feat(accruals-gateway): DOMA-12591 added accruals gateway doc #7021
Conversation
vovaaxeapolla
temporarily deployed
to
internal
GitHub Actions
Inactive
WalkthroughThis PR introduces documentation for a new accruals-gateway API feature with English and Russian localization, and extends B2BApp GraphQL types with development and production URL fields. Includes endpoint documentation (auth, search, check, pay) and metadata configuration files. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes
Possibly related PRs
Suggested labels
Suggested reviewers
Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (5)
apps/dev-portal-web/docs/accruals-gateway/check.en.mdx (1)
64-70: Use English section headers in.en.mdxfiles.Line 64 contains a Russian header ("Коды ошибок") in an English documentation file. For consistency, English documentation should use English headers throughout. Use "## Error codes" instead.
apps/dev-portal-web/docs/accruals-gateway/pay.en.mdx (2)
35-67: Use English section headers in.en.mdxfiles.Lines 35, 47, 55, and 67 contain Russian section headers in an English documentation file. For consistency, use English headers:
- Line 35: Change "## Тело запроса" to "## Request body"
- Line 47: Change "## Ответ" to "## Response"
- Line 55: Change "## Пример ответа" to "## Response example"
- Line 67: Change "## Коды ошибок" to "## Error codes"
22-24: Add clarification that example credentials are placeholders.Static analysis flagged the base64-encoded credentials in the curl example. While
dXNlcm5hbWU6cGFzc3dvcmQ=(decoded: "username:password") is clearly a placeholder, explicitly labeling the example would help automated security scanning tools and prevent confusion:-curl -X POST "https://accruals-gateway.doma.ai/api/pay" \ - -H "Content-Type: application/json" \ - -H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=" \ +curl -X POST "https://accruals-gateway.doma.ai/api/pay" \ + -H "Content-Type: application/json" \ + -H "Authorization: Basic <base64_encoded_username_password>" \Alternatively, add a brief comment above the curl example:
<!-- Example uses placeholder credentials -->apps/dev-portal-web/docs/accruals-gateway/auth.en.mdx (1)
22-25: Add clarification that example credentials are placeholders.Static analysis flagged the base64-encoded credentials in the curl example. While
dXNlcm5hbWU6cGFzc3dvcmQ=(decoded: "username:password") is clearly a placeholder, explicitly labeling the example would help automated security scanning tools:-curl -X GET "https://accruals-gateway.doma.ai/api/search?uid=b6118eed-9ff2-4632-a663-7e6eb4e8b5d6&search=Utilities" \ - -H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=" +curl -X GET "https://accruals-gateway.doma.ai/api/search?uid=b6118eed-9ff2-4632-a663-7e6eb4e8b5d6&search=Utilities" \ + -H "Authorization: Basic <base64_encoded_username_password>"Alternatively, add a comment above:
<!-- Example uses placeholder credentials -->apps/dev-portal-web/docs/accruals-gateway/search.en.mdx (1)
45-51: Use English section header in.en.mdxfile.Line 45 contains a Russian header ("Коды ошибок") in an English documentation file. Change to "## Error codes" for consistency.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (13)
apps/dev-portal-web/docs/_meta.en.json(1 hunks)apps/dev-portal-web/docs/_meta.ru.json(1 hunks)apps/dev-portal-web/docs/accruals-gateway/_meta.en.json(1 hunks)apps/dev-portal-web/docs/accruals-gateway/_meta.ru.json(1 hunks)apps/dev-portal-web/docs/accruals-gateway/auth.en.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/auth.ru.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/check.en.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/check.ru.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/pay.en.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/pay.ru.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/search.en.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/search.ru.mdx(1 hunks)apps/dev-portal-web/gql/index.ts(14 hunks)
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2025-10-06T10:58:38.616Z
Learnt from: SavelevMatthew
Repo: open-condo-software/condo PR: 6738
File: apps/dev-portal-api/domains/miniapp/schema/B2BApp.js:67-69
Timestamp: 2025-10-06T10:58:38.616Z
Learning: In the dev-portal-api miniapp domain, B2BApp and B2CApp schemas use getSharedConstraintsValidator to enforce cross-schema ID uniqueness: B2BApp.js calls getSharedConstraintsValidator(['B2CApp']) and B2CApp.js calls getSharedConstraintsValidator(['B2BApp']) to prevent ID collisions between the two app types.
