apps/web/ui/modals/import-firstpromoter-modal.tsx (1)

128-139: Clarify the help text path to credentials

Use explicit “Settings → Integrations → Manage API Keys” to reduce ambiguity. URL looks fine.

-            Settings
+            Settings → Integrations → Manage API Keys

Also applies to: 155-165

apps/web/lib/zod/schemas/program-onboarding.ts (1)

22-24: De-duplicate importSource literals by reusing a shared union.

To avoid future drift with PROGRAM_IMPORT_SOURCES, drive this enum from a single source of truth.

Apply this diff here:

-    importSource: z
-      .enum(["rewardful", "tolt", "partnerstack", "firstpromoter"])
-      .nullish(),
+    importSource: z.enum(PROGRAM_IMPORT_SOURCE_IDS).nullish(),

Then, outside this file, export the IDs tuple and import it here:

// apps/web/lib/partners/constants.ts (add export)
export const PROGRAM_IMPORT_SOURCE_IDS = ["rewardful","tolt","partnerstack","firstpromoter"] as const;

// apps/web/lib/zod/schemas/program-onboarding.ts (add import)
import { PROGRAM_IMPORT_SOURCE_IDS } from "@/lib/partners/constants";

apps/web/lib/zod/schemas/import-error-log.ts (1)

6-6: Add UI mappings for new error codes and include “firstpromoter” in all source filters
Add user-facing text for SELF_REFERRAL and NOT_SUPPORTED_UNIT in the import-error-log UI and verify “firstpromoter” is present in every source dropdown/filter/aggregation.

apps/web/lib/actions/partners/start-firstpromoter-import.ts (4)

12-14: Remove unused workspaceId from schema (or validate it).

Input includes workspaceId but it’s not used; relying on ctx.workspace is correct. Drop the field to avoid confusion.

Apply:

-const schema = firstPromoterCredentialsSchema.extend({
-  workspaceId: z.string(),
-});
+const schema = firstPromoterCredentialsSchema;

Also remove the now-unused z import at Line 9.

---

29-35: Prefer consistent, typed errors for missing program settings.

Throwing bare Errors makes client handling uneven. Consider a domain-specific error (e.g., DubApiError/bad_request) to align with other actions.

---

39-47: Normalize credential error messaging.

Catching and rethrowing here returns either a raw message or a generic one. For better UX/observability, return one standardized message and log details server-side.

---

54-59: Include workspaceId in queue payload and add idempotencyKey
Ensure firstPromoterImporter.queue is invoked with the workspaceId needed for credential lookup and pass an idempotencyKey (e.g. ${workspaceId}:firstpromoter:${action}) to qstash.publishJSON to prevent duplicate jobs on retry.

apps/web/app/(ee)/api/cron/import/firstpromoter/route.ts (3)

24-42: Prefer typed dispatch map over switch; 400 on unknown action.

A handler map tightens types and turns unknown actions into a clear 400 without throwing.

-  switch (payload.action) {
-    case "import-campaigns":
-      await importCampaigns(payload);
-      break;
-    case "import-partners":
-      await importPartners(payload);
-      break;
-    case "import-customers":
-      await importCustomers(payload);
-      break;
-    case "import-commissions":
-      await importCommissions(payload);
-      break;
-    case "update-stripe-customers":
-      await updateStripeCustomers(payload);
-      break;
-    default:
-      throw new Error(`Unknown action: ${payload.action}`);
-  }
+  const handlers = {
+    "import-campaigns": importCampaigns,
+    "import-partners": importPartners,
+    "import-customers": importCustomers,
+    "import-commissions": importCommissions,
+    "update-stripe-customers": updateStripeCustomers,
+  } as const;
+  const handler = handlers[payload.action as keyof typeof handlers];
+  if (!handler) {
+    return NextResponse.json({ error: `Unknown action: ${payload.action}` }, { status: 400 });
+  }
+  await handler(payload);

---

44-44: Return 202 Accepted to reflect async processing.

Signals “work queued/processed asynchronously” more accurately than 200.

-    return NextResponse.json("OK");
+    return NextResponse.json({ ok: true }, { status: 202 });

---

13-21: Add lightweight structured logs for observability.

