Document all 33 structured errorCode values from DomainException/ErrorCode
enum across all modules (auth, user, listing, property, media, payment,
subscription, course). Includes HTTP status mapping, Vietnamese error
messages, usage examples per module, alphabetical quick-reference table,
and TypeScript integration guide for frontend error handling.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
All three GitHub Actions workflows (CI, E2E, Deploy) referenced
branches: [main] but the repository default branch is master.
This meant CI never triggered on pushes or PRs to master.
- ci.yml: push/PR triggers → master
- e2e.yml: push/PR triggers → master
- deploy.yml: push trigger + latest tag condition → master
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Remove unused `registerUser` import in e2e/api/inquiries.spec.ts
- Add `override` modifier to class methods in query-provider.tsx
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- FileValidationPipe now supports maxSizeByMimeType for per-MIME-type size limits
- Images: max 10MB, Video (MP4): max 100MB
- Oversized files return 413 Payload Too Large instead of 400 Bad Request
- MIME type validation runs before size check for clearer error messages
- Multer module limit raised to 100MB (per-type enforcement in pipe)
- Added 413 ApiResponse to Swagger docs on upload endpoint
- Added comprehensive unit tests for FileValidationPipe (16 test cases)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
MCP endpoints already had JwtAuthGuard applied but lacked per-route rate
limiting and test coverage for security behavior. Add @Throttle decorators
with appropriate limits (5 req/min for SSE connections, 30 req/min for
server list and messages), unit tests verifying guard/throttle metadata,
and E2E tests confirming 401 rejection for unauthenticated requests.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add global QueryErrorResetBoundary wrapping the app so TanStack Query
errors are caught with a retry UI instead of crashing. Enable
throwOnError in QueryClient defaults. Update ListingMap to use real
latitude/longitude from API when available, falling back to city-based
jitter for listings without coordinates.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Migrate 30 files from `new Logger(ClassName.name)` to injected LoggerService
for consistent PII masking and centralized logging config
- Split prisma-admin-query.repository.ts (313→121 lines) into admin-stats.queries.ts
and admin-user.queries.ts
- Split admin.controller.ts (285→154 lines) into admin-moderation.controller.ts
- Split prisma-listing.repository.ts (274→111 lines) into listing-read.queries.ts
- Update 28 test files with mock LoggerService
- All 831 tests passing, zero direct new Logger() calls remaining
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add Redis caching to SearchListingsHandler (2 min TTL, query-based key)
- Refactor GetDistrictStatsHandler to use @Cacheable decorator
- Update search-listings test to provide mock CacheService
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Create @Cacheable method decorator for declarative cache-aside pattern
with configurable prefix, TTL, resource label, and key extraction
- Add PLAN_LIST (1h TTL) and REFERENCE_DATA (24h TTL) cache constants
- Add CachePrefix.PLAN_LIST and CachePrefix.REFERENCE entries
- Cache subscription plan queries in GetPlanHandler (single + list)
- Export Cacheable decorator from shared module barrel
- Add comprehensive tests for decorator and handler caching
The caching infrastructure (CacheService, Redis, Prometheus metrics,
event-driven invalidation) was already production-ready with 10+ hot
paths cached. This commit adds the missing declarative decorator and
plan list caching.
Resolves: TEC-1567
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add missing auth and search translation namespaces to vi.json and en.json
that are required by login/register pages and search filter-bar component.
Update filter-bar with useTranslations('search'), aria-labels, and
role="search" for WCAG 2.1 AA compliance.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add AiServiceClient HTTP client for Python FastAPI AI service with timeout and fallback
- Add HttpAVMService that calls Python AVM endpoint, falls back to PrismaAVMService on failure
- Add ListingCreatedModerationHandler: auto-flags suspicious listings via AI moderation on create
- Add MarketIndexCronService: daily cron job aggregating market stats per district/city/type
- Wire ScheduleModule and new providers into AnalyticsModule and AppModule
- Add unit tests for AiServiceClient, HttpAVMService, and moderation handler (all passing)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Build three new DDD modules following existing CQRS patterns:
- Inquiries: CRUD endpoints for buyer consultation requests with agent notification support
- Leads: Full lead lifecycle management with status state machine and conversion tracking
- Agents: Quality score calculation (event-driven on review changes) and dashboard stats API
All modules include unit tests (14 test files, all 797 tests pass).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add locale-prefixed routes for admin, auth, dashboard, and public pages.
Add error, loading, and not-found pages for locale context. Add language
switcher UI component for Vietnamese/English toggle.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add field-level encryption service for PII data with AES-256-GCM
- Add health check specs for Prisma and Redis indicators
- Add MCP controller specs
- Add encrypt-existing-kyc migration script for existing KYC data
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add event listener for user-banned events with spec. Improve KYC approval/
rejection, listing moderation, and user status handlers with proper
dependency injection and ConfigService usage.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add unit tests for get-profile, get-agent-by-user-id, and verify-kyc handlers.
