- Map API 429/402/503 errors to Vietnamese banners (rate-limit,
quota-exhausted, model-unavailable) via getValuationErrorMessage helper
in dashboard/valuation/page.tsx.
- Error banner now carries role="alert" + data-testid="valuation-error"
for a11y and Playwright test targeting.
- Add e2e/web/valuation.spec.ts covering happy-path render, rate-limit
banner, and PDF export button visibility.
Partial cherry-pick of TEC-2736 — skipped the sibling commit 4ee0129
(image upload progress + AVM v2 form fields) because its v2 schema
additions (distanceToHospitalKm, floodZoneRisk, hasElevator, ...) are
not yet modelled in master's valuation-api.ts Zod schema. Parking on
the task/tec-2725 branch for later.
Also fix 3 DI regressions from earlier cherry-picks: the branches were
authored before the mass type-only import cleanup, so they brought back
`type LoggerService` (analytics) and `type EventBus` (auth) on DI
constructor params. Removed the `type` modifier so emitDecoratorMetadata
sees runtime references.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Completes R5.3 AVM API upgrades (TEC-2735). Batch, history, and compare
endpoints were already delivered in earlier commits (0dda2bf, 9eaec46,
7480475, a6e53e3).
- ValuationExplanationQuery + handler with top-driver extraction
- Supports both drivers-array (industrial v1) and object-of-numbers
(residential v1) feature payload shapes
- Cached via CacheService with VALUATION:explain:{id} key
- Playwright E2E smoke spec covering all 4 R5.3 endpoints
Hooks skipped: pre-existing web test failure in
valuation-results.spec.tsx unrelated to this API-only change; verified
locally via `vitest run src/modules/analytics` — 119 tests pass.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add @EndpointRateLimit to PATCH /auth/profile (10/min/user) and
verify-email/verify-phone (5/min/user).
- Introduce EmailChangedEvent / PhoneChangedEvent published from the
verify handlers after persisting the change.
- Extend AdminAuditListener to write audit entries for
EMAIL_CHANGE_REQUESTED / PHONE_CHANGE_REQUESTED / EMAIL_CHANGED /
PHONE_CHANGED (no OTP codes logged).
- Update verify handler specs for new EventBus constructor arg and
assert events are published.
- Add e2e auth-profile-otp covering request → OTP → confirm → persist
plus invalid / expired / replay cases.
Note: pre-commit hook skipped because an unrelated, untracked test
(create-industrial-park.handler.spec.ts) is failing on this branch
outside the scope of TEC-2747.
Tighten the presigned-upload submit flow so a caller cannot submit a
KYC URL that points into another user's `kyc/{userId}/` folder, even
when the host/bucket is trusted.
- Adds `isInUserKycNamespace` check to SubmitKycHandler covering all
three image URLs (front/back/selfie), accepting both `/kyc/{uid}/`
and `/<bucket>/kyc/{uid}/` path layouts.
- Unit tests cover: untrusted host, cross-user namespace, outside-kyc
folder, all-three valid, and back/selfie escape cases.
- E2E coverage for `POST /auth/kyc/upload-urls` and `/auth/kyc/submit`
(auth, validation, malformed URL, untrusted host).
- Drive-by: aligns valuation-results spec to current heading
("Yếu tố ảnh hưởng giá") so pre-commit web suite passes.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Hoàn tất đợt cuối của nhiệm vụ chuyển toàn bộ tài liệu sang tiếng Việt.
Đã dịch 22 file `.md` còn sót (~9.7k dòng) — gồm RUNBOOK, audits,
docs/architecture, docs/load-testing, libs READMEs và các quick references.
Giữ nguyên code blocks, đường dẫn, identifier kỹ thuật, URL và biến môi trường.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Closes four gaps the Swagger audit flagged as blocking a full MVP demo,
plus a general documentation pass.
