✨ server: add future kyc link to bridge provider

[mainqueg]

Summary by CodeRabbit

• New Features
  • Bridge provider details now include an optional future KYC link (URL + effective date) for upcoming requirements within a configured future window.
• Tests
  • Added tests covering selection, timing, aggregation, and error handling for future KYC link behavior.
• Chores
  • Added a release changeset recording a patch bump and the new future KYC link addition.

[changeset-bot]

🦋 Changeset detected

Latest commit: bd9903b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@exactly/server	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[sentry]

Codecov Report

❌ Patch coverage is 90.90909% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 75.18%. Comparing base (e59c92c) to head (bd9903b).
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
server/utils/ramps/bridge.ts	90.90%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1071      +/-   ##
==========================================
+ Coverage   74.95%   75.18%   +0.23%     
==========================================
  Files         245      245              
  Lines       11658    11767     +109     
  Branches     4050     4101      +51     
==========================================
+ Hits         8738     8847     +109     
- Misses       2598     2599       +1     
+ Partials      322      321       -1     

Flag	Coverage Δ
e2e	74.19% <90.90%> (-0.12%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gemini-code-assist]

Code Review

This pull request adds support for a future KYC link in the Bridge provider. It updates the ProviderInfo and CustomerResponse schemas, implements a helper function futureKYCLink to filter and retrieve the earliest future requirement within a 30-day window, and adds comprehensive test coverage. Feedback suggests refactoring the futureKYCLink function to return a consistent Promise by declaring it async, replacing toSorted with sort for better compatibility, and using async/await with try/catch for improved readability.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[coderabbitai]

Warning

Review limit reached

@cruzdanilo, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 22 minutes and 59 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: ba570794-d74d-4054-aa6e-229e8b6a90f0

📥 Commits

Reviewing files that changed from the base of the PR and between b75da58 and bd9903b.

📒 Files selected for processing (4)

• .changeset/swift-otters-prepare.md
• server/api/ramp.ts
• server/test/utils/bridge.test.ts
• server/utils/ramps/bridge.ts

Walkthrough

Adds an optional futureKYCLink to Bridge provider responses, extends Bridge customer schemas to parse endorsements[].future_requirements, implements a 30-day-window selector that picks the earliest non-pending future requirement and generates a KYC link, integrates it into getProvider() for active customers, and adds tests plus a changeset.

Changes

Bridge Future KYC Link

Layer / File(s)	Summary
Data schemas for future KYC link server/api/ramp.ts, server/utils/ramps/bridge.ts	ProviderInfo response adds optional futureKYCLink with url and date; Bridge CustomerResponse endorsements extended with optional future_requirements items containing effective_date and pending.
Future KYC requirement filtering and integration server/utils/ramps/bridge.ts	Add FutureKYCWindowMs (30 days) and futureKYCLink() which flattens endorsements' future requirements, filters for pending.length === 0 and effective dates within the window, selects earliest eligible, calls getKYCLink, and integrates the result into getProvider() active path (errors captured and yield undefined).
Test coverage for future KYC link behavior server/test/utils/bridge.test.ts	Update ACTIVE provider expectations to include futureKYCLink: undefined where appropriate and add tests validating populated futureKYCLink for eligible in-window requirements and undefined for out-of-window, pending, all-pending, unordered/aggregated inputs, and failed link fetches (asserting error capture).
Release notes .changeset/swift-otters-prepare.md	Add changeset documenting a patch bump for @exactly/server with note: "✨ add future kyc link to bridge provider".

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• exactly/exa#950: Introduced core getKycLink/kycLink fetching flow used by this change.
• exactly/exa#1079: Modifies Bridge ramp getProvider flow and test expectations touching the same provider response surface.
• exactly/exa#814: Earlier changes to Bridge ProviderInfo/getProvider types and link fields related to this area.

Suggested reviewers

• nfmelendez
• cruzdanilo

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: adding a futureKYCLink field to the Bridge provider schema in the server.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch eea

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch eea

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7ef72285cd

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 2

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: c3e6cdfd-6eac-4198-88d8-b9cb4d4a7451

📥 Commits

Reviewing files that changed from the base of the PR and between 5c3f91c and 7ef7228.

📒 Files selected for processing (4)

• .changeset/swift-otters-prepare.md
• server/api/ramp.ts
• server/test/utils/bridge.test.ts
• server/utils/ramps/bridge.ts

[coderabbitai]

♻️ Duplicate comments (1)

server/utils/ramps/bridge.ts (1)

1063-1068: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Exclude past-due requirements from the future window filter.

Line 1066 only enforces the upper bound, so already-expired effective_date values (negative delta) are still eligible and can produce futureKYCLink incorrectly.

proposed fix

 function futureKYCLink(bridgeUser: InferOutput<typeof CustomerResponse>, redirectUri?: string) {
+  const now = Date.now();
   const next = bridgeUser.endorsements
     .flatMap((endorsement) => endorsement.future_requirements ?? [])
     .filter(
-      (requirement) =>
-        requirement.pending.length === 0 &&
-        new Date(requirement.effective_date).getTime() - Date.now() <= FutureKYCWindowMs,
+      (requirement) => {
+        const delta = new Date(requirement.effective_date).getTime() - now;
+        return requirement.pending.length === 0 && delta >= 0 && delta <= FutureKYCWindowMs;
+      },
     )
     .toSorted((a, b) => new Date(a.effective_date).getTime() - new Date(b.effective_date).getTime())[0];

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4bc3a048-7ed4-4302-850b-99d02d6f0fa9

📥 Commits

Reviewing files that changed from the base of the PR and between 406ecf2 and 74e0362.

📒 Files selected for processing (4)

• .changeset/swift-otters-prepare.md
• server/api/ramp.ts
• server/test/utils/bridge.test.ts
• server/utils/ramps/bridge.ts

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 74e036270c

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b75da58303

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Check future missing requirements instead of pending

When Bridge returns future requirements that include user-actionable missing items plus pending internal-review items, this filter drops the requirement because pending.length !== 0, so the API never returns a futureKYCLink before the effective date. Bridge models future_requirements like requirements, where missing is what the customer can resolve; the docs' example has pending manual-review entries alongside a missing post_processing item, which this logic would skip.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Request the KYC link for the affected endorsement

When the earliest future requirement belongs to an endorsement-specific rail such as sepa, this calls getKYCLink without the endorsement, even though the helper supports an endorsement query parameter and Bridge requires endorsement=sepa/spei to enable those specific hosted steps. In that scenario the API can return a futureKYCLink that opens the default KYC flow rather than the flow needed to satisfy the future requirement, leaving the user unable to resolve it.

Useful? React with 👍 / 👎.