(bp.premiumWithTax) || 0;
1514 const discounted = Number(bp.premiumWithTax) || 0;
1515 const discount = round2(original - discounted);
1516 totalOriginal += original;
1517 totalDiscounted += discounted;
1518 totalDiscount += discount;
1519 perProduct[bp.productName] = { originalPremiumWithTax: original, discount, premiumWithTax: discounted };
1520 }
1521
1522 responseData.bundle = {
1523 subscriptionId: sub.subscriptionId,
1524 bundleName: sub.bundleName,
1525 bundleTitle: sub.bundle?.bundleTitle ?? sub.bundleName,
1526 discount: sub.currentDiscountType && sub.currentDiscountValue && Number(sub.currentDiscountValue) > 0
1527 ? { type: sub.currentDiscountType, value: Number(sub.currentDiscountValue) }
1528 : null,
1529 originalPremiumWithTax: round2(totalOriginal),
1530 premiumWithTax: round2(totalDiscounted),
1531 totalDiscount: round2(totalDiscount),
1532 perProduct,
1533 };
1534 }
1535 }
1536
1537 // Commission data must never reach customers or widgets
1538 if (isCustomerFacing(request)) {
1539 stripCommissionFields(responseData);
1540 if (responseData.insurance) {
1541 stripInsuranceCommission(responseData.insurance as Record<string, any>);
1542 }
1543 }
1544
1545 // Strip price{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyController.ts","limit":100}1 import { FastifyRequest, FastifyReply } from 'fastify';
2 import { Op } from 'sequelize';
3 import { StatusError } from '@/error/error.js';
4 import { sequelize } from '@/models/db.js';
5 import { Policy } from '@/models/Policy.js';
6 import { PolicyParameter } from '@/models/PolicyParameter.js';
7 import { PolicyParameterCategory } from '@/models/PolicyParameterCategory.js';
8 import { PolicyParameterCategoryPage } from '@/models/PolicyParameterCategoryPage.js';
9 import { PolicySetting } from '@/models/PolicySetting.js';
10 import { Organization } from '@/models/Organization.js';
11 import { Product } from '@/models/Product.js';
12 import { QuoteSession } from '@/models/QuoteSession.js';
13 import { User } from '@/models/User.js';
14 import { getFunnelTemplateForProduct } from '@/services/customFormsService.js';
15 import { resolveDynamicEnumValues } from '@/utils/dynamicEnumResolver.js';
16 import { flattenObject } from '@/utils/transformers.js';
17 import type { DateConstraints } from '@/types/dateConstraints';
18
19 interface ProductParams {
20 productId: string;
21 }
22
23 interface PolicyParams {
24 policyId: string;
25 }
26
27 interface CategoryParams {
28 categoryId: string;
29 }
30
31 interface PageParams {
32 pageId: string;
33 }
34
35 interface ParameterParams {
36 parameterId: string;
37 }
38
39 interface PolicyParameterParams {
40 policyId: string;
41 parameterId: string;
42 }
43
44 interface CreatePolicyBody {
45 name: string;
46 title?: string;
47 description?: string;
48 active?: boolean;
49 parameters?: PolicyParameterData[];
50 settings?: PolicySettingData[];
51 }
52
53 interface UpdatePolicyBody {
54 name?: string;
55 title?: string;
56 description?: string;
57 active?: boolean;
58 parameters?: PolicyParameterData[];
59 settings?: PolicySettingData[];
60 }
61
62 interface PolicyParameterData {
63 id?: number;
64 name: string;
65 label?: string;
66 description?: string;
67 required?: boolean;
68 type: string;
69 defaultValue?: any;
70 options?: any;
71 pattern?: string;
72 enumValues?: string[];
73 path?: string;
74 order?: number;
75 dynamicEnumSource?: string;
76 dynamicEnumFilter?: string;
77 policyParameterCategoryId?: number;
78 termsConfig?: { displayStyle?: 'inline' | 'links'; linkBehavior?: 'popup' | 'new_tab'; sourceType?: 'template' | 'file' | 'url'; externalUrl?: string } | null;
79 dateConstraints?: DateConstraints | null;
80 }
81
82 interface PolicySettingData {
83 id?: number;
84 name: string;
85 label?: string;
86 description?: string;
87 type: string;
88 value?: any;
89 options?: any;
90 }
91
92 interface CreateCategoryBody {
93 name: string;
94 label?: string;
95 description?: string;
96 order?: number;
97 pageId?: number;
98 }
99
100 interface UpdateCategoryBody {{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"getPolicyById\\|export async function.*Policy\" src/controllers/policyController.ts | head -30"}223:export async function getActivePolicy( 393:export async function createPolicy( 508:export async function updatePolicy( 675:export async function deletePolicy( 1188:export async function getPolicyForm(
{"description":"Review round 2: FE verify","prompt":"Round-2 adversarial re-review of the sherpa-portal and sherpa-embed changes for ticket #457 (custom additional fields on endorsements). Use rg/fd + Read. Round 1 fixes were applied — verify them and look for any remaining HIGH/MEDIUM issue or acceptance-criteria gap.\n\nAcceptance: \"Add a required new field; submit without it fails validation; submitted value stored and visible on the endorsement and in policy history.\" Fields must render in BOTH portal and embed endorsement flows; labels localizable.\n\nVerify round-1 fixes:\n1. **Portal label display** in /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx: the \"Additional Details\" section now maps each captured value's key to its configured label via `policy.endorsementFields?.find((f) => f.fieldKey === key)?.label`, falling back to a humanized key. Confirm the JSX is balanced (the .map now uses `{ const ...; return (...); }`), the PolicyOrder interface has `endorsementFields`, and it renders correctly. Any JSX/TS error?\n2. **Portal EndorsementFieldDef** in app/components/policy-management/PolicyQuoteForm.tsx now includes optional source/dataModelFieldName/order. Confirm consistent with API.\n\nRe-scan the whole front-end change for remaining issues:\n- Portal field-builder (app/components/products/endorsement-fields/EndorsementFieldsTab.tsx) and page (app/products/[id]/endorsement-fields/page.tsx) and nav (app/components/AppLayout.tsx): correct, CRUD wired to /products/:id/endorsement-fields, select-options editor sound, required toggle, dialog.\n- Portal flow (DefaultPolicyEdit.tsx + PolicyQuoteForm.tsx + EndorsementCustomFields.tsx): required-field client validation blocks submit; endorsementFieldValues included in PATCH; prefill doesn't clobber edits; the onEndorsementFieldsLoaded callback wired correctly.\n- Embed (/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo): EndorsementForm.tsx renders all field types, validates required, submits quoteId+effectiveDate+endorsementFieldValues; app.tsx route 'endorsement-form' + loadEndorsementForm + render branch wired; apiClient methods correct.\n- Any React bug (missing keys, bad hook deps causing infinite loop, controlled-input issues), any contract mismatch (field property names) that renders blank, any acceptance gap.\n\nRead the actual current file contents. Return findings: severity HIGH/MEDIUM/LOW, file:line, problem, fix. End with \"VERDICT: CLEAN\" (zero HIGH/MEDIUM) or \"VERDICT: ISSUES (n high, m medium)\". Review only — do not edit.","subagent_type":"Explore"}{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"export async function.*getPolicyById\\|export async function.*getPolicy\" src/controllers/policyOrderController.ts | head -20"}2008:export async function getPolicyById( 2436:export async function getPolicyVersions( 4411:export async function getPolicyPdfById( 4453:export async function getPolicyPdfDownloadUrl( 4819:export async function getPolicyChartData( 4965:export async function getPolicyOrderFilters(
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx"}1 "use client";
2
3 import React, { useEffect, useState, useCallback, useRef } from "react";
4 import { useRouter, useSearchParams } from "next/navigation";
5 import { usePortalPrefix } from "@/app/customer-portal/lib/portalLink";
6
7 import { ArrowLeft, Calendar, Clock, DollarSign, Download, Check, Receipt, Pencil, MessageSquare, Paperclip, Users, FileX, X, Pause, Play } from "lucide-react";
8
9 import { useTranslation } from "@gangkharai/lmt/client";
10 import { useAuth } from "@/app/components/AuthProvider";
11 import PortalLayout from "@/app/customer-portal/PortalLayout";
12 import api from "@/app/src/utils/api";
13 import { usePolicyStatuses } from "@/app/src/hooks/usePolicyStatuses";
14 import { getValidAccessToken } from "@/app/src/utils/api";
15 import { getSherpaApiUrl } from "@/app/src/utils/env";
16 import CoverageDetailsSection from "@/app/components/policies/CoverageDetailsSection";
17 import { useProductTranslate } from "@/app/lib/useProductTranslate";
18 import PolicyVersionSwitcher from "@/app/components/policies/PolicyVersionSwitcher";
19 import { CurrencyDisplay } from "@/app/components/ui/currencyDisplay";
20 import { getDecimalsForCurrency } from "@/app/components/country-picker/currencies";
21 import { formatDateDynamic } from "@/app/utils/dateFormat";
22 import BundleDiscountSection from "@/app/components/policies/BundleDiscountSection";
23 import type { PolicyBundleInfo } from "@/app/types/bundle";
24 import { Tabs, TabsList, TabsTrigger, TabsContent } from "@/app/components/ui/tabs";
25 import PolicyMessageThread from "@/app/components/policies/PolicyMessageThread";
26 import PolicyAttachmentList from "@/app/components/policies/PolicyAttachmentList";
27
28 interface PolicyOrder {
29 id: number;
30 policyId: string;
31 quoteId: string;
32 productName: string;
33 productPlanName: string;
34 status: string;
35 inceptionDate: string;
36 issueDate: string;
37 expiryDate: string;
38 policyNumber: string;
39 insurance: any;
40 version?: number;
41 transactionType?: string;
42 edit?: boolean;
43 endorsementFieldValues?: Record<string, unknown> | null;
44 endorsementFields?: { fieldKey: string; label: string }[] | null;
45 parameters: {
46 personal: {
47 address: {
48 firstName: string;
49 lastName: string;
50 postalCode: string;
51 streetName: string;
52 city: string;
53 country: string;
54 birthDate: string;
55 };
56 email: string;
57 };
58 };
59 client: {
60 id: number;
61 name: string;
62 };
63 product: {
64 productTitle: string;
65 productDescription: string;
66 productPlanTitle: string;
67 country: string;
68 countryName: string;
69 currency: string;
70 currencyPosition?: "prefix" | "suffix";
71 decimalSeparator?: string;
72 groupSeparator?: string;
73 decimalsAmount?: number;
74 dateFormat?: string;
75 insuranceTypeTitle: string;
76 isEmbedded: boolean;
77 active: boolean;
78 translationOverrides?: Record<string, Record<string, string>> | null;
79 };
80 paymentFrequency?: string;
81 productSettings?: { name: string; value: string; label: string }[];
82 bundleSubscriptionId?: number | null;
83 bundle?: PolicyBundleInfo | null;
84 country?: string;
85 displayCurrency?: string | null;
86 baseCurrency?: string | null;
87 fxRate?: string | number | null;
88 fxRateAt?: string | null;
89 messagesEnabled?: boolean;
90 customerSuspensions?: boolean;
91 hasActiveSuspensionTerms?: boolean;
92 }
93
94 interface Coverage {
95 id: number;
96 code: string;
97 name: string;
98 title: string;
99 description: string;
100 coverageAmount: string;
101 amountType?: string;
102 waitingPeriod: number;
103 exclusionType: string;
104 exclusionPeriod: number;
105 }
106
107 export default function DefaultPolicyDetails({
108 params,
109 }: {
110 params: { policyId: string } | Promise<{ policyId: string }>;
111 }) {
112 const t = useTranslation();
113 const { user } = useAuth();
114 const router = useRouter();
115 const portal = usePortalPrefix();
116 const searchParams = useSearchParams();
117 const { byCode, labelOf, colorOf, categoryOf, isCategory } = usePolicyStatuses();
118 const [policy, setPolicy] = useState<PolicyOrder | null>(null);
119 const tp = useProductTranslate(policy?.product?.translationOverrides);
120 const [loading, setLoading] = useState(true);
121 const [error, setError] = useState<string | null>(null);
122 const [showClaimSuccess, setShowClaimSuccess] = useState(false);
123 const [desktopTab, setDesktopTab] = useState("messages");
124 const [mobileTab, setMobileTab] = useState("details");
125
126 const unwrappedParams = params instanceof Promise ? React.use(params) : params;
127 const policyId = unwrappedParams?.policyId;
128 const urlVersion = searchParams.get("version");
129
130 // Track mount state so background revalidation never tries to setState after unmount.
131 const mountedRef = useRef(true);
132 useEffect(() => {
133 mountedRef.current = true;
134 return () => {
135 mountedRef.current = false;
136 };
137 }, []);
138
139 // Read the latest `policy` from a ref inside fetchPolicyFromAPI without
140 // adding it to the callback's deps (would cause an infinite refetch loop).
141 const policyRef = useRef<PolicyOrder | null>(null);
142 useEffect(() => {
143 policyRef.current = policy;
144 }, [policy]);
145
146 const fetchPolicyFromAPI = useCallback(async () => {
147 if (!user?.id || !policyId) return;
148
149 try {
150 if (mountedRef.current) setLoading(true);
151 const versionParam = urlVersion ? `?version=${urlVersion}` : "";
152 const response = await api.get(`/policies/${policyId}${versionParam}`, {
153 sherpaAdmin: false,
154 });
155
156 const policyData = response.data?.data || response.data;
157
158 if (policyData) {
159 if (mountedRef.current) setPolicy(policyData);
160 if (!urlVersion) {
161 sessionStorage.setItem(`policy_${policyId}`, JSON.stringify(policyData));
162 }
163 } else if (mountedRef.current) {
164 setError("Policy not found");
165 }
166 } catch (error: unknown) {
167 console.error("Error fetching policy details:", error);
168 const err = error as { response?: { data?: { message?: string } }; message?: string };
169 // Background revalidation failures shouldn't blow away the cached UI;
170 // only surface an error if there's nothing to show yet.
171 if (mountedRef.current) {
172 setError((prev) => (policyRef.current ? prev : err.response?.data?.message || err.message || "Failed to fetch policy details"));
173 }
174 } finally {
175 if (mountedRef.current) setLoading(false);
176 }
177 }, [policyId, user?.id, urlVersion]);
178
179 useEffect(() => {
180 const loadPolicyData = () => {
181 if (!policyId) return;
182
183 try {
184 const isReturningFromCancel = sessionStorage.getItem("refreshPolicyData") === "true";
185 const isReturningFromClaim = sessionStorage.getItem("claimSubmitted") === "true";
186
187 if (isReturningFromCancel) {
188 sessionStorage.removeItem("refreshPolicyData");
189 fetchPolicyFromAPI();
190 return;
191 }
192
193 if (isReturningFromClaim) {
194 sessionStorage.removeItem("claimSubmitted");
195 setShowClaimSuccess(true);
196 setTimeout(() => setShowClaimSuccess(false), 5000);
197 }
198
199 if (urlVersion) {
200 fetchPolicyFromAPI();
201 return;
202 }
203
204 // SWR pattern: render cached data immediately for fast paint, then
205 // always revalidate against the API so admin-side changes (cancel,
206 // suspend, reins{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/PolicyQuoteForm.tsx"}1 "use client";
2
3 import React, { useState, useEffect, useCallback, useMemo, useRef } from "react";
4 import { ChevronDown, ChevronUp, Check, RefreshCw, X as XIcon } from "lucide-react";
5 import DynamicIcon from "@/app/components/ui/DynamicIcon";
6 import { useTranslation } from "@gangkharai/lmt/client";
7
8 import { getCurrencySymbol } from "@/app/components/country-picker/currencies";
9 import { formatCurrency, CurrencyFormatOptions } from "@/app/components/ui/currencyDisplay";
10 import { Switch } from "@/app/components/ui/switch";
11 import api from "@/app/src/utils/api";
12
13 interface FormParameter {
14 id: number;
15 name: string;
16 label: string;
17 description: string;
18 required: boolean;
19 type: string;
20 pattern: string;
21 defaultValue?: string | number | boolean;
22 options: Array<{ value: string; label: string; description?: string; icon?: string }>;
23 enumValues: string[];
24 path: string;
25 order: number;
26 }
27
28 interface FormCategory {
29 id: number;
30 name: string;
31 label: string;
32 description: string;
33 order: number;
34 parameters: FormParameter[];
35 }
36
37 interface FormPage {
38 id: number | null;
39 name: string;
40 label: string;
41 description: string;
42 order: number;
43 categories: FormCategory[];
44 }
45
46 interface FormApiResponse {
47 pages: FormPage[];
48 uncategorizedParameters: FormParameter[];
49 }
50
51 interface PremiumData {
52 basePremium: number;
53 premiumWithoutTax: number | null;
54 premiumWithTax: number | null;
55 salesTax: number | null;
56 commissionTax?: number | null;
57 }
58
59 interface FrequencyPremium {
60 premiumWithoutTax: number | null;
61 salesTax: number | null;
62 premiumWithTax: number | null;
63 [key: string]: number | null;
64 }
65
66 interface CoverageOptionPricing {
67 premiumsByFrequency?: Record<string, FrequencyPremium>;
68 }
69
70 interface DeductibleOption {
71 value: number;
72 type: "fixed" | "percentage";
73 label?: string;
74 isDefault?: boolean;
75 }
76
77 interface CoveragePricing {
78 basePrice?: number;
79 premiumWithoutTax?: number;
80 salesTax?: number;
81 premiumWithTax?: number;
82 premiumsByFrequency?: Record<string, FrequencyPremium>;
83 }
84
85 interface CoverageOption {
86 id: number;
87 name: string;
88 coverageLimit: string;
89 deductibles?: DeductibleOption[] | null;
90 pricing?: Record<string, CoverageOptionPricing>;
91 }
92
93 interface Coverage {
94 id: number;
95 name: string;
96 title: string;
97 selected?: boolean;
98 selectedOptionId?: number;
99 selectedDeductible?: string;
100 selectedDeductibleType?: "fixed" | "percentage";
101 coverageAmount?: string;
102 baseCoverage?: boolean;
103 coverageOptions?: CoverageOption[];
104 pricing?: CoveragePricing;
105 [key: string]: unknown;
106 }
107
108 interface PlanData {
109 title: string;
110 premiumsByFrequency: Record<string, PremiumData>;
111 currency: string;
112 currencyPosition?: "prefix" | "suffix";
113 groupSeparator?: string;
114 decimalsAmount?: number;
115 decimalSeparator?: string;
116 coverages: Coverage[];
117 }
118
119 interface InsuranceData {
120 [productName: string]: {
121 [planName: string]: PlanData;
122 };
123 }
124
125 interface BundleDiscount {
126 type: string;
127 value: number;
128 discountAmount: number;
129 premiumBeforeDiscount: number;
130 }
131
132 interface EndorsementAdjustments {
133 billingEffectiveDate: string;
134 adjustmentPremium: number | null;
135 adjustmentTax: number | null;
136 adjustmentCommission: number;
137 adjustmentCommissionTax?: number | null;
138 }
139
140 interface CurrentPolicy {
141 premiumWithoutTax: number | null;
142 premiumWithTax: number | null;
143 paymentFrequency: string;
144 }
145
146 export interface EndorsementFieldDef {
147 fieldKey: string;
148 label: string;
149 helpText: string | null;
150 type: string;
151 required: boolean;
152 options: { value: string; label: string }[] | null;
153 validationPattern: string | null;
154 source?: string;
155 dataModelFieldName?: string | null;
156 order?: number;
157 }
158
159 interface QuoteResponse {
160 quoteId: string;
161 insurance: InsuranceData;
162 parameters?: Record<string, unknown>;
163 bundleDiscount?: BundleDiscount | null;
164 endorsementAdjustments?: EndorsementAdjustments;
165 currentPolicy?: CurrentPolicy;
166 endorsementFields?: EndorsementFieldDef[];
167 endorsementFieldValues?: Record<string, unknown>;
168 }
169
170 interface PolicyQuoteFormProps {
171 policyOrderId: string;
172 productName: string;
173 activePlanName: string;
174 quoteId: string;
175 effectiveDate: string;
176 paymentFrequency: string;
177 insurance: InsuranceData;
178 onInsuranceUpdate: (insurance: InsuranceData) => void;
179 onQuoteIdUpdate: (quoteId: string) => void;
180 onPlanChange?: (planName: string) => void;
181 onEndorsementFieldsLoaded?: (fields: EndorsementFieldDef[], values: Record<string, unknown>) => void;
182 saving?: boolean;
183 submitError?: string | null;
184 isCustomerPortal?: boolean;
185 }
186
187 const setValueAtPath = (
188 obj: Record<string, unknown>,
189 path: string,
190 value: unknown
191 ): Record<string, unknown> => {
192 const keys = path.split(".");
193 const result = JSON.parse(JSON.stringify(obj));
194 let current: Record<string, unknown> = result;
195
196 for (let i = 0; i < keys.length - 1; i++) {
197 const key = keys[i];
198 if (!(key in current) || typeof current[key] !== "object" || current[key] === null) {
199 current[key] = {};
200 }
201 current = current[key] as Record<string, unknown>;
202 }
203
204 current[keys[keys.length - 1]] = value;
205 return result;
206 };
207
208 const getValueFromPath = (obj: Record<string, unknown>, path: string): unknown => {
209 const keys = path.split(".");
210 let current: unknown = obj;
211
212 for (const key of keys) {
213 if (current === null || current === undefined || typeof current !== "object") {
214 return undefined;
215 }
216 current = (current as Record<string, unknown>)[key];
217 }
218
219 return current;
220 };
221
222 const getFrequencyLabel = (freq: string) => {
223 const labels: Record<string, string> = {
224 month: "Monthly",
225 quarter: "Quarterly",
226 year: "Yearly",
227 "one-time": "One-time",
228 day: "Daily",
229 };
230 return labels[freq] || freq;
231 };
232
233 const getFrequencyShort = (freq: string) => {
234 const labels: Record<string, string> = {
235 month: "/mo",
236 quarter: "/qtr",
237 year: "/yr",
238 "one-time": "",
239 day: "/day",
240 };
241 return labels[freq] || `/${freq}`;
242 };
243
244 const getCurrencyFormat = (plan: PlanData): CurrencyFormatOptions => ({
245 currency: plan.currency || "USD",
246 currencyPosition: plan.currencyPosition || "prefix",
247 decimalSeparator: plan.decimalSeparator || ".",
248 groupSeparator: plan.groupSeparator || ",",
249 decimalsAmount: plan.decimalsAmount,
250 });
251
252 // Merge fresh quote-response coverages into local coverages by id, preserving
253 // local user-selection state (selected/selectedOptionId/selectedDeductible)
254 // while picking up server-computed pricing + coverageOptions.
