.changeset/config.json

@@ -3,7 +3,7 @@
   "changelog": "@changesets/changelog-git",
   "commit": false,
   "fixed": [],
-  "linked": [],
+  "linked": [["@ballerine/ui", "@ballerine/backoffice-v2"]],
   "access": "public",
   "baseBranch": "dev",
   "updateInternalDependencies": "patch",

.cursor/rules/backoffice-v2.mdc

@@ -0,0 +1,146 @@
+---
+description: Rules and best practices for backoffice-v2 React TypeScript development
+globs: ["apps/backoffice-v2/**/*.{ts,tsx}"]
+---
+
+# Backoffice V2 Development Rules
+
+## Component Architecture
+- Use functional components with TypeScript
+- Implement smart/dumb component pattern
+- Place components in feature-based directories
+- Use compound components for complex UIs
+- Follow atomic design principles
+
+```typescript
+export const MyComponent: FunctionComponent<Props> = () => {
+  return <div>...</div>;
+};
+
+// Compound component example
+MyComponent.SubComponent = ({ children }) => {
+  return <div>{children}</div>;
+};
+```
+
+## Hooks and Logic
+- Separate business logic into custom hooks
+- Place hooks in dedicated `hooks` directories
+- Use the `use` prefix for all hooks
+- Implement hook composition pattern
+- Keep hooks focused and reusable
+
+```typescript
+// Logic hook example
+export const useComponentLogic = () => {
+  // Business logic
+  return {
+    // Hook return values
+  };
+};
+```
+
+## State Management
+- Use React Query for server state
+- Use Context for shared state
+- Implement state machines for complex flows
+- Use local state for UI-only state
+- Follow unidirectional data flow
+
+## TypeScript Best Practices
+- Use strict TypeScript configuration
+- Define interfaces for all props
+- Use discriminated unions for state
+- Leverage type inference
+- Export types from separate files
+
+## UI Components
+- Use Radix UI for accessible components
+- Implement proper ARIA attributes
+- Follow consistent styling patterns
+- Use composition over inheritance
+- Keep components small and focused
+
+## Forms and Validation
+- Use React Hook Form for forms
+- Implement Zod for validation
+- Handle form submission states
+- Show validation feedback
+- Use controlled inputs when needed
+
+## Data Fetching
+- Use React Query for API calls
+- Implement proper loading states
+- Handle error states gracefully
+- Cache responses appropriately
+- Type API responses
+
+## Error Handling
+- Use error boundaries
+- Implement fallback UI
+- Handle async errors
+- Show user-friendly messages
+- Log errors appropriately
+
+## Performance
+- Use React.memo wisely
+- Implement proper code splitting
+- Use lazy loading for routes
+- Optimize re-renders
+- Profile performance regularly
+
+## Testing
+- Write unit tests for components
+- Test custom hooks independently
+- Use React Testing Library
+- Mock external dependencies
+- Maintain good coverage
+
+## File Structure
+- Follow feature-based organization
+- Use index files for exports
+- Keep related files together
+- Use consistent naming
+- Implement barrel exports
+
+## Styling
+- Use Tailwind CSS
+- Follow utility-first approach
+- Use CSS variables for theming
+- Keep styles maintainable
+- Use CSS modules when needed
+
+## Documentation
+- Document complex logic
+- Write clear component docs
+- Document hook usage
+- Keep docs up to date
+- Use JSDoc when helpful
+
+## Code Quality
+- Follow ESLint rules
+- Use consistent formatting
+- Write clear variable names
+- Keep functions pure
+- Use meaningful types
+
+## Security
+- Validate user input
+- Implement proper authentication
+- Handle sensitive data carefully
+- Follow security best practices
+- Use HTTPS for API calls
+
+## Accessibility
+- Follow WCAG guidelines
+- Use semantic HTML
+- Test with screen readers
+- Ensure keyboard navigation
+- Provide proper focus management
+
+## Best Practices
+- Follow React patterns
+- Keep code DRY
+- Handle edge cases
+- Write maintainable code
+- Review code regularly 

.cursor/rules/comments.mdc

@@ -0,0 +1,11 @@
+---
+description: How to write comments
+globs: 
+---
+Write comments thoughtfully:
+- Do NOT write comments that explain obvious code or restate WHAT the code does.
+- Comments should primarily explain WHY code exists or WHY a particular approach was chosen.
+- Only add comments for complex, non-intuitive logic where the code itself doesn't clearly communicate intent.
+- Always provide clear documentation for functions (purpose, inputs, outputs).
+- Avoid unnecessary comments that add visual noise without adding value.
+- Write comments only when they provide genuine insight or when explicitly requested.

.cursor/rules/kyb-app.mdc

@@ -0,0 +1,115 @@
+---
+description: Rules and best practices for kyb-app React TypeScript development
+globs: ["apps/kyb-app/**/*.{ts,tsx}"]
+---
+
+# KYB App Development Rules
+
+## Component Structure
+- Use functional components with TypeScript
+- Export components as named exports
+- Place components in feature-based directories
+- Use `FunctionComponent` type for React components
+
+```typescript
+export const MyComponent: FunctionComponent<Props> = () => {
+  return <div>...</div>;
+};
+```
+
+## Hooks
+- Place hooks in a `hooks` directory within the feature directory
+- Export hooks as named exports
+- Use the `use` prefix for all hooks
+- Prefer custom hooks for reusable logic
+- Keep hooks focused and single-purpose
+
+```typescript
+export const useMyHook = () => {
+  // Hook logic
+};
+```
+
+## State Management
+- Use React Query for server state
+- Use React Context for global UI state
+- Use local state for component-specific state
+- Prefer `useState` for simple state
+- Use `useReducer` for complex state logic
+
+## TypeScript
+- Use strict TypeScript configuration
+- Define interfaces for all props
+- Use type inference where possible
+- Export types and interfaces from separate files
+- Use discriminated unions for complex state
+
+## Styling
+- Use Tailwind CSS for styling
+- Follow utility-first approach
+- Use `ctw` utility for conditional classes
+- Keep styles close to components
+- Use CSS modules for complex styling needs
+
+## File Organization
+- Group related files in feature directories
+- Use index files for clean exports
+- Keep files focused and single-purpose
+- Follow consistent naming conventions
+- Use barrel exports for cleaner imports
+
+## Error Handling
+- Use error boundaries for component errors
+- Implement proper error states
+- Handle async errors gracefully
+- Show user-friendly error messages
+- Log errors appropriately
+
+## Performance
+- Use React.memo for expensive renders
+- Implement proper dependency arrays in hooks
+- Avoid unnecessary re-renders
+- Use lazy loading for routes
+- Implement proper code splitting
+
+## Testing
+- Write unit tests for components
+- Test custom hooks independently
+- Use React Testing Library
+- Follow testing best practices
+- Maintain good test coverage
+
+## Forms
+- Use React Hook Form for form handling
+- Implement proper form validation
+- Handle form submission states
+- Show validation feedback
+- Use controlled components when needed
+
+## API Integration
+- Use React Query for data fetching
+- Implement proper loading states
+- Handle error states gracefully
+- Cache responses appropriately
+- Use TypeScript for API types
+
+## Accessibility
+- Follow WCAG guidelines
+- Use semantic HTML
+- Implement proper ARIA attributes
+- Ensure keyboard navigation
+- Test with screen readers
+
+## Code Quality
+- Use ESLint for code quality
+- Follow consistent code style
+- Write clear documentation
+- Use meaningful variable names
+- Keep functions pure when possible
+
+## Best Practices
+- Follow React best practices
+- Keep components small and focused
+- Use proper prop types
+- Implement proper loading states
+- Handle edge cases appropriately 

.cursor/rules/workflows-dashboard.mdc

@@ -0,0 +1,168 @@
+---
+description: Rules and best practices for workflows-dashboard React TypeScript development
+globs: ["apps/workflows-dashboard/**/*.{ts,tsx}"]
+---
+
+# Workflows Dashboard Development Rules
+
+## Component Structure
+- Use functional components with TypeScript
+- Follow feature-based architecture
+- Implement container/presenter pattern
+- Use compound components when needed
+- Keep components focused and small
+
+```typescript
+// Container component
+export const DataContainer: FunctionComponent = () => {
+  const logic = useDataLogic();
+  return <DataPresenter {...logic} />;
+};
+
+// Presenter component
+export const DataPresenter: FunctionComponent<DataPresenterProps> = (props) => {
+  return <div>...</div>;
+};
+```
+
+## Hooks and Business Logic
+- Separate business logic into hooks
+- Use custom hooks for reusable logic
+- Follow the `use` prefix convention
+- Keep hooks single-purpose
+- Place hooks in feature directories
+
+```typescript
+export const useWorkflowLogic = () => {
+  // Workflow-specific logic
+  return {
+    // Hook return values
+  };
+};
+```
+
+## State Management
+- Use React Query for API state
+- Implement Context for shared state
+- Use local state for UI elements
+- Follow flux architecture
+- Keep state normalized
+
+## TypeScript Usage
+- Use strict mode
+- Define clear interfaces
+- Use type inference
+- Export types separately
+- Use discriminated unions
+
+## Dashboard Components
+- Use data visualization libraries
+- Implement proper loading states
+- Handle empty states
+- Show error states
+- Use proper grid layouts
+
+## Data Handling
+- Use React Query for data fetching
+- Implement proper caching
+- Handle loading states
+- Show error messages
+- Type API responses
+
+## Workflow Management
+- Implement clear workflow states
+- Handle transitions properly
+- Show progress indicators
+- Validate workflow steps
+- Handle edge cases
+
+## Error Handling
+- Use error boundaries
+- Show user-friendly errors
+- Log errors appropriately
+- Implement fallbacks
+- Handle async errors
+
+## Performance
+- Optimize renders
+- Use virtualization for lists
+- Implement code splitting
+- Use lazy loading
+- Monitor performance
+
+## Testing
+- Write unit tests
+- Test workflows thoroughly
+- Use integration tests
+- Mock API responses
+- Test error states
+
+## File Organization
+- Use feature folders
+- Keep related files together
+- Use clear naming
+- Implement barrel exports
+- Follow consistent structure
+
+## Styling
+- Use Tailwind CSS
+- Follow design system
+- Use CSS variables
+- Keep styles maintainable
+- Use CSS modules when needed
+
+## Forms
+- Use React Hook Form
+- Implement validation
+- Show feedback
+- Handle submissions
+- Use controlled inputs
+
+## Documentation
+- Document complex logic
+- Write clear comments
+- Keep docs updated
+- Use JSDoc
+- Document APIs
+
+## Code Quality
+- Follow ESLint rules
+- Use consistent style
+- Write clear code
+- Keep it maintainable
+- Review regularly
+
+## Accessibility
+- Follow WCAG
+- Use semantic HTML
+- Add ARIA labels
+- Test keyboard nav
+- Support screen readers
+
+## Security
+- Validate inputs
+- Handle auth properly
+- Protect sensitive data
+- Follow best practices
+- Use secure APIs
+
+## Best Practices
+- Follow React patterns
+- Keep code DRY
+- Handle edge cases
+- Write clean code
+- Review regularly
+
+## Dashboard Specific
+- Use proper charts
+- Show clear metrics
+- Implement filters
+- Handle large datasets
+- Support sorting
+
+## Workflow Visualization
+- Show clear status
+- Use proper icons
+- Implement transitions
+- Show progress
+- Handle errors 

