From 1dc37d8809abc6450aef310fd030d81d02f0423f Mon Sep 17 00:00:00 2001
From: SandipBajracharya <sndp106.sb@gmail.com>
Date: Wed, 20 May 2026 14:25:31 +0545
Subject: [PATCH 01/10] feat(OUT-3275): GET/PATCH /api/quickbooks/accounts and
 supporting helpers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds the server side of the settings dashboard account-ref editor: a single
/api/quickbooks/accounts route handling GET (lists income/expense/bank
accounts from QBO plus the portal's currently-selected refs) and PATCH
(validates each provided ref against QBO and updates qb_portal_connections
scoped by portalId).

- IntuitAPI.getAccountsForProductMapping runs three flat queries (no OR,
  parens, or IN — QBO's parser rejects all three on AccountType).
- _getAnAccount SELECT now includes AccountType so PATCH validation can
  read it; QBAccountRowSchema tightened to require AccountType.
- TokenService.updateAccountRefs validates AccountType per bucket in
  parallel before delegating to updateQBPortalConnection.
- Response uses an allowlist (QBPortalConnectionSelectSchema.pick) so
  token fields can't leak.
- patchFetcher helper mirrors postFetcher (throws on non-OK).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../accounts/accounts.controller.ts           | 41 ++++++++++++
 .../quickbooks/accounts/accounts.service.ts   | 37 +++++++++++
 src/app/api/quickbooks/accounts/route.ts      | 10 +++
 src/app/api/quickbooks/token/token.service.ts | 62 ++++++++++++++++++-
 src/helper/fetch.helper.ts                    | 17 +++++
 src/type/common.ts                            | 31 ++++++++++
 src/type/dto/intuitAPI.dto.ts                 |  2 +
 src/utils/intuitAPI.ts                        | 45 ++++++++++++++
 8 files changed, 243 insertions(+), 2 deletions(-)
 create mode 100644 src/app/api/quickbooks/accounts/accounts.controller.ts
 create mode 100644 src/app/api/quickbooks/accounts/accounts.service.ts
 create mode 100644 src/app/api/quickbooks/accounts/route.ts

diff --git a/src/app/api/quickbooks/accounts/accounts.controller.ts b/src/app/api/quickbooks/accounts/accounts.controller.ts
new file mode 100644
index 00000000..612b9900
--- /dev/null
+++ b/src/app/api/quickbooks/accounts/accounts.controller.ts
@@ -0,0 +1,41 @@
+import authenticate from '@/app/api/core/utils/authenticate'
+import { NextRequest, NextResponse } from 'next/server'
+import httpStatus from 'http-status'
+import { AccountService } from '@/app/api/quickbooks/accounts/accounts.service'
+import { TokenService } from '@/app/api/quickbooks/token/token.service'
+import { AccountRefsUpdateSchema } from '@/type/common'
+import { QBPortalConnectionSelectSchema } from '@/db/schema/qbPortalConnections'
+
+// Explicit allowlist of what is safe to return — anything else (especially
+// token/secret fields) is dropped. Adding a new column to QBPortalConnection
+// does NOT widen this surface unless the column is added here too.
+const SafePortalConnectionSchema = QBPortalConnectionSelectSchema.pick({
+  id: true,
+  portalId: true,
+  incomeAccountRef: true,
+  expenseAccountRef: true,
+  assetAccountRef: true,
+})
+
+export async function listAccounts(req: NextRequest) {
+  const user = await authenticate(req)
+  const service = new AccountService(user)
+  const data = await service.listAccountsForProductMapping()
+  return NextResponse.json(data)
+}
+
+export async function updateAccountRefs(req: NextRequest) {
+  const user = await authenticate(req)
+  const body = await req.json()
+  const payload = AccountRefsUpdateSchema.parse(body)
+
+  const service = new TokenService(user)
+  const conn = await service.updateAccountRefs(payload)
+
+  const safe = SafePortalConnectionSchema.parse(conn)
+
+  return NextResponse.json(
+    { portalConnection: safe },
+    { status: httpStatus.OK },
+  )
+}
diff --git a/src/app/api/quickbooks/accounts/accounts.service.ts b/src/app/api/quickbooks/accounts/accounts.service.ts
new file mode 100644
index 00000000..f873294e
--- /dev/null
+++ b/src/app/api/quickbooks/accounts/accounts.service.ts
@@ -0,0 +1,37 @@
+import { BaseService } from '@/app/api/core/services/base.service'
+import { getPortalTokens } from '@/db/service/token.service'
+import APIError from '@/app/api/core/exceptions/api'
+import httpStatus from 'http-status'
+import IntuitAPI from '@/utils/intuitAPI'
+import { AccountsListResponse } from '@/type/common'
+
+export class AccountService extends BaseService {
+  async listAccountsForProductMapping(): Promise<AccountsListResponse> {
+    let tokens
+    try {
+      tokens = await getPortalTokens(this.user.workspaceId)
+    } catch {
+      throw new APIError(
+        httpStatus.NOT_FOUND,
+        'AccountService#listAccountsForProductMapping | no portal connection',
+      )
+    }
+
+    const intuitApi = new IntuitAPI(tokens)
+    const { income, expense, asset } =
+      await intuitApi.getAccountsForProductMapping()
+
+    return {
+      options: {
+        income: income.map((a) => ({ id: a.Id, name: a.Name })),
+        expense: expense.map((a) => ({ id: a.Id, name: a.Name })),
+        asset: asset.map((a) => ({ id: a.Id, name: a.Name })),
+      },
+      selected: {
+        incomeAccountRef: tokens.incomeAccountRef,
+        expenseAccountRef: tokens.expenseAccountRef,
+        assetAccountRef: tokens.assetAccountRef,
+      },
+    }
+  }
+}
diff --git a/src/app/api/quickbooks/accounts/route.ts b/src/app/api/quickbooks/accounts/route.ts
new file mode 100644
index 00000000..e4bf65ba
--- /dev/null
+++ b/src/app/api/quickbooks/accounts/route.ts
@@ -0,0 +1,10 @@
+import { withErrorHandler } from '@/app/api/core/utils/withErrorHandler'
+import {
+  listAccounts,
+  updateAccountRefs,
+} from '@/app/api/quickbooks/accounts/accounts.controller'
+
+export const maxDuration = 300 // 5 minutes
+
+export const GET = withErrorHandler(listAccounts)
+export const PATCH = withErrorHandler(updateAccountRefs)
diff --git a/src/app/api/quickbooks/token/token.service.ts b/src/app/api/quickbooks/token/token.service.ts
index da2d9966..5a851198 100644
--- a/src/app/api/quickbooks/token/token.service.ts
+++ b/src/app/api/quickbooks/token/token.service.ts
@@ -12,8 +12,16 @@ import {
   QBPortalConnectionUpdateSchemaType,
 } from '@/db/schema/qbPortalConnections'
 import { QBSetting, QBSettingsUpdateSchemaType } from '@/db/schema/qbSettings'
-import { getPortalConnection } from '@/db/service/token.service'
-import { AccountType, ChangeEnableStatusRequestType } from '@/type/common'
+import {
+  getPortalConnection,
+  getPortalTokens,
+} from '@/db/service/token.service'
+import {
+  AccountRefsUpdateSchema,
+  AccountRefsUpdateType,
+  AccountType,
+  ChangeEnableStatusRequestType,
+} from '@/type/common'
 import IntuitAPI from '@/utils/intuitAPI'
 import CustomLogger from '@/utils/logger'
 import dayjs from 'dayjs'
@@ -90,6 +98,56 @@ export class TokenService extends BaseService {
     return token
   }
 
+  async updateAccountRefs(payload: AccountRefsUpdateType) {
+    const parsed = AccountRefsUpdateSchema.parse(payload)
+
+    let tokens
+    try {
+      tokens = await getPortalTokens(this.user.workspaceId)
+    } catch {
+      throw new APIError(
+        httpStatus.NOT_FOUND,
+        'TokenService#updateAccountRefs | no portal connection',
+      )
+    }
+
+    const intuitApi = new IntuitAPI(tokens)
+
+    const checks: Array<[keyof AccountRefsUpdateType, (t: string) => boolean]> =
+      []
+    if (parsed.incomeAccountRef)
+      checks.push(['incomeAccountRef', (t) => t === 'Income'])
+    if (parsed.expenseAccountRef)
+      checks.push(['expenseAccountRef', (t) => t === 'Expense'])
+    if (parsed.assetAccountRef)
+      checks.push(['assetAccountRef', (t) => t === 'Bank'])
+
+    await Promise.all(
+      checks.map(async ([field, isValidType]) => {
+        const id = parsed[field]!
+        const account = await intuitApi.getAnAccount(undefined, id)
+        if (!account) {
+          throw new APIError(
+            httpStatus.BAD_REQUEST,
+            `${field} account not found`,
+          )
+        }
+        const acctType = account.AccountType
+        if (!isValidType(acctType)) {
+          throw new APIError(
+            httpStatus.BAD_REQUEST,
+            `${field} has an incompatible account type`,
+          )
+        }
+      }),
+    )
+
+    return await this.updateQBPortalConnection(
+      parsed,
+      eq(QBPortalConnection.portalId, this.user.workspaceId),
+    )
+  }
+
   async turnOffSync(intuitRealmId: string) {
     const portalId = this.user.workspaceId
     // update db sync status for the defined portal
diff --git a/src/helper/fetch.helper.ts b/src/helper/fetch.helper.ts
index e8f89d2b..9b35cf46 100644
--- a/src/helper/fetch.helper.ts
+++ b/src/helper/fetch.helper.ts
@@ -91,6 +91,23 @@ export const postFetcher = async (
   return response.json()
 }
 
+export const patchFetcher = async (
+  url: string,
+  headers: Record<string, string>,
+  body: Record<string, unknown>,
+  opts: FetcherOptions = {},
+) => {
+  const response = await fetch(url, {
+    method: 'PATCH',
+    headers,
+    body: JSON.stringify(body),
+    signal: resolveSignal(opts),
+  })
+
+  if (!response.ok) throw await buildHttpFetchError(response, url)
+  return response.json()
+}
+
 export const getFetcher = async (
   url: string,
   headers: Record<string, string>,
diff --git a/src/type/common.ts b/src/type/common.ts
index 434a1a06..252b42f2 100644
--- a/src/type/common.ts
+++ b/src/type/common.ts
@@ -317,6 +317,37 @@ export type ProductSettingType = Required<
   Pick<SettingRequestType, 'createNewProductFlag'>
 > & { id?: string }
 
+export type AccountOption = { id: string; name: string }
+
+export type AccountsListResponse = {
+  options: {
+    income: AccountOption[]
+    expense: AccountOption[]
+    asset: AccountOption[]
+  }
+  selected: {
+    incomeAccountRef: string
+    expenseAccountRef: string
+    assetAccountRef: string
+  }
+}
+
+export const AccountRefsUpdateSchema = z
+  .object({
+    incomeAccountRef: z.string().min(1).optional(),
+    expenseAccountRef: z.string().min(1).optional(),
+    assetAccountRef: z.string().min(1).optional(),
+  })
+  .refine(
+    (v) => v.incomeAccountRef || v.expenseAccountRef || v.assetAccountRef,
+    {
+      message:
+        'At least one of incomeAccountRef, expenseAccountRef, or assetAccountRef must be provided',
+    },
+  )
+
+export type AccountRefsUpdateType = z.infer<typeof AccountRefsUpdateSchema>
+
 export enum TransactionType {
   INVOICE = 'Invoice',
 }
diff --git a/src/type/dto/intuitAPI.dto.ts b/src/type/dto/intuitAPI.dto.ts
index e7119745..7066ff6d 100644
--- a/src/type/dto/intuitAPI.dto.ts
+++ b/src/type/dto/intuitAPI.dto.ts
@@ -204,6 +204,8 @@ export const QBAccountRowSchema = z.object({
   Name: z.string(),
   SyncToken: z.string(),
   Active: z.boolean(),
+  AccountType: z.string(),
+  AccountSubType: z.string().optional(),
 })
 export type QBAccountRowType = z.infer<typeof QBAccountRowSchema>
 
diff --git a/src/utils/intuitAPI.ts b/src/utils/intuitAPI.ts
index c8d3f5c2..5e001848 100644
--- a/src/utils/intuitAPI.ts
+++ b/src/utils/intuitAPI.ts
@@ -120,6 +120,7 @@ export const QB_ACCOUNT_COLUMNS = [
   'Name',
   'SyncToken',
   'Active',
+  'AccountType',
 ] as const satisfies ReadonlyArray<keyof QBAccountRowType>
 
 type GetACustomerOverloads = {
@@ -333,6 +334,48 @@ export default class IntuitAPI {
     return parsed.Account?.[0]
   }
 
+  async _getAccountsForProductMapping(): Promise<{
+    income: QBAccountRowType[]
+    expense: QBAccountRowType[]
+    asset: QBAccountRowType[]
+  }> {
+    CustomLogger.info({
+      message: `IntuitAPI#getAccountsForProductMapping | start for realmId: ${this.tokens.intuitRealmId}`,
+    })
+    // QBO's query parser does not support OR, parentheses for grouping, or
+    // IN on AccountType. We work around with: one query per AccountType, and
+    // JS-side filtering on AccountSubType for the income bucket.
+    const incomeQuery =
+      "SELECT Id, Name, SyncToken, Active, AccountType, AccountSubType FROM Account WHERE AccountType = 'Income' AND AccountSubType = 'SalesOfProductIncome' AND Active = true"
+    const expenseQuery =
+      "SELECT Id, Name, SyncToken, Active, AccountType FROM Account WHERE AccountType = 'Expense' AND Active = true"
+    const assetQuery =
+      "SELECT Id, Name, SyncToken, Active, AccountType FROM Account WHERE AccountType = 'Bank' AND Active = true"
+
+    const [incomeRaw, expenseRaw, assetOtherRaw] = await Promise.all([
+      this.customQuery(incomeQuery),
+      this.customQuery(expenseQuery),
+      this.customQuery(assetQuery),
+    ])
+
+    if (!incomeRaw || !expenseRaw || !assetOtherRaw)
+      throw new APIError(
+        httpStatus.BAD_REQUEST,
+        'IntuitAPI#getAccountsForProductMapping | no response from QBO',
+      )
+
+    const parse = (raw: unknown): QBAccountRowType[] => {
+      const parsed = QBAccountQueryResponseSchema.parse(raw)
+      return parsed.Account ?? []
+    }
+
+    return {
+      income: parse(incomeRaw),
+      expense: parse(expenseRaw),
+      asset: parse(assetOtherRaw),
+    }
+  }
+
   /**
    * Either displayName or id must be provided
    */
@@ -993,6 +1036,8 @@ export default class IntuitAPI {
   createCustomer = this.wrapWithRetry(this._createCustomer)
   createItem = this.wrapWithRetry(this._createItem)
   getSingleIncomeAccount = this._getSingleIncomeAccount.bind(this)
+  // bind-only: three inner customQuery calls each already retry; wrapping would amplify.
+  getAccountsForProductMapping = this._getAccountsForProductMapping.bind(this)
   getACustomer: GetACustomerOverloads = this._getACustomer.bind(
     this,
   ) as unknown as GetACustomerOverloads

From 6b997122f41be27e55a59088e6fc27e4b20433e3 Mon Sep 17 00:00:00 2001
From: SandipBajracharya <sndp106.sb@gmail.com>
Date: Wed, 20 May 2026 14:25:49 +0545
Subject: [PATCH 02/10] feat(OUT-3275): Other Settings accordion with QBO
 account dropdowns

Adds a third accordion section below Invoice Details that lets the user
pick which QBO accounts the integration uses for income, expense, and
bank. Skips the /accounts fetch entirely when QB isn't connected
(syncFlag off or no portal connection) and surfaces a "Connect to
QuickBooks" message inline instead.