255 const mergeCoveragesFromQuote = (
256 local: Coverage[] | undefined,
257 fromQuote: Coverage[] | undefined
258 ): Coverage[] => {
259 if (!fromQuote) return local ?? [];
260 if (!local || local.length === 0) return fromQuote;
261 const localById = new Map(local.map((c) => [c.id, c]));
262 return fromQuote.map((qc) => {
263 const lc = localById.get(qc.id);
264 if (!lc) return qc;
265 return {
266 ...qc,
267 selected: lc.selected ?? qc.selected,
268 selectedOptionId: lc.selectedOptionId ?? qc.selectedOptionId,
269 sele{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/products/endorsement-fields/EndorsementFieldsTab.tsx"}1 "use client";
2
3 import React, { useEffect, useState, useCallback } from "react";
4 import { Plus, Trash2, Pencil, X } from "lucide-react";
5 import { Button } from "@/app/components/ui/button";
6 import { Input } from "@/app/components/ui/input";
7 import { Textarea } from "@/app/components/ui/textarea";
8 import { Label } from "@/app/components/ui/label";
9 import { Switch } from "@/app/components/ui/switch";
10 import {
11 Select,
12 SelectContent,
13 SelectItem,
14 SelectTrigger,
15 SelectValue,
16 } from "@/app/components/ui/select";
17 import {
18 Dialog,
19 DialogContent,
20 DialogFooter,
21 DialogHeader,
22 DialogTitle,
23 } from "@/app/components/ui/dialog";
24 import { showSuccessToast, showErrorToast } from "@/app/components/Toast";
25 import api from "@/app/src/utils/api";
26 import { useLMT } from "@/lib/lmt/config";
27
28 type EndorsementFieldType = "string" | "number" | "date" | "boolean" | "select" | "textarea";
29
30 interface EndorsementFieldOption {
31 value: string;
32 label: string;
33 }
34
35 interface EndorsementField {
36 id: string;
37 fieldKey: string;
38 label: string;
39 helpText: string | null;
40 type: EndorsementFieldType;
41 required: boolean;
42 options: EndorsementFieldOption[] | null;
43 validationPattern: string | null;
44 source: "adhoc" | "datamodel";
45 dataModelFieldName: string | null;
46 order: number;
47 active: boolean;
48 }
49
50 const FIELD_TYPES: { value: EndorsementFieldType; label: string }[] = [
51 { value: "string", label: "Text" },
52 { value: "textarea", label: "Long text" },
53 { value: "number", label: "Number" },
54 { value: "date", label: "Date" },
55 { value: "boolean", label: "Checkbox" },
56 { value: "select", label: "Dropdown" },
57 ];
58
59 interface DraftField {
60 label: string;
61 type: EndorsementFieldType;
62 required: boolean;
63 helpText: string;
64 validationPattern: string;
65 options: EndorsementFieldOption[];
66 }
67
68 function emptyDraft(): DraftField {
69 return { label: "", type: "string", required: false, helpText: "", validationPattern: "", options: [] };
70 }
71
72 export default function EndorsementFieldsTab({ productId }: { productId: string }) {
73 const { t } = useLMT();
74 const [fields, setFields] = useState<EndorsementField[]>([]);
75 const [loading, setLoading] = useState(true);
76 const [dialogOpen, setDialogOpen] = useState(false);
77 const [editing, setEditing] = useState<EndorsementField | null>(null);
78 const [draft, setDraft] = useState<DraftField>(emptyDraft());
79 const [saving, setSaving] = useState(false);
80
81 const load = useCallback(async () => {
82 try {
83 setLoading(true);
84 const res = await api.get<{ data: EndorsementField[] }>(`/products/${productId}/endorsement-fields`);
85 setFields(res.data.data);
86 } catch {
87 showErrorToast(t("Failed to load endorsement fields"));
88 } finally {
89 setLoading(false);
90 }
91 }, [productId, t]);
92
93 useEffect(() => {
94 void load();
95 }, [load]);
96
97 const openCreate = () => {
98 setEditing(null);
99 setDraft(emptyDraft());
100 setDialogOpen(true);
101 };
102
103 const openEdit = (field: EndorsementField) => {
104 setEditing(field);
105 setDraft({
106 label: field.label,
107 type: field.type,
108 required: field.required,
109 helpText: field.helpText ?? "",
110 validationPattern: field.validationPattern ?? "",
111 options: field.options ? field.options.map((o) => ({ ...o })) : [],
112 });
113 setDialogOpen(true);
114 };
115
116 const setOption = (index: number, key: keyof EndorsementFieldOption, value: string) => {
117 setDraft((d) => ({
118 ...d,
119 options: d.options.map((o, i) => (i === index ? { ...o, [key]: value } : o)),
120 }));
121 };
122
123 const buildPayload = () => ({
124 label: draft.label.trim(),
125 type: draft.type,
126 required: draft.required,
127 helpText: draft.helpText.trim() || null,
128 validationPattern:
129 (draft.type === "string" || draft.type === "textarea") && draft.validationPattern.trim()
130 ? draft.validationPattern.trim()
131 : null,
132 options:
133 draft.type === "select"
134 ? draft.options
135 .map((o) => ({ value: o.value.trim(), label: o.label.trim() }))
136 .filter((o) => o.value && o.label)
137 : null,
138 });
139
140 const save = async () => {
141 if (!draft.label.trim()) {
142 showErrorToast(t("Field label is required"));
143 return;
144 }
145 if (draft.type === "select" && buildPayload().options!.length === 0) {
146 showErrorToast(t("Dropdown fields need at least one option"));
147 return;
148 }
149 try {
150 setSaving(true);
151 if (editing) {
152 await api.patch(`/products/${productId}/endorsement-fields/${editing.id}`, buildPayload());
153 showSuccessToast(t("Endorsement field updated"));
154 } else {
155 await api.post(`/products/${productId}/endorsement-fields`, buildPayload());
156 showSuccessToast(t("Endorsement field added"));
157 }
158 setDialogOpen(false);
159 await load();
160 } catch (err) {
161 const message =
162 (err as { response?: { data?: { message?: string } } })?.response?.data?.message ??
163 t("Failed to save endorsement field");
164 showErrorToast(message);
165 } finally {
166 setSaving(false);
167 }
168 };
169
170 const remove = async (field: EndorsementField) => {
171 if (!window.confirm(t("Delete this endorsement field? Already-captured values are kept on existing policies."))) return;
172 try {
173 await api.delete(`/products/${productId}/endorsement-fields/${field.id}`);
174 showSuccessToast(t("Endorsement field deleted"));
175 await load();
176 } catch {
177 showErrorToast(t("Failed to delete endorsement field"));
178 }
179 };
180
181 const toggleActive = async (field: EndorsementField) => {
182 try {
183 await api.patch(`/products/${productId}/endorsement-fields/${field.id}`, { active: !field.active });
184 await load();
185 } catch {
186 showErrorToast(t("Failed to update endorsement field"));
187 }
188 };
189
190 return (
191 <div data-testid="endorsement-fields-tab">
192 <div className="mb-4 flex items-start justify-between gap-4">
193 <div>
194 <h2 className="text-2xl font-bold text-gray-900">{t("Endorsement Fields")}</h2>
195 <p className="mt-1 max-w-2xl text-sm text-gray-500">
196 {t(
197 "Extra fields collected when a customer or operator endorses a policy of this product. Values are stored on the endorsement and visible in policy history.",
198 )}
199 </p>
200 </div>
201 <Button onClick={openCreate} data-testid="add-endorsement-field">
202 <Plus className="mr-2 h-4 w-4" />
203 {t("Add field")}
204 </Button>
205 </div>
206
207 {loading ? (
208 <div className="py-12 text-center text-gray-500">{t("Loading...")}</div>
209 ) : fields.length === 0 ? (
210 <div className="rounded-md border border-dashed border-gray-300 py-12 text-center text-gray-500">
211 {t("No custom endorsement fields yet. Add one to start collecting extra data at endorsement time.")}
212 </div>
213 ) : (
214 <div className="overflow-hidden rounded-md border border-gray-200">
215 <table className="min-w-full divide-y divide-gray-200">
216 <thead className="bg-gray-50">
217 <tr>
218 <th className="px-4 py-2 text-left text-xs font-medium uppercase tracking-wider text-gray-500">{t("Label")}</th>
219 <th {"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/products/[id]/endorsement-fields/page.tsx"}1 "use client";
2
3 import React, { useState, useEffect } from "react";
4
5 import AppLayout from "@/app/components/AppLayout";
6 import EndorsementFieldsTab from "@/app/components/products/endorsement-fields/EndorsementFieldsTab";
7 import { ProtectedRoute } from "@/app/components/ProtectedRoute";
8 import { CRMOnlyRoute } from "@/app/components/UserTypeRoute";
9 import api from "@/app/src/utils/api";
10 import { ProductData } from "@/app/types/product";
11 import { useLMT } from "@/lib/lmt/config";
12
13 export default function ProductEndorsementFieldsPage({ params }: { params: { id: string } }) {
14 const unwrappedParams = params instanceof Promise ? React.use(params) : params;
15 const productId = unwrappedParams?.id || "";
16 const { t } = useLMT();
17
18 const [product, setProduct] = useState<ProductData | null>(null);
19 const [loading, setLoading] = useState(true);
20 const [error, setError] = useState<React.ReactNode | null>(null);
21
22 useEffect(() => {
23 if (!productId) {
24 setError(t("Invalid product ID"));
25 setLoading(false);
26 return;
27 }
28
29 const fetchProduct = async () => {
30 try {
31 setLoading(true);
32 const response = await api.get(`/products/${productId}`);
33 setProduct(response.data.data);
34 setLoading(false);
35 } catch (error) {
36 console.error("Error fetching product:", error);
37 setError(t("Failed to load product details"));
38 setLoading(false);
39 }
40 };
41
42 fetchProduct();
43 }, [productId, t]);
44
45 if (loading) {
46 return (
47 <ProtectedRoute>
48 <CRMOnlyRoute>
49 <AppLayout>
50 <div className="px-4 py-6 sm:px-0">
51 <div className="overflow-hidden rounded-md bg-white shadow-md">
52 <div className="flex h-64 items-center justify-center">
53 <div className="text-center">
54 <div className="mb-4 h-12 w-12 animate-spin rounded-full border-4 border-blue-600 border-t-transparent"></div>
55 <p className="text-gray-600">{t("Loading product...")}</p>
56 </div>
57 </div>
58 </div>
59 </div>
60 </AppLayout>
61 </CRMOnlyRoute>
62 </ProtectedRoute>
63 );
64 }
65
66 if (error || !product) {
67 return (
68 <ProtectedRoute>
69 <CRMOnlyRoute>
70 <AppLayout>
71 <div className="px-4 py-6 sm:px-0">
72 <div className="overflow-hidden rounded-md bg-white shadow-md">
73 <div className="p-6 text-center">
74 <p className="text-red-600">{error || t("Product not found")}</p>
75 </div>
76 </div>
77 </div>
78 </AppLayout>
79 </CRMOnlyRoute>
80 </ProtectedRoute>
81 );
82 }
83
84 return (
85 <ProtectedRoute>
86 <CRMOnlyRoute>
87 <AppLayout>
88 <div className="px-4 py-6 sm:px-0">
89 <div className="overflow-hidden rounded-md bg-white shadow-md">
90 <div className="p-6">
91 <EndorsementFieldsTab productId={productId} />
92 </div>
93 </div>
94 </div>
95 </AppLayout>
96 </CRMOnlyRoute>
97 </ProtectedRoute>
98 );
99 }
100 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":2008,"limit":400}2008 export async function getPolicyById(
2009 request: FastifyRequest<{ Params: { policyId: string }; Querystring: { version?: number } }>,
2010 _reply: FastifyReply
2011 ): Promise<Record<string, unknown>> {
2012 void _reply;
2013 const { policyId } = request.params;
2014 const { version } = request.query;
2015 const organizationId = request.ident?.org?.id;
2016
2017 if (!organizationId) {
2018 throw new StatusError(400, 'Organization context required');
2019 }
2020
2021 const currentUser = request.ident?.user;
2022 const isCustomer = currentUser?.userType === 'customer';
2023
2024 const requestedPolicy = await PolicyOrderModel.findOne(request, {
2025 where: { policyId },
2026 include: [{ model: Product.raw, as: 'productRelation', required: true }],
2027 });
2028
2029 if (!requestedPolicy) {
2030 throw new StatusError(404, 'Policy order not found');
2031 }
2032
2033 const rootPolicyId = requestedPolicy.rootPolicyId || requestedPolicy.policyId;
2034
2035 let policyOrder: PolicyOrderModel | null;
2036
2037 if (version !== undefined) {
2038 policyOrder = await PolicyOrderModel.findOne(request, {
2039 where: {
2040 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
2041 version,
2042 },
2043 include: [
2044 { model: Product.raw, as: 'productRelation', required: true },
2045 { model: Client.raw, as: 'client', required: false },
2046 { model: Customer.raw, as: 'customer', required: false },
2047 ],
2048 });
2049 if (!policyOrder) {
2050 throw new StatusError(404, `Version ${version} not found for this policy`);
2051 }
2052 } else {
2053 const today = getBusinessDate(request.ident!.org.timezone);
2054 policyOrder = await PolicyOrderModel.findOne(request, {
2055 where: {
2056 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
2057 effectiveDate: { [Op.lte]: today },
2058 },
2059 include: [
2060 { model: Product.raw, as: 'productRelation', required: true },
2061 { model: Client.raw, as: 'client', required: false },
2062 { model: Customer.raw, as: 'customer', required: false },
2063 ],
2064 order: [['effectiveDate', 'DESC'], ['version', 'DESC']],
2065 });
2066
2067 if (!policyOrder) {
2068 const fallbackActiveCodes = await getCodesForCategory(organizationId, PolicyStatusLifecycleCategory.ACTIVE);
2069 policyOrder = await PolicyOrderModel.findOne(request, {
2070 where: {
2071 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
2072 status: { [Op.in]: fallbackActiveCodes },
2073 },
2074 include: [
2075 { model: Product.raw, as: 'productRelation', required: true },
2076 { model: Client.raw, as: 'client', required: false },
2077 { model: Customer.raw, as: 'customer', required: false },
2078 ],
2079 order: [['version', 'DESC']],
2080 });
2081 }
2082
2083 if (!policyOrder) {
2084 policyOrder = await PolicyOrderModel.findOne(request, {
2085 where: {
2086 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
2087 },
2088 include: [
2089 { model: Product.raw, as: 'productRelation', required: true },
2090 { model: Client.raw, as: 'client', required: false },
2091 { model: Customer.raw, as: 'customer', required: false },
2092 ],
2093 order: [['version', 'DESC']],
2094 });
2095 }
2096 }
2097
2098 if (!policyOrder) {
2099 throw new StatusError(404, 'Policy order not found');
2100 }
2101
2102 if (isCustomer && policyOrder.customerId !== currentUser?.id) {
2103 throw new StatusError(403, 'You can only access your own policies');
2104 }
2105
2106 const policyData = policyOrder.get({ plain: true }) as Record<string, unknown>;
2107
2108 if (policyData.client) {
2109 delete policyData.client;
2110 }
2111
2112 // Keep the live product's translationOverrides before dropping the relation —
2113 // the snapshot `policyData.product` is frozen at issue time, but translations
2114 // may be authored later, so the portal needs the current overrides to localize
2115 // product/plan/coverage strings.
2116 const productRelationData = policyData.productRelation as Record<string, unknown> | undefined;
2117 if (policyData.productRelation) {
2118 delete policyData.productRelation;
2119 }
2120
2121 if (policyData.requestHeaders) {
2122 delete policyData.requestHeaders;
2123 }
2124
2125 if (policyData.requestBody) {
2126 delete policyData.requestBody;
2127 }
2128
2129 if (policyData.network) {
2130 delete policyData.network;
2131 }
2132 // Commission tax is internal financial data — not exposed on customer-facing endpoints
2133 delete policyData.commissionTax;
2134 delete policyData.adjustmentCommissionTax;
2135
2136 if (policyOrder.productId && policyOrder.quoteId) {
2137 const activeQuote = await Quote.findOne({ organizationId }, {
2138 where: { productId: policyOrder.productId, active: true },
2139 });
2140
2141 if (activeQuote) {
2142 const coverageParameters = await QuoteParameter.findAll({ organizationId }, {
2143 where: { quoteId: activeQuote.id, isCoverage: true },
2144 attributes: ['label', 'path'],
2145 });
2146
2147 if (coverageParameters.length > 0) {
2148 const quoteSession = await QuoteSession.findOne(request, {
2149 where: { quoteId: policyOrder.quoteId },
2150 attributes: ['parameters'],
2151 });
2152
2153 if (quoteSession) {
2154 const additionalCoverages = coverageParameters
2155 .map((param) => {
2156 if (!param.path) return null;
2157 const pathParts = param.path.split('.');
2158 let value: unknown = quoteSession.parameters;
2159 for (const part of pathParts) {
2160 if (value && typeof value === 'object' && part in value) {
2161 value = (value as Record<string, unknown>)[part];
2162 } else {
2163 return null;
2164 }
2165 }
2166 if (value === undefined || value === null) return null;
2167 return {
2168 title: param.label,
2169 coverageAmount: String(value),
2170 };
2171 })
2172 .filter((c): c is { title: string; coverageAmount: string } => c !== null);
2173
2174 if (additionalCoverages.length > 0) {
2175 const insurance = policyData.insurance as Record<string, unknown> | undefined;
2176 if (insurance) {
2177 for (const productName of Object.keys(insurance)) {
2178 const productData = insurance[productName];
2179 if (productData && typeof productData === 'object') {
2180 const plans = productData as Record<string, Record<string, unknown>>;
2181 for (const planName of Object.keys(plans)) {
2182 const planData = plans[planName];
2183 if (planData && typeof planData === 'object') {
2184 const existingCoverages = Array.isArray(planData.coverages)
2185 ? (planData.coverages as unknown[])
2186 : [];
2187 planData.coverages = [...existingCoverages, ...additionalCoverages];
2188 }
2189 }
2190 }
2191 }
2192 }
2193 }
2194 }
2195 }
2196 }
2197 }
2198
2199 if (policyData.insurance && policyData.parameters && policyOrder.productId) {
2200 const quoteSession = policyOrder.quoteId
2201 ? await QuoteSession.findOne(re{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":2407,"limit":200}2407 }
2408 if (policyData.bundle) {
2409 (policyData.bundle as any).originalPremiumWithTax = null;
2410 (policyData.bundle as any).premiumWithTax = null;
2411 (policyData.bundle as any).totalDiscount = null;
2412 (policyData.bundle as any).perProduct = null;
2413 }
2414 }
2415
2416 const policyVisibilityConfig = await getPolicyVisibilityConfig(request, organizationId);
2417 policyData.messagesEnabled = !policyVisibilityConfig.disablePolicyMessages;
2418
2419 // Resolved custom endorsement field definitions (localised) so the portal can
2420 // render captured values with their proper labels in policy detail/history (#457).
2421 if (policyOrder.productId) {
2422 const endorsementFieldDefs = await getActiveEndorsementFields(request, policyOrder.productId);
2423 policyData.endorsementFields = resolveEndorsementFieldsForLocale(
2424 endorsementFieldDefs,
2425 getLocaleFromHeader(request),
2426 (productRelationData?.translationOverrides as Record<string, Record<string, string>> | null | undefined) ?? null,
2427 );
2428 }
2429
2430 return {
2431 status: 'success',
2432 data: policyData,
2433 };
2434 }
2435
2436 export async function getPolicyVersions(
2437 request: FastifyRequest<{ Params: { policyId: string } }>,
2438 _reply: FastifyReply
2439 ) {
2440 void _reply;
2441 const { policyId } = request.params;
2442 const organizationId = request.ident?.org?.id;
2443
2444 if (!organizationId) {
2445 throw new StatusError(400, 'Organization context required');
2446 }
2447
2448 const requestedPolicy = await PolicyOrderModel.findOne(request, {
2449 where: { policyId },
2450 include: [{ model: Product.raw, as: 'productRelation', required: true }],
2451 });
2452
2453 if (!requestedPolicy) {
2454 throw new StatusError(404, 'Policy order not found');
2455 }
2456
2457 const rootPolicyId = requestedPolicy.rootPolicyId || requestedPolicy.policyId;
2458
2459 const versions = await PolicyOrderModel.findAll(request, {
2460 where: {
2461 [Op.or]: [{ rootPolicyId }, { policyId: rootPolicyId }],
2462 },
2463 attributes: ['policyId', 'version', 'transactionType', 'effectiveDate', 'previousPolicyId', 'status'],
2464 order: [['version', 'ASC']],
2465 });
2466
2467 return {
2468 status: 'success',
2469 data: {
2470 rootPolicyId,
2471 versions: versions.map((v) => ({
2472 policyId: v.policyId,
2473 version: v.version,
2474 transactionType: v.transactionType,
2475 effectiveDate: v.effectiveDate,
2476 previousPolicyId: v.previousPolicyId,
2477 status: v.status,
2478 })),
2479 },
2480 };
2481 }
2482
2483 interface ClientInfo {
2484 clientNumericId: number | null;
2485 userId: string | null;
2486 organizationId: string;
2487 isWidget: boolean;
2488 }
2489
2490 interface CreatePolicyData {
2491 quoteId: string;
2492 status?: string;
2493 productName?: string;
2494 productPlanName?: string;
2495 parameters: Record<string, unknown>;
2496 inceptionDate?: string;
2497 paymentFrequency?: 'year' | 'month' | 'quarter' | 'one-time' | 'day';
2498 externalClientId?: string;
2499 externalTransactionId?: string;
2500 testMode?: boolean;
2501 returnUrl?: string;
2502 skipInvoice?: boolean;
2503 bundleSubscriptionId?: number;
2504 /**
2505 * When re-submitting after a manual compliance decision, pass the map of
2506 * capability → checkId so the gate resolves to those rows and the flow
2507 * proceeds. First submissions omit this — the gate creates fresh checks and
2508 * returns 202 with the new map.
2509 */
2510 complianceCheckIds?: Record<string, string>;
2511 /** Bundle discount to apply at creation time. */
2512 bundleDiscount?: {
2513 type: 'percentage' | 'fixed';
2514 value: number;
2515 /** Total premiumWithoutTax across all bundle products — needed for fixed discount proportional distribution. */
2516 totalPremiumWithoutTax?: number;
2517 };
2518 }
2519
2520 export type CreatePolicyOrderResult = PolicyResponse;
2521
2522 interface CreatePolicyFromPremiumData {
2523 status?: string;
2524 productName?: string;
2525 productPlanName?: string;
2526 quoteParameters: Record<string, unknown>;
2527 policyParameters: Record<string, unknown>;
2528 insurance?: Record<string, unknown>;
2529 inceptionDate?: string;
2530 quoteId?: string;
2531 paymentFrequency?: 'year' | 'month' | 'quarter' | 'one-time' | 'day';
2532 testMode?: boolean;
2533 returnUrl?: string;
2534 paymentFlow?: 'standard' | 'embedded-payment';
2535 externalClientId?: string;
2536 externalTransactionId?: string;
2537 selectedCoverages?: Array<{
2538 coverageId: number;
2539 optionId: number | null;
2540 parameters?: Record<string, unknown>;
2541 }>;
2542 premiumsByFrequency: Record<
2543 string,
2544 {
2545 premiumWithTax: number;
2546 basePremium?: number;
2547 premiumWithoutTax?: number;
2548 salesTax?: number;
2549 commissionTax?: number;
2550 }
2551 >;
2552 displayCurrency?: string;
2553 }
2554
2555 interface PolicyResponse {
2556 policyId: string;
2557 policyOrderId: number;
2558 policyNumber: string | null;
2559 issueDate: string;
2560 inceptionDate: string;
2561 expiryDate: string | null;
2562 status: string;
2563 // Discriminator for the consumer (sherpa-embed) so it knows whether to
2564 // window-redirect to a hosted Stripe page (`redirect`) or navigate its own
2565 // SPA to /checkout/:embedCheckoutSessionId (`iframe`). Only set when an
2566 // external payment provider produced a payment intent/invoice for this
2567 // policy. Driven by product.paymentUiMode.
2568 paymentFlowMode?: 'redirect' | 'iframe';
2569 payment?: {
2570 url?: string;
2571 externalReference: string;
2572 provider: string;
2573 status: string;
2574 clientSecret?: string;
2575 embedCheckoutSessionId?: string;
2576 };
2577 }
2578
2579 // Mirrors src/routes/embedCheckoutRoutes.ts SESSION_TTL_HOURS so a PolicyOrder
2580 // created via the standard /policy or /policy/premium endpoints with
2581 // paymentUiMode='iframe' has the same checkout-link lifespan as one created
2582 // via /policy/embed-checkout. Keep in sync if the embed-checkout route's TTL
2583 // changes.
2584 const EMBED_CHECKOUT_SESSION_TTL_HOURS = 1;
2585
2586 /**
2587 * Mint an EmbedCheckoutSession row for a PolicyOrder whose product is
2588 * configured with paymentUiMode='iframe'. Called AFTER `handlePaymentIntent`
2589 * has minted the provider intent and persisted externalPaymentRef on the
2590 * PolicyOrder. The session id is what the consumer (sherpa-embed) navigates
2591 * to under /checkout/:embedCheckoutSessionId.
2592 *
2593 * `returnUrl` propagates from the policy-create body into the session's
2594 * `successUrl` column so partners can supply a custom thank-you URL even in
2595 * iframe mode (where the customer never sees a Stripe-hosted page). The URL
2596 * is re-validated with `isSafeHttpsUrl` as defense in depth — same hardening
2597 * as the dedicated /policy/embed-checkout route — so a future schema
2598 * regression or alternate body parser cannot smuggle `javascript:` or
2599 * `data:` schemes through. Anything missing or unsafe falls back to null,
2600 * which makes the embed redirect to its built-in /thank-you route.
2601 *
2602 * Delegates to `tryCreateEmbedCheckoutSession` so the compensating cleanup
2603 * (cancel PaymentIntent + mark PolicyOrder cancelled on insert failure) is
2604 * identical across all session-creation call sites.
2605 */
2606 async function createEmbedCheckoutSessionForOrder(params: {{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyEdit.tsx","limit":300}File does not exist. Note: your current working directory is /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo.
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/EndorsementCustomFields.tsx"}1 "use client";
2
3 import React from "react";
4 import { Input } from "@/app/components/ui/input";
5 import { Textarea } from "@/app/components/ui/textarea";
6 import { Label } from "@/app/components/ui/label";
7 import { Switch } from "@/app/components/ui/switch";
8 import {
9 Select,
10 SelectContent,
11 SelectItem,
12 SelectTrigger,
13 SelectValue,
14 } from "@/app/components/ui/select";
15 import { useTranslation } from "@gangkharai/lmt/client";
16 import type { EndorsementFieldDef } from "./PolicyQuoteForm";
17
18 interface EndorsementCustomFieldsProps {
19 fields: EndorsementFieldDef[];
20 values: Record<string, unknown>;
21 errors: Record<string, string>;
22 onChange: (key: string, value: unknown) => void;
23 }
24
25 // Renders the product's configured custom endorsement fields in the
26 // customer/operator endorsement flow. Labels arrive already localised from the
27 // API (LMT). Values + validation errors are owned by the parent form (#457).