.cursor/rules/workflows-service.mdc

@@ -0,0 +1,101 @@
+---
+description: Workflow Service Rules
+globs: ["services/workflows-service/**/*.{ts}"]
+---
+### Code Organization & Structure
+
+1. All service-related code must be organized in feature modules (e.g., workflow, alert, transaction)
+2. Each feature module should contain separate files for:
+   - Service implementation (.service.ts)
+   - Controller implementation (.controller.ts)
+   - Integration tests (.intg.test.ts)
+   - Unit tests (.unit.test.ts)
+   - DTOs and types (.types.ts)
+
+### Import Guidelines
+
+1. Imports must be organized in the following order with a blank line between groups:
+   - Node.js built-in modules
+   - External npm packages
+   - Internal modules (using @/ alias)
+   - Relative imports
+2. Circular dependencies are strictly prohibited
+3. Use the @/ alias for internal imports instead of relative paths
+4. Only import what is needed using named imports
+
+### TypeScript Usage
+
+1. Always define explicit return types for functions and methods
+2. Use interfaces for object types rather than type aliases where possible
+3. Avoid using the `any` type - use `unknown` if type is truly uncertain
+4. Use type assertions with 'as' syntax rather than angle brackets
+5. Make class member accessibility explicit (public/private/protected)
+6. Use TypeScript "as const" for fixed sets of values
+
+### Service Implementation
+
+1. Services must use the @Injectable() decorator
+2. Service names must end with 'Service' suffix
+3. Dependency injection should be done through constructor parameters
+4. Services should handle their own error cases using custom exception classes
+5. Use dependency injection tokens in SCREAMING_SNAKE_CASE format
+
+### Testing Standards
+
+1. Test files must follow the naming pattern: *.test.ts for unit tests and *.intg.test.ts for integration tests
+2. Each test suite should have a clear describe block indicating the module/function being tested
+3. Use 'it' rather than 'test' for test cases
+4. Mock external dependencies in unit tests
+5. Integration tests should use test databases/containers
+6. Test file location should mirror the source file structure
+7. Use AAA pattern test structure
+
+### Error Handling
+
+1. Use custom exception classes extending from base NestJS exceptions
+2. Error messages should be descriptive and consistent
+3. Always include relevant context in error objects
+4. Log errors appropriately using the logging service
+5. Handle async errors using try/catch blocks
+
+### Documentation
+
+1. Include examples in documentation for complex operations
+2. Keep documentation up to date with code changes
+
+### Database Operations
+
+1. Use the PrismaService for database operations
+2. Wrap database operations in transactions when multiple operations need to be atomic
+3. Use proper error handling for database operations
+4. Include proper database indexes for frequently queried fields
+5. Always use scope service or add a filter on projectIds in queries
+
+### API Design
+
+1. Use appropriate HTTP methods for operations (GET, POST, PUT, DELETE)
+2. Use meaningful route paths that reflect the resource hierarchy
+3. Include proper Swagger documentation for all endpoints
+4. Return consistent response structures
+
+### Logging
+
+1. Use the provided logging service rather than console.log
+2. Include appropriate context with all log messages
+3. Use proper log levels (debug, info, warn, error)
+4. Include request IDs in logs for traceability
+
+### Configuration Management
+
+1. Use environment variables for configuration
+2. Validate environment variables at startup
+3. Use proper typing for configuration objects
+4. Keep sensitive information in secrets management
+
+### Performance Considerations
+
+1. Implement pagination for list endpoints
+2. Use proper indexing for database queries
+3. Implement caching where appropriate
+4. Handle large datasets efficiently
+

.eslintignore

@@ -1 +1,12 @@
+node_modules
+dist
+
+# Eslint config file itself
+.eslintrc.cjs
+
+# Config files
+rollup.config.js
+babel.config.js
+
+# Config pkg
 packages/config

.github/actions/argocd-action/action.yml

@@ -0,0 +1,56 @@
+name: "Sync ArgoCD APP"
+description: "Syncs an ArgoCD application"
+inputs:
+  argocd_username:
+    description: "ArgoCD Username"
+    required: true
+  argocd_password:
+    description: "ArgoCD Password"
+    required: true
+  argocd_server:
+    description: "ArgoCD Server"
+    required: true
+  tg_svc_key:
+    description: "Twingate Key"
+    required: true
+runs:
+  using: composite
+  steps:
+    - name: Setup Twingate
+      uses: twingate/github-action@v1
+      with:
+        service-key: ${{ inputs.tg_svc_key }}
+
+    - name: Obtain ArgoCD JWT Token
+      id: get_token
+      shell: bash
+      env:
+        ARGOCD_USERNAME: ${{ inputs.argocd_username }}
+        ARGOCD_PASSWORD: ${{ inputs.argocd_password }}
+        ARGOCD_SERVER: ${{ inputs.argocd_server }}
+      run: |
+        TOKEN=$(curl -k --insecure -s -X POST "${ARGOCD_SERVER}/api/v1/session" \
+          -d '{"username": "'"${ARGOCD_USERNAME}"'", "password": "'"${ARGOCD_PASSWORD}"'"}' \
+          -H "Content-Type: application/json" | jq -r '.token')
+        echo "ARGOCD_TOKEN=$TOKEN" >> $GITHUB_ENV
+    
+    - name: Sync ArgoCD Application
+      shell: bash
+      env:
+        ARGOCD_TOKEN: ${{ env.ARGOCD_TOKEN }}
+        ARGOCD_SERVER: ${{ inputs.argocd_server }}
+      run: |
+        APP_NAME="wf-service"
+
+        curl -X POST "${ARGOCD_SERVER}/api/v1/applications/${APP_NAME}/sync" \
+          -H "Authorization: Bearer ${ARGOCD_TOKEN}" \
+          -H "Content-Type: application/json" \
+          -d '{
+                "prune": false,
+                "dryRun": false,
+                "strategy": {
+                  "hook": {
+                    "syncStrategy": "apply"
+                  }
+                }
+              }'

.github/actions/build-action/action.yml

@@ -22,7 +22,7 @@ runs:
       run: |
         echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       name: Setup pnpm cache
       with:
         path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}

.github/actions/format-action/action.yml

@@ -22,7 +22,7 @@ runs:
       run: |
         echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       name: Setup pnpm cache
       with:
         path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}

.github/actions/integration-test-action/action.yml

@@ -22,7 +22,7 @@ runs:
       run: |
         echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       name: Setup pnpm cache
       with:
         path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}

.github/actions/lint-action/action.yml

@@ -22,7 +22,7 @@ runs:
       run: |
         echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       name: Setup pnpm cache
       with:
         path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}

.github/actions/spell-check-action/action.yml

@@ -22,7 +22,7 @@ runs:
       run: |
         echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       name: Setup pnpm cache
       with:
         path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}

.github/actions/test-action/action.yml

@@ -22,7 +22,7 @@ runs:
       run: |
         echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       name: Setup pnpm cache
       with:
         path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}

.github/actions/unit-test-action/action.yml

@@ -22,7 +22,7 @@ runs:
       run: |
         echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       name: Setup pnpm cache
       with:
         path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}

.github/workflows/build-preview-environment.yml

@@ -0,0 +1,180 @@
+# Deploys a temporary environment for testing a version of the code when a pull request is created / updated with a 'deploy-pr' label
+name: Deploy PR Environment
+concurrency:
+  group: "deploy-${{ github.event.pull_request.head.ref }}"
+  cancel-in-progress: false
+
+on:
+  workflow_dispatch:
+    inputs:
+      unified-version:
+        type: string
+        description: 'Provide Unified image tag that you want to use in this preview env'
+        default: 'latest'
+  pull_request:
+    types: [ labeled, synchronize ]
+
+permissions:
+  id-token: write
+  contents: write
+  pull-requests: write
+  packages: write
+
+env:
+  REF: ${{ github.event_name == 'workflow_dispatch' && github.ref_name || github.event_name == 'pull_request' && github.event.pull_request.head.ref }}
+
+jobs:
+  deploy-dev-pr-environment:
+    if: contains(github.event.pull_request.labels.*.name, 'deploy-pr') || github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    outputs:
+      env_name: ${{ steps.env-name.outputs.PR_ENV_NAME }}
+      ref: ${{ steps.clean-ref.outputs.ref }}
+    steps:
+      - name: Clean Ref
+        id: clean-ref
+        shell: bash
+        run: |
+          BRANCH_NAME=${{ env.REF }}
+          CLEAN_BRANCH_NAME=${BRANCH_NAME#refs/heads/}
+          echo "ref=$CLEAN_BRANCH_NAME" >> $GITHUB_OUTPUT
+
+      - name: Checkout the Tool and actions
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.clean-ref.outputs.ref }}
+          fetch-depth: 1
+
+      - name: "Sanitize ENV name"
+        id: sanitize_env
+        shell: bash
+        run: |
+          SANITIZED_BRANCH_NAME=$(echo -n "${{ steps.clean-ref.outputs.ref }}" | tr "/" "-")
+          echo "Sanitized branch name: $SANITIZED_BRANCH_NAME"
+          TRIMMED_BRANCH_NAME=$(echo -n "$SANITIZED_BRANCH_NAME" | cut -c 1-18 | sed 's/[-/]$//')
+          echo "sanitized_env_name=$SANITIZED_BRANCH_NAME" >> $GITHUB_OUTPUT;
+          echo "trimmed_env_name=$TRIMMED_BRANCH_NAME" >> $GITHUB_OUTPUT;
+        
+      - name: Environment deployment
+        id: env-name
+        run: |
+          echo "deploying environment"
+          echo "PR_ENV_NAME=${{ steps.sanitize_env.outputs.trimmed_env_name }}" >> $GITHUB_ENV
+          echo "PR_ENV_NAME=${{ steps.sanitize_env.outputs.trimmed_env_name }}" >> $GITHUB_OUTPUT
+  
+  build-wf-service:
+    needs: deploy-dev-pr-environment
+    uses: ./.github/workflows/build-push-docker-images.yml
+    with:
+      registry: ghcr.io/${{ github.repository_owner }}
+      context: services/workflows-service
+      image_name: workflows-service
+      ref: ${{ needs.deploy-dev-pr-environment.outputs.ref }}
+      tag: ${{ needs.deploy-dev-pr-environment.outputs.env_name }}
+      file: 'services/workflows-service/Dockerfile'
+
+  build-wf-service-ee:
+    needs: [deploy-dev-pr-environment,build-wf-service]
+    uses: ./.github/workflows/build-push-docker-images.yml
+    with:
+      registry: ghcr.io/${{ github.repository_owner }}
+      context: services/workflows-service
+      image_name: workflows-service-ee
+      ref: ${{ needs.deploy-dev-pr-environment.outputs.ref }}
+      tag: ${{ needs.deploy-dev-pr-environment.outputs.env_name }}
+      file: 'services/workflows-service/Dockerfile.ee'
+
+  build-backoffice:
+    needs: [deploy-dev-pr-environment]
+    uses: ./.github/workflows/build-push-docker-images.yml
+    with:
+      registry: ghcr.io/${{ github.repository_owner }}
+      context: apps/backoffice-v2
+      image_name: backoffice
+      ref: ${{ needs.deploy-dev-pr-environment.outputs.ref }}
+      tag: ${{ needs.deploy-dev-pr-environment.outputs.env_name }}
+      file: 'apps/backoffice-v2/Dockerfile'
+
+  build-kyb:
+    needs: [deploy-dev-pr-environment]
+    uses: ./.github/workflows/build-push-docker-images.yml
+    with:
+      registry: ghcr.io/${{ github.repository_owner }}
+      context: apps/kyb-app
+      image_name: kyb-app
+      ref: ${{ needs.deploy-dev-pr-environment.outputs.ref }}
+      tag: ${{ needs.deploy-dev-pr-environment.outputs.env_name }}
+      file: 'apps/kyb-app/Dockerfile'
+
+  build-dashboard:
+    needs: [deploy-dev-pr-environment]
+    uses: ./.github/workflows/build-push-docker-images.yml
+    with:
+      registry: ghcr.io/${{ github.repository_owner }}
+      context: apps/workflows-dashboard
+      image_name: workflows-dashboard
+      ref: ${{ needs.deploy-dev-pr-environment.outputs.ref }}
+      tag: ${{ needs.deploy-dev-pr-environment.outputs.env_name }}
+      file: 'apps/workflows-dashboard/Dockerfile'
+
+  build-unified-api:
+    runs-on: ubuntu-latest
+    needs: [deploy-dev-pr-environment]
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: 'arm64,arm'
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          role-to-assume: ${{ vars.PREVIEW_OIDC_ROLE }}
+          aws-region: ${{ vars.PREVIEW_AWS_REGION }}
+
+      # Access the secret
+      - name: Retrieve secret from Secrets Manager
+        id: get-secret
+        run: |
+          secret_value=$(aws secretsmanager get-secret-value --secret-id ${{ vars.PREVIEW_SECRET }} --query 'SecretString' --output text | jq -r '.SUBMODULE_SECRET')
+          echo "SUBMODULE_SECRET=$secret_value" >> $GITHUB_ENV
+          echo "SUBMODULE_SECRET=$secret_value" >> $GITHUB_OUTPUT
+
+      - name: Log in to the container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ghcr.io/${{ github.repository_owner }}
+          username: ${{ github.actor }}
+          password: ${{ steps.get-secret.outputs.SUBMODULE_SECRET }}
+
+      - name: Checkout repository
+        run: |
+          docker pull ghcr.io/${{ github.repository_owner }}/${{ vars.UNIFIED_IMAGE_NAME }}:${{ github.event_name == 'workflow_dispatch' && inputs.unified-version || 'latest' }}
+          docker tag ghcr.io/${{ github.repository_owner }}/${{ vars.UNIFIED_IMAGE_NAME }}:${{ github.event_name == 'workflow_dispatch' && inputs.unified-version || 'latest' }} ghcr.io/${{ github.repository_owner }}/${{ vars.UNIFIED_IMAGE_NAME }}:${{ needs.deploy-dev-pr-environment.outputs.env_name }}
+          docker push ghcr.io/${{ github.repository_owner }}/${{ vars.UNIFIED_IMAGE_NAME }}:${{ needs.deploy-dev-pr-environment.outputs.env_name }} 
+
+  deploy-preview:
+    needs: [deploy-dev-pr-environment,build-wf-service,build-wf-service-ee,build-backoffice,build-kyb,build-dashboard,build-unified-api]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger workflow in another repo
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GIT_TOKEN }}
+          script: |
+            try {
+              await github.rest.repos.createDispatchEvent({
+                owner: 'ballerine-io',
+                repo: 'cloud-infra-config',
+                event_type: 'deploy-preview',
+                client_payload: {
+                  'ref': '${{ needs.deploy-dev-pr-environment.outputs.env_name }}'
+                }
+              });
+              console.log('Successfully triggered deploy-preview event');
+            } catch (error) {
+              console.error('Failed to trigger deploy-preview event:', error);
+              throw error;
+            }