- useOtherSettings hook backs the section via SWR; submits only changed
  fields through patchFetcher and mutates the cache on success.
- Custom dropdown component mirrors the QuickBooks-items dropdown
  pattern (button + click-outside-to-close panel) instead of a native
  <select>; no search box or sticky options since the lists are short.
- SettingAccordion wires the new section with the existing
  Cancel/Update button pattern, gated on syncFlag and showButton.
- useSettings opens the new "other-settings" item by default for
  un-enabled portals.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../dashboard/settings/SettingAccordion.tsx   |  44 +++++
 .../settings/sections/other/OtherSettings.tsx | 161 ++++++++++++++++++
 src/hook/useSettings.ts                       | 107 +++++++++++-
 3 files changed, 310 insertions(+), 2 deletions(-)
 create mode 100644 src/components/dashboard/settings/sections/other/OtherSettings.tsx

diff --git a/src/components/dashboard/settings/SettingAccordion.tsx b/src/components/dashboard/settings/SettingAccordion.tsx
index cd482bd3..e80ea56e 100644
--- a/src/components/dashboard/settings/SettingAccordion.tsx
+++ b/src/components/dashboard/settings/SettingAccordion.tsx
@@ -1,10 +1,12 @@
 import { useApp } from '@/app/context/AppContext'
 import InvoiceDetail from '@/components/dashboard/settings/sections/invoice/InvoiceDetail'
+import OtherSettings from '@/components/dashboard/settings/sections/other/OtherSettings'
 import ProductMapping from '@/components/dashboard/settings/sections/product/ProductMapping'
 import Accordion from '@/components/ui/Accordion'
 import Divider from '@/components/ui/Divider'
 import {
   useInvoiceDetailSettings,
+  useOtherSettings,
   useProductMappingSettings,
   useSettings,
 } from '@/hook/useSettings'
@@ -44,6 +46,18 @@ export default function SettingAccordion({
     showButton: showInvoiceButton,
   } = useInvoiceDetailSettings()
 
+  const {
+    options: accountOptions,
+    settingState: otherSettingState,
+    changeSettings: changeOtherSettings,
+    submitOtherSettings,
+    cancelOtherSettings,
+    isLoading: otherIsLoading,
+    error: otherError,
+    showButton: showOtherButton,
+    isDisconnected: otherIsDisconnected,
+  } = useOtherSettings()
+
   const accordionItems = [
     {
       id: 'product-mapping',
@@ -75,6 +89,20 @@ export default function SettingAccordion({
         />
       ),
     },
+    {
+      id: 'other-settings',
+      header: 'Other Settings',
+      content: (
+        <OtherSettings
+          options={accountOptions}
+          settingState={otherSettingState}
+          changeSettings={changeOtherSettings}
+          isLoading={otherIsLoading}
+          error={otherError}
+          isDisconnected={otherIsDisconnected}
+        />
+      ),
+    },
   ]
   const { openItems, setOpenItems } = useSettings()
 
@@ -142,6 +170,22 @@ export default function SettingAccordion({
                     />
                   </>
                 )}
+              {index === 2 && syncFlag && showOtherButton && (
+                <>
+                  <Button
+                    label="Cancel"
+                    variant="text"
+                    className="me-2"
+                    onClick={cancelOtherSettings}
+                  />
+                  <Button
+                    label="Update Setting"
+                    variant="primary"
+                    prefixIcon="Check"
+                    onClick={submitOtherSettings}
+                  />
+                </>
+              )}
             </div>
             <Accordion
               item={item}
diff --git a/src/components/dashboard/settings/sections/other/OtherSettings.tsx b/src/components/dashboard/settings/sections/other/OtherSettings.tsx
new file mode 100644
index 00000000..efcb8965
--- /dev/null
+++ b/src/components/dashboard/settings/sections/other/OtherSettings.tsx
@@ -0,0 +1,161 @@
+import {
+  AccountOption,
+  AccountsListResponseUi,
+  OtherSettingsState,
+} from '@/hook/useSettings'
+import useClickOutside from '@/hook/useClickOutside'
+import { Icon, Spinner } from 'copilot-design-system'
+import { useRef, useState } from 'react'
+
+type OtherSettingsProps = {
+  options: AccountsListResponseUi['options'] | undefined
+  settingState: OtherSettingsState
+  changeSettings: (field: keyof OtherSettingsState, value: string) => void
+  isLoading: boolean
+  error: unknown
+  isDisconnected: boolean
+}
+
+function AccountSelect({
+  label,
+  description,
+  value,
+  options,
+  placeholder,
+  onChange,
+}: {
+  label: string
+  description: string
+  value: string
+  options: AccountOption[] | undefined
+  placeholder: string
+  onChange: (id: string) => void
+}) {
+  const [isOpen, setIsOpen] = useState(false)
+  const dropdownRef = useRef<HTMLDivElement>(null)
+  const buttonRef = useRef<HTMLButtonElement>(null)
+
+  useClickOutside(dropdownRef, () => setIsOpen(false), [buttonRef])
+
+  const disabled = !options || options.length === 0
+  const selected = options?.find((o) => o.id === value)
+  // Defends against an account being deleted in QBO between load and save —
+  // surfaces the stale id with a hint instead of silently snapping to empty.
+  const optionMissing = !!value && !selected
+
+  return (
+    <div className="mb-5">
+      <label className="block text-sm font-medium mb-1">{label}</label>
+      <p className="text-xs text-gray-500 mb-2">{description}</p>
+      <div className="relative">
+        <button
+          ref={buttonRef}
+          type="button"
+          disabled={disabled}
+          onClick={() => setIsOpen((v) => !v)}
+          className="w-full bg-gray-100 hover:bg-gray-150 grid grid-cols-6 md:grid-cols-14 py-2 pl-4 pr-3 border border-gray-200 rounded text-left disabled:opacity-50 focus:outline-none focus:border-gray-200"
+        >
+          <div className="col-span-5 md:col-span-13 text-sm text-gray-600 break-all lg:break-normal">
+            {selected ? (
+              selected.name
+            ) : optionMissing ? (
+              <span className="text-gray-500">
+                Currently set: {value} — no longer in QuickBooks
+              </span>
+            ) : (
+              <span className="text-gray-400">
+                {disabled ? 'No matching accounts in QuickBooks' : placeholder}
+              </span>
+            )}
+          </div>
+          <div className="col-span-1 ml-auto my-auto">
+            <Icon
+              icon="ChevronDown"
+              width={16}
+              height={16}
+              className="text-gray-500"
+            />
+          </div>
+        </button>
+        {isOpen && !disabled && (
+          <div
+            ref={dropdownRef}
+            className="absolute right-0 left-0 top-full mt-[-1px] bg-white border border-gray-150 !shadow-popover-050 rounded-sm z-100"
+          >
+            <div className="max-h-56 overflow-y-auto">
+              {options?.map((o) => (
+                <button
+                  key={o.id}
+                  type="button"
+                  onClick={() => {
+                    onChange(o.id)
+                    setIsOpen(false)
+                  }}
+                  className="w-full px-3 py-1.5 text-sm hover:bg-gray-100 focus:outline-none transition-colors cursor-pointer text-left text-gray-600 line-clamp-1 break-all lg:break-normal"
+                >
+                  {o.name}
+                </button>
+              ))}
+            </div>
+          </div>
+        )}
+      </div>
+    </div>
+  )
+}
+
+export default function OtherSettings({
+  options,
+  settingState,
+  changeSettings,
+  isLoading,
+  error,
+  isDisconnected,
+}: OtherSettingsProps) {
+  if (isDisconnected) {
+    return (
+      <div className="mt-2 mb-6 text-sm text-gray-600">
+        Connect to QuickBooks to manage account settings.
+      </div>
+    )
+  }
+
+  if (isLoading) return <Spinner size={5} />
+
+  if (error) {
+    return (
+      <div className="mt-2 mb-6 text-sm text-red-600">
+        Could not load accounts. Reload to retry.
+      </div>
+    )
+  }
+
+  return (
+    <div className="mt-2 mb-6">
+      <AccountSelect
+        label="Income account"
+        description="Default income account assigned to services synced from Assembly to QuickBooks."
+        value={settingState.incomeAccountRef}
+        options={options?.income}
+        placeholder="Select an income account"
+        onChange={(id) => changeSettings('incomeAccountRef', id)}
+      />
+      <AccountSelect
+        label="Expense account"
+        description="Account where absorbed invoice payment fees are recorded as expenses in QuickBooks."
+        value={settingState.expenseAccountRef}
+        options={options?.expense}
+        placeholder="Select an expense account"
+        onChange={(id) => changeSettings('expenseAccountRef', id)}
+      />
+      <AccountSelect
+        label="Bank account"
+        description="Account the absorbed invoice payment fees are paid out of, paired with the expense account above."
+        value={settingState.assetAccountRef}
+        options={options?.asset}
+        placeholder="Select a bank account"
+        onChange={(id) => changeSettings('assetAccountRef', id)}
+      />
+    </div>
+  )
+}
diff --git a/src/hook/useSettings.ts b/src/hook/useSettings.ts
index f8b4251a..dfc24c97 100644
--- a/src/hook/useSettings.ts
+++ b/src/hook/useSettings.ts
@@ -9,7 +9,7 @@ import {
 import { getTimeInterval } from '@/utils/common'
 import { QBO_ITEM_NAME_MAX_LENGTH } from '@/utils/string'
 import { ProductMappingItemType } from '@/db/schema/qbProductSync'
-import { postFetcher } from '@/helper/fetch.helper'
+import { patchFetcher, postFetcher } from '@/helper/fetch.helper'
 import { mutate } from 'swr'
 import equal from 'deep-equal'
 import {
@@ -583,10 +583,113 @@ export const useInvoiceDetailSettings = () => {
   }
 }
 
+export type AccountOption = { id: string; name: string }
+
+export type OtherSettingsState = {
+  incomeAccountRef: string
+  expenseAccountRef: string
+  assetAccountRef: string
+}
+
+export type AccountsListResponseUi = {
+  options: {
+    income: AccountOption[]
+    expense: AccountOption[]
+    asset: AccountOption[]
+  }
+  selected: OtherSettingsState
+}
+
+export const useOtherSettings = () => {
+  const { token, syncFlag, portalConnectionStatus } = useApp()
+  // Skip the /accounts fetch when QB isn't connected or sync is off — the
+  // endpoint requires a live portal connection and would 404 otherwise.
+  const isDisconnected = !syncFlag || !portalConnectionStatus
+  const [settingState, setSettingState] = useState<OtherSettingsState>({
+    incomeAccountRef: '',
+    expenseAccountRef: '',
+    assetAccountRef: '',
+  })
+  const [showButton, setShowButton] = useState(false)
+  const [initialState, setInitialState] = useState<
+    OtherSettingsState | undefined
+  >()
+
+  const { data, error, isLoading } = useSwrHelper(
+    isDisconnected ? null : `/api/quickbooks/accounts?token=${token}`,
+    {
+      suspense: false,
+      revalidateOnMount: true,
+    },
+  )
+
+  useEffect(() => {
+    if (data?.selected) {
+      setSettingState(data.selected)
+      setInitialState(structuredClone(data.selected))
+    }
+  }, [data])
+
+  useEffect(() => {
+    if (!initialState) return
+    setShowButton(!equal(initialState, settingState))
+  }, [settingState, initialState])
+
+  const changeSettings = (field: keyof OtherSettingsState, value: string) => {
+    setSettingState((prev) => ({ ...prev, [field]: value }))
+  }
+
+  const submitOtherSettings = async () => {
+    if (!initialState) return
+    setShowButton(false)
+    try {
+      // Send only changed fields to keep the PATCH minimal.
+      const payload: Partial<OtherSettingsState> = {}
+      if (settingState.incomeAccountRef !== initialState.incomeAccountRef)
+        payload.incomeAccountRef = settingState.incomeAccountRef
+      if (settingState.expenseAccountRef !== initialState.expenseAccountRef)
+        payload.expenseAccountRef = settingState.expenseAccountRef
+      if (settingState.assetAccountRef !== initialState.assetAccountRef)
+        payload.assetAccountRef = settingState.assetAccountRef
+
+      await patchFetcher(
+        `/api/quickbooks/accounts?token=${token}`,
+        { 'content-type': 'application/json' },
+        payload,
+        { timeoutMs: null },
+      )
+      mutate(`/api/quickbooks/accounts?token=${token}`)
+      setInitialState(structuredClone(settingState))
+    } catch (err) {
+      setShowButton(true)
+      console.error('Error submitting Other settings', err)
+    }
+  }
+
+  const cancelOtherSettings = () => {
+    setShowButton(false)
+    if (initialState) setSettingState(initialState)
+  }
+
+  return {
+    options: data?.options as AccountsListResponseUi['options'] | undefined,
+    settingState,
+    changeSettings,
+    submitOtherSettings,
+    cancelOtherSettings,
+    error,
+    isLoading,
+    showButton,
+    isDisconnected,
+  }
+}
+
 export const useSettings = () => {
   const { isEnabled } = useApp()
   const [openItems, setOpenItems] = useState<string[]>(
-    isEnabled ? ['product-mapping'] : ['product-mapping', 'invoice-detail'],
+    isEnabled
+      ? ['product-mapping']
+      : ['product-mapping', 'invoice-detail', 'other-settings'],
   )
 
   return { openItems, setOpenItems }

From 1a846344c398ff8ff455e4617767f1c5ef52fa61 Mon Sep 17 00:00:00 2001
From: SandipBajracharya <sndp106.sb@gmail.com>
Date: Wed, 20 May 2026 14:26:07 +0545
Subject: [PATCH 03/10] test(OUT-3275): unit + integration coverage for
 account-ref endpoints