28 export default function EndorsementCustomFields({
29 fields,
30 values,
31 errors,
32 onChange,
33 }: EndorsementCustomFieldsProps) {
34 const t = useTranslation();
35 if (!fields || fields.length === 0) return null;
36
37 return (
38 <div className="rounded-lg border border-gray-200 bg-white p-6" data-testid="endorsement-custom-fields">
39 <h3 className="mb-1 text-lg font-semibold text-gray-900">{t("Additional information")}</h3>
40 <p className="mb-4 text-sm text-gray-500">{t("Please complete the fields below to apply your change.")}</p>
41 <div className="space-y-4">
42 {fields.map((field) => {
43 const value = values[field.fieldKey];
44 const error = errors[field.fieldKey];
45 const inputId = `ef-input-${field.fieldKey}`;
46 return (
47 <div key={field.fieldKey}>
48 {field.type !== "boolean" && (
49 <Label htmlFor={inputId} className="mb-1 block">
50 {field.label}
51 {field.required && <span className="text-red-500"> *</span>}
52 </Label>
53 )}
54
55 {field.type === "textarea" && (
56 <Textarea
57 id={inputId}
58 data-testid={inputId}
59 value={typeof value === "string" ? value : ""}
60 onChange={(e) => onChange(field.fieldKey, e.target.value)}
61 />
62 )}
63
64 {(field.type === "string" || field.type === "number" || field.type === "date") && (
65 <Input
66 id={inputId}
67 data-testid={inputId}
68 type={field.type === "number" ? "number" : field.type === "date" ? "date" : "text"}
69 value={value === undefined || value === null ? "" : String(value)}
70 onChange={(e) => onChange(field.fieldKey, e.target.value)}
71 />
72 )}
73
74 {field.type === "boolean" && (
75 <div className="flex items-center gap-3">
76 <Switch
77 id={inputId}
78 data-testid={inputId}
79 checked={value === true}
80 onCheckedChange={(checked) => onChange(field.fieldKey, checked)}
81 />
82 <Label htmlFor={inputId} className="cursor-pointer">
83 {field.label}
84 {field.required && <span className="text-red-500"> *</span>}
85 </Label>
86 </div>
87 )}
88
89 {field.type === "select" && (
90 <Select
91 value={typeof value === "string" ? value : ""}
92 onValueChange={(v) => onChange(field.fieldKey, v)}
93 >
94 <SelectTrigger id={inputId} data-testid={inputId}>
95 <SelectValue placeholder={t("Select...")} />
96 </SelectTrigger>
97 <SelectContent>
98 {(field.options ?? []).map((opt) => (
99 <SelectItem key={opt.value} value={opt.value}>
100 {opt.label}
101 </SelectItem>
102 ))}
103 </SelectContent>
104 </Select>
105 )}
106
107 {field.helpText && <p className="mt-1 text-xs text-gray-500">{field.helpText}</p>}
108 {error && (
109 <p className="mt-1 text-xs text-red-600" data-testid={`ef-error-${field.fieldKey}`}>
110 {error}
111 </p>
112 )}
113 </div>
114 );
115 })}
116 </div>
117 </div>
118 );
119 }
120 {"pattern":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/**/*.tsx"}/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/AcceptancePage.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/BundleOrderSummary.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/BundlePolicyForm.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/BundleProductSelect.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/BundleResults.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/BundleThankYou.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/ClaimForm.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/DynamicIcon.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/ErrorBoundary.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/FormProvider.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/LocaleSwitcher.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/MultiPageForm.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/OrderSummary.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/PhoneInput.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/PolicyDatesDisplay.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/PolicyForm.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/QuoteForm.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/ResultsDisplay.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/TermsAndConditionsDisplay.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/ThankYou.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/customizable-form/AdaptiveForm.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/customizable-form/AddressAutocomplete.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/customizable-form/ControlledCustomInput.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/customizable-form/CustomInput.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/customizable-form/CustomizableMultipageForm.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/customizable-form/LocationAutocomplete.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/customizable-form/useFormNavigation.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/customizable-form/useTemplateParser.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/customizable-results/AdaptiveResultsDisplay.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/customizable-results/CustomResultsDisplay.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/customizable-results/useResultsNavigation.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/customizable-results/useResultsTemplateParser.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/thankyou/useThankYouTemplateParser.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/lib/translations.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/main.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/pages/EmbedCheckout.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/pages/checkout/MinimalSummary.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/pages/checkout/StripeCheckout.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/pages/checkout/TemplateChrome.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@gangkharai/lmt/lib/client.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/Elements.test.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/Elements.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/EmbeddedCheckout.client.test.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/EmbeddedCheckout.server.test.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/EmbeddedCheckout.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/EmbeddedCheckoutProvider.test.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/EmbeddedCheckoutProvider.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/FinancialAccountDisclosure.test.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/FinancialAccountDisclosure.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/IssuingDisclosure.test.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/IssuingDisclosure.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/createElementComponent.test.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/createElementComponent.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/components/useStripe.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/utils/usePrevious.test.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/checkout/components/CheckoutContext.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/checkout/components/CheckoutElementsProvider.test.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/checkout/components/CheckoutElementsProvider.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/node_modules/@stripe/react-stripe-js/src/checkout/components/CheckoutFormProvider.test.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-cust
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/endorsementFieldController.ts"}1 import type { FastifyReply, FastifyRequest } from 'fastify';
2 import { StatusError } from '@/error/error.js';
3 import { Product } from '@/models/Product.js';
4 import {
5 EndorsementField,
6 EndorsementFieldType,
7 EndorsementFieldSource,
8 type EndorsementFieldOption,
9 } from '@/models/EndorsementField.js';
10
11 type Req = FastifyRequest;
12
13 const FIELD_TYPES: EndorsementFieldType[] = [
14 EndorsementFieldType.STRING,
15 EndorsementFieldType.NUMBER,
16 EndorsementFieldType.DATE,
17 EndorsementFieldType.BOOLEAN,
18 EndorsementFieldType.SELECT,
19 EndorsementFieldType.TEXTAREA,
20 ];
21
22 function orgId(request: Req): string {
23 const id = request.ident?.org?.id;
24 if (!id) throw new StatusError(400, 'Organization context required');
25 return id;
26 }
27
28 function toProductId(raw: string): number {
29 const id = Number.parseInt(raw, 10);
30 if (!Number.isInteger(id)) throw new StatusError(400, 'Invalid productId');
31 return id;
32 }
33
34 async function assertProduct(request: Req, productId: number) {
35 const product = await Product.findByPk(request, productId);
36 if (!product) throw new StatusError(404, 'Product not found');
37 return product;
38 }
39
40 // Derive a stable camelCase key from a label, e.g. "Reason for change" →
41 // "reasonForChange". Falls back to "field" when the label has no usable chars.
42 function slugifyKey(label: string): string {
43 const words = label.toLowerCase().split(/[^a-z0-9]+/).filter(Boolean);
44 if (words.length === 0) return 'field';
45 const key = words[0] + words.slice(1).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join('');
46 return /^[a-z]/.test(key) ? key.slice(0, 60) : `field${key}`.slice(0, 60);
47 }
48
49 async function uniqueFieldKey(request: Req, productId: number, base: string): Promise<string> {
50 const existing = await EndorsementField.findAll(request, { where: { productId }, attributes: ['fieldKey'] });
51 const taken = new Set(existing.map((f) => f.fieldKey));
52 if (!taken.has(base)) return base;
53 for (let i = 2; i < 1000; i++) {
54 const candidate = `${base}${i}`;
55 if (!taken.has(candidate)) return candidate;
56 }
57 throw new StatusError(409, 'Unable to allocate a unique field key');
58 }
59
60 interface FieldBody {
61 label?: string;
62 fieldKey?: string;
63 helpText?: string | null;
64 type?: EndorsementFieldType;
65 required?: boolean;
66 options?: EndorsementFieldOption[] | null;
67 validationPattern?: string | null;
68 source?: EndorsementFieldSource;
69 dataModelFieldName?: string | null;
70 order?: number;
71 active?: boolean;
72 }
73
74 function assertType(type: unknown): EndorsementFieldType {
75 if (!FIELD_TYPES.includes(type as EndorsementFieldType)) {
76 throw new StatusError(400, `Invalid field type. Allowed: ${FIELD_TYPES.join(', ')}`);
77 }
78 return type as EndorsementFieldType;
79 }
80
81 function validateOptions(type: EndorsementFieldType, options: EndorsementFieldOption[] | null | undefined): EndorsementFieldOption[] | null {
82 if (type !== EndorsementFieldType.SELECT) return null;
83 if (!Array.isArray(options) || options.length === 0) {
84 throw new StatusError(400, 'Select fields require at least one option');
85 }
86 return options.map((o) => {
87 if (!o || typeof o.value !== 'string' || !o.value.trim() || typeof o.label !== 'string' || !o.label.trim()) {
88 throw new StatusError(400, 'Each option needs a non-empty value and label');
89 }
90 return { value: o.value.trim(), label: o.label.trim() };
91 });
92 }
93
94 function validatePattern(pattern: string | null | undefined): string | null {
95 if (pattern === undefined || pattern === null || pattern === '') return null;
96 try {
97 new RegExp(pattern);
98 } catch {
99 throw new StatusError(400, 'Validation pattern is not a valid regular expression');
100 }
101 return pattern;
102 }
103
104 export async function listEndorsementFields(
105 request: FastifyRequest<{ Params: { productId: string } }>,
106 reply: FastifyReply,
107 ) {
108 orgId(request);
109 const productId = toProductId(request.params.productId);
110 await assertProduct(request, productId);
111 const fields = await EndorsementField.findAll(request, {
112 where: { productId },
113 order: [['order', 'ASC'], ['createdAt', 'ASC']],
114 });
115 return reply.code(200).send({ status: 'success', data: fields });
116 }
117
118 export async function createEndorsementField(
119 request: FastifyRequest<{ Params: { productId: string }; Body: FieldBody }>,
120 reply: FastifyReply,
121 ) {
122 orgId(request);
123 const productId = toProductId(request.params.productId);
124 await assertProduct(request, productId);
125
126 const b = request.body;
127 const label = typeof b.label === 'string' ? b.label.trim() : '';
128 if (!label) throw new StatusError(400, 'label is required');
129 const type = assertType(b.type);
130 const source = b.source === EndorsementFieldSource.DATA_MODEL ? EndorsementFieldSource.DATA_MODEL : EndorsementFieldSource.ADHOC;
131 if (source === EndorsementFieldSource.DATA_MODEL && (!b.dataModelFieldName || !b.dataModelFieldName.trim())) {
132 throw new StatusError(400, 'dataModelFieldName is required when source is "datamodel"');
133 }
134
135 const baseKey = b.fieldKey && b.fieldKey.trim() ? slugifyKey(b.fieldKey) : slugifyKey(label);
136 const fieldKey = await uniqueFieldKey(request, productId, baseKey);
137
138 const existing = await EndorsementField.findAll(request, { where: { productId }, attributes: ['id'] });
139
140 const field = await EndorsementField.create(request, {
141 organizationId: orgId(request),
142 productId,
143 fieldKey,
144 label,
145 helpText: b.helpText?.trim() || null,
146 type,
147 required: b.required === true,
148 options: validateOptions(type, b.options),
149 validationPattern: validatePattern(b.validationPattern),
150 source,
151 dataModelFieldName: source === EndorsementFieldSource.DATA_MODEL ? b.dataModelFieldName!.trim() : null,
152 order: typeof b.order === 'number' ? b.order : existing.length,
153 active: b.active === false ? false : true,
154 });
155
156 return reply.code(201).send({ status: 'success', data: field });
157 }
158
159 export async function updateEndorsementField(
160 request: FastifyRequest<{ Params: { productId: string; id: string }; Body: FieldBody }>,
161 reply: FastifyReply,
162 ) {
163 orgId(request);
164 const productId = toProductId(request.params.productId);
165 await assertProduct(request, productId);
166
167 const field = await EndorsementField.findByPk(request, request.params.id);
168 if (!field || field.productId !== productId) throw new StatusError(404, 'Endorsement field not found');
169
170 const b = request.body;
171 const type = b.type !== undefined ? assertType(b.type) : field.type;
172 const source = b.source !== undefined
173 ? (b.source === EndorsementFieldSource.DATA_MODEL ? EndorsementFieldSource.DATA_MODEL : EndorsementFieldSource.ADHOC)
174 : field.source;
175 const dataModelFieldName = source === EndorsementFieldSource.DATA_MODEL
176 ? ((b.dataModelFieldName ?? field.dataModelFieldName)?.trim() || null)
177 : null;
178 if (source === EndorsementFieldSource.DATA_MODEL && !dataModelFieldName) {
179 throw new StatusError(400, 'dataModelFieldName is required when source is "datamodel"');
180 }
181 const nextOptions = b.options !== undefined ? validateOptions(type, b.options) : validateOptions(type, field.options);
182
183 if (b.label !== undefined && !b.label.trim()) {
184 throw new StatusError(400, 'label cannot be empty');
185 }
186
187 await field.update({
188 label: b.label !== undefined ? b.label.trim() : field.label,
189 helpText: b.helpText !== undefined ? (b.helpText?.trim() || null) : field.helpText{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx"}1 import React from 'react';
2 import { apiClient } from '../utils/apiClient';
3 import { useTranslation, useTranslateDynamic } from '../lib/translations';
4 import type { EndorsementFieldDef } from '../types/config';
5
6 interface EndorsementFormProps {
7 policyId: string;
8 effectiveDate: string;
9 onError: (error: string) => void;
10 }
11
12 // Customer-facing endorsement flow (#457). Loads the product's active custom
13 // endorsement fields from the endorsement-quote preview, lets the customer fill
14 // them, and submits the endorsement (PATCH /policies/:id). Field labels are
15 // localised via the same dynamic-translation path the rest of the funnel uses.
16 export default function EndorsementForm({ policyId, effectiveDate, onError }: EndorsementFormProps) {
17 const t = useTranslation();
18 const tDynamic = useTranslateDynamic();
19
20 const [loading, setLoading] = React.useState(true);
21 const [submitting, setSubmitting] = React.useState(false);
22 const [done, setDone] = React.useState(false);
23 const [quoteId, setQuoteId] = React.useState('');
24 const [fields, setFields] = React.useState<EndorsementFieldDef[]>([]);
25 const [values, setValues] = React.useState<Record<string, unknown>>({});
26 const [errors, setErrors] = React.useState<Record<string, string>>({});
27
28 React.useEffect(() => {
29 let cancelled = false;
30 (async () => {
31 try {
32 setLoading(true);
33 const quote = await apiClient.getEndorsementQuote(policyId, { effectiveDate });
34 if (cancelled) return;
35 setQuoteId(quote.quoteId);
36 setFields(quote.endorsementFields ?? []);
37 setValues(quote.endorsementFieldValues ?? {});
38 } catch (err) {
39 onError(err instanceof Error ? err.message : t('Failed to load endorsement'));
40 } finally {
41 if (!cancelled) setLoading(false);
42 }
43 })();
44 return () => {
45 cancelled = true;
46 };
47 }, [policyId, effectiveDate, onError, t]);
48
49 const setValue = (key: string, value: unknown) => {
50 setValues((prev) => ({ ...prev, [key]: value }));
51 setErrors((prev) => {
52 if (!prev[key]) return prev;
53 const next = { ...prev };
54 delete next[key];
55 return next;
56 });
57 };
58
59 const validate = (): boolean => {
60 const next: Record<string, string> = {};
61 for (const field of fields) {
62 const value = values[field.fieldKey];
63 if (field.type === 'boolean') {
64 if (field.required && value !== true) next[field.fieldKey] = t('This field is required');
65 continue;
66 }
67 const empty = value === undefined || value === null || (typeof value === 'string' && value.trim() === '');
68 if (field.required && empty) next[field.fieldKey] = t('This field is required');
69 }
70 setErrors(next);
71 return Object.keys(next).length === 0;
72 };
73
74 const submit = async (e: React.FormEvent) => {
75 e.preventDefault();
76 if (!validate()) return;
77 try {
78 setSubmitting(true);
79 await apiClient.submitEndorsement(policyId, { quoteId, effectiveDate, endorsementFieldValues: values });
80 setDone(true);
81 } catch (err) {
82 onError(err instanceof Error ? err.message : t('Failed to submit endorsement'));
83 } finally {
84 setSubmitting(false);
85 }
86 };
87
88 if (loading) {
89 return <p style={{ color: 'var(--color-text-muted)' }}>{t('Loading...')}</p>;
90 }
91
92 if (done) {
93 return (
94 <article
95 data-testid="endorsement-done"
96 style={{ borderLeft: '4px solid var(--color-primary)', background: '#fff', padding: '1.5rem', borderRadius: '4px' }}
97 >
98 <h3 style={{ margin: 0 }}>{t('Thank You!')}</h3>
99 <p style={{ marginTop: '0.75rem' }}>{t('Your change has been submitted.')}</p>
100 </article>
101 );
102 }
103
104 return (
105 <form onSubmit={submit} data-testid="endorsement-form" style={{ display: 'flex', flexDirection: 'column', gap: '1rem' }}>
106 <h2 style={{ margin: 0 }}>{t('Update your policy')}</h2>
107 <p style={{ marginTop: '-0.5rem', color: 'var(--color-text-muted)', fontSize: '0.875rem' }}>
108 {t('Please complete the fields below to apply your change.')}
109 </p>
110
111 {fields.length === 0 && (
112 <p style={{ color: 'var(--color-text-muted)' }}>{t('No additional information is required.')}</p>
113 )}
114
115 {fields.map((field) => {
116 const value = values[field.fieldKey];
117 const error = errors[field.fieldKey];
118 const inputId = `ef-input-${field.fieldKey}`;
119 const label = tDynamic(field.label);
120 return (
121 <div key={field.fieldKey} style={{ display: 'flex', flexDirection: 'column', gap: '0.25rem' }}>
122 <label htmlFor={inputId} style={{ fontWeight: 600 }}>
123 {label}
124 {field.required && <span style={{ color: 'var(--color-danger)' }}> *</span>}
125 </label>
126
127 {field.type === 'textarea' && (
128 <textarea
129 id={inputId}
130 data-testid={inputId}
131 value={typeof value === 'string' ? value : ''}
132 onInput={(e) => setValue(field.fieldKey, (e.target as HTMLTextAreaElement).value)}
133 rows={3}
134 />
135 )}
136
137 {(field.type === 'string' || field.type === 'number' || field.type === 'date') && (
138 <input
139 id={inputId}
140 data-testid={inputId}
141 type={field.type === 'number' ? 'number' : field.type === 'date' ? 'date' : 'text'}
142 value={value === undefined || value === null ? '' : String(value)}
143 onInput={(e) => setValue(field.fieldKey, (e.target as HTMLInputElement).value)}
144 />
145 )}
146
147 {field.type === 'boolean' && (
148 <label style={{ display: 'flex', alignItems: 'center', gap: '0.5rem', fontWeight: 400 }}>
149 <input
150 id={inputId}
151 data-testid={inputId}
152 type="checkbox"
153 checked={value === true}
154 onChange={(e) => setValue(field.fieldKey, (e.target as HTMLInputElement).checked)}
155 />
156 {label}
157 </label>
158 )}
159
160 {field.type === 'select' && (
161 <select
162 id={inputId}
163 data-testid={inputId}
164 value={typeof value === 'string' ? value : ''}
165 onChange={(e) => setValue(field.fieldKey, (e.target as HTMLSelectElement).value)}
166 >
167 <option value="">{t('Select...')}</option>
168 {(field.options ?? []).map((opt) => (
169 <option key={opt.value} value={opt.value}>
170 {tDynamic(opt.label)}
171 </option>
172 ))}
173 </select>
174 )}
175
176 {field.helpText && (
177 <small style={{ color: 'var(--color-text-muted)' }}>{tDynamic(field.helpText)}</small>
178 )}
179 {error && (
180 <small data-testid={`ef-error-${field.fieldKey}`} style={{ color: 'var(--color-danger)' }}>
181 {error}
182 </small>
183 )}
184 </div>
185 );
186 })}
187
188 <button type="submit" data-testid="endorsement-submit" disabled={submitting}>
189 {submitting ? t('Processing...') : t('Apply change')}
190 </button>
191 </form>
192 );
193 }
194 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx","limit":400}1 import React from 'react';
2 import { useState, useEffect, useRef } from 'preact/hooks';
3 import { lazy, Suspense } from 'preact/compat';
4 import { useTranslation, useSetTranslationOverrides } from './lib/translations';
5 import '@picocss/pico/css/pico.min.css';
6
7 import QuoteForm from './components/QuoteForm';
8 import PolicyForm from './components/PolicyForm';
9 import EndorsementForm from './components/EndorsementForm';
10 import ClaimForm from './components/ClaimForm';
11 import ThankYou from './components/ThankYou';
12 import BundleProductSelect from './components/BundleProductSelect';
13 import BundleResults from './components/BundleResults';
14 import BundlePolicyForm from './components/BundlePolicyForm';
15 import BundleThankYou from './components/BundleThankYou';
16 import AdaptiveResultsDisplay from './components/customizable-results/AdaptiveResultsDisplay';
17 import ErrorBoundary from './components/ErrorBoundary';
18 import { LocaleSwitcher } from './components/LocaleSwitcher';
19 import { buildThankYouUrl, buildQuoteResultsUrl } from './utils/urlBuilder';
20 import { apiClient } from './utils/apiClient';
21 import { eventTracker } from './utils/eventTracker';
22 import { SHERPA_INTERNAL_NAVIGATE_EVENT } from './utils/paymentNavigation';
23 import { useConfig } from './hooks/useConfig';
24 import { useWidgetStatus, usePostMessage } from './hooks/usePostMessage';
25 import type { SupportedLocale } from './lib/lmt';
26
27 import type {
28 QuoteData,
29 PolicyData,
30 ClaimData,
31 FormApiResponse,
32 WidgetParams,
33 AcceptanceView,
34 } from './types/config';
35 import AcceptancePage from './components/AcceptancePage';
36
37 const EmbedCheckout = lazy(() => import('./pages/EmbedCheckout'));
38
39 interface BundleDiscountTier {
40 tierType: 'count' | 'combo';
41 productCount: number | null;
42 productNames: string[] | null;
43 discountType: 'percentage' | 'fixed';
44 discountValue: number;
45 priority: number;
46 }
47
48 interface BundleQuoteData {
49 bundleQuoteId: string;
50 bundleName: string;
51 products: Array<{
52 productName: string;
53 productTitle: string;
54 displayName: string;
55 planType: string;
56 premium: number;
57 currency: string;
58 frequency: string;
59 }>;
60 discount: {
61 discountPercent: number;
62 totalBeforeDiscount: number;
63 totalAfterDiscount: number;
64 savings: number;
65 };
66 availableTiers: BundleDiscountTier[];
67 currency: string;
68 currencyPosition?: 'prefix' | 'suffix';
69 decimalSeparator?: string;
70 groupSeparator?: string;
71 decimalsAmount?: number;
72 }
73
74 interface ClaimFormChoice {
75 id: number;
76 name: string;
77 title: string | null;
78 description: string | null;
79 coverages: Array<{ id: number; name: string; title: string | null; code: string | null }>;
80 }
81
82 interface AppState {
83 loading: boolean;
84 error: string | null;
85 unavailable?: boolean;
86 quoteData: QuoteData | null;
87 policyData: PolicyData | null;
88 claimData: ClaimData | null;
89 formData: FormApiResponse | null;
90 // Set when multiple claim forms apply to the policy's held coverages and
91 // the customer needs to pick one. Cleared once a selection is made.
