🐛 server: manteca improvements

[mainqueg]

Summary by CodeRabbit

• New Features

  • Graceful handling for invalid legal IDs during onboarding with inquiry resumption.
  • Added analytics events for onramp transactions and ramp account updates.

• Bug Fixes

  • Improved error mapping and responses for invalid legal ID scenarios.

• Tests

  • Added tests covering invalid-legal-id onboarding flows and analytics tracking.

• Chores

  • Normalized Sentry event naming for clearer monitoring.

---

[changeset-bot]

🦋 Changeset detected

Latest commit: c3098bd

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@exactly/server	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[gemini-code-assist]

Summary of Changes

Hello @mainqueg, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the robustness and observability of the Manteca integration. It addresses potential user friction during onboarding by providing a more resilient flow for invalid CUITs and ensures that critical user actions, such as onramp completions and account activations, are properly tracked. Additionally, it includes a practical fallback for missing document images, contributing to a smoother overall user experience.

Highlights

• Improved Manteca Onboarding Error Handling: Enhanced the Manteca onboarding process to gracefully handle INVALID_CUIT errors, allowing for the resumption of existing Persona inquiries or the creation of new ones to guide users through the correction process.
• Enhanced Event Tracking: Implemented comprehensive Segment tracking for key Manteca-related events, including successful onramp completions and the activation of ramp accounts, providing valuable insights into user journeys.
• Manteca Back Image Fallback: Introduced a fallback mechanism during Manteca onboarding to use the front document image if the back document image is missing, ensuring the onboarding process can proceed without interruption.
• Standardized Event Logging: Refined the naming conventions for Manteca system, compliance, and invalid order size events captured in Sentry, improving clarity and consistency in error and notice logging.

Changelog

• .changeset/chatty-glasses-throw.md
  • Added a changeset entry for fixing the Manteca back image fallback.
• .changeset/ripe-readers-repair.md
  • Added a changeset entry for catching invalid CUIT during Manteca onboarding.
• .changeset/silent-trains-wear.md
  • Added a changeset entry for tracking onramp and ramp account events.
• cspell.json
  • Added "cuit" to the cspell dictionary.
• server/api/ramp.ts
  • Imported Persona utility functions.
  • Implemented error handling for INVALID_CUIT during Manteca onboarding, allowing for inquiry resumption or creation.
• server/hooks/manteca.ts
  • Imported Segment tracking utility.
  • Standardized Manteca system notice event names.
  • Added Segment tracking for completed onramp orders and active ramp accounts.
  • Standardized Manteca invalid order size event name.
• server/test/api/ramp.test.ts
  • Imported Persona utilities for testing.
  • Added comprehensive test cases for handling INVALID_CUIT errors during Manteca onboarding, including inquiry creation and resumption scenarios.
• server/test/hooks/manteca.test.ts
  • Imported Segment utilities for testing.
  • Added tests to verify Segment tracking for completed onramp orders and active ramp accounts.
• server/test/utils/manteca.test.ts
  • Added a test case for INVALID_CUIT error propagation from Manteca API.
  • Added a test case to confirm front image fallback for missing back image during onboarding.
• server/utils/ramps/manteca.ts
  • Introduced INVALID_CUIT error code and mapped Manteca's INVALID_LEGAL_ID to it.
  • Implemented a fallback mechanism to use the front document image if the back document image is missing during onboarding.
• server/utils/segment.ts
  • Extended the track function's type definition to include Onramp and RampAccount events with their specific properties.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds INVALID_LEGAL_ID handling to Manteca onboarding (maps API legalId errors to a surfaced error, supports inquiry resume/create flow), introduces Onramp and RampAccount analytics events, normalizes Manteca hook event names and credential source queries, and adds related tests and changesets.