- IntuitAPI.getAccountsForProductMapping: asserts the three queries are
  built without OR / parens / IN (QBO parser limits) and that the asset
  bucket queries the Bank type.
- AccountService.listAccountsForProductMapping: happy path + 404 when
  portal connection is missing; verifies SyncToken/Active are stripped.
- TokenService.updateAccountRefs: per-bucket AccountType validation,
  rejects mismatches and missing accounts, writes scoped by portalId.
- GET /api/quickbooks/accounts: 200 happy path with TEST_*_ACCOUNT_REF
  constants; 401 without token.
- PATCH /api/quickbooks/accounts: single-field update, wrong-AccountType
  rejection, empty-body 422, all-three-valid, tenant isolation.
- Extends QBAccountRowSchema fixtures in intuitAPI.responses.test.ts
  with AccountType after the schema tightening.
- Pins integration mock factories on globalThis (per the documented
  setupFile re-entry workaround) and adds getAccountsForProductMapping
  to the IntuitAPI mock default so existing tests don't break.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 test/helpers/mocks.ts                         |   5 +
 .../quickbooks/accounts/listAccounts.test.ts  | 103 ++++++++
 .../accounts/updateAccountRefs.test.ts        | 221 ++++++++++++++++++
 test/integration/setup.ts                     |  18 +-
 .../accounts/accounts.service.test.ts         | 120 ++++++++++
 .../token/updateAccountRefs.test.ts           | 179 ++++++++++++++
 test/unit/utils/intuitAPI.accounts.test.ts    | 108 +++++++++
 test/unit/utils/intuitAPI.responses.test.ts   |  19 +-
 8 files changed, 769 insertions(+), 4 deletions(-)
 create mode 100644 test/integration/quickbooks/accounts/listAccounts.test.ts
 create mode 100644 test/integration/quickbooks/accounts/updateAccountRefs.test.ts
 create mode 100644 test/unit/api/quickbooks/accounts/accounts.service.test.ts
 create mode 100644 test/unit/api/quickbooks/token/updateAccountRefs.test.ts
 create mode 100644 test/unit/utils/intuitAPI.accounts.test.ts

diff --git a/test/helpers/mocks.ts b/test/helpers/mocks.ts
index 1ed048ba..0d74d8d3 100644
--- a/test/helpers/mocks.ts
+++ b/test/helpers/mocks.ts
@@ -120,6 +120,11 @@ export function createMockIntuitAPI(overrides: IntuitAPIOverrides = {}) {
     // base Assembly invoice number is used; override per-test to exercise the
     // suffix-walk path.
     findInvoicesByDocNumberPrefix: vi.fn().mockResolvedValue([]),
+    getAccountsForProductMapping: vi.fn().mockResolvedValue({
+      income: [],
+      expense: [],
+      asset: [],
+    }),
     ...overrides,
   }
 }
diff --git a/test/integration/quickbooks/accounts/listAccounts.test.ts b/test/integration/quickbooks/accounts/listAccounts.test.ts
new file mode 100644
index 00000000..0024bf6d
--- /dev/null
+++ b/test/integration/quickbooks/accounts/listAccounts.test.ts
@@ -0,0 +1,103 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest'
+import { testApiHandler } from 'next-test-api-route-handler'
+
+import * as appHandler from '@/app/api/quickbooks/accounts/route'
+import { truncateAllTestTables } from '@test/helpers/testDb'
+import { createMockIntuitAPI, installMockApis } from '@test/helpers/mocks'
+import {
+  seedHealthyPortal,
+  TEST_ASSET_ACCOUNT_REF,
+  TEST_EXPENSE_ACCOUNT_REF,
+  TEST_INCOME_ACCOUNT_REF,
+  TEST_WEBHOOK_TOKEN,
+} from '@test/helpers/seed'
+
+describe('GET /api/quickbooks/accounts', () => {
+  beforeEach(async () => {
+    await truncateAllTestTables()
+    installMockApis({
+      intuit: createMockIntuitAPI({
+        getAccountsForProductMapping: vi.fn().mockResolvedValue({
+          income: [
+            {
+              Id: '100',
+              Name: 'Sales',
+              SyncToken: '0',
+              Active: true,
+              AccountType: 'Income',
+            },
+            {
+              Id: '200',
+              Name: 'Service Income',
+              SyncToken: '0',
+              Active: true,
+              AccountType: 'Income',
+            },
+          ],
+          expense: [
+            {
+              Id: '102',
+              Name: 'Cost of Goods',
+              SyncToken: '0',
+              Active: true,
+              AccountType: 'Expense',
+            },
+          ],
+          asset: [
+            {
+              Id: '101',
+              Name: 'Inventory Asset',
+              SyncToken: '0',
+              Active: true,
+              AccountType: 'OtherCurrentAsset',
+            },
+          ],
+        }),
+      }),
+    })
+  })
+
+  afterEach(() => {
+    vi.clearAllMocks()
+  })
+
+  it("returns options grouped by bucket and the portal's currently-selected refs", async () => {
+    await seedHealthyPortal()
+
+    await testApiHandler({
+      appHandler,
+      url: `/api/quickbooks/accounts?token=${TEST_WEBHOOK_TOKEN}`,
+      test: async ({ fetch }) => {
+        const res = await fetch({ method: 'GET' })
+        expect(res.status).toBe(200)
+        const body = await res.json()
+        expect(body.options.income).toEqual([
+          { id: '100', name: 'Sales' },
+          { id: '200', name: 'Service Income' },
+        ])
+        expect(body.options.expense).toEqual([
+          { id: '102', name: 'Cost of Goods' },
+        ])
+        expect(body.options.asset).toEqual([
+          { id: '101', name: 'Inventory Asset' },
+        ])
+        expect(body.selected).toEqual({
+          incomeAccountRef: TEST_INCOME_ACCOUNT_REF,
+          expenseAccountRef: TEST_EXPENSE_ACCOUNT_REF,
+          assetAccountRef: TEST_ASSET_ACCOUNT_REF,
+        })
+      },
+    })
+  })
+
+  it('returns 401 without a token', async () => {
+    await testApiHandler({
+      appHandler,
+      url: `/api/quickbooks/accounts`,
+      test: async ({ fetch }) => {
+        const res = await fetch({ method: 'GET' })
+        expect(res.status).toBe(401)
+      },
+    })
+  })
+})
diff --git a/test/integration/quickbooks/accounts/updateAccountRefs.test.ts b/test/integration/quickbooks/accounts/updateAccountRefs.test.ts
new file mode 100644
index 00000000..8c64c6cb
--- /dev/null
+++ b/test/integration/quickbooks/accounts/updateAccountRefs.test.ts
@@ -0,0 +1,221 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest'
+import { testApiHandler } from 'next-test-api-route-handler'
+import { eq } from 'drizzle-orm'
+
+import * as appHandler from '@/app/api/quickbooks/accounts/route'
+import { db } from '@/db'
+import { QBPortalConnection } from '@/db/schema/qbPortalConnections'
+import { truncateAllTestTables } from '@test/helpers/testDb'
+import { createMockIntuitAPI, installMockApis } from '@test/helpers/mocks'
+import {
+  seedHealthyPortal,
+  TEST_PORTAL_ID,
+  TEST_INCOME_ACCOUNT_REF,
+  TEST_EXPENSE_ACCOUNT_REF,
+  TEST_ASSET_ACCOUNT_REF,
+  TEST_WEBHOOK_TOKEN,
+} from '@test/helpers/seed'
+
+describe('PATCH /api/quickbooks/accounts', () => {
+  const getAnAccount = vi.fn()
+
+  beforeEach(async () => {
+    await truncateAllTestTables()
+    getAnAccount.mockReset()
+    installMockApis({
+      intuit: createMockIntuitAPI({ getAnAccount }),
+    })
+  })
+  afterEach(() => vi.clearAllMocks())
+
+  it('updates only the income ref when only income is provided', async () => {
+    await seedHealthyPortal()
+    getAnAccount.mockResolvedValue({
+      Id: '500',
+      Name: 'New Sales',
+      SyncToken: '0',
+      Active: true,
+      AccountType: 'Income',
+    })
+
+    await testApiHandler({
+      appHandler,
+      url: `/api/quickbooks/accounts?token=${TEST_WEBHOOK_TOKEN}`,
+      test: async ({ fetch }) => {
+        const res = await fetch({
+          method: 'PATCH',
+          body: JSON.stringify({ incomeAccountRef: '500' }),
+          headers: { 'content-type': 'application/json' },
+        })
+        expect(res.status).toBe(200)
+        const body = await res.json()
+        expect(body.portalConnection.incomeAccountRef).toBe('500')
+        expect(body.portalConnection.accessToken).toBeUndefined()
+        expect(body.portalConnection.refreshToken).toBeUndefined()
+      },
+    })
+
+    const rows = await db
+      .select()
+      .from(QBPortalConnection)
+      .where(eq(QBPortalConnection.portalId, TEST_PORTAL_ID))
+    expect(rows[0].incomeAccountRef).toBe('500')
+    expect(rows[0].expenseAccountRef).toBe(TEST_EXPENSE_ACCOUNT_REF)
+    expect(rows[0].assetAccountRef).toBe(TEST_ASSET_ACCOUNT_REF)
+  })
+
+  it('rejects when the provided ref has the wrong AccountType', async () => {
+    await seedHealthyPortal()
+    getAnAccount.mockResolvedValue({
+      Id: '999',
+      Name: 'Bank',
+      SyncToken: '0',
+      Active: true,
+      AccountType: 'Bank',
+    })
+
+    await testApiHandler({
+      appHandler,
+      url: `/api/quickbooks/accounts?token=${TEST_WEBHOOK_TOKEN}`,
+      test: async ({ fetch }) => {
+        const res = await fetch({
+          method: 'PATCH',
+          body: JSON.stringify({ incomeAccountRef: '999' }),
+          headers: { 'content-type': 'application/json' },
+        })
+        expect(res.status).toBe(400)
+      },
+    })
+
+    const rows = await db
+      .select()
+      .from(QBPortalConnection)
+      .where(eq(QBPortalConnection.portalId, TEST_PORTAL_ID))
+    expect(rows[0].incomeAccountRef).toBe(TEST_INCOME_ACCOUNT_REF)
+  })
+
+  it('rejects empty body with 422', async () => {
+    await seedHealthyPortal()
+    await testApiHandler({
+      appHandler,
+      url: `/api/quickbooks/accounts?token=${TEST_WEBHOOK_TOKEN}`,
+      test: async ({ fetch }) => {
+        const res = await fetch({
+          method: 'PATCH',
+          body: JSON.stringify({}),
+          headers: { 'content-type': 'application/json' },
+        })
+        expect(res.status).toBe(422)
+      },
+    })
+  })
+
+  it('updates all three refs when all are provided and valid', async () => {
+    await seedHealthyPortal()
+    getAnAccount.mockImplementation(async (_name: any, id: string) => {
+      const map: Record<string, string> = {
+        '700': 'Income',
+        '701': 'Expense',
+        '702': 'Bank',
+      }
+      return {
+        Id: id,
+        Name: `acct-${id}`,
+        SyncToken: '0',
+        Active: true,
+        AccountType: map[id],
+      }
+    })
+
+    await testApiHandler({
+      appHandler,
+      url: `/api/quickbooks/accounts?token=${TEST_WEBHOOK_TOKEN}`,
+      test: async ({ fetch }) => {
+        const res = await fetch({
+          method: 'PATCH',
+          body: JSON.stringify({
+            incomeAccountRef: '700',
+            expenseAccountRef: '701',
+            assetAccountRef: '702',
+          }),
+          headers: { 'content-type': 'application/json' },
+        })
+        expect(res.status).toBe(200)
+        const body = await res.json()
+        expect(body.portalConnection.incomeAccountRef).toBe('700')
+        expect(body.portalConnection.expenseAccountRef).toBe('701')
+        expect(body.portalConnection.assetAccountRef).toBe('702')
+        expect(body.portalConnection.accessToken).toBeUndefined()
+        expect(body.portalConnection.refreshToken).toBeUndefined()
+        expect(body.portalConnection.tokenType).toBeUndefined()
+      },
+    })
+
+    const rows = await db
+      .select()
+      .from(QBPortalConnection)
+      .where(eq(QBPortalConnection.portalId, TEST_PORTAL_ID))
+    expect(rows[0].incomeAccountRef).toBe('700')
+    expect(rows[0].expenseAccountRef).toBe('701')
+    expect(rows[0].assetAccountRef).toBe('702')
+  })
+
+  it("cannot modify another portal's row (tenant isolation)", async () => {
+    // CopilotAPI mock always decrypts to TEST_PORTAL_ID, so this verifies the
+    // WHERE-clause scope works — not that a foreign token would be rejected.
+    await seedHealthyPortal()
+    const OTHER = 'other-portal-99999999'
+    await seedHealthyPortal({
+      portal: { portalId: OTHER, intuitRealmId: 'other-realm' },
+      setting: { portalId: OTHER },
+    })
+
+    getAnAccount.mockResolvedValue({
+      Id: '700',
+      Name: 'Sales',
+      SyncToken: '0',
+      Active: true,
+      AccountType: 'Income',
+    })
+
+    await testApiHandler({
+      appHandler,
+      url: `/api/quickbooks/accounts?token=${TEST_WEBHOOK_TOKEN}`,
+      test: async ({ fetch }) => {
+        const res = await fetch({
+          method: 'PATCH',
+          body: JSON.stringify({ incomeAccountRef: '700' }),
+          headers: { 'content-type': 'application/json' },
+        })
+        expect(res.status).toBe(200)
+      },
+    })
+
+    const a = await db
+      .select()
+      .from(QBPortalConnection)
+      .where(eq(QBPortalConnection.portalId, TEST_PORTAL_ID))
+    expect(a[0].incomeAccountRef).toBe('700')
+
+    const b = await db
+      .select()
+      .from(QBPortalConnection)
+      .where(eq(QBPortalConnection.portalId, OTHER))
+    expect(b[0].incomeAccountRef).toBe(TEST_INCOME_ACCOUNT_REF)
+  })
+
+  it('returns 401 without a token', async () => {
+    await testApiHandler({
+      appHandler,
+      url: `/api/quickbooks/accounts`,
+      test: async ({ fetch }) => {
+        const res = await fetch({
+          method: 'PATCH',
+          body: JSON.stringify({ incomeAccountRef: '1' }),
+          headers: { 'content-type': 'application/json' },
+        })
+        expect(res.status).toBe(401)
+      },
+    })
+  })
+})
diff --git a/test/integration/setup.ts b/test/integration/setup.ts
index caff9e7e..7e26c988 100644
--- a/test/integration/setup.ts
+++ b/test/integration/setup.ts
@@ -12,14 +12,28 @@ import { vi } from 'vitest'
  *   modules (copilot-node-sdk has an ESM directory-import that breaks).
  * - Sentry has to be stubbed because withRetry.ts calls
  *   `scope.addEventProcessor(...)` inside Sentry.withScope.
+ *
+ * Pin the vi.fn() factories on globalThis so multiple setupFile evaluations
+ * under isolate:false reuse the same mock identity. See docs/vitest-gotchas.md.
  */
 