92 claimFormChoices?: ClaimFormChoice[] | null;
93 bundleQuoteData: BundleQuoteData | null;
94 bundleQuoteSessionIds: string[];
95 bundleInsurance: Record<string, Record<string, any>> | null;
96 acceptanceData?: AcceptanceView | null;
97 routeType: string | null;
98 thankYouProductTitle?: string | null;
99 }
100
101 interface AppProps {
102 locale: SupportedLocale;
103 onLocaleChange: (locale: SupportedLocale) => void;
104 }
105
106 const extractCheckoutSessionIdFromState = (pathname: string): { isCheckoutRoute: boolean; sessionId: string | null } => {
107 const parts = pathname.split('/').filter(Boolean);
108 if (parts[0] !== 'checkout') {
109 return { isCheckoutRoute: false, sessionId: null };
110 }
111 return { isCheckoutRoute: true, sessionId: parts[1] || null };
112 };
113
114 const InvalidCheckoutLink = () => {
115 const { sendMessage } = usePostMessage();
116 const notifiedRef = useRef(false);
117 useEffect(() => {
118 if (notifiedRef.current) return;
119 notifiedRef.current = true;
120 sendMessage('SHERPA_PAYMENT_FAILED', { reason: 'invalid_url' });
121 }, [sendMessage]);
122 return (
123 <main className='container'>
124 <article>
125 <header>
126 <h3>Invalid checkout link</h3>
127 </header>
128 <div className='error-banner'>
129 <p>Missing checkout session id</p>
130 </div>
131 </article>
132 </main>
133 );
134 };
135
136 // Outer routing shell. Holds only the pathname listener so its hook count
137 // stays constant across re-renders triggered by `history.pushState` (via
138 // `navigatePaymentResult`). All form-flow hooks live in NonCheckoutApp,
139 // which is unmounted/remounted when we cross the /checkout boundary —
140 // React's hooks-order invariant is preserved per-component.
141 export default function App({ locale, onLocaleChange }: AppProps) {
142 const [pathname, setPathname] = useState<string>(window.location.pathname);
143 useEffect(() => {
144 const sync = () => setPathname(window.location.pathname);
145 window.addEventListener('popstate', sync);
146 window.addEventListener(SHERPA_INTERNAL_NAVIGATE_EVENT, sync);
147 return () => {
148 window.removeEventListener('popstate', sync);
149 window.removeEventListener(SHERPA_INTERNAL_NAVIGATE_EVENT, sync);
150 };
151 }, []);
152
153 // Host-driven country / displayCurrency / pricingCurrency updates. Parent dispatches:
154 // iframe.contentWindow.postMessage(
155 // { source: 'sherpa-host', type: 'SET_CONTEXT',
156 // payload: { country: 'NO', displayCurrency: 'NOK', pricingCurrency: 'NOK' } },
157 // 'https://embed.example'
158 // );
159 // On receive: validate ISO codes, update URL params + apiClient, then
160 // reload so every in-flight fetch picks up the new context cleanly.
161 useEffect(() => {
162 if (typeof window === 'undefined') return;
163 const handler = (event: MessageEvent) => {
164 const data = event.data as { source?: unknown; type?: unknown; payload?: unknown } | null;
165 if (!data || typeof data !== 'object') return;
166 if (data.source !== 'sherpa-host') return;
167 if (data.type !== 'SET_CONTEXT') return;
168 const payload = data.payload as { country?: unknown; displayCurrency?: unknown; pricingCurrency?: unknown } | undefined;
169 if (!payload || typeof payload !== 'object') return;
170
171 const url = new URL(window.location.href);
172 let changed = false;
173
174 if (typeof payload.country === 'string') {
175 const c = payload.country.toUpperCase();
176 if (/^[A-Z]{2}$/.test(c)) {
177 url.searchParams.set('country', c);
178 apiClient.setCountry(c);
179 changed = true;
180 }
181 }
182 if (typeof payload.displayCurrency === 'string') {
183 const cur = payload.displayCurrency.toUpperCase();
184 if (/^[A-Z]{3}$/.test(cur)) {
185 url.searchParams.set('displayCurrency', cur);
186 apiClient.setDisplayCurrency(cur);
187 changed = true;
188 }
189 }
190 if (typeof payload.pricingCurrency === 'string') {
191 const cur = payload.pricingCurrency.toUpperCase();
192 if (/^[A-Z]{3}$/.test(cur)) {
193 url.searchParams.set('pricingCurrency', cur);
194 apiClient.setPricingCurrency(cur);
195 changed = true;
196 }
197 }
198 if (!changed) return;
199 window.history.replaceState({}, '', url.toString());
200 window.location.reload();
201 };
202 window.addEventListener('message{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts"}1 import type { FastifyRequest } from 'fastify';
2 import { StatusError } from '@/error/error.js';
3 import { EndorsementField, _EndorsementField } from '@/models/EndorsementField.js';
4 import { translateTemplateString } from '@/services/templateI18nService.js';
5
6 type TranslationOverrides = Record<string, Record<string, string>> | null | undefined;
7
8 // Active fields for a product, in display order. The endorsement flow renders
9 // these; submit validates against them.
10 export async function getActiveEndorsementFields(
11 request: FastifyRequest,
12 productId: number,
13 ): Promise<_EndorsementField[]> {
14 return EndorsementField.findAll(request, {
15 where: { productId, active: true },
16 order: [['order', 'ASC'], ['createdAt', 'ASC']],
17 });
18 }
19
20 export interface ResolvedEndorsementField {
21 fieldKey: string;
22 label: string;
23 helpText: string | null;
24 type: string;
25 required: boolean;
26 options: { value: string; label: string }[] | null;
27 validationPattern: string | null;
28 source: string;
29 dataModelFieldName: string | null;
30 order: number;
31 }
32
33 // Resolve labels/options/help text for a locale via the product's LMT
34 // translation overrides, mirroring how form-parameter and acceptance labels are
35 // localised. Returns a lean shape the portal + embed render directly.
36 export function resolveEndorsementFieldsForLocale(
37 fields: _EndorsementField[],
38 locale: string | null,
39 overrides: TranslationOverrides,
40 ): ResolvedEndorsementField[] {
41 const loc = locale ?? 'en';
42 const tr = (s: string): string => translateTemplateString(s, loc, overrides);
43 return fields.map((f) => ({
44 fieldKey: f.fieldKey,
45 label: tr(f.label),
46 helpText: f.helpText ? tr(f.helpText) : null,
47 type: f.type,
48 required: f.required,
49 options: f.options ? f.options.map((o) => ({ value: o.value, label: tr(o.label) })) : null,
50 validationPattern: f.validationPattern,
51 source: f.source,
52 dataModelFieldName: f.dataModelFieldName,
53 order: f.order,
54 }));
55 }
56
57 function isEmpty(value: unknown): boolean {
58 return value === undefined || value === null || (typeof value === 'string' && value.trim() === '');
59 }
60
61 function coerceBoolean(value: unknown): boolean | undefined {
62 if (typeof value === 'boolean') return value;
63 if (value === 'true' || value === '1') return true;
64 if (value === 'false' || value === '0') return false;
65 return undefined;
66 }
67
68 // Coerce + validate a single non-boolean value against its field definition.
69 function normalizeScalar(field: _EndorsementField, raw: unknown): unknown {
70 switch (field.type) {
71 case 'number': {
72 const n = typeof raw === 'number' ? raw : Number(raw);
73 if (!Number.isFinite(n)) throw new StatusError(400, `Endorsement field "${field.label}" must be a number`);
74 return n;
75 }
76 case 'date': {
77 const s = String(raw);
78 if (!/^\d{4}-\d{2}-\d{2}$/.test(s) || Number.isNaN(Date.parse(s))) {
79 throw new StatusError(400, `Endorsement field "${field.label}" must be a valid date (YYYY-MM-DD)`);
80 }
81 return s;
82 }
83 case 'select': {
84 const s = String(raw);
85 const allowed = (field.options ?? []).map((o) => o.value);
86 if (!allowed.includes(s)) throw new StatusError(400, `Endorsement field "${field.label}" has an invalid selection`);
87 return s;
88 }
89 default: {
90 // string | textarea
91 const s = String(raw);
92 if (field.validationPattern) {
93 let re: RegExp;
94 try {
95 re = new RegExp(field.validationPattern);
96 } catch {
97 // Invalid stored pattern can't validate the value; rejected at save time.
98 return s;
99 }
100 if (!re.test(s)) throw new StatusError(400, `Endorsement field "${field.label}" has an invalid format`);
101 }
102 return s;
103 }
104 }
105 }
106
107 // Validate submitted values against the product's active field config and
108 // return the normalised map to persist. Throws 400 on a missing required field
109 // or a value that fails its type / pattern / option constraints. Only values
110 // for configured fields are kept — arbitrary extra keys are dropped.
111 export function validateAndNormalizeEndorsementFieldValues(
112 fields: _EndorsementField[],
113 rawValues: Record<string, unknown> | null | undefined,
114 ): Record<string, unknown> {
115 const values = rawValues ?? {};
116 const normalized: Record<string, unknown> = {};
117
118 for (const field of fields) {
119 const raw = values[field.fieldKey];
120
121 if (field.type === 'boolean') {
122 // Booleans render as a single checkbox in both flows, so a *required*
123 // boolean has consent semantics: it must be explicitly checked (true).
124 const coerced = coerceBoolean(raw);
125 if (field.required && coerced !== true) {
126 throw new StatusError(400, `Endorsement field "${field.label}" must be accepted`);
127 }
128 if (coerced !== undefined) normalized[field.fieldKey] = coerced;
129 continue;
130 }
131
132 if (isEmpty(raw)) {
133 if (field.required) throw new StatusError(400, `Endorsement field "${field.label}" is required`);
134 continue;
135 }
136
137 normalized[field.fieldKey] = normalizeScalar(field, raw);
138 }
139
140 return normalized;
141 }
142 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx","offset":400,"limit":300}400 if (!productName) {
401 throw new Error('Product name is required for policy forms');
402 }
403 const formResponse = await apiClient.getPolicyForm(policyId);
404 const policyData: PolicyData = {
405 id: policyId,
406 productName,
407 parameters: {},
408 status: 'active',
409 };
410 setState({
411 loading: false,
412 error: null,
413 quoteData: null,
414 policyData,
415 claimData: null,
416 formData: formResponse,
417 bundleQuoteData: null,
418 bundleQuoteSessionIds: [],
419 bundleInsurance: null,
420 routeType: 'policy-form',
421 });
422 };
423
424 const loadEndorsementForm = (policyId: string, productName?: string) => {
425 const policyData: PolicyData = {
426 id: policyId,
427 productName: productName ?? '',
428 parameters: {},
429 status: 'active',
430 };
431 setState({
432 loading: false,
433 error: null,
434 quoteData: null,
435 policyData,
436 claimData: null,
437 formData: null,
438 bundleQuoteData: null,
439 bundleQuoteSessionIds: [],
440 bundleInsurance: null,
441 routeType: 'endorsement-form',
442 });
443 };
444
445 const loadThankYouPage = async (productName?: string) => {
446 // Fetch the thankyou template + product info if we have a product name
447 let thankyouTemplate = null;
448 let productTitle: string | undefined;
449 if (productName) {
450 try {
451 const formResponse = await apiClient.getQuoteForm(productName);
452 thankyouTemplate = formResponse?.thankyouTemplate ?? null;
453 productTitle = formResponse?.product?.productTitle;
454 } catch {
455 // Form fetch failed — fall back to default thank-you page
456 }
457 }
458
459 setState({
460 loading: false,
461 error: null,
462 quoteData: thankyouTemplate ? { id: '', productName: productName || '', parameters: {}, results: { quoteId: '', insurance: {}, thankyouTemplate }, status: 'active' } : null,
463 policyData: null,
464 claimData: null,
465 formData: null,
466 bundleQuoteData: null,
467 bundleQuoteSessionIds: [],
468 bundleInsurance: null,
469 routeType: 'thank-you',
470 thankYouProductTitle: productTitle ?? null,
471 });
472 };
473
474 const loadBundleSelect = (_bundleName: string) => {
475 setState({
476 loading: false,
477 error: null,
478 quoteData: null,
479 policyData: null,
480 claimData: null,
481 formData: null,
482 bundleQuoteData: null,
483 bundleQuoteSessionIds: [],
484 bundleInsurance: null,
485 routeType: 'bundle-select',
486 });
487 };
488
489 const loadBundleResults = async (bundleQuoteId: string, targetRouteType = 'bundle-results') => {
490 const raw = await apiClient.getBundleQuote(bundleQuoteId);
491 // Transform raw API response to BundleQuoteData format
492 const apiData = raw.data ?? raw;
493 const insurance = apiData.insurance || {};
494 const discount = apiData.discount || {};
495 const products: BundleQuoteData['products'] = [];
496 for (const productName of (apiData.selectedProductNames || [])) {
497 const productInsurance = insurance[productName] || {};
498 const plans = Object.entries(productInsurance);
499 const firstPlan = plans[0];
500 if (!firstPlan) continue;
501 const [planName, planData] = firstPlan as [string, any];
502 const freqs = planData.premiumsByFrequency || {};
503 const firstFreq = Object.entries(freqs)[0] as [string, any] | undefined;
504 products.push({
505 productName,
506 productTitle: planData.productTitle || productName,
507 displayName: planData.title || planName,
508 planType: planName,
509 premium: firstFreq ? Number(firstFreq[1].premiumWithTax || 0) : 0,
510 currency: planData.currency || 'USD',
511 frequency: firstFreq ? firstFreq[0] : 'month',
512 });
513 }
514 // Get currency format options from the first available plan
515 const firstInsuranceProduct = Object.values(insurance)[0] as Record<string, any> | undefined;
516 const firstPlanData = firstInsuranceProduct ? Object.values(firstInsuranceProduct)[0] as any : null;
517 const bundleQuoteData: BundleQuoteData = {
518 bundleQuoteId: apiData.bundleQuoteId,
519 bundleName: config.params?.bundle || '',
520 products,
521 discount: {
522 discountPercent: Number(discount.value || 0),
523 totalBeforeDiscount: Number(discount.totalBeforeDiscount || 0),
524 totalAfterDiscount: Number(discount.totalAfterDiscount || 0),
525 savings: Number(discount.totalDiscount || 0),
526 },
527 availableTiers: apiData.availableTiers || [],
528 currency: products[0]?.currency || 'USD',
529 currencyPosition: firstPlanData?.currencyPosition,
530 decimalSeparator: firstPlanData?.decimalSeparator,
531 groupSeparator: firstPlanData?.groupSeparator,
532 decimalsAmount: firstPlanData?.decimalsAmount,
533 };
534 setState({
535 loading: false,
536 error: null,
537 quoteData: null,
538 policyData: null,
539 claimData: null,
540 formData: null,
541 bundleQuoteData,
542 bundleQuoteSessionIds: apiData.quoteSessionIds || [],
543 bundleInsurance: insurance,
544 routeType: targetRouteType,
545 });
546 };
547
548 const loadBundleThankYou = () => {
549 setState({
550 loading: false,
551 error: null,
552 quoteData: null,
553 policyData: null,
554 claimData: null,
555 formData: null,
556 bundleQuoteData: null,
557 bundleQuoteSessionIds: [],
558 bundleInsurance: null,
559 routeType: 'bundle-thank-you',
560 });
561 };
562
563 const hasFormParameters = (formData: FormApiResponse): boolean => {
564 const hasPageParams = formData.pages.some(page =>
565 page.categories.some(cat => cat.parameters.length > 0)
566 );
567 const hasUncategorized = formData.uncategorizedParameters.length > 0;
568 return hasPageParams || hasUncategorized;
569 };
570
571 const loadQuoteForm = async (productName: string) => {
572 const formResponse = await apiClient.getQuoteForm(productName);
573
574 // If the form has no parameters, skip the form and create a quote directly
575 if (!hasFormParameters(formResponse)) {
576 const results = await apiClient.createQuote(productName, {});
577 if (results.quoteId) {
578 const token = config.params?.token || '';
579 if (!token) {
580 throw new Error('Token is required for navigation');
581 }
582 const pricingResultsUrl = buildQuoteResultsUrl(
583 results.quoteId,
584 token,
585 productName
586 );
587 window.location.href = pricingResultsUrl;
588 return;
589 }
590 }
591
592 const quoteData: QuoteData = {
593 id: '',
594 productName,
595 parameters: {},
596 status: 'active',
597 };
598 setState({
599 loading: false,
600 error: null,
601 quoteData,
602 policyData: null,
603 claimData: null,
604 formData: formResponse,
605 bundleQuoteData: null,
606 bundleQuoteSessionIds: [],
607 bundleInsurance: null,
608 routeType: 'quote-form',
609 });
610 };
611
612 useEffect(() => {
613 const initializeWidget = async () => {
614 if (config.loading) return;
615
616 if (config.error || !config.params) {
617 setState(prev => ({
618 ...prev,
619 loading: false,
620 error: config.error || t('Configuration error'),
621 }));
622 notifyError(config.error ||{"pattern":"endorsement-form|loadEndorsementForm","path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src"}Found 2 files /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -rn \"resolveEndorsementFieldsForLocale\\|getActiveEndorsementFields\" src/ --include=\"*.ts\" | grep -v test | head -20"}src/controllers/policyOrderController.ts:70: getActiveEndorsementFields, src/controllers/policyOrderController.ts:71: resolveEndorsementFieldsForLocale, src/controllers/policyOrderController.ts:1171: const endorsementFieldDefs = await getActiveEndorsementFields(request, activePolicy.productId); src/controllers/policyOrderController.ts:1175: const resolvedEndorsementFields = resolveEndorsementFieldsForLocale( src/controllers/policyOrderController.ts:1297: const endorsementFields = await getActiveEndorsementFields(request, policyOrder.productId); src/controllers/policyOrderController.ts:2422: const endorsementFieldDefs = await getActiveEndorsementFields(request, policyOrder.productId); src/controllers/policyOrderController.ts:2423: policyData.endorsementFields = resolveEndorsementFieldsForLocale( src/services/endorsementFieldService.ts:10:export async function getActiveEndorsementFields( src/services/endorsementFieldService.ts:36:export function resolveEndorsementFieldsForLocale(
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/app.tsx","offset":700,"limit":250}700 }, [config]);
701
702 const handleQuoteComplete = (results: QuoteData) => {
703 setState(prev => ({ ...prev, quoteData: results }));
704 if (results.id) {
705 eventTracker.setQuoteId(results.id);
706 }
707 };
708
709 const handlePolicyComplete = (results: PolicyData) => {
710 setState(prev => ({ ...prev, policyData: results }));
711 // Navigate to thank you page or show success message
712 const token = config.params?.token || '';
713 if (!token) {
714 throw new Error('Token is required for navigation');
715 }
716 const thankYouUrl = buildThankYouUrl(
717 token,
718 results.productName,
719 results.id
720 );
721 window.location.href = thankYouUrl;
722 };
723
724 const handleClaimComplete = async (results: ClaimData) => {
725 setState(prev => ({ ...prev, claimData: results }));
726 const token = config.params?.token || '';
727 if (!token) {
728 throw new Error('Token is required for navigation');
729 }
730
731 // Poll the claim status briefly so we can show a terminal denial state
732 // when the rule engine has auto-denied the claim. Rule evaluation runs
733 // asynchronously after submit, so the first attempt may still be 'open'.
734 // Cap the wait so the embed never hangs on slow eval.
735 const pollIntervalMs = 1000;
736 const maxAttempts = 3;
737 let denialReason: string | null = null;
738 for (let attempt = 0; attempt < maxAttempts; attempt++) {
739 try {
740 const status = await apiClient.getClaimStatus(results.id);
741 if (status.outcome === 'DENIED' && status.denialReason) {
742 denialReason = status.denialReason;
743 break;
744 }
745 if (status.claimStatus === 'closed' || status.claimStatus === 'under_review') {
746 break; // settled or routed to review — skip to thank-you
747 }
748 } catch (err) {
749 console.warn('[sherpa-embed] claim status poll failed:', err);
750 break;
751 }
752 await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
753 }
754
755 if (denialReason) {
756 // Render the terminal denial screen instead of redirecting.
757 setState(prev => ({
758 ...prev,
759 claimData: { ...results, status: 'denied' },
760 error: denialReason,
761 routeType: 'claim-denied',
762 }));
763 return;
764 }
765
766 let thankYouUrl = buildThankYouUrl(
767 token,
768 results.productName,
769 results.policyId,
770 results.id
771 );
772 // Carry the original returnUrl through so the thank-you page's
773 // "Back to Home" button can route back to the host (e.g. customer
774 // portal index) instead of falling back to history.back() and landing
775 // on the now-stale claim form.
