update to add for ci-cd testing as well as auto deployments to heroku

[msands]

updates code for GitHub actions CI and CD deployment to heroku.

Summary by CodeRabbit

• New Features

  • GitHub Actions CI/CD pipeline added (lint, test, build, deploy-to-main).

• Tests

  • Progressive testing: optional PayPal/Email/SMS tests can skip when unconfigured; new integration and service test coverage and helpers.

• Documentation

  • New CI/CD and testing docs (setup, FAQ, pricing, secrets, pre-merge checklist, progressive strategy).

• Chores

  • Linting fixes and multiple frontend text/icon/import cleanups.

• Backend

  • Client identity now uses email; payments modeled as nested payment objects; admin login tracking and safer admin serialization.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds a GitHub Actions CI/CD workflow with lint/test/build/deploy stages, introduces tests/utils service-check with conditional PayPal/Email/SMS test skipping, adds integration and service tests, updates backend models/routes/services and Express typings to use email/payment objects and new Admin methods, applies many small frontend UI/text/import tweaks, and adds extensive CI/CD and testing documentation.

Changes

Cohort / File(s)	Summary
CI/CD workflow & config ​.github/workflows/ci-cd.yml	New GitHub Actions pipeline with jobs: lint (ESLint, TS checks), test (MongoDB service, optional-service gating via SKIP_OPTIONAL_SERVICE_TESTS, coverage/Codecov), build (backend & Next.js frontend, artifact checks), and deploy (Heroku deploy gated to main using secrets).
Test utilities tests/utils/service-check.ts	New helpers to detect PayPal/Email/SMS configuration and SKIP_OPTIONAL_SERVICE_TESTS; exports isPayPalConfigured, isEmailConfigured, isSMSConfigured, shouldSkipOptionalServiceTests, and skipIfServiceNotAvailable returning skip signals/reasons.
Service & integration tests tests/services/paypal.service.test.ts, tests/services/email.service.test.ts, tests/integration/booking-flow.test.ts, tests/admin-dashboard.test.ts, tests/client-portal-fixed.test.ts	New/updated test suites: booking-flow integration tests exercising bookings, status transitions, conditional PayPal invoice flow and webhook handling; PayPal/Email tests with mocks and skip gating; timezone normalization fixes; many test data shape updates (email/phone, payment object, status renames).
Backend models & typing backend/src/models/admin.model.ts, backend/src/models/invoice.model.ts, backend/src/middleware/auth.middleware.ts	Added updateLastLogin() and toJSON() on Admin schema; tightened Invoice pre-save typing (typed InvoiceModel use); augmented Express Request/AuthRequest with optional client?: { id: string; email: string }.
Backend routes & services backend/src/routes/client.routes.ts, backend/src/routes/booking.routes.ts, backend/src/routes/dashboard.routes.ts, backend/src/services/email.service.ts, backend/src/services/sms.service.ts	Primary client identifier migrated from clientEmail/clientPhone to email/phone; booking and invoice logic updated to use nested payment object (totalAmount, depositAmount, paidAmount, status), analytics/export queries adjusted, email sending call in booking route commented/TODO, and Email/SMS service method signatures changed to accept IBooking/IInvoice with updated templates/placeholders.
Frontend edits (icons, text, catches, effects) frontend/app/... (many files), frontend/components/booking-form.tsx, frontend/tailwind.config.ts	Numerous small edits across client/admin pages: removed unused lucide-react icons, replaced anchors with Next.js Link, converted catch (error) → bare catch, added eslint-disable comments for exhaustive-deps, escaped apostrophes/quotes in JSX text, and changed Tailwind darkMode from ["class"] to "class".
Docs & notes docs/..., CI_CD_UPDATE_SUMMARY.md, LINTING_FIXES.md, docs/ci-cd-setup.md, docs/ci-cd-summary.md, docs/ci-cd-faq.md, docs/github-actions-pricing.md, docs/github-secrets-setup.md, docs/pre-merge-checklist.md, docs/progressive-testing-strategy.md, docs/testing-strategy.md	Added and expanded CI/CD, secrets, pricing, progressive testing, testing strategy, pre-merge checklist, FAQ, and linting fixes documentation describing workflow, secrets setup, progressive testing patterns, and cost/optimization guidance.
Manifests & config package.json, frontend/tailwind.config.ts	Package manifest present; Tailwind darkMode changed from array to string.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Dev as Developer
    participant GH as GitHub Actions
    participant Lint as Lint Job
    participant Test as Test Job
    participant Mongo as MongoDB Service
    participant Codecov as Codecov
    participant Build as Build Job
    participant Deploy as Deploy Job
    participant Heroku as Heroku

    Dev->>GH: Push / Open PR
    GH->>Lint: Run lint & type checks
    Lint-->>GH: Lint result
    alt lint passes
        GH->>Test: Run tests
        Test->>Mongo: Start MongoDB service
        Test->>Test: Run core tests
        Test->>Test: Evaluate service-checks (PayPal/Email/SMS)
        alt optional services configured
            Test->>Test: Run optional-service tests
        else skipped
            Test-->>Test: Skip optional-service tests
        end
        Test->>Codecov: Upload coverage (if enabled)
        Test-->>GH: Test result
    end
    alt tests pass
        GH->>Build: Build backend & frontend
        Build-->>GH: Artifact verification (.next, dist)
    end
    alt build passes and branch == main
        GH->>Deploy: Deploy job
        Deploy->>Heroku: Deploy using HEROKU_API_KEY/HEROKU_APP_NAME
        Heroku-->>Deploy: Release result
        Deploy-->>GH: Deploy result
    end
    GH-->>Dev: Final workflow status

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Focus review areas:
  • tests/utils/service-check.ts — correctness of env parsing, boolean semantics, and skip reasoning/messages.
  • New/updated tests and integration flows — ensure skips, mocks, and conditional branches match production contracts and env toggles.
  • .github/workflows/ci-cd.yml — job dependencies, caching, service container config, artifact paths, and deploy gating.
  • backend/src/routes/client.routes.ts and backend/src/routes/dashboard.routes.ts — correctness of migration to email and aggregation/analytics changes using nested payment fields.
  • backend/src/models/admin.model.ts — duplicated updateLastLogin implementations and jwt sign options handling.
  • backend services email/sms signature changes — ensure all call sites updated to IBooking/IInvoice shapes.
  • Frontend bare catch changes and added eslint-disable comments — risk of swallowed errors or suppressed real issues.

Poem

🐰 I hopped through YAML, tests, and docs with glee,
Skipping optional services when they can’t be,
From lint to build and a Heroku song,
Tests dance lightly — short or long,
A rabbit’s cheer for CI rolling strong. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 10.53% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main changes: adding CI/CD testing via GitHub Actions workflow and configuring auto-deployment to Heroku. It directly corresponds to the primary deliverables (.github/workflows/ci-cd.yml and deployment configuration).

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch heroku_deploy_github_action

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 9

🧹 Nitpick comments (8)

docs/ci-cd-faq.md (1)

35-37: Missing language specifier in code fence.

Line 35 shows a code block without a language identifier. Add the language specifier for clarity.

  Check the GitHub Actions logs. Skipped tests will show:
- ```
+ ```text
  Skipping PayPal tests: PayPal is not configured. Skipping test.
- ```
+ ```

docs/github-secrets-setup.md (1)

22-22: Wrap bare URL in markdown link format for better documentation.

Line 22 contains a bare URL that should be wrapped for better readability and navigation in documentation.

  **Yes, you're correct!** Add them in the **Repository Secrets** section:
  
  1. Go to your GitHub repository
  2. Click **Settings** (top menu)
  3. Click **Secrets and variables** → **Actions** (left sidebar)
  4. Click **New repository secret** button
  5. Add each secret one by one
  
- **Direct URL format**: `https://github.com/YOUR-USERNAME/YOUR-REPO/settings/secrets/actions`
+ **Direct URL format**: [`https://github.com/YOUR-USERNAME/YOUR-REPO/settings/secrets/actions`](https://github.com/YOUR-USERNAME/YOUR-REPO/settings/secrets/actions)

tests/services/email.service.test.ts (2)

12-17: Redundant skip check inside beforeEach.

The describe.skipIf(skipCheck.skip) on line 8 already prevents the entire suite from running when skipped. The internal check and console.log are unreachable code when skipCheck.skip is true.

Remove this redundant block:

   beforeEach(() => {
-    // Only run if Email is configured or we're forcing tests
-    if (skipCheck.skip) {
-      console.log(`Skipping Email tests: ${skipCheck.reason}`)
-      return
-    }
-
     mockConfig = {

---

126-137: Error handling test doesn't exercise the actual EmailService.

This test manually throws an error and catches it, rather than testing how EmailService handles SMTP failures. Consider invoking a method on emailService with a mocked rejection.

-    it('should handle email sending failures gracefully', async () => {
-      // Mock failed email send
-      const mockSendMail = vi.fn().mockRejectedValue(new Error('SMTP Error'))
-      
-      // This would need to be properly mocked in a real implementation
-      // For now, we test the error handling pattern
-      
-      await expect(async () => {
-        // Simulate email send failure
-        throw new Error('SMTP Error')
-      }).rejects.toThrow('SMTP Error')
-    })
+    it('should handle email sending failures gracefully', async () => {
+      // Re-mock with rejection for this test
+      const nodemailer = await import('nodemailer')
+      vi.mocked(nodemailer.default.createTransport).mockReturnValueOnce({
+        sendMail: vi.fn().mockRejectedValue(new Error('SMTP Error')),
+        verify: vi.fn()
+      } as any)
+      
+      const failingService = new EmailService(mockConfig)
+      await expect(failingService.send({ to: 'test@example.com', subject: 'Test', html: '<p>Test</p>' }))
+        .rejects.toThrow('SMTP Error')
+    })

tests/services/paypal.service.test.ts (1)

99-128: Webhook processing tests should use paypalService.processWebhook.

The relevant code snippet shows PayPalService.processWebhook(webhookData) parses webhook data and returns structured results. Test this method instead of asserting on static object properties.

   describe('Webhook Processing', () => {
-    it('should validate webhook signature', () => {
+    it('should process PAYMENT.CAPTURE.COMPLETED webhook', () => {
       const webhookData = {
         event_type: 'PAYMENT.CAPTURE.COMPLETED',
         resource: {
           id: 'PAY-123',
           amount: { value: '1000.00', currency_code: 'USD' }
         }
       }

-      expect(webhookData.event_type).toBeDefined()
-      expect(webhookData.resource).toBeDefined()
+      const result = paypalService.processWebhook(webhookData)
+      expect(result.type).toBe('PAYMENT.CAPTURE.COMPLETED')
+      expect(result.paymentId).toBe('PAY-123')
     })

tests/integration/booking-flow.test.ts (1)

22-26: Dropping the entire database in afterAll is aggressive for CI.

dropDatabase() removes all collections. If tests run in parallel or share a database, this causes failures. Consider only cleaning up test-specific collections.

   afterAll(async () => {
-    // Clean up
-    await mongoose.connection.dropDatabase()
+    // Clean up test collections only
+    await Admin.deleteMany({})
+    await Booking.deleteMany({})
     await mongoose.connection.close()
   })

.github/workflows/ci-cd.yml (1)

165-168: Placeholder post-deployment check provides no actual validation.

The step only echoes a message. Consider adding a real health check or remove the misleading comment.

       - name: Run post-deployment checks
         run: |
-          echo "Deployment completed. Run health checks if needed."
-          # Add health check endpoint verification here if available
+          # Verify deployment succeeded by checking health endpoint
+          sleep 10  # Wait for app to restart
+          curl --fail --retry 3 --retry-delay 5 \
+            "https://${{ secrets.HEROKU_APP_NAME }}.herokuapp.com/api/health" \
+            || echo "Health check failed or endpoint not available"

tests/utils/service-check.ts (1)

6-13: Redundant empty string checks.