Applied to files:
apps/dev-portal-web/gql/index.ts
🧬 Code graph analysis (1)
apps/dev-portal-web/gql/index.ts (1)
apps/condo/schema.ts (2)
InputMaybe(5-5)Scalars(12-24)
🪛 Gitleaks (8.30.0)
apps/dev-portal-web/docs/accruals-gateway/pay.en.mdx
[high] 22-24: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.
(curl-auth-header)
apps/dev-portal-web/docs/accruals-gateway/auth.ru.mdx
[high] 24-25: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.
(curl-auth-header)
apps/dev-portal-web/docs/accruals-gateway/auth.en.mdx
[high] 23-24: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.
(curl-auth-header)
🪛 LanguageTool
apps/dev-portal-web/docs/accruals-gateway/check.ru.mdx
[typographical] ~30-~30: Непарный символ: «(» скорей всего пропущен
Context: ... | | period | string<ГГГГ-ММ-01)> | ✅ | Период начисления ...
(RU_UNPAIRED_BRACKETS)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
- GitHub Check: Build open-source part (ubuntu-22.04, 24.x, 3.14)
- GitHub Check: Semgrep vulnerabilities check
- GitHub Check: Lint source code (24.x)
- GitHub Check: Check dependencies integrity (24.x)
- GitHub Check: Build Docker Image
🔇 Additional comments (11)
apps/dev-portal-web/docs/_meta.en.json (1)
10-13: Well-structured metadata addition.The new
accruals-gatewayentry follows the existing pattern and integrates cleanly into the documentation structure.apps/dev-portal-web/docs/accruals-gateway/_meta.en.json (1)
1-6: Clean localization metadata setup.The four endpoints are clearly labeled and ready for UI navigation integration.
apps/dev-portal-web/docs/accruals-gateway/check.en.mdx (1)
1-63: Comprehensive endpoint documentation.The check endpoint documentation is well-structured with clear parameter definitions, request/response examples, and error handling details.
apps/dev-portal-web/docs/accruals-gateway/pay.en.mdx (1)
1-21: Excellent payment endpoint documentation.The endpoint documentation clearly explains the POST /api/pay functionality, required fields, and error scenarios. The request and response examples are well-formatted and informative.
apps/dev-portal-web/docs/accruals-gateway/auth.en.mdx (1)
1-44: Clear and comprehensive authentication documentation.The authentication requirements are well-explained with proper emphasis on mandatory IP restrictions, credentials, and uid requirements. The error codes table provides helpful guidance for troubleshooting.
apps/dev-portal-web/docs/accruals-gateway/search.en.mdx (1)
1-44: Well-documented search endpoint.The search endpoint documentation clearly explains the organization search functionality with appropriate parameter constraints, helpful examples, and error handling details.