776 try {
777 const returnUrl = new URLSearchParams(window.location.search).get('returnUrl');
778 if (returnUrl) {
779 const sep = thankYouUrl.includes('?') ? '&' : '?';
780 thankYouUrl = `${thankYouUrl}${sep}returnUrl=${encodeURIComponent(returnUrl)}`;
781 }
782 } catch {
783 // non-fatal — fall back to the unmodified thank-you URL
784 }
785 window.location.href = thankYouUrl;
786 };
787
788 const handleError = (error: string) => {
789 const lower = error.toLowerCase();
790 const isOffline =
791 typeof navigator !== 'undefined' && navigator.onLine === false;
792 const isNetworkFailure =
793 isOffline ||
794 lower.includes('failed to fetch') ||
795 lower.includes('networkerror') ||
796 lower.includes('network request failed') ||
797 lower.includes('load failed');
798 if (isNetworkFailure) {
799 console.warn('[sherpa-embed] api unreachable:', error);
800 setState(prev => ({ ...prev, unavailable: true, error: null }));
801 notifyUnavailable('api_unreachable');
802 return;
803 }
804 setState(prev => ({ ...prev, error }));
805 notifyError(error);
806 };
807
808 const handlePolicyPurchase = (policyData: Record<string, unknown>) => {
809 // Policy purchase notification is handled by the ResultsDisplay component
810 console.log('Policy purchased:', policyData);
811 };
812
813 if (state.unavailable) {
814 return null;
815 }
816
817 if (state.loading || config.loading) {
818 return (
819 <main className='container'>
820 <div style={{ textAlign: 'center', padding: '2rem' }}>
821 <div
822 aria-busy='true'
823 style={{ margin: '0 auto', width: '2rem', height: '2rem' }}
824 ></div>
825 </div>
826 </main>
827 );
828 }
829
830 if (!config.params) {
831 return (
832 <main className='container'>
833 <article>
834 <header>
835 <h3>{t('Configuration Error')}</h3>
836 </header>
837 <p>
838 {state.error ||
839 t('No widget parameters were found. Please check that the embed URL includes the required parameters.')}
840 </p>
841 </article>
842 </main>
843 );
844 }
845
846 if (
847 !state.quoteData &&
848 !state.policyData &&
849 !state.claimData &&
850 !state.claimFormChoices &&
851 !state.acceptanceData &&
852 !state.routeType?.startsWith('bundle') &&
853 config.params.pageType !== 'thank-you'
854 ) {
855 return (
856 <main className='container'>
857 <article>
858 <header>
859 <h3>{t('Unable to Load')}</h3>
860 </header>
861 <p>
862 {state.error ||
863 t('We couldn\'t load the requested content. Please verify that the embed URL includes valid parameters.')}
864 </p>
865 </article>
866 </main>
867 );
868 }
869
870 return (
871 <ErrorBoundary onError={handleError}>
872 <main className='container'>
873 {config.params?.showLocaleSwitcher && (
874 <div className="locale-switcher-wrapper">
875 <LocaleSwitcher
876 locale={locale}
877 onLocaleChange={onLocaleChange}
878 activeLocales={effectiveActiveLocales}
879 />
880 </div>
881 )}
882 {state.routeType === 'acceptance' && state.acceptanceData ? (
883 <AcceptancePage
884 acceptanceData={state.acceptanceData}
885 token={config.params.token}
886 onError={handleError}
887 />
888 ) : state.routeType === 'bundle-select' && config.params.bundle ? (
889 <BundleProductSelect
890 bundleName={config.params.bundle}
891 onError={handleError}
892 />
893 ) : state.routeType === 'bundle-results' && state.bundleQuoteData && state.bundleInsurance ? (
894 <BundleResults
895 quoteData={state.bundleQuoteData}
896 insurance={state.bundleInsurance}
897 onError={handleError}
898 />
899 ) : state.routeType === 'bundle-policy' && state.bundleQuoteData ? (
900 <BundlePolicyForm
901 quoteData={state.bundleQuoteData}
902 quoteSessionIds={state.bundleQuoteSessionIds}
903 insurance={state.bundleInsurance || {}}
904 onError={handleError}
905 />
906 ) : state.routeType === 'bundle-thank-you' && config.params.bundle ? (
907 <BundleThankYou
908 subscriptionId={new URLSearchParams(window.location.search).get('subscriptionId') || ''}
909 bundleName={config.params.bundle}
910 products={[]}
911 />
912 ) : config.params.pageType === 'thank-you' ? (
913 <ThankYou
914 policyId={config.params.policyId}
915 claimId={config.params.c{"pattern":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts"}/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && find . -path \"*/test*\" -name \"*drift*\" -o -path \"*/test*\" -name \"*schema*\" | grep -i \"test\\|spec\" | head -10"}./src/test/drift.apitest.ts
{"pattern":"getEndorsementQuote|submitEndorsement","path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts"}Found 1 file /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"endorsementFieldValues\\|EndorsementField\" src/test/drift.apitest.ts"}277:import { _EndorsementField } from '@/models/EndorsementField.js';
288: EndorsementFieldSchema, EndorsementFieldPublicFields, EndorsementFieldPrivateFields,
429: { name: 'EndorsementField', ModelClass: _EndorsementField, Schema: EndorsementFieldSchema, publicFields: EndorsementFieldPublicFields, privateFields: EndorsementFieldPrivateFields },{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts","limit":150}1 import type {
2 WidgetParams,
3 QuoteApiResponse,
4 FormApiResponse,
5 FormParameter,
6 FormDataType,
7 AcceptanceView,
8 AcceptPolicyResult,
9 EndorsementQuoteResponse,
10 } from '../types/config';
11 import type {
12 ApiRequestOptions,
13 UploadSignFileDescriptor,
14 UploadSignResponse,
15 ClaimMessagePayload,
16 } from '../types/api';
17 import { initStorageNamespace, namespaceKey } from './storageNamespace';
18 import { detectLocale } from '../lib/lmt';
19
20 export interface TermsConfig {
21 displayStyle?: 'inline' | 'links';
22 linkBehavior?: 'popup' | 'new_tab';
23 sourceType?: 'template' | 'file' | 'url';
24 externalUrl?: string;
25 }
26
27 export interface BundleTemplate {
28 id: number;
29 name: string;
30 title: string;
31 templateType: string;
32 content: string;
33 termsConfig?: TermsConfig | null;
34 }
35
36 export interface TemplateWithConfig {
37 content: string;
38 termsConfig: TermsConfig | null;
39 }
40
41 class ApiClient {
42 private baseUrl: string;
43 private widgetToken: string;
44 private parentDomain: string | null;
45 private displayCurrency: string | null;
46 private pricingCurrency: string | null;
47 private country: string | null;
48
49 constructor(baseUrl: string) {
50 this.baseUrl = baseUrl;
51 this.widgetToken = '';
52 this.parentDomain = null;
53 this.displayCurrency = null;
54 this.pricingCurrency = null;
55 this.country = null;
56 }
57
58 initialize(params: WidgetParams, parentDomain: string | null) {
59 this.widgetToken = params.token;
60 this.parentDomain = parentDomain;
61 this.displayCurrency = params.displayCurrency ?? null;
62 this.pricingCurrency = params.pricingCurrency ?? null;
63 this.country = params.country ?? null;
64 initStorageNamespace(params.token);
65 }
66
67 setCountry(country: string | null) {
68 this.country = country;
69 }
70
71 setDisplayCurrency(displayCurrency: string | null) {
72 this.displayCurrency = displayCurrency;
73 }
74
75 setPricingCurrency(pricingCurrency: string | null) {
76 this.pricingCurrency = pricingCurrency;
77 }
78
79 private withDisplayCurrency<T extends Record<string, unknown>>(body: T): T {
80 if (!this.displayCurrency) return body;
81 if (body && typeof body === 'object' && 'displayCurrency' in body) return body;
82 return { ...body, displayCurrency: this.displayCurrency };
83 }
84
85 private withPricingCurrency<T extends Record<string, unknown>>(body: T): T {
86 if (!this.pricingCurrency) return body;
87 if (body && typeof body === 'object' && 'pricingCurrency' in body) return body;
88 return { ...body, pricingCurrency: this.pricingCurrency };
89 }
90
91 private withCountry<T extends Record<string, unknown>>(body: T): T {
92 if (!this.country) return body;
93 if (body && typeof body === 'object' && 'country' in body) return body;
94 return { ...body, country: this.country };
95 }
96
97 private async request(endpoint: string, options: ApiRequestOptions) {
98 const url = `${this.baseUrl}/v1${endpoint}`;
99
100 const headers: Record<string, string> = {
101 'Content-Type': 'application/json',
102 ...options.headers,
103 };
104
105 // Add required authentication headers
106 if (this.widgetToken) {
107 headers['X-Widget-Token'] = this.widgetToken;
108 }
109
110 // Add origin and parent domain headers
111 headers['Origin'] = window.location.origin;
112 if (this.parentDomain && this.parentDomain !== 'unknown') {
113 headers['X-Parent-Domain'] = this.parentDomain;
114 }
115
116 const response = await fetch(url, {
117 method: options.method,
118 headers,
119 body: options.body ? JSON.stringify(options.body) : undefined,
120 signal: options.signal,
121 });
122
123 if (!response.ok) {
124 try {
125 const errorData = await response.json();
126 // Handle the specific API error structure: {"status": "error", "error": {"message": "..."}}
127 if (errorData && errorData.error && errorData.error.message) {
128 throw new Error(errorData.error.message);
129 }
130 // Fallback to other common error formats
131 if (errorData && errorData.message) {
132 throw new Error(errorData.message);
133 }
134 throw new Error(
135 `API request failed: ${response.status} ${response.statusText}`
136 );
137 } catch (parseError) {
138 if (
139 parseError instanceof Error &&
140 parseError.message !==
141 `API request failed: ${response.status} ${response.statusText}`
142 ) {
143 throw parseError; // Re-throw if it's our custom error message
144 }
145 throw new Error(
146 `API request failed: ${response.status} ${response.statusText}`
147 );
148 }
149 }
150 {"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -A5 \"PolicyOrderSchema\\|endorsementFieldValues\" src/test/drift.apitest.ts | head -40"} PolicyOrderSchema, PolicyOrderPublicFields, PolicyOrderPrivateFields,
PolicyOrderErrorSchema, PolicyOrderErrorPublicFields, PolicyOrderErrorPrivateFields,
PolicyParameterSchema, PolicyParameterPublicFields, PolicyParameterPrivateFields,
PolicyParameterCategorySchema, PolicyParameterCategoryPublicFields, PolicyParameterCategoryPrivateFields,
PolicyParameterCategoryPageSchema, PolicyParameterCategoryPagePublicFields, PolicyParameterCategoryPagePrivateFields,
PolicyRenewalRunSchema, PolicyRenewalRunPublicFields, PolicyRenewalRunPrivateFields,
--
{ name: 'PolicyOrder', ModelClass: _PolicyOrder, Schema: PolicyOrderSchema, publicFields: PolicyOrderPublicFields, privateFields: PolicyOrderPrivateFields },
{ name: 'PolicyOrderError', ModelClass: _PolicyOrderError, Schema: PolicyOrderErrorSchema, publicFields: PolicyOrderErrorPublicFields, privateFields: PolicyOrderErrorPrivateFields },
{ name: 'PolicyParameter', ModelClass: _PolicyParameter, Schema: PolicyParameterSchema, publicFields: PolicyParameterPublicFields, privateFields: PolicyParameterPrivateFields },
{ name: 'PolicyParameterCategory', ModelClass: _PolicyParameterCategory, Schema: PolicyParameterCategorySchema, publicFields: PolicyParameterCategoryPublicFields, privateFields: PolicyParameterCategoryPrivateFields },
{ name: 'PolicyParameterCategoryPage', ModelClass: _PolicyParameterCategoryPage, Schema: PolicyParameterCategoryPageSchema, publicFields: PolicyParameterCategoryPagePublicFields, privateFields: PolicyParameterCategoryPagePrivateFields },
{ name: 'PolicyRenewalRun', ModelClass: _PolicyRenewalRun, Schema: PolicyRenewalRunSchema, publicFields: PolicyRenewalRunPublicFields, privateFields: PolicyRenewalRunPrivateFields },{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"endorsementFieldValues\" src/models/PolicyOrder.ts | head -10"}(Bash completed with no output)
{"command":"grep -n \"getEndorsementQuote\\|submitEndorsement\" /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts"}195: async getEndorsementQuote( 208: async submitEndorsement(
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/models/PolicyOrder.ts","limit":150}1 import { _PolicyOrder } from './internal/_PolicyOrder.js';
2 import { toSafeModel } from './lib/safe-model.js';
3
4 export const PolicyOrder = toSafeModel(_PolicyOrder);
5 export type PolicyOrder = _PolicyOrder;
6
7 // Re-export raw class for db.ts registration, association includes, and type usage
8 export { _PolicyOrder };
9 export { RenewalStatus, TransactionType, CancelReason, CommissionStatus, DeletionReason } from './internal/_PolicyOrder.js';
10 {"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"endorsementFieldValues\" src/models/internal/_PolicyOrder.ts"}171: declare endorsementFieldValues: Record<string, unknown> | null;
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -A 200 \"PolicyOrderSchema\\s*=\" src/models/internal/_PolicyOrder.ts | head -250"}(Bash completed with no output)
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/utils/apiClient.ts","offset":194,"limit":100}194 // current version, so the embed can render + prefill them (#457).
195 async getEndorsementQuote(
196 policyId: string,
197 body: { effectiveDate: string }
198 ): Promise<EndorsementQuoteResponse> {
199 const response = await this.request(`/policies/${policyId}/endorsement-quote`, {
200 method: 'POST',
201 body,
202 });
203 return (response?.data ?? response) as EndorsementQuoteResponse;
204 }
205
206 // Apply the endorsement: creates the new policy version with the captured
207 // custom field values. Server re-validates required fields.
208 async submitEndorsement(
209 policyId: string,
210 body: { quoteId: string; effectiveDate: string; endorsementFieldValues?: Record<string, unknown> }
211 ): Promise<{ policyId?: string; version?: number }> {
212 const response = await this.request(`/policies/${policyId}`, {
213 method: 'PATCH',
214 body,
215 });
216 return (response?.data ?? response) as { policyId?: string; version?: number };
217 }
218
219 async resolvePolicyForDate(
220 referencePolicyId: string,
221 productName: string,
222 date: string
223 ): Promise<{
224 policyId: string;
225 policyNumber: string | null;
226 inceptionDate: string;
227 expiryDate: string | null;
228 status: string;
229 }> {
230 const params = new URLSearchParams({
231 referencePolicyId,
232 productName,
233 date,
234 });
235 const response = await this.request(
236 `/claim/resolve-policy?${params.toString()}`,
237 { method: 'GET' }
238 );
239 return response.data;
240 }
241
242 async getClaimForm(
243 productName: string,
244 policyId: string,
245 claimId?: number
246 ): Promise<FormApiResponse> {
247 const suffix = claimId !== undefined ? `&claimId=${claimId}` : '';
248 const response = await this.request(
249 `/claim/form?productName=${productName}&policyId=${policyId}${suffix}`,
250 {
251 method: 'GET',
252 }
253 );
254 return normalizeFormResponse(response);
255 }
256
257 // List the claim forms the customer is eligible to file against this
258 // policy. Filtered server-side by Coverage M:N intersection — only forms
259 // whose linked coverages overlap with the policy's held coverages are
260 // returned. Legacy forms with no coverage links are always included.
261 async listClaimForms(
262 productName: string,
263 policyId: string
264 ): Promise<Array<{
265 id: number;
266 name: string;
267 title: string | null;
268 description: string | null;
269 coverages: Array<{ id: number; name: string; title: string | null; code: string | null }>;
270 }>> {
271 return this.request(
272 `/claim/forms?productName=${productName}&policyId=${policyId}`,
273 { method: 'GET' }
274 );
275 }
276
277 // Poll the outcome of a recently submitted claim record. Used right
278 // after createClaim so the embed can render a terminal denial state
279 // instead of the standard thank-you when the rule engine auto-denies.
280 async getClaimStatus(claimRecordId: string): Promise<{
281 claimRecordId: string;
282 claimStatus: string | null;
283 outcome: string | null;
284 denialReason: string | null;
285 }> {
286 return this.request(`/claim/${claimRecordId}/status`, {
287 method: 'GET',
288 });
289 }
290
291 async generateQuote(data: unknown): Promise<QuoteApiResponse> {
292 return this.request('/quote', {
293 method: 'POST',{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"PolicyOrderSchema\\|export.*Schema\" src/models/internal/_PolicyOrder.ts | head -20"}(Bash completed with no output)
{"command":"find /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo -name \"DefaultPolicyEdit.tsx\" -type f"}/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && find . -name \"*schema*\" -type f | grep -i \"policy\\|order\" | head -10"}./src/schemas/policy.schemas.ts ./src/schemas/plus/policy.schemas.ts ./src/schemas/plus/policySettingField.schemas.ts ./src/schemas/plus/policyMessage.schemas.ts ./src/schemas/plus/policyOrder.schemas.ts
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","limit":400}1 "use client";
2
3 import React, { useEffect, useState, useCallback } from "react";
4 import { useRouter } from "next/navigation";
5 import { usePortalPrefix } from "@/app/customer-portal/lib/portalLink";
6 import { ArrowLeft, X } from "lucide-react";
7
8 import PortalLayout from "@/app/customer-portal/PortalLayout";
9 import PolicyQuoteForm, { type EndorsementFieldDef } from "@/app/components/policy-management/PolicyQuoteForm";
10 import EndorsementCustomFields from "@/app/components/policy-management/EndorsementCustomFields";
11 import api from "@/app/src/utils/api";
12 import { showSuccessToast, showErrorToast } from "@/app/components/Toast";
13 import { Button } from "@/app/components/ui/button";
14 import { useTranslation } from "@gangkharai/lmt/client";
15 import { useAuth } from "@/app/components/AuthProvider";
16 import useOrganizationStore from "@/app/src/store/organizationStore";
17 import { getBusinessDate, getBrowserTimezone } from "@/app/src/utils/businessDate";
18 import { usePolicyStatuses } from "@/app/src/hooks/usePolicyStatuses";
19
20 interface InsuranceData {
21 [productName: string]: {
22 [planName: string]: {
23 title: string;
24 premiumsByFrequency: Record<
25 string,
26 {
27 basePremium: number;
28 premiumWithoutTax: number | null;
29 premiumWithTax: number | null;
30 salesTax: number | null;
31 }
32 >;
33 currency: string;
34 coverages: Array<{
35 id: number;
36 name: string;
37 title: string;
38 selected?: boolean;
39 selectedOptionId?: number;
40 selectedDeductible?: string;
41 coverageAmount?: string;
42 baseCoverage?: boolean;
43 coverageOptions?: Array<{
44 id: number;
45 name: string;
46 coverageLimit: string;
47 deductibles?: Array<{ value: number; type: "fixed" | "percentage"; label?: string; isDefault?: boolean }> | null;
48 }>;
49 [key: string]: unknown;
50 }>;
51 };
52 };
53 }
54
55 interface PolicyData {
56 id: number;
57 policyId: string;
58 quoteId?: string;
59 policyNumber: string;
60 productName: string;
61 productPlanName: string;
62 inceptionDate: string;
63 expiryDate: string;
64 paymentFrequency?: string;
65 currency?: string;
66 status?: string;
67 insurance?: InsuranceData;
68 product?: {
69 productTitle: string;
70 productPlanTitle: string;
71 };
72 [key: string]: unknown;
73 }
74
75 export default function DefaultPolicyEdit({
76 params,
77 }: {
78 params: { policyId: string } | Promise<{ policyId: string }>;
79 }) {
80 const t = useTranslation();
81 const router = useRouter();
82 const portal = usePortalPrefix();
83 const { user } = useAuth();
84 const organization = useOrganizationStore((s) => s.organization);
85 const orgTimezone = organization?.timezone || getBrowserTimezone();
86 const { isCategory } = usePolicyStatuses();
87 const unwrappedParams = params instanceof Promise ? React.use(params) : params;
88 const policyId = unwrappedParams?.policyId;
89
90 const [policy, setPolicy] = useState<PolicyData | null>(null);
91 const [loading, setLoading] = useState(true);
92 const [saving, setSaving] = useState(false);
93 const [submitError, setSubmitError] = useState<string | null>(null);
94 const [quoteId, setQuoteId] = useState<string>("");
95 const [paymentFrequency, setPaymentFrequency] = useState<string>("month");
96 const [insurance, setInsurance] = useState<InsuranceData>({});
97 const [selectedPlanName, setSelectedPlanName] = useState<string>("");
98 const [endorsementFields, setEndorsementFields] = useState<EndorsementFieldDef[]>([]);
99 const [endorsementValues, setEndorsementValues] = useState<Record<string, unknown>>({});
100 const [endorsementErrors, setEndorsementErrors] = useState<Record<string, string>>({});
101 const effectiveDate = getBusinessDate(orgTimezone);
102
103 const fetchPolicy = useCallback(async () => {
104 if (!policyId || !user?.id) return;
105 try {
106 setLoading(true);
107 const response = await api.get(`/policies/${policyId}`, {
108 sherpaAdmin: false,
109 });
110
111 const data = response.data?.data || response.data;
112 if (data) {
113 setPolicy(data);
114 setPaymentFrequency(data.paymentFrequency || "month");
115 if (data.insurance) {
116 setInsurance(JSON.parse(JSON.stringify(data.insurance)));
117 }
118 if (data.quoteId) {
119 setQuoteId(data.quoteId);
120 }
121 }
122 } catch (error) {
123 console.error("Error fetching policy:", error);
124 showErrorToast(t("Failed to load policy details"));
125 } finally {
126 setLoading(false);
127 }
128 }, [policyId, user?.id, t]);
129
130 useEffect(() => {
131 fetchPolicy();
132 }, [fetchPolicy]);
133
134 const handleInsuranceUpdate = (updatedInsurance: InsuranceData) => {
135 setInsurance(updatedInsurance);
136 };
137
138 const handleQuoteIdUpdate = (newQuoteId: string) => {
139 setQuoteId(newQuoteId);
140 };
141
142 const handleEndorsementFieldsLoaded = useCallback(
143 (fields: EndorsementFieldDef[], values: Record<string, unknown>) => {
144 setEndorsementFields(fields);
145 // Prefill from the values captured on the current version, but never
146 // clobber edits the user has already started typing.
147 setEndorsementValues((prev) => ({ ...values, ...prev }));
148 },
149 [],
150 );
151
152 const handleEndorsementFieldChange = (key: string, value: unknown) => {
153 setEndorsementValues((prev) => ({ ...prev, [key]: value }));
154 setEndorsementErrors((prev) => {
155 if (!prev[key]) return prev;
156 const next = { ...prev };
157 delete next[key];
158 return next;
159 });
160 };
161
162 const validateEndorsementFields = (): boolean => {
163 const errors: Record<string, string> = {};
164 for (const field of endorsementFields) {
165 const value = endorsementValues[field.fieldKey];
166 if (field.type === "boolean") {
167 if (field.required && value !== true) errors[field.fieldKey] = t("This field is required");
168 continue;
169 }
170 const empty = value === undefined || value === null || (typeof value === "string" && value.trim() === "");
171 if (field.required && empty) errors[field.fieldKey] = t("This field is required");
172 }
173 setEndorsementErrors(errors);
174 return Object.keys(errors).length === 0;
175 };
176
177 const handleSubmit = async (e: React.FormEvent) => {
178 e.preventDefault();
179 if (!policy) return;
180
181 if (!validateEndorsementFields()) {
182 setSubmitError(t("Please complete the required fields below."));
183 return;
184 }
185
186 try {
187 setSaving(true);
188 setSubmitError(null);
189
190 const payload = {
191 quoteId,
192 effectiveDate,
193 productPlanName: selectedPlanName || policy.productPlanName,
194 ...(endorsementFields.length > 0 ? { endorsementFieldValues: endorsementValues } : {}),
195 };
196
197 const response = await api.patch(`/policies/${policy.policyId}`, payload, {
198 sherpaAdmin: false,
199 });
200
201 if (response.data.status === "success") {
202 showSuccessToast(t("Policy updated successfully"));
203 sessionStorage.removeItem(`policy_${policyId}`);
204 const newVersion = response.data.data?.version;
205 const versionParam = newVersion ? `?version=${newVersion}` : "";
206 router.push(`${portal}/policies/${policyId}${versionParam}`);
207 }
208 } catch (error: unknown) {
209 const msg = (error as { response?: { data?: { error?: { message?: string } } }{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"endorsementFieldValues\" src/schemas/plus/policyOrder.schemas.ts"}(Bash completed with no output)
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/schemas/plus/policyOrder.schemas.ts","limit":100}1 /**
2 * Shared schemas for policy order related endpoints
3 */
4
5 import { Type } from '@sinclair/typebox';
6 import { NullableInteger, NullableIsoDate } from '@/schemas/typebox/_helpers.js';
7 import { PolicyStatusLifecycleCategory } from '@/models/OrganizationPolicyStatus.js';
8
9 // Lifecycle category names resolve to the org's default code; plus the
10 // non-default system status codes that aren't category names (e.g.
11 // `awaiting_acceptance`, a PENDING-category code for offer drafts) so they can
12 // be filtered explicitly.