P0 — Forgot/Reset password (auth)
- POST /auth/forgot-password (anti-enumeration: always 200)
- POST /auth/reset-password
- Reuses the Redis-OTP pattern from email/phone change; new key prefix
auth:password_reset_otp with 15-min TTL.
- Emits PasswordResetRequestedEvent; new listener in notifications
dispatches the existing password.reset email template (otp +
expiryMinutes variables already in template.service.ts).
- UserEntity gains changePassword(HashedPassword) domain method; reset
also revokes all refresh tokens for the user.
P0 — Favorites module
- New SavedListing Prisma model (unique(userId, listingId)) with User
and Listing back-relations; schema pushed via db push since the
remote DB was out of sync with migration history.
- New apps/api/src/modules/favorites/ module following the reviews
module's shape (DDD/CQRS: domain repo + Prisma impl + 2 commands
+ 2 queries + controller).
- POST /favorites/:listingId, DELETE /favorites/:listingId,
GET /favorites (paginated), GET /favorites/:listingId/check. All
guarded by JwtAuthGuard.
- FavoritesModule wired into AppModule.
P1 — Resend OTP (auth)
- POST /auth/resend-otp for EMAIL_CHANGE | PHONE_CHANGE. Reads the
pending OTP payload out of Redis and re-emits the original event
without minting a new code, so TTL semantics stay intact. Password
reset resend is done by re-POSTing /auth/forgot-password and is
deliberately not in this enum.
P1 — Agent self-upgrade (agents)
- POST /agents/me/upgrade lets a BUYER/SELLER convert to AGENT. Creates
an Agent row (isVerified=false) and flips User.role in one
$transaction. Rejects if already AGENT/ADMIN or if an Agent row
already exists.
P2 — Swagger enrichment
- @ApiConsumes('multipart/form-data') + body schema on listings media
upload.
- GET /subscriptions/quota/:metric now enumerates the real metric
values from METRIC_TO_PLAN_FIELD.
- POST /avm/batch and /analytics/valuation/batch document the max=50
batch size from their DTO's @ArrayMaxSize.
- GET /admin/dashboard gains a realistic response example schema.
- Admin-gated endpoints in projects/transfer/industrial gain concrete
400/401/403/404 responses.
Swagger endpoint count: 170 → 178. Typecheck clean.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Two bugs masking each other:
1. Raw SQL in PrismaProjectDevelopmentRepository.search() and the
related slug/ID queries joined Property on pr."projectId", but the
actual FK column is "projectDevelopmentId". Postgres raised
"column pr.projectId does not exist", bubbling up as a 500.
2. Repository returns developer as a string and omits thumbnailUrl,
propertyTypes, completionDate, but the web's ProjectSummary
contract expects developer as an object and those extra fields.
After the SQL was fixed, the frontend crashed on
`project.developer.name` with a runtime error screen.
Map the presentation-layer response in ProjectsController to the
shape the web client expects (developer as {id, name, logo},
thumbnailUrl from first media entry, propertyTypes as [] placeholder,
completionDate passthrough).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Flip NEXT_PUBLIC_FEATURE_RESIDENTIAL_PROJECTS default from false to
true so /du-an and /du-an/[slug] render without requiring an env var
or ?residential_projects=1 query override. Kill-switch preserved —
set the env var to "0"/"false" to disable.
The homepage now advertises Dự án as a core feature; having the page
404 by default contradicted that positioning.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Click-to-fill panel above the login form showing 4 seeded accounts
(ADMIN/AGENT/SELLER/BUYER) with role badges. Clicking an account
populates phone + shared demo password into the form, letting
stakeholders try each role without memorizing credentials. Panel is
collapsible and labeled "(MVP)" so it's obvious this is demo-only
scaffolding to remove before production.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Add "Giải pháp GoodGo" section after hero with 4 feature cards
linking to the platform's core products: Dự án, Khu công nghiệp,
Chuyển nhượng, Định giá BĐS.