apps/dev-portal-web/gql/index.ts (2)
53-73: New dev/prod app URL inputs are consistent with existing schema patterns
developmentAppUrl/productionAppUrlare added as optionalStringfields acrossB2BAppCreateInput,B2BAppUpdateInputand the history-record inputs in a way that mirrors other B2BApp string fields (e.g.developerUrl, export IDs). Structurally this looks correct and codegen-safe.Also applies to: 75-98, 106-129, 377-397
131-362: URL filters and sort enums mirror existingdeveloperUrlsemantics; verify intended UI usageThe added
developmentAppUrl*/productionAppUrl*filters inB2BAppWhereInputandB2BAppHistoryRecordWhereInput(equality, contains, starts/ends with, negations,in/not_in) follow the same pattern asdeveloperUrl. The newSortB2BAppHistoryRecordsBy/SortB2BAppsByenum members for these fields are likewise consistent with other sortable string fields, so the schema surface here looks coherent.Note that none of the GraphQL fragments/queries/mutations in this file currently select
developmentAppUrl/productionAppUrlonB2BApp. If the dev-portal UI is expected to display or use these URLs directly, you will need to extend the relevant operations (e.g.,B2BAppFragment,getB2BApp, list queries) and rerun codegen; if they are only for filtering/sorting on the backend, the current state is fine.Also applies to: 399-624, 2889-2959
apps/dev-portal-web/docs/_meta.ru.json (1)
1-14: RU root docs meta foraccruals-gatewaylooks correctThe new
"accruals-gateway": "Шлюз начислений"key matches the docs folder slug and uses an appropriate Russian label consistent with neighboring entries (Condo UI,Condo Bridge,Condo API).apps/dev-portal-web/docs/accruals-gateway/_meta.ru.json (1)
1-6: Per-endpoint Russian titles underaccruals-gatewayare clear and aligned
auth,search,check, andpayare mapped to concise Russian labels that accurately describe authorization, organization search, accrual retrieval, and payment registration. This is consistent with the new section in the root RU meta and should work well for navigation.apps/dev-portal-web/docs/accruals-gateway/search.ru.mdx (1)
1-51: Documentation is clear and well-structured.The endpoint documentation is properly formatted with clear parameter descriptions, realistic examples, and comprehensive error code coverage. No issues identified.
| ```bash | ||
| curl -X GET "https://accruals-gateway.doma.ai/api/search?uid=b6118eed-9ff2-4632-a663-7e6eb4e8b5d6&search=Utilities" \ | ||
| -H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=" | ||
| ``` |
There was a problem hiding this comment.
Add explicit note clarifying that the base64 example is a placeholder.
The curl example contains dXNlcm5hbWU6cGFzc3dvcmQ= (base64-encoded "username:password"), which is correctly intentional for documentation but could benefit from a brief inline comment to ensure readers understand this is a placeholder.
Apply this diff to add clarity:
### Пример
```bash
-curl -X GET "https://accruals-gateway.doma.ai/api/search?uid=b6118eed-9ff2-4632-a663-7e6eb4e8b5d6&search=Utilities" \
- -H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ="
+curl -X GET "https://accruals-gateway.doma.ai/api/search?uid=b6118eed-9ff2-4632-a663-7e6eb4e8b5d6&search=Utilities" \
+ -H "Authorization: Basic <base64_encode(username:password)>" # Example: dXNlcm5hbWU6cGFzc3dvcmQ=🧰 Tools
🪛 Gitleaks (8.30.0)
[high] 24-25: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.
(curl-auth-header)
🤖 Prompt for AI Agents
In apps/dev-portal-web/docs/accruals-gateway/auth.ru.mdx around lines 23 to 26,
the curl example uses a base64 string (dXNlcm5hbWU6cGFzc3dvcmQ=) without
clarifying it’s a placeholder; update the Authorization header to show a
placeholder and an inline example note instead of raw credentials by replacing
the raw base64 value with a placeholder like <base64_encode(username:password)>
and append a short comment showing the example value (e.g., Example:
dXNlcm5hbWU6cGFzc3dvcmQ=) so readers know it’s illustrative.
| | AGENT_NOT_FOUND | 404 | Agent is not found | Переданный `uid` не соответствует ни одному зарегистрированному агенту | | ||
| | AGENT_DISABLED | 403 | Agent is disabled | Агент существует, но отключен в системе | | ||
| | IP_NOT_ALLOWED | 403 | IP address not allowed | Запрос выполнен с незарегистрированного IP-адреса | | ||
| | INVALID_HEADERS | 403 | Invalid headers provided | Присутствуют некоректные загловки | |
There was a problem hiding this comment.
Fix typo in Russian word "загловок".
Line 53 contains a misspelling: "Присутствуют некоректные загловок" should use "заголовок" (missing vowel).