+type MockSingletons = {
+  CopilotAPI?: ReturnType<typeof vi.fn>
+  IntuitAPI?: ReturnType<typeof vi.fn>
+}
+const g = globalThis as typeof globalThis & {
+  __qbsync_test_mocks?: MockSingletons
+}
+g.__qbsync_test_mocks ??= {}
+g.__qbsync_test_mocks.CopilotAPI ??= vi.fn()
+g.__qbsync_test_mocks.IntuitAPI ??= vi.fn()
+
 vi.mock('@/utils/copilotAPI', () => ({
-  CopilotAPI: vi.fn(),
+  CopilotAPI: g.__qbsync_test_mocks!.CopilotAPI!,
 }))
 
 vi.mock('@/utils/intuitAPI', () => ({
-  default: vi.fn(),
+  default: g.__qbsync_test_mocks!.IntuitAPI!,
   // Named export used by src/utils/error.ts to detect Intuit-sourced APIErrors
   // when unwrapping error messages in the webhook catch block.
   IntuitAPIErrorMessage: '#IntuitAPIErrorMessage#',
diff --git a/test/unit/api/quickbooks/accounts/accounts.service.test.ts b/test/unit/api/quickbooks/accounts/accounts.service.test.ts
new file mode 100644
index 00000000..42cf41f7
--- /dev/null
+++ b/test/unit/api/quickbooks/accounts/accounts.service.test.ts
@@ -0,0 +1,120 @@
+/**
+ * AccountService.listAccountsForProductMapping loads the portal connection
+ * (for selected refs + IntuitAPI tokens), delegates to IntuitAPI for the
+ * three pick-lists, and strips SyncToken/Active from the response.
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+vi.mock('@sentry/nextjs', () => ({
+  withScope: vi.fn(),
+  captureMessage: vi.fn(),
+  captureException: vi.fn(),
+}))
+vi.mock('@/utils/logger', () => ({
+  default: { info: vi.fn(), error: vi.fn() },
+}))
+
+const intuit = {
+  getAccountsForProductMapping: vi.fn(),
+}
+// Mock impl uses `function` (not arrow) so `new IntuitAPI(...)` is callable.
+vi.mock('@/utils/intuitAPI', () => ({
+  default: vi.fn().mockImplementation(function (this: unknown) {
+    return intuit
+  }),
+  IntuitAPIErrorMessage: '#IntuitAPIErrorMessage#',
+}))
+
+const tokens = {
+  accessToken: 'access',
+  refreshToken: 'refresh',
+  intuitRealmId: 'realm-1',
+  incomeAccountRef: '100',
+  expenseAccountRef: '102',
+  assetAccountRef: '101',
+  serviceItemRef: null,
+  clientFeeRef: null,
+}
+
+const getPortalTokens = vi.fn(async (_portalId: string) => tokens)
+vi.mock('@/db/service/token.service', () => ({
+  getPortalTokens: (portalId: string) => getPortalTokens(portalId),
+}))
+
+import { AccountService } from '@/app/api/quickbooks/accounts/accounts.service'
+import User from '@/app/api/core/models/User.model'
+
+const fakeUser = new User('test-token', {
+  workspaceId: 'portal-1',
+  internalUserId: 'user-1',
+})
+
+describe('AccountService.listAccountsForProductMapping', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    getPortalTokens.mockResolvedValue(tokens)
+    intuit.getAccountsForProductMapping.mockResolvedValue({
+      income: [
+        {
+          Id: '100',
+          Name: 'Sales',
+          SyncToken: '0',
+          Active: true,
+          AccountType: 'Income',
+        },
+        {
+          Id: '200',
+          Name: 'Service Income',
+          SyncToken: '0',
+          Active: true,
+          AccountType: 'Income',
+        },
+      ],
+      expense: [
+        {
+          Id: '102',
+          Name: 'Cost of Goods',
+          SyncToken: '0',
+          Active: true,
+          AccountType: 'Expense',
+        },
+      ],
+      asset: [
+        {
+          Id: '101',
+          Name: 'Inventory Asset',
+          SyncToken: '0',
+          Active: true,
+          AccountType: 'OtherCurrentAsset',
+        },
+      ],
+    })
+  })
+
+  it('returns options grouped by bucket with only id+name, plus selected refs', async () => {
+    const svc = new AccountService(fakeUser)
+    const out = await svc.listAccountsForProductMapping()
+
+    expect(out.options.income).toEqual([
+      { id: '100', name: 'Sales' },
+      { id: '200', name: 'Service Income' },
+    ])
+    expect(out.options.expense).toEqual([{ id: '102', name: 'Cost of Goods' }])
+    expect(out.options.asset).toEqual([{ id: '101', name: 'Inventory Asset' }])
+    expect(out.selected).toEqual({
+      incomeAccountRef: '100',
+      expenseAccountRef: '102',
+      assetAccountRef: '101',
+    })
+  })
+
+  it('throws 404 APIError when the portal connection is missing', async () => {
+    getPortalTokens.mockRejectedValueOnce(
+      new Error('Portal connection not found'),
+    )
+    const svc = new AccountService(fakeUser)
+    await expect(svc.listAccountsForProductMapping()).rejects.toMatchObject({
+      status: 404,
+    })
+  })
+})
diff --git a/test/unit/api/quickbooks/token/updateAccountRefs.test.ts b/test/unit/api/quickbooks/token/updateAccountRefs.test.ts
new file mode 100644
index 00000000..664fe31d
--- /dev/null
+++ b/test/unit/api/quickbooks/token/updateAccountRefs.test.ts
@@ -0,0 +1,179 @@
+/**
+ * TokenService.updateAccountRefs — validates each provided ref against QBO
+ * (must exist, be active, and have the matching AccountType) before writing
+ * to qb_portal_connections. Tenant scope is enforced by the caller via the
+ * portal-id WHERE in updateQBPortalConnection.
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+vi.mock('@sentry/nextjs', () => ({
+  withScope: vi.fn(),
+  captureMessage: vi.fn(),
+  captureException: vi.fn(),
+}))
+vi.mock('@/utils/logger', () => ({
+  default: { info: vi.fn(), error: vi.fn() },
+}))
+
+const intuit = {
+  getAnAccount: vi.fn(),
+}
+vi.mock('@/utils/intuitAPI', () => ({
+  default: vi.fn().mockImplementation(function (this: unknown) {
+    return intuit
+  }),
+  IntuitAPIErrorMessage: '#IntuitAPIErrorMessage#',
+}))
+
+const tokens = {
+  accessToken: 'access',
+  refreshToken: 'refresh',
+  intuitRealmId: 'realm-1',
+  incomeAccountRef: '100',
+  expenseAccountRef: '102',
+  assetAccountRef: '101',
+  serviceItemRef: null,
+  clientFeeRef: null,
+}
+const getPortalTokens = vi.fn(async (_portalId: string) => tokens)
+vi.mock('@/db/service/token.service', () => ({
+  getPortalTokens: (portalId: string) => getPortalTokens(portalId),
+}))
+
+import { TokenService } from '@/app/api/quickbooks/token/token.service'
+import APIError from '@/app/api/core/exceptions/api'
+import User from '@/app/api/core/models/User.model'
+
+const fakeUser = new User('test-token', {
+  workspaceId: 'portal-1',
+  internalUserId: 'user-1',
+})
+
+function makeService() {
+  const svc = new TokenService(fakeUser)
+  // Replace the inherited update method with a spy so we can assert payload
+  // shape without touching Postgres.
+  ;(svc as any).updateQBPortalConnection = vi.fn(async () => ({}))
+  return svc
+}
+
+describe('TokenService.updateAccountRefs', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    getPortalTokens.mockResolvedValue(tokens)
+  })
+
+  it('writes only the provided refs after validating their AccountType', async () => {
+    intuit.getAnAccount.mockImplementation(async (_name: any, id: string) => {
+      if (id === '300')
+        return {
+          Id: '300',
+          Name: 'New Sales',
+          SyncToken: '0',
+          Active: true,
+          AccountType: 'Income',
+        }
+      throw new Error(`unexpected id ${id}`)
+    })
+
+    const svc = makeService()
+    await svc.updateAccountRefs({ incomeAccountRef: '300' })
+
+    expect(intuit.getAnAccount).toHaveBeenCalledTimes(1)
+    expect(getPortalTokens).toHaveBeenCalledWith('portal-1')
+    expect((svc as any).updateQBPortalConnection).toHaveBeenCalledTimes(1)
+    const [payload, where] = (svc as any).updateQBPortalConnection.mock.calls[0]
+    expect(payload).toEqual({ incomeAccountRef: '300' })
+    // The WHERE clause is a Drizzle SQL fragment. Inspect its queryChunks for
+    // a column reference whose name is portal_id (tenant scoping).
+    const chunks = (where as { queryChunks?: unknown[] }).queryChunks ?? []
+    const referencesPortalId = chunks.some(
+      (c) => (c as { name?: string })?.name === 'portal_id',
+    )
+    expect(referencesPortalId).toBe(true)
+  })
+
+  it('throws 400 when an income ref points at a non-Income account', async () => {
+    intuit.getAnAccount.mockResolvedValue({
+      Id: '400',
+      Name: 'Bank',
+      SyncToken: '0',
+      Active: true,
+      AccountType: 'Bank',
+    })
+    const svc = makeService()
+    await expect(
+      svc.updateAccountRefs({ incomeAccountRef: '400' }),
+    ).rejects.toBeInstanceOf(APIError)
+    expect((svc as any).updateQBPortalConnection).not.toHaveBeenCalled()
+  })
+
+  it('throws 400 when an expense ref points at the wrong AccountType', async () => {
+    intuit.getAnAccount.mockResolvedValue({
+      Id: '500',
+      Name: 'Sales',
+      SyncToken: '0',
+      Active: true,
+      AccountType: 'Income',
+    })
+    const svc = makeService()
+    await expect(
+      svc.updateAccountRefs({ expenseAccountRef: '500' }),
+    ).rejects.toBeInstanceOf(APIError)
+    expect((svc as any).updateQBPortalConnection).not.toHaveBeenCalled()
+  })
+
+  it('throws 400 when an asset ref is not in the asset AccountType set', async () => {
+    intuit.getAnAccount.mockResolvedValue({
+      Id: '600',
+      Name: 'COGS',
+      SyncToken: '0',
+      Active: true,
+      AccountType: 'Expense',
+    })
+    const svc = makeService()
+    await expect(
+      svc.updateAccountRefs({ assetAccountRef: '600' }),
+    ).rejects.toBeInstanceOf(APIError)
+    expect((svc as any).updateQBPortalConnection).not.toHaveBeenCalled()
+  })
+
+  it('throws 400 when QBO has no such account (getAnAccount returns null)', async () => {
+    intuit.getAnAccount.mockResolvedValue(null)
+    const svc = makeService()
+    await expect(
+      svc.updateAccountRefs({ incomeAccountRef: 'does-not-exist' }),
+    ).rejects.toBeInstanceOf(APIError)
+    expect((svc as any).updateQBPortalConnection).not.toHaveBeenCalled()
+  })
+
+  it('validates and writes all three when all are provided', async () => {
+    intuit.getAnAccount.mockImplementation(async (_n: any, id: string) => {
+      const map: Record<string, string> = {
+        '300': 'Income',
+        '301': 'Expense',
+        '302': 'Bank',
+      }
+      return {
+        Id: id,
+        Name: `n-${id}`,
+        SyncToken: '0',
+        Active: true,
+        AccountType: map[id],
+      }
+    })
+    const svc = makeService()
+    await svc.updateAccountRefs({
+      incomeAccountRef: '300',
+      expenseAccountRef: '301',
+      assetAccountRef: '302',
+    })
+    expect(intuit.getAnAccount).toHaveBeenCalledTimes(3)
+    const [payload] = (svc as any).updateQBPortalConnection.mock.calls[0]
+    expect(payload).toEqual({
+      incomeAccountRef: '300',
+      expenseAccountRef: '301',
+      assetAccountRef: '302',
+    })
+  })
+})
diff --git a/test/unit/utils/intuitAPI.accounts.test.ts b/test/unit/utils/intuitAPI.accounts.test.ts
new file mode 100644
index 00000000..e235a938
--- /dev/null
+++ b/test/unit/utils/intuitAPI.accounts.test.ts
@@ -0,0 +1,108 @@
+/**
+ * Unit tests for IntuitAPI.getAccountsForProductMapping — verifies the three
+ * SQL queries are built with the agreed AccountType / AccountSubType filters
+ * and that the result is grouped into { income, expense, asset } with
+ * Active=true filtering applied by QBO's WHERE clause (not in JS).
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+vi.mock('@sentry/nextjs', () => ({
+  withScope: vi.fn(),
+  captureMessage: vi.fn(),
+  captureException: vi.fn(),
+}))
+
+vi.mock('@/utils/logger', () => ({
+  default: { info: vi.fn(), error: vi.fn() },
+}))
+
+vi.mock('@/helper/fetch.helper', () => ({
+  getFetcher: vi.fn(),
+  postFetcher: vi.fn(),
+}))
+
+import IntuitAPI, { IntuitAPITokensType } from '@/utils/intuitAPI'
+
+const baseTokens: IntuitAPITokensType = {
+  accessToken: 'access',
+  refreshToken: 'refresh',
+  intuitRealmId: 'realm-1',
+  incomeAccountRef: 'income',
+  expenseAccountRef: 'expense',
+  assetAccountRef: 'asset',
+  serviceItemRef: 'service',
+  clientFeeRef: 'client-fee',
+}
+
+type Row = {
+  Id: string
+  Name: string
+  SyncToken: string
+  Active: boolean
+  AccountType: string
+  AccountSubType?: string
+}
+const row = (
+  Id: string,
+  Name: string,
+  AccountType: string,
+  AccountSubType?: string,
+): Row => ({
+  Id,
+  Name,
+  SyncToken: '0',
+  Active: true,
+  AccountType,
+  ...(AccountSubType ? { AccountSubType } : {}),
+})
+
+function makeApi(perQueryResponse: (q: string) => unknown) {
+  const api = new IntuitAPI(baseTokens)
+  const customQuery = vi.fn(async (q: string) => perQueryResponse(q))
+  ;(api as unknown as { customQuery: unknown }).customQuery = customQuery
+  return { api, customQuery }
+}
+
+describe('IntuitAPI#getAccountsForProductMapping', () => {
+  beforeEach(() => vi.clearAllMocks())
+
+  it('issues three queries (income/expense/asset) with no OR / parens / IN', async () => {
+    const { api, customQuery } = makeApi((q) => {
+      if (q.includes("AccountType = 'Income'"))
+        return {
+          Account: [row('1', 'Sales', 'Income', 'SalesOfProductIncome')],
+        }
+      if (q.includes("AccountType = 'Expense'"))
+        return { Account: [row('2', 'COGS', 'Expense')] }
+      // Bank (asset bucket)
+      return { Account: [row('3', 'Checking', 'Bank')] }
+    })
+
+    const out = await (api as any).getAccountsForProductMapping()
+
+    expect(customQuery).toHaveBeenCalledTimes(3)
+    const queries = customQuery.mock.calls.map((c) => c[0] as string)
+
+    // QBO's parser rejects OR / parens / IN on AccountType, so every query is
+    // a flat AND chain. Income narrows by AccountSubType in SQL.
+    expect(queries[0]).toContain("AccountType = 'Income'")
+    expect(queries[0]).toContain("AccountSubType = 'SalesOfProductIncome'")
+    expect(queries[0]).not.toContain('OR')
+    expect(queries[0]).not.toContain('(')
+
+    expect(queries[1]).toContain("AccountType = 'Expense'")
+    expect(queries[2]).toContain("AccountType = 'Bank'")
+
+    expect(out).toEqual({
+      income: [row('1', 'Sales', 'Income', 'SalesOfProductIncome')],
+      expense: [row('2', 'COGS', 'Expense')],
+      asset: [row('3', 'Checking', 'Bank')],
+    })
+  })
+
+  it('returns empty arrays when QBO returns no Account key for a bucket', async () => {
+    const { api } = makeApi(() => ({})) // QueryResponse with no Account
+    const out = await (api as any).getAccountsForProductMapping()
+    expect(out).toEqual({ income: [], expense: [], asset: [] })
+  })
+})
diff --git a/test/unit/utils/intuitAPI.responses.test.ts b/test/unit/utils/intuitAPI.responses.test.ts
index 4b898a4a..a07a90d3 100644
--- a/test/unit/utils/intuitAPI.responses.test.ts
+++ b/test/unit/utils/intuitAPI.responses.test.ts
@@ -82,6 +82,7 @@ describe('IntuitAPI customQuery-based reads', () => {
       Name: 'Sales of Product Income',
       SyncToken: '0',
       Active: true,
+      AccountType: 'Income',
     })
   })
 