Log action, importId, page at start and on completion/failure.

 export async function POST(req: Request) {
   try {
     const rawBody = await req.text();
 
     await verifyQstashSignature({
       req,
       rawBody,
     });
 
-    const payload = firstPromoterImportPayloadSchema.parse(JSON.parse(rawBody));
+    const payload = firstPromoterImportPayloadSchema.parse(JSON.parse(rawBody));
+    console.log("[FP Import] start", { action: payload.action, importId: payload.importId, page: payload.page ?? 1 });
@@
-    return NextResponse.json({ ok: true }, { status: 202 });
+    const res = NextResponse.json({ ok: true }, { status: 202 });
+    console.log("[FP Import] done", { action: payload.action, importId: payload.importId, page: payload.page ?? 1 });
+    return res;
   } catch (error) {
+    try {
+      const maybe = JSON.parse(await req.text()).action;
+      console.error("[FP Import] error", { action: maybe });
+    } catch {}
     return handleAndReturnErrorResponse(error);
   }
 }

Also applies to: 22-33, 44-46

apps/web/lib/firstpromoter/import-campaigns.ts (1)

64-65: Use a structured logger and include importId/page.

Makes tracing multi-page runs easier across QStash retries.

-      console.log(`Created ${groups.count} partner groups`);
+      console.log("[FP Import][campaigns] inserted", {
+        count: groups.count,
+        page: currentPage,
+        programId: program.id,
+      });

apps/web/lib/firstpromoter/importer.ts (1)

34-39: Use correct Upstash QStash idempotency header and SDK option names

Replace the placeholder header and confirm option names in publishJSON:

  async queue(body: FirstPromoterImportPayload) {
    const url = `${APP_DOMAIN_WITH_NGROK}/api/cron/import/firstpromoter`;
    const dedupeId = `${body.importId}:${body.action}:${body.page ?? 0}`;
    return await qstash.publishJSON({
      url,
      body,
-     headers: { "Upstash-Idempotency-Key": dedupeId },
+     headers: { "Upstash-Deduplication-Id": dedupeId },
      retries: 5,
+     retry_delay: /* optional backoff expression, e.g. exponential(2) */,
      delay: 2,
    });
  }

– Header must be Upstash-Deduplication-Id (or enable content-based deduplication via Upstash-Content-Based-Deduplication: true).
– SDK options are retries, retry_delay, and delay.

apps/web/lib/firstpromoter/update-stripe-customers.ts (4)

117-124: Escape quotes in Stripe search query

Unescaped quotes in emails (rare but possible) will break the query. The diff above switches to email:"..." with escaping.

---

138-155: Use a distinct error code for multi-match cases

Differentiating “not found” from “ambiguous” aids remediation and dashboards.

-        code: "STRIPE_CUSTOMER_NOT_FOUND",
+        code: "STRIPE_MULTIPLE_CUSTOMERS",

---

37-42: Also persist missing Connect configuration as an import error

Console-only logging makes audits harder. Recommend emitting a Tinybird error event before returning.

---

168-170: Avoid plaintext PII in logs

Prefer masking or structured logs and/or send a success ingest event instead of console.log.

apps/web/ui/modals/import-firstpromoter-modal.tsx (4)

82-94: Harden error toast handling

error.serverError may be undefined depending on failure type. Add a fallback.

-      onError: ({ error }) => toast.error(error.serverError),
+      onError: ({ error }) => {
+        const msg =
+          (error as any)?.serverError ||
+          (typeof error === "string" ? error : "Failed to start import.");
+        toast.error(msg);
+      },

---

117-127: Prevent browser autofill for sensitive API keys

Add autoComplete="off" to reduce accidental persistence; keep password type.

-        <input
+        <input
           type="password"
           id="apiKey"
           value={apiKey}
           autoFocus={!isMobile}
           onChange={(e) => setApiKey(e.target.value)}
+          autoComplete="off"
           className="mt-1 block w-full rounded-md border border-neutral-200 px-3 py-2 placeholder-neutral-400 focus:border-neutral-500 focus:outline-none focus:ring-neutral-500 sm:text-sm"
           required
         />

---

148-154: Disable autofill on Account ID too

-        <input
+        <input
           type="text"
           id="accountId"
           value={accountId}
           onChange={(e) => setAccountId(e.target.value)}
+          autoComplete="off"
           className="mt-1 block w-full rounded-md border border-neutral-200 px-3 py-2 placeholder-neutral-400 focus:border-neutral-500 focus:outline-none focus:ring-neutral-500 sm:text-sm"
           required
         />

---

51-57: Provide a fallback app name

Avoid rendering “undefined” if NEXT_PUBLIC_APP_NAME isn’t set.