The && with !== '' is redundant since an empty string is falsy and already excluded by the !! coercion and && chain.

 export function isPayPalConfigured(): boolean {
   return !!(
     process.env.PAYPAL_CLIENT_ID &&
-    process.env.PAYPAL_CLIENT_SECRET &&
-    process.env.PAYPAL_CLIENT_ID !== '' &&
-    process.env.PAYPAL_CLIENT_SECRET !== ''
+    process.env.PAYPAL_CLIENT_SECRET
   )
 }

That said, explicit checks can improve readability for future maintainers—this is a minor nit.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a238f59 and 3bd7570.

📒 Files selected for processing (14)

• .github/workflows/ci-cd.yml (1 hunks)
• CI_CD_UPDATE_SUMMARY.md (1 hunks)
• docs/ci-cd-faq.md (1 hunks)
• docs/ci-cd-setup.md (1 hunks)
• docs/ci-cd-summary.md (1 hunks)
• docs/github-actions-pricing.md (1 hunks)
• docs/github-secrets-setup.md (1 hunks)
• docs/pre-merge-checklist.md (1 hunks)
• docs/progressive-testing-strategy.md (1 hunks)
• docs/testing-strategy.md (1 hunks)
• tests/integration/booking-flow.test.ts (1 hunks)
• tests/services/email.service.test.ts (1 hunks)
• tests/services/paypal.service.test.ts (1 hunks)
• tests/utils/service-check.ts (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

tests/services/paypal.service.test.ts (2)

tests/utils/service-check.ts (2)

• skipIfServiceNotAvailable (54-65)
• isPayPalConfigured (6-13)

backend/src/services/paypal.service.ts (1)

• PayPalService (41-234)

tests/integration/booking-flow.test.ts (2)

backend/src/api.ts (1)

• createApiApp (43-77)

backend/src/models/booking.model.ts (1)

• Booking (97-97)

🪛 actionlint (1.7.9)

.github/workflows/ci-cd.yml

97-97: the runner of "codecov/codecov-action@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 GitHub Actions: CI/CD Pipeline

tests/integration/booking-flow.test.ts

[error] 72-72: Assertion failed: expected 400 to be 201 when creating booking; API may be returning 400 for create booking in Booking Flow Integration Tests.

---

[error] 205-205: Booking validation: expected 401 for unauthenticated booking creation but received 400.

---

[error] 226-226: Cannot read properties of undefined (_id) from booking response; booking object missing _id in status transition test.

🪛 LanguageTool

docs/ci-cd-faq.md

[style] ~48-~48: Using many exclamation marks might seem excessive (in this case: 3 exclamation marks for a text that’s 2162 characters long)
Context: ...deploy without PayPal configured? Yes! The app deploys successfully. Payment...

(EN_EXCESSIVE_EXCLAMATION)

docs/testing-strategy.md

[uncategorized] ~57-~57: The official name of this payment provider is spelled with two capital “P”.
Context: ...ion verification - PayPal Service (backend/src/services/paypal.service.ts) - Invoice creation logic...

(PAYPAL)

---

[style] ~309-~309: ‘under stress’ might be wordy. Consider a shorter alternative.
Context: ...t system limits - Verify error handling under stress - Test resource cleanup ## Security Te...

(EN_WORDINESS_PREMIUM_UNDER_STRESS)

---

[uncategorized] ~336-~336: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ocument test scenarios - Keep test data up to date - Document mocking strategies - Update ...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

CI_CD_UPDATE_SUMMARY.md

[uncategorized] ~25-~25: The official name of this payment provider is spelled with two capital “P”.
Context: ...d Test Files PayPal Service Tests (tests/services/paypal.service.test.ts) - Skips entire suite ...

(PAYPAL)

---

[uncategorized] ~37-~37: The official name of this software platform is spelled with a capital “H”.
Context: ...l tests ### 3. Updated CI/CD Workflow (.github/workflows/ci-cd.yml) - Added environm...

(GITHUB)

docs/github-actions-pricing.md

[style] ~79-~79: As an alternative to the over-used intensifier ‘very’, consider replacing this phrase.
Context: ... 10x minutes consumed - Would hit limit very quickly Stick with Linux! ✅ ## Optimizati...

(EN_WEAK_ADJECTIVE)

🪛 markdownlint-cli2 (0.18.1)

docs/ci-cd-faq.md

35-35: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

docs/github-secrets-setup.md

22-22: Bare URL used

(MD034, no-bare-urls)

🔇 Additional comments (8)

docs/github-actions-pricing.md (1)

1-173: ✅ Pricing documentation is comprehensive and well-organized.

This serves as a helpful reference guide for cost estimation. The figures appear reasonable (Linux 1x multiplier, Windows 2x, macOS 10x) and the scenarios are realistic for typical team sizes. The optimization tips section is practical.

docs/ci-cd-summary.md (1)

1-86: ✅ Clear and concise implementation summary.

Well-structured overview of the CI/CD approach. The comparison between GitHub Actions and post-merge hooks is compelling, and the test strategy breakdown provides helpful context for developers.

docs/ci-cd-setup.md (1)

1-242: ✅ Comprehensive and well-structured setup guide.

Clear step-by-step instructions for GitHub Secrets configuration, workflow verification, and troubleshooting. The comparison with post-merge hooks is persuasive, and the best practices section adds valuable guidance for maintainability.

docs/pre-merge-checklist.md (1)

1-187: ✅ Clear decision tree for merge readiness.

Excellent pre-merge guide that gives developers clear options with pros/cons. The distinction between required (deployment) and optional (enhanced CI) secrets is well-explained, and the quick setup guide with commands is actionable.

docs/github-secrets-setup.md (1)

1-198: ✅ Practical and comprehensive secrets setup guide.

Clear instructions for obtaining and adding secrets, with multiple methods (Dashboard, CLI, Browser) to accommodate different user preferences. The NEXT_PUBLIC_API_URL section effectively explains what it is and why it's needed.

CI_CD_UPDATE_SUMMARY.md (1)

1-188: All referenced implementation files are present and match the documented functionality. The progressive testing setup is correctly implemented across the CI/CD pipeline, service-check utility, and test files. The document accurately describes the current state of the codebase.

docs/progressive-testing-strategy.md (1)

1-236: Well-structured documentation for the progressive testing strategy.

The documentation clearly explains the phased approach to testing with partial service configuration. The examples and diagrams effectively communicate the test execution flow and skip patterns.

One minor consideration: the external gist link on line 9 may become stale. Consider inlining the key configuration status or referencing a project-internal document instead.

tests/utils/service-check.ts (1)

1-65: Clean utility pattern for progressive testing.

The service-check utilities provide a well-structured approach for conditionally skipping tests. The skipIfServiceNotAvailable function cleanly combines the skip flag with individual service checks.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Update codecov-action to v4.

The static analysis tool flags codecov/codecov-action@v3 as outdated. The v3 runner may fail on current GitHub Actions infrastructure.

       - name: Upload coverage reports
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
         with:
           files: ./tests/coverage/coverage-final.json
           flags: unittests
           name: codecov-umbrella
           fail_ci_if_error: false
+          token: ${{ secrets.CODECOV_TOKEN }}

Note: v4 requires a CODECOV_TOKEN secret for public repos as of early 2024.

🧰 Tools

🪛 actionlint (1.7.9)

97-97: the runner of "codecov/codecov-action@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents

.github/workflows/ci-cd.yml around lines 96 to 102: the workflow currently uses
codecov/codecov-action@v3 which is outdated and may fail; update the uses to
codecov/codecov-action@v4 and pass the CODECOV_TOKEN via env: CODECOV_TOKEN: ${{
secrets.CODECOV_TOKEN }} (and ensure the repository has that secret configured),
keep existing inputs (files, flags, name, fail_ci_if_error) and adjust any
v4-specific input names if the action docs require them.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Duplicate Heroku deploy steps.

The workflow calls akhileshns/heroku-deploy@v3.13.15 twice with nearly identical configuration. This appears to be a copy-paste error that will deploy twice unnecessarily.

Remove the duplicate:

       - name: Setup Heroku CLI
-        uses: akhileshns/heroku-deploy@v3.13.15
-        with:
-          heroku_api_key: ${{ secrets.HEROKU_API_KEY }}
-          heroku_app_name: ${{ secrets.HEROKU_APP_NAME }}
-          heroku_email: ${{ secrets.HEROKU_EMAIL }}
-          appdir: "."
-
-      - name: Deploy to Heroku
         uses: akhileshns/heroku-deploy@v3.13.15
         with:
           heroku_api_key: ${{ secrets.HEROKU_API_KEY }}
           heroku_app_name: ${{ secrets.HEROKU_APP_NAME }}
           heroku_email: ${{ secrets.HEROKU_EMAIL }}
           appdir: "."
           procfile: "web: npm start"

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

.github/workflows/ci-cd.yml around lines 148 to 163: there are two consecutive
steps that both use akhileshns/heroku-deploy@v3.13.15 with identical inputs,
causing a duplicate deploy; remove the redundant step (either the first "Setup
Heroku CLI" or the second "Deploy to Heroku") so only a single heroku-deploy
action remains, ensuring the remaining step includes the needed inputs
(heroku_api_key, heroku_app_name, heroku_email, appdir and procfile if
required).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify skipIf syntax and service-check exports

echo "=== Checking package.json for Jest/Vitest configuration ==="
if [ -f package.json ]; then
  cat package.json | jq -r '.devDependencies, .jest, .vitest' 2>/dev/null | head -30
else
  echo "package.json not found"
fi

echo ""
echo "=== Checking for service-check utility file ==="
find . -name "service-check*" -type f 2>/dev/null | head -10

echo ""
echo "=== Checking for skipIf implementation in test files ==="
find . -path ./node_modules -prune -o -name "*.ts" -o -name "*.js" -type f -print | xargs grep -l "skipIf" 2>/dev/null | head -10

Repository: dtprotection/dotcom

Length of output: 862

---

🏁 Script executed:

#!/bin/bash
# Examine the service-check utility and test framework setup

echo "=== Reading service-check.ts ==="
if [ -f ./tests/utils/service-check.ts ]; then
  cat -n ./tests/utils/service-check.ts
else
  echo "service-check.ts not found"
fi

echo ""
echo "=== Checking jest configuration in package.json ==="
if [ -f package.json ]; then
  cat package.json | jq '.jest' 2>/dev/null
else
  echo "package.json not found"
fi

echo ""
echo "=== Checking for Jest setup files ==="
find . -path ./node_modules -prune -o -name "jest.config*" -type f -print 2>/dev/null

echo ""
echo "=== Checking tsconfig for test setup ==="
find . -path ./node_modules -prune -o -name "tsconfig*.json" -type f -print 2>/dev/null | xargs grep -l "jest\|test" 2>/dev/null

Repository: dtprotection/dotcom

Length of output: 2521

---

🏁 Script executed:

#!/bin/bash
# Check if skipIf is a custom Jest extension

echo "=== Searching for skipIf definition/setup in entire codebase ==="
grep -r "skipIf" . --include="*.ts" --include="*.js" --exclude-dir=node_modules 2>/dev/null | grep -E "(describe|it)\.skipIf|function skipIf|const skipIf" | head -20

echo ""
echo "=== Checking test setup files ==="
find . -path ./node_modules -prune -o -type f \( -name "*.setup.ts" -o -name "*.setup.js" -o -name "jest.setup*" -o -name "vitest.setup*" \) -print 2>/dev/null

echo ""
echo "=== Checking testing-strategy.md for how skipIf is supposed to work ==="
if [ -f docs/testing-strategy.md ]; then
  sed -n '1,50p' docs/testing-strategy.md
fi

Repository: dtprotection/dotcom

Length of output: 2282

---

🏁 Script executed:

#!/bin/bash
# Search more thoroughly for skipIf implementation

echo "=== Checking for global type extensions or jest extensions ==="
find . -path ./node_modules -prune -o -type f \( -name "*.d.ts" -o -name "global.ts" \) -print 2>/dev/null | xargs grep -l "skipIf" 2>/dev/null

echo ""
echo "=== Checking if there's a jest configuration in root ==="
ls -la | grep jest

echo ""
echo "=== Checking actual test file imports to see where skipIf comes from ==="
head -20 ./tests/services/paypal.service.test.ts

echo ""
echo "=== Checking for any jest or vitest config files in root ==="
cat jest.config.* 2>/dev/null || cat vitest.config.* 2>/dev/null || echo "No jest/vitest config files found"

echo ""
echo "=== Searching for 'skipIf' definition (not just usage) ==="
grep -r "skipIf\s*=" . --include="*.ts" --include="*.js" --exclude-dir=node_modules 2>/dev/null

Repository: dtprotection/dotcom

Length of output: 1180

---

🏁 Script executed:

#!/bin/bash
# Verify Vitest version and skipIf support

echo "=== Checking package.json for Vitest version ==="
cat package.json | jq '.devDependencies.vitest' 2>/dev/null || echo "Checking for vitest..."
grep -i "vitest" package.json

echo ""
echo "=== Verify vitest is installed ==="
if [ -f ./node_modules/vitest/package.json ]; then
  cat ./node_modules/vitest/package.json | jq '{name, version}' 2>/dev/null
else
  echo "Vitest not found in node_modules"
fi

echo ""
echo "=== Check vitest's skipIf availability in type definitions ==="
find ./node_modules/vitest -name "*.d.ts" -type f 2>/dev/null | xargs grep -l "skipIf" | head -5

echo ""
echo "=== Review actual test usage pattern ==="
grep -A 2 "describe.skipIf\|it.skipIf" ./tests/services/paypal.service.test.ts | head -15

Repository: dtprotection/dotcom

Length of output: 405

---

🏁 Script executed:

#!/bin/bash
# Double-check package.json for vitest and verify the actual test framework

echo "=== Full package.json devDependencies ==="
cat package.json | jq '.devDependencies' 2>/dev/null

echo ""
echo "=== Search entire package.json for vitest mention ==="
grep -i "vitest" package.json

echo ""
echo "=== Check if vitest is in dependencies (not devDependencies) ==="
cat package.json | jq '.dependencies' 2>/dev/null | grep -i vitest

echo ""
echo "=== Verify Vitest skipIf capability - check official vitest docs ==="
echo "Note: Checking if describe.skipIf is a built-in Vitest feature..."

echo ""
echo "=== Count all .test.ts files ==="
find . -path ./node_modules -prune -o -name "*.test.ts" -type f -print 2>/dev/null | wc -l

echo ""
echo "=== Check if any .test.ts files import from jest instead ==="
grep -r "from 'jest'" . --include="*.test.ts" --exclude-dir=node_modules 2>/dev/null | head -5 || echo "No jest imports in test files"

Repository: dtprotection/dotcom

Length of output: 1052

---

🏁 Script executed:

#!/bin/bash
# Verify the mismatch between Jest and Vitest

echo "=== Check vitest compatibility with Jest 29 ==="
echo "Jest 29.6.4 does not have built-in .skipIf() support"
echo "Vitest is the testing framework that provides .skipIf()"

echo ""
echo "=== Verify the actual test files using vitest syntax ==="
head -5 ./tests/services/paypal.service.test.ts
head -5 ./tests/services/email.service.test.ts

echo ""
echo "=== Check if package-lock.json or yarn.lock reveals vitest ==="
if [ -f package-lock.json ]; then
  grep -i "vitest" package-lock.json | head -3 || echo "No vitest in package-lock.json"
fi

echo ""
echo "=== Verify Jest does NOT have skipIf method ==="
echo "Jest 29.6.4 provides: skip(), only() but NOT skipIf()"
echo "Only Vitest provides: skipIf()"

echo ""
echo "=== Check documentation to see if it recommends Jest or Vitest ==="
grep -i "jest\|vitest" docs/testing-strategy.md | head -10

Repository: dtprotection/dotcom

Length of output: 1148

---

Add Vitest to package.json devDependencies.

The test files import from 'vitest' and use describe.skipIf() and it.skipIf() syntax throughout the codebase (confirmed in paypal.service.test.ts, email.service.test.ts, and others). Vitest is the only testing framework that provides native .skipIf() support. However, Vitest is not listed in package.json devDependencies—only Jest (^29.6.4) is present, which does not support the .skipIf() method.

Either add Vitest to devDependencies or refactor all test files to use Jest's .skip() method instead. The current configuration will fail in CI/CD environments where dependencies are installed from package.json.

🤖 Prompt for AI Agents

In docs/testing-strategy.md around lines 25 to 38, the tests rely on Vitest's
describe.skipIf/it.skipIf but package.json only lists Jest; update package.json
devDependencies to include Vitest (and @types/vitest if you need types) with a
compatible version, and update test-related npm scripts/CI config to run vitest
(or add a separate vitest script) so the existing .skipIf() tests run without
refactoring.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

vi.mock inside beforeEach doesn't work as expected in Vitest.

Vitest hoists vi.mock calls to the top of the file at compile time, so placing it inside beforeEach doesn't re-mock per test—it runs once at module load. Move the mock to the top level.

+// Move mock to top level (before describe block)
+vi.mock('nodemailer', () => {
+  return {
+    default: {
+      createTransport: vi.fn(() => ({
+        sendMail: vi.fn().mockResolvedValue({ messageId: 'test-id' }),
+        verify: vi.fn().mockResolvedValue(true)
+      }))
+    }
+  }
+})
+
 describe.skipIf(skipCheck.skip)('EmailService', () => {
   let emailService: EmailService
   let mockConfig: EmailConfig

   beforeEach(() => {
-    // Only run if Email is configured or we're forcing tests
-    if (skipCheck.skip) {
-      console.log(`Skipping Email tests: ${skipCheck.reason}`)
-      return
-    }
-
     mockConfig = {
       // ... config
     }

-    // Mock nodemailer
-    vi.mock('nodemailer', () => {
-      return {
-        default: {
-          createTransport: vi.fn(() => ({
-            sendMail: vi.fn().mockResolvedValue({ messageId: 'test-id' }),
-            verify: vi.fn().mockResolvedValue(true)
-          }))
-        }
-      }
-    })
-
     emailService = new EmailService(mockConfig)
   })

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In tests/services/email.service.test.ts around lines 33 to 43, the vi.mock call
for nodemailer is placed inside beforeEach but Vitest hoists vi.mock to module
top-level so it won't re-mock per test; move the vi.mock(...) block to the
top-level of the test file (outside beforeEach/describe) so it runs at module
load and behaves correctly, and if you need per-test behavior replace with
vi.resetModules()/vi.clearAllMocks() in beforeEach or use
vi.importActual/requireActual patterns to customize the mock per test.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

paypalService is declared but never instantiated.

The test declares paypalService: PayPalService but never assigns it. All subsequent tests only validate hardcoded literals rather than actual service behavior.

   beforeEach(() => {
     // Only run if PayPal is configured or we're forcing tests
     if (skipCheck.skip) {
       console.log(`Skipping PayPal tests: ${skipCheck.reason}`)
       return
     }

     mockConfig = {
       clientId: process.env.PAYPAL_CLIENT_ID || 'test-client-id',
       clientSecret: process.env.PAYPAL_CLIENT_SECRET || 'test-client-secret',
       environment: (process.env.PAYPAL_MODE || 'sandbox') as 'sandbox' | 'live'
     }

-    // Note: PayPal service currently has limited implementation
-    // These tests demonstrate the testing pattern
+    paypalService = new PayPalService(mockConfig)
   })

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	describe.skipIf(skipCheck.skip)('PayPalService', () => {
	let paypalService: PayPalService
	let mockConfig: any
	beforeEach(() => {
	// Only run if PayPal is configured or we're forcing tests
	if (skipCheck.skip) {
	console.log(`Skipping PayPal tests: ${skipCheck.reason}`)
	return
	}
	mockConfig = {
	clientId: process.env.PAYPAL_CLIENT_ID || 'test-client-id',
	clientSecret: process.env.PAYPAL_CLIENT_SECRET || 'test-client-secret',
	environment: (process.env.PAYPAL_MODE || 'sandbox') as 'sandbox' | 'live'
	}
	// Note: PayPal service currently has limited implementation
	// These tests demonstrate the testing pattern
	})
	describe.skipIf(skipCheck.skip)('PayPalService', () => {
	let paypalService: PayPalService
	let mockConfig: any
	beforeEach(() => {
	// Only run if PayPal is configured or we're forcing tests
	if (skipCheck.skip) {
	console.log(`Skipping PayPal tests: ${skipCheck.reason}`)
	return
	}
	mockConfig = {
	clientId: process.env.PAYPAL_CLIENT_ID || 'test-client-id',
	clientSecret: process.env.PAYPAL_CLIENT_SECRET || 'test-client-secret',
	environment: (process.env.PAYPAL_MODE || 'sandbox') as 'sandbox' | 'live'
	}
	paypalService = new PayPalService(mockConfig)
	})

🤖 Prompt for AI Agents

In tests/services/paypal.service.test.ts around lines 8 to 27, paypalService is
declared but never instantiated; update the beforeEach to create a PayPalService
instance using the mockConfig (and await any async init if the constructor or
init method is async), e.g. require/import PayPalService if not already
imported, assign paypalService = new PayPalService(mockConfig) (or call await
paypalService.init(mockConfig)), and ensure teardown resets or nulls
paypalService so subsequent tests use the real service instead of hardcoded
literals.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Tests validate hardcoded literals instead of exercising PayPalService methods.

These tests assert expectations on static values (e.g., expect(expectedDeposit).toBe(500)), providing no actual coverage of PayPalService. Per the relevant code snippets, PayPalService exposes validateDeposit, calculatePaymentSchedule, and processWebhook methods that should be tested.

Example using actual service methods:

-  describe('Invoice Creation Logic', () => {
-    it('should validate booking data before creating invoice', () => {
-      const invalidBookingData = { ... }
-      expect(invalidBookingData.id).toBe('')
-      // ... testing literals
-    })
+  describe('Invoice Creation Logic', () => {
+    it('should reject invalid deposit amounts via validateDeposit', () => {
+      const booking = {
+        totalAmount: 1000,
+        depositAmount: 200, // 20% - below minimum
+      }
+      expect(() => paypalService.validateDeposit(booking)).toThrow()
+    })

-    it('should calculate deposit amount correctly', () => {
-      const totalAmount = 2000
-      const expectedDeposit = totalAmount * 0.25
-      expect(expectedDeposit).toBe(500)
-    })
+    it('should calculate payment schedule correctly', () => {
+      const schedule = paypalService.calculatePaymentSchedule(2000, 0.25)
+      expect(schedule.depositAmount).toBe(500)
+      expect(schedule.finalPaymentAmount).toBe(1500)
+    })
   })

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In tests/services/paypal.service.test.ts around lines 29 to 63, the tests
currently assert hardcoded literals instead of calling PayPalService methods;
update the tests to instantiate or mock PayPalService and call its public
methods (validateDeposit, calculatePaymentSchedule, processWebhook) with
representative input objects, then assert on the returned values/behaviors
rather than static values. Specifically: replace the "Invoice Creation Logic"
cases so the invalid booking case calls validateDeposit/any validation method
and expects a failure/validation errors; the deposit calculation case should
call calculatePaymentSchedule or the service method that computes deposit and
assert it returns the expected numeric deposit and schedule; and the minimum
deposit case should call validateDeposit (or equivalent) with below-threshold
amounts and assert it flags as invalid; use lightweight stubs/mocks for external
dependencies (e.g., PayPal API/webhook signature) and assert on
outputs/side-effects rather than fixed literals.