@@ -163,7 +164,15 @@ describe('IntuitAPI customQuery-based reads', () => {
   it('getAnAccount returns the account when QBO responds with a single match', async () => {
     vi.mocked(getFetcher).mockResolvedValue(
       queryResponse({
-        Account: [{ Id: '7', Name: 'Assets', SyncToken: '0', Active: true }],
+        Account: [
+          {
+            Id: '7',
+            Name: 'Assets',
+            SyncToken: '0',
+            Active: true,
+            AccountType: 'OtherCurrentAsset',
+          },
+        ],
       }),
     )
 
@@ -363,7 +372,13 @@ describe('IntuitAPI POST-based writes', () => {
 
   it('createAccount returns the created account when QBO accepts the request', async () => {
     vi.mocked(postFetcher).mockResolvedValue({
-      Account: { Id: '300', Name: 'New Asset', SyncToken: '0', Active: true },
+      Account: {
+        Id: '300',
+        Name: 'New Asset',
+        SyncToken: '0',
+        Active: true,
+        AccountType: 'Asset',
+      },
     })
 
     const api = makeApi()

From edbde4c6d7319c0b8473145d611b667e474856cc Mon Sep 17 00:00:00 2001
From: SandipBajracharya <sndp106.sb@gmail.com>
Date: Wed, 20 May 2026 15:27:44 +0545
Subject: [PATCH 04/10] fix(OUT-3275): address pre-push review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- TokenService.updateAccountRefs: guard the post-update row destructure
  against undefined so a zero-row WHERE produces an explicit 500 instead
  of a misleading 422 from SafePortalConnectionSchema.parse(undefined).
- Replace inline 'Income'/'Expense'/'Bank' magic strings with a local
  QBO_ACCOUNT_TYPE map. The existing AccountTypeObj enum holds
  lowercase routing keys, not QBO API values, so reusing it would
  mislead — keep the maps distinct, documented inline.
- IntuitAPI.getAccountsForProductMapping: reuse QB_ACCOUNT_COLUMNS in
  the SELECT clauses so the schema/SQL stay in sync; drop the "no
  response from QBO" throw (customQuery already throws on no-response;
  the remaining undefined-QueryResponse case is now treated as an
  empty bucket so the UI shows "No matching accounts" instead of
  "Could not load"); rename assetOtherRaw → assetRaw.
- OtherSettings dropdown: add aria-haspopup="listbox", aria-expanded,
  aria-labelledby on the trigger and role="listbox"/role="option"/
  aria-selected on the panel so screen readers can navigate it.
- Add regression test for the undefined-bucket → empty path.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/app/api/quickbooks/token/token.service.ts | 37 ++++++++++++++-----
 .../settings/sections/other/OtherSettings.tsx | 12 +++++-
 src/utils/intuitAPI.ts                        | 31 +++++++---------
 test/unit/utils/intuitAPI.accounts.test.ts    | 10 +++++
 4 files changed, 63 insertions(+), 27 deletions(-)

diff --git a/src/app/api/quickbooks/token/token.service.ts b/src/app/api/quickbooks/token/token.service.ts
index 5a851198..bcac6c07 100644
--- a/src/app/api/quickbooks/token/token.service.ts
+++ b/src/app/api/quickbooks/token/token.service.ts
@@ -113,17 +113,25 @@ export class TokenService extends BaseService {
 
     const intuitApi = new IntuitAPI(tokens)
 
-    const checks: Array<[keyof AccountRefsUpdateType, (t: string) => boolean]> =
-      []
+    // QBO API AccountType values per settings bucket. Distinct from local
+    // `AccountTypeObj` (lowercase keys for our own routing); these strings
+    // must match QBO's enum exactly.
+    const QBO_ACCOUNT_TYPE: Record<keyof AccountRefsUpdateType, string> = {
+      incomeAccountRef: 'Income',
+      expenseAccountRef: 'Expense',
+      assetAccountRef: 'Bank',
+    }
+
+    const checks: Array<[keyof AccountRefsUpdateType, string]> = []
     if (parsed.incomeAccountRef)
-      checks.push(['incomeAccountRef', (t) => t === 'Income'])
+      checks.push(['incomeAccountRef', QBO_ACCOUNT_TYPE.incomeAccountRef])
     if (parsed.expenseAccountRef)
-      checks.push(['expenseAccountRef', (t) => t === 'Expense'])
+      checks.push(['expenseAccountRef', QBO_ACCOUNT_TYPE.expenseAccountRef])
     if (parsed.assetAccountRef)
-      checks.push(['assetAccountRef', (t) => t === 'Bank'])
+      checks.push(['assetAccountRef', QBO_ACCOUNT_TYPE.assetAccountRef])
 
     await Promise.all(
-      checks.map(async ([field, isValidType]) => {
+      checks.map(async ([field, expectedType]) => {
         const id = parsed[field]!
         const account = await intuitApi.getAnAccount(undefined, id)
         if (!account) {
@@ -132,8 +140,7 @@ export class TokenService extends BaseService {
             `${field} account not found`,
           )
         }
-        const acctType = account.AccountType
-        if (!isValidType(acctType)) {
+        if (account.AccountType !== expectedType) {
           throw new APIError(
             httpStatus.BAD_REQUEST,
             `${field} has an incompatible account type`,
@@ -142,10 +149,22 @@ export class TokenService extends BaseService {
       }),
     )
 
-    return await this.updateQBPortalConnection(
+    const conn = await this.updateQBPortalConnection(
       parsed,
       eq(QBPortalConnection.portalId, this.user.workspaceId),
     )
+    // updateQBPortalConnection destructures the first row from `.returning()`
+    // and yields undefined if the WHERE matched nothing. getPortalTokens
+    // above is the de facto guard, but make it explicit so a future refactor
+    // of the ordering doesn't silently produce a misleading 422 from
+    // SafePortalConnectionSchema.parse(undefined) in the controller.
+    if (!conn) {
+      throw new APIError(
+        httpStatus.INTERNAL_SERVER_ERROR,
+        'TokenService#updateAccountRefs | portal connection row not found during update',
+      )
+    }
+    return conn
   }
 
   async turnOffSync(intuitRealmId: string) {
diff --git a/src/components/dashboard/settings/sections/other/OtherSettings.tsx b/src/components/dashboard/settings/sections/other/OtherSettings.tsx
index efcb8965..af7e847f 100644
--- a/src/components/dashboard/settings/sections/other/OtherSettings.tsx
+++ b/src/components/dashboard/settings/sections/other/OtherSettings.tsx
@@ -43,9 +43,12 @@ function AccountSelect({
   // surfaces the stale id with a hint instead of silently snapping to empty.
   const optionMissing = !!value && !selected
 
+  const labelId = `account-select-label-${label.replace(/\s+/g, '-').toLowerCase()}`
   return (
     <div className="mb-5">
-      <label className="block text-sm font-medium mb-1">{label}</label>
+      <label id={labelId} className="block text-sm font-medium mb-1">
+        {label}
+      </label>
       <p className="text-xs text-gray-500 mb-2">{description}</p>
       <div className="relative">
         <button
@@ -53,6 +56,9 @@ function AccountSelect({
           type="button"
           disabled={disabled}
           onClick={() => setIsOpen((v) => !v)}
+          aria-haspopup="listbox"
+          aria-expanded={isOpen}
+          aria-labelledby={labelId}
           className="w-full bg-gray-100 hover:bg-gray-150 grid grid-cols-6 md:grid-cols-14 py-2 pl-4 pr-3 border border-gray-200 rounded text-left disabled:opacity-50 focus:outline-none focus:border-gray-200"
         >
           <div className="col-span-5 md:col-span-13 text-sm text-gray-600 break-all lg:break-normal">
@@ -80,6 +86,8 @@ function AccountSelect({
         {isOpen && !disabled && (
           <div
             ref={dropdownRef}
+            role="listbox"
+            aria-labelledby={labelId}
             className="absolute right-0 left-0 top-full mt-[-1px] bg-white border border-gray-150 !shadow-popover-050 rounded-sm z-100"
           >
             <div className="max-h-56 overflow-y-auto">
@@ -87,6 +95,8 @@ function AccountSelect({
                 <button
                   key={o.id}
                   type="button"
+                  role="option"
+                  aria-selected={o.id === value}
                   onClick={() => {
                     onChange(o.id)
                     setIsOpen(false)
diff --git a/src/utils/intuitAPI.ts b/src/utils/intuitAPI.ts
index 5e001848..a48b84e3 100644
--- a/src/utils/intuitAPI.ts
+++ b/src/utils/intuitAPI.ts
@@ -343,28 +343,25 @@ export default class IntuitAPI {
       message: `IntuitAPI#getAccountsForProductMapping | start for realmId: ${this.tokens.intuitRealmId}`,
     })
     // QBO's query parser does not support OR, parentheses for grouping, or
-    // IN on AccountType. We work around with: one query per AccountType, and
-    // JS-side filtering on AccountSubType for the income bucket.
-    const incomeQuery =
-      "SELECT Id, Name, SyncToken, Active, AccountType, AccountSubType FROM Account WHERE AccountType = 'Income' AND AccountSubType = 'SalesOfProductIncome' AND Active = true"
-    const expenseQuery =
-      "SELECT Id, Name, SyncToken, Active, AccountType FROM Account WHERE AccountType = 'Expense' AND Active = true"
-    const assetQuery =
-      "SELECT Id, Name, SyncToken, Active, AccountType FROM Account WHERE AccountType = 'Bank' AND Active = true"
-
-    const [incomeRaw, expenseRaw, assetOtherRaw] = await Promise.all([
+    // IN on AccountType — one flat query per AccountType is the only shape
+    // that parses.
+    const baseCols = QB_ACCOUNT_COLUMNS.join(', ')
+    const incomeQuery = `SELECT ${baseCols}, AccountSubType FROM Account WHERE AccountType = 'Income' AND AccountSubType = 'SalesOfProductIncome' AND Active = true`
+    const expenseQuery = `SELECT ${baseCols} FROM Account WHERE AccountType = 'Expense' AND Active = true`
+    const assetQuery = `SELECT ${baseCols} FROM Account WHERE AccountType = 'Bank' AND Active = true`
+
+    const [incomeRaw, expenseRaw, assetRaw] = await Promise.all([
       this.customQuery(incomeQuery),
       this.customQuery(expenseQuery),
       this.customQuery(assetQuery),
     ])
 
-    if (!incomeRaw || !expenseRaw || !assetOtherRaw)
-      throw new APIError(
-        httpStatus.BAD_REQUEST,
-        'IntuitAPI#getAccountsForProductMapping | no response from QBO',
-      )
-
+    // customQuery returns undefined when QBO responds with no QueryResponse
+    // key (degenerate but observed in some empty-realm states). Treat as an
+    // empty bucket rather than a hard error — the UI shows "No matching
+    // accounts in QuickBooks" instead of a misleading "Could not load."
     const parse = (raw: unknown): QBAccountRowType[] => {
+      if (raw === undefined || raw === null) return []
       const parsed = QBAccountQueryResponseSchema.parse(raw)
       return parsed.Account ?? []
     }
@@ -372,7 +369,7 @@ export default class IntuitAPI {
     return {
       income: parse(incomeRaw),
       expense: parse(expenseRaw),
-      asset: parse(assetOtherRaw),
+      asset: parse(assetRaw),
     }
   }
 
diff --git a/test/unit/utils/intuitAPI.accounts.test.ts b/test/unit/utils/intuitAPI.accounts.test.ts
index e235a938..de3ee2c9 100644
--- a/test/unit/utils/intuitAPI.accounts.test.ts
+++ b/test/unit/utils/intuitAPI.accounts.test.ts
@@ -105,4 +105,14 @@ describe('IntuitAPI#getAccountsForProductMapping', () => {
     const out = await (api as any).getAccountsForProductMapping()
     expect(out).toEqual({ income: [], expense: [], asset: [] })
   })
+
+  it('treats a missing QueryResponse (undefined customQuery result) as an empty bucket', async () => {
+    // Regression guard: an earlier version threw APIError(400) when any of
+    // the three customQuery calls returned undefined (e.g., realm with no
+    // QueryResponse key). That would surface as "Could not load accounts"
+    // in the UI even though the correct semantic is an empty dropdown.
+    const { api } = makeApi(() => undefined)
+    const out = await (api as any).getAccountsForProductMapping()
+    expect(out).toEqual({ income: [], expense: [], asset: [] })
+  })
 })

From 2eca25fd4cdd5fbc27557ae3ce9ad14140e30c65 Mon Sep 17 00:00:00 2001
From: SandipBajracharya <sndp106.sb@gmail.com>
Date: Wed, 20 May 2026 16:00:25 +0545
Subject: [PATCH 05/10] fix(OUT-3275): dedupe AccountOption type (Greptile P2)

AccountOption was declared identically in src/type/common.ts and
src/hook/useSettings.ts. Drift risk: any addition to one shape would
silently diverge from the other across the client/server boundary.

