Add mock data API and integrate form data for dynamic lists#59
Add mock data API and integrate form data for dynamic lists#59shaunganley wants to merge 1 commit intomainfrom
Conversation
…o drive dynamic lists
Coverage report for
|
St.❔ |
Category | Percentage | Covered / Total |
|---|---|---|---|
| 🟢 | Statements | 86.21% (-0.36% 🔻) |
1138/1320 |
| 🟡 | Branches | 69.25% (-1.06% 🔻) |
455/657 |
| 🟢 | Functions | 86.62% | 123/142 |
| 🟢 | Lines | 86.98% (-0.38% 🔻) |
1122/1290 |
Show files with reduced coverage 🔻
St.❔ |
File | Statements | Branches | Functions | Lines |
|---|---|---|---|---|---|
| 🟢 | ... / DataRetrievalService.ts |
90.91% (-9.09% 🔻) |
62.22% (-19.92% 🔻) |
100% | 90.91% (-9.09% 🔻) |
Test suite run success
276 tests passing in 31 suites.
Report generated by 🧪jest coverage report action from 1b4f277
🔒 CodeQL Security Analysis ResultsCodeQL analysis has been completed for this pull request. Language: javascript 📊 View detailed results: Check the Security tab for complete findings. 💡 Next steps:
This comment was generated automatically by CodeQL Analysis |
There was a problem hiding this comment.
Pull request overview
Adds a mock “Data Retrieval” API for demos and extends the CoreRuntime data-enrichment flow to forward session data and support dynamic option lists, enabling forms to pre-populate values and populate radio/select/checkbox options at runtime.
Changes:
- Introduces
CoreMockDataApi(Express serverless app) implementingPOST /retrieveand returning hardcoded values plus session-driven options. - Extends
CoreRuntimeDataRetrievalServiceto sendsessionData, consume a structured{ values, options }response, and re-fetch fields whose option lists are empty. - Updates demo form config/docs to showcase cross-page dynamic lists (vehicle category → vehicle type) and documents the mock API contract.
Reviewed changes
Copilot reviewed 25 out of 35 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/mock-data-retrieval-api-spec.md | Defines the extended request/response contract and mock API design details. |
| CoreWDS/package-lock.json | Updates lockfile metadata/integrity for dependency packaging. |
| CoreRuntime/src/services/DataRetrievalService.ts | Forwards sessionData, supports structured { values, options } responses, and forces fetches when element options are empty. |
| CoreRuntime/package-lock.json | Updates lockfile metadata. |
| CoreRuntime/tests/services/DataRetrievalService.test.ts | Updates expected outbound request body to include sessionData. |
| CoreOUDS/package-lock.json | Updates lockfile metadata/integrity for dependency packaging. |
| CoreNhsUK/package-lock.json | Updates lockfile metadata/integrity for dependency packaging. |
| CoreMockDataApi/tsconfig.json | Adds TS build configuration for the new mock API package. |
| CoreMockDataApi/src/services/fieldResolver.ts | Implements field/value/option resolution logic (static + session-conditional). |
| CoreMockDataApi/src/middlewares/security-headers.ts | Adds hardened security headers via Helmet. |
| CoreMockDataApi/src/middlewares/error-handler.ts | Adds centralized error handler returning 500 JSON responses. |
| CoreMockDataApi/src/middlewares/content-type-validator.ts | Enforces JSON content-type for write methods. |
| CoreMockDataApi/src/logConfig.ts | Adds Winston logger configuration for the mock API. |
| CoreMockDataApi/src/local.ts | Local dev entrypoint to run the Express app. |
| CoreMockDataApi/src/lambda.ts | AWS Lambda-style handler using serverless-express adapter. |
| CoreMockDataApi/src/interfaces/types.ts | Defines mock API request/response and option types mirroring CoreRuntime. |
| CoreMockDataApi/src/index.ts | Builds the Express app, wires middleware, routes, and healthcheck. |
| CoreMockDataApi/src/function.ts | Azure Functions entrypoint using serverless-express adapter. |
| CoreMockDataApi/src/function.json | Azure Functions HTTP trigger binding configuration. |
| CoreMockDataApi/src/data/mockData.ts | Defines static scalar values, static options, and session-conditional option maps (vehicle + region demos). |
| CoreMockDataApi/src/controllers/retrieve-controller.ts | Implements POST /retrieve controller with validation and logging. |
| CoreMockDataApi/src/config/envConfig.ts | Provides env-based config (port/log level). |
| CoreMockDataApi/src/config/env.js | Loads .env via dotenv for local usage. |
| CoreMockDataApi/package.json | Adds new package manifest (deps/scripts) for the mock API. |
| CoreMockDataApi/host.json | Azure Functions host configuration. |
| CoreMockDataApi/eslint.config.mjs | ESLint configuration for TypeScript. |
| CoreMockDataApi/README.md | Usage docs for running and extending the mock API. |
| CoreGovUK/package-lock.json | Updates lockfile metadata/integrity for dependency packaging. |