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (7)

frontend/app/client/login/page.tsx (1)

48-49: Fix unused error variable to resolve CI pipeline failure.

The TypeScript ESLint rule is flagging that the error variable is defined but never used. This is causing the CI pipeline to fail.

Consider one of these solutions:

Solution 1 (recommended): Log the error for debugging:

     } catch (error) {
+      console.error("Client login error:", error)
       setError("Network error. Please try again.")

Solution 2: Rename to indicate intentional non-use:

-    } catch (error) {
+    } catch (_error) {
       setError("Network error. Please try again.")

Solution 1 is preferred as it provides valuable debugging information in production while still showing a user-friendly message.

frontend/app/client/settings/page.tsx (1)

70-70: Remove unused error parameters in catch blocks.

The linter correctly identifies that the error parameter is captured but never used in both catch blocks.

Apply this diff to fix Line 70:

-    } catch (error) {
+    } catch {
       setError("Network error")

Apply this diff to fix Line 111:

-    } catch (error) {
+    } catch {
       setError("Network error")

Also applies to: 111-111

frontend/app/client/page.tsx (1)

6-14: Critical: Restore missing AlertCircle import and remove unused CheckCircle.

The code uses AlertCircle at Line 187 in the error rendering block, but it was removed from the imports. This will cause a runtime error. Additionally, CheckCircle is imported but never used.

Apply this diff to fix the imports:

 import { 
   Calendar, 
   CreditCard, 
   MessageSquare, 
   Clock, 
-  CheckCircle,
+  AlertCircle,
   DollarSign,
   Settings
 } from "lucide-react"

frontend/app/client/bookings/page.tsx (2)

54-62: Fix missing dependency in useEffect.

The ESLint warning is correct: fetchBookings is called inside the effect but missing from the dependency array. This violates the rules of hooks and can lead to stale closures.

Wrap fetchBookings in useCallback and add it to the dependency array:

+import { useState, useEffect, useCallback } from "react"
-import { useState, useEffect } from "react"

Then wrap the function definition:

-  const fetchBookings = async (token: string) => {
+  const fetchBookings = useCallback(async (token: string) => {
     try {
       const response = await fetch(`/api/client/bookings?page=${currentPage}&limit=10`, {
         headers: { Authorization: `Bearer ${token}` }
       })

       if (response.ok) {
         const data = await response.json()
         setBookings(data.bookings || [])
         setTotalPages(data.pagination?.pages || 1)
       } else {
         setError("Failed to load bookings")
       }
     } catch {
       setError("Network error")
     } finally {
       setIsLoading(false)
     }
-  }
+  }, [currentPage])

And update the dependency array:

   useEffect(() => {
     const token = localStorage.getItem("clientToken")
     if (!token) {
       router.push("/client/login")
       return
     }

     fetchBookings(token)
-  }, [router, currentPage])
+  }, [router, fetchBookings])

---

64-66: Fix missing dependency in useEffect.

The ESLint warning is correct: filterBookings is called inside the effect but missing from the dependency array. This violates the rules of hooks and can lead to stale closures.

Wrap filterBookings in useCallback and add it to the dependency array:

-  const filterBookings = () => {
+  const filterBookings = useCallback(() => {
     let filtered = [...bookings]

     // Apply status filter
     if (statusFilter !== "all") {
       filtered = filtered.filter(booking => booking.status === statusFilter)
     }

     // Apply search filter
     if (searchTerm) {
       const term = searchTerm.toLowerCase()
       filtered = filtered.filter(booking => 
         booking.serviceType.toLowerCase().includes(term) ||
         booking.clientName.toLowerCase().includes(term) ||
         booking.location?.toLowerCase().includes(term) ||
         booking.adminNotes?.toLowerCase().includes(term)
       )
     }

     setFilteredBookings(filtered)
-  }
+  }, [bookings, statusFilter, searchTerm])

And update the dependency array:

   useEffect(() => {
     filterBookings()
-  }, [bookings, searchTerm, statusFilter])
+  }, [filterBookings])

frontend/app/client/payments/page.tsx (1)

5-15: Critical: Missing Download icon import.

The Download icon was removed from the import statement but is still used at line 406 in the "Download Receipt" button. This causes the pipeline error: 'Download' is not defined.

Apply this diff to restore the missing import:

 import { 
   CreditCard, 
   Search, 
   Clock, 
   CheckCircle, 
   XCircle,
   AlertCircle,
   DollarSign,
   Calendar,
-  Eye
+  Eye,
+  Download
 } from "lucide-react"

frontend/app/admin/dashboard/page.tsx (1)

10-18: Add missing TrendingUp import.

The TrendingUp icon is used on line 254 but is missing from the imports, causing a linting error that will fail the CI/CD pipeline.

Apply this diff to fix:

 import { 
   BarChart3, 
   DollarSign, 
   Calendar, 
+  TrendingUp,
   FileText,
   Search,
   Download,
   RefreshCw
 } from 'lucide-react'

🧹 Nitpick comments (3)

frontend/app/client/layout.tsx (1)

52-54: Consider refactoring to avoid disabling the exhaustive-deps rule.

The ESLint disable comment suppresses a legitimate warning about fetchClientData not being in the dependency array. While the code works correctly (because fetchClientData only uses stable references), disabling the rule reduces code maintainability and could hide future bugs.

Option 1: Move fetchClientData inside the useEffect (simplest)

   useEffect(() => {
     const token = localStorage.getItem("clientToken")
     if (!token) {
       router.push("/client/login")
       return
     }

     // Skip authentication check for login page
     if (pathname === "/client/login") {
       setIsLoading(false)
       return
     }

+    const fetchClientData = async (token: string) => {
+      try {
+        const response = await fetch("/api/client/profile", {
+          headers: {
+            Authorization: `Bearer ${token}`,
+          },
+        })
+
+        if (response.ok) {
+          const data = await response.json()
+          setClientData(data)
+        } else {
+          localStorage.removeItem("clientToken")
+          router.push("/client/login")
+        }
+      } catch (error) {
+        console.error("Error fetching client data:", error)
+        router.push("/client/login")
+      } finally {
+        setIsLoading(false)
+      }
+    }
+
     fetchClientData(token)
-    // eslint-disable-next-line react-hooks/exhaustive-deps
   }, [router, pathname])

Then remove the standalone fetchClientData function at lines 56-77.

Option 2: Wrap fetchClientData with useCallback

+ import { useState, useEffect, useCallback } from "react"

- const fetchClientData = async (token: string) => {
+ const fetchClientData = useCallback(async (token: string) => {
     // ... function body unchanged ...
- }
+ }, [router])

   fetchClientData(token)
-  // eslint-disable-next-line react-hooks/exhaustive-deps
- }, [router, pathname])
+ }, [router, pathname, fetchClientData])

frontend/app/client/payments/page.tsx (1)

74-76: Consider preserving error information for debugging.

Removing the error parameter from the catch block prevents logging or inspecting the actual error, which can make troubleshooting difficult in production environments.

Apply this diff to preserve error information:

-   } catch {
+   } catch (error) {
+     console.error('Failed to fetch invoices:', error)
      setError("Network error")
    } finally {

frontend/app/admin/communication/page.tsx (1)

89-116: Consider removing the API call in fetchStats.

The fetchStats function makes an API call to /api/admin/dashboard but doesn't use the response data—it only calculates stats from the local bookings state. The API call (lines 92-96) appears unnecessary unless you plan to use the response in the future.

If the API call isn't needed, simplify to:

 const fetchStats = async () => {
-  try {
-    const token = localStorage.getItem('adminToken')
-    const response = await fetch('/api/admin/dashboard', {
-      headers: {
-        'Authorization': `Bearer ${token}`
-      }
-    })
-    if (response.ok) {
-      // Calculate communication stats from bookings
       const emailEnabled = bookings.filter(b => b.communicationPreferences.emailNotifications).length
       const smsEnabled = bookings.filter(b => b.communicationPreferences.smsNotifications).length
       const bothEnabled = bookings.filter(b => 
         b.communicationPreferences.emailNotifications && b.communicationPreferences.smsNotifications
       ).length
       
       setStats({
         totalBookings: bookings.length,
         emailEnabled,
         smsEnabled,
         bothEnabled,
         recentCommunications: 0 // This would come from a separate endpoint
       })
-    }
-  } catch (error) {
-    console.error('Failed to fetch stats:', error)
-  }
 }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3bd7570 and eb40e09.

📒 Files selected for processing (17)

• LINTING_FIXES.md (1 hunks)
• frontend/app/about/page.tsx (2 hunks)
• frontend/app/admin/communication/page.tsx (2 hunks)
• frontend/app/admin/dashboard/page.tsx (1 hunks)
• frontend/app/admin/layout.tsx (0 hunks)
• frontend/app/admin/login/page.tsx (2 hunks)
• frontend/app/admin/page.tsx (0 hunks)
• frontend/app/admin/payments/page.tsx (1 hunks)
• frontend/app/admin/requests/page.tsx (2 hunks)
• frontend/app/client/bookings/page.tsx (2 hunks)
• frontend/app/client/layout.tsx (1 hunks)
• frontend/app/client/login/page.tsx (1 hunks)
• frontend/app/client/page.tsx (2 hunks)
• frontend/app/client/payments/page.tsx (2 hunks)
• frontend/app/client/settings/page.tsx (1 hunks)
• frontend/app/services/page.tsx (1 hunks)
• frontend/components/booking-form.tsx (1 hunks)

💤 Files with no reviewable changes (2)

• frontend/app/admin/page.tsx
• frontend/app/admin/layout.tsx

✅ Files skipped from review due to trivial changes (1)

• frontend/app/services/page.tsx

🧰 Additional context used

🪛 GitHub Actions: CI/CD Pipeline

frontend/app/client/settings/page.tsx

[error] 70-70: 'error' is defined but never used. @typescript-eslint/no-unused-vars

---

[error] 111-111: 'error' is defined but never used. @typescript-eslint/no-unused-vars

frontend/app/admin/dashboard/page.tsx

[error] 254-254: 'TrendingUp' is not defined. react/jsx-no-undef

frontend/app/client/payments/page.tsx

[warning] 54-54: React Hook useEffect has a missing dependency: 'fetchInvoices'. Either include it or remove the dependency array. react-hooks/exhaustive-deps

---

[error] 406-406: 'Download' is not defined. react/jsx-no-undef

frontend/app/client/login/page.tsx

[error] 48-48: 'error' is defined but never used. @typescript-eslint/no-unused-vars

frontend/app/client/bookings/page.tsx

[warning] 62-62: React Hook useEffect has a missing dependency: 'fetchBookings'. Either include it or remove the dependency array. react-hooks/exhaustive-deps

---

[warning] 66-66: React Hook useEffect has a missing dependency: 'filterBookings'. Either include it or remove the dependency array. react-hooks/exhaustive-deps

frontend/app/admin/communication/page.tsx

[warning] 68-68: React Hook useEffect has a missing dependency: 'fetchStats'. Either include it or remove the dependency array. react-hooks/exhaustive-deps

frontend/app/admin/payments/page.tsx

[error] 4-4: 'Calendar' is defined but never used. @typescript-eslint/no-unused-vars

frontend/app/client/page.tsx

[error] 11-11: 'CheckCircle' is defined but never used. @typescript-eslint/no-unused-vars

---

[error] 187-187: 'AlertCircle' is not defined. react/jsx-no-undef

🔇 Additional comments (12)

frontend/app/client/login/page.tsx (1)

168-168: LGTM!

The apostrophe escaping using ' is the correct approach for JSX/React to prevent potential syntax issues.

frontend/components/booking-form.tsx (1)

33-33: LGTM! Proper HTML entity encoding.