Drop the local declaration in useSettings.ts; import the canonical
AccountOption from @/type/common. OtherSettings.tsx imports the type
directly from @/type/common too so each consumer reads the same source.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../dashboard/settings/sections/other/OtherSettings.tsx    | 7 ++-----
 src/hook/useSettings.ts                                    | 3 +--
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/src/components/dashboard/settings/sections/other/OtherSettings.tsx b/src/components/dashboard/settings/sections/other/OtherSettings.tsx
index af7e847f..3d16ac92 100644
--- a/src/components/dashboard/settings/sections/other/OtherSettings.tsx
+++ b/src/components/dashboard/settings/sections/other/OtherSettings.tsx
@@ -1,9 +1,6 @@
-import {
-  AccountOption,
-  AccountsListResponseUi,
-  OtherSettingsState,
-} from '@/hook/useSettings'
+import { AccountsListResponseUi, OtherSettingsState } from '@/hook/useSettings'
 import useClickOutside from '@/hook/useClickOutside'
+import { AccountOption } from '@/type/common'
 import { Icon, Spinner } from 'copilot-design-system'
 import { useRef, useState } from 'react'
 
diff --git a/src/hook/useSettings.ts b/src/hook/useSettings.ts
index dfc24c97..1b334259 100644
--- a/src/hook/useSettings.ts
+++ b/src/hook/useSettings.ts
@@ -13,6 +13,7 @@ import { patchFetcher, postFetcher } from '@/helper/fetch.helper'
 import { mutate } from 'swr'
 import equal from 'deep-equal'
 import {
+  AccountOption,
   InvoiceSettingType,
   ProductSettingType,
   SettingType,
@@ -583,8 +584,6 @@ export const useInvoiceDetailSettings = () => {
   }
 }
 
-export type AccountOption = { id: string; name: string }
-
 export type OtherSettingsState = {
   incomeAccountRef: string
   expenseAccountRef: string

From 4298ea5bc52f24bc617b78faf8ad516a157418ed Mon Sep 17 00:00:00 2001
From: SandipBajracharya <sndp106.sb@gmail.com>
Date: Wed, 20 May 2026 16:48:44 +0545
Subject: [PATCH 06/10] fix(OUT-3275): rename opaque locals to describe the
 value, not the process
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Per review feedback: variable names should answer "what is this value?",
not "what function ran to produce it?". Renamed in the controller +
service:

- `parsed` → `accountRefs`
- `data` → `accountsResponse`
- `payload` (local, not parameter) → `accountRefs`
- `conn` → `updatedConnection`
- `safe` → `safePortalConnection`

No behavior change. Tests + tsc + lint clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../quickbooks/accounts/accounts.controller.ts | 13 +++++++------
 src/app/api/quickbooks/token/token.service.ts  | 18 +++++++++---------
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/src/app/api/quickbooks/accounts/accounts.controller.ts b/src/app/api/quickbooks/accounts/accounts.controller.ts
index 612b9900..4ac105d7 100644
--- a/src/app/api/quickbooks/accounts/accounts.controller.ts
+++ b/src/app/api/quickbooks/accounts/accounts.controller.ts
@@ -20,22 +20,23 @@ const SafePortalConnectionSchema = QBPortalConnectionSelectSchema.pick({
 export async function listAccounts(req: NextRequest) {
   const user = await authenticate(req)
   const service = new AccountService(user)
-  const data = await service.listAccountsForProductMapping()
-  return NextResponse.json(data)
+  const accountsResponse = await service.listAccountsForProductMapping()
+  return NextResponse.json(accountsResponse)
 }
 
 export async function updateAccountRefs(req: NextRequest) {
   const user = await authenticate(req)
   const body = await req.json()
-  const payload = AccountRefsUpdateSchema.parse(body)
+  const accountRefs = AccountRefsUpdateSchema.parse(body)
 
   const service = new TokenService(user)
-  const conn = await service.updateAccountRefs(payload)
+  const updatedConnection = await service.updateAccountRefs(accountRefs)
 
-  const safe = SafePortalConnectionSchema.parse(conn)
+  const safePortalConnection =
+    SafePortalConnectionSchema.parse(updatedConnection)
 
   return NextResponse.json(
-    { portalConnection: safe },
+    { portalConnection: safePortalConnection },
     { status: httpStatus.OK },
   )
 }
diff --git a/src/app/api/quickbooks/token/token.service.ts b/src/app/api/quickbooks/token/token.service.ts
index bcac6c07..e49db5e4 100644
--- a/src/app/api/quickbooks/token/token.service.ts
+++ b/src/app/api/quickbooks/token/token.service.ts
@@ -99,7 +99,7 @@ export class TokenService extends BaseService {
   }
 
   async updateAccountRefs(payload: AccountRefsUpdateType) {
-    const parsed = AccountRefsUpdateSchema.parse(payload)
+    const accountRefs = AccountRefsUpdateSchema.parse(payload)
 
     let tokens
     try {
@@ -123,16 +123,16 @@ export class TokenService extends BaseService {
     }
 
     const checks: Array<[keyof AccountRefsUpdateType, string]> = []
-    if (parsed.incomeAccountRef)
+    if (accountRefs.incomeAccountRef)
       checks.push(['incomeAccountRef', QBO_ACCOUNT_TYPE.incomeAccountRef])
-    if (parsed.expenseAccountRef)
+    if (accountRefs.expenseAccountRef)
       checks.push(['expenseAccountRef', QBO_ACCOUNT_TYPE.expenseAccountRef])
-    if (parsed.assetAccountRef)
+    if (accountRefs.assetAccountRef)
       checks.push(['assetAccountRef', QBO_ACCOUNT_TYPE.assetAccountRef])
 
     await Promise.all(
       checks.map(async ([field, expectedType]) => {
-        const id = parsed[field]!
+        const id = accountRefs[field]!
         const account = await intuitApi.getAnAccount(undefined, id)
         if (!account) {
           throw new APIError(
@@ -149,8 +149,8 @@ export class TokenService extends BaseService {
       }),
     )
 
-    const conn = await this.updateQBPortalConnection(
-      parsed,
+    const updatedConnection = await this.updateQBPortalConnection(
+      accountRefs,
       eq(QBPortalConnection.portalId, this.user.workspaceId),
     )
     // updateQBPortalConnection destructures the first row from `.returning()`
@@ -158,13 +158,13 @@ export class TokenService extends BaseService {
     // above is the de facto guard, but make it explicit so a future refactor
     // of the ordering doesn't silently produce a misleading 422 from
     // SafePortalConnectionSchema.parse(undefined) in the controller.
-    if (!conn) {
+    if (!updatedConnection) {
       throw new APIError(
         httpStatus.INTERNAL_SERVER_ERROR,
         'TokenService#updateAccountRefs | portal connection row not found during update',
       )
     }
-    return conn
+    return updatedConnection
   }
 
   async turnOffSync(intuitRealmId: string) {

From daba030829fb0b6f53f5cae966501de02ea4ec9d Mon Sep 17 00:00:00 2001
From: SandipBajracharya <sndp106.sb@gmail.com>
Date: Thu, 21 May 2026 14:31:01 +0545
Subject: [PATCH 07/10] refactor(OUT-3275): drop QBO re-validation from PATCH
 /accounts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The PATCH endpoint is dashboard-only. Every account ref the dashboard
sends came from GET /api/quickbooks/accounts, which itself reads from
QBO. Re-fetching each ref to validate AccountType is redundant work
(up to 3 QBO API calls per save) defending against scenarios that
require either a dashboard bug or direct API misuse — neither of which
this layer is the right place to defend against.

- TokenService.updateAccountRefs: drop the per-ref getAnAccount +
  AccountType check; just write the refs scoped by portal_id and
  return the updated row.
- Lift the 404 into getPortalTokens itself (throws APIError(404) on
  missing connection) so callers don't need to try/catch and rewrap.
- accounts.service.ts: drop the now-redundant try/catch around
  getPortalTokens; the APIError it throws already has the right shape.
- accounts.controller.ts: inline SafePortalConnectionSchema.parse into
  the response.
- Tests: remove the now-stale "wrong AccountType" assertions (4 unit
  cases + 1 integration case); simplify the survivors to drop unused
  getAnAccount mocks.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../accounts/accounts.controller.ts           |   5 +-
 .../quickbooks/accounts/accounts.service.ts   |  12 +-
 src/app/api/quickbooks/token/token.service.ts |  58 +-----
 src/db/service/token.service.ts               |   5 +-
 .../accounts/updateAccountRefs.test.ts        |  70 +------
 .../accounts/accounts.service.test.ts         |  10 -
 .../token/updateAccountRefs.test.ts           | 173 +++++-------------
 7 files changed, 56 insertions(+), 277 deletions(-)

diff --git a/src/app/api/quickbooks/accounts/accounts.controller.ts b/src/app/api/quickbooks/accounts/accounts.controller.ts
index 4ac105d7..9b0f49e4 100644
--- a/src/app/api/quickbooks/accounts/accounts.controller.ts
+++ b/src/app/api/quickbooks/accounts/accounts.controller.ts
@@ -32,11 +32,8 @@ export async function updateAccountRefs(req: NextRequest) {
   const service = new TokenService(user)
   const updatedConnection = await service.updateAccountRefs(accountRefs)
 
-  const safePortalConnection =
-    SafePortalConnectionSchema.parse(updatedConnection)
-
   return NextResponse.json(
-    { portalConnection: safePortalConnection },
+    { portalConnection: SafePortalConnectionSchema.parse(updatedConnection) },
     { status: httpStatus.OK },
   )
 }
diff --git a/src/app/api/quickbooks/accounts/accounts.service.ts b/src/app/api/quickbooks/accounts/accounts.service.ts
index f873294e..71687ef2 100644
--- a/src/app/api/quickbooks/accounts/accounts.service.ts
+++ b/src/app/api/quickbooks/accounts/accounts.service.ts
@@ -1,21 +1,11 @@
 import { BaseService } from '@/app/api/core/services/base.service'
 import { getPortalTokens } from '@/db/service/token.service'
-import APIError from '@/app/api/core/exceptions/api'
-import httpStatus from 'http-status'
 import IntuitAPI from '@/utils/intuitAPI'
 import { AccountsListResponse } from '@/type/common'
 
 export class AccountService extends BaseService {
   async listAccountsForProductMapping(): Promise<AccountsListResponse> {
-    let tokens
-    try {
-      tokens = await getPortalTokens(this.user.workspaceId)
-    } catch {
-      throw new APIError(
-        httpStatus.NOT_FOUND,
-        'AccountService#listAccountsForProductMapping | no portal connection',
-      )
-    }
+    const tokens = await getPortalTokens(this.user.workspaceId)
 
     const intuitApi = new IntuitAPI(tokens)
     const { income, expense, asset } =
diff --git a/src/app/api/quickbooks/token/token.service.ts b/src/app/api/quickbooks/token/token.service.ts
index e49db5e4..f4fead40 100644
--- a/src/app/api/quickbooks/token/token.service.ts
+++ b/src/app/api/quickbooks/token/token.service.ts
@@ -12,10 +12,7 @@ import {
   QBPortalConnectionUpdateSchemaType,
 } from '@/db/schema/qbPortalConnections'
 import { QBSetting, QBSettingsUpdateSchemaType } from '@/db/schema/qbSettings'
-import {
-  getPortalConnection,
-  getPortalTokens,
-} from '@/db/service/token.service'
+import { getPortalConnection } from '@/db/service/token.service'
 import {
   AccountRefsUpdateSchema,
   AccountRefsUpdateType,
@@ -101,63 +98,10 @@ export class TokenService extends BaseService {
   async updateAccountRefs(payload: AccountRefsUpdateType) {
     const accountRefs = AccountRefsUpdateSchema.parse(payload)
 
-    let tokens
-    try {
-      tokens = await getPortalTokens(this.user.workspaceId)
-    } catch {
-      throw new APIError(
-        httpStatus.NOT_FOUND,
-        'TokenService#updateAccountRefs | no portal connection',
-      )
-    }
-
-    const intuitApi = new IntuitAPI(tokens)
-
-    // QBO API AccountType values per settings bucket. Distinct from local
-    // `AccountTypeObj` (lowercase keys for our own routing); these strings
-    // must match QBO's enum exactly.
-    const QBO_ACCOUNT_TYPE: Record<keyof AccountRefsUpdateType, string> = {
-      incomeAccountRef: 'Income',
-      expenseAccountRef: 'Expense',
-      assetAccountRef: 'Bank',
-    }
-
-    const checks: Array<[keyof AccountRefsUpdateType, string]> = []
-    if (accountRefs.incomeAccountRef)
-      checks.push(['incomeAccountRef', QBO_ACCOUNT_TYPE.incomeAccountRef])
-    if (accountRefs.expenseAccountRef)
-      checks.push(['expenseAccountRef', QBO_ACCOUNT_TYPE.expenseAccountRef])
-    if (accountRefs.assetAccountRef)
-      checks.push(['assetAccountRef', QBO_ACCOUNT_TYPE.assetAccountRef])
-
-    await Promise.all(
-      checks.map(async ([field, expectedType]) => {
-        const id = accountRefs[field]!
-        const account = await intuitApi.getAnAccount(undefined, id)
-        if (!account) {
-          throw new APIError(
-            httpStatus.BAD_REQUEST,
-            `${field} account not found`,
-          )
-        }
-        if (account.AccountType !== expectedType) {
-          throw new APIError(
-            httpStatus.BAD_REQUEST,
-            `${field} has an incompatible account type`,
-          )
-        }
-      }),
-    )
-
     const updatedConnection = await this.updateQBPortalConnection(
       accountRefs,
       eq(QBPortalConnection.portalId, this.user.workspaceId),
     )
-    // updateQBPortalConnection destructures the first row from `.returning()`
-    // and yields undefined if the WHERE matched nothing. getPortalTokens
-    // above is the de facto guard, but make it explicit so a future refactor
-    // of the ordering doesn't silently produce a misleading 422 from
-    // SafePortalConnectionSchema.parse(undefined) in the controller.
     if (!updatedConnection) {
       throw new APIError(
         httpStatus.INTERNAL_SERVER_ERROR,
diff --git a/src/db/service/token.service.ts b/src/db/service/token.service.ts
index 256ca070..38d986f6 100644
--- a/src/db/service/token.service.ts
+++ b/src/db/service/token.service.ts
@@ -1,4 +1,5 @@
 'use server'
+import APIError from '@/app/api/core/exceptions/api'
 import { db } from '@/db'
 import {
   PortalConnectionWithSettingType,
@@ -10,6 +11,7 @@ import { WorkspaceResponse } from '@/type/common'
 import { CopilotAPI } from '@/utils/copilotAPI'
 import { IntuitAPITokensType } from '@/utils/intuitAPI'
 import { and, asc, eq, isNotNull, isNull, sql } from 'drizzle-orm'
+import httpStatus from 'http-status'
 
 export const getPortalConnection = async (
   portalId: string,
@@ -108,7 +110,8 @@ export const getPortalTokens = async (
   portalId: string,
 ): Promise<IntuitAPITokensType> => {
   const portalConnection = await getPortalConnection(portalId)
-  if (!portalConnection) throw new Error('Portal connection not found')
+  if (!portalConnection)
+    throw new APIError(httpStatus.NOT_FOUND, 'Portal connection not found')
 
   return {
     accessToken: portalConnection.accessToken,
diff --git a/test/integration/quickbooks/accounts/updateAccountRefs.test.ts b/test/integration/quickbooks/accounts/updateAccountRefs.test.ts
index 8c64c6cb..3d571cc1 100644
--- a/test/integration/quickbooks/accounts/updateAccountRefs.test.ts
+++ b/test/integration/quickbooks/accounts/updateAccountRefs.test.ts
@@ -6,7 +6,7 @@ import * as appHandler from '@/app/api/quickbooks/accounts/route'
 import { db } from '@/db'
 import { QBPortalConnection } from '@/db/schema/qbPortalConnections'
 import { truncateAllTestTables } from '@test/helpers/testDb'
-import { createMockIntuitAPI, installMockApis } from '@test/helpers/mocks'
+import { installMockApis } from '@test/helpers/mocks'
 import {
   seedHealthyPortal,
   TEST_PORTAL_ID,
@@ -17,26 +17,14 @@ import {
 } from '@test/helpers/seed'
 
 describe('PATCH /api/quickbooks/accounts', () => {
-  const getAnAccount = vi.fn()
-
   beforeEach(async () => {
     await truncateAllTestTables()
-    getAnAccount.mockReset()
-    installMockApis({
-      intuit: createMockIntuitAPI({ getAnAccount }),
-    })
+    installMockApis()
   })
   afterEach(() => vi.clearAllMocks())
 
   it('updates only the income ref when only income is provided', async () => {
     await seedHealthyPortal()
-    getAnAccount.mockResolvedValue({
-      Id: '500',
-      Name: 'New Sales',
-      SyncToken: '0',
-      Active: true,
-      AccountType: 'Income',
-    })
 
     await testApiHandler({
       appHandler,
@@ -64,36 +52,6 @@ describe('PATCH /api/quickbooks/accounts', () => {
     expect(rows[0].assetAccountRef).toBe(TEST_ASSET_ACCOUNT_REF)
   })
 