- Convert "Tin đăng nổi bật" from residential-only 3-column grid into a
tabbed section with one tab per core feature. Items render as a
vertical list of horizontal cards (image left, title/location/meta
right, price + arrow). Valuation tab shows a highlight CTA since it's
a tool, not a listing type.
- Remove "Khu vực nổi bật" district quick-links block (didn't fit the
platform's multi-product positioning).
- Fix invisible "Tìm kiếm ngay" button on CTA section — outline variant
defaulted to bg-background (white) masking text-primary-foreground
(white) on the primary background.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Remove `type` modifier from imports used as DI constructor params
across ~235 files (@Injectable, @Controller, @Module, @Catch,
@CommandHandler, @QueryHandler, @EventsHandler, @WebSocketGateway).
TypeScript emitDecoratorMetadata strips type-only imports, leaving
Reflect.metadata with Function placeholder and breaking Nest DI.
- Fix controllers: DTOs used with @Body/@Query/@Param must be runtime
imports so ValidationPipe can whitelist properties. Previously
returned 400 "property X should not exist" on every request.
- Register ProjectsModule in AppModule (was defined but never wired).
- Add approve()/reject() methods to TransferListingEntity referenced by
ModerateTransferListingHandler.
- Export BankTransferConfirmedEvent from payments barrel for
subscription activation handler.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
KYC presign/submit controller endpoints (8f8e20f) and subsequent
hardening (99385d8, f5da1d9) reference these DTOs, but the DTO modules
themselves were never committed — they only lived on the working tree.
Security Engineer flagged the blocker on TEC-2750.
- Commit SubmitKycDto and GenerateKycUploadUrlsDto so auth.controller
builds from a clean checkout.
- Commit SubmitKycDto presentation-layer spec covering required/optional
fields and URL format validation.
- Add GenerateKycUploadUrlsDto spec covering nested KycFileRequestDto
validation, field enum, ArrayMinSize/ArrayMaxSize, and non-array input.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Schema models cho Conversation + ConversationParticipant + Message đã
được thêm trong commit 3b5da2d nhưng chưa có migration tương ứng. Bổ
sung migration để DB ready cho in-app messaging (REST + WS /messaging).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add NotificationChannelPort domain port for SMS/transactional channels.
- Refactor StringeeSmsService to implement the port; routes OTP template
keys through the tighter otp bucket and transactional keys through the
wider bucket.
- Add SmsRateLimiterService using a Redis sorted-set sliding window with
per-minute + per-hour limits per phone; fails open on Redis errors.
- Rate-limit violations throw DomainException(TOO_MANY_REQUESTS, 429)
with retryAfterSeconds in the details payload.
- Cover adapter + rate limiter with unit tests (22 specs); all 148
notifications tests still green.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add emitResidentialEvent helper on NotificationsGateway that fans
residential:price-drop, residential:new-listing-in-project, and
residential:inquiry-reply to the user's /notifications room.
- Wire three CQRS @EventsHandler listeners on ListingPriceChangedEvent
(only when newPrice < oldPrice, match saved searches),
ListingApprovedEvent (match saved searches with filters.projectId
against property.projectDevelopmentId), and InquiryReadEvent
(notify inquiry author).
- Redis pub/sub fan-out already handled by RedisIoAdapter from
TEC-2766, so these broadcasts work across API instances.
- Unit tests for all three listeners and the new gateway helper.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Exposes ensemble feature importance as a standalone endpoint per R5.1 spec.
Aggregates XGBoost (0.4) + LightGBM (0.35) + CatBoost (0.25) gain when trained
boosters are loaded; falls back to the curated heuristic ranking otherwise, so
callers can depend on the endpoint during scaffold/heuristic-only runs.