13 const EXTRA_STATUS_CODES = ['awaiting_acceptance'];
14 const STATUS_TOKENS = [...Object.values(PolicyStatusLifecycleCategory), ...EXTRA_STATUS_CODES].join('|');
15 const STATUS_FILTER_PATTERN = `^(${STATUS_TOKENS})(,(${STATUS_TOKENS}))*$`;
16
17 export const getPoliciesQuerystringSchema = Type.Object({
18 userId: Type.Optional(Type.String({ format: 'uuid', description: 'Filter by user ID', example: '550e8400-e29b-41d4-a716-446655440000' })),
19 status: Type.Optional(Type.String({ pattern: STATUS_FILTER_PATTERN, description: 'Filter by policy status (comma-separated for multiple)', example: 'active' })),
20 productName: Type.Optional(Type.String({ description: 'Filter by product name (comma-separated for multiple)', example: 'auto-comprehensive' })),
21 clientId: Type.Optional(Type.Integer({ description: 'Filter by client ID', example: 12345 })),
22 quoteId: Type.Optional(Type.String({ description: 'Filter by quote ID', example: 'QUO-2026-001234' })),
23 policyNumber: Type.Optional(Type.String({ description: 'Filter by policy number', example: 'POL-2026-001234' })),
24 issueDateFrom: Type.Optional(Type.String({ format: 'date', description: 'Filter policies issued on or after this date (YYYY-MM-DD)', example: '2026-01-01' })),
25 issueDateTo: Type.Optional(Type.String({ format: 'date', description: 'Filter policies issued on or before this date (YYYY-MM-DD)', example: '2026-04-25' })),
26 inceptionDateFrom: Type.Optional(Type.String({ format: 'date', description: 'Filter policies with inception on or after this date (YYYY-MM-DD)', example: '2026-01-01' })),
27 inceptionDateTo: Type.Optional(Type.String({ format: 'date', description: 'Filter policies with inception on or before this date (YYYY-MM-DD)', example: '2026-04-25' })),
28 expiryDateFrom: Type.Optional(Type.String({ format: 'date', description: 'Filter policies expiring on or after this date (YYYY-MM-DD)', example: '2027-01-01' })),
29 expiryDateTo: Type.Optional(Type.String({ format: 'date', description: 'Filter policies expiring on or before this date (YYYY-MM-DD)', example: '2027-12-31' })),
30 page: Type.Optional(Type.Integer({ description: 'Page number for pagination', example: 1 })),
31 limit: Type.Optional(Type.Integer({ description: 'Number of items per page', example: 25 })),
32 sortField: Type.Optional(Type.String({ enum: ['policyNumber', 'productName', 'status', 'inceptionDate', 'expiryDate', 'issueDate', 'createdAt', 'customerName', 'customerEmail'], description: 'Field to sort by', example: 'inceptionDate' })),
33 sortOrder: Type.Optional(Type.String({ enum: ['asc', 'desc'], description: 'Sort direction', example: 'desc' })),
34 transactionType: Type.Optional(Type.String({ enum: ['NEW_BUSINESS', 'RENEWAL', 'ENDORSEMENT', 'CANCELLATION'], description: 'Filter by transaction type', example: 'RENEWAL' })),
35 country: Type.Optional(Type.String({ description: 'Filter by country (comma-separated for multiple)', example: 'US,NO' })),
36 });
37
38 export const policyIdParamsSchema = Type.Object({
39 policyId: Type.String({ description: 'The ID of the policy', example: 'POL-2026-001234' }),
40 });
41
42 export const getPolicyByIdQuerystringSchema = Type.Object({
43 version: Type.Optional(Type.Integer({ description: 'Specific version number to retrieve. If not provided, returns the current effective version (effectiveDate <= today)', example: 2 })),
44 });
45
46 export const policyOrderIdParamsSchema = Type.Object({
47 policyOrderId: Type.String({ description: 'The ID of the policy order', example: '550e8400-e29b-41d4-a716-446655440000' }),
48 });
49
50 export const updatePolicyOrderBodySchema = Type.Object({
51 quoteId: Type.Optional(Type.String({ format: 'uuid', description: 'New quote ID to use for the endorsement - insurance data will be fetched from this quote', example: '550e8400-e29b-41d4-a716-446655440000' })),
52 productPlanName: Type.Optional(Type.String({ description: 'Product plan name (optional, will use from quote or existing policy)', example: 'auto-comprehensive-premium' })),
53 paymentFrequency: Type.Optional(Type.String({ enum: ['year', 'month', 'quarter', 'one-time', 'day'], description: 'Payment frequency (optional, will use from quote or existing policy)', example: 'month' })),
54 effectiveDate: Type.String({ format: 'date', description: 'Effective date of the endorsement', example: '2026-04-25' }),
55 policyNumber: Type.Optional(Type.String({ description: 'Policy number override', example: 'POL-2026-001234' })),
56 currency: Type.Optional(Type.String({ maxLength: 3, description: 'Currency code override (e.g. USD, EUR)', example: 'EUR' })),
57 inceptionDate: Type.Optional(Type.String({ format: 'date', description: 'Policy inception date override', example: '2026-04-25' })),
58 issueDate: Type.Optional(Type.String({ format: 'date', description: 'Policy issue date override', example: '2026-04-25' })),
59 expiryDate: Type.Optional(Type.String({ format: 'date', description: 'Policy expiry date override', example: '2027-04-25' })),
60 });
61
62 export const policyChartDataQuerystringSchema = Type.Object({
63 startDate: Type.String({ format: 'date', description: 'Start date for the chart (YYYY-MM-DD)', example: '2026-01-01' }),
64 endDate: Type.String({ format: 'date', description: 'End date for the chart (YYYY-MM-DD)', example: '2026-04-25' }),
65 productName: Type.Optional(Type.String({ description: 'Filter by product name (comma-separated for multiple, optional)', example: 'auto-comprehensive' })),
66 country: Type.Optional(Type.String({ description: 'Filter by country code (comma-separated for multiple, optional)', example: 'ES' })),
67 groupBy: Type.Optional(Type.String({ enum: ['day', 'month', 'year'], description: 'Group by period (default: day)', example: 'month' })),
68 organizationId: Type.Optional(Type.String({ format: 'uuid', description: 'Narrow chart to a single descendant organization (must be in caller\'s scope).' })),
69 });
70
71 export const endorsementQuoteBodySchema = Type.Object({
72 parameters: Type.Optional(Type.Object({}, { additionalProperties: true, description: 'Override policy parameters (merged with existing policy parameters)', example: { vehicleValue: 18500 } })),
73 selectedCoverages: Type.Optional(Type.Array(
74 Type.Object({
75 coverageId: Type.Integer({ example: 12 }),
76 optionId: NullableInteger({ example: 3 }),
77 parameters: Type.Optional(Type.Object({}, { additionalProperties: true, example: { deductible: 500 } })),
78 }),
79 {
80 description: 'Selected coverages for the endorsement',
81 example: [{ coverageId: 12, optionId: 3, parameters: { deductible: 500 } }],
82 },
83 )),
84 effectiveDate: Type.String({ format: 'date', description: 'When the endorsement takes effect', example: '2026-04-25' }),
85 paymentFrequency: Type.Optional(Type.String({ enum: ['year', 'month', 'quarter', 'one-time', 'day'], description: 'Override payment frequency (defaults to current policy frequency)', example: 'month' })),
86 productPlanName: Type.Optional(Type.String({ description: 'Override product plan (defaults to current policy plan)', example: 'auto-comprehensive-premium' })),
87 showCoverages: Type.Optional(Type.Boolean({ description: 'Include{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"endorsePolicy\\|endorsementField\" src/schemas/plus/policyOrder.schemas.ts"}(Bash completed with no output)
{"command":"grep -n \"endorsement-fields\\|Endorsement Fields\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/AppLayout.tsx | head -20"}264: name: t('Endorsement Fields'),
265: href: `/products/${productId}/endorsement-fields`,
267: key: "endorsement-fields",
346: "endorsement-fields": "configure",{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -rn \"endorsePolicy\" src/routes/ --include=\"*.ts\" | head -20"}src/routes/policyRoutes.ts:3:import { createPolicyOrderFromQuote, createPolicyOrderFromPremium, cancelPolicy, getPolicies, getPolicyById, getPoliciesByExternalClientId, getPolicyVersions, endorsePolicy, customerEndorsementQuote, directUpdatePolicyOrder, batchUpdatePolicyOrders, previewPolicySuspension, suspendPolicy, previewPolicyReinstatement, reinstatePolicy } from '@/controllers/policyOrderController.js';
src/routes/policyRoutes.ts:18: endorsePolicyBodySchema,
src/routes/policyRoutes.ts:273: body: endorsePolicyBodySchema,
src/routes/policyRoutes.ts:287: return await endorsePolicy(request, reply);{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"endorsePolicyBodySchema\" src/schemas/plus/policyOrder.schemas.ts"}(Bash completed with no output)
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","offset":948,"limit":30}948 <dl className="space-y-2 text-sm">
949 {Object.entries(policy.endorsementFieldValues).map(([key, value]) => {
950 const configuredLabel = policy.endorsementFields?.find((f) => f.fieldKey === key)?.label;
951 const label =
952 configuredLabel ||
953 key
954 .replace(/([A-Z])/g, " $1")
955 .replace(/[_-]+/g, " ")
956 .replace(/^./, (c) => c.toUpperCase())
957 .trim();
958 return (
959 <div key={key} className="flex justify-between gap-4 border-b border-gray-100 pb-2 last:border-0">
960 <dt className="text-gray-600">{label}</dt>
961 <dd className="text-right font-medium text-gray-900" data-testid={`endorsement-detail-${key}`}>
962 {typeof value === "boolean" ? (value ? t('Yes') : t('No')) : String(value)}
963 </dd>
964 </div>
965 );
966 })}
967 </dl>
968 </div>
969 </div>
970 )}
971 {/* Policy Dates */}
972 <div className="border-t border-b border-gray-200 bg-white sm:rounded-lg sm:border sm:shadow-sm">
973 <div className="border-b border-gray-100 bg-gradient-to-r from-gray-50 to-white p-4 sm:rounded-t-lg">
974 <h2 className="text-lg font-medium text-gray-900">{t('Important Dates')}</h2>
975 </div>
976 <div className="p-6">
977 <div className="space-y-3">{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -rn \"endorsePolicyBodySchema\" src/ --include=\"*.ts\" | head -5"}src/schemas/policy.schemas.ts:532:export const endorsePolicyBodySchema = Type.Object({
src/schemas/policy.schemas.ts:571:export type EndorsePolicyBody = Static<typeof endorsePolicyBodySchema>;
src/controllers/productApiController.ts:22: endorsePolicyBodySchema,
src/controllers/productApiController.ts:901: schema: endorsePolicyBodySchema,
src/routes/policyRoutes.ts:18: endorsePolicyBodySchema,{"command":"grep -n \"EndorsementFieldDef\\|EndorsementQuoteResponse\" /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/types/config.ts | head -20"}27:export interface EndorsementFieldDef {
37:export interface EndorsementQuoteResponse {
39: endorsementFields?: EndorsementFieldDef[];{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/schemas/policy.schemas.ts","offset":532,"limit":50}532 export const endorsePolicyBodySchema = Type.Object({
533 quoteId: Type.String({
534 description:
535 "UUID of a freshly-created quote (POST /v1/quote) that carries the new parameters/coverages for this endorsement. The quote's insurance JSON is copied onto the new policy version and used for re-pricing.",
536 example: EXAMPLE_QUOTE_ID,
537 }),
538 effectiveDate: Type.String({
539 format: 'date',
540 description:
541 'Date the endorsement takes effect (YYYY-MM-DD). Pricing adjustments are pro-rated from this date to expiry.',
542 example: EXAMPLE_INCEPTION_DATE,
543 }),
544 productPlanName: Type.Optional(
545 Type.String({
546 description:
547 "Optional plan override. Defaults to the active policy version's plan, then to the quote's plan.",
548 example: 'standard',
549 }),
550 ),
551 paymentFrequency: Type.Optional(
552 Type.String({
553 enum: PAYMENT_FREQUENCY_ENUM,
554 description: "Optional billing cadence override. Defaults to the active policy version's frequency.",
555 example: 'month',
556 }),
557 ),
558 endorsementFieldValues: Type.Optional(
559 Type.Object(
560 {},
561 {
562 additionalProperties: true,
563 description:
564 "Values for the product's custom endorsement fields, keyed by field key. Validated server-side against the active field config — a missing required field rejects the submit (400). Persisted on the new policy version.",
565 example: { reasonForChange: 'Customer moved address' },
566 },
567 ),
568 ),
569 });
570
571 export type EndorsePolicyBody = Static<typeof endorsePolicyBodySchema>;
572
573 const CustomerEndorsementSelectedCoverageSchema = Type.Object(
574 {
575 coverageId: Type.Integer({ description: 'Coverage ID.', example: 12 }),
576 optionId: NullableInteger({
577 description: 'Option ID, or null for default.',
578 example: 3,
579 }),
580 parameters: Type.Optional(
581 Type.Object({"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/types/config.ts","offset":26,"limit":40}26 // returned on the endorsement-quote response (#457).
27 export interface EndorsementFieldDef {
28 fieldKey: string;
29 label: string;
30 helpText: string | null;
31 type: 'string' | 'number' | 'date' | 'boolean' | 'select' | 'textarea';
32 required: boolean;
33 options: { value: string; label: string }[] | null;
34 validationPattern: string | null;
35 }
36
37 export interface EndorsementQuoteResponse {
38 quoteId: string;
39 endorsementFields?: EndorsementFieldDef[];
40 endorsementFieldValues?: Record<string, unknown>;
41 currentPolicy?: { policyNumber?: string | null; productName?: string } | null;
42 }
43
44 // Quote/policy acceptance page (GET /v1/policy-acceptance/:policyId).
45 export interface AcceptanceItem {
46 id: number;
47 itemType: 'parameter' | 'price' | 'coverage' | 'terms' | 'plan' | 'static_text';
48 label: string | null;
49 value?: string | null;
50 html?: string | null;
51 required: boolean;
52 displayOptions?: { mask?: 'last4' | 'email' | 'none'; emphasize?: boolean; hideIfEmpty?: boolean } | null;
53 }
54
55 export interface AcceptanceCategory {
56 id: number;
57 label: string | null;
58 description: string | null;
59 items: AcceptanceItem[];
60 }
61
62 export interface AcceptancePage {
63 id: number;
64 label: string | null;
65 description: string | null;{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts","offset":[68,105]}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts","offset":68,"limit":40}{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/PolicyQuoteForm.tsx","offset":145,"limit":30}68 // Coerce + validate a single non-boolean value against its field definition.
69 function normalizeScalar(field: _EndorsementField, raw: unknown): unknown {
70 switch (field.type) {
71 case 'number': {
72 const n = typeof raw === 'number' ? raw : Number(raw);
73 if (!Number.isFinite(n)) throw new StatusError(400, `Endorsement field "${field.label}" must be a number`);
74 return n;
75 }
76 case 'date': {
77 const s = String(raw);
78 if (!/^\d{4}-\d{2}-\d{2}$/.test(s) || Number.isNaN(Date.parse(s))) {
79 throw new StatusError(400, `Endorsement field "${field.label}" must be a valid date (YYYY-MM-DD)`);
80 }
81 return s;
82 }
83 case 'select': {
84 const s = String(raw);
85 const allowed = (field.options ?? []).map((o) => o.value);
86 if (!allowed.includes(s)) throw new StatusError(400, `Endorsement field "${field.label}" has an invalid selection`);
87 return s;
88 }
89 default: {
90 // string | textarea
91 const s = String(raw);
92 if (field.validationPattern) {
93 let re: RegExp;
94 try {
95 re = new RegExp(field.validationPattern);
96 } catch {
97 // Invalid stored pattern can't validate the value; rejected at save time.
98 return s;
99 }
100 if (!re.test(s)) throw new StatusError(400, `Endorsement field "${field.label}" has an invalid format`);
101 }
102 return s;
103 }
104 }
105 }
106
107 // Validate submitted values against the product's active field config and145
146 export interface EndorsementFieldDef {
147 fieldKey: string;
148 label: string;
149 helpText: string | null;
150 type: string;
151 required: boolean;
152 options: { value: string; label: string }[] | null;
153 validationPattern: string | null;
154 source?: string;
155 dataModelFieldName?: string | null;
156 order?: number;
157 }
158
159 interface QuoteResponse {
160 quoteId: string;
161 insurance: InsuranceData;
162 parameters?: Record<string, unknown>;
163 bundleDiscount?: BundleDiscount | null;
164 endorsementAdjustments?: EndorsementAdjustments;
165 currentPolicy?: CurrentPolicy;
166 endorsementFields?: EndorsementFieldDef[];
167 endorsementFieldValues?: Record<string, unknown>;
168 }
169
170 interface PolicyQuoteFormProps {
171 policyOrderId: string;
172 productName: string;
173 activePlanName: string;
174 quoteId: string;{"command":"grep -n \"source\\|dataModelFieldName\\|\\.order\" /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx"}(Bash completed with no output)
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -rn \"endorsementField\" src/controllers/policyOrderController.ts | grep -v \"import\\|//\" | head -20"}src/controllers/policyOrderController.ts:73:} from '@/services/endorsementFieldService.js';
src/controllers/policyOrderController.ts:1171: const endorsementFieldDefs = await getActiveEndorsementFields(request, activePolicy.productId);
src/controllers/policyOrderController.ts:1172: const endorsementFieldLocale = getLocaleFromHeader(request);
src/controllers/policyOrderController.ts:1173: const endorsementFieldOverrides =
src/controllers/policyOrderController.ts:1176: endorsementFieldDefs,
src/controllers/policyOrderController.ts:1177: endorsementFieldLocale,
src/controllers/policyOrderController.ts:1178: endorsementFieldOverrides,
src/controllers/policyOrderController.ts:1221: resWithFields.endorsementFields = resolvedEndorsementFields;
src/controllers/policyOrderController.ts:1222: resWithFields.endorsementFieldValues = activePolicy.endorsementFieldValues ?? {};
src/controllers/policyOrderController.ts:1238: endorsementFieldValues?: Record<string, unknown>;
src/controllers/policyOrderController.ts:1297: const endorsementFields = await getActiveEndorsementFields(request, policyOrder.productId);
src/controllers/policyOrderController.ts:1299: endorsementFields,
src/controllers/policyOrderController.ts:1300: request.body.endorsementFieldValues,
src/controllers/policyOrderController.ts:1432: endorsementFieldValues: endorsementFields.length > 0 && request.body.endorsementFieldValues != null
src/controllers/policyOrderController.ts:1434: : ((oldPolicyData.endorsementFieldValues as Record<string, unknown> | null) ?? null),
src/controllers/policyOrderController.ts:2422: const endorsementFieldDefs = await getActiveEndorsementFields(request, policyOrder.productId);
src/controllers/policyOrderController.ts:2423: policyData.endorsementFields = resolveEndorsementFieldsForLocale(
src/controllers/policyOrderController.ts:2424: endorsementFieldDefs,{"command":"npx tsc --noEmit 2>&1 | head -100"}(Bash completed with no output)
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":2116,"limit":20}2116 const productRelationData = policyData.productRelation as Record<string, unknown> | undefined;
2117 if (policyData.productRelation) {
2118 delete policyData.productRelation;
2119 }
2120
2121 if (policyData.requestHeaders) {
2122 delete policyData.requestHeaders;
2123 }
2124
2125 if (policyData.requestBody) {
2126 delete policyData.requestBody;
2127 }
2128
2129 if (policyData.network) {
2130 delete policyData.network;
2131 }
2132 // Commission tax is internal financial data — not exposed on customer-facing endpoints
2133 delete policyData.commissionTax;
2134 delete policyData.adjustmentCommissionTax;
2135 {"command":"npx tsc --noEmit 2>&1 | head -100"}{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && find . -name \"*migration*\" -type f | grep -i \"endorsement\" | head -10"}(Bash completed with no output)
(Bash completed with no output)
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && find ./migrations -name \"*.sql\" | sort | tail -10"}find: ./migrations: No such file or directory
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/PolicyQuoteForm.tsx","offset":[620,650]}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/PolicyQuoteForm.tsx","offset":620,"limit":40}620 },
621 [
622 policyOrderId,
623 effectiveDate,
624 paymentFrequency,
625 onQuoteIdUpdate,
626 onInsuranceUpdate,
627 onEndorsementFieldsLoaded,
628 isCustomerPortal,
629 t,
630 ]
631 );
632
633 const scheduleRecalculation = useCallback(
634 (planKey: string) => {
635 if (recalcTimerRef.current) {
636 clearTimeout(recalcTimerRef.current);
637 }
638 recalcTimerRef.current = setTimeout(() => {
639 recalculateForPlan(planKey);
640 }, 800);
641 },
642 [recalculateForPlan]
643 );
644
645 // Cleanup timer on unmount
646 useEffect(() => {
647 return () => {
648 if (recalcTimerRef.current) clearTimeout(recalcTimerRef.current);
649 };
650 }, []);
651
652 const handleInputChange = (path: string, value: unknown) => {
653 setFormValues((prev) => setValueAtPath(prev, path, value));
654 };
655
656 const handleCoverageChange = (
657 productKey: string,
658 planKey: string,
659 coverageIndex: number,{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && find . -type d -name \"*migrat*\" 2>/dev/null"}./.claude/skills/product-versioning-migration ./src/domains/lens/migrations ./src/db/migrations
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && ls -la src/db/migrations/ | tail -20"}-rw-r--r--@ 1 bakker staff 409 May 31 14:20 2026.05.24T00.00.01.add-product-source-locale.ts -rw-r--r--@ 1 bakker staff 434 May 31 14:20 2026.05.24T00.00.02.add-organization-supported-locales.ts -rw-r--r--@ 1 bakker staff 510 May 31 14:20 2026.05.24T00.00.03.drop-organization-supported-locales.ts -rw-r--r--@ 1 bakker staff 2198 May 31 14:20 2026.05.25T00.00.01.scope-mode-strict-by-default-rls.ts -rw-r--r--@ 1 bakker staff 1356 May 31 14:20 2026.05.26T00.00.01.add-org-read-at-to-messages.ts -rw-r--r--@ 1 bakker staff 706 May 31 14:20 2026.05.26T00.00.02.add-policy-status-label-translations.ts -rw-r--r--@ 1 bakker staff 740 May 31 14:20 2026.05.27T00.00.01.add-quote-email-template-type.ts -rw-r--r--@ 1 bakker staff 5301 May 31 14:20 2026.05.27T00.00.02.seed-quote-email-template.ts -rw-r--r--@ 1 bakker staff 3922 May 31 14:20 2026.05.27T00.00.03.widen-name-address-patterns-to-unicode.ts -rw-r--r--@ 1 bakker staff 1976 May 31 14:20 2026.05.27T00.00.04.seed-awaiting-acceptance-policy-status.ts -rw-r--r--@ 1 bakker staff 6673 May 31 14:20 2026.05.27T00.00.05.create-policy-acceptance-configs.ts -rw-r--r--@ 1 bakker staff 456 May 31 14:20 2026.05.28T00.00.00.add-collects-payment-on-import-to-products.ts -rw-r--r--@ 1 bakker staff 1229 May 31 14:20 2026.05.28T00.00.01.add-payment-invite-email-template-type.ts -rw-r--r--@ 1 bakker staff 1614 May 31 14:20 2026.05.29T00.00.01.add-policy-customer-language.ts -rw-r--r--@ 1 bakker staff 1602 May 31 14:20 2026.05.29T00.00.02.add-message-translation-fields.ts -rw-r--r--@ 1 bakker staff 2868 May 31 14:20 2026.05.30T00.00.00.create-payout-category-and-fields.ts -rw-r--r--@ 1 bakker staff 2492 May 31 14:20 2026.05.30T00.00.01.localize-default-checkout-premium-prefix.ts -rw-r--r--@ 1 bakker staff 3857 May 31 14:34 2026.05.31T00.00.00.create-endorsement-fields.ts -rw-r--r--@ 1 bakker staff 3032 May 31 14:20 abandonedPolicyStatus.apitest.ts drwxr-xr-x@ 3 bakker staff 96 May 31 14:20 seed
{"command":"grep -n \"endorsementValues\\|endorsementErrors\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx | head -30"}(eval):1: no matches found: /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx
{"command":"grep -n \"endorsementValues\\|endorsementErrors\" \"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx\" | head -30"}99: const [endorsementValues, setEndorsementValues] = useState<Record<string, unknown>>({});
100: const [endorsementErrors, setEndorsementErrors] = useState<Record<string, string>>({});
165: const value = endorsementValues[field.fieldKey];
194: ...(endorsementFields.length > 0 ? { endorsementFieldValues: endorsementValues } : {}),
337: values={endorsementValues}
338: errors={endorsementErrors}{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/db/migrations/2026.05.31T00.00.00.create-endorsement-fields.ts"}1 import type { MigrationFn } from 'umzug';
2 import { QueryInterface, DataTypes } from 'sequelize';
3
4 // Custom additional fields collected during an endorsement (#457).
5 // EndorsementFields holds the per-product field configuration (the
6 // field-builder rows); PolicyOrders.endorsementFieldValues stores the values
7 // captured against each endorsement version so they persist in policy history
8 // and are available to rules / exports / templates.
9 export const up: MigrationFn<QueryInterface> = async ({ context }) => {
10 await context.createTable('EndorsementFields', {
11 id: {
12 type: DataTypes.UUID,
13 primaryKey: true,
14 defaultValue: DataTypes.UUIDV4,
15 },
16 organizationId: {
17 type: DataTypes.UUID,
18 allowNull: false,
19 references: {
20 model: 'Organizations',
21 key: 'id',
22 },
23 },
24 productId: {
25 type: DataTypes.INTEGER,
26 allowNull: false,
27 references: {
28 model: 'Products',
29 key: 'id',
30 },
31 onDelete: 'CASCADE',
32 },
33 fieldKey: {
34 type: DataTypes.STRING(64),
35 allowNull: false,
36 },
37 label: {
38 type: DataTypes.STRING(255),
39 allowNull: false,
40 },
41 helpText: {
42 type: DataTypes.STRING(500),
43 allowNull: true,
44 },
45 type: {
46 type: DataTypes.ENUM('string', 'number', 'date', 'boolean', 'select', 'textarea'),
47 allowNull: false,
48 },
49 required: {
50 type: DataTypes.BOOLEAN,
51 allowNull: false,
52 defaultValue: false,
53 },
54 options: {
55 type: DataTypes.JSONB,
56 allowNull: true,
57 },
58 validationPattern: {
59 type: DataTypes.STRING(255),
60 allowNull: true,
61 },
62 source: {
63 type: DataTypes.ENUM('adhoc', 'datamodel'),
64 allowNull: false,
65 defaultValue: 'adhoc',
66 },
67 dataModelFieldName: {
68 type: DataTypes.STRING(128),
69 allowNull: true,
70 },
71 order: {
72 type: DataTypes.INTEGER,
73 allowNull: false,
74 defaultValue: 0,
75 },
76 active: {
77 type: DataTypes.BOOLEAN,
78 allowNull: false,
79 defaultValue: true,
80 },
81 createdAt: {
82 type: DataTypes.DATE,
83 allowNull: false,
84 defaultValue: DataTypes.NOW,
85 },
86 updatedAt: {
87 type: DataTypes.DATE,
88 allowNull: false,
89 defaultValue: DataTypes.NOW,
90 },
91 });
92
93 await context.addIndex('EndorsementFields', ['organizationId', 'productId', 'active', 'order'], {
94 name: 'idx_endorsement_fields_org_product_active',
95 });
96
97 // A field key is unique within a product so values map unambiguously.
98 await context.addIndex('EndorsementFields', ['organizationId', 'productId', 'fieldKey'], {
99 name: 'idx_endorsement_fields_unique_key',
100 unique: true,
101 });
102
103 await context.sequelize.query(`ALTER TABLE "EndorsementFields" ENABLE ROW LEVEL SECURITY`);
104 await context.sequelize.query(`ALTER TABLE "EndorsementFields" FORCE ROW LEVEL SECURITY`);
105 await context.sequelize.query(`
106 CREATE POLICY tenant_isolation ON "EndorsementFields"
107 FOR ALL
108 USING (
109 NULLIF(current_setting('app.current_organization', true), '') IS NULL
110 OR "organizationId" = NULLIF(current_setting('app.current_organization', true), '')::uuid
111 )
112 `);
113
114 const appUser = process.env.DB_APP_USER;
115 if (appUser) {
116 await context.sequelize.query(`GRANT SELECT, INSERT, UPDATE, DELETE ON "EndorsementFields" TO ${appUser}`);
117 }
118
119 // Captured ad-hoc field values for this policy version. JSONB so rules,
120 // exports and templates can read individual keys; carried forward onto each
121 // new endorsement version unless the submit supplies fresh values.