.github/workflows/build-push-docker-images.yml

@@ -0,0 +1,166 @@
+name: Build and Push Docker Images
+
+on:
+  workflow_call:
+    inputs:
+      registry:
+        required: true
+        description: "The Docker registry URL"
+        type: string
+      context:
+        required: true
+        description: "The build context path for the Docker image"
+        type: string
+      image_name:
+        required: true
+        description: "The name of the Docker image"
+        type: string
+      ref:
+        required: true
+        description: "Branch name of the Preview"
+        type: string
+      tag:
+        required: true
+        description: "Tag name of the Preview Image"
+        type: string
+      file:
+        required: true
+        description: "File name for the Preview Image"
+        type: string
+
+permissions:
+  id-token: write
+  contents: write
+  packages: write
+  pull-requests: write
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
+          fetch-depth: 1
+          persist-credentials: false
+
+      - name: Configure AWS credentials
+        if: inputs.image_name == 'workflows-service-ee'
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          role-to-assume: ${{ vars.PREVIEW_OIDC_ROLE }}
+          aws-region: ${{ vars.PREVIEW_AWS_REGION }}
+
+      # Access the secret
+      - name: Retrieve secret from Secrets Manager
+        if: inputs.image_name == 'workflows-service-ee'
+        id: get-secret
+        run: |
+          echo ${{ inputs.image_name }}
+          secret_value=$(aws secretsmanager get-secret-value --secret-id ${{ vars.PREVIEW_SECRET }} --query 'SecretString' --output text | jq -r '.SUBMODULE_SECRET')
+          echo "SUBMODULE_SECRET=$secret_value" >> $GITHUB_ENV
+          echo "SUBMODULE_SECRET=$secret_value" >> $GITHUB_OUTPUT
+      
+      - name: Checkout wf-data-migration
+        id: wf-migration-code
+        if: inputs.image_name == 'workflows-service-ee'
+        uses: actions/checkout@v4
+        with:
+          repository: ballerine-io/wf-data-migration
+          token: ${{ steps.get-secret.outputs.SUBMODULE_SECRET }}
+          ref: dev
+          fetch-depth: 1
+          path: services/workflows-service/prisma/data-migrations
+
+      - name: Get Latest Commit ID
+        if: inputs.image_name == 'workflows-service-ee'
+        id: lastcommit
+        uses: nmbgeek/github-action-get-latest-commit@main
+        with:
+          owner: ${{ github.repository_owner }}
+          token: ${{ steps.get-secret.outputs.SUBMODULE_SECRET }}
+          repo: wf-data-migration
+          branch: dev
+
+      # - name: Get tags
+      #   if: ${{ inputs.image_name }} != 'workflows-service-ee'
+      #   run: git fetch --tags origin
+
+      - name: Get version
+        if: ${{ inputs.image_name == 'workflows-service' }}
+        id: version
+        run: |
+          echo ${{ inputs.image_name }}
+          git fetch --tags origin
+          TAG=$(git tag -l "$(echo workflow-service@)*" | sort -V -r | head -n 1)
+          echo "tag=$TAG"
+          echo "tag=$TAG" >> "$GITHUB_OUTPUT"
+          echo "TAG=$TAG" >> "$GITHUB_ENV"
+          SHORT_SHA=$(git rev-parse --short HEAD)
+          echo "sha_short=$SHORT_SHA" >> "$GITHUB_OUTPUT"
+          echo "SHORT_SHA=$SHORT_SHA" >> "$GITHUB_ENV"
+      
+      - name: Bump version
+        id: bump-version
+        if: ${{ inputs.image_name == 'workflows-service' }}
+        uses: ./.github/actions/bump-version
+        with:
+          tag: ${{ steps.version.outputs.tag }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: 'arm64,arm'
+
+      - name: Cache Docker layers
+        id: cache
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+          restore-keys: |
+            ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+            ${{ runner.os }}-docker-
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ inputs.registry }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for Docker images
+        id: docker_meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ inputs.registry }}/${{ inputs.image_name }}
+          tags: |
+            type=raw,value=${{ inputs.tag }}
+            type=sha,format=short
+      
+      - name: Print docker version outputs
+        run: |
+          echo "Metadata: ${{ steps.docker_meta.outputs.tags }}"
+          if [[ "${{ inputs.image_name }}" == "workflows-service" && "${{ inputs.image_name }}" != "workflows-service-ee" ]]; then
+            echo "sha_short: ${{ steps.version.outputs.sha_short }}"
+            echo "bump-version-version: ${{ steps.bump-version.outputs.version }}"
+            echo "bump-version-tag: ${{ steps.bump-version.outputs.tag }}"
+          fi
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ${{ inputs.context }}
+          platforms: linux/amd64
+          push: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          file: ${{ inputs.file }}
+          build-args: |
+            ${{ (inputs.image_name == 'workflows-service' && format('"RELEASE={0}"\n"SHORT_SHA={1}"', steps.version.outputs.tag, steps.version.outputs.sha_short)) || (inputs.image_name == 'workflows-service-ee' && format('"BASE_IMAGE=ghcr.io/ballerine-io/workflows-service:{0}"', inputs.tag)) || '' }}

.github/workflows/ci.yml

@@ -6,10 +6,10 @@ on:
       - main
     paths:
       # Run this pipeline only if there are changes in specified path
-      - "apps/**"
-      - "services/**"
-      - "examples/**"
-      - "experiments/**"
+      - 'apps/**'
+      - 'services/**'
+      - 'examples/**'
+      - 'experiments/**'
   workflow_call:
   workflow_dispatch:
 
@@ -37,7 +37,7 @@ jobs:
   build:
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-latest]
+        os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
 
     steps:
@@ -66,13 +66,3 @@ jobs:
 
       - name: Test
         uses: ./.github/actions/test-action
-  test_windows:
-    runs-on: windows-latest
-    timeout-minutes: 60
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Test
-        uses: ./.github/actions/unit-test-action