Changes

Cohort / File(s)	Summary
Changesets /.changeset/chatty-glasses-throw.md, /.changeset/ripe-readers-repair.md, /.changeset/silent-trains-wear.md	Three new changeset entries: Sentry event name normalization, invalid legal ID handling, and onramp/ramp-account tracking notes.
Onboarding error mapping server/utils/ramps/manteca.ts	Adds MantecaApiErrorCodes.INVALID_LEGAL_ID and maps it to public ErrorCodes.INVALID_LEGAL_ID so onboarding converts API legalId errors into a surfaced error.
API onboarding flow server/api/ramp.ts	Handles INVALID_LEGAL_ID on POST /onboarding: fetches existing inquiry, checks resumability (created/pending/expired), creates inquiry if needed, calls resumeInquiry, and returns { code, inquiryId, sessionToken } in the error response.
Analytics surface server/utils/segment.ts	Adds two new track events to the union: Onramp (currency, fiatAmount, provider, source, usdcAmount) and RampAccount (provider, source).
Manteca hook & tracking server/hooks/manteca.ts	Renames debug namespace, normalizes Sentry event names, includes credential source in queries, adds Onramp tracking on completed orders and RampAccount tracking on onboarding ACTIVE updates, and adjusts some event levels.
Tests server/test/api/ramp.test.ts, server/test/hooks/manteca.test.ts, server/test/utils/manteca.test.ts	Adds tests for INVALID_LEGAL_ID onboarding scenarios (no inquiry, resumable, non-resumable), asserts segment.track calls for Onramp and RampAccount, and tests mantecaOnboarding mapping of legalId API error to INVALID_LEGAL_ID.
Persona utils (imports/usage) server/api/ramp.ts, server/test/api/ramp.test.ts	Imports/uses persona helpers (getInquiry, createInquiry, resumeInquiry, MANTECA_TEMPLATE_EXTRA_FIELDS) to support inquiry resume/create flow in onboarding error path.

Sequence Diagram

sequenceDiagram
    participant Client as Client
    participant API as "ramp.ts (POST /onboarding)"
    participant Manteca as "mantecaOnboarding\n(server/utils/ramps/manteca.ts)"
    participant Persona as "persona (inquiry service)\n(server/utils/persona)"
    participant Response as Response

    Client->>API: POST /onboarding (payload)
    API->>Manteca: initiateOnboarding()
    Manteca->>Manteca: call external Manteca API
    Manteca-->>API: throw INVALID_LEGAL_ID
    API->>Persona: getInquiry(user)
    alt existing & resumable (created/pending/expired)
        Persona-->>API: return existing inquiryId
    else missing or non-resumable
        API->>Persona: createInquiry(...)
        Persona-->>API: return new inquiryId
    end
    API->>Persona: resumeInquiry(inquiryId)
    Persona-->>API: return sessionToken
    API-->>Response: 400 { code: INVALID_LEGAL_ID, inquiryId, sessionToken }
    Response-->>Client: error with resume data

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• ✨ server: support manteca inquiry #680: Overlapping Manteca/ramp changes touching INVALID_LEGAL_ID handling, inquiry resume/create logic, and related tests.
• ✨ server: validate id document photos for manteca #693: Overlapping edits to Manteca onboarding and persona utilities used by that flow.

Suggested reviewers

• nfmelendez

🚥 Pre-merge checks | ✅ 1 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title mentions 'manteca improvements' which relates to changes, but it's overly vague and doesn't specify the main objectives (invalid legal ID handling, event tracking normalization, onramp/ramp account events).	Clarify the title to highlight the primary changes, such as 'Add invalid legal ID handling and event tracking for manteca onboarding' or 'Normalize manteca error handling and add onramp tracking events'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ramps

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

server/utils/ramps/manteca.ts (1)

776-789: 🛠️ Refactor suggestion | 🟠 Major

New entries added at the end of both objects — move to sorted/middle positions.

INVALID_CUIT is appended at the end of ErrorCodes, and INVALID_LEGAL_ID at the end of MantecaApiErrorCodes. Both should be placed alphabetically or at least not last.

Proposed fix

 export const ErrorCodes = {
+  INVALID_CUIT: "invalid cuit",
+  INVALID_ORDER_SIZE: "invalid order size",
+  MANTECA_USER_INACTIVE: "manteca user inactive",
   NOT_SUPPORTED_CHAIN_ID: "not supported chain id",
   NOT_SUPPORTED_CURRENCY: "not supported currency",
-  MANTECA_USER_INACTIVE: "manteca user inactive",
-  INVALID_ORDER_SIZE: "invalid order size",
   NO_PERSONA_ACCOUNT: "no persona account",
   NO_DOCUMENT: "no document",
-  INVALID_CUIT: "invalid cuit",
 };
 
 const MantecaApiErrorCodes = {
+  INVALID_LEGAL_ID: "legalId has wrong value",
   INVALID_ORDER_SIZE: "MIN_SIZE",
   USER_NOT_FOUND: "USER_NF",
-  INVALID_LEGAL_ID: "legalId has wrong value",
 } as const;

As per coding guidelines: "avoid adding items at the end of json/array lists. add in the middle or sorted position."

🤖 Fix all issues with AI agents

In `@server/test/hooks/manteca.test.ts`:
- Line 323: Tests currently spy on segment.track without stubbing its behaviour,
allowing the real track() to run and potentially send events; update the tests
that call vi.spyOn(segment, "track") (including the occurrences around the
current lines) to stub the implementation to a no-op instead of executing the
real method (e.g., after spying, set a mock implementation or replace with a
vi.fn that returns nothing) so segment.track cannot call out to analytics during
test runs.

