migrate(DBCRFUN): translate payment debit/credit flow

[a2chang]

Source program

• https://github.com/augment-solutions/cics-banking-sample-application-cbsa/blob/main/src/base/cobol_src/DBCRFUN.cbl

Mapped REST endpoints

• POST /api/v1/dbcrfun

Notable decisions

• Mapped the z/OS Connect PAYDBCR payload to POST /api/v1/dbcrfun, preserving the nested request/response shape and returning RFC-7807 ProblemDetail bodies for failures.
• Used CrdbRetry.run(...) around a transactional SELECT ... FOR UPDATE account lock so debit/credit updates follow CockroachDB retry requirements while matching the COBOL single-record update flow.
• Preserved DBCRFUN fail-code behavior with 1 for account not found, 2 for persistence/update failures, 3 for insufficient funds on payment debits, and 4 for payment-disallowed account types.
• Reused the existing AccountDetails domain model instead of introducing a duplicate account structure, and no Flyway migration was needed because DBCRFUN operates on existing account and proctran tables.
• Derived proctran audit entries from the amount sign and facility type, using PDR/PCR plus the origin-based payment description for payment traffic and DEB/CRE counter descriptions for non-payment facilities.
• CommOrigin (and CommFaciltype) are required on the request so clients explicitly opt into payment vs teller semantics rather than silently defaulting to non-payment when omitted.

Test coverage

• Unit
• @SpringBootTest
• MockMvc

[a2chang]

augment review

[augmentcode]

^{Test Coverage Guardian 🧪}

✅ Test coverage looks good. The new/changed behavior in this PR has adequate test coverage. No additional tests needed.

[augment-app-staging]

Review completed. 1 suggestion posted.

Comment augment review to trigger a new review at any time.

[augment-app-staging]

docs/translation-rules.md specifies DBCRFUN should be exposed as a POST under /api/v1/dbcrfun, but this controller is currently a PUT under /api/v1/makepayment. If clients/tests are already aligning to the rulebook, this mismatch could cause route/method breakage.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎}

[augment-app-staging]

Review completed. 2 suggestions posted.

Comment augment review to trigger a new review at any time.

[augment-app-staging]

Defaulting a missing CommOrigin to DbcrfunOrigin.blank() (facilityType=0) means DbcrfunService will treat the request as non-payment traffic. If this endpoint should always enforce payment rules, a client could bypass the insufficient-funds / account-type restrictions by omitting or changing CommFaciltype.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎}

[augment-app-staging]

docs/translation-rules.md currently says DBCRFUN maps to POST under /api/v1/<program-lowercase>, but this controller introduces PUT /api/v1/makepayment/dbcr; consider updating the rules doc so future migrations don’t follow the wrong convention.

Severity: low

_{🤖 Was this useful? React with 👍 or 👎}

[a2chang]

augment review

[augment-app-staging]

Review completed. 2 suggestions posted.

Comment augment review to trigger a new review at any time.

[augment-app-staging]

This assertion reads LocalDate.now(clock) after the request, but the service persists TRAN_DATE based on a captured Instant; this can become flaky if the test runs across midnight (UTC).

Severity: low

_{🤖 Was this useful? React with 👍 or 👎}

[augment-app-staging]

The PR description lists the mapped endpoint as PUT /api/v1/makepayment/dbcr, but the implementation here is POST /api/v1/dbcrfun; this mismatch could confuse clients/reviewers relying on the PR notes.

Severity: low

_{🤖 Was this useful? React with 👍 or 👎}

[a2chang]

augment review

[augment-app-staging]

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.