.github/workflows/db-ops.yaml

@@ -0,0 +1,180 @@
+name: New Database Operations
+
+on:
+  repository_dispatch:
+    types: [run-test-migration]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository_owner }}/workflows-service
+  SHORT_HASH: ${{ github.event.client_payload.environment == 'prod' && vars.PROD_WF_SHORT_SHA || github.event.client_payload.environment == 'sb' && vars.SB_WF_SHORT_SHA || vars.DEV_WF_SHORT_SHA }}
+  MIGRATION_ENV: ${{ github.event_name == 'repository_dispatch' && github.event.client_payload.environment }}
+  MIGRATION_REF: ${{ github.event_name == 'repository_dispatch' && github.event.client_payload.ref }}
+
+
+jobs:
+  build-and-push-ee-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    outputs: 
+      SUBMODULE_SHORT_HASH: ${{ steps.lastcommit.outputs.shorthash }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4 
+
+      - name: Checkout wf-data-migration
+        uses: actions/checkout@v4
+        with:
+          repository: ballerine-io/wf-data-migration
+          token: ${{ secrets.SUBMODULES_TOKEN }}
+          ref: ${{ env.MIGRATION_REF }}
+          fetch-depth: 1
+          path: services/workflows-service/prisma/data-migrations
+
+      - name: Get Latest Commit ID
+        id: lastcommit
+        uses: nmbgeek/github-action-get-latest-commit@main
+        with:
+          owner: ${{ github.repository_owner }}
+          token: ${{ secrets.SUBMODULES_TOKEN }}
+          repo: wf-data-migration
+          branch: ${{ env.MIGRATION_REF }}
+
+      - name: Cache Docker layers
+        id: cache
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+          restore-keys: |
+            ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+            ${{ runner.os }}-docker-
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: 'arm64,arm'
+
+      - name: Log in to the container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for ee Docker images
+        id: eemeta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}-ee
+          tags: |
+            type=raw,value=${{ env.MIGRATION_ENV }}
+            type=raw,value=${{ env.SHORT_HASH }}-${{ steps.lastcommit.outputs.shorthash }}-${{ env.MIGRATION_ENV }}
+            type=raw,value=latest,enable=${{ env.MIGRATION_ENV == 'prod' }}
+            type=sha,format=short
+            
+      - name: Build and push ee Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: services/workflows-service
+          file: services/workflows-service/Dockerfile.ee
+          platforms: linux/amd64
+          push: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          tags: ${{ steps.eemeta.outputs.tags }}
+          build-args: |
+            "BASE_IMAGE=ghcr.io/${{ github.repository_owner }}/workflows-service:${{ env.SHORT_HASH }}-${{ env.MIGRATION_ENV }}"
+
+  update-helm-chart:
+    runs-on: ubuntu-latest
+    needs: build-and-push-ee-image
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Checkout cloud-infra-config repository
+        uses: actions/checkout@v4
+        with:
+          repository: ballerine-io/cloud-infra-config
+          token: ${{ secrets.GIT_TOKEN }}
+          ref: main
+          fetch-depth: 1
+          sparse-checkout: |
+            kubernetes/helm/wf-service
+          sparse-checkout-cone-mode: true
+      - name: Check if values yaml file exists 
+        id: update_helm_check
+        shell: bash
+        run: |
+          if [ -f "kubernetes/helm/wf-service/${{ env.MIGRATION_ENV }}-custom-values.yaml" ]; then
+            echo "file_name=${{ env.MIGRATION_ENV }}-custom-values.yaml" >> "$GITHUB_OUTPUT"
+            echo ${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}
+          else
+            echo "file_name=dev-custom-values.yaml" >> "$GITHUB_OUTPUT"
+            echo ${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}
+          fi
+            
+      - name: Update workflow-service image version in the HelmChart
+        uses: fjogeleit/yaml-update-action@main
+        with:
+          repository: ballerine-io/cloud-infra-config
+          branch: main
+          commitChange: true
+          message: "Update ${{ env.MIGRATION_ENV }} wf-service image Version to ${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }} - (Commit hash: ${{ github.sha }})"
+          token: ${{ secrets.GIT_TOKEN }}
+          changes: |
+            {
+              "kubernetes/helm/wf-service/${{steps.update_helm_check.outputs.file_name}}": {
+                "dbMigrate.image.tag": "${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ env.MIGRATION_ENV }}",
+                "dataSync.image.tag": "${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ env.MIGRATION_ENV }}"
+              }
+            }
+
+  sync-argo-app:
+    needs: update-helm-chart
+    if: ${{ needs.update-helm-chart.result == 'success' }}
+    runs-on: ubuntu-latest
+    environment: ${{ github.event.client_payload.environment }}
+    env:
+      stage: ${{ github.event.client_payload.environment }}
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Run ArgoCD Action
+        id: argocd_api
+        uses: ./.github/actions/argocd-action
+        with:
+          argocd_username: ${{ secrets.ARGOCD_USERNAME }}
+          argocd_password: ${{ secrets.ARGOCD_PASSWORD }}
+          argocd_server: ${{ secrets.ARGOCD_SERVER }}
+          tg_svc_key: ${{ secrets.TWINGATE_SERVICE_KEY_SECRET_NAME }}
+
+  send-to-slack:
+    runs-on: ubuntu-latest
+    needs: [update-helm-chart,build-and-push-ee-image]
+    if: ${{ needs.update-helm-chart.result == 'success' }}
+    environment: ${{ github.event.client_payload.environment }}
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Send alert to Slack channel
+        id: slack
+        uses: slackapi/slack-github-action@v1.26.0
+        with:
+          channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}'
+          slack-message: "Wf-service Migrations in ${{ env.MIGRATION_ENV }} with tag: ${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ env.MIGRATION_ENV }} and build result: ${{ job.status }}. successfully updated the wf-service migration jobs helm values for ${{ env.MIGRATION_ENV }}."
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }}

.github/workflows/deploy-backoffice.yml

@@ -0,0 +1,82 @@
+name: Under Testing - Build and Deploy Backoffice Application
+
+on:
+  # push:
+  #   paths:
+  #     # Run this pipeline only if there are changes in specified path
+  #     - 'apps/backoffice-v2/**'
+  #   branches:
+  #   - "dev"
+  workflow_dispatch:
+    inputs:
+      environment:
+        type: choice
+        description: 'Choose Environment'
+        required: true
+        default: 'dev'
+        options:
+          - 'dev'
+          - 'sb'
+          - 'prod'
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        description: 'Environment'
+        required: true
+        default: 'dev'
+
+jobs:
+  build:
+    name: Build Backoffice App
+    runs-on: ubuntu-latest
+    environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}
+    steps:
+      # Trigger a webhook
+      - name: Trigger Build webhook
+        run: |
+          # curl -X POST -d {} "${{ secrets.BACKOFFICE_WEBHOOK_URL }}" -H "Content-Type:application/json"
+          response=$(curl -s -w "\n%{http_code}" -X POST -d {} "${{ secrets.BACKOFFICE_WEBHOOK_URL }}" -H "Content-Type:application/json")
+          status_code=$(echo "$response" | tail -n 1)
+          if [ "$status_code" -lt 200 ] || [ "$status_code" -ge 300 ]; then
+            echo "Error: Webhook request failed with status $status_code"
+            echo "Response: $(echo "$response" | head -n -1)"
+            exit 1
+          fi
+
+  send-to-slack:
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: ${{ needs.build.result == 'success' }}
+    environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Send alert to Slack channel
+        id: slack
+        uses: slackapi/slack-github-action@v1.26.0
+        with:
+          channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}'
+          slack-message: "Back-office Build initialized in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}."
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }}
+
+  on-failure:
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: failure()
+    environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Send alert to Slack channel
+        id: slack
+        uses: slackapi/slack-github-action@v1.26.0
+        with:
+          channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}'
+          slack-message: "Backoffice Build job failed in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}."
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }}

.github/workflows/deploy-dashboard.yml

@@ -0,0 +1,82 @@
+name: Under Testing - Build and Deploy Dashboard Application
+
+on:
+  # push:
+  #   paths:
+  #     # Run this pipeline only if there are changes in specified path
+  #     - 'apps/workflows-dashboard/**'
+  #   branches:
+  #   - "dev"
+  workflow_dispatch:
+    inputs:
+      environment:
+        type: choice
+        description: 'Choose Environment'
+        required: true
+        default: 'dev'
+        options:
+          - 'dev'
+          - 'sb'
+          - 'prod'
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        description: 'Environment'
+        required: true
+        default: 'dev'
+
+jobs:
+  build:
+    name: Build Dashboard App
+    runs-on: ubuntu-latest
+    environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}
+    steps:
+      # Trigger a webhook
+      - name: Trigger Build webhook
+        run: |
+          # curl -X POST -d {} "${{ secrets.DASHBOARD_WEBHOOK_URL }}" -H "Content-Type:application/json"
+          response=$(curl -s -w "\n%{http_code}" -X POST -d {} "${{ secrets.DASHBOARD_WEBHOOK_URL }}" -H "Content-Type:application/json")
+          status_code=$(echo "$response" | tail -n 1)
+          if [ "$status_code" -lt 200 ] || [ "$status_code" -ge 300 ]; then
+            echo "Error: Webhook request failed with status $status_code"
+            echo "Response: $(echo "$response" | head -n -1)"
+            exit 1
+          fi
+
+  send-to-slack:
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: ${{ needs.build.result == 'success' }}
+    environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Send alert to Slack channel
+        id: slack
+        uses: slackapi/slack-github-action@v1.26.0
+        with:
+          channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}'
+          slack-message: "Dashboard Build initialized in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}."
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }}
+
+  on-failure:
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: failure()
+    environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Send alert to Slack channel
+        id: slack
+        uses: slackapi/slack-github-action@v1.26.0
+        with:
+          channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}'
+          slack-message: "Dashboard Build job failed in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}."
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }}

.github/workflows/deploy-kyb.yml

@@ -0,0 +1,82 @@
+name: Under Testing - Build and Deploy KYB Application
+
+on:
+  # push:
+  #   paths:
+  #     # Run this pipeline only if there are changes in specified path
+  #     - 'apps/kyb-app/**'
+  #   branches:
+  #   - "dev"
+  workflow_dispatch:
+    inputs:
+      environment:
+        type: choice
+        description: 'Choose Environment'
+        required: true
+        default: 'dev'
+        options:
+          - 'dev'
+          - 'sb'
+          - 'prod'
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        description: 'Environment'
+        required: true
+        default: 'dev'
+
+jobs:
+  build:
+    name: Build KYB App
+    runs-on: ubuntu-latest
+    environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}
+    steps:
+      # Trigger a webhook
+      - name: Trigger Build webhook
+        run: |
+          # curl -X POST -d {} "${{ secrets.KYB_WEBHOOK_URL }}" -H "Content-Type:application/json"
+          response=$(curl -s -w "\n%{http_code}" -X POST -d {} "${{ secrets.KYB_WEBHOOK_URL }}" -H "Content-Type:application/json")
+          status_code=$(echo "$response" | tail -n 1)
+          if [ "$status_code" -lt 200 ] || [ "$status_code" -ge 300 ]; then
+            echo "Error: Webhook request failed with status $status_code"
+            echo "Response: $(echo "$response" | head -n -1)"
+            exit 1
+          fi
+
+  send-to-slack:
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: ${{ needs.build.result == 'success' }}
+    environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Send alert to Slack channel
+        id: slack
+        uses: slackapi/slack-github-action@v1.26.0
+        with:
+          channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}'
+          slack-message: "KYB Build initialized in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}."
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }}
+
+  on-failure:
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: failure()
+    environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Send alert to Slack channel
+        id: slack
+        uses: slackapi/slack-github-action@v1.26.0
+        with:
+          channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}'
+          slack-message: "KYB Build job failed in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}."
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }}