The apostrophe encoding using ' is a standard practice in JSX to avoid potential escaping issues.

frontend/app/about/page.tsx (1)

23-23: LGTM! Consistent HTML entity encoding.

The apostrophe encoding using ' across these text strings is a standard practice in JSX and maintains consistency with the broader text encoding pattern in the PR.

Also applies to: 47-47, 49-49

frontend/app/client/settings/page.tsx (1)

267-267: LGTM! Proper HTML entity encoding.

The apostrophe encoding using ' is consistent with the pattern used throughout the PR.

frontend/app/client/page.tsx (2)

99-99: LGTM! Correctly removed unused error parameter.

The catch block no longer captures the unused error parameter, which aligns with the linter's recommendation.

---

206-206: LGTM! Proper HTML entity encoding.

The apostrophe encoding using ' maintains consistency with the text encoding pattern across the PR.

frontend/app/client/bookings/page.tsx (2)

5-14: LGTM!

Removing unused icon imports (Filter, User) is appropriate cleanup.

---

16-16: LGTM!

Removing the unused CardDescription import is appropriate cleanup.

frontend/app/admin/login/page.tsx (1)

5-5: LGTM! Proper Next.js Link usage.

The migration from an anchor tag to the Next.js Link component is correct and follows Next.js 15 best practices for client-side navigation.

Also applies to: 160-165

frontend/app/admin/dashboard/page.tsx (1)

90-92: Excellent type safety improvements!

Replacing any with explicit types ({ total: number } and { status: string; count: number }) improves type safety and makes the code more maintainable.

frontend/app/admin/requests/page.tsx (2)

47-50: Verify that filterBookings doesn't rely on other reactive values.

The eslint-disable comment suppresses the exhaustive-deps warning. Ensure that filterBookings (lines 72-90) doesn't reference any state or props beyond bookings, searchTerm, and statusFilter that could become stale.

Alternatively, consider wrapping filterBookings in useCallback to properly handle dependencies:

const filterBookings = useCallback(() => {
  let filtered = bookings
  
  if (searchTerm) {
    filtered = filtered.filter(booking =>
      booking.clientName.toLowerCase().includes(searchTerm.toLowerCase()) ||
      booking.email.toLowerCase().includes(searchTerm.toLowerCase()) ||
      booking.eventType.toLowerCase().includes(searchTerm.toLowerCase())
    )
  }
  
  if (statusFilter !== 'all') {
    filtered = filtered.filter(booking => booking.status === statusFilter)
  }
  
  setFilteredBookings(filtered)
}, [bookings, searchTerm, statusFilter])

useEffect(() => {
  filterBookings()
}, [filterBookings])

---

107-107: Clean type handling.

The simplified status assignment without unnecessary type casting is correct since the status parameter type already matches the booking status type.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Fix missing dependency or refactor to avoid stale closures.

The useEffect calls fetchStats but doesn't include it in the dependency array, causing a React hooks warning. This could lead to stale closure issues where fetchStats references outdated bookings data.

Solution 1 (Recommended): Move calculation inline

- useEffect(() => {
-   fetchStats()
- }, [bookings])
+ useEffect(() => {
+   const emailEnabled = bookings.filter(b => b.communicationPreferences.emailNotifications).length
+   const smsEnabled = bookings.filter(b => b.communicationPreferences.smsNotifications).length
+   const bothEnabled = bookings.filter(b => 
+     b.communicationPreferences.emailNotifications && b.communicationPreferences.smsNotifications
+   ).length
+   
+   setStats({
+     totalBookings: bookings.length,
+     emailEnabled,
+     smsEnabled,
+     bothEnabled,
+     recentCommunications: 0
+   })
+ }, [bookings])

Solution 2: Wrap fetchStats in useCallback

const fetchStats = useCallback(async () => {
  try {
    const token = localStorage.getItem('adminToken')
    const response = await fetch('/api/admin/dashboard', {
      headers: {
        'Authorization': `Bearer ${token}`
      }
    })
    if (response.ok) {
      const emailEnabled = bookings.filter(b => b.communicationPreferences.emailNotifications).length
      const smsEnabled = bookings.filter(b => b.communicationPreferences.smsNotifications).length
      const bothEnabled = bookings.filter(b => 
        b.communicationPreferences.emailNotifications && b.communicationPreferences.smsNotifications
      ).length
      
      setStats({
        totalBookings: bookings.length,
        emailEnabled,
        smsEnabled,
        bothEnabled,
        recentCommunications: 0
      })
    }
  } catch (error) {
    console.error('Failed to fetch stats:', error)
  }
}, [bookings])

useEffect(() => {
  fetchStats()
}, [fetchStats])

🧰 Tools

🪛 GitHub Actions: CI/CD Pipeline

[warning] 68-68: React Hook useEffect has a missing dependency: 'fetchStats'. Either include it or remove the dependency array. react-hooks/exhaustive-deps

🤖 Prompt for AI Agents

In frontend/app/admin/communication/page.tsx around lines 66 to 68, the
useEffect calls fetchStats but does not include it in the dependency array
causing a hooks warning and potential stale closures; fix by moving the
fetchStats logic inline inside the useEffect (retrieve adminToken from
localStorage, call the API, compute emailEnabled/smsEnabled/bothEnabled and
totalBookings from the current bookings array, then call setStats) so the effect
depends only on bookings, or alternatively wrap fetchStats in useCallback with
[bookings] and then call it from a useEffect that lists [fetchStats] in its
dependency array.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Consider capturing the error for better debuggability.

The bare catch clause discards error details, making debugging harder. Network errors, JSON parse errors, and other exceptions will all show the same generic message.

Apply this diff to preserve error information:

-    } catch {
-      setError("Network error")
+    } catch (error) {
+      console.error("Failed to fetch bookings:", error)
+      setError("Network error")
     } finally {

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	} catch {
	} catch (error) {
	console.error("Failed to fetch bookings:", error)
	setError("Network error")
	} finally {

🤖 Prompt for AI Agents

In frontend/app/client/bookings/page.tsx around line 81, the bare `catch {`
swallows the thrown exception; update the catch to capture the error (e.g.,
`catch (err)`), then include that error when rethrowing or logging (for example
include `err` in the thrown Error message or call
console.error/processLogger.error with it) so network/JSON/other exception
details are preserved for debugging.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Address the pipeline warning and review this suppression.

This eslint suppression doesn't address the pipeline warning at line 54 about the missing fetchInvoices dependency in the first useEffect. Additionally, suppressing the exhaustive-deps rule here may not be the best approach—filterInvoices should either be included in the dependency array or wrapped with useCallback to ensure stable references.

To fix the pipeline warning at line 54, wrap fetchInvoices in useCallback:

+ import { useState, useEffect, useCallback } from "react"
- import { useState, useEffect } from "react"

Then wrap the function definition:

- const fetchInvoices = async (token: string) => {
+ const fetchInvoices = useCallback(async (token: string) => {
    try {
      const response = await fetch(`/api/client/invoices?page=${currentPage}&limit=10`, {
        headers: { Authorization: `Bearer ${token}` }
      })

      if (response.ok) {
        const data = await response.json()
        setInvoices(data.invoices || [])
        setTotalPages(data.pagination?.pages || 1)
      } else {
        setError("Failed to load invoices")
      }
    } catch {
      setError("Network error")
    } finally {
      setIsLoading(false)
    }
- }
+ }, [currentPage])

For this useEffect (lines 56-59), apply a similar pattern:

- const filterInvoices = () => {
+ const filterInvoices = useCallback(() => {
    let filtered = [...invoices]

    if (statusFilter !== "all") {
      filtered = filtered.filter(invoice => invoice.status === statusFilter)
    }

    if (searchTerm) {
      const term = searchTerm.toLowerCase()
      filtered = filtered.filter(invoice => 
        invoice.id.toLowerCase().includes(term) ||
        invoice.bookingId.toLowerCase().includes(term) ||
        invoice.paypalInvoiceId?.toLowerCase().includes(term)
      )
    }

    setFilteredInvoices(filtered)
- }
+ }, [invoices, searchTerm, statusFilter])

Then remove the suppression comment and update the dependency array:

  useEffect(() => {
    filterInvoices()
-   // eslint-disable-next-line react-hooks/exhaustive-deps
- }, [invoices, searchTerm, statusFilter])
+ }, [filterInvoices])

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In frontend/app/client/payments/page.tsx around lines 54-59 (comment at line
58), the eslint-disable comment hides a real missing-dependency warning: wrap
the fetchInvoices function in useCallback so it has a stable identity and
include it in the first useEffect dependency array; likewise wrap filterInvoices
(or move its logic into a useCallback) and add it to the second useEffect
dependency array; then remove the eslint-disable-next-line
react-hooks/exhaustive-deps comment and update both useEffect dependency arrays
to reference the new callbacks.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Update documentation to reflect remaining linting issues.

The document claims "All linting errors have been resolved" (line 5), but pipeline failures show that some linting issues remain:

1. Calendar import unused in frontend/app/admin/payments/page.tsx
2. TrendingUp import missing but used in frontend/app/admin/dashboard/page.tsx

These need to be fixed before the linting stage will pass.

Consider adding a checklist format to track which files have been fully fixed:

## Linting Status by File

- ✅ app/admin/login/page.tsx
- ⚠️ app/admin/payments/page.tsx - Calendar import unused
- ⚠️ app/admin/dashboard/page.tsx - TrendingUp missing from imports
- ✅ app/admin/requests/page.tsx

🤖 Prompt for AI Agents

In LINTING_FIXES.md around lines 1-96, the doc incorrectly states "All linting
errors have been resolved" while two lint issues remain; fix code by removing
the unused Calendar import from frontend/app/admin/payments/page.tsx and add the
missing TrendingUp import (from the appropriate icon library used elsewhere,
e.g., @heroicons/react/outline or your project icon module) to
frontend/app/admin/dashboard/page.tsx so references compile cleanly, then update
this LINTING_FIXES.md summary to reflect that linting is pending for those files
(change the top claim and add a short checklist noting the two files as ⚠️ until
fixed).

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

frontend/app/admin/communication/page.tsx (1)

90-117: Remove the unnecessary API call.

The function calls /api/admin/dashboard but doesn't use any data from the response—it only calculates stats from the local bookings state. This makes an unnecessary network request that adds latency without benefit.

Apply this diff to remove the wasteful API call:

-const fetchStats = async () => {
-  try {
-    const token = localStorage.getItem('adminToken')
-    const response = await fetch('/api/admin/dashboard', {
-      headers: {
-        'Authorization': `Bearer ${token}`
-      }
-    })
-    if (response.ok) {
-      // Calculate communication stats from bookings
-      const emailEnabled = bookings.filter(b => b.communicationPreferences.emailNotifications).length
-      const smsEnabled = bookings.filter(b => b.communicationPreferences.smsNotifications).length
-      const bothEnabled = bookings.filter(b => 
-        b.communicationPreferences.emailNotifications && b.communicationPreferences.smsNotifications
-      ).length
-      
-      setStats({
-        totalBookings: bookings.length,
-        emailEnabled,
-        smsEnabled,
-        bothEnabled,
-        recentCommunications: 0 // This would come from a separate endpoint
-      })
-    }
-  } catch (error) {
-    console.error('Failed to fetch stats:', error)
-  }
-}
+const fetchStats = () => {
+  // Calculate communication stats from bookings
+  const emailEnabled = bookings.filter(b => b.communicationPreferences.emailNotifications).length
+  const smsEnabled = bookings.filter(b => b.communicationPreferences.smsNotifications).length
+  const bothEnabled = bookings.filter(b => 
+    b.communicationPreferences.emailNotifications && b.communicationPreferences.smsNotifications
+  ).length
+  
+  setStats({
+    totalBookings: bookings.length,
+    emailEnabled,
+    smsEnabled,
+    bothEnabled,
+    recentCommunications: 0 // This would come from a separate endpoint
+  })
+}

Alternatively, if you need data from the dashboard endpoint for recentCommunications, parse and use the response data instead of recalculating from local state.

