🦺 server: return ok for non-processed persona templates

[mainqueg]

---

Summary by CodeRabbit

Release Notes

• Bug Fixes

  • Improved persona template processing to correctly identify non-processed templates and return a successful response immediately, bypassing unnecessary processing operations.

• Tests

  • Expanded test suite to verify correct handling of non-processed persona templates, ensuring no unnecessary user or document creation occurs for skipped template types.

[changeset-bot]

🦋 Changeset detected

Latest commit: f9f0d0a

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@exactly/server	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the server's Persona webhook handler to gracefully acknowledge and respond to certain Persona inquiry templates that do not require active processing. By explicitly identifying and returning an 'ok' status for these templates, the system avoids unnecessary processing, improves efficiency, and prevents potential errors from unhandled webhook events, ensuring a smoother integration with Persona.

Highlights

• Persona Webhook Handling: Implemented logic to return an 'ok' status for Persona webhook events related to specific templates (Address, Cryptomate, Manteca Extra Fields) that do not require further processing by the server.
• Validation Schema Update: Extended the validation schema for incoming Persona payloads to include a new picklist type, allowing the identification of these non-processed templates.
• New Constants: Introduced new constants for Persona template IDs (ADDRESS_TEMPLATE, CRYPTOMATE_TEMPLATE, MANTECA_TEMPLATE_EXTRA_FIELDS) to be used in the validation logic.
• Test Coverage: Added new test cases to verify that the server correctly responds with an 'ok' status for the newly identified ignored templates and that no unintended side effects (like user creation or document addition) occur.

Changelog

• .changeset/spotty-tigers-tease.md
  • Added a new changeset file to document the patch.
• server/hooks/persona.ts
  • Imported picklist from valibot for enhanced schema validation.
  • Added new constants for specific Persona template IDs (ADDRESS_TEMPLATE, CRYPTOMATE_TEMPLATE, MANTECA_TEMPLATE_EXTRA_FIELDS).
  • Introduced a new validation pipe to identify and transform payloads from these specific templates to an 'ignored' type.
  • Implemented a conditional check to return an 'ok' JSON response for 'ignored' Persona templates, bypassing further processing.
• server/test/hooks/persona.test.ts
  • Imported beforeEach for test setup.
  • Added new test suite 'ignored template' to verify correct behavior for non-processed Persona templates.
  • Included test cases for Address, Cryptomate, and Manteca Extra Fields templates, asserting a 200 'ok' response and no calls to panda.createUser or persona.addDocument.
  • Updated existing test error messages to reflect the new picklist validation for inquiry template IDs.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces functionality to handle specific Persona templates as 'ignored', returning an 'ok' status without further processing. The changes include updating the Valibot schema to recognize these templates using a picklist and adding a conditional check in the persona hook to bypass processing for them. Comprehensive test cases have been added to verify that these ignored templates correctly return an 'ok' response and do not trigger downstream services like panda.createUser or persona.addDocument. Existing tests were also updated to reflect the new validation error messages resulting from the schema changes. The implementation is clean, well-tested, and directly addresses the stated objective of the pull request.

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.34%. Comparing base (8c72c70) to head (f9f0d0a).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #891      +/-   ##
==========================================
+ Coverage   71.24%   71.34%   +0.10%     
==========================================
  Files         212      212              
  Lines        8381     8428      +47     
  Branches     2741     2755      +14     
==========================================
+ Hits         5971     6013      +42     
- Misses       2132     2134       +2     
- Partials      278      281       +3     

Flag	Coverage Δ
e2e	71.34% <100.00%> (+4.44%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Walkthrough

This PR adds support for non-processed persona templates that return an "ok" response without further processing. It exports additional template constants from the persona utilities module and implements an early-return code path for templates marked as "ignored", along with corresponding test coverage.

Changes

Cohort / File(s)	Summary
Release Configuration .changeset/spotty-tigers-tease.md	New changeset file documenting a patch release for @exactly/server with note about returning ok for non-processed persona templates.
Persona Hook Implementation server/hooks/persona.ts	Expanded public exports to include ADDRESS_TEMPLATE, CRYPTOMATE_TEMPLATE, and MANTECA_TEMPLATE_EXTRA_FIELDS. Added validation logic and early-return path: when payload.template is "ignored", immediately respond with { code: "ok" } to bypass further processing.
Persona Hook Tests server/test/hooks/persona.test.ts	Added "ignored template" test suite with three tests covering address, cryptomate, and manteca extra fields templates, verifying OK responses and absence of panda user creation or document addition. Includes ignoredPayload helper function and broadened error expectations for template ID validation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• ✨ server: validate id document photos for manteca #693: Introduces/modifies MANTECA_TEMPLATE_EXTRA_FIELDS and document-selection logic in server/utils/persona that directly support the exported templates and hooks changes.
• ♻️ server: support multiple kyc inquiry templates #637: Adds multi-template support and the same template constants (MANTECA_TEMPLATE_EXTRA_FIELDS), overlapping with the main PR's template exports and early-return logic.
• 🤡 server: mock missing persona call #699: Modifies server/test/hooks/persona.test.ts with persona.addDocument mocking, related to the main PR's tests that verify addDocument is skipped for ignored templates.

Suggested reviewers

• nfmelendez

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: implementing handling for non-processed persona templates by returning an OK response, matching the changeset note and core implementation in server/hooks/persona.ts.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ignore

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can use Trivy to scan for security misconfigurations and secrets in Infrastructure as Code files.

Add a .trivyignore file to your project to customize which findings Trivy reports.

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional findings.

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: e97bf2e5-0380-4d9a-b5c1-6e121acdb828

📥 Commits

Reviewing files that changed from the base of the PR and between 8c72c70 and f9f0d0a.

📒 Files selected for processing (3)

• .changeset/spotty-tigers-tease.md
• server/hooks/persona.ts
• server/test/hooks/persona.test.ts

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider using exported template constants instead of hardcoded IDs.

The tests hardcode template IDs directly (e.g., "itmpl_FTHNSXqJjoMvUTBc85QECGHogrZx") rather than importing and using ADDRESS_TEMPLATE, CRYPTOMATE_TEMPLATE, and MANTECA_TEMPLATE_EXTRA_FIELDS from ../../utils/persona. Using the constants ensures tests stay in sync if template IDs change.

♻️ Proposed fix

+import {
+  ADDRESS_TEMPLATE,
+  CRYPTOMATE_TEMPLATE,
+  MANTECA_TEMPLATE_EXTRA_FIELDS,
+} from "../../utils/persona";

Then in tests:

   it("returns ok for address template", async () => {
     const response = await appClient.index.$post({
       header: { "persona-signature": "t=1,v1=sha256" },
-      json: ignoredPayload("itmpl_FTHNSXqJjoMvUTBc85QECGHogrZx"),
+      json: ignoredPayload(ADDRESS_TEMPLATE),
     });
   // ...
   it("returns ok for cryptomate template", async () => {
     const response = await appClient.index.$post({
       header: { "persona-signature": "t=1,v1=sha256" },
-      json: ignoredPayload("itmpl_8uim4FvD5P3kFpKHX37CW817"),
+      json: ignoredPayload(CRYPTOMATE_TEMPLATE),
     });
   // ...
   it("returns ok for manteca extra fields template", async () => {
     const response = await appClient.index.$post({
       header: { "persona-signature": "t=1,v1=sha256" },
-      json: ignoredPayload("itmpl_gjYZshv7bc1DK8DNL8YYTQ1muejo"),
+      json: ignoredPayload(MANTECA_TEMPLATE_EXTRA_FIELDS),
     });