-          {process.env.NEXT_PUBLIC_APP_NAME}.
+          {process.env.NEXT_PUBLIC_APP_NAME ?? "Dub"}.

apps/web/lib/firstpromoter/import-commissions.ts (2)

281-301: Validate leadEvent shape before parsing; guard against missing events.

You log and return when no leadEvent, good. But if leadEvent is present yet malformed, .parse(leadEvent) will throw and reject the whole task silently (Promise.allSettled catches but you lose visibility).

Wrap parse in try/catch and log via logImportError on ZodError with the path/message.

---

311-381: Consider batching and throttling DB writes per page.

Parallel create, update, update, and syncTotalCommissions per commission can overload the DB. syncTotalCommissions per commission is especially heavy.

• Throttle createCommission concurrency with p-limit (e.g., 10).
• Defer syncTotalCommissions to once per partner per page (collect partnerIds; run at the end of the batch).
• Optionally wrap the commission create + stat updates in a transaction for atomicity.

apps/web/lib/firstpromoter/api.ts (3)

20-36: Add fetch timeout and basic retry on 429/5xx.

Long-hanging requests or transient errors will stall/break imports.

• Use AbortController with a 30s timeout.
• On 429/502/503/504, retry with backoff (e.g., 3 attempts, jitter).
  I can provide a drop-in wrapper if desired.

---

38-45: testConnection masks non-auth failures.

Catching all errors and rethrowing "Invalid FirstPromoter API token." hides network/timeouts.

Differentiate 401/403 vs others; include original message for diagnostics.

---

95-106: Campaign filtering support.

If you plan campaign-scoped imports, expose optional campaignId in listCommissions and pass it via query (per FirstPromoter API spec).

Example:

-  async listCommissions({ page }: { page?: number }) {
+  async listCommissions({ page, campaignId }: { page?: number; campaignId?: number }) {
     const searchParams = new URLSearchParams({
       per_page: PAGE_LIMIT.toString(),
       ...(page ? { page: page.toString() } : {}),
+      ...(campaignId ? { campaign_id: campaignId.toString() } : {}),
     });

apps/web/lib/firstpromoter/import-customers.ts (4)

92-101: Guard against missing partner-link mapping; log per-customer misses.

If a promoter email has no enrollment links, the whole page silently skips customers. Log LINK_NOT_FOUND per customer to keep parity with commissions importer.

Wrap each customer with a per-customer fallback/log when links.length === 0.

Also applies to: 103-112

---

206-211: Parsing guard and consistent defaults.

If Tinybird returns unexpected nullables, .parse may fail. Keep your overrides but handle ZodError to log and skip this customer.

Wrap parse in try/catch; emit CUSTOMER_CLICK_PARSE_FAILED with issues.

---

169-180: Existing-customer short-circuit: include uid-only matches in the log message.

Minor: log should mention when dedupe happened via externalId match (UID), not just email.

---

117-121: Inter-batch delay: consider exponential backoff on 429.

A fixed 2s sleep might be insufficient under rate limiting.

• Detect 429s from API and increase delay progressively per page.

apps/web/lib/firstpromoter/import-partners.ts (5)

25-29: Guard against missing default group (avoid non-null assertion crash).

If the default group wasn’t created or was renamed, the non-null assertion will throw at runtime.

-  const defaultGroup = groups.find(
-    (group) => group.slug === DEFAULT_PARTNER_GROUP.slug,
-  )!;
+  const defaultGroup = groups.find(
+    (group) => group.slug === DEFAULT_PARTNER_GROUP.slug,
+  );
+  if (!defaultGroup) {
+    console.error("Default partner group not found for program", program.id);
+    return; // or queue an import error for observability
+  }

---

50-53: Make campaign→group mapping case-insensitive to reduce mismatches.

Group lookup by exact name is brittle. Use case-insensitive mapping.