In `@server/utils/ramps/manteca.ts`:
- Line 342: Replace the non-compliant comment marker "HACK" in the expression
using backDocumentURL ?? frontDocumentURL with a permitted TODO or FIXME marker;
change the inline comment to follow the exact format "TODO <lowercase
explanation>" (uppercase tag, single space, then a lowercase description) — e.g.
replace "HACK: onboarding starts only when two images are uploaded" with "TODO
onboarding starts only when two images are uploaded".

[gemini-code-assist]

Code Review

This pull request introduces several improvements for the Manteca integration. It adds a user-friendly flow to handle invalid CUIT during onboarding by leveraging Persona inquiries, implements a fallback for the back document image to prevent onboarding failures, and adds Segment tracking for key onramp events. The changes are well-tested and improve both robustness and observability. I have one suggestion to refactor a piece of logic for better clarity and type safety.

[sentry]

Codecov Report

❌ Patch coverage is 86.66667% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 67.81%. Comparing base (03fdfa3) to head (c3098bd).
⚠️ Report is 3 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
server/utils/ramps/manteca.ts	33.33%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #756      +/-   ##
==========================================
+ Coverage   67.73%   67.81%   +0.08%     
==========================================
  Files         206      206              
  Lines        6940     7032      +92     
  Branches     2175     2210      +35     
==========================================
+ Hits         4701     4769      +68     
- Misses       2049     2063      +14     
- Partials      190      200      +10     

Flag	Coverage Δ
e2e	67.81% <86.66%> (+16.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@server/api/ramp.ts`:
- Around line 211-222: The inquiry flow under the
MantecaErrorCodes.INVALID_LEGAL_ID branch (calls to getInquiry, createInquiry,
resumeInquiry) can throw and currently escapes the outer catch; wrap that whole
sequence in its own try/catch, and in the catch: capture the error to Sentry (or
the existing logger) with onboarding context (include credentialId,
error.message, and original error code), then return a controlled HTTP error
response (e.g., 502 or a 4xx with a clear message) instead of letting it bubble
as a 500. Ensure you keep the existing resume path when successful and reference
the existing symbols getInquiry, createInquiry, resumeInquiry, and
MantecaErrorCodes.INVALID_LEGAL_ID so reviewers can find the change.

In `@server/hooks/manteca.ts`:
- Line 42: The debug namespace was changed and may break existing filtering;
revert or add backward-compatibility so existing DEBUG=exa:manteca-hook
continues to capture logs: update the createDebug call (the createDebug(...)
used to initialize the const debug) to use the original "exa:manteca-hook"
namespace or create and export/assign both namespaces (e.g.,
createDebug("exa:manteca") and createDebug("exa:manteca-hook")) so callers using
the const debug still emit under the old name; adjust the const debug
initialization accordingly.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@server/test/api/ramp.test.ts`:
- Around line 250-335: Add positive assertions that persona.createInquiry was
called in the two INVALID_LEGAL_ID tests where a new inquiry should be created:
the "returns 400 with new inquiry for invalid legal id when no existing inquiry"
and the "creates new inquiry for invalid legal id when existing inquiry is not
resumable" tests. Concretely, after the response assertions in each test, add
expect(persona.createInquiry).toHaveBeenCalled() (or toHaveBeenCalledTimes(1) if
you prefer stricter checks) to ensure createInquiry is invoked; keep the
existing negative assertion expect(createInquirySpy).not.toHaveBeenCalled() in
the resumable test unchanged.

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 5 additional findings.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@server/api/ramp.ts`:
- Around line 211-222: TypeScript can't guarantee existing isn't undefined when
you access existing.id after computing resumable, so either narrow the type or
assert non-null; update the code around getInquiry/resumable to ensure a
definite id — simplest fix: replace existing.id with existing!.id when building
{ data: { id: existing.id } } (or alternatively add an explicit return type for
getInquiry such as Promise<InquiryType | undefined> and handle the undefined
case before using existing.id), ensuring the symbols involved are getInquiry,
existing, resumable, createInquiry, and resumeInquiry.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@server/test/hooks/manteca.test.ts`:
- Line 323: The spy uses mockResolvedValue() for the synchronous function
segment.track which returns void; replace mockResolvedValue() with a synchronous
mock such as vi.spyOn(segment, "track").mockImplementation(() => {}) or
.mockReturnValue(undefined) to match the void return type; apply the same change
to the other occurrence noted (around the second instance at the later test).

[sentry]

Issues attributed to commits in this pull request

This pull request was merged and Sentry observed the following issues:

• ‼️ Error: invalid legal id in production