♻️ Duplicate comments (1)

frontend/app/admin/communication/page.tsx (1)

66-69: Suppressing the linting rule doesn't address the underlying issue.

A previous review flagged this pattern and provided two proper solutions. Disabling the eslint rule with // eslint-disable-next-line suppresses the warning but doesn't fix the architectural smell. Please implement one of the previously suggested solutions: either move the stats calculation inline into this effect, or wrap fetchStats in useCallback.

🧹 Nitpick comments (2)

frontend/app/client/settings/page.tsx (1)

70-71: Consider logging errors for observability.

The empty catch blocks discard error details, making debugging more difficult. While the generic user-facing messages are appropriate, consider logging the actual errors to aid troubleshooting.

Apply this pattern to both catch blocks:

-    } catch {
+    } catch (error) {
+      console.error('Failed to fetch client data:', error)
       setError("Network error")

And:

-    } catch {
+    } catch (error) {
+      console.error('Failed to save preferences:', error)
       setError("Network error")

Also applies to: 111-112

frontend/app/client/page.tsx (1)

99-103: Consider logging the error for debugging and monitoring.

Removing the error parameter eliminates access to the actual error details, which could make debugging and monitoring more difficult. While the generic user-facing message is appropriate, consider logging the error for observability.

Apply this diff to preserve error context for debugging:

-    } catch {
+    } catch (error) {
+      console.error('Failed to fetch client data:', error)
       setError("Failed to load client data")

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eb40e09 and ae216c4.

📒 Files selected for processing (8)

• frontend/app/admin/communication/page.tsx (2 hunks)
• frontend/app/admin/dashboard/page.tsx (2 hunks)
• frontend/app/admin/payments/page.tsx (1 hunks)
• frontend/app/client/bookings/page.tsx (3 hunks)
• frontend/app/client/login/page.tsx (2 hunks)
• frontend/app/client/page.tsx (3 hunks)
• frontend/app/client/payments/page.tsx (3 hunks)
• frontend/app/client/settings/page.tsx (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• frontend/app/client/payments/page.tsx
• frontend/app/admin/payments/page.tsx
• frontend/app/client/login/page.tsx
• frontend/app/client/bookings/page.tsx

🔇 Additional comments (6)

frontend/app/client/settings/page.tsx (2)

5-14: LGTM: Unused import removed.

The removal of the Settings icon import is appropriate since it's not used anywhere in the component.

---

267-267: LGTM: Proper apostrophe escaping.

The use of ' correctly escapes the apostrophe in JSX, following React best practices for HTML entity encoding.

frontend/app/client/page.tsx (2)

6-14: LGTM! Clean import optimization.

The lucide-react imports have been refined to include only the icons actually used in the component. All imported icons (Calendar, CreditCard, MessageSquare, Clock, DollarSign, Settings, AlertCircle) are verified to be used in the UI.

---

206-206: LGTM! Proper JSX text escaping.

Using HTML entity encoding (') for apostrophes is the correct approach in JSX/React to avoid potential escaping issues and aligns with Next.js conventions.

frontend/app/admin/communication/page.tsx (1)

4-5: LGTM! Clean import optimization.

Reducing the icon imports to only the ones used in the component improves bundle size and code clarity.

frontend/app/admin/dashboard/page.tsx (1)

17-18: LGTM: Import cleanup aligns with component usage.

The addition of RefreshCw and TrendingUp icons is appropriate. Both icons are actively used in the UI: RefreshCw for loading states and refresh actions, and TrendingUp for the completed bookings card.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for the dashboard overview API endpoint
echo "=== Searching for /api/dashboard/overview endpoint ==="
find . -type f \( -name "*.ts" -o -name "*.tsx" -o -name "*.js" \) | xargs grep -l "dashboard/overview" 2>/dev/null | grep -v node_modules

echo -e "\n=== Searching for revenueByStatus definition ==="
rg "revenueByStatus" --type=ts --type=tsx -A 5 -B 2 | head -100

echo -e "\n=== Searching for bookingStatuses definition ==="
rg "bookingStatuses" --type=ts --type=tsx -A 5 -B 2 | head -100

Repository: dtprotection/dotcom

Length of output: 330

---

🏁 Script executed:

#!/bin/bash
# Search for where overviewData is fetched
echo "=== Searching for overviewData source ==="
rg "overviewData" -t js -t ts -B 5 -A 2 | head -150

echo -e "\n=== Looking for fetch/axios calls to overview endpoint ==="
rg "overview|fetch.*dashboard" -t js -t ts | grep -E "fetch|axios|fetch.*overview" | head -50

echo -e "\n=== Finding API route files ==="
find . -path "*/api/*" -type f \( -name "*.ts" -o -name "*.js" \) | grep -v node_modules | head -20

echo -e "\n=== Checking dashboard page for data fetching logic ==="
head -120 ./frontend/app/admin/dashboard/page.tsx | tail -50

Repository: dtprotection/dotcom

Length of output: 4416

---

🏁 Script executed:

#!/bin/bash
# Search for API route handlers
echo "=== Searching for dashboard overview API implementation ==="
find . -type f \( -name "*.ts" -o -name "*.js" \) ! -path "*/node_modules/*" ! -path "*/.next/*" | xargs grep -l "dashboard/overview" 2>/dev/null

echo -e "\n=== Looking for route handlers in backend ==="
find . -type d -name "api" ! -path "*/node_modules/*" ! -path "*/.next/*"

echo -e "\n=== Searching for revenueByStatus in backend ==="
rg "revenueByStatus" -t js -t ts -B 5 -A 5 2>/dev/null | head -100

echo -e "\n=== Searching for bookingStatuses in backend ==="
rg "bookingStatuses" -t js -t ts -B 5 -A 5 2>/dev/null | head -100

echo -e "\n=== Check backend directory structure ==="
find ./backend -type f -name "*.ts" ! -path "*/node_modules/*" 2>/dev/null | head -30

Repository: dtprotection/dotcom

Length of output: 9032

---

🏁 Script executed:

#!/bin/bash
# Read the full dashboard.routes.ts to see the exact response structure
echo "=== Full dashboard routes implementation ==="
cat ./backend/src/routes/dashboard.routes.ts | head -150

Repository: dtprotection/dotcom

Length of output: 3840

---

Type annotation for revenueByStatus is incomplete.

The bookingStatuses type annotation accurately reflects the API response: { status: string; count: number }. However, the revenueByStatus type annotation only specifies { total: number } when the backend endpoint returns { status: string; total: number; count: number }. While the code functions correctly since only the total property is accessed, the type annotation should be expanded to fully document the actual API contract: { status: string; total: number; count: number }.

🤖 Prompt for AI Agents

In frontend/app/admin/dashboard/page.tsx around lines 91 to 93, the type
annotation for revenueByStatus is incomplete (currently { total: number });
update it to match the API contract by using { status: string; total: number;
count: number } so the reducer and any future usages are correctly typed and
documented; adjust the inline type annotations or the related interface/type
alias accordingly to reflect the full shape.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)

backend/src/models/admin.model.ts (1)

91-101: Critical: Duplicate updateLastLogin method definitions.

There are two updateLastLogin implementations (lines 92–95 and 98–101). The second will silently overwrite the first at runtime. This appears to be an accidental duplication—remove one of them.

Additionally, the interface declares updateLastLogin(): Promise<void>, but the second (non-async) implementation doesn't match this contract properly in terms of explicit typing.

Remove the duplicate implementation:

 // Update last login
 adminSchema.methods.updateLastLogin = async function(): Promise<void> {
   this.lastLogin = new Date();
   await this.save();
 };
-
-// Update last login
-adminSchema.methods.updateLastLogin = function() {
-  this.lastLogin = new Date();
-  return this.save();
-};

backend/src/routes/dashboard.routes.ts (2)

143-160: Inconsistent field reference: $totalAmount should be $payment.totalAmount.

Line 149 uses $totalAmount for revenue calculation in serviceDistribution, but line 120 uses $payment.totalAmount. This inconsistency will cause incorrect revenue aggregation for services since the schema appears to have migrated to a nested payment object.

       {
         $group: {
           _id: '$serviceType',
           count: { $sum: 1 },
-          revenue: { $sum: '$totalAmount' }
+          revenue: { $sum: '$payment.totalAmount' }
         }
       },

---

613-642: Inconsistent field references in performance analytics.

Lines 622 and 641 use $totalAmount instead of $payment.totalAmount, inconsistent with the nested payment object pattern used elsewhere (lines 595-596). This will result in incorrect revenue calculations.

       {
         $group: {
           _id: {
             year: { $year: '$createdAt' },
             month: { $month: '$createdAt' }
           },
           bookings: { $sum: 1 },
-          revenue: { $sum: '$totalAmount' }
+          revenue: { $sum: '$payment.totalAmount' }
         }
       },

       {
         $group: {
           _id: null,
           totalBookings: { $sum: 1 },
           depositsPaid: { $sum: { $cond: [{ $gte: ['$payment.paidAmount', '$payment.depositAmount'] }, 1, 0] } },
           finalPaymentsPaid: { $sum: { $cond: [{ $eq: ['$payment.status', 'paid'] }, 1, 0] } },
-          totalRevenue: { $sum: '$totalAmount' }
+          totalRevenue: { $sum: '$payment.totalAmount' }
         }
       }

backend/src/routes/client.routes.ts (1)

208-211: Inconsistent field reference: still uses clientEmail instead of email.

This endpoint uses clientEmail in the query, but all other endpoints in this file have been migrated to use email. This will cause the booking lookup to fail if the schema no longer has a clientEmail field.

     const booking = await Booking.findOne({
       _id: id,
-      clientEmail: email
+      email: email
     })

🧹 Nitpick comments (4)

backend/src/middleware/auth.middleware.ts (1)

10-13: Extract the client type to eliminate duplication.

The client field structure is defined identically in both the Express.Request extension and the AuthRequest interface. Consider extracting this to a shared type definition to maintain consistency and reduce duplication.

Apply this diff to extract the client type:

+export interface ClientPayload {
+  id: string;
+  email: string;
+}
+
 // Extend Request interface to include admin user and client
 declare global {
   namespace Express {
     interface Request {
       admin?: any;
-      client?: {
-        id: string;
-        email: string;
-      };
+      client?: ClientPayload;
     }
   }
 }
 
 export interface AuthRequest extends Request {
   admin?: any;
-  client?: {
-    id: string;
-    email: string;
-  };
+  client?: ClientPayload;
 }

Also applies to: 20-23

backend/src/services/sms.service.ts (2)

1-2: Unused imports: Booking and Invoice models are imported but never used.

Only the interfaces IBooking and IInvoice are used in this service. Remove the unused model imports.

-import { Booking, IBooking } from '../models/booking.model';
-import { Invoice, IInvoice } from '../models/invoice.model';
+import { IBooking } from '../models/booking.model';
+import { IInvoice } from '../models/invoice.model';

---

115-133: Consider using the invoice parameter for remaining amount calculation.

The invoice parameter is accepted but unused. If provided, it could supply a more accurate remaining amount via invoice.amount rather than deriving it from the booking's payment object.

backend/src/services/email.service.ts (1)

2-3: Potentially unused imports.

After the refactor to interface-based types, the concrete Booking and Invoice imports appear unused in this file. All method signatures now use IBooking and IInvoice instead.

Consider removing the unused concrete type imports:

-import { Booking, IBooking } from '../models/booking.model';
-import { Invoice, IInvoice } from '../models/invoice.model';
+import { IBooking } from '../models/booking.model';
+import { IInvoice } from '../models/invoice.model';

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ae216c4 and c5feba0.