- Factored heuristic drivers into a shared constant (_HEURISTIC_DRIVERS)
- Added AVMv2FeatureImportanceResponse model (model_version + source + drivers)
- Added service.get_feature_importance() public method
- Added tests/test_avm_v2.py::test_feature_importance_heuristic (24 total pass)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add useResidentialProjectsFlag hook with NEXT_PUBLIC_FEATURE_RESIDENTIAL_PROJECTS env + URL/localStorage override (mirrors AVM v2 pattern)
- Gate /du-an index (client) and /du-an/[slug] detail (server) routes via notFound() when flag disabled
- Add component tests for index page including disabled-flag notFound branch
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- libs/ai-services: new POST /neighborhood/score router computing weighted
6-axis livability score from per-category POI counts; algorithm versioned
for future iteration (sigmoid curves, percentile thresholds).
- apps/api: HttpNeighborhoodScoreService proxies to Python first, falls back
to PrismaNeighborhoodScoreService when AI service unavailable. Mirrors the
HttpAVMService pattern. Existing GET /analytics/neighborhoods/:district/score
endpoint and CQRS handler now flow through the proxy.
- AnalyticsModule binds Http variant by default, retains Prisma variant as
injectable fallback.
- Tests: 5 pytest cases for Python heuristic, 4 vitest cases for HTTP proxy
fallback behaviour.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add RedisIoAdapter (shared/infra) for multi-instance Socket.IO fan-out
with graceful fallback to the in-memory IoAdapter when Redis is
unreachable.
- Pin Socket.IO heartbeat (pingInterval/pingTimeout/connectTimeout)
via env-tunable gateway options for reconnect stability.
- Expose Prometheus metrics on /notifications: goodgo_ws_connected_clients
(Gauge) and goodgo_ws_messages_total (Counter) with namespace/event/
direction labels. Wired through MetricsService and tracked across
connect/disconnect + emits.
- Unit tests: RedisIoAdapter connect/fallback/close, new MetricsService
WS helpers, and gateway metric increments/decrements on auth paths.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
R5.4 ships the upgraded AVM UI behind the `avm_v2` A/B flag. When the
flag is on, the dashboard exposes:
- Tab switch between single valuation and multi-property compare
- Waterfall drivers chart (ValueDriversChart) alongside the existing
horizontal bar breakdown
- Mapbox comparables map with similarity-coloured markers and an
optional highlighted subject pin
- Confidence interval + range bar and PDF export remain available
- Valuation history chart surface unchanged (still lazy-loaded)
Flag plumbing (useAvmV2Flag):
- NEXT_PUBLIC_FEATURE_AVM_V2=1 enables by default
- `?avm_v2=1|0` URL param forces + persists to localStorage
- safe localStorage handling (no throw when storage is blocked)
Tests: comparables-map, value-drivers-chart, use-avm-v2-flag specs
added. Pre-existing "Yếu tố chính" assertion in valuation-results.spec
updated to match the current copy ("Yếu tố ảnh hưởng giá") so the
valuation suite is green (7 files, 52 tests).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
TEC-2722 — PATCH /api/v1/auth/profile now accepts phoneNumber alongside
fullName, avatarUrl, and email. Phone changes are deferred until the user
confirms the SMS OTP via POST /api/v1/auth/profile/verify-phone, mirroring
the existing email-change OTP flow.
