Customer Service

┌─────────────────┐
│    Customer     │
│    Service      │
└────────┬────────┘
         │
    ┌────┴────────────┬──────────────┐
    ▼                 ▼              ▼
┌─────────┐   ┌─────────────┐  ┌──────────┐
│  User   │   │   Access    │  │  Auth    │
│ Service │   │   Service   │  │ Service  │
└─────────┘   └─────────────┘  └──────────┘

Customer-Client relationship:
  - Customers have many clients (one-to-many)
  - Clients can have provisioned customer accounts (clientCustomerKey)
  - Clients inherit tenant context from parent customer
  - Client users receive clientId in auth tokens
 
Operations:
  - Create client with full business profile
  - Optionally provision customer account for client
  - Link departments, locations, and contacts to clients
  - Disable client cascades to provisioned customer account
  - Delete client with cleanup of related entities

CreateLocationHandler (triggered on CustomerCreatedEvent):
  - Detects Business customer type
  - Extracts address fields from customer record
  - Creates matching location with customer ID
  - Sets customer location as primary headquarters
  - Defaults to US country code if not specified
  - Handles failures gracefully with retry logic

Data Partition features:
  - Create logical data partitions (dev, qa, prod, demo)
  - Partition groups for organizational hierarchy
  - Scoped to customer with strict validation
  - Independent API key management per partition
  - Key rotation without data migration
  - Automatic expiration on partition deletion
 
API Key operations:
  - Generate admin keys with read/write scopes
  - Create custom keys with granular scopes
  - Rotate keys with automatic expiration
  - TTL support for temporary access
  - Foreign key linking for external systems
  - Secure key delivery (plain text only on creation)

Registration Settings:
  - Enable/disable domain registration per customer
  - Whitelist registration domains (e.g., @company.com)
  - Auto-assign roles to self-registered users
  - Custom host overrides for registration flow
  - Validation against customer-controlled domains
 
Flow:
  - User registers with email on whitelisted domain
  - System validates domain against customer settings
  - Automatically grants configured roles
  - Creates user within customer tenant context
  - Applies customer-specific session expiration

DeactivateCustomerHandler:
  - Accepts deactivation window end date
  - Collects structured feedback (reason code, text, NPS score)
  - Logs deactivation to audit trail
  - Expires all customer API keys immediately
  - Sets isDisabled flag on customer record
  - Publishes CUSTOMER_DEACTIVATED event
  - Supports reactivation within grace period
 
Feedback structure:
  - Reason code and custom text
  - Recommendation score (NPS-style)
  - Additional context field
  - Requestor user ID tracking
  - Timestamp logging

UpdateCustomClaimsHandler (triggered when products change):
  - Detects customer product list updates
  - Queries all users for customer
  - Batch updates custom claims via Auth service
  - Ensures all user tokens reflect new products
  - Handles empty user lists gracefully
  - Retries on failure for reliability
 
Saga logic:
  - Filters for 'products' field changes in update events
  - Executes command asynchronously
  - Prevents unnecessary updates when products unchanged

Departments:
  - Scoped to customer or client
  - Internal code for external system integration
  - Active/inactive status tracking
  - CRUD operations with key validation
 
Locations:
  - Full address details with country codes
  - HQ designation support
  - Secondary name and internal codes
  - Website and contact info
  - Active/inactive status
  - Optional notes field
 
Contacts:
  - Typed contacts (Account Owner, Billing, Technical)
  - Optional location association
  - Phone and email details
  - Custom contact types supported
  - Scoped to customer or client

AlgoliaSagas:
  - CUSTOMER_CREATED → Upsert to search index
  - CUSTOMER_UPDATED → Upsert with latest data
  - CUSTOMER_DELETED → Remove from index
  - CUSTOMER_CLIENT_CREATED → Upsert client to index
  - CUSTOMER_CLIENT_UPDATED → Update client in index
  - CUSTOMER_CLIENT_DELETED → Remove client from index
 