📒 Files selected for processing (8)

• backend/src/middleware/auth.middleware.ts (1 hunks)
• backend/src/models/admin.model.ts (2 hunks)
• backend/src/models/invoice.model.ts (1 hunks)
• backend/src/routes/booking.routes.ts (1 hunks)
• backend/src/routes/client.routes.ts (11 hunks)
• backend/src/routes/dashboard.routes.ts (7 hunks)
• backend/src/services/email.service.ts (9 hunks)
• backend/src/services/sms.service.ts (5 hunks)

🧰 Additional context used

🧬 Code graph analysis (3)

backend/src/routes/client.routes.ts (1)

backend/src/models/booking.model.ts (1)

• Booking (97-97)

backend/src/services/sms.service.ts (2)

backend/src/models/booking.model.ts (1)

• IBooking (3-29)

backend/src/models/invoice.model.ts (1)

• IInvoice (3-17)

backend/src/services/email.service.ts (2)

backend/src/models/booking.model.ts (1)

• IBooking (3-29)

backend/src/models/invoice.model.ts (1)

• IInvoice (3-17)

🪛 GitHub Actions: CI/CD Pipeline

backend/src/routes/booking.routes.ts

[error] 1-1: ReferenceError: Cannot access 'Booking' before initialization in booking.routes.ts (module import/order issue detected by tests).

🔇 Additional comments (12)

backend/src/models/admin.model.ts (2)

18-18: LGTM for interface update.

The method signature correctly declares the return type as Promise<void>.

---

103-108: LGTM for toJSON method.

Properly strips the password from serialized output to prevent accidental exposure.

backend/src/middleware/auth.middleware.ts (1)

10-13: Client field is populated by separate client authentication middleware in client.routes.ts.

The client field is not populated by the authenticateToken middleware in this file because admin and client authentication are handled by separate flows. The authenticateClient middleware in backend/src/routes/client.routes.ts (line 10) populates req.client with {id, email} at lines 24-27 and is used by all client portal routes. The type definition in auth.middleware.ts is centralized but the implementation is in the client routes, which is the intended design.

backend/src/models/invoice.model.ts (1)

75-76: LGTM! Proper typing for Mongoose model reference.

The cast to typeof Invoice correctly resolves the typing issue with accessing countDocuments on this.constructor in the pre-save hook.

backend/src/routes/dashboard.routes.ts (1)

63-64: LGTM! Payment status checks correctly migrated to nested payment object.

The conditions now properly check payment.paidAmount >= payment.depositAmount for deposits and payment.status === 'paid' for final payments.

backend/src/routes/client.routes.ts (2)

57-78: LGTM! Login endpoint correctly uses the email field.

The migration from clientEmail to email is consistent across the login flow, token generation, and response payload.

---

348-366: The code correctly uses status === 'sent' for unpaid invoices. The IInvoice interface defines the status enum as 'draft' | 'sent' | 'paid' | 'overdue' | 'cancelled', and actual usage in the codebase (payment.routes.ts line 136) confirms that invoices are set to 'sent' status. There is no 'pending' status in the invoice schema—'pending' is only used for booking and payment statuses, not invoices. The filtering logic is correct as written.

Likely an incorrect or invalid review comment.

backend/src/routes/booking.routes.ts (2)

30-32: LGTM! Email service appropriately disabled with TODO marker.

The placeholder comments clearly indicate future work and don't break the booking creation flow.

---

1-4: The circular dependency hypothesis is not supported.

The imports in booking.model.ts are only from mongoose—no local file imports exist. No evidence of circular dependencies between booking.model.ts and booking.routes.ts was found. If the CI pipeline reports "Cannot access 'Booking' before initialization", the root cause is likely different—consider checking initialization order within the routes file itself, module loading timing, or type-level issues rather than circular dependencies.

Likely an incorrect or invalid review comment.

backend/src/services/sms.service.ts (1)

100-113: LGTM! Method signature correctly uses IBooking interface.

The interface-based typing properly decouples the SMS service from the Mongoose model implementation.

backend/src/services/email.service.ts (2)

113-151: LGTM! Interface-based refactor improves flexibility.

The refactor from concrete types to interfaces (IBooking and IInvoice) is a TypeScript best practice that improves flexibility while maintaining type safety. All property accesses remain valid per the interface definitions, and the change is backward compatible since concrete model instances will still implement these interfaces.

---

153-510: LGTM! Template generation methods correctly updated.

The template generation methods have been consistently updated to use interface parameters. All property accesses align with the IBooking and IInvoice interface definitions, and optional chaining is appropriately used for optional properties.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Security risk: Avoid hardcoded fallback JWT secret.

Using 'fallback-secret-key' as a fallback is dangerous. If JWT_SECRET is missing in production, tokens will be signed with a well-known, weak secret—allowing trivial token forgery. Fail fast instead of silently degrading security.

-  const secret = process.env.JWT_SECRET || 'fallback-secret-key';
+  const secret = process.env.JWT_SECRET;
+  if (!secret) {
+    throw new Error('JWT_SECRET environment variable is not set');
+  }
   const expiresIn = process.env.JWT_EXPIRES_IN || '24h';
   return jwt.sign(payload, secret, { expiresIn } as jwt.SignOptions);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const secret = process.env.JWT_SECRET || 'fallback-secret-key';
	const expiresIn = process.env.JWT_EXPIRES_IN || '24h';
	return jwt.sign(payload, secret, { expiresIn } as jwt.SignOptions);
	};
	const secret = process.env.JWT_SECRET;
	if (!secret) {
	throw new Error('JWT_SECRET environment variable is not set');
	}
	const expiresIn = process.env.JWT_EXPIRES_IN || '24h';
	return jwt.sign(payload, secret, { expiresIn } as jwt.SignOptions);
	};

🤖 Prompt for AI Agents

In backend/src/models/admin.model.ts around lines 86 to 89, the code uses a
hardcoded fallback JWT_SECRET which is a security risk; instead, remove the
'fallback-secret-key' fallback and fail fast by validating that
process.env.JWT_SECRET is present and throwing a clear error if it is missing
(do not silently fall back); then use the validated secret when calling
jwt.sign, and update any related configuration/env docs or tests to ensure
JWT_SECRET is required in all environments.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Duplicate column: clientName appears twice in CSV output.

Lines 546-547 both output booking.clientName, causing the first two data columns to be identical. The first value should likely be removed or the mapping should start from line 548.

       const csvData = bookings.map(booking => [
-        booking.clientName,
         booking.clientName,
         booking.email,
         booking.phone,

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const csvData = bookings.map(booking => [
	booking.clientName,
	booking.clientEmail,
	booking.clientPhone,
	booking.clientName,
	booking.email,
	booking.phone,
	booking.serviceType,
	booking.eventDate,
	booking.duration,
	booking.numberOfGuards,
	booking.location,
	booking.date,
	booking.numberOfGuards || '',
	booking.venueAddress || '',
	booking.status,
	booking.totalAmount,
	booking.depositAmount,
	booking.depositPaid,
	booking.finalPaymentPaid,
	booking.payment?.totalAmount || 0,
	booking.payment?.depositAmount || 0,
	booking.payment?.paidAmount || 0,
	booking.payment?.status || 'pending',
	booking.createdAt
	const csvData = bookings.map(booking => [
	booking.clientName,
	booking.email,
	booking.phone,
	booking.serviceType,
	booking.date,
	booking.numberOfGuards || '',
	booking.venueAddress || '',
	booking.status,
	booking.payment?.totalAmount || 0,
	booking.payment?.depositAmount || 0,
	booking.payment?.paidAmount || 0,
	booking.payment?.status || 'pending',
	booking.createdAt

🤖 Prompt for AI Agents

In backend/src/routes/dashboard.routes.ts around lines 545 to 559 the CSV row
mapping includes booking.clientName twice (lines 546-547) which produces
duplicate columns; remove the extra booking.clientName (the first occurrence) so
the array begins with a single clientName followed by booking.email, phone,
etc., ensuring column order matches the CSV headers.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

frontend/app/admin/requests/page.tsx (1)

92-107: Type the status parameter as Booking['status'] instead of string for type safety.

The status parameter is currently typed as string, which allows any string value to be passed. The type assertion as Booking['status'] on line 107 bypasses TypeScript's type checking without validating the actual value. This could lead to invalid status values being sent to the API and stored in state.

Apply this diff to enforce type safety at compile time:

-  const updateBookingStatus = async (bookingId: string, status: string) => {
+  const updateBookingStatus = async (bookingId: string, status: Booking['status']) => {
     try {
       const token = localStorage.getItem('adminToken')
       const response = await fetch(`/api/bookings/${bookingId}/status`, {
         method: 'PATCH',
         headers: {
           'Content-Type': 'application/json',
           'Authorization': `Bearer ${token}`
         },
         body: JSON.stringify({ status })
       })

       if (response.ok) {
         // Update local state
         setBookings(bookings.map(booking =>
-          booking._id === bookingId ? { ...booking, status: status as Booking['status'] } : booking
+          booking._id === bookingId ? { ...booking, status } : booking
         ))
       }
     } catch (error) {
       console.error('Failed to update booking status:', error)
     }
   }

🧹 Nitpick comments (1)

frontend/app/admin/requests/page.tsx (1)

47-50: Consider using useCallback to avoid suppressing the linting rule.

The eslint-disable is suppressing a warning about filterBookings not being in the dependency array. While this works (since filterBookings only uses values already tracked), wrapping filterBookings in useCallback would make the dependency explicit and eliminate the need for the suppression.

Apply this refactor to use useCallback:

+  const filterBookings = useCallback(() => {
+    let filtered = bookings
+
+    // Filter by search term
+    if (searchTerm) {
+      filtered = filtered.filter(booking =>
+        booking.clientName.toLowerCase().includes(searchTerm.toLowerCase()) ||
+        booking.email.toLowerCase().includes(searchTerm.toLowerCase()) ||
+        booking.eventType.toLowerCase().includes(searchTerm.toLowerCase())
+      )
+    }
+
+    // Filter by status
+    if (statusFilter !== 'all') {
+      filtered = filtered.filter(booking => booking.status === statusFilter)
+    }
+
+    setFilteredBookings(filtered)
+  }, [bookings, searchTerm, statusFilter])
+
   useEffect(() => {
     filterBookings()
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [bookings, searchTerm, statusFilter])
+  }, [filterBookings])

-  const filterBookings = () => {
-    let filtered = bookings
-
-    // Filter by search term
-    if (searchTerm) {
-      filtered = filtered.filter(booking =>
-        booking.clientName.toLowerCase().includes(searchTerm.toLowerCase()) ||
-        booking.email.toLowerCase().includes(searchTerm.toLowerCase()) ||
-        booking.eventType.toLowerCase().includes(searchTerm.toLowerCase())
-      )
-    }
-
-    // Filter by status
-    if (statusFilter !== 'all') {
-      filtered = filtered.filter(booking => booking.status === statusFilter)
-    }
-
-    setFilteredBookings(filtered)
-  }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c5feba0 and feac68c.