-    const campaignMap = Object.fromEntries(
-      groups.map((group) => [group.name, group]),
-    );
+    const campaignMap = Object.fromEntries(
+      groups.map((group) => [group.name.toLowerCase(), group]),
+    );
...
-              ? campaignMap[promoterCampaigns[0].campaign.name] ?? defaultGroup
+              ? campaignMap[promoterCampaigns[0].campaign.name.toLowerCase()] ??
+                defaultGroup
               : defaultGroup;

Also applies to: 59-63

---

150-153: Skip link creation when program is misconfigured, but surface it.

Good early return. Consider logging via your import error log table or emitting a metric to alert ops.

---

172-175: Optional: reduce cache churn during bulk imports.

If imports are large, consider skipRedisCache: true and a later backfill to propagate.

   await bulkCreateLinks({
-    links,
+    links,
+    // skipRedisCache: true,
   });

---

40-49: Add basic API/backoff handling to avoid stalling on transient failures.

Wrap page fetch and queueing in try/catch; if rate-limited, re-queue same page with delay or a retry counter.

Also applies to: 78-83

apps/web/lib/firstpromoter/schemas.ts (4)

32-35: Validate emails with format.

Use .email() for stricter validation.

-  email: z.string(),
+  email: z.string().email(),
...
-  email: z.string(),
+  email: z.string().email(),
...
-    promoter: firstPromoterPartnerSchema.pick({
+    promoter: firstPromoterPartnerSchema.pick({
       email: true,
     }),

Also applies to: 94-96, 102-106

---

27-27: Coerce numerics to tolerate stringified numbers from the API.

Safer against API/SDK inconsistencies.

-    id: z.number(),
+    id: z.coerce.number(),
...
-  id: z.number(),
+  id: z.coerce.number(),
...
-    id: z.number(),
+    id: z.coerce.number(),
...
-  id: z.number(),
+  id: z.coerce.number(),
...
-  id: z.number(),
+  id: z.coerce.number(),
...
-  sale_amount: z.number(),
-  amount: z.number(),
+  sale_amount: z.coerce.number(),
+  amount: z.coerce.number(),
...
-  original_sale_amount: z.number(),
+  original_sale_amount: z.coerce.number(),

Also applies to: 33-33, 37-37, 94-94, 110-110, 115-116, 120-120

---

99-99: Parse timestamps as ISO datetimes.

Use .datetime() for early validation.

-  created_at: z.string(),
+  created_at: z.string().datetime(),
...
-  created_at: z.string(),
+  created_at: z.string().datetime(),

Also applies to: 119-119

---

36-81: Normalize nullable/optional profile fields robustly (accept undefined and empty strings).

.nullable().transform(val => val || null) rejects undefined. Prefer a reusable helper.

+// helper to accept string | null | undefined and normalize "" to null
+const nullishString = z.string().nullish().transform((v) => (v ? v : null));
...
   profile: z.object({
-    id: z.number(),
-    website: z
-      .string()
-      .nullable()
-      .transform((val) => val || null),
-    company_name: z
-      .string()
-      .nullable()
-      .transform((val) => val || null),
-    country: z
-      .string()
-      .nullable()
-      .transform((val) => val || null),
-    address: z
-      .string()
-      .nullable()
-      .transform((val) => val || null),
-    avatar: z
-      .string()
-      .nullable()
-      .transform((val) => val || null),
-    description: z
-      .string()
-      .nullable()
-      .transform((val) => val || null),
-    youtube_url: z
-      .string()
-      .nullable()
-      .transform((val) => val || null),
-    twitter_url: z
-      .string()
-      .nullable()
-      .transform((val) => val || null),
-    linkedin_url: z
-      .string()
-      .nullable()
-      .transform((val) => val || null),
-    instagram_url: z
-      .string()
-      .nullable()
-      .transform((val) => val || null),
-    tiktok_url: z
-      .string()
-      .nullable()
-      .transform((val) => val || null),
+    id: z.coerce.number(),
+    website: nullishString,
+    company_name: nullishString,
+    country: nullishString,
+    address: nullishString,
+    avatar: nullishString,
+    description: nullishString,
+    youtube_url: nullishString,
+    twitter_url: nullishString,
+    linkedin_url: nullishString,
+    instagram_url: nullishString,
+    tiktok_url: nullishString,

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Learnt from: TWilson023
PR: dubinc/dub#2673
File: apps/web/ui/partners/rewards/add-edit-reward-sheet.tsx:56-66
Timestamp: 2025-07-30T15:25:13.936Z
Learning: In apps/web/ui/partners/rewards/add-edit-reward-sheet.tsx, the form schema uses partial condition objects to allow users to add empty/unconfigured condition fields without type errors, while submission validation uses strict schemas to ensure data integrity. This two-stage validation pattern improves UX by allowing progressive completion of complex forms.

