ab26eb4c05
Some checks failed
CI / E2E Tests (push) Has been skipped
CodeQL Analysis / CodeQL (javascript-typescript) (push) Failing after 1m23s
Deploy / Build API Image (push) Failing after 33s
Deploy / Deploy to Staging (push) Has been skipped
CI / Lint → Typecheck → Test → Build (22) (push) Failing after 9s
Deploy / Build Web Image (push) Failing after 11s
Deploy / Build AI Services Image (push) Failing after 9s
E2E Tests / Playwright E2E (push) Failing after 18s
Security Scanning / Dependency Audit (pnpm) (push) Failing after 2s
Security Scanning / Trivy Scan — API Image (push) Failing after 59s
Security Scanning / Trivy Scan — Web Image (push) Failing after 51s
Security Scanning / Trivy Scan — AI Services Image (push) Failing after 34s
Security Scanning / Trivy Filesystem Scan (push) Failing after 24s
Deploy / Smoke Test Staging (push) Has been skipped
Deploy / Deploy to Production (push) Has been skipped
Security Scanning / Security Gate (push) Failing after 1s
Deploy / Rollback Production (push) Has been skipped
Deploy / Smoke Test Production (push) Has been skipped
Deploy / Rollback Staging (push) Has been skipped
Foundation for Phase E (AI advisor / AI valuation on listing detail).
An admin sets the Anthropic Claude credentials once in the new
"/admin/settings/ai" page; downstream features read them via
SystemSettingsService.
Database
--------
- New Prisma model SystemSetting { key @id, value Text, valueType,
isSecret, updatedAt, updatedBy }. db:push applied cleanly.
Backend
-------
- SystemSettingsService — canonical getter/setter for
ai.api_url / ai.api_key / ai.model. maskApiKey() returns the last 4
chars prefixed with "sk-ant-...". Exposes unmasked getAiSettings()
for server-side consumers (AI advisor handlers).
- GET /admin/settings/ai — returns { apiUrl, apiKeyMasked, model,
hasApiKey, updatedAt }. Never emits the raw key.
- PATCH /admin/settings/ai — body accepts partial { apiUrl, apiKey,
model }. apiKey sentinel "__UNCHANGED__" preserves the stored value;
empty string clears it; any other value overwrites.
- CQRS: get-ai-settings query + update-ai-settings command. Registered
in admin.module.ts; service exported via modules/admin/index.ts so
Phase E can inject it.
Frontend
--------
- adminApi.getAiSettings() / updateAiSettings() added to
lib/admin-api.ts with shared AiSettings + UpdateAiSettingsPayload
types.
- New Lucide-only nav entry "Cài đặt AI" (Sparkles) in admin layout.
- /admin/settings/ai/page.tsx — Card with API URL input, masked API
key input with Eye/EyeOff toggle, "Xoá key" button, model Select
(claude-opus-4-5 / sonnet-4-5 / haiku-4-5 + custom input), save
button with inline success/error banners, "last updated" timestamp.
- i18n keys adminNav.settings + adminNav.aiSettings in vi.json/en.json.
Constraints
-----------
- No new packages. Runtime imports for NestJS-DI classes preserved.
- Key NOT encrypted at rest (MVP); documented in service comment as
future hardening.
- Page inherits existing admin auth guard via (admin) layout.
Verification
------------
- API typecheck clean.
- Web typecheck clean in touched files.
- API suite: 1975 / 1975 pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>