📒 Files selected for processing (2)

• frontend/app/admin/requests/page.tsx (2 hunks)
• frontend/tailwind.config.ts (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

frontend/app/admin/requests/page.tsx (1)

backend/src/models/booking.model.ts (1)

• Booking (97-97)

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Check the Tailwind CSS version
find . -name "package.json" -type f | head -5 | xargs grep -l "tailwindcss" | head -1 | xargs cat | jq '.dependencies.tailwindcss, .devDependencies.tailwindcss'

Repository: dtprotection/dotcom

Length of output: 45

---

🏁 Script executed:

# Read the tailwind.config.ts file
cat -n frontend/tailwind.config.ts

Repository: dtprotection/dotcom

Length of output: 3301

---

🏁 Script executed:

# Also check if there's a package.json in the root
cat -n package.json 2>/dev/null | head -20

Repository: dtprotection/dotcom

Length of output: 1065

---

🏁 Script executed:

# Check frontend/package.json for Tailwind version
cat frontend/package.json | grep -A 2 -B 2 "tailwindcss"

Repository: dtprotection/dotcom

Length of output: 447

---

🏁 Script executed:

# Also check the full dependencies and devDependencies
cat frontend/package.json | jq '.dependencies, .devDependencies' 2>/dev/null

Repository: dtprotection/dotcom

Length of output: 807

---

🌐 Web query:

Tailwind CSS v4 darkMode class configuration syntax array vs string

💡 Result:

Short answer: in Tailwind v4 you no longer set dark mode via the tailwind.config.js string/array. The old JS option (darkMode: 'media' | 'class' or darkMode: ['selector', '']) is a v2/v3 config pattern — v4 uses a CSS-first approach and you should define/override the dark variant with @custom-variant in your main CSS (e.g. @custom-variant dark (&:where(.dark, .dark *));). References: Tailwind v4 docs and migration notes. [1][2][3]

Examples:

• v3 (JS config): module.exports = { darkMode: 'class' } or darkMode: ['selector','[data-mode="dark"]']. [2]
• v4 (CSS): in your entry CSS: @import "tailwindcss"; @custom-variant dark (&:where(.dark, .dark *));. [1][3]

Sources:
[1] Tailwind v4 docs — Configuring dark mode / @custom-variant.
[2] Tailwind v3 docs — darkMode string/array config examples.
[3] Community notes / Q&A showing v4 usage (StackOverflow / upgrade guides).

---

🌐 Web query:

Tailwind CSS v4.1 darkMode configuration in tailwind.config.ts does it still work

💡 Result:

Short answer: No — in Tailwind v4 the darkMode/tailwind.config.ts approach is no longer the primary way. v4 enables the dark variant by default via prefers-color-scheme and expects selector-based overrides to be declared in your CSS (e.g. with @variant / @custom-variant). You can still load an old JS/TS config explicitly with @config, but the old darkMode config field is deprecated/handled in CSS now. [1][2][3]

Sources:

• Tailwind v4 docs: configuring dark variant via @variant / selector and default prefers-color-scheme. [1]
• Tailwind v4.1 release blog (notes about dark variant/default and v4 changes). [2]
• Upgrade guide / docs: JS config still supported only when explicitly loaded via @config. [3]

---

🌐 Web query:

Tailwind CSS v4 config darkMode class backwards compatibility

💡 Result:

Short answer: Tailwind v4 removed the tailwind.config.js darkMode setting; to keep the previous "class" strategy you must define a selector-based dark variant in your CSS using @custom-variant (or @variant). Example (add to your main CSS entry):

@import "tailwindcss";
@custom-variant dark (&:where(.dark, .dark *));

This restores dark:... utility behavior when a .dark class exists on an ancestor. References: Tailwind v4 docs and community guides. [1][2][3]

Sources

• Tailwind v4 docs (configuring dark variant with @custom-variant). [1]
• Community Q&A showing @custom-variant / @variant usage for class-based dark mode. [2]
• Migration/blog tutorials demonstrating the same @custom-variant snippet for v4. [3]

---

🏁 Script executed:

# Find the main CSS files
find frontend -name "*.css" -type f | head -20

Repository: dtprotection/dotcom

Length of output: 87

---

🏁 Script executed:

# Look for the CSS entry point or globals
find frontend -name "globals.css" -o -name "main.css" -o -name "style.css" | xargs cat 2>/dev/null

Repository: dtprotection/dotcom

Length of output: 4537

---

Remove the deprecated darkMode configuration from tailwind.config.ts.

In Tailwind CSS v4 (you're using v4.1.10), the darkMode config option is deprecated and ignored. Dark mode is now configured entirely through CSS using @custom-variant. Your dark mode setup is already correctly implemented in frontend/app/globals.css with @custom-variant dark (&:is(.dark *)); and the .dark class styles, so dark mode functionality works. However, the darkMode: "class" line should be removed from the config file as it has no effect and can cause confusion.

🤖 Prompt for AI Agents

In frontend/tailwind.config.ts around line 4, remove the deprecated darkMode:
"class" entry — delete that line from the exported config so the file relies on
the CSS @custom-variant dark implementation in frontend/app/globals.css; ensure
the remaining export object remains syntactically valid (commas adjusted) and
run the dev/build to confirm no syntax errors.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

tests/client-portal-fixed.test.ts (2)

296-304: Update status filter to use new status names.

Line 297 filters for status === 'confirmed', but the mock data at line 48 uses status: 'approved'. This mismatch will cause the test to fail.

Apply this diff to fix the status names:

     it('should filter bookings by status', () => {
-      const confirmedBookings = mockBookings.filter(b => b.status === 'confirmed')
+      const approvedBookings = mockBookings.filter(b => b.status === 'approved')
       const pendingBookings = mockBookings.filter(b => b.status === 'pending')

-      expect(confirmedBookings).toHaveLength(1)
+      expect(approvedBookings).toHaveLength(1)
       expect(pendingBookings).toHaveLength(1)
-      expect(confirmedBookings[0].id).toBe('booking1')
+      expect(approvedBookings[0].id).toBe('booking1')
       expect(pendingBookings[0].id).toBe('booking2')
     })

---

315-332: Fix status name mismatch in booking statistics calculation.

Lines 319-322 calculate statistics using old status names ('confirmed', 'cancelled'), but lines 327 and 330 assert on bookingStats.approved and bookingStats.rejected. This mismatch will cause the test to fail.

Apply this diff to align the status names:

     it('should calculate booking statistics', () => {
       const today = new Date()
       const bookingStats = {
         total: mockBookings.length,
-        confirmed: mockBookings.filter(b => b.status === 'confirmed').length,
+        approved: mockBookings.filter(b => b.status === 'approved').length,
         pending: mockBookings.filter(b => b.status === 'pending').length,
         completed: mockBookings.filter(b => b.status === 'completed').length,
-        cancelled: mockBookings.filter(b => b.status === 'cancelled').length,
+        rejected: mockBookings.filter(b => b.status === 'rejected').length,
         upcoming: mockBookings.filter(b => new Date(b.date) > today).length
       }

       expect(bookingStats.total).toBe(2)
       expect(bookingStats.approved).toBe(1)
       expect(bookingStats.pending).toBe(1)
       expect(bookingStats.completed).toBe(0)
       expect(bookingStats.rejected).toBe(0)
       expect(bookingStats.upcoming).toBe(2) // Both dates are in the future
     })

♻️ Duplicate comments (2)

tests/services/email.service.test.ts (2)

34-44: Move vi.mock to module level (duplicate concern).

Vitest hoists vi.mock calls to the top of the file at compile time, so placing it inside beforeEach doesn't re-mock per test. This is the same issue previously flagged.

---

12-17: Remove redundant skip check in beforeEach.

The suite is already conditionally skipped via describe.skipIf(skipCheck.skip) at line 8. When the suite is skipped, beforeEach never runs, making this check redundant.

Apply this diff to remove the redundant check:

   beforeEach(() => {
-    // Only run if Email is configured or we're forcing tests
-    if (skipCheck.skip) {
-      console.log(`Skipping Email tests: ${skipCheck.reason}`)
-      return
-    }
-
     mockConfig = {

🧹 Nitpick comments (1)

tests/services/email.service.test.ts (1)

97-128: Test doesn't verify error handling behavior.

The test creates a mock booking but only checks that sendBookingConfirmation exists. It doesn't actually test error handling or verify graceful failure. Consider either implementing a proper error scenario (e.g., mock a transport failure and verify the service returns false or logs appropriately) or remove this test if error handling isn't testable with the current mock setup.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between feac68c and fafe413.

📒 Files selected for processing (4)

• tests/admin-dashboard.test.ts (1 hunks)
• tests/client-portal-fixed.test.ts (12 hunks)
• tests/integration/booking-flow.test.ts (1 hunks)
• tests/services/email.service.test.ts (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

tests/integration/booking-flow.test.ts (3)

backend/src/api.ts (1)

• createApiApp (43-77)

backend/src/models/admin.model.ts (1)

• Admin (110-110)

backend/src/models/booking.model.ts (1)

• Booking (97-97)

🪛 GitHub Actions: CI/CD Pipeline

tests/integration/booking-flow.test.ts

[error] 75-75: Booking creation returned 400 but expected 201. Should create booking successfully in Complete Booking Flow test.

---

[error] 239-239: Booking status transitions test expects 201 but received 400 on update.

---

[error] 274-274: Booking status transition test expected 201 but got 400 on invalid/edge case.

🔇 Additional comments (1)

tests/admin-dashboard.test.ts (1)

361-371: Excellent UTC normalization for test determinism.

The changes correctly address timezone-related issues by using ISO 8601 format with explicit UTC and adding timeZone: 'UTC' to formatting options. This ensures consistent test behavior across different CI/CD environments and local development machines.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find and examine booking model files
echo "=== Finding booking model files ==="
find . -type f -name "*booking*" -path "*/models/*" | head -20

echo -e "\n=== Finding booking routes/controllers ==="
find . -type f -name "*booking*" -path "*/routes/*" -o -path "*/controllers/*" -name "*booking*" | head -20

echo -e "\n=== Check test file structure ==="
find . -type f -name "booking-flow.test.ts"

Repository: dtprotection/dotcom

Length of output: 295

---

🏁 Script executed:

#!/bin/bash
# Examine booking model
echo "=== Booking Model Schema ==="
cat -n ./backend/src/models/booking.model.ts | head -150

echo -e "\n=== Booking Routes POST Handler ==="
cat -n ./backend/src/routes/booking.routes.ts | head -100

Repository: dtprotection/dotcom

Length of output: 7034

---

🏁 Script executed:

#!/bin/bash
# Verify the exact test payload structure
echo "=== Test Payload at lines 57-73 ==="
sed -n '57,73p' ./tests/integration/booking-flow.test.ts

echo -e "\n=== Checking for other test payloads mentioned in review ==="
echo "Lines around 75 (first failure):"
sed -n '70,80p' ./tests/integration/booking-flow.test.ts

echo -e "\nLines around 239 (second failure):"
sed -n '235,245p' ./tests/integration/booking-flow.test.ts

echo -e "\nLines around 274 (third failure):"
sed -n '270,280p' ./tests/integration/booking-flow.test.ts

Repository: dtprotection/dotcom

Length of output: 1777

---

Fix field name mismatch between validator and booking model.

The booking creation returns 400 due to a critical field name mismatch: the validation middleware expects eventDate and eventType, but the booking model requires date and serviceType. The validator passes the request, but when the route handler creates the booking with new Booking(req.body), mongoose fails because the required date and serviceType fields are undefined in the payload.

Update the validator in backend/src/routes/booking.routes.ts to validate the correct field names:

• Change body('eventDate') to body('date')
• Change body('eventType') to body('serviceType')

Additionally, correct the validation strictness: venueAddress and numberOfGuards should be .optional() to match the schema, and validate the payment object structure with required fields totalAmount and depositAmount.

🧰 Tools

🪛 GitHub Actions: CI/CD Pipeline

[error] 75-75: Booking creation returned 400 but expected 201. Should create booking successfully in Complete Booking Flow test.

🤖 Prompt for AI Agents

In backend/src/routes/booking.routes.ts (around the request body validators for
booking creation), the validator is using eventDate and eventType while the
Booking model expects date and serviceType; update the validators to use
body('date') and body('serviceType') respectively, make venueAddress and
numberOfGuards optional via .optional(), and add explicit validation for the
payment object and its required numeric fields (e.g., ensure payment exists and
validate payment.totalAmount and payment.depositAmount as numbers) so the
incoming payload matches the Mongoose schema and prevents 400 errors when
constructing new Booking(req.body).