-  it('rejects when the provided ref has the wrong AccountType', async () => {
-    await seedHealthyPortal()
-    getAnAccount.mockResolvedValue({
-      Id: '999',
-      Name: 'Bank',
-      SyncToken: '0',
-      Active: true,
-      AccountType: 'Bank',
-    })
-
-    await testApiHandler({
-      appHandler,
-      url: `/api/quickbooks/accounts?token=${TEST_WEBHOOK_TOKEN}`,
-      test: async ({ fetch }) => {
-        const res = await fetch({
-          method: 'PATCH',
-          body: JSON.stringify({ incomeAccountRef: '999' }),
-          headers: { 'content-type': 'application/json' },
-        })
-        expect(res.status).toBe(400)
-      },
-    })
-
-    const rows = await db
-      .select()
-      .from(QBPortalConnection)
-      .where(eq(QBPortalConnection.portalId, TEST_PORTAL_ID))
-    expect(rows[0].incomeAccountRef).toBe(TEST_INCOME_ACCOUNT_REF)
-  })
-
   it('rejects empty body with 422', async () => {
     await seedHealthyPortal()
     await testApiHandler({
@@ -110,22 +68,8 @@ describe('PATCH /api/quickbooks/accounts', () => {
     })
   })
 
-  it('updates all three refs when all are provided and valid', async () => {
+  it('updates all three refs when all are provided', async () => {
     await seedHealthyPortal()
-    getAnAccount.mockImplementation(async (_name: any, id: string) => {
-      const map: Record<string, string> = {
-        '700': 'Income',
-        '701': 'Expense',
-        '702': 'Bank',
-      }
-      return {
-        Id: id,
-        Name: `acct-${id}`,
-        SyncToken: '0',
-        Active: true,
-        AccountType: map[id],
-      }
-    })
 
     await testApiHandler({
       appHandler,
@@ -170,14 +114,6 @@ describe('PATCH /api/quickbooks/accounts', () => {
       setting: { portalId: OTHER },
     })
 
-    getAnAccount.mockResolvedValue({
-      Id: '700',
-      Name: 'Sales',
-      SyncToken: '0',
-      Active: true,
-      AccountType: 'Income',
-    })
-
     await testApiHandler({
       appHandler,
       url: `/api/quickbooks/accounts?token=${TEST_WEBHOOK_TOKEN}`,
diff --git a/test/unit/api/quickbooks/accounts/accounts.service.test.ts b/test/unit/api/quickbooks/accounts/accounts.service.test.ts
index 42cf41f7..3972fc0c 100644
--- a/test/unit/api/quickbooks/accounts/accounts.service.test.ts
+++ b/test/unit/api/quickbooks/accounts/accounts.service.test.ts
@@ -107,14 +107,4 @@ describe('AccountService.listAccountsForProductMapping', () => {
       assetAccountRef: '101',
     })
   })
-
-  it('throws 404 APIError when the portal connection is missing', async () => {
-    getPortalTokens.mockRejectedValueOnce(
-      new Error('Portal connection not found'),
-    )
-    const svc = new AccountService(fakeUser)
-    await expect(svc.listAccountsForProductMapping()).rejects.toMatchObject({
-      status: 404,
-    })
-  })
 })
diff --git a/test/unit/api/quickbooks/token/updateAccountRefs.test.ts b/test/unit/api/quickbooks/token/updateAccountRefs.test.ts
index 664fe31d..3a61e94e 100644
--- a/test/unit/api/quickbooks/token/updateAccountRefs.test.ts
+++ b/test/unit/api/quickbooks/token/updateAccountRefs.test.ts
@@ -1,8 +1,7 @@
 /**
- * TokenService.updateAccountRefs — validates each provided ref against QBO
- * (must exist, be active, and have the matching AccountType) before writing
- * to qb_portal_connections. Tenant scope is enforced by the caller via the
- * portal-id WHERE in updateQBPortalConnection.
+ * TokenService.updateAccountRefs writes incoming refs to qb_portal_connections
+ * scoped by portalId. The dashboard is the only caller and every ref came from
+ * GET /api/quickbooks/accounts, so no per-ref QBO validation runs here.
  */
 import { describe, it, expect, vi, beforeEach } from 'vitest'
 
@@ -15,29 +14,15 @@ vi.mock('@/utils/logger', () => ({
   default: { info: vi.fn(), error: vi.fn() },
 }))
 
-const intuit = {
-  getAnAccount: vi.fn(),
-}
+// Stub IntuitAPI + CopilotAPI so importing TokenService doesn't transitively
+// load copilot-node-sdk (which has an ESM directory-import that breaks under
+// vitest). See docs/vitest-gotchas.md.
 vi.mock('@/utils/intuitAPI', () => ({
-  default: vi.fn().mockImplementation(function (this: unknown) {
-    return intuit
-  }),
+  default: vi.fn(),
   IntuitAPIErrorMessage: '#IntuitAPIErrorMessage#',
 }))
-
-const tokens = {
-  accessToken: 'access',
-  refreshToken: 'refresh',
-  intuitRealmId: 'realm-1',
-  incomeAccountRef: '100',
-  expenseAccountRef: '102',
-  assetAccountRef: '101',
-  serviceItemRef: null,
-  clientFeeRef: null,
-}
-const getPortalTokens = vi.fn(async (_portalId: string) => tokens)
-vi.mock('@/db/service/token.service', () => ({
-  getPortalTokens: (portalId: string) => getPortalTokens(portalId),
+vi.mock('@/utils/copilotAPI', () => ({
+  CopilotAPI: vi.fn(),
 }))
 
 import { TokenService } from '@/app/api/quickbooks/token/token.service'
@@ -49,43 +34,29 @@ const fakeUser = new User('test-token', {
   internalUserId: 'user-1',
 })
 
-function makeService() {
-  const svc = new TokenService(fakeUser)
-  // Replace the inherited update method with a spy so we can assert payload
-  // shape without touching Postgres.
-  ;(svc as any).updateQBPortalConnection = vi.fn(async () => ({}))
-  return svc
+function makeService(updateReturn: unknown = { id: 'pc-1' }) {
+  const service = new TokenService(fakeUser)
+  // Spy on the inherited update so we can assert payload + WHERE clause without
+  // touching Postgres.
+  ;(service as any).updateQBPortalConnection = vi
+    .fn()
+    .mockResolvedValue(updateReturn)
+  return service
 }
 
 describe('TokenService.updateAccountRefs', () => {
   beforeEach(() => {
     vi.clearAllMocks()
-    getPortalTokens.mockResolvedValue(tokens)
   })
 
-  it('writes only the provided refs after validating their AccountType', async () => {
-    intuit.getAnAccount.mockImplementation(async (_name: any, id: string) => {
-      if (id === '300')
-        return {
-          Id: '300',
-          Name: 'New Sales',
-          SyncToken: '0',
-          Active: true,
-          AccountType: 'Income',
-        }
-      throw new Error(`unexpected id ${id}`)
-    })
-
-    const svc = makeService()
-    await svc.updateAccountRefs({ incomeAccountRef: '300' })
+  it('writes only the provided refs, scoped by portal_id', async () => {
+    const service = makeService()
+    await service.updateAccountRefs({ incomeAccountRef: '300' })
 
-    expect(intuit.getAnAccount).toHaveBeenCalledTimes(1)
-    expect(getPortalTokens).toHaveBeenCalledWith('portal-1')
-    expect((svc as any).updateQBPortalConnection).toHaveBeenCalledTimes(1)
-    const [payload, where] = (svc as any).updateQBPortalConnection.mock.calls[0]
-    expect(payload).toEqual({ incomeAccountRef: '300' })
-    // The WHERE clause is a Drizzle SQL fragment. Inspect its queryChunks for
-    // a column reference whose name is portal_id (tenant scoping).
+    expect((service as any).updateQBPortalConnection).toHaveBeenCalledTimes(1)
+    const [accountRefs, where] = (service as any).updateQBPortalConnection.mock
+      .calls[0]
+    expect(accountRefs).toEqual({ incomeAccountRef: '300' })
     const chunks = (where as { queryChunks?: unknown[] }).queryChunks ?? []
     const referencesPortalId = chunks.some(
       (c) => (c as { name?: string })?.name === 'portal_id',
@@ -93,87 +64,35 @@ describe('TokenService.updateAccountRefs', () => {
     expect(referencesPortalId).toBe(true)
   })
 
-  it('throws 400 when an income ref points at a non-Income account', async () => {
-    intuit.getAnAccount.mockResolvedValue({
-      Id: '400',
-      Name: 'Bank',
-      SyncToken: '0',
-      Active: true,
-      AccountType: 'Bank',
-    })
-    const svc = makeService()
-    await expect(
-      svc.updateAccountRefs({ incomeAccountRef: '400' }),
-    ).rejects.toBeInstanceOf(APIError)
-    expect((svc as any).updateQBPortalConnection).not.toHaveBeenCalled()
-  })
-
-  it('throws 400 when an expense ref points at the wrong AccountType', async () => {
-    intuit.getAnAccount.mockResolvedValue({
-      Id: '500',
-      Name: 'Sales',
-      SyncToken: '0',
-      Active: true,
-      AccountType: 'Income',
-    })
-    const svc = makeService()
-    await expect(
-      svc.updateAccountRefs({ expenseAccountRef: '500' }),
-    ).rejects.toBeInstanceOf(APIError)
-    expect((svc as any).updateQBPortalConnection).not.toHaveBeenCalled()
-  })
-
-  it('throws 400 when an asset ref is not in the asset AccountType set', async () => {
-    intuit.getAnAccount.mockResolvedValue({
-      Id: '600',
-      Name: 'COGS',
-      SyncToken: '0',
-      Active: true,
-      AccountType: 'Expense',
-    })
-    const svc = makeService()
-    await expect(
-      svc.updateAccountRefs({ assetAccountRef: '600' }),
-    ).rejects.toBeInstanceOf(APIError)
-    expect((svc as any).updateQBPortalConnection).not.toHaveBeenCalled()
-  })
-
-  it('throws 400 when QBO has no such account (getAnAccount returns null)', async () => {
-    intuit.getAnAccount.mockResolvedValue(null)
-    const svc = makeService()
-    await expect(
-      svc.updateAccountRefs({ incomeAccountRef: 'does-not-exist' }),
-    ).rejects.toBeInstanceOf(APIError)
-    expect((svc as any).updateQBPortalConnection).not.toHaveBeenCalled()
-  })
-
-  it('validates and writes all three when all are provided', async () => {
-    intuit.getAnAccount.mockImplementation(async (_n: any, id: string) => {
-      const map: Record<string, string> = {
-        '300': 'Income',
-        '301': 'Expense',
-        '302': 'Bank',
-      }
-      return {
-        Id: id,
-        Name: `n-${id}`,
-        SyncToken: '0',
-        Active: true,
-        AccountType: map[id],
-      }
-    })
-    const svc = makeService()
-    await svc.updateAccountRefs({
+  it('writes all three refs when all are provided', async () => {
+    const service = makeService()
+    await service.updateAccountRefs({
       incomeAccountRef: '300',
       expenseAccountRef: '301',
       assetAccountRef: '302',
     })
-    expect(intuit.getAnAccount).toHaveBeenCalledTimes(3)
-    const [payload] = (svc as any).updateQBPortalConnection.mock.calls[0]
-    expect(payload).toEqual({
+    const [accountRefs] = (service as any).updateQBPortalConnection.mock
+      .calls[0]
+    expect(accountRefs).toEqual({
       incomeAccountRef: '300',
       expenseAccountRef: '301',
       assetAccountRef: '302',
     })
   })
+
+  it('throws 500 when the update matches no row (portal connection missing)', async () => {
+    // updateQBPortalConnection yields a falsy value when WHERE matches zero
+    // rows (Drizzle destructures `.returning()`'s first element). Pass null
+    // — undefined would collide with makeService's default parameter.
+    const service = makeService(null)
+    await expect(
+      service.updateAccountRefs({ incomeAccountRef: '300' }),
+    ).rejects.toBeInstanceOf(APIError)
+  })
+
+  it('rejects an empty payload via the schema refine', async () => {
+    const service = makeService()
+    await expect(service.updateAccountRefs({})).rejects.toThrow()
+    expect((service as any).updateQBPortalConnection).not.toHaveBeenCalled()
+  })
 })

From 8d16f3493b1dc1e34babdec7543cd6c033246959 Mon Sep 17 00:00:00 2001
From: SandipBajracharya <sndp106.sb@gmail.com>
Date: Thu, 21 May 2026 14:37:45 +0545
Subject: [PATCH 08/10] refactor(OUT-3275): hoist suspense + revalidateOnMount
 defaults into useSwrHelper

Four of the five useSwrHelper callers in the settings dashboard pass the
same { suspense: true, revalidateOnMount: false } overrides. Move them
into the helper's defaults; callers can still override per-call.