Learnt from: devkiran
PR: dubinc/dub#2448
File: packages/email/src/templates/partner-program-summary.tsx:0-0
Timestamp: 2025-05-29T04:45:18.504Z
Learning: In the PartnerProgramSummary email template (packages/email/src/templates/partner-program-summary.tsx), the stat titles are hardcoded constants ("Clicks", "Leads", "Sales", "Earnings") that will always match the ICONS object keys after toLowerCase() conversion, so icon lookup failures are not possible.

apps/web/tests/tracks/track-sale.test.ts (1)

255-255: Define a local LEAD_EVENT_NAME constant for this test
Replace the hardcoded string with a constant; no shared constant exists and the server schema already accepts leadEventName: z.string().nullish().

@@ apps/web/tests/tracks/track-sale.test.ts:255
-        leadEventName: "Signup (auto lead tracking)",
+        leadEventName: LEAD_EVENT_NAME,

Add at the top of the file:

const LEAD_EVENT_NAME = "Signup (auto lead tracking)";

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

apps/web/tests/tracks/track-sale.test.ts (2)

255-255: Avoid magic string for lead event name

Use a constant to decouple the test from copy changes and keep it in sync with the API default.

Apply within this hunk:

-        leadEventName: "Signup (auto lead tracking)",
+        leadEventName: AUTO_LEAD_EVENT,

Add near the top of the file (or colocate with other test constants):

+const AUTO_LEAD_EVENT = "Signup (auto lead tracking)";

---

263-277: Optional: assert the lead side-effect

If this path is meant to auto-create a lead when clickId is present, consider asserting that the lead was created (or at least that no duplicate leads are created on retry) to fully validate the flow.

I can add a follow-up test that fetches the customer’s events and verifies a single lead with AUTO_LEAD_EVENT. Want me to draft it?

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

apps/web/tests/tracks/track-sale.test.ts (1)

241-244: Rename event label to avoid contradiction with auto lead tracking.

The sale event string says “no lead event” while we now pass leadEventName. Consider simplifying to “Purchase” to avoid confusion in test intent.

-      eventName: "Purchase (no lead event)",
+      eventName: "Purchase",

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

apps/web/lib/firstpromoter/import-campaigns.ts (2)

23-25: Prevent duplicate group inserts across pages; compare by slug and update the in-memory set.
existingGroupNames is static and uses name equality; later pages may re-attempt inserts (relying on skipDuplicates). Track slugs in a Set and update it after createMany.

-  // Groups in the program
-  const existingGroupNames = program.groups.map((group) => group.name);
+  // Track existing slugs for O(1) membership and case/format robustness
+  const existingGroupSlugs = new Set(program.groups.map((g) => g.slug));
@@
-  const newCampaigns = campaigns.filter(
-    (campaign) => !existingGroupNames.includes(campaign.campaign.name),
-  );
+  const newCampaigns = campaigns.filter((c) => {
+    const slug = slugify(c.campaign.name);
+    return !existingGroupSlugs.has(slug);
+  });
@@
   if (newCampaigns.length > 0) {
     const groups = await prisma.partnerGroup.createMany({
       data: newCampaigns.map((campaign) => ({
         id: createId({ prefix: "grp_" }),
         programId: program.id,
-        slug: slugify(campaign.campaign.name),
-        name: campaign.campaign.name,
+        slug: slugify(campaign.campaign.name),
+        name: campaign.campaign.name,
         color: randomValue(RESOURCE_COLORS),
       })),
       skipDuplicates: true,
     });
+
+    // Keep the in-memory set in sync for subsequent pages
+    for (const c of newCampaigns) {
+      existingGroupSlugs.add(slugify(c.campaign.name));
+    }
   }

Also applies to: 46-63, 65-67

---

52-63: Add DB-level uniqueness on (programId, slug) for PartnerGroup.
Even with the Set, concurrent workers can race. Ensure Prisma has a unique index (keep skipDuplicates).