Apply this diff to fix the typo:
-| INVALID_HEADERS | 403 | Invalid headers provided | Присутствуют некоректные загловок |
+| INVALID_HEADERS | 403 | Invalid headers provided | Присутствуют некорректные заголовки |(Note: Also fixed "некоректные" → "некорректные" for correct Russian spelling and "загловок" → "заголовки" for grammatical agreement with plural "headers".)
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| | INVALID_HEADERS | 403 | Invalid headers provided | Присутствуют некоректные загловки | | |
| | INVALID_HEADERS | 403 | Invalid headers provided | Присутствуют некорректные заголовки | |
🤖 Prompt for AI Agents
In apps/dev-portal-web/docs/accruals-gateway/auth.ru.mdx around line 53, the
Russian text "Присутствуют некоректные загловки" contains typos and wrong plural
form; replace it with the correct phrase "Присутствуют некорректные заголовки"
(fix "некоректные" → "некорректные" and "загловки" → "заголовки" to match plural
"headers").
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (9)
apps/dev-portal-web/docs/accruals-gateway/auth.en.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/auth.ru.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/check.en.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/check.ru.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/pay.en.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/pay.ru.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/search.en.mdx(1 hunks)apps/dev-portal-web/docs/accruals-gateway/search.ru.mdx(1 hunks)apps/dev-portal-web/next-env.d.ts(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (4)
- apps/dev-portal-web/docs/accruals-gateway/check.ru.mdx
- apps/dev-portal-web/docs/accruals-gateway/auth.ru.mdx
- apps/dev-portal-web/docs/accruals-gateway/pay.ru.mdx
- apps/dev-portal-web/docs/accruals-gateway/check.en.mdx
🧰 Additional context used
🧠 Learnings (2)
📚 Learning: 2025-09-17T13:40:42.895Z
Learnt from: SavelevMatthew
Repo: open-condo-software/condo PR: 6645
File: apps/dev-portal-web/pages/_app.tsx:40-41
Timestamp: 2025-09-17T13:40:42.895Z
Learning: In the condo project, runtime configuration fallbacks for runtimeTranslations are handled at the Next.js config level in next.config.ts, where RUNTIME_TRANSLATIONS defaults to '{}' via JSON.parse(conf['RUNTIME_TRANSLATIONS'] || '{}') if not provided via environment variables, ensuring safe destructuring in components that access publicRuntimeConfig.runtimeTranslations.
Applied to files:
apps/dev-portal-web/next-env.d.ts
📚 Learning: 2025-09-17T13:38:39.633Z
Learnt from: SavelevMatthew
Repo: open-condo-software/condo PR: 6645
File: apps/dev-portal-web/domains/common/components/auth/AuthForm.tsx:12-12
Timestamp: 2025-09-17T13:38:39.633Z
Learning: In the condo project, runtime configuration fallbacks for authMethods are handled at the Next.js config level in next.config.ts, where AUTH_METHODS defaults to ['condo'] if not provided via environment variables, ensuring safe destructuring in components that access publicRuntimeConfig.authMethods.
Applied to files:
apps/dev-portal-web/next-env.d.ts
🪛 Gitleaks (8.30.0)
apps/dev-portal-web/docs/accruals-gateway/pay.en.mdx
[high] 22-24: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.
(curl-auth-header)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
- GitHub Check: Build open-source part (ubuntu-22.04, 24.x, 3.14)
- GitHub Check: Build Docker Image
- GitHub Check: Semgrep vulnerabilities check
- GitHub Check: Check dependencies integrity (24.x)
- GitHub Check: Lint source code (24.x)
🔇 Additional comments (5)
apps/dev-portal-web/docs/accruals-gateway/auth.en.mdx (1)
1-35: Documentation looks good overall.The authentication documentation is well-structured and covers the key requirements (IP whitelisting, Basic Auth). The example base64 credentials decode to
username:password, which is appropriate for placeholder documentation.Minor: Lines 31, 33 have extra tab characters before the "Cause" column text (e.g.,
| The provided...), which may render inconsistently in some Markdown viewers.apps/dev-portal-web/docs/accruals-gateway/search.ru.mdx (1)
1-53: Russian documentation is consistent with English version.The documentation structure and content align well with the English counterpart. Clear and comprehensive coverage of the search endpoint.