useOtherSettings keeps an explicit { suspense: false, revalidateOnMount:
true } override because its loading/error state must stay inline to the
accordion section. Without it, SWR's suspense bubble would hit the
page-level loading.tsx and flash a full-screen spinner over the rest of
the dashboard on first open.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/helper/swr.helper.ts |  2 ++
 src/hook/useSettings.ts  | 29 +++++------------------------
 2 files changed, 7 insertions(+), 24 deletions(-)

diff --git a/src/helper/swr.helper.ts b/src/helper/swr.helper.ts
index 4665ffae..a2e34a12 100644
--- a/src/helper/swr.helper.ts
+++ b/src/helper/swr.helper.ts
@@ -8,5 +8,7 @@ const fetcher = (url: string) => getFetcher(url, {}, { timeoutMs: null })
 export const useSwrHelper = (key: any, opts: SWRConfiguration = {}) =>
   useSWR(key, fetcher, {
     revalidateOnFocus: false,
+    suspense: true,
+    revalidateOnMount: false,
     ...opts,
   })
diff --git a/src/hook/useSettings.ts b/src/hook/useSettings.ts
index 1b334259..24ec76db 100644
--- a/src/hook/useSettings.ts
+++ b/src/hook/useSettings.ts
@@ -76,10 +76,6 @@ export const useProductMappingSettings = () => {
 
   const { data: setting } = useSwrHelper(
     `/api/quickbooks/setting?type=${SettingType.PRODUCT}&token=${token}`,
-    {
-      suspense: true,
-      revalidateOnMount: false,
-    },
   )
 
   const changeSettings = async (
@@ -339,26 +335,14 @@ export const useProductTableSetting = (
   const { token, setAppParams, syncFlag } = useApp()
   const { data: products } = useSwrHelper(
     `/api/quickbooks/product/flatten?token=${token}`,
-    {
-      suspense: true,
-      revalidateOnMount: false,
-    },
   )
 
   const { data: quickbooksItems } = useSwrHelper(
     syncFlag ? `/api/quickbooks/product/qb/item?token=${token}` : null,
-    {
-      suspense: true,
-      revalidateOnMount: false,
-    },
   )
 
   const { data: mappedItems } = useSwrHelper(
     `/api/quickbooks/product/map?token=${token}`,
-    {
-      suspense: true,
-      revalidateOnMount: false,
-    },
   )
 
   useEffect(() => {
@@ -516,10 +500,7 @@ export const useInvoiceDetailSettings = () => {
     data: setting,
     error,
     isLoading,
-  } = useSwrHelper(`/api/quickbooks/setting?type=invoice&token=${token}`, {
-    suspense: true,
-    revalidateOnMount: false,
-  })
+  } = useSwrHelper(`/api/quickbooks/setting?type=invoice&token=${token}`)
 
   const changeSettings = async (
     flag: keyof InvoiceSettingType,
@@ -616,10 +597,10 @@ export const useOtherSettings = () => {
 
   const { data, error, isLoading } = useSwrHelper(
     isDisconnected ? null : `/api/quickbooks/accounts?token=${token}`,
-    {
-      suspense: false,
-      revalidateOnMount: true,
-    },
+    // Override the shared suspense default: keep loading/error state inline
+    // to this accordion section so the dashboard doesn't fall back to the
+    // page-level loading.tsx full-screen spinner on first open.
+    { suspense: false, revalidateOnMount: true },
   )
 
   useEffect(() => {

From 4d7321d8fd3bbf8ed60c5eb6c295ecbadf190e16 Mon Sep 17 00:00:00 2001
From: SandipBajracharya <sndp106.sb@gmail.com>
Date: Thu, 21 May 2026 15:45:28 +0545
Subject: [PATCH 09/10] refactor(OUT-3275): make useSwrHelper generic over the
 response shape

Callers can now pass useSwrHelper<MyType>(url) and `data` is typed as
MyType | undefined instead of any. Default T = any keeps existing
call sites working without changes.

useOtherSettings adopts the generic and drops its `as ...` cast on
data?.options. The other consumers in this file (product mapping,
invoice detail) stay on the implicit any default and can be migrated
incrementally as they're touched.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/helper/swr.helper.ts | 7 +++++--
 src/hook/useSettings.ts  | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/helper/swr.helper.ts b/src/helper/swr.helper.ts
index a2e34a12..da17a058 100644
--- a/src/helper/swr.helper.ts
+++ b/src/helper/swr.helper.ts
@@ -5,8 +5,11 @@ import useSWR, { SWRConfiguration } from 'swr'
 // SWR handles its own error-retry; aborts here would just produce false negatives.
 const fetcher = (url: string) => getFetcher(url, {}, { timeoutMs: null })
 
-export const useSwrHelper = (key: any, opts: SWRConfiguration = {}) =>
-  useSWR(key, fetcher, {
+export const useSwrHelper = <T = any>(
+  key: any,
+  opts: SWRConfiguration<T> = {},
+) =>
+  useSWR<T>(key, fetcher, {
     revalidateOnFocus: false,
     suspense: true,
     revalidateOnMount: false,
diff --git a/src/hook/useSettings.ts b/src/hook/useSettings.ts
index 24ec76db..7cecd2f8 100644
--- a/src/hook/useSettings.ts
+++ b/src/hook/useSettings.ts
@@ -595,7 +595,7 @@ export const useOtherSettings = () => {
     OtherSettingsState | undefined
   >()
 
-  const { data, error, isLoading } = useSwrHelper(
+  const { data, error, isLoading } = useSwrHelper<AccountsListResponseUi>(
     isDisconnected ? null : `/api/quickbooks/accounts?token=${token}`,
     // Override the shared suspense default: keep loading/error state inline
     // to this accordion section so the dashboard doesn't fall back to the
@@ -652,7 +652,7 @@ export const useOtherSettings = () => {
   }
 
   return {
-    options: data?.options as AccountsListResponseUi['options'] | undefined,
+    options: data?.options,
     settingState,
     changeSettings,
     submitOtherSettings,

From cee5f7ab1c5aa7869bed24c294d343ecd173a1a3 Mon Sep 17 00:00:00 2001
From: SandipBajracharya <sndp106.sb@gmail.com>
Date: Fri, 22 May 2026 11:19:55 +0545
Subject: [PATCH 10/10] refactor(OUT-3275): rename Other Settings section to
 Account Mapping
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Renames the third settings accordion ("Other Settings" → "Account Mapping")
end-to-end: section header, accordion id, file/folder path, component, hook,
state/props types, handlers, and destructure aliases. Also updates the
missing-option placeholder copy to "Please select <label>" instead of
surfacing the opaque QBO ref id.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../dashboard/settings/SettingAccordion.tsx   | 44 +++++++++----------
 .../AccountMapping.tsx}                       | 14 +++---
 src/hook/useSettings.ts                       | 26 +++++------
 3 files changed, 42 insertions(+), 42 deletions(-)
 rename src/components/dashboard/settings/sections/{other/OtherSettings.tsx => account/AccountMapping.tsx} (93%)

diff --git a/src/components/dashboard/settings/SettingAccordion.tsx b/src/components/dashboard/settings/SettingAccordion.tsx
index e80ea56e..33bb6a90 100644
--- a/src/components/dashboard/settings/SettingAccordion.tsx
+++ b/src/components/dashboard/settings/SettingAccordion.tsx
@@ -1,12 +1,12 @@
 import { useApp } from '@/app/context/AppContext'
 import InvoiceDetail from '@/components/dashboard/settings/sections/invoice/InvoiceDetail'
-import OtherSettings from '@/components/dashboard/settings/sections/other/OtherSettings'
+import AccountMapping from '@/components/dashboard/settings/sections/account/AccountMapping'
 import ProductMapping from '@/components/dashboard/settings/sections/product/ProductMapping'
 import Accordion from '@/components/ui/Accordion'
 import Divider from '@/components/ui/Divider'
 import {
   useInvoiceDetailSettings,
-  useOtherSettings,
+  useAccountMapping,
   useProductMappingSettings,
   useSettings,
 } from '@/hook/useSettings'
@@ -48,15 +48,15 @@ export default function SettingAccordion({
 
   const {
     options: accountOptions,
-    settingState: otherSettingState,
-    changeSettings: changeOtherSettings,
-    submitOtherSettings,
-    cancelOtherSettings,
-    isLoading: otherIsLoading,
-    error: otherError,
-    showButton: showOtherButton,
-    isDisconnected: otherIsDisconnected,
-  } = useOtherSettings()
+    settingState: accountMappingState,
+    changeSettings: changeAccountMapping,
+    submitAccountMapping,
+    cancelAccountMapping,
+    isLoading: accountMappingIsLoading,
+    error: accountMappingError,
+    showButton: showAccountMappingButton,
+    isDisconnected: accountMappingIsDisconnected,
+  } = useAccountMapping()
 
   const accordionItems = [
     {
@@ -90,16 +90,16 @@ export default function SettingAccordion({
       ),
     },
     {
-      id: 'other-settings',
-      header: 'Other Settings',
+      id: 'account-mapping',
+      header: 'Account Mapping',
       content: (
-        <OtherSettings
+        <AccountMapping
           options={accountOptions}
-          settingState={otherSettingState}
-          changeSettings={changeOtherSettings}
-          isLoading={otherIsLoading}
-          error={otherError}
-          isDisconnected={otherIsDisconnected}
+          settingState={accountMappingState}
+          changeSettings={changeAccountMapping}
+          isLoading={accountMappingIsLoading}
+          error={accountMappingError}
+          isDisconnected={accountMappingIsDisconnected}
         />
       ),
     },
@@ -170,19 +170,19 @@ export default function SettingAccordion({
                     />
                   </>
                 )}
-              {index === 2 && syncFlag && showOtherButton && (
+              {index === 2 && syncFlag && showAccountMappingButton && (
                 <>
                   <Button
                     label="Cancel"
                     variant="text"
                     className="me-2"
-                    onClick={cancelOtherSettings}
+                    onClick={cancelAccountMapping}
                   />
                   <Button
                     label="Update Setting"
                     variant="primary"
                     prefixIcon="Check"
-                    onClick={submitOtherSettings}
+                    onClick={submitAccountMapping}
                   />
                 </>
               )}
diff --git a/src/components/dashboard/settings/sections/other/OtherSettings.tsx b/src/components/dashboard/settings/sections/account/AccountMapping.tsx
similarity index 93%
rename from src/components/dashboard/settings/sections/other/OtherSettings.tsx
rename to src/components/dashboard/settings/sections/account/AccountMapping.tsx
index 3d16ac92..ea402a97 100644
--- a/src/components/dashboard/settings/sections/other/OtherSettings.tsx
+++ b/src/components/dashboard/settings/sections/account/AccountMapping.tsx
@@ -1,13 +1,13 @@
-import { AccountsListResponseUi, OtherSettingsState } from '@/hook/useSettings'
+import { AccountsListResponseUi, AccountMappingState } from '@/hook/useSettings'
 import useClickOutside from '@/hook/useClickOutside'
 import { AccountOption } from '@/type/common'
 import { Icon, Spinner } from 'copilot-design-system'
 import { useRef, useState } from 'react'
 
-type OtherSettingsProps = {
+type AccountMappingProps = {
   options: AccountsListResponseUi['options'] | undefined
-  settingState: OtherSettingsState
-  changeSettings: (field: keyof OtherSettingsState, value: string) => void
+  settingState: AccountMappingState
+  changeSettings: (field: keyof AccountMappingState, value: string) => void
   isLoading: boolean
   error: unknown
   isDisconnected: boolean
@@ -63,7 +63,7 @@ function AccountSelect({
               selected.name
             ) : optionMissing ? (
               <span className="text-gray-500">
-                Currently set: {value} — no longer in QuickBooks
+                Please select {label.toLowerCase()}
               </span>
             ) : (
               <span className="text-gray-400">
@@ -111,14 +111,14 @@ function AccountSelect({
   )
 }
 
-export default function OtherSettings({
+export default function AccountMapping({
   options,
   settingState,
   changeSettings,
   isLoading,
   error,
   isDisconnected,
-}: OtherSettingsProps) {
+}: AccountMappingProps) {
   if (isDisconnected) {
     return (
       <div className="mt-2 mb-6 text-sm text-gray-600">
diff --git a/src/hook/useSettings.ts b/src/hook/useSettings.ts
index 7cecd2f8..68acd895 100644
--- a/src/hook/useSettings.ts
+++ b/src/hook/useSettings.ts
@@ -565,7 +565,7 @@ export const useInvoiceDetailSettings = () => {
   }
 }
 
-export type OtherSettingsState = {
+export type AccountMappingState = {
   incomeAccountRef: string
   expenseAccountRef: string
   assetAccountRef: string
@@ -577,22 +577,22 @@ export type AccountsListResponseUi = {
     expense: AccountOption[]
     asset: AccountOption[]
   }
-  selected: OtherSettingsState
+  selected: AccountMappingState
 }
 
-export const useOtherSettings = () => {
+export const useAccountMapping = () => {
   const { token, syncFlag, portalConnectionStatus } = useApp()
   // Skip the /accounts fetch when QB isn't connected or sync is off — the
   // endpoint requires a live portal connection and would 404 otherwise.
   const isDisconnected = !syncFlag || !portalConnectionStatus
-  const [settingState, setSettingState] = useState<OtherSettingsState>({
+  const [settingState, setSettingState] = useState<AccountMappingState>({
     incomeAccountRef: '',
     expenseAccountRef: '',
     assetAccountRef: '',
   })
   const [showButton, setShowButton] = useState(false)
   const [initialState, setInitialState] = useState<
-    OtherSettingsState | undefined
+    AccountMappingState | undefined
   >()
 
   const { data, error, isLoading } = useSwrHelper<AccountsListResponseUi>(
@@ -615,16 +615,16 @@ export const useOtherSettings = () => {
     setShowButton(!equal(initialState, settingState))
   }, [settingState, initialState])
 
-  const changeSettings = (field: keyof OtherSettingsState, value: string) => {
+  const changeSettings = (field: keyof AccountMappingState, value: string) => {
     setSettingState((prev) => ({ ...prev, [field]: value }))
   }
 
-  const submitOtherSettings = async () => {
+  const submitAccountMapping = async () => {
     if (!initialState) return
     setShowButton(false)
     try {
       // Send only changed fields to keep the PATCH minimal.
-      const payload: Partial<OtherSettingsState> = {}
+      const payload: Partial<AccountMappingState> = {}
       if (settingState.incomeAccountRef !== initialState.incomeAccountRef)
         payload.incomeAccountRef = settingState.incomeAccountRef
       if (settingState.expenseAccountRef !== initialState.expenseAccountRef)
@@ -642,11 +642,11 @@ export const useOtherSettings = () => {
       setInitialState(structuredClone(settingState))
     } catch (err) {
       setShowButton(true)
-      console.error('Error submitting Other settings', err)
+      console.error('Error submitting Account Mapping settings', err)
     }
   }
 
-  const cancelOtherSettings = () => {
+  const cancelAccountMapping = () => {
     setShowButton(false)
     if (initialState) setSettingState(initialState)
   }
@@ -655,8 +655,8 @@ export const useOtherSettings = () => {
     options: data?.options,
     settingState,
     changeSettings,
-    submitOtherSettings,
-    cancelOtherSettings,
+    submitAccountMapping,
+    cancelAccountMapping,
     error,
     isLoading,
     showButton,
@@ -669,7 +669,7 @@ export const useSettings = () => {
   const [openItems, setOpenItems] = useState<string[]>(
     isEnabled
       ? ['product-mapping']
-      : ['product-mapping', 'invoice-detail', 'other-settings'],
+      : ['product-mapping', 'invoice-detail', 'account-mapping'],
   )
 
   return { openItems, setOpenItems }