feat-002: KYC Verification Stub#7
Closed
leecampbell-codeagent wants to merge 9 commits into
Closed
Conversation
…t-001) - Add users table migration with clerk_user_id TEXT, roles[], notification_prefs JSONB - Implement User entity with private constructor, create()/reconstitute() pattern - Add AccountAppService, REST API, and React frontend with full design system - 248 tests passing (76 backend + 172 frontend), builds succeed Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…at-001) - HIGH-001: Replace Zod schema internals in 400 responses with sanitised issue list (path + message only, no format() internals) - HIGH-002: Error handler returns static generic message instead of err.message; domain error classes use static strings without user data - HIGH-003: Remove onboardingCompleted/onboardingStep from PATCH /me/profile schema — onboarding state is server-controlled only Also commit exploratory and security review reports. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Resolves regression introduced by HIGH-003 security fix. The profile PATCH endpoint no longer accepts onboardingCompleted/onboardingStep from clients, but the onboarding page needed a way to complete the flow. Solution: dedicated server-controlled endpoint that only sets onboardingCompleted=true and onboardingStep='complete' — clients cannot set arbitrary values. - Add completeOnboarding() to UserRepository port, pg adapter, and in-memory adapter - Add completeOnboarding() to AccountAppService with audit logging - Add POST /api/v1/me/onboarding/complete route (auth required) - Frontend: call completeOnboarding() instead of profile PATCH for onboarding completion and skip flows - Add 8 new tests (4 unit + 4 integration) — 256 total now passing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Exploratory: PASS — 256/256 tests, all ACs verified - Security: 0 critical/high findings, 3 medium, 5 low - Audit: PASS — hex architecture, parameterised SQL, no enums, all checks - CI/CD: PASS — pipeline can support this feature Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Mark feat-001 as SHIPPED in backlog - Add G-016: hooks with -r flag scan everything when no files passed - Add G-017: ======= pattern needs ^ anchor to avoid false positives Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Backend: - New KYC bounded context (packages/backend/src/kyc/) with ports, stub adapter, app service, API router, and full test coverage - GET /api/v1/kyc/status and POST /api/v1/kyc/submit endpoints - StubKycVerificationAdapter: auto-approves synchronously - Two state transitions per submit: not_started→pending→verified with DB-first ordering and best-effort audit logging (G-019) - Atomic conditional WHERE on kyc_status updates (G-020) - updateKycStatus() added to UserRepository port and adapters - AuditLoggerPort: resourceType expanded to 'user'|'kyc', KycStatusChange action - kyc_audit_events table (immutable, GDPR-safe ON DELETE SET NULL) Frontend: - KycStatusBadge: all 6 states, Tier 2 tokens only, role="status" - KycVerificationPanel: 6 status states, loading skeleton, error state - Settings profile page: KYC section added below profile form - useKycStatus hook and useKycSubmit mutation (cache invalidation) Migrations: - 20260305140000: rename 'failed'→'rejected' in kyc_status CHECK (G-018) - 20260305141000: create kyc_audit_events table Tests: 356 total (143 backend + 213 frontend), all passing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Exploratory: ISSUES FOUND (3 minor, non-blocking) — 356/356 tests - Security: 0 critical/high findings, 3 medium, 0 low - Audit: PASS — hex architecture, parameterised SQL, no enums - CI/CD: PASS — pipeline supports this feature Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
leecampbell-codeagent
force-pushed
the
ralph/feat-001-account-auth
branch
from
ecdf8d9 to
de8824b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
GET /api/v1/kyc/statusandPOST /api/v1/kyc/submitendpoints; stub auto-approves (not_started → pending → verified) in a single request with two audit eventspackages/backend/src/kyc/) withStubKycVerificationAdapter,KycAppService, and immutablekyc_audit_eventsaudit table; atomic state transitions via conditional WHERE (G-020)KycStatusBadgeandKycVerificationPanelfrontend components added to/settings/profilepage;KycStatusvalue renamed'failed'→'rejected'(G-018)Stacked on:
ralph/feat-001-account-auth(merge parent PR first)Screenshots
Screenshots: app stack requires Clerk credentials and Docker — see Manual Task #1 and #2. All 356 tests pass as proxy verification.
Quality Gate
npm audit— 0 critical/high)Reports
.claude/reports/feat-002-exploratory.md.claude/reports/feat-002-security.md.claude/reports/feat-002-audit.md.claude/reports/feat-002-cicd.md.claude/reports/feat-002-merge.mdManual Tasks