apps/dev-portal-web/docs/accruals-gateway/pay.en.mdx (1)
21-32: Curl example with placeholder credentials is appropriate.The static analysis flagged the
Authorizationheader, but this is a false positive. The base64 valuedXNlcm5hbWU6cGFzc3dvcmQ=decodes tousername:password, which is a standard placeholder for documentation examples.apps/dev-portal-web/docs/accruals-gateway/search.en.mdx (1)
1-53: Search endpoint documentation is well-structured.The documentation clearly covers the search API endpoint with proper parameter descriptions, response schema, and error handling guidance.
apps/dev-portal-web/next-env.d.ts (1)
3-3: This file is auto-generated by Next.js—do not manually edit it.The reference to
./.next/types/routes.d.tson line 3 is added automatically by Next.js 15.5+ when typed routes are configured. Since the file header explicitly states "This file should not be edited," if this reference was manually added, remove it. Next.js will regenerate the correct references. The.nextdirectory is properly gitignored, so fresh clones will generate this file automatically when runningnext devornext build.
vovaaxeapolla
temporarily deployed
to
internal
GitHub Actions
Inactive
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
apps/dev-portal-web/docs/accruals-gateway/pay.en.mdx (1)
50-50: Fix whitespace inconsistency in the Response table.Line 50 contains a tab character at the start of the description column (
| txnDate | string\<datetime\> | ✅ | Transaction date in ISO 8601 format), which is inconsistent with the formatting of other rows.Apply this diff to remove the extra tab:
-| txnDate | string\<datetime\> | ✅ | Transaction date in ISO 8601 format | `2025-12-04T22:25:01.243Z` | +| txnDate | string\<datetime\> | ✅ | Transaction date in ISO 8601 format | `2025-12-04T22:25:01.243Z` |
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
apps/dev-portal-web/docs/accruals-gateway/pay.en.mdx(1 hunks)
🧰 Additional context used
🪛 Gitleaks (8.30.0)
apps/dev-portal-web/docs/accruals-gateway/pay.en.mdx
[high] 22-24: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.
(curl-auth-header)
🔇 Additional comments (2)
apps/dev-portal-web/docs/accruals-gateway/pay.en.mdx (2)
22-24: Make the example authorization token clearly identifiable as a placeholder.The curl example contains
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=, which Gitleaks flagged as a potential authorization token. While this is indeed a placeholder (base64-encoded "username:password"), it should be more explicitly marked to avoid confusion. Consider adding an inline comment or updating the header value to make it unambiguously fake.Apply this diff to clarify the placeholder:
-curl -X POST "https://accruals-gateway.doma.ai/api/pay" \ - -H "Content-Type: application/json" \ - -H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=" \ +curl -X POST "https://accruals-gateway.doma.ai/api/pay" \ + -H "Content-Type: application/json" \ + -H "Authorization: Basic <base64(username:password)>" \Alternatively, you can keep the current format but add a comment in the curl block:
```bash +# Replace with your actual Base64-encoded credentials curl -X POST "https://accruals-gateway.doma.ai/api/pay" \
1-72: Comprehensive API documentation with consistent localization.The documentation is well-structured, comprehensive, and properly localized. The file includes:
- Clear parameter definitions with examples
- Practical curl and JSON request examples
- Complete response schema with example
- Detailed error codes table with HTTP statuses and resolutions
- Proper links to related documentation (authentication)
The previous localization issue (Russian text on line 49) has been resolved. Overall structure aligns well with sibling endpoint documentation.
|
vovaaxeapolla
deleted the
feat/accruals-gateway/DOMA-12591/added-accruals-gateway-doc
branch
Summary by CodeRabbit
New Features
Documentation
✏️ Tip: You can customize this high-level summary in your review settings.