[dev] [tofikwest] tofik/faq-logic-trust-portal (#1958)

* feat: faq trust portal logic in trust setting

* fix: change field name for faq, update UI

* chore: update db package to canory version to check logic in stage

* feat(trust): normalize FAQ order on save and update handling

* feat(trust): create collision-safe temporary FAQ IDs and optimize dirty state handling

* fix(trust): update FAQ prompt text for clarity

---------

Co-authored-by: Tofik Hasanov <annexcies@gmail.com>

Author: github-actions[bot]

apps/api/package.json

@@ -26,7 +26,7 @@
     "@react-email/components": "^0.0.41",
     "@trigger.dev/build": "4.0.6",
     "@trigger.dev/sdk": "4.0.6",
-    "@trycompai/db": "1.3.19",
+    "@trycompai/db": "^1.3.20-canary.0",
     "@trycompai/email": "workspace:*",
     "@upstash/vector": "^1.2.2",
     "adm-zip": "^0.5.16",

apps/api/src/trust-portal/trust-access.controller.ts

@@ -488,4 +488,45 @@ export class TrustAccessController {
       framework as any,
     );
   }
+
+  @Get(':friendlyUrl/faqs')
+  @HttpCode(HttpStatus.OK)
+  @ApiOperation({
+    summary: 'Get FAQs for a trust portal',
+    description:
+      'Retrieve the frequently asked questions for a published trust portal as structured data.',
+  })
+  @ApiParam({
+    name: 'friendlyUrl',
+    description: 'Trust Portal friendly URL or Organization ID',
+  })
+  @ApiResponse({
+    status: HttpStatus.OK,
+    description: 'FAQs retrieved successfully',
+    schema: {
+      type: 'object',
+      properties: {
+        faqs: {
+          type: 'array',
+          items: {
+            type: 'object',
+            properties: {
+              id: { type: 'string' },
+              question: { type: 'string' },
+              answer: { type: 'string' },
+              order: { type: 'number' },
+            },
+          },
+          nullable: true,
+        },
+      },
+    },
+  })
+  @ApiResponse({
+    status: HttpStatus.NOT_FOUND,
+    description: 'Trust site not found or not published',
+  })
+  async getFaqs(@Param('friendlyUrl') friendlyUrl: string) {
+    return this.trustAccessService.getFaqs(friendlyUrl);
+  }
 }

apps/api/src/trust-portal/trust-access.service.ts

@@ -1187,6 +1187,30 @@ export class TrustAccessService {
     }));
   }
 
+  /**
+   * Get FAQ markdown for a published trust portal.
+   *
+   * Recommended markdown format:
+   * - Use ### headings for questions (e.g., "### What is your security policy?")
+   * - Use regular markdown text for answers
+   * - Supports standard markdown: links, lists, code blocks, etc.
+   *
+   * Important: Render markdown WITHOUT rehype-raw (no raw HTML) for security.
+   *
+   * @param friendlyUrl - Trust portal friendly URL or organization ID
+   * @returns FAQ markdown content (empty string if not configured)
+   */
+  async getFaqs(friendlyUrl: string): Promise<{ faqs: any[] | null }> {
+    const trust = await this.findPublishedTrustByRouteId(friendlyUrl);
+    const organization = await db.organization.findUnique({
+      where: { id: trust.organizationId },
+      select: { trustPortalFaqs: true },
+    });
+
+    const faqs = organization?.trustPortalFaqs;
+    return { faqs: Array.isArray(faqs) ? faqs : null };
+  }
+
   async getComplianceResourceUrlByAccessToken(
     token: string,
     framework: TrustFramework,

apps/app/package.json

@@ -56,7 +56,7 @@
     "@tiptap/extension-table-row": "^3.4.4",
     "@trigger.dev/react-hooks": "4.0.6",
     "@trigger.dev/sdk": "4.0.6",
-    "@trycompai/db": "1.3.19",
+    "@trycompai/db": "^1.3.20-canary.0",
     "@trycompai/email": "workspace:*",
     "@types/canvas-confetti": "^1.9.0",
     "@types/react-syntax-highlighter": "^15.5.13",

apps/app/src/app/(app)/[orgId]/trust/portal-settings/actions/update-trust-portal-faqs.ts

@@ -0,0 +1,61 @@
+'use server';
+
+import { authActionClient } from '@/actions/safe-action';
+import { db } from '@db';
+import { revalidatePath } from 'next/cache';
+import { z } from 'zod';
+import { faqArraySchema } from '../types/faq';
+
+const updateTrustPortalFaqsSchema = z.object({
+  faqs: faqArraySchema,
+});
+
+export const updateTrustPortalFaqsAction = authActionClient
+  .inputSchema(updateTrustPortalFaqsSchema)
+  .metadata({
+    name: 'update-trust-portal-faqs',
+    track: {
+      event: 'update-trust-portal-faqs',
+      channel: 'server',
+    },
+  })
+  .action(async ({ parsedInput, ctx }) => {
+    const { faqs } = parsedInput;
+    const { activeOrganizationId } = ctx.session;
+
+    if (!activeOrganizationId) {
+      throw new Error('No active organization');
+    }
+
+    // Normalize order values on the server to prevent gaps/duplicates and ensure stable rendering.
+    const normalizedFaqs = faqs.map((faq, index) => ({
+      ...faq,
+      order: index,
+    }));
+
+    try {
+      await db.organization.update({
+        where: {
+          id: activeOrganizationId,
+        },
+        data: {
+          trustPortalFaqs:
+            normalizedFaqs.length > 0
+              ? (JSON.parse(JSON.stringify(normalizedFaqs)) as any)
+              : (null as any),
+        },
+      });
+
+      revalidatePath(`/${activeOrganizationId}/trust/portal-settings`);
+
+      return {
+        success: true,
+      };
+    } catch (error) {
+      console.error('Error updating FAQs:', error);
+      const errorMessage =
+        error instanceof Error ? error.message : 'Failed to update FAQs';
+      throw new Error(errorMessage);
+    }
+  });
+