.github/workflows/deploy-wf-service.yml

@@ -0,0 +1,274 @@
+name: New Deploy workflows-service image
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        type: choice
+        description: 'Choose Environment'
+        required: true
+        default: 'dev'
+        options:
+          - 'sb'
+          - 'prod'
+
+
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        description: 'Environment'
+        required: true
+        default: 'dev'
+      sha:
+        type: string
+        description: 'SHA ID'
+        required: true
+
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository_owner }}/workflows-service
+  SHORT_HASH: ${{ (inputs.environment == 'dev' && inputs.sha) || (inputs.environment == 'prod' && vars.SB_WF_SHORT_SHA) || (vars.DEV_WF_SHORT_SHA) }}
+
+jobs:
+  set_short_hash:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Verify SHORT_HASH
+        run: |
+          echo "SHORT_HASH is ${{ env.SHORT_HASH }}"
+          echo "SHORT_HASH is ${{ env.SHORT_HASH }}"
+          echo "SHORT_HASH is $SHORT_HASH"
+
+  tag-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Get version
+        id: version
+        run: |
+          echo "sha_short=${{ env.SHORT_HASH }}" >> $GITHUB_OUTPUT
+          if [ "${{ inputs.environment }}" == "prod" ]; then
+          echo "PROD_WF_SHORT_SHA=${{ env.SHORT_HASH }}" >> $GITHUB_ENV
+          else
+          echo "SB_WF_SHORT_SHA=${{ env.SHORT_HASH }}" >> $GITHUB_ENV
+          fi
+
+      - name: Update Service version in Environment
+        if: ${{ inputs.environment != 'dev' }}
+        run: |
+          if [ "${{ inputs.environment }}" == "prod" ]; then
+            ENV="PROD"
+          elif [ "${{ inputs.environment }}" == "sb" ]; then
+            ENV="SB"
+          else
+            ENV="DEV"
+          fi
+          echo "$ENV"
+          curl -X PATCH \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.GH_CI_ENV_TOKEN }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            "https://api.github.com/repos/ballerine-io/ballerine/actions/variables/${ENV^^}_WF_SHORT_SHA" \
+            -d "{\"name\":\"${ENV}_WF_SHORT_SHA\",\"value\":\"${{ env.SHORT_HASH }}\"}"
+
+      - name: Cache Docker layers
+        id: cache
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+          restore-keys: |
+            ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+            ${{ runner.os }}-docker-
+  
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: 'arm64,arm'
+
+      - name: Log in to the container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Pull and Tag Existing Image
+        if: ${{ inputs.environment != 'dev' }}
+        run: |
+          if [ "${{ inputs.environment }}" == "prod" ]; then
+            docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ env.SHORT_HASH }}-sb
+            docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ env.SHORT_HASH }}-sb ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ env.SHORT_HASH }}-${{ inputs.environment }}
+            docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ env.SHORT_HASH }}-sb ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ inputs.environment }}
+            docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ env.SHORT_HASH }}-sb ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:latest
+            docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:latest
+          else
+            docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ env.SHORT_HASH }}-dev
+            docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ env.SHORT_HASH }}-dev ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ env.SHORT_HASH }}-${{ inputs.environment }}
+            docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ env.SHORT_HASH }}-dev ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ inputs.environment }}
+          fi
+          docker images
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ env.SHORT_HASH }}-${{ inputs.environment }}
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ inputs.environment }}
+
+  build-and-push-ee-image:
+    runs-on: ubuntu-latest
+    needs: [tag-and-push-image]
+    outputs:
+      SUBMODULE_SHORT_HASH: ${{ steps.lastcommit.outputs.shorthash }}
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Checkout wf-data-migration
+        uses: actions/checkout@v4
+        with:
+          repository: ballerine-io/wf-data-migration
+          token: ${{ secrets.SUBMODULES_TOKEN }}
+          ref: ${{ inputs.environment }}
+          fetch-depth: 1
+          path: services/workflows-service/prisma/data-migrations
+
+      - name: Get Latest Commit ID
+        id: lastcommit
+        uses: nmbgeek/github-action-get-latest-commit@main
+        with:
+          owner: ${{ github.repository_owner }}
+          token: ${{ secrets.SUBMODULES_TOKEN }}
+          repo: wf-data-migration
+          branch: ${{ inputs.environment }}
+
+      - name: Set Commit Id as Env 
+        run: echo "SUBMODULE_SHORT_HASH=${{ steps.lastcommit.outputs.shorthash }}" >> $GITHUB_ENV
+
+      - name: Cache Docker layers
+        id: cache
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+          restore-keys: |
+            ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+            ${{ runner.os }}-docker-
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: 'arm64,arm'
+
+      - name: Log in to the container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for ee Docker images
+        id: eemeta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}-ee
+          tags: |
+            type=raw,value=${{ inputs.environment }}
+            type=raw,value=${{ env.SHORT_HASH }}-${{ steps.lastcommit.outputs.shorthash }}-${{ inputs.environment }}
+            type=raw,value=latest,enable=${{ inputs.environment == 'prod' }}
+            type=sha,format=short
+            
+      - name: Build and push ee Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: services/workflows-service
+          file: services/workflows-service/Dockerfile.ee
+          platforms: linux/amd64
+          push: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          tags: ${{ steps.eemeta.outputs.tags }}
+          build-args: |
+            "BASE_IMAGE=ghcr.io/${{ github.repository_owner }}/workflows-service:${{ env.SHORT_HASH }}-${{ inputs.environment }}"
+  
+  update-helm-chart:
+    runs-on: ubuntu-latest
+    needs: build-and-push-ee-image
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Checkout cloud-infra-config repository
+        uses: actions/checkout@v4
+        with:
+          repository: ballerine-io/cloud-infra-config
+          token: ${{ secrets.GIT_TOKEN }}
+          ref: main
+          fetch-depth: 1
+          sparse-checkout: |
+            kubernetes/helm/wf-service
+          sparse-checkout-cone-mode: true
+      - name: Check if values yaml file exists 
+        id: update_helm_check
+        shell: bash
+        run: |
+          if [ -f "kubernetes/helm/wf-service/${{ inputs.environment }}-custom-values.yaml" ]; then
+            echo "file_name=${{ inputs.environment }}-custom-values.yaml" >> "$GITHUB_OUTPUT"
+            echo ${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}
+          else
+            echo "file_name=dev-custom-values.yaml" >> "$GITHUB_OUTPUT"
+            echo ${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}
+          fi
+            
+      - name: Update workflow-service image version in the HelmChart
+        uses: fjogeleit/yaml-update-action@main
+        with:
+          repository: ballerine-io/cloud-infra-config
+          branch: main
+          commitChange: true
+          message: "Update ${{ inputs.environment }} wf-service image Version to ${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }} - (Commit hash: ${{ github.sha }}, commit message: ${{ github.event.head_commit.message }})"
+          token: ${{ secrets.GIT_TOKEN }}
+          changes: |
+            {
+              "kubernetes/helm/wf-service/${{steps.update_helm_check.outputs.file_name}}": {
+                "image.tag": "${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }}",
+                "prismaMigrate.image.tag": "${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }}",
+                "dbMigrate.image.tag": "${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }}",
+                "dataSync.image.tag": "${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }}"
+              }
+            }
+  send-to-slack:
+    runs-on: ubuntu-latest
+    needs: [update-helm-chart,build-and-push-ee-image]
+    if: ${{ needs.update-helm-chart.result == 'success' }}
+    environment: ${{ inputs.environment }}
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Send alert to Slack channel
+        id: slack
+        uses: slackapi/slack-github-action@v1.26.0
+        with:
+          channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}'
+          slack-message: "Test Wf-service Deployment in ${{ inputs.environment }} with tag ${{ env.SHORT_HASH }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }} build result: ${{ job.status }}. successfully updated the wf-service helm values for ${{ inputs.environment }}."
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }}
+

.github/workflows/destroy-preview-environment.yml

@@ -0,0 +1,84 @@
+# Destroys a temporary environment that was created forwhen a pull request is created / updated with a 'deploy-pr' label or triggerred manually
+name: Destroy PR Environment
+concurrency:
+  group: "deploy-${{ github.event.pull_request.head.ref }}"
+  cancel-in-progress: false
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [ closed, unlabeled ]
+
+permissions:
+  id-token: write
+  contents: write
+
+env:
+  REF: ${{ github.event_name == 'workflow_dispatch' && github.ref || github.event_name == 'pull_request' && github.event.pull_request.head.ref }}
+
+jobs:
+  deploy-dev-pr-environment:
+    if: |
+      (github.event_name == 'pull_request' && github.event.action == 'unlabeled' && github.event.label.name == 'deploy-pr') 
+      ||
+      (github.event_name == 'pull_request' && github.event.action == 'closed' && contains(github.event.pull_request.labels.*.name, 'deploy-pr'))
+      ||
+      github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    outputs:
+      env_name: ${{ steps.env-name.outputs.PR_ENV_NAME }}
+    steps:
+      - name: Clean Ref
+        id: clean-ref
+        shell: bash
+        run: |
+          BRANCH_NAME=${{ env.REF }}
+          CLEAN_BRANCH_NAME=${BRANCH_NAME#refs/heads/}
+          echo "ref=$CLEAN_BRANCH_NAME" >> $GITHUB_OUTPUT
+
+      - name: "Sanitize ENV name"
+        id: sanitize_env
+        shell: bash
+        run: |
+          SANITIZED_BRANCH_NAME=$(echo -n ${{ steps.clean-ref.outputs.ref }} | tr "/" "-")
+          echo "Sanitized branch name: $SANITIZED_BRANCH_NAME"
+          TRIMMED_BRANCH_NAME=$(echo -n "$SANITIZED_BRANCH_NAME" | cut -c 1-18 | sed 's/[-/]$//')
+          echo "sanitized_env_name=$SANITIZED_BRANCH_NAME" >> $GITHUB_OUTPUT;
+          echo "trimmed_env_name=$TRIMMED_BRANCH_NAME" >> $GITHUB_OUTPUT;
+        
+      - name: Environment deployment
+        id: env-name
+        run: |
+          echo "deploying environment"
+          echo "PR_ENV_NAME=${{ steps.sanitize_env.outputs.trimmed_env_name }}" >> $GITHUB_ENV
+          echo "PR_ENV_NAME=${{ steps.sanitize_env.outputs.trimmed_env_name }}" >> $GITHUB_OUTPUT
+
+  destroy-preview:
+    needs: deploy-dev-pr-environment
+    if: |
+      (github.event_name == 'pull_request' && github.event.action == 'unlabeled' && github.event.label.name == 'deploy-pr') 
+      ||
+      (github.event_name == 'pull_request' && github.event.action == 'closed' && contains(github.event.pull_request.labels.*.name, 'deploy-pr'))
+      ||
+      github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger workflow in another repo
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GIT_TOKEN }}
+          script: |
+            try {
+              await github.rest.repos.createDispatchEvent({
+                owner: 'ballerine-io',
+                repo: 'cloud-infra-config',
+                event_type: 'destroy-preview',
+                client_payload: {
+                  'ref': '${{ needs.deploy-dev-pr-environment.outputs.env_name }}'
+                }
+              });
+              console.log('Successfully triggered deploy-preview event');
+            } catch (error) {
+              console.error('Failed to trigger deploy-preview event:', error);
+              throw error;
+            }

.github/workflows/packer-build-ami.yml

@@ -0,0 +1,41 @@
+name: Packer build AWS AMI's 
+on: 
+  workflow_dispatch:
+
+jobs:
+  plan:
+    environment: Terraform
+    defaults:
+      run:
+        working-directory: /home/runner/work/ballerine/deploy/aws_ami
+    runs-on: ubuntu-latest
+    name: Packer build Artifacts
+    steps:
+      - name: Checkout to Git
+        uses: actions/checkout@v2
+
+      - name: Assume Role
+        uses: ./
+        env:
+          ROLE_ARN: ${{ secrets.AWS_PACKER_ROLE }}
+          ROLE_SESSION_NAME: packersession
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          DURATION_SECONDS: 900
+
+      - name: Setup `packer`
+        uses: hashicorp/setup-packer@main
+        id: setup
+        with:
+          version: 1.8.7
+
+      - name: Run `packer init`
+        id: init
+        run: "packer init template.json.pkr.hcl"
+
+      - name: Run `packer validate`
+        id: validate
+        run: "packer validate template.json.pkr.hcl"
+
+      - name: Build AWS AMIs
+        run: "packer build template.json.pkr.hcl"