Improve OAuth service, local strategy, and repository implementations with
proper ConfigService injection and error handling.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add property valuation query handler with AVM (Automated Valuation Model)
service integration. Improve market index, heatmap, and price trend handlers
with proper dependency injection and error handling.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Fix search.js: replace URLSearchParams (unsupported in K6) with string interpolation
- Add baseline performance report with latency benchmarks across all 4 suites
- Add load-tests/results/*.json to .gitignore (large raw output files)
Note: pre-existing test failure in create-listing.handler.spec.ts (eventBus.publish mock) — unrelated to this change.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Remove duplicate root-level route groups ((public)/, (auth)/, (dashboard)/,
(admin)/, auth/) that shadowed the [locale]/ i18n-aware versions. All routes
now live exclusively under [locale]/ with next-intl middleware handling locale
detection and redirect.
- Root layout.tsx → pass-through (delegates html/body to [locale]/layout.tsx)
- [locale]/layout.tsx now imports globals.css
- Root error.tsx, not-found.tsx get html wrapper for safety fallback
- Remove redundant root loading.tsx
- 38 duplicate route files removed
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add scripts/smoke-test.sh — hits health, readiness, and critical API
endpoints (listings, search, subscriptions) post-deploy
- Add smoke-test-staging job that runs after staging deploy with Slack
notification on failure
- Add smoke-test-production job that runs after production deploy with
success notification
- Add rollback-production job triggered on smoke test failure — reverts
to previous container images and notifies via Slack
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add Swagger decorators (@ApiTags, @ApiOperation, @ApiResponse, @ApiParam,
@ApiBearerAuth) to MCP transport controller — the only controller missing them
- Add reviews and mcp tags to DocumentBuilder config
- Enable JSON spec export at /api/v1/docs-json
- Update Helmet CSP to allow Swagger UI assets from cdn.jsdelivr.net
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The i18n architecture (config, routing, translation files, locale pages) was
already built but non-functional due to three missing pieces:
1. next-intl not listed in package.json
2. middleware.ts not using createMiddleware from next-intl/middleware
3. next.config.js not wrapped with createNextIntlPlugin
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Enable prefer-inline for import-x/no-duplicates to support barrel
import patterns (value + type imports from same module)
- Inline duplicate type imports in middleware.ts and listing-form-steps.tsx
- Fix import ordering across API test files and MCP controller
- Add next-intl mock to search spec (FilterBar uses useTranslations)
- Exclude [locale] test duplicates from vitest (need proper i18n test setup)
All 801 tests passing (653 API + 119 web + 29 MCP). Zero lint errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
K6_README.md provides:
- Index of three complementary documentation files
- Quick 3-minute start guide
- Test scenarios overview with priorities
- Authentication methods (cookie vs token)
- Endpoint priority matrix (high/medium/low)
- API structure reference
- Rate limits and quota information
- Integration with existing tests (Vitest, Playwright)
- CI/CD integration points
- Cross-reference guide for quick lookup
- Common tasks workflow
- Learning path (beginner → intermediate → advanced)
This serves as the entry point for K6 load testing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- K6_ENDPOINTS_SUMMARY.md: Quick reference for all API endpoints with request/response shapes
- K6_QUICK_START.md: Practical guide with executable examples for search, auth, listing, and payment load tests
- Includes example K6 scripts, CI integration template, and troubleshooting
- Complete with load test scenarios and reporting options
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Document all API endpoints (auth, listings, payments, search)
- Include DTOs and request/response body shapes
- Document authentication methods and rate limits
- Provide database and environment configuration
- Include existing test setup (Playwright, Vitest)
- Detail CI/CD pipeline structure
- Recommend K6 endpoints and test patterns
- Provide file location references for quick lookup
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add global /api/v1/ prefix with health/ready exclusions
- Add compound indexes on Property and Listing for query optimization
- Export CsrfMiddleware and UploadedFile type from shared infra
- New Prisma migration for compound indexes
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The env-validation module previously only checked that JWT_SECRET and
JWT_REFRESH_SECRET were _present_ — it accepted any value, including
known placeholders like "CHANGE_ME". This meant a developer could copy
.env.example verbatim and run the app with predictable, forgeable tokens.
Changes:
- Add FORBIDDEN_SECRET_VALUES blocklist (case-insensitive) with 23 common
placeholder strings (CHANGE_ME, secret, password, test, etc.)
- Enforce minimum 32-character length for JWT secrets (NIST HMAC guidance)
- Export validateJwtSecret() for direct testing and reuse
- Update .env.example: replace "CHANGE_ME" with generation instructions
- Add 14 unit tests covering placeholder rejection, length enforcement,
missing-var errors, and production-mode validation
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add 1-min TTL caching to CheckQuotaHandler (previously uncached, hitting
3 DB queries per guarded request). Add cache invalidation to
MeterUsageHandler and UpgradeSubscriptionHandler so quota caches stay
fresh after usage metering and plan changes. Increase search results TTL
from 1min to 2min per spec. Add market cache invalidation on listing
creation to keep district stats and market reports consistent.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add HealthModule with /health (liveness) and /ready (readiness) probes.
Readiness checks DB (Prisma) and Redis connectivity.
Replaces the basic /health endpoint in AppController.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