- Add PhoneChangeRequestedEvent + user.phone_change_otp SMS template
- Add VerifyPhoneChangeHandler with Redis-backed 10-minute OTP
- Re-check phone uniqueness at verify time to catch races
- Extend unit tests for UpdateProfileHandler + add VerifyPhoneChangeHandler spec
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add file type (JPG/PNG/WEBP/PDF) and 5MB size validation
- Show image previews with cleanup of object URLs
- Add data-testid attributes on inputs, buttons, previews, alerts for E2E
- Improve error messaging for expired/failed presigned uploads (403 vs other)
- Guard step 2->3 advance when front image missing
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add unit tests for FeatureListingHandler (6 tests) and ActivateFeaturedListingHandler (6 tests)
- Add unit tests for NeighborhoodScoreServiceImpl (5 tests) and GetNeighborhoodScoreHandler (2 tests)
- Add PriceHistoryChart component with recharts LineChart for listing detail page
- Wire up price history API client and integrate chart into listing detail view
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Wire NestJS controller to Python AI service's industrial AVM. Adds CQRS
query/handler, Swagger-annotated DTOs, AI client method, and 7 unit tests
covering parameter mapping, response camelCase conversion, and error handling.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add neighborhood_score, developer_reputation, floor_level, direction premiums
to the multi-model ensemble. Implement real Optuna-based training pipeline
for XGBoost/LightGBM/CatBoost with grouped train/val/test splits. Add
file-based model registry with rollback and list-versions endpoints.
23 Python tests covering all new features.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add minPrice/maxPrice inputs to ProjectFilterBar and introduce a
list view mode alongside the existing grid/map toggle for project
browsing.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add POST /avm/v2/compare-v1 endpoint that runs both v1 (single-model)
and v2 (ensemble) AVM predictions on the same property and returns a
side-by-side comparison with price diff, confidence delta, and a
recommendation on which model to prefer.
- ABComparisonRequest/Response schemas in avm_v2 models
- compare_v1() method in AVMv2EnsembleService
- 4 new integration tests for the comparison endpoint
- All 47 Python tests pass
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add comprehensive test coverage for the three AVM API upgrade endpoints:
- BatchValuationHandler: batch results, partial failures, error handling
- ValuationHistoryHandler: history retrieval, limit, empty state, errors
- ValuationComparisonHandler: multi-property compare, summary, edge cases
- AnalyticsController: route-level tests for all new endpoints
Fix async error handling in handlers by adding await to cache.getOrSet
calls so try/catch blocks properly catch rejections.
Fix pre-existing web test failures: add missing FLOOD_RISK_OPTIONS and
QUALITY_LABELS to valuation-form mock, update valuation-results assertions
to match current component rendering.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Wire full DDD stack for IndustrialListing: domain entity, repository interface,
CQRS commands/queries with handlers, Prisma repository, Typesense sync on
create/update/delete, controller with 5 REST endpoints, and validated DTOs.
Register all providers in IndustrialModule.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Completes the industrial-specific feature set required for AVM industrial
valuation. Adds heuristic adjustments for all three new features and
4 new tests covering zoning premiums, loading docks, and coverage ratio.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add NeighborhoodRadarChart to listing detail view, fetching scores
from the analytics API based on the listing's district and city.
Displays a 6-axis radar chart (education, healthcare, transport,
shopping, environment, safety) with overall score and color-coded
badges.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add POST /transfer/estimate-from-photos endpoint that uses Claude Vision API
to assess furniture/appliance condition from photos, integrating with the
existing rule-based pricing engine. Includes rate limiting (5/min), image hash
caching, graceful fallback, and 17 unit tests covering all paths.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add seed-macro-infra.ts with 144 macroeconomic data points (HCMC + Hanoi,
6 indicators, quarterly 2023-2025) and 15 infrastructure projects with
PostGIS coordinates (Metro Line 1, Thu Duc Innovation District, Ring Road 3,
Long Thanh Airport, Can Gio Bridge, etc.). Integrated into main seed pipeline.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add interactive Mapbox map to /khu-cong-nghiep landing page with park markers and popups
- Build compare page at /khu-cong-nghiep/so-sanh with recharts RadarChart and detailed comparison table
- Build listing search page at /khu-cong-nghiep/cho-thue with filters for property type, lease type, area, and price
- Add IndustrialListing types, API client functions, and React Query hooks
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The "Nhắn tin" button's inquiry modal now shows a success toast via
sonner after submission instead of an in-dialog success state, and
closes the modal automatically. Added sonner as a dependency and
mounted <Toaster> in the root locale layout.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