.github/workflows/publish-workflows-service.yml

@@ -29,6 +29,7 @@ env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository_owner }}/workflows-service
 
+
 jobs:
 
   determine_branch:
@@ -90,16 +91,16 @@ jobs:
           tag: ${{ steps.version.outputs.tag }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
           platforms: 'arm64,arm'
 
       - name: Cache Docker layers
         id: cache
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
@@ -156,7 +157,7 @@ jobs:
           platforms: linux/amd64
           push: true
           cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache,mode=max
           tags: ${{ steps.docker_meta.outputs.tags }}
           build-args: |
             "RELEASE=${{ steps.bump-version.outputs.tag }}"
@@ -220,7 +221,10 @@ jobs:
           changes: |
             {
               "kubernetes/helm/wf-service/${{steps.update_helm_check.outputs.file_name}}": {
-                "image.tag": "${{ needs.build-and-push-ee-image.outputs.docker_tag }}"
+                "image.tag": "${{ needs.build-and-push-ee-image.outputs.docker_tag }}",
+                "prismaMigrate.image.tag": "${{ needs.build-and-push-ee-image.outputs.docker_tag }}",
+                "dbMigrate.image.tag": "${{ needs.build-and-push-ee-image.outputs.docker_tag }}",
+                "dataSync.image.tag": "${{ needs.build-and-push-ee-image.outputs.docker_tag }}"
               }
             }
 
@@ -335,7 +339,7 @@ jobs:
 
       - name: Cache Docker layers
         id: cache
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
@@ -359,10 +363,10 @@ jobs:
           cd ../../../..
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
           platforms: 'arm64,arm'
 

.github/workflows/push-workflows-service-image.yml

@@ -0,0 +1,226 @@
+name: New Build Push workflows-service image
+
+on:
+  workflow_dispatch:
+    inputs:
+      operation: 
+        type: choice
+        description: 'What operation you want to do after image build?'
+        required: true
+        default: 'Deploy to Dev'
+        options:
+          - 'Deploy to Dev'
+  push:
+    paths:
+      # Run this pipeline only if there are changes in specified path
+      - 'services/workflows-service/**'
+    branches:
+    - "dev"
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository_owner }}/workflows-service
+
+jobs:
+
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    outputs:
+      sha_short: ${{ steps.version.outputs.sha_short }} # short sha of the commit
+      image_tags: ${{ steps.docker_meta.outputs.tags }} # <short_sha>-<branch_name>, <branch_name>, latest(for prod branch only)
+
+      version: ${{ steps.bump-version.outputs.version }} # workflow-service@vX.X.X
+      bumped_tag: ${{ steps.bump-version.outputs.tag }} # bumped patched version X.X.X+1
+
+      docker_image: ${{ steps.docker-version.outputs.image }} # ghcr.io/ballerine-io/workflows-service
+      docker_tag: ${{ steps.docker-version.outputs.tag }} # <short_sha>-<branch_name>
+      docker_full_image: ${{ steps.docker-version.outputs.full_image }} # ghcr.io/ballerine-io/workflows-service:<short_sha>-<branch_name>
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Get tags
+        run: git fetch --tags origin
+
+      - name: Get version
+        id: version
+        run: |
+          TAG=$(git tag -l "$(echo workflow-service@)*" | sort -V -r | head -n 1)
+          echo "tag=$TAG"
+          echo "tag=$TAG" >> "$GITHUB_OUTPUT"
+          echo "TAG=$TAG" >> "$GITHUB_ENV"
+
+          SHORT_SHA=$(git rev-parse --short HEAD)
+          echo "sha_short=$SHORT_SHA"
+          echo "sha_short=$SHORT_SHA" >> $GITHUB_OUTPUT
+          echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV
+          echo "DEV_WF_SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV
+
+      - name: Bump version
+        id: bump-version
+        uses: ./.github/actions/bump-version
+        with:
+          tag: ${{ steps.version.outputs.tag }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: 'arm64,arm'
+
+      - name: Cache Docker layers
+        id: cache
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+          restore-keys: |
+            ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+            ${{ runner.os }}-docker-
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for Docker images
+        id: docker_meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ github.ref_name }}
+            type=raw,value=dev
+            type=raw,value=${{ steps.version.outputs.sha_short }}-${{ github.ref_name }}
+            type=raw,value=${{ steps.version.outputs.sha_short }}-dev
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'prod') }}
+            type=sha,format=short
+
+      - name: Docker metadata version
+        id: docker-version
+        run: |
+          DOCKER_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          DOCKER_TAG=${{ steps.version.outputs.sha_short }}-${{ github.ref_name }}
+          DOCKER_FULL_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.sha_short }}-${{ github.ref_name }}
+
+          echo "DOCKER_IMAGE=$DOCKER_IMAGE"
+          echo "DOCKER_TAG=$DOCKER_TAG"
+          echo "DOCKER_FULL_IMAGE=$DOCKER_FULL_IMAGE"
+
+          echo "image=$DOCKER_IMAGE" >> $GITHUB_OUTPUT
+          echo "tag=$DOCKER_TAG" >> $GITHUB_OUTPUT
+          echo "full_image=$DOCKER_FULL_IMAGE" >> $GITHUB_OUTPUT
+
+      - name: Print docker version outputs
+        run: |
+          echo "Metadata: ${{ steps.docker_meta.outputs.tags }}"
+
+          echo "sha_short: ${{ steps.version.outputs.sha_short }}"
+          echo "docker_meta-tags: ${{ steps.docker_meta.outputs.tags }}"
+          echo "bump-version-version: ${{ steps.bump-version.outputs.version }}"
+          echo "bump-version-tag: ${{ steps.bump-version.outputs.tag }}"
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: services/workflows-service
+          platforms: linux/amd64
+          push: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          build-args: |
+            "RELEASE=${{ steps.bump-version.outputs.tag }}"
+            "SHORT_SHA=${{ steps.version.outputs.sha_short }}"
+
+      - name: Update Service version in Environment
+        run: |
+          curl -X PATCH \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.GH_CI_ENV_TOKEN }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            "https://api.github.com/repos/ballerine-io/ballerine/actions/variables/DEV_WF_SHORT_SHA" \
+            -d '{"name":"DEV_WF_SHORT_SHA","value":"${{ steps.version.outputs.sha_short }}"}'
+            
+      - name: Scan Docker Image
+        uses: aquasecurity/trivy-action@master
+        continue-on-error: true
+        with:
+          cache-dir:
+          image-ref: ${{ steps.docker-version.outputs.full_image }}
+          format: 'table'
+          ignore-unfixed: true
+          exit-code: 1
+          trivyignores: ./.trivyignore
+          vuln-type: 'os,library'
+          severity: 'CRITICAL'
+
+  deploy-to-dev:
+    needs: [build-and-push-image]
+    uses: ./.github/workflows/deploy-wf-service.yml
+    with:
+      environment: 'dev'
+      sha: ${{ needs.build-and-push-image.outputs.sha_short }}
+    secrets: inherit
+
+  release:
+    runs-on: ubuntu-latest
+    needs: [build-and-push-image,deploy-to-dev]
+    if: ${{ needs.deploy-to-dev.result=='success' }} && (startsWith(github.ref, 'refs/heads/prod') || startsWith(github.ref, 'refs/heads/dev') || startsWith(github.ref, 'refs/heads/sb') || github.event.inputs.environment == 'dev')
+    env:
+      GH_TOKEN: ${{ github.token }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Release
+        run: |
+          if [ "${{ inputs.operation }}" == "Deploy to Dev" || [ "${{ github.event_name }}" == "push" ]; then
+            suffix="-dev-${{ needs.build-and-push-image.outputs.sha_short }}"
+          else
+            suffix=""
+          fi
+          gh release create ${{ needs.build-and-push-image.outputs.version }}${suffix} --notes-start-tag ${{ needs.build-and-push-image.outputs.bumped_tag }}
+            
+  sentry:
+    runs-on: ubuntu-latest
+    needs: [release,build-and-push-image]
+    env:
+      GH_TOKEN: ${{ github.token }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # TODO: add caching for docker_full_image which build previously
+
+      - name: Run Container and Copy File
+        run: |
+          id=$(docker run --rm --name tmp -d ${{ needs.build-and-push-image.outputs.docker_full_image }} tail -f /dev/null)
+
+          mkdir -p ./dist
+
+          docker cp $id:/app/dist/ ./dist
+
+          curl -sL https://sentry.io/get-cli/ | SENTRY_CLI_VERSION="2.31.0" bash
+
+          sentry-cli releases new "${{needs.build-and-push-image.outputs.version}}"
+          echo "sentry-cli releases new ${{needs.build-and-push-image.outputs.version}}"
+
+          sentry-cli releases set-commits "${{needs.build-and-push-image.outputs.version}}" --auto --ignore-missing
+          echo "sentry-cli releases set-commits ${{needs.build-and-push-image.outputs.version}} --auto --ignore-missing"
+
+          sentry-cli sourcemaps upload --dist="${{needs.build-and-push-image.outputs.sha_short}}" --release="${{needs.build-and-push-image.outputs.version}}" ./dist
+          echo "sentry-cli sourcemaps upload --dist=${{needs.build-and-push-image.outputs.sha_short}} --release=${{needs.build-and-push-image.outputs.version}} ./dist"
+
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+          SENTRY_PROJECT: ${{ secrets.WF_SENTRY_PROJECT }}

.github/workflows/release.yml

@@ -4,7 +4,6 @@ on:
   push:
     branches:
       - dev
-
 
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 
@@ -39,7 +38,7 @@ jobs:
         run: |
           echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
 
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         name: Setup pnpm cache
         with:
           path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}

.github/workflows/test-ballerine-deploy.yml

@@ -0,0 +1,60 @@
+name: Test Ballerine Deploy
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ dev ]
+
+jobs:
+  test-deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+      with:
+        platforms: 'arm64,arm'
+
+    - name: Start containers
+      run: |
+        sudo apt-get update
+        sudo apt-get install docker-compose
+        cd deploy
+        docker-compose up -d
+      
+    - name: Wait for containers to be healthy
+      run: |
+        cd deploy
+        timeout=180  # 3 minutes timeout
+        elapsed=0
+        interval=10
+        
+        while [ $elapsed -lt $timeout ]; do
+          if docker-compose ps | grep -q "healthy"; then
+            unhealthy_count=$(docker-compose ps | grep -c "unhealthy" || true)
+            if [ $unhealthy_count -eq 0 ]; then
+              echo "All containers are healthy!"
+              exit 0
+            fi
+          fi
+          
+          echo "Waiting for containers to be healthy... ($elapsed seconds elapsed)"
+          sleep $interval
+          elapsed=$((elapsed + interval))
+        done
+        
+        echo "Timeout reached. Some containers are not healthy."
+        docker-compose ps
+        docker-compose logs
+        exit 1
+    
+    - name: Clean up
+      if: always()
+      run: |
+        cd deploy
+        docker-compose down -v

.gitignore

@@ -59,3 +59,7 @@ deploy/caddy/caddy_config
 todo.md
 services/workflows-service/test-report.html
 services/workflows-service/ci/*
+logs
+
+.nx/cache
+.nx/workspace-data

.npmrc

@@ -1,3 +1,4 @@
 auto-install-peers = true
 strict-peer-dependencies = false
 save-workspace-protocol = false
+link-workspace-packages = true