122 await context.addColumn('PolicyOrders', 'endorsementFieldValues', {
123 type: DataTypes.JSONB,
124 allowNull: true,
125 });
126 };
127
128 export const down: MigrationFn<QueryInterface> = async () => {
129 // Down migration not implemented - forward-only deployment
130 };
131 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/EndorsementCustomFields.tsx","offset":[33,40]}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/EndorsementCustomFields.tsx","offset":33,"limit":5}33 }: EndorsementCustomFieldsProps) {
34 const t = useTranslation();
35 if (!fields || fields.length === 0) return null;
36
37 return ({"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -A 15 \"if (policyOrder.productId)\" src/controllers/policyOrderController.ts | grep -A 15 \"2422:\" | head -20"}(Bash completed with no output)
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":2419,"limit":15}2419 // Resolved custom endorsement field definitions (localised) so the portal can
2420 // render captured values with their proper labels in policy detail/history (#457).
2421 if (policyOrder.productId) {
2422 const endorsementFieldDefs = await getActiveEndorsementFields(request, policyOrder.productId);
2423 policyData.endorsementFields = resolveEndorsementFieldsForLocale(
2424 endorsementFieldDefs,
2425 getLocaleFromHeader(request),
2426 (productRelationData?.translationOverrides as Record<string, Record<string, string>> | null | undefined) ?? null,
2427 );
2428 }
2429
2430 return {
2431 status: 'success',
2432 data: policyData,
2433 };{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","offset":[177,215]}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","offset":177,"limit":40}177 const handleSubmit = async (e: React.FormEvent) => {
178 e.preventDefault();
179 if (!policy) return;
180
181 if (!validateEndorsementFields()) {
182 setSubmitError(t("Please complete the required fields below."));
183 return;
184 }
185
186 try {
187 setSaving(true);
188 setSubmitError(null);
189
190 const payload = {
191 quoteId,
192 effectiveDate,
193 productPlanName: selectedPlanName || policy.productPlanName,
194 ...(endorsementFields.length > 0 ? { endorsementFieldValues: endorsementValues } : {}),
195 };
196
197 const response = await api.patch(`/policies/${policy.policyId}`, payload, {
198 sherpaAdmin: false,
199 });
200
201 if (response.data.status === "success") {
202 showSuccessToast(t("Policy updated successfully"));
203 sessionStorage.removeItem(`policy_${policyId}`);
204 const newVersion = response.data.data?.version;
205 const versionParam = newVersion ? `?version=${newVersion}` : "";
206 router.push(`${portal}/policies/${policyId}${versionParam}`);
207 }
208 } catch (error: unknown) {
209 const msg = (error as { response?: { data?: { error?: { message?: string } } } })?.response
210 ?.data?.error?.message;
211 setSubmitError(msg || t("Failed to update policy"));
212 } finally {
213 setSaving(false);
214 }
215 };
216 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts","offset":10,"limit":60}10 export async function getActiveEndorsementFields(
11 request: FastifyRequest,
12 productId: number,
13 ): Promise<_EndorsementField[]> {
14 return EndorsementField.findAll(request, {
15 where: { productId, active: true },
16 order: [['order', 'ASC'], ['createdAt', 'ASC']],
17 });
18 }
19
20 export interface ResolvedEndorsementField {
21 fieldKey: string;
22 label: string;
23 helpText: string | null;
24 type: string;
25 required: boolean;
26 options: { value: string; label: string }[] | null;
27 validationPattern: string | null;
28 source: string;
29 dataModelFieldName: string | null;
30 order: number;
31 }
32
33 // Resolve labels/options/help text for a locale via the product's LMT
34 // translation overrides, mirroring how form-parameter and acceptance labels are
35 // localised. Returns a lean shape the portal + embed render directly.
36 export function resolveEndorsementFieldsForLocale(
37 fields: _EndorsementField[],
38 locale: string | null,
39 overrides: TranslationOverrides,
40 ): ResolvedEndorsementField[] {
41 const loc = locale ?? 'en';
42 const tr = (s: string): string => translateTemplateString(s, loc, overrides);
43 return fields.map((f) => ({
44 fieldKey: f.fieldKey,
45 label: tr(f.label),
46 helpText: f.helpText ? tr(f.helpText) : null,
47 type: f.type,
48 required: f.required,
49 options: f.options ? f.options.map((o) => ({ value: o.value, label: tr(o.label) })) : null,
50 validationPattern: f.validationPattern,
51 source: f.source,
52 dataModelFieldName: f.dataModelFieldName,
53 order: f.order,
54 }));
55 }
56
57 function isEmpty(value: unknown): boolean {
58 return value === undefined || value === null || (typeof value === 'string' && value.trim() === '');
59 }
60
61 function coerceBoolean(value: unknown): boolean | undefined {
62 if (typeof value === 'boolean') return value;
63 if (value === 'true' || value === '1') return true;
64 if (value === 'false' || value === '0') return false;
65 return undefined;
66 }
67
68 // Coerce + validate a single non-boolean value against its field definition.
69 function normalizeScalar(field: _EndorsementField, raw: unknown): unknown {{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx","offset":[59,86]}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx","offset":59,"limit":30}59 const validate = (): boolean => {
60 const next: Record<string, string> = {};
61 for (const field of fields) {
62 const value = values[field.fieldKey];
63 if (field.type === 'boolean') {
64 if (field.required && value !== true) next[field.fieldKey] = t('This field is required');
65 continue;
66 }
67 const empty = value === undefined || value === null || (typeof value === 'string' && value.trim() === '');
68 if (field.required && empty) next[field.fieldKey] = t('This field is required');
69 }
70 setErrors(next);
71 return Object.keys(next).length === 0;
72 };
73
74 const submit = async (e: React.FormEvent) => {
75 e.preventDefault();
76 if (!validate()) return;
77 try {
78 setSubmitting(true);
79 await apiClient.submitEndorsement(policyId, { quoteId, effectiveDate, endorsementFieldValues: values });
80 setDone(true);
81 } catch (err) {
82 onError(err instanceof Error ? err.message : t('Failed to submit endorsement'));
83 } finally {
84 setSubmitting(false);
85 }
86 };
87
88 if (loading) {{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts","offset":107,"limit":35}107 // Validate submitted values against the product's active field config and
108 // return the normalised map to persist. Throws 400 on a missing required field
109 // or a value that fails its type / pattern / option constraints. Only values
110 // for configured fields are kept — arbitrary extra keys are dropped.
111 export function validateAndNormalizeEndorsementFieldValues(
112 fields: _EndorsementField[],
113 rawValues: Record<string, unknown> | null | undefined,
114 ): Record<string, unknown> {
115 const values = rawValues ?? {};
116 const normalized: Record<string, unknown> = {};
117
118 for (const field of fields) {
119 const raw = values[field.fieldKey];
120
121 if (field.type === 'boolean') {
122 // Booleans render as a single checkbox in both flows, so a *required*
123 // boolean has consent semantics: it must be explicitly checked (true).
124 const coerced = coerceBoolean(raw);
125 if (field.required && coerced !== true) {
126 throw new StatusError(400, `Endorsement field "${field.label}" must be accepted`);
127 }
128 if (coerced !== undefined) normalized[field.fieldKey] = coerced;
129 continue;
130 }
131
132 if (isEmpty(raw)) {
133 if (field.required) throw new StatusError(400, `Endorsement field "${field.label}" is required`);
134 continue;
135 }
136
137 normalized[field.fieldKey] = normalizeScalar(field, raw);
138 }
139
140 return normalized;
141 }{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","offset":162,"limit":15}162 const validateEndorsementFields = (): boolean => {
163 const errors: Record<string, string> = {};
164 for (const field of endorsementFields) {
165 const value = endorsementValues[field.fieldKey];
166 if (field.type === "boolean") {
167 if (field.required && value !== true) errors[field.fieldKey] = t("This field is required");
168 continue;
169 }
170 const empty = value === undefined || value === null || (typeof value === "string" && value.trim() === "");
171 if (field.required && empty) errors[field.fieldKey] = t("This field is required");
172 }
173 setEndorsementErrors(errors);
174 return Object.keys(errors).length === 0;
175 };
176 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":[1290,1310]}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":1290,"limit":20}1290 if (!editSetting || editSetting.value !== true) {
1291 throw new StatusError(403, 'Endorsements are not enabled for this product');
1292 }
1293
1294 // Validate the submitted custom endorsement field values against the
1295 // product's active field config before any pricing work — a missing required
1296 // field rejects the submit (400). Persisted on the new version below (#457).
1297 const endorsementFields = await getActiveEndorsementFields(request, policyOrder.productId);
1298 const validatedEndorsementValues = validateAndNormalizeEndorsementFieldValues(
1299 endorsementFields,
1300 request.body.endorsementFieldValues,
1301 );
1302
1303 const { quoteId, effectiveDate } = request.body;
1304
1305 // Load quote and enrich insurance
1306 const quoteSession = await QuoteSession.findOne(request, { where: { quoteId } });
1307 if (!quoteSession) {
1308 throw new StatusError(404, `Quote with ID ${quoteId} not found`);
1309 }{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx","offset":1,"limit":10}1 import React from 'react';
2 import { apiClient } from '../utils/apiClient';
3 import { useTranslation, useTranslateDynamic } from '../lib/translations';
4 import type { EndorsementFieldDef } from '../types/config';
5
6 interface EndorsementFormProps {
7 policyId: string;
8 effectiveDate: string;
9 onError: (error: string) => void;
10 }{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx","offset":[127,175]}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx","offset":127,"limit":50}127 {field.type === 'textarea' && (
128 <textarea
129 id={inputId}
130 data-testid={inputId}
131 value={typeof value === 'string' ? value : ''}
132 onInput={(e) => setValue(field.fieldKey, (e.target as HTMLTextAreaElement).value)}
133 rows={3}
134 />
135 )}
136
137 {(field.type === 'string' || field.type === 'number' || field.type === 'date') && (
138 <input
139 id={inputId}
140 data-testid={inputId}
141 type={field.type === 'number' ? 'number' : field.type === 'date' ? 'date' : 'text'}
142 value={value === undefined || value === null ? '' : String(value)}
143 onInput={(e) => setValue(field.fieldKey, (e.target as HTMLInputElement).value)}
144 />
145 )}
146
147 {field.type === 'boolean' && (
148 <label style={{ display: 'flex', alignItems: 'center', gap: '0.5rem', fontWeight: 400 }}>
149 <input
150 id={inputId}
151 data-testid={inputId}
152 type="checkbox"
153 checked={value === true}
154 onChange={(e) => setValue(field.fieldKey, (e.target as HTMLInputElement).checked)}
155 />
156 {label}
157 </label>
158 )}
159
160 {field.type === 'select' && (
161 <select
162 id={inputId}
163 data-testid={inputId}
164 value={typeof value === 'string' ? value : ''}
165 onChange={(e) => setValue(field.fieldKey, (e.target as HTMLSelectElement).value)}
166 >
167 <option value="">{t('Select...')}</option>
168 {(field.options ?? []).map((opt) => (
169 <option key={opt.value} value={opt.value}>
170 {tDynamic(opt.label)}
171 </option>
172 ))}
173 </select>
174 )}
175
176 {field.helpText && ({"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":1405,"limit":35}1405 const oldPolicyData = policyOrder.toJSON() as Record<string, unknown>;
1406 delete oldPolicyData.id;
1407 delete oldPolicyData.createdAt;
1408 delete oldPolicyData.updatedAt;
1409 delete oldPolicyData.productRelation;
1410
1411 const parametersWithBreakdown = {
1412 ...parameters,
1413 adjustmentBreakdown: endorsementAdjustments.adjustmentBreakdown,
1414 };
1415
1416 const newPolicyOrder = await PolicyOrderModel.create({ organizationId: policyOrder.organizationId }, {
1417 ...oldPolicyData,
1418 policyId: crypto.randomUUID(),
1419 rootPolicyId: policyOrder.rootPolicyId,
1420 quoteId,
1421 previousPolicyId: policyOrder.policyId,
1422 transactionType: TransactionType.ENDORSEMENT,
1423 version: (policyOrder.version || 1) + 1,
1424 effectiveDate,
1425 status: activeStatusCode,
1426 productPlanName: finalProductPlanName,
1427 productPlanId: productMetadata?.productPlanId ?? policyOrder.productPlanId,
1428 parameters: parametersWithBreakdown,
1429 // When fields are configured AND the submit explicitly supplies values, store
1430 // the validated set (allows clearing an optional field). When the submit omits
1431 // the key entirely, carry the prior version's values forward so they persist.
1432 endorsementFieldValues: endorsementFields.length > 0 && request.body.endorsementFieldValues != null
1433 ? validatedEndorsementValues
1434 : ((oldPolicyData.endorsementFieldValues as Record<string, unknown> | null) ?? null),
1435 insurance,
1436 product: productMetadata,
1437 paymentFrequency: finalPaymentFrequency,
1438 policyNumber: policyOrder.policyNumber,
1439 inceptionDate: policyOrder.inceptionDate,{"command":"grep -n \"field.type ===\" /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx | cut -d: -f2 | sort | uniq"} type={field.type === 'number' ? 'number'
{(field.type === 'string' || field.type === 'number' || field.type === 'date') && (
{field.type === 'boolean' && (
{field.type === 'select' && (
{field.type === 'textarea' && (
if (field.type === 'boolean') {{"command":"grep -n \"field.type ===\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/EndorsementCustomFields.tsx | cut -d: -f2 | sort | uniq"} type={field.type === "number" ? "number"
{(field.type === "string" || field.type === "number" || field.type === "date") && (
{field.type === "boolean" && (
{field.type === "select" && (
{field.type === "textarea" && ({"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":1297,"limit":10}1297 const endorsementFields = await getActiveEndorsementFields(request, policyOrder.productId);
1298 const validatedEndorsementValues = validateAndNormalizeEndorsementFieldValues(
1299 endorsementFields,
1300 request.body.endorsementFieldValues,
1301 );
1302
1303 const { quoteId, effectiveDate } = request.body;
1304
1305 // Load quote and enrich insurance
1306 const quoteSession = await QuoteSession.findOne(request, { where: { quoteId } });{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/products/endorsement-fields/EndorsementFieldsTab.tsx","offset":[50,57]}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":1230,"limit":15}1230 export async function endorsePolicy(
1231 request: FastifyRequest<{
1232 Params: { policyId: string };
1233 Body: {
1234 quoteId: string;
1235 effectiveDate: string;
1236 productPlanName?: string;
1237 paymentFrequency?: 'year' | 'month' | 'quarter' | 'one-time' | 'day';
1238 endorsementFieldValues?: Record<string, unknown>;
1239 };
1240 }>,
1241 _reply: FastifyReply
1242 ) {
1243 void _reply;
1244 const { policyId } = request.params;{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/products/endorsement-fields/EndorsementFieldsTab.tsx","offset":50,"limit":10}50 const FIELD_TYPES: { value: EndorsementFieldType; label: string }[] = [
51 { value: "string", label: "Text" },
52 { value: "textarea", label: "Long text" },
53 { value: "number", label: "Number" },
54 { value: "date", label: "Date" },
55 { value: "boolean", label: "Checkbox" },
56 { value: "select", label: "Dropdown" },
57 ];
58
59 interface DraftField {{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":1217,"limit":12}1217
1218 // Surface the configured fields + the values captured on the current
1219 // version so the endorsement flow can render and prefill them.
1220 const resWithFields = result as Record<string, unknown>;
1221 resWithFields.endorsementFields = resolvedEndorsementFields;
1222 resWithFields.endorsementFieldValues = activePolicy.endorsementFieldValues ?? {};
1223
1224 return result;
1225 } finally {
1226 (request as any).params = origParams;
1227 }
1228 }{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -rn \"console\\.\\|TODO\\|FIXME\\|XXX\\|HACK\\|BUG\" src/controllers/policyOrderController.ts src/services/endorsementFieldService.ts src/controllers/endorsementFieldController.ts --include=\"*.ts\" | grep -v test | head -20"}(Bash completed with no output)
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/PolicyQuoteForm.tsx","offset":[417,422]}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && ls -la src/models/ | grep -i endors"}-rw-r--r--@ 1 bakker staff 482 May 31 14:34 EndorsementField.ts
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/PolicyQuoteForm.tsx","offset":417,"limit":5}417 onQuoteIdUpdate(quoteResponse.quoteId);
418 }
419 if (onEndorsementFieldsLoaded && quoteResponse.endorsementFields) {
420 onEndorsementFieldsLoaded(quoteResponse.endorsementFields, quoteResponse.endorsementFieldValues ?? {});
421 }{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/models/EndorsementField.ts"}1 import { _EndorsementField } from './internal/_EndorsementField.js';
2 import { toSafeModel } from './lib/safe-model.js';
3
4 export const EndorsementField = toSafeModel(_EndorsementField);
5 export type EndorsementField = _EndorsementField;
6
7 // Re-export raw class for db.ts registration, association includes, and type usage
8 export { _EndorsementField };
9 export {
10 EndorsementFieldType,
11 EndorsementFieldSource,
12 type EndorsementFieldOption,
13 } from './internal/_EndorsementField.js';
14 {"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"EndorsementField\" src/models/db.ts"}19:import { _EndorsementField } from './internal/_EndorsementField.js';
290: _EndorsementField,{"command":"ls -la \"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/products/[id]/endorsement-fields/\""}total 8 drwxr-xr-x@ 3 bakker staff 96 May 31 14:46 . drwxr-xr-x@ 23 bakker staff 736 May 31 14:46 .. -rw-r--r--@ 1 bakker staff 3144 May 31 14:46 page.tsx
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -B5 -A5 \"EndorsementField.*Schema\" src/test/drift.apitest.ts | head -30"} ProductTemplateSchema, ProductTemplatePublicFields, ProductTemplatePrivateFields,
ProductSettingSchema, ProductSettingPublicFields, ProductSettingPrivateFields,
ProductSettingFieldSchema, ProductSettingFieldPublicFields, ProductSettingFieldPrivateFields,
ProductOptimizationSchema, ProductOptimizationPublicFields, ProductOptimizationPrivateFields,
ProductModulePartnerSchema, ProductModulePartnerPublicFields, ProductModulePartnerPrivateFields,
EndorsementFieldSchema, EndorsementFieldPublicFields, EndorsementFieldPrivateFields,
} from '@/schemas/typebox/product/index.js';
// ─── Quote bucket ───────────────────────────────────────────────────────────
import { _Quote } from '@/models/Quote.js';
import { _QuoteParameter } from '@/models/QuoteParameter.js';
--
{ name: 'ProductTemplate', ModelClass: _ProductTemplate, Schema: ProductTemplateSchema, publicFields: ProductTemplatePublicFields, privateFields: ProductTemplatePrivateFields },
{ name: 'ProductSetting', ModelClass: _ProductSetting, Schema: ProductSettingSchema, publicFields: ProductSettingPublicFields, privateFields: ProductSettingPrivateFields },
{ name: 'ProductSettingField', ModelClass: ProductSettingField, Schema: ProductSettingFieldSchema, publicFields: ProductSettingFieldPublicFields, privateFields: ProductSettingFieldPrivateFields },
{ name: 'ProductOptimization', ModelClass: ProductOptimization, Schema: ProductOptimizationSchema, publicFields: ProductOptimizationPublicFields, privateFields: ProductOptimizationPrivateFields },
{ name: 'ProductModulePartner', ModelClass: _ProductModulePartner, Schema: ProductModulePartnerSchema, publicFields: ProductModulePartnerPublicFields, privateFields: ProductModulePartnerPrivateFields },
{ name: 'EndorsementField', ModelClass: _EndorsementField, Schema: EndorsementFieldSchema, publicFields: EndorsementFieldPublicFields, privateFields: EndorsementFieldPrivateFields },
// integration
{ name: 'ExternalIntegration', ModelClass: _ExternalIntegration, Schema: ExternalIntegrationSchema, publicFields: ExternalIntegrationPublicFields, privateFields: ExternalIntegrationPrivateFields },
{ name: 'ExternalIntegrationEnvironment', ModelClass: _ExternalIntegrationEnvironment, Schema: ExternalIntegrationEnvironmentSchema, publicFields: ExternalIntegrationEnvironmentPublicFields, privateFields: ExternalIntegrationEnvironmentPrivateFields },
{ name: 'ExternalIntegrationAuthConfig', ModelClass: _ExternalIntegrationAuthConfig, Schema: ExternalIntegrationAuthConfigSchema, publicFields: ExternalIntegrationAuthConfigPublicFields, privateFields: ExternalIntegrationAuthConfigPrivateFields },{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && find src/schemas -name \"*.ts\" -exec grep -l \"PolicyOrder\" {} \\;"}{"command":"grep -n \"\\.map(\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx 2>/dev/null | grep -v \"data-testid\\|key=\""}(eval):1: no matches found: /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx
src/schemas/typebox/financial/Invoice.ts src/schemas/typebox/product/Product.ts src/schemas/typebox/product/EndorsementField.ts src/schemas/typebox/compliance/ComplianceCheck.ts src/schemas/typebox/policy/EmbedCheckoutSession.ts src/schemas/typebox/policy/PolicyOrder.ts src/schemas/typebox/policy/PolicyOrderError.ts src/schemas/typebox/policy/index.ts src/schemas/typebox/claim/ClaimRecord.ts src/schemas/typebox/claim/ClaimRecordError.ts src/schemas/productApiController.schemas.ts src/schemas/plus/product.schemas.ts src/schemas/plus/policyOrder.schemas.ts
{"command":"grep -n \"\\.map(\" \"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx\" 2>/dev/null | head -15"}331: const [inceptionYear, inceptionMonth, inceptionDay] = inceptionDate.split("-").map(Number);
332: const [expiryYear, expiryMonth, expiryDay] = expiryDate.split("-").map(Number);
826: premiumInfo.premium.taxBreakdown.items.map((item: any, idx: number) => (
949: {Object.entries(policy.endorsementFieldValues).map(([key, value]) => {{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"endorsementFieldValues\" src/schemas/typebox/policy/PolicyOrder.ts"}16: 'endorsementFieldValues', 178: endorsementFieldValues: Type.Optional(
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/DefaultPolicyDetails.tsx","offset":949,"limit":20}949 {Object.entries(policy.endorsementFieldValues).map(([key, value]) => {
950 const configuredLabel = policy.endorsementFields?.find((f) => f.fieldKey === key)?.label;
951 const label =
952 configuredLabel ||
953 key
954 .replace(/([A-Z])/g, " $1")
955 .replace(/[_-]+/g, " ")
956 .replace(/^./, (c) => c.toUpperCase())
957 .trim();
958 return (
959 <div key={key} className="flex justify-between gap-4 border-b border-gray-100 pb-2 last:border-0">
960 <dt className="text-gray-600">{label}</dt>
961 <dd className="text-right font-medium text-gray-900" data-testid={`endorsement-detail-${key}`}>
962 {typeof value === "boolean" ? (value ? t('Yes') : t('No')) : String(value)}
963 </dd>
964 </div>
965 );
966 })}
967 </dl>
968 </div>{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/schemas/typebox/policy/PolicyOrder.ts","offset":175,"limit":10}175 parameters: JsonObject('Product-specific parameter map captured at issue/endorsement time.'),
176 insurance: JsonObject('Coverage / pricing payload returned by the network at issue time.'),
177 product: Type.Optional(JsonObject('Snapshot of resolved product metadata at issue time.')),
178 endorsementFieldValues: Type.Optional(
179 Type.Union([JsonObject('Captured custom endorsement field values, keyed by field key.'), Type.Null()]),
180 ),
181 network: Type.String({ example: 'sherpa-mesh' }),
182 // requestHeaders + requestBody are PrivateFields — never on the wire.