Prisma schema (apply via migration):

model PartnerGroup {
  // ...
  programId String
  slug      String
  @@unique([programId, slug])
}

apps/web/lib/firstpromoter/importer.ts (1)

18-28: Extend credentials TTL on access to avoid mid-import expiry.
Long imports/retries can outlive 24h. Refresh TTL on get.

-  async getCredentials(workspaceId: string): Promise<FirstPromoterCredentials> {
-    const config = await redis.get<FirstPromoterCredentials>(
-      `${CACHE_KEY_PREFIX}:${workspaceId}`,
-    );
+  async getCredentials(workspaceId: string): Promise<FirstPromoterCredentials> {
+    const key = `${CACHE_KEY_PREFIX}:${workspaceId}`;
+    const config = await redis.get<FirstPromoterCredentials>(key);
@@
-    return config;
+    // Best-effort TTL extension
+    try {
+      await redis.expire(key, CACHE_EXPIRY);
+    } catch {}
+    return config;
   }

apps/web/lib/firstpromoter/update-stripe-customers.ts (4)

104-106: Narrow type: email should be required post-filter.
Reflects the DB filter above.

-  customer: Pick<Customer, "id" | "email">;
+  customer: Pick<Customer, "id"> & { email: string };

---

11-13: Do not enable Stripe livemode outside production.
Current check flips to live in all Vercel envs. Restrict to prod.

-const stripe = stripeAppClient({
-  ...(process.env.VERCEL_ENV && { livemode: true }),
-});
+const stripe = stripeAppClient({
+  ...(process.env.VERCEL_ENV === "production" && { livemode: true }),
+});

---

48-56: Filter to customers with non-null, non-empty emails; drop unused fields.
Prevents bad Stripe queries and wasted calls.

   const customers = await prisma.customer.findMany({
     where: {
       projectId: workspace.id,
       stripeCustomerId: null,
+      email: { not: null, notIn: [""] },
     },
     select: {
       id: true,
-      email: true,
+      email: true,
     },

---

171-173: Capture exceptions via logImportError for observability.
Console logs are easy to miss; log with context and a stable code.

-  } catch (error) {
-    console.error(error);
-  }
+  } catch (error) {
+    await logImportError({
+      workspace_id: workspace.id,
+      import_id: importId,
+      source: "firstpromoter",
+      entity: "customer",
+      entity_id: customer.id,
+      code: "INTERNAL_ERROR",
+      message:
+        error instanceof Error ? error.message : "Unknown error updating Stripe customer",
+    });
+    return null;
+  }

apps/web/lib/firstpromoter/import-commissions.ts (1)

62-65: Filter out undefined/empty emails to avoid Prisma in: [...] errors

filter((email): email is string => email !== null) still lets undefined/empty through.

Apply:

-            .filter((email): email is string => email !== null),
+            .filter(
+              (email): email is string =>
+                typeof email === "string" && email.length > 0,
+            ),

apps/web/lib/firstpromoter/import-customers.ts (3)

92-99: Avoid non-null assertion on partner email; skip null/undefined safely

partner.email! can produce bad keys and runtime issues when email is nullable.

-      const partnerEmailToLinks = programEnrollments.reduce(
-        (acc, { partner, links }) => {
-          const email = partner.email!; // assert non-null
-          acc[email] = (acc[email] ?? []).concat(links);
-          return acc;
-        },
-        {} as Record<string, (typeof programEnrollments)[number]["links"]>,
-      );
+      const partnerEmailToLinks = programEnrollments.reduce(
+        (acc, { partner, links }) => {
+          const email = partner.email;
+          if (email === null || email === undefined) return acc;
+          acc[email] = (acc[email] ?? []).concat(links);
+          return acc;
+        },
+        {} as Record<string, (typeof programEnrollments)[number]["links"]>,
+      );

---

66-115: Process customers even if no partners are found; let createCustomer log errors

Currently all customers are skipped when partnerIds.length === 0.