.nvmrc

@@ -1 +1 @@
-18
+21

.vscode/extensions.json

@@ -7,6 +7,7 @@
     "prisma.prisma",
     "bradlc.vscode-tailwindcss",
     "github.vscode-github-actions",
-    "streetsidesoftware.code-spell-checker"
+    "streetsidesoftware.code-spell-checker",
+    "orta.vscode-jest"
   ]
 }

.vscode/launch.json

@@ -39,6 +39,35 @@
       "localRoot": "${workspaceFolder}/services/workflows-service",
       "remoteRoot": "/app",
       "sourceMaps": true
+    },
+    {
+      "type": "node",
+      "name": "vscode-jest-tests.v2.ballerine",
+      "request": "launch",
+      "args": [
+        "--runInBand",
+        "--watchAll=false",
+        "--testNamePattern",
+        "${jest.testNamePattern}",
+        "--runTestsByPath",
+        "${jest.testFile}"
+      ],
+      "cwd": "${workspaceFolder}",
+      "console": "integratedTerminal",
+      "internalConsoleOptions": "neverOpen",
+      "disableOptimisticBPs": true,
+      "program": "${workspaceFolder}/node_modules/.bin/npx"
+    },
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Debug Workflow Service",
+      "runtimeExecutable": "npm",
+      "runtimeArgs": ["run", "start:debug"],
+      "cwd": "${workspaceFolder}/services/workflows-service",
+      "skipFiles": ["<node_internals>/**"],
+      "console": "integratedTerminal",
+      "sourceMaps": true
     }
   ]
 }

.vscode/settings.json

@@ -0,0 +1,17 @@
+{
+  "jest.jestCommandLine": "node_modules/.bin/jest",
+  "eslint.workingDirectories": [
+    "apps/backoffice-v2",
+    "apps/workflows-dashboard",
+    "packages/workflow-core",
+    "services/workflows-service",
+    "packages/common"
+  ],
+  "search.exclude": {
+    "**/node_modules": true,
+    "**/dist": true,
+    "**/data-migrations": false
+  },
+  "search.followSymlinks": true,
+  "search.useIgnoreFiles": false
+}

README.md

@@ -16,7 +16,7 @@
 
   <a href="https://docs.ballerine.com/">Documentation</a>
     ·
-   <a href="https://join.slack.com/t/ballerine-oss/shared_invite/zt-1iu6otkok-OqBF3TrcpUmFd9oUjNs2iw">Slack</a>
+   <a href="https://join.slack.com/t/ballerine-oss/shared_invite/zt-1il7txerq-K0YrXtlzMttGgD3XXYxlfw">Slack</a>
     ·
     <a href="https://www.ballerine.com/">Website</a>
     ·
@@ -74,10 +74,11 @@ We believe in enabling companies to manage user  identity  and risk according to
 **Parts of the system you might look for but are not in THIS demo:**
 - Our Rule Engine is still under construction and will soon be released.
 
+
 **Getting started**
 To set up a local environment, follow these steps:
 1. #### Install prerequisites:
-   - Node.js ([Install NVM](https://github.com/nvm-sh/nvm), then install node "nvm install --lts")
+   - Node.js ([Install NVM](https://github.com/nvm-sh/nvm), then install node "nvm install 21")
    - Latest PNPM version ([Install PNPM](https://pnpm.io/installation))
    - Docker and docker compose ([Docker](https://docs.docker.com/desktop), [Docker Compose](https://docs.docker.com/compose/install))
 
@@ -104,24 +105,37 @@ To set up a local environment, follow these steps:
    pnpm kyc-manual-review-example
    ```
 Once the process is complete,  _2 tabs_   will open in your browser:
-1. http://localhost:5201/ - for the _KYB document collection flow_
-   OR http://localhost:5202 - for the _KYC document collection flow_
-2. http://localhost:5137/ - for the  _backoffice_
-   (See username/password below, It's recommended to have them positioned side-by-side).
-
-   <sub>If the required tabs have not opened automatically, please use the links we have provided above.</sub>
-
-   **Steps to go over the flow:**
-
-1.  Go to the Backoffice tab to review the new user that was created
-   1.1. Sign-in with the following credentials:
-      - **Email:** `admin@admin.com`
-      - **Password:** `admin`
-   1.2. Under the business menu, choose "KYB with UBOs" to view the list of cases currently undergoing.
-2.  On the Collection flow, fill in the required fields on each step.
-3.  Go through and complete the flow. As you go through the collection flow, you should see the progress in the Backoffice case.
-4.  Once the collection flow is finished, you can see the new state is "manual review," Assign the case to yourself, and then you will be able to choose to Approve, Reject, or Ask to Resubmit.
-5.  Ask to resubmit a document, go back to the collection flow to re-upload, then go back to the Backoffice to see the updated information.
+1. Document Collection Flow:
+   - KYB: [http://localhost:5201/](http://localhost:5201/)
+   - KYC: [http://localhost:5202](http://localhost:5202)
+2. Back Office: [http://localhost:5137/](http://localhost:5137/)
+   _(It's recommended to position both tabs side-by-side)_
+
+> **Note:** If the tabs don't open automatically, use the links above.
+
+### Flow Instructions
+
+1. **Access the Back Office**
+   - Sign in using:
+     ```
+     Email: admin@admin.com
+     Password: admin
+     ```
+   - Navigate to "KYB with UBOs" under the business menu to view ongoing cases
+
+2. **Complete the Collection Flow**
+   - Fill out all required fields in each step
+   - The Back Office case will update as you progress
+
+3. **Review & Process**
+   - Once complete, the case status changes to "manual review"
+   - Assign the case to yourself
+   - Choose to: Approve, Reject, or Request Resubmission
+
+4. **Document Resubmission**
+   - Request a document resubmission
+   - Return to collection flow to upload new document
+   - Check Back Office for updated information
 
 * Note: some components are currently in beta, if you run into an issue please ping us on Slack
 
@@ -130,7 +144,7 @@ Once the process is complete,  _2 tabs_   will open in your browser:
 We appreciate all types of contributions and believe that an active community is the secret to a rich and stable product.
 Here are some of the ways you can contribute:
 
--   Give us feedback in our  [Slack community](https://join.slack.com/t/ballerine-oss/shared_invite/zt-1iu6otkok-OqBF3TrcpUmFd9oUjNs2iw)
+-   Give us feedback in our  [Slack community](https://join.slack.com/t/ballerine-oss/shared_invite/zt-1il7txerq-K0YrXtlzMttGgD3XXYxlfw)
 -   Help with bugs and features on [our Issues page](https://github.com/ballerine-io/ballerine/issues)
 -   Submit a  [feature request](https://github.com/ballerine-io/ballerine/issues/new?assignees=&labels=enhancement%2C+feature&template=feature_request.md)  or  [bug report](https://github.com/ballerine-io/ballerine/issues/new?assignees=&labels=bug&template=bug_report.md)
 

apps/backoffice-v2/.env.example

@@ -5,3 +5,5 @@ VITE_MOCK_SERVER=false
 VITE_POLLING_INTERVAL=10
 VITE_ASSIGNMENT_POLLING_INTERVAL=5
 VITE_FETCH_SIGNED_URL=false
+VITE_ENVIRONMENT_NAME=local
+MODE=development

apps/backoffice-v2/.eslintrc.cjs

@@ -6,11 +6,12 @@ module.exports = {
       callees: ['ctw'],
     },
   },
-  parserOptions: {
-    project: './tsconfig.json',
-  },
   rules: {
     'tailwindcss/no-custom-classname': 'off',
     'tailwindcss/classnames-order': 'off',
   },
+  parserOptions: {
+    tsconfigRootDir: __dirname,
+    project: 'tsconfig.eslint.json',
+  },
 };

apps/backoffice-v2/.storybook/main.ts

@@ -18,5 +18,13 @@ const config: StorybookConfig = {
   docs: {
     autodocs: true,
   },
+  viteFinal: config => {
+    config.optimizeDeps = {
+      ...config.optimizeDeps,
+      include: ['@ballerine/ui'],
+    };
+
+    return config;
+  },
 };
 export default config;

apps/backoffice-v2/Dockerfile

@@ -22,10 +22,18 @@ CMD ["npm", "run", "dev", "--host"]
 
 FROM nginx:stable-alpine as prod
 
+WORKDIR /app
+
 COPY --from=dev /app/dist /usr/share/nginx/html
 
+COPY --from=dev /app/entrypoint.sh /app/entrypoint.sh
+
 COPY example.nginx.conf /etc/nginx/conf.d/default.conf
 
+RUN chmod a+x /app/entrypoint.sh;
+
 EXPOSE 80
 
+ENTRYPOINT [ "/app/entrypoint.sh" ]
+
 CMD ["nginx", "-g", "daemon off;"]

apps/backoffice-v2/entrypoint.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/env sh
+
+if [[ -n "$VITE_DOMAIN" ]]
+then
+    VITE_API_URL="$VITE_DOMAIN/api/v1/internal"
+fi
+
+if [[ -n "$VITE_API_KEY" ]]
+then
+    VITE_API_KEY="$VITE_API_KEY"
+fi
+
+if [[ -n "$VITE_AUTH_ENABLED" ]]
+then
+    VITE_AUTH_ENABLED="$VITE_AUTH_ENABLED"
+fi
+
+if [[ -n "$VITE_MOCK_SERVER" ]]
+then
+    VITE_MOCK_SERVER="$VITE_MOCK_SERVER"
+fi
+
+if [[ -n "$VITE_POLLING_INTERVAL" ]]
+then
+    VITE_POLLING_INTERVAL="$VITE_POLLING_INTERVAL"
+fi
+
+if [[ -n "$VITE_ASSIGNMENT_POLLING_INTERVAL" ]]
+then
+    VITE_ASSIGNMENT_POLLING_INTERVAL="$VITE_ASSIGNMENT_POLLING_INTERVAL"
+fi
+
+if [[ -n "$VITE_FETCH_SIGNED_URL" ]]
+then
+    VITE_FETCH_SIGNED_URL="$VITE_FETCH_SIGNED_URL"
+fi
+
+cat << EOF > /usr/share/nginx/html/config.js
+globalThis.env = {
+  VITE_API_URL: "$VITE_API_URL",
+  VITE_API_KEY: "$VITE_API_KEY",
+  VITE_AUTH_ENABLED: "$VITE_AUTH_ENABLED",
+  VITE_MOCK_SERVER: "$VITE_MOCK_SERVER",
+  VITE_POLLING_INTERVAL: "$VITE_POLLING_INTERVAL",
+  VITE_ASSIGNMENT_POLLING_INTERVAL: "$VITE_ASSIGNMENT_POLLING_INTERVAL",
+  VITE_FETCH_SIGNED_URL: "$VITE_FETCH_SIGNED_URL",
+  VITE_ENVIRONMENT_NAME: "local",
+  MODE: "production"
+}
+EOF
+
+# Handle CMD command
+exec "$@"

apps/backoffice-v2/global.d.ts

@@ -0,0 +1,3 @@
+declare global {
+  export var env: { [key: string]: any };
+}

apps/backoffice-v2/index.html

@@ -8,6 +8,7 @@
     <link rel="manifest" href="/manifest.webmanifest" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Ballerine - Backoffice</title>
+    <script type="text/javascript" src="/config.js"></script>
     <script>
       let cachedTheme = localStorage.getItem('theme');
       const themes = ['dark', 'light'];