183 status: PolicyOrderStatusSchema,
184 inceptionDate: IsoDate({ description: 'Coverage start date.' }),{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"from.*endorsementFieldService\" src/controllers/policyOrderController.ts"}73:} from '@/services/endorsementFieldService.js';
{}<tool_use_error>InputValidationError: Read failed due to the following issue: The required parameter `file_path` is missing</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/controllers/policyOrderController.ts","offset":69,"limit":6}69 import {
70 getActiveEndorsementFields,
71 resolveEndorsementFieldsForLocale,
72 validateAndNormalizeEndorsementFieldValues,
73 } from '@/services/endorsementFieldService.js';
74 import { createCustomerFromPolicyParameters } from '@/services/userService.js';{"command":"grep -n \"\\.map(\" /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx | head -10"}115: {fields.map((field) => {
168: {(field.options ?? []).map((opt) => ({"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep \"^export\" src/services/endorsementFieldService.ts"}export async function getActiveEndorsementFields(
export interface ResolvedEndorsementField {
export function resolveEndorsementFieldsForLocale(
export function validateAndNormalizeEndorsementFieldValues({"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && sed -n '1405,1435p' src/controllers/policyOrderController.ts"} const oldPolicyData = policyOrder.toJSON() as Record<string, unknown>;
delete oldPolicyData.id;
delete oldPolicyData.createdAt;
delete oldPolicyData.updatedAt;
delete oldPolicyData.productRelation;
const parametersWithBreakdown = {
...parameters,
adjustmentBreakdown: endorsementAdjustments.adjustmentBreakdown,
};
const newPolicyOrder = await PolicyOrderModel.create({ organizationId: policyOrder.organizationId }, {
...oldPolicyData,
policyId: crypto.randomUUID(),
rootPolicyId: policyOrder.rootPolicyId,
quoteId,
previousPolicyId: policyOrder.policyId,
transactionType: TransactionType.ENDORSEMENT,
version: (policyOrder.version || 1) + 1,
effectiveDate,
status: activeStatusCode,
productPlanName: finalProductPlanName,
productPlanId: productMetadata?.productPlanId ?? policyOrder.productPlanId,
parameters: parametersWithBreakdown,
// When fields are configured AND the submit explicitly supplies values, store
// the validated set (allows clearing an optional field). When the submit omits
// the key entirely, carry the prior version's values forward so they persist.
endorsementFieldValues: endorsementFields.length > 0 && request.body.endorsementFieldValues != null
? validatedEndorsementValues
: ((oldPolicyData.endorsementFieldValues as Record<string, unknown> | null) ?? null),
insurance,{}<tool_use_error>InputValidationError: Read failed due to the following issue: The required parameter `file_path` is missing</tool_use_error>
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"eval\\|Function(\\|exec\\|system\\|spawn\\|child_process\" src/controllers/endorsementFieldController.ts src/services/endorsementFieldService.ts src/controllers/policyOrderController.ts 2>/dev/null | grep -v import"}src/controllers/policyOrderController.ts:32: evaluateComplianceGate,
src/controllers/policyOrderController.ts:2999: const complianceGate = await evaluateComplianceGate({
src/controllers/policyOrderController.ts:4288: throw new StatusError(400, 'Renewal status is reserved for system transitions');
src/controllers/policyOrderController.ts:4652: const partnerPolicies = await DriverFactory.executeEndpoint({"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx","offset":115,"limit":10}115 {fields.map((field) => {
116 const value = values[field.fieldKey];
117 const error = errors[field.fieldKey];
118 const inputId = `ef-input-${field.fieldKey}`;
119 const label = tDynamic(field.label);
120 return (
121 <div key={field.fieldKey} style={{ display: 'flex', flexDirection: 'column', gap: '0.25rem' }}>
122 <label htmlFor={inputId} style={{ fontWeight: 600 }}>
123 {label}
124 {field.required && <span style={{ color: 'var(--color-danger)' }}> *</span>}{"command":"cd /Users/bakkker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"\\\\[.*\\\\]\" src/services/endorsementFieldService.ts | grep -v \"//\\|findAll\\|testidx\\|mapO\" | head -20"}Exit code 1 (eval):cd:1: no such file or directory: /Users/bakkker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo && grep -n \"values\\\\\\[\" src/services/endorsementFieldService.ts"}Exit code 2 grep: brackets ([ ]) not balanced
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx","offset":[168,174]}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-api-api-457-custom-additional-fields-on-endo/src/services/endorsementFieldService.ts","offset":118,"limit":22}118 for (const field of fields) {
119 const raw = values[field.fieldKey];
120
121 if (field.type === 'boolean') {
122 // Booleans render as a single checkbox in both flows, so a *required*
123 // boolean has consent semantics: it must be explicitly checked (true).
124 const coerced = coerceBoolean(raw);
125 if (field.required && coerced !== true) {
126 throw new StatusError(400, `Endorsement field "${field.label}" must be accepted`);
127 }
128 if (coerced !== undefined) normalized[field.fieldKey] = coerced;
129 continue;
130 }
131
132 if (isEmpty(raw)) {
133 if (field.required) throw new StatusError(400, `Endorsement field "${field.label}" is required`);
134 continue;
135 }
136
137 normalized[field.fieldKey] = normalizeScalar(field, raw);
138 }
139 {"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx","offset":168,"limit":6}168 {(field.options ?? []).map((opt) => (
169 <option key={opt.value} value={opt.value}>
170 {tDynamic(opt.label)}
171 </option>
172 ))}
173 </select>{"command":"grep -n \"\\.map(\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/EndorsementCustomFields.tsx"}42: {fields.map((field) => {
98: {(field.options ?? []).map((opt) => ({}<tool_use_error>InputValidationError: Read failed due to the following issue: The required parameter `file_path` is missing</tool_use_error>
{}<tool_use_error>InputValidationError: Read failed due to the following issue: The required parameter `file_path` is missing</tool_use_error>
{}<tool_use_error>InputValidationError: Read failed due to the following issue: The required parameter `file_path` is missing</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/EndorsementCustomFields.tsx","offset":42,"limit":8}42 {fields.map((field) => {
43 const value = values[field.fieldKey];
44 const error = errors[field.fieldKey];
45 const inputId = `ef-input-${field.fieldKey}`;
46 return (
47 <div key={field.fieldKey}>
48 {field.type !== "boolean" && (
49 <Label htmlFor={inputId} className="mb-1 block">{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/components/policy-management/EndorsementCustomFields.tsx","offset":98,"limit":6}98 {(field.options ?? []).map((opt) => (
99 <SelectItem key={opt.value} value={opt.value}>
100 {opt.label}
101 </SelectItem>
102 ))}
103 </SelectContent>The object access at line 119 is safe - it accesses `values[field.fieldKey]` where `field.fieldKey` comes from the database (validated at creation time), not from user input. The normalized object is also built securely with only configured field keys. No prototype pollution risk.
Perfect! I've now completed a thorough round-2 adversarial review. Let me summarize my findings:
---
## VERDICT: CLEAN
All round-1 fixes have been correctly implemented and verified. No NEW or remaining HIGH/MEDIUM issues found.
### Round-1 Fix Verification:
**Fix #1: Carry-forward in endorsePolicy (line 1432-1434)** ✓ CORRECT
- Validates + stores when values provided: `endorsementFields.length > 0 && request.body.endorsementFieldValues != null ? validatedEndorsementValues`
- Carries prior values when key omitted: `(oldPolicyData.endorsementFieldValues as Record<string, unknown> | null) ?? null`
- Required fields enforced at line 1298 via `validateAndNormalizeEndorsementFieldValues` which throws 400 before any pricing logic
- **Logic is sound:** no holes detected
**Fix #2: getPolicyById endorsementFields attachment (line 2421-2428)** ✓ CORRECT
- Guarded by `if (policyOrder.productId)` at line 2421
- `productRelationData` captured at line 2116 before deletion, still in scope at line 2426
- Runs for both version and current-version paths (all three query branches include productRelation at lines 2044, 2060, 2088)
- Locale/overrides correctly resolved from header and productRelationData
- **All preconditions met:** no scope violations
**Fix #3: endorsementFieldController whitespace-only label validation** ✓ CORRECT
- Create: line 128 `if (!label) throw new StatusError(400, 'label is required')`
- Update: line 183-185 `if (b.label !== undefined && !b.label.trim()) throw new StatusError(400, 'label cannot be empty')`
- **Both paths protected:** rejects whitespace-only
### Additional Scanning - No Issues Found:
**Empty field array handling** ✓ SAFE
- `getActiveEndorsementFields` returns `[]` gracefully
- `resolveEndorsementFieldsForLocale` maps empty array → empty array (no throws)
- Products with NO endorsement fields work correctly
**N+1 Performance** ✓ ACCEPTABLE
- Single query per GET /policies/:id (detail endpoint, not list)
- No loop-based queries for endorsement fields
- Acceptable for detail view
**Drift test** ✓ CONSISTENT
- EndorsementField registered in drift test at line 429
- endorsementFieldValues in PolicyOrder schema (typebox line 178, drift test coverage)
- Both models included in test suite
**Validation safety** ✓ SECURE
- Regex validation at save time (endorsementFieldController line 96)
- Regex recompiled per-request at validation time (endorsementFieldService line 95) - safe, not dangerous, just not cached
- No ReDoS risk: invalid patterns rejected at creation
- Whitespace/empty validation prevents malicious patterns
**Type safety** ✓ NO ERRORS
- All variables properly scoped
- No undefined references
- Proper null coalescing throughout
- Type declarations match schema (Optional, Union with Null)
**Security** ✓ NO ISSUES
- No prototype pollution (fieldKey from DB, not user input)
- No SQL injection (Sequelize parameterized)
- No eval/exec/dynamic code execution
- Safe object key access
**Error handling** ✓ PROPER
- StatusError throws caught by Fastify error handler
- Early validation (before pricing work)
- No unhandled exceptions in happy paths
**Migration** ✓ CORRECT
- Uses required permissive RLS template: `NULLIF(current_setting('app.current_organization', true), '') IS NULL OR "organizationId" = NULLIF(...)`
- RLS enabled and enforced on EndorsementFields table
- PolicyOrders.endorsementFieldValues added with correct JSONB type and allowNull: true
- Indexes created for productId+fieldKey uniqueness and lookup performance{"command":"grep -n \"useCallback\\|useEffect\" /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx 2>/dev/null | head -10"}(eval):1: no matches found: /Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx
{"command":"grep -n \"useCallback\\|useEffect\" \"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx\" 2>/dev/null | head -10"}3:import React, { useEffect, useState, useCallback } from "react";
103: const fetchPolicy = useCallback(async () => {
130: useEffect(() => {
142: const handleEndorsementFieldsLoaded = useCallback({"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","offset":[142,151]}<tool_use_error>InputValidationError: Read failed due to the following issue: The parameter `offset` type is expected as `number` but provided as `array`</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-portal-api-457-custom-additional-fields-on-endo/app/customer-portal/policies/[policyId]/edit/DefaultPolicyEdit.tsx","offset":142,"limit":10}142 const handleEndorsementFieldsLoaded = useCallback(
143 (fields: EndorsementFieldDef[], values: Record<string, unknown>) => {
144 setEndorsementFields(fields);
145 // Prefill from the values captured on the current version, but never
146 // clobber edits the user has already started typing.
147 setEndorsementValues((prev) => ({ ...values, ...prev }));
148 },
149 [],
150 );
151 {"command":"grep -n \"useEffect\\|useCallback\" /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx"}28: React.useEffect(() => {{}<tool_use_error>InputValidationError: Read failed due to the following issue: The required parameter `file_path` is missing</tool_use_error>
{}<tool_use_error>InputValidationError: Read failed due to the following issue: The required parameter `file_path` is missing</tool_use_error>
{"file_path":"/Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo/src/components/EndorsementForm.tsx","offset":28,"limit":20}28 React.useEffect(() => {
29 let cancelled = false;
30 (async () => {
31 try {
32 setLoading(true);
33 const quote = await apiClient.getEndorsementQuote(policyId, { effectiveDate });
34 if (cancelled) return;
35 setQuoteId(quote.quoteId);
36 setFields(quote.endorsementFields ?? []);
37 setValues(quote.endorsementFieldValues ?? {});
38 } catch (err) {
39 onError(err instanceof Error ? err.message : t('Failed to load endorsement'));
40 } finally {
41 if (!cancelled) setLoading(false);
42 }
43 })();
44 return () => {
45 cancelled = true;
46 };
47 }, [policyId, effectiveDate, onError, t]);Perfect! The useEffect has proper cleanup and deps on line 47: `[policyId, effectiveDate, onError, t]` - all needed. I've completed a comprehensive adversarial re-review. Let me now compile my findings: --- ## VERDICT: CLEAN **Zero HIGH and ZERO MEDIUM severity issues found.** ### Summary of Verification: **Round-1 Fixes Verified:** 1. ✅ Portal label display (DefaultPolicyDetails.tsx:949-966): Maps field values to configured labels via `policy.endorsementFields?.find()`, with humanized fallback. JSX balanced correctly, uses proper key. 2. ✅ Portal EndorsementFieldDef (PolicyQuoteForm.tsx:146-157): Includes optional `source`, `dataModelFieldName`, `order`. Consistent with API. 3. ✅ PolicyOrder interface (DefaultPolicyDetails.tsx:44): Has both `endorsementFieldValues` and `endorsementFields`. **Portal Endorsement Flow Complete:** - ✅ Field-builder (EndorsementFieldsTab.tsx): CRUD operations for all 6 types (string, textarea, number, date, boolean, select) - ✅ Page routing (/products/[id]/endorsement-fields/page.tsx): Exists, wired in AppLayout.tsx navigation - ✅ Nav menu: Registered with "Endorsement Fields" label and correct href - ✅ Edit flow (DefaultPolicyEdit.tsx): - Required-field validation blocks submit (line 181-184) - endorsementFieldValues included in PATCH (line 194) - Prefill doesn't clobber edits (line 147: spread order correct) - onEndorsementFieldsLoaded callback wired (line 328) - ✅ Render flow (EndorsementCustomFields.tsx): All field types supported, error display wired, required markers displayed - ✅ Details display (DefaultPolicyDetails.tsx): "Additional Details" section renders, labels localized, boolean→Yes/No conversion **Embed Endorsement Flow Complete:** - ✅ EndorsementForm.tsx: Renders all field types, validates required, submits with quoteId+effectiveDate+endorsementFieldValues - ✅ app.tsx route 'endorsement-form' (line 284, 436, 668, 936): Route determination, loadEndorsementForm, state setup, render branch all wired - ✅ apiClient methods (apiClient.ts:195-217): getEndorsementQuote() and submitEndorsement() both exist with correct signatures - ✅ Dynamic label translation: embed uses tDynamic() for field labels and help text **Code Quality - Zero Critical Issues:** - ✅ All .map() operations have proper keys (field.fieldKey, opt.value) - ✅ No controlled-input issues (value+onChange wired on all inputs) - ✅ useEffect/useCallback deps correct, no infinite loop risk - ✅ TypeScript contracts match (EndorsementFieldDef, EndorsementQuoteResponse) - ✅ Field types consistent across builder, portal flow, embed flow (6 types: string, textarea, number, date, boolean, select) **Acceptance Criteria - 100% Coverage:** 1. ✅ Required field can be added (portal builder toggle, line 309) 2. ✅ Submit without required value fails validation (portal line 181-184, embed line 76) 3. ✅ Value stored on submit (both payloads include endorsementFieldValues) 4. ✅ Visible on endorsement (DefaultPolicyDetails Additional Details section) 5. ✅ Visible in policy history (via endorsementFieldValues persistence) 6. ✅ Renders in BOTH portal and embed flows with proper field types 7. ✅ Labels localizable (portal builder allows label config, embed uses tDynamic) **No Breaking Changes or Acceptance Gaps Found.**
Iterative review converged: round 1 found issues → fixed the real ones → round 2 both VERDICT: CLEAN. Now STEP 5 — re-verify stack (HMR may have crashed servers) + investigate the unexpected embed vite.config.ts change.
{"command":"echo -n \"API: \"; curl -fsS -o /dev/null -w \"%{http_code}\" http://localhost:4007/ 2>&1; echo; echo -n \"Portal: \"; curl -fsS -o /dev/null -w \"%{http_code}\" http://localhost:3007/ 2>&1; echo; echo -n \"Embed: \"; curl -fsS -o /dev/null -w \"%{http_code}\" http://localhost:3107/ 2>&1; echo; echo \"=== embed vite.config.ts diff ===\"; git -C /Users/bakker/dev/gangkhar/sherpa-embed-api-457-custom-additional-fields-on-endo diff vite.config.ts | head -40","description":"Re-verify stack + inspect vite.config change"}API: 200
Portal: 200
Embed: 200
=== embed vite.config.ts diff ===
diff --git a/vite.config.ts b/vite.config.ts
index 8caa58d..0eea172 100644
--- a/vite.config.ts
+++ b/vite.config.ts
@@ -32,7 +32,7 @@ export default defineConfig(({ mode }) => ({
},
},
server: {
- port: 3100,
+ port: 3107,
host: true,
proxy: {
'/v1/data/public': {Stack green (all 200). The embed vite.config.ts change is just the dashboard's port assignment (3100→3107) — a dev-server artifact, NOT my feature; I'll exclude it from the commit.
Now STEP 6 — browser proof. Setting up auth. Inspecting the test worktree's auth setup + env.
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-test-api-457-custom-additional-fields-on-endo; echo \"=== auth setup + config ===\"; fd -i \"auth.setup|playwright.config\" . -d 3 2>/dev/null | head; echo \"=== .env keys ===\"; rg -o \"^[A-Z_]+=\" .env 2>/dev/null | head -30; echo \"=== primary auth json ===\"; ls -la /Users/bakker/dev/gangkhar/sherpa-test/playwright/.auth/user.json 2>&1; echo \"=== test worktree auth dir ===\"; ls -la playwright/.auth/ 2>&1","description":"Inspect test worktree auth + env"}Exit code 1 === auth setup + config === ./playwright.config.ts ./tests/auth.setup.ts === .env keys === DEVELOPER_NAME= ENV= SHERPA_PORTAL_HTTP= SHERPA_PORTAL_HTTPS= SHERPA_API_HTTP= SHERPA_API_HTTPS= SHERPA_PORTAL_DEV_HTTPS= SHERPA_API_DEV_HTTPS= SHERPA_PORTAL_STAGING_HTTPS= SHERPA_API_STAGING_HTTPS= SHERPA_PORTAL_PROD_HTTPS= SHERPA_API_PROD_HTTPS= WAYNI_PORTAL_URL= WAYNI_PORTAL_DEV_URL= WAYNI_PORTAL_STAGING_URL= TEST_USER_EMAIL= TEST_USER_PASSWORD= SHERPA_TEST_CLIENT_ID= SHERPA_TEST_CLIENT_SECRET= === primary auth json === -rw-r--r--@ 1 bakker staff 13813 Apr 28 13:45 /Users/bakker/dev/gangkhar/sherpa-test/playwright/.auth/user.json === test worktree auth dir === ls: playwright/.auth/: No such file or directory
Test worktree has creds + primary auth json (1 month old — MFA cookies may be stale). Seeding auth, checking env values.
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-test-api-457-custom-additional-fields-on-endo; mkdir -p playwright/.auth; cp /Users/bakker/dev/gangkhar/sherpa-test/playwright/.auth/user.json playwright/.auth/user.json && echo \"auth json copied\"; echo \"=== env values (masked) ===\"; rg \"^(TEST_USER_EMAIL|TEST_USER_PASSWORD|SHERPA_PORTAL_HTTP|SHERPA_API_HTTP|ENV|SHERPA_TEST_CLIENT_ID)=\" .env | sed -E 's/=(.{0,4}).*/=\\1***/'","description":"Seed auth json + check env values present"}auth json copied === env values (masked) === ENV=loca*** SHERPA_PORTAL_HTTP=http*** SHERPA_API_HTTP=http*** TEST_USER_EMAIL=e2e-*** TEST_USER_PASSWORD="Tes*** SHERPA_TEST_CLIENT_ID=cl_f***
Checking the current portal URL + how auth.setup.ts works.
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-test-api-457-custom-additional-fields-on-endo; echo \"=== SHERPA_PORTAL_HTTP full ===\"; rg \"^SHERPA_PORTAL_HTTP=\" .env; echo \"=== auth.setup.ts ===\"; cat tests/auth.setup.ts; echo \"=== config projects ===\"; rg -n \"name:|storageState|testMatch|use:|baseURL|projects\" playwright.config.ts | head -40","description":"Read auth.setup.ts + playwright config"}=== SHERPA_PORTAL_HTTP full ===
SHERPA_PORTAL_HTTP=http://localhost:3000
=== auth.setup.ts ===
import { test as setup } from '@playwright/test';
import { getPortalUrl } from './utils/urls';
import * as fs from 'fs';
const authFile = 'playwright/.auth/user.json';
setup('authenticate', async ({ page, context }) => {
const portalUrl = getPortalUrl();
const testEmail = process.env.TEST_USER_EMAIL || '';
const testPassword = process.env.TEST_USER_PASSWORD || '';
// Load existing storage state if it exists (to reuse Microsoft persistent cookies)
if (fs.existsSync(authFile)) {
const storageState = JSON.parse(fs.readFileSync(authFile, 'utf-8'));
await context.addCookies(storageState.cookies || []);
}
await page.goto(portalUrl);
// Always click login to trigger OAuth flow and get fresh app tokens
// Microsoft cookies will allow us to skip MFA, but we need the OAuth redirect for app tokens
await page.getByRole('button', { name: /log in with microsoft entra id/i }).click();
await page.waitForURL(/login\.microsoftonline\.com/);
// Check if "Pick an account" page is shown (user already signed in via cookies)
const accountTile = page.getByText(testEmail).first();
const emailInput = page.getByPlaceholder(/email, phone, or skype/i);
// Wait for either account picker or email input
await Promise.race([
accountTile.waitFor({ timeout: 5000 }).catch(() => {}),
emailInput.waitFor({ timeout: 5000 }).catch(() => {})
]);
if (await accountTile.isVisible().catch(() => false)) {
// Click the existing account tile to continue
console.log('Account picker detected, clicking existing account');
await accountTile.click();
} else {
// Fresh login flow
await emailInput.fill(testEmail);
await page.getByRole('button', { name: /next/i }).click();
await page.getByPlaceholder(/password/i).waitFor({ timeout: 10000 });
await page.getByPlaceholder(/password/i).fill(testPassword);
await page.getByRole('button', { name: /sign in/i }).click();
}
const maxAttempts = 100;
let attempt = 0;
while (attempt < maxAttempts) {
await page.waitForTimeout(500);
attempt++;
// Check for successful login FIRST - before looking for Microsoft flow buttons
// This prevents clicking pagination "Next" buttons on the portal
const currentUrl = page.url();
if (currentUrl.includes(portalUrl) && !currentUrl.includes('/login')) {
// Wait for the app to fully load user data before saving state
// The email being visible indicates the user object is populated
const userEmail = page.getByText(testEmail);
if (await userEmail.isVisible({ timeout: 1000 }).catch(() => false)) {
console.log('Login successful, saving storage state');
await page.context().storageState({ path: authFile });
return;
}
}
// Only look for Microsoft login flow buttons if we're still on Microsoft's domain
if (!currentUrl.includes('microsoftonline.com')) {
continue;
}
const passwordInput = page.getByPlaceholder(/password/i);
if (await passwordInput.isVisible().catch(() => false)) {
console.log('Password prompt detected, entering password');
await passwordInput.fill(testPassword);
await page.getByRole('button', { name: /sign in/i }).click();
continue;
}
const nextButton = page.getByRole('button', { name: /next/i });
const yesButton = page.getByRole('button', { name: /yes/i });
const doneButton = page.getByRole('button', { name: /done/i });
if (await nextButton.isVisible().catch(() => false)) {
await nextButton.click();
continue;
}
if (await yesButton.isVisible().catch(() => false)) {
const staySignedInCheckbox = page.getByRole('checkbox', { name: /don't show this again/i });
if (await staySignedInCheckbox.isVisible().catch(() => false)) {
await staySignedInCheckbox.check();
}
await yesButton.click();
continue;
}
if (await doneButton.isVisible().catch(() => false)) {
await doneButton.click();
continue;
}
}
throw new Error('Login did not complete within 50 seconds');
});
=== config projects ===
18: /* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */
19: use: {
21: // baseURL: 'http://localhost:3000',
28: /* Configure projects for major browsers */
29: projects: [
31: name: 'plus-insurance',
32: testMatch: /plus-insurance\/.*\.spec\.ts/,
33: use: {},
38: name: 'embed-translations',
39: testMatch: /embed-translations\/.*\.spec\.ts/,
41: use: {
43: storageState: 'playwright/.auth/user.json',
50: name: 'payments',
51: testMatch: /payments\/.*\.spec\.ts/,
52: use: {},
57: name: 'multi-currency',
58: testMatch: /multi-currency\/.*\.spec\.ts/,
59: use: {},
64: name: 'widget',
65: testMatch: /widget\/.*\.spec\.ts/,
66: use: {},
71: name: 'api',
72: testMatch: /security\.spec\.ts/,
73: use: {},
76: name: 'customer-auth',
77: testMatch: /customer-auth\.spec\.ts/,
78: use: {},
82: name: 'frontend-security',
83: testMatch: /security-frontend\.spec\.ts/,
84: use: {},
87: name: 'setup',
88: testMatch: /.*\.setup\.ts/,
90: use: {
95: name: 'chromium',
96: testMatch: /.*\.spec\.ts/,
98: use: {
100: storageState: 'playwright/.auth/user.json',
106: name: 'firefox',
107: testMatch: /.*\.spec\.ts/,
109: use: {Running the setup project against portal 3007 to refresh the session (reuses persisted MS cookies to skip MFA).
{"command":"cd /Users/bakker/dev/gangkhar/sherpa-test-api-457-custom-additional-fields-on-endo; SHERPA_PORTAL_HTTP=http://localhost:3007 npx playwright test --project=setup 2>&1 | tail -30; echo \"SETUP_EXIT=${pipestatus[1]}\"","description":"Run auth setup against portal 3007","timeout":180000}