Process:
  - Database trigger publishes event
  - Saga catches event via RxJS stream
  - Fetches current entity state
  - Sends upsert/delete command to search service
  - Maintains eventual consistency

Search key types:
  - All customers (platform admin only)
  - Business customers only (filtered by type)
  - Consumer customers only (filtered by type)
  - Tenant customers (isTenantCustomer filter)
  - Customer's own clients (filtered by customerKey)
 
Security features:
  - Restricted to specific indices
  - Query filters embedded in key
  - Scoped to user's claims
  - Permission-gated endpoints
  - Temporary key generation

Database functions publish:
  - CUSTOMER_CREATED → onCreate trigger
  - CUSTOMER_UPDATED → onUpdate trigger (with deactivate/reactivate detection)
  - CUSTOMER_DELETED → onDelete trigger
  - CUSTOMER_CLIENT_CREATED/UPDATED/DELETED → lifecycle triggers
  - CUSTOMER_PARTITION_DELETED → cascade cleanup trigger
  - CUSTOMER_DEPARTMENT_UPDATED → change notification
  - CUSTOMER_LOCATION_UPDATED → change notification
 
Topic-to-Task routing:
  - Events route to dedicated task queues
  - Async processing via task handlers
  - Saga-based multi-step workflows
  - Idempotent operation handling

Customer sagas:
  - Create location on customer creation
  - Delete all partitions when customer deleted
  - Update custom claims when products change
  - Sync search indices on all entity changes
 
Partition sagas:
  - Delete all customer partitions on customer deletion
  - Expire partition API keys on partition deletion
 
Client sagas:
  - Log client operations to analytics warehouse
  - Dissociate client accounts on deactivation

DeleteDataPartitionsForCustomerHandler:
  - Queries all partitions for customer
  - Deletes each partition
  - Triggers partition deletion events
  - Each partition event expires associated API keys
  - Maintains referential integrity
 
ExpirePartitionApiKeysHandler:
  - Fetches all API keys for partition
  - Expires keys via access service
  - Prevents orphaned credentials

BigQuery sagas:
  - CustomerCreatedEvent → Log to customer table
  - CustomerUpdatedEvent → Log to customer table
  - CustomerClientCreatedEvent → Log to client table
  - Includes operation type (Create, Update, Delete)
  - Captures full entity state
  - Enables historical reporting

Customer model includes:
  - sessionExpirationSeconds field
  - Overrides platform default
  - Applied to all customer users
  - Used by Auth service for token TTL
  - Null value uses platform default

Bootstrap tenant key:
  - Required field on every customer
  - Used for initial tenant setup
  - Enables multi-tenant architecture
  - Supports tenant isolation
  - Links to authentication tenant

Permissions:
  - EditCustomer, ViewCustomer
  - EditClient, ViewClient
  - ManagePartitions
  - PlatformAdminEditAllCustomers
  - PlatformAdminViewAllCustomers
  - PlatformAdminSearchAllCustomers
  - SearchTenants
  - EditRegistrationSettings
 
Default roles:
  - TenantAdmin (edit + view clients)
  - ClientEditor (edit + view clients)
  - ClientViewer (view clients only)
 
Guards:
  - @HasPermission decorator on endpoints
  - Claim validation (customerKey required)
  - Key mismatch error handling

matchKeysOrThrowError:
  - Validates customerKey in claims matches request
  - Validates clientId matches client entity
  - Prevents cross-tenant data access
  - Throws KEY_MISMATCH errors with details
  - Applied to all CRUD operations
 
Error types:
  - NOT_AUTHORIZED (401)
  - NOT_FOUND (404)
  - KEY_MISMATCH (400)
  - DOMAIN_NOT_FOUND (404)

Business customer fields:
  - Industry sector (11 GICS sectors)
  - Industry group (24 GICS industry groups)
  - Business classification (9 types: LLC, C-corp, etc.)
  - Business size range (8 tiers: 1-10 to 10,001+)
  - Social media profile URLs (6 platforms)
  - External ID for third-party integration
  - Logo image with URL and file receipt