| CoreGCDS/package-lock.json | Updates lockfile metadata/integrity for dependency packaging. |
| CoreFCADS/package-lock.json | Updates lockfile metadata/integrity for dependency packaging. |
| CoreDeployable/services/form.json | Enables dataRetrievalUrl and adds demo fields including a radio with empty options for dynamic population. |
| CoreDeployable/package-lock.json | Updates lockfile metadata/integrity for dependency packaging. |
| CoreDeployable/README.md | Documents how to enable data retrieval and how to use the mock API locally. |
Files not reviewed (8)
- CoreDeployable/package-lock.json: Language not supported
- CoreFCADS/package-lock.json: Language not supported
- CoreGCDS/package-lock.json: Language not supported
- CoreGovUK/package-lock.json: Language not supported
- CoreNhsUK/package-lock.json: Language not supported
- CoreOUDS/package-lock.json: Language not supported
- CoreRuntime/package-lock.json: Language not supported
- CoreWDS/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const requestData: DataRetrievalRequest = { | ||
| ...(userId && { userId }), | ||
| fields: propertiesToFill, | ||
| sessionData: data as Record<string, string>, | ||
| }; |
There was a problem hiding this comment.
sessionData now includes the full session payload in the outbound request. Since makeRequest() debug-logs the full requestData, this risks logging PII and can significantly increase log volume. Consider redacting sessionData in logs (or logging only field names/count) while still sending it to the external API.
| if (responseData.values && typeof responseData.values === 'object') { | ||
| Object.assign(data, responseData.values); | ||
|
|
||
| if (responseData.options && typeof responseData.options === 'object') { | ||
| for (const element of allElements) { |
There was a problem hiding this comment.
Structured response handling is currently gated on responseData.values being truthy and the options application is nested under that. If a structured response ever omits values (but includes options), the code will skip applying options and fall back to the legacy merge. Consider detecting the structured shape by key presence (e.g. 'values' in responseData || 'options' in responseData) and applying values and options independently.
| } else { | ||
| // Legacy flat response — merge directly into data for backward compatibility | ||
| Object.assign(data, responseData); | ||
| } |
There was a problem hiding this comment.
In the legacy fallback branch, Object.assign(data, responseData) will also merge structured keys like options into session data if the response accidentally omits values. To avoid polluting session state, consider explicitly excluding options/values from the legacy merge (or only treating the response as legacy when neither key is present).
| // Structured response: apply scalar values and dynamic options separately | ||
| if (responseData.values && typeof responseData.values === 'object') { | ||
| Object.assign(data, responseData.values); | ||
|
|
||
| if (responseData.options && typeof responseData.options === 'object') { |
There was a problem hiding this comment.
New behavior was added for structured responses (values + options) and for forcing fetches when a field’s options array is empty, but the unit tests still only cover the legacy flat response shape. Please add tests that verify (1) values are merged from responseData.values, (2) responseData.options updates the corresponding element options, and (3) empty options: [] triggers a fetch even when a scalar value exists in session.
| | Variable | Purpose | Example | | ||
| |---|---|---| | ||
| | `LOG_LEVEL` | Controls verbosity (`debug` / `info` / `warn` / `error`) | `info` | | ||
| | `ALLOWED_ORIGINS` | Comma-separated CORS origins (if accessed from browser) | `https://your-form-host.example.com` | | ||
|
|
There was a problem hiding this comment.
The spec documents an ALLOWED_ORIGINS env var / CORS behavior, but the CoreMockDataApi implementation doesn’t reference ALLOWED_ORIGINS or configure CORS. Either remove this from the spec (if server-to-server only) or implement CORS support to match what’s documented.
Implements a mock service enabling session-aware field pre-population and dynamic option lists — and extends DataRetrievalService to forward session data and apply dynamic options.
Changes:
New package: POST /retrieve endpoint returning hardcoded values and session-driven options
DataRetrievalService forwards session data and handles structured option responses
Fixed bug: fields with empty options always fetch (ensures lists populate on revisits)
Demo: vehicle category drives available vehicle types across pages
Stats: 35 files changed, ~5200 insertions. All 15 tests pass; end-to-end verified.