apps/backoffice-v2/package.json

@@ -1,8 +1,9 @@
 {
   "name": "@ballerine/backoffice-v2",
-  "version": "0.7.17",
+  "version": "0.7.124",
   "description": "Ballerine - Backoffice",
   "homepage": "https://github.com/ballerine-io/ballerine",
+  "type": "module",
   "repository": {
     "type": "git",
     "url": "git+https://github.com:ballerine-io/backoffice-vanilla.git"
@@ -40,7 +41,8 @@
     "lint": "eslint . --fix",
     "start": "vite",
     "dev": "vite",
-    "build": "vite build",
+    "build": "cross-env NODE_OPTIONS=--max-old-space-size=32768 vite build",
+    "prod:next": "vite build && vite --host",
     "test": "vitest run --passWithNoTests",
     "test:unit": "vitest run --passWithNoTests",
     "test:e2e": "playwright test",
@@ -50,14 +52,16 @@
     "preview": "vite preview"
   },
   "dependencies": {
-    "@ballerine/blocks": "0.2.6",
-    "@ballerine/common": "0.9.12",
-    "@ballerine/react-pdf-toolkit": "^1.2.6",
-    "@ballerine/ui": "^0.5.6",
-    "@ballerine/workflow-browser-sdk": "0.6.18",
-    "@ballerine/workflow-node-sdk": "0.6.18",
+    "@ballerine/blocks": "0.2.39",
+    "@ballerine/common": "0.9.84",
+    "@ballerine/react-pdf-toolkit": "^1.2.97",
+    "@ballerine/ui": "0.7.124",
+    "@ballerine/workflow-browser-sdk": "0.6.106",
+    "@ballerine/workflow-node-sdk": "0.6.106",
+    "@botpress/webchat": "^2.1.10",
+    "@botpress/webchat-generator": "^0.2.9",
     "@fontsource/inter": "^4.5.15",
-    "@formkit/auto-animate": "1.0.0-beta.5",
+    "@formkit/auto-animate": "0.8.2",
     "@hookform/resolvers": "^3.1.0",
     "@lukemorales/query-key-factory": "^1.0.3",
     "@radix-ui/react-aspect-ratio": "^1.0.3",
@@ -75,28 +79,54 @@
     "@radix-ui/react-slot": "^1.0.1",
     "@radix-ui/react-switch": "^1.0.3",
     "@radix-ui/react-tabs": "^1.0.4",
-    "@react-pdf/renderer": "^3.1.14",
+    "@radix-ui/react-toggle": "^1.1.0",
+    "@radix-ui/react-toggle-group": "^1.1.0",
     "@radix-ui/react-tooltip": "^1.0.7",
+    "@react-pdf/renderer": "^3.1.14",
     "@rjsf/utils": "^5.9.0",
+    "@sentry/react": "^7.77.0",
     "@tanstack/react-query": "^4.19.1",
     "@tanstack/react-table": "^8.9.2",
+    "@tiptap/core": "^2.9.1",
+    "@tiptap/extension-code-block-lowlight": "^2.9.1",
+    "@tiptap/extension-color": "^2.9.1",
+    "@tiptap/extension-heading": "^2.9.1",
+    "@tiptap/extension-horizontal-rule": "^2.9.1",
+    "@tiptap/extension-image": "^2.9.1",
+    "@tiptap/extension-link": "^2.9.1",
+    "@tiptap/extension-placeholder": "^2.9.1",
+    "@tiptap/extension-text-style": "^2.9.1",
+    "@tiptap/extension-typography": "^2.9.1",
+    "@tiptap/pm": "^2.9.1",
+    "@tiptap/react": "^2.9.1",
+    "@tiptap/starter-kit": "^2.9.1",
+    "@xyflow/react": "^12.3.0",
     "ballerine-daisyui": "^2.49.6",
     "broadcast-channel": "^7.0.0",
     "class-variance-authority": "^0.6.0",
     "clsx": "^1.2.1",
-    "dayjs": "^1.11.6",
+    "d3-hierarchy": "^3.1.2",
     "date-fns": "^3.0.6",
+    "dayjs": "^1.11.6",
+    "dompurify": "^3.0.6",
     "eslint-plugin-tailwindcss": "^3.8.0",
     "face-api.js": "^0.22.2",
     "framer-motion": "^8.3.4",
+    "html2canvas-pro": "^1.5.8",
     "i18next": "^22.4.9",
     "i18next-browser-languagedetector": "^7.0.1",
     "i18next-http-backend": "^2.1.1",
+    "jspdf": "^2.5.2",
+    "jspdf-autotable": "^3.8.4",
     "leaflet": "^1.9.4",
     "libphonenumber-js": "^1.10.49",
-    "lucide-react": "^0.239.0",
+    "lodash-es": "^4.17.21",
+    "lowlight": "^3.1.0",
+    "lucide-react": "0.445.0",
     "match-sorter": "^6.3.1",
     "msw": "^1.0.0",
+    "papaparse": "^5.5.1",
+    "posthog-js": "^1.154.2",
     "qs": "^6.11.2",
     "react": "^18.2.0",
     "react-day-picker": "^8.10.1",
@@ -108,21 +138,23 @@
     "react-image-crop": "^10.0.9",
     "react-json-view": "^1.21.3",
     "react-leaflet": "^4.2.1",
+    "react-medium-image-zoom": "^5.2.10",
     "react-router-dom": "^6.11.2",
+    "react-to-pdf": "^1.0.1",
     "react-zoom-pan-pinch": "^3.0.8",
     "recharts": "^2.7.2",
     "sonner": "^1.4.3",
-    "string-ts": "^1.2.0",
+    "string-ts": "1.3.0",
     "tailwind-merge": "^1.10.0",
     "tailwindcss-animate": "^1.0.5",
     "tesseract.js": "^4.0.1",
     "ts-pattern": "^5.0.8",
     "vite-plugin-terminal": "^1.1.0",
-    "zod": "^3.22.3"
+    "zod": "^3.23.4"
   },
   "devDependencies": {
-    "@ballerine/config": "^1.1.5",
-    "@ballerine/eslint-config-react": "^2.0.5",
+    "@ballerine/config": "^1.1.37",
+    "@ballerine/eslint-config-react": "^2.0.37",
     "@cspell/cspell-types": "^6.31.1",
     "@faker-js/faker": "^7.6.0",
     "@playwright/test": "^1.32.1",
@@ -135,19 +167,24 @@
     "@storybook/react-vite": "^7.0.0-rc.10",
     "@storybook/testing-library": "^0.0.14-next.1",
     "@tanstack/react-query-devtools": "4.22.0",
-    "@testing-library/jest-dom": "^5.16.4",
-    "@testing-library/react": "^13.3.0",
+    "@testing-library/jest-dom": "^6.6.3",
+    "@testing-library/react": "^16.1.0",
+    "@testing-library/user-event": "^14.5.2",
     "@total-typescript/ts-reset": "^0.5.1",
+    "@types/d3-hierarchy": "^3.1.7",
+    "@types/dompurify": "^3.0.5",
     "@types/leaflet": "^1.9.3",
+    "@types/lodash-es": "^4.17.12",
     "@types/node": "^18.11.13",
+    "@types/papaparse": "^5.3.15",
     "@types/qs": "^6.9.7",
     "@types/react": "^18.0.14",
     "@types/react-dom": "^18.0.5",
-    "@types/testing-library__jest-dom": "^5.14.5",
     "@typescript-eslint/eslint-plugin": "^5.30.0",
     "@typescript-eslint/parser": "^5.30.0",
     "@vitejs/plugin-react-swc": "^3.0.1",
     "autoprefixer": "^10.4.7",
+    "cross-env": "^7.0.3",
     "cspell": "^6.31.2",
     "eslint": "8.22.0",
     "eslint-config-prettier": "^8.5.0",
@@ -162,11 +199,13 @@
     "storybook": "^7.0.0-rc.10",
     "storybook-addon-react-router-v6": "^1.0.2",
     "tailwindcss": "^3.2.4",
-    "typescript": "^4.9.3",
-    "vite": "^4.5.3",
+    "type-fest": "^4.23.0",
+    "typescript": "^5.5.4",
+    "vite": "^5.3.5",
     "vite-plugin-mkcert": "^1.16.0",
-    "vite-tsconfig-paths": "^4.0.7",
-    "vitest": "^0.29.8"
+    "vite-plugin-top-level-await": "^1.4.4",
+    "vite-tsconfig-paths": "^5.0.1",
+    "vitest": "^2.1.8"
   },
   "peerDependencies": {
     "react": "^17.0.0",

apps/backoffice-v2/postcss.config.cjs

@@ -0,0 +1,8 @@
+module.exports = {
+  modules: true,
+  plugins: {
+    'tailwindcss/nesting': {},
+    tailwindcss: {},
+    autoprefixer: {},
+  },
+};

apps/backoffice-v2/public/locales/en/toast.json

@@ -81,9 +81,52 @@
   "pdf_certificate": {
     "error": "Failed to open PDF certificate."
   },
+  "document_ocr": {
+    "success": "OCR performed successfully.",
+    "empty_extraction": "Unable to extract the document's relevant fields.",
+    "error": "Failed to perform OCR on the document."
+  },
+  "business_monitoring_off": {
+    "success": "Merchant monitoring has been turned off successfully.",
+    "error": "Error occurred while turning merchant monitoring off."
+  },
+  "business_monitoring_on": {
+    "success": "Merchant monitoring has been turned on successfully.",
+    "error": "Error occurred while turning merchant monitoring on."
+  },
   "business_report_creation": {
     "success": "Merchant check created successfully.",
     "error": "Error occurred while creating a merchant check.",
     "is_example": "Please contact Ballerine at oss@ballerine.com for access to this feature."
+  },
+  "batch_business_report_creation": {
+    "no_file": "No file selected.",
+    "success": "Merchant checks created successfully.",
+    "error": "Error occurred while creating merchant checks.",
+    "is_example": "Please contact Ballerine at oss@ballerine.com for access to this feature."
+  },
+  "business_report_status_update": {
+    "success": "Merchant check status updated successfully.",
+    "error": "Error occurred while updating merchant check status."
+  },
+  "note_created": {
+    "success": "Note added successfully.",
+    "error": "Error occurred while adding note."
+  },
+  "update_details": {
+    "success": "Details updated successfully.",
+    "error": "Error occurred while updating details."
+  },
+  "ubo_created": {
+    "success": "UBO successfully added",
+    "error": "Error adding UBO"
+  },
+  "ubo_deleted": {
+    "success": "UBO successfully removed",
+    "error": "Error removing UBO"
+  },
+  "request_documents": {
+    "success": "Documents requested successfully.",
+    "error": "Error occurred while requesting documents."
   }
 }

apps/backoffice-v2/public/locales/en/translation.json

@@ -1,5 +1,8 @@
 {
   "home": {
     "greeting": "Welcome"
+  },
+  "business_report_creation": {
+    "is_disabled": "Contact Ballerine for access"
   }
 }

apps/backoffice-v2/src/@types/react-table.d.ts

@@ -0,0 +1,11 @@
+import '@tanstack/react-table';
+
+declare module '@tanstack/react-table' {
+  import { RowData } from '@tanstack/react-table';
+
+  interface ColumnMeta<TData extends RowData, TValue> {
+    useWrapper?: boolean;
+  }
+}
+
+export {};