-    if (partnerIds.length > 0) {
-      // Find the program enrollments by the partner ids
-      const programEnrollments = await prisma.programEnrollment.findMany({
+    // Find the program enrollments by the partner ids (if any)
+    const programEnrollments = partnerIds.length > 0
+      ? await prisma.programEnrollment.findMany({
           where: {
             partnerId: {
               in: partnerIds,
             },
             programId,
           },
           select: {
             partner: { select: { email: true } },
             links: { select: { id: true, key: true, domain: true, url: true } },
           },
-      });
-
-      const partnerEmailToLinks = programEnrollments.reduce(
+      })
+      : [];
+
+    const partnerEmailToLinks = programEnrollments.reduce(
         (acc, { partner, links }) => {
-          const email = partner.email!; // assert non-null
+          const email = partner.email!;
           acc[email] = (acc[email] ?? []).concat(links);
           return acc;
         },
         {} as Record<string, (typeof programEnrollments)[number]["links"]>,
       );
 
-      await Promise.allSettled(
-        customers.map((customer) => {
-          const links =
-            partnerEmailToLinks[customer.promoter_campaign.promoter.email] ??
-            [];
-
-          return createCustomer({
-            workspace,
-            links,
-            customer,
-            importId,
-          });
-        }),
-      );
-    }
+    await Promise.allSettled(
+      customers.map((customer) => {
+        const links =
+          partnerEmailToLinks[customer.promoter_campaign.promoter.email] ?? [];
+        return createCustomer({ workspace, links, customer, importId });
+      }),
+    );

(Optional: also remove the remaining non-null assertion as per prior comment.)

---

194-211: Guard recordClick returning null before parsing; avoid runtime throw

recordClick can return null even with skipRatelimit; parsing without a check will crash.

   const clickData = await recordClick({
     req: dummyRequest,
     linkId: link.id,
     clickId: nanoid(16),
     url: link.url,
     domain: link.domain,
     key: link.key,
     workspaceId: workspace.id,
     skipRatelimit: true,
     timestamp: new Date(customer.created_at).toISOString(),
   });
 
-  const clickEvent = clickEventSchemaTB.parse({
+  if (!clickData) {
+    await logImportError({
+      ...commonImportLogInputs,
+      code: "CLICK_NOT_RECORDED",
+      message: `Click not recorded for customer ${customer.id}.`,
+    });
+    return;
+  }
+
+  const clickEvent = clickEventSchemaTB.parse({
     ...clickData,
     bot: 0,
     qr: 0,
   });

apps/web/lib/firstpromoter/api.ts (1)

28-35: Harden error handling for non-JSON responses

await response.json() on error can throw and mask the real HTTP error.

-    if (!response.ok) {
-      const error = await response.json();
-
-      console.error("FirstPromoter API Error:", error);
-      throw new Error(error.message || "Unknown error from FirstPromoter API.");
-    }
+    if (!response.ok) {
+      let message = `FirstPromoter API error: ${response.status} ${response.statusText}`;
+      try {
+        const err = await response.json();
+        message = err?.message || message;
+      } catch {
+        // non-JSON body; keep default message
+      }
+      console.error("FirstPromoter API Error:", message);
+      throw new Error(message);
+    }

apps/web/lib/firstpromoter/import-partners.ts (4)

26-29: Remove non-null assertion on default group; throw with context if missing

Prevents hard-to-diagnose crashes when DB is inconsistent.

-  const defaultGroup = groups.find(
-    (group) => group.slug === DEFAULT_PARTNER_GROUP.slug,
-  )!;
+  const defaultGroup = groups.find(
+    (group) => group.slug === DEFAULT_PARTNER_GROUP.slug,
+  );
+  if (!defaultGroup) {
+    throw new Error(
+      `Default partner group not found for program ${programId}.`,
+    );
+  }

---

121-122: Upsert update is empty — partner profiles won’t refresh

Populate updatable fields to keep data current; guard against nulls.

     update: {},
+    update: {
+      name: affiliate.name,
+      ...(affiliate.profile.avatar && { image: affiliate.profile.avatar }),
+      ...(affiliate.profile.description && {
+        description: affiliate.profile.description,
+      }),
+      ...(affiliate.profile.country && { country: affiliate.profile.country }),
+      ...(affiliate.profile.website && { website: affiliate.profile.website }),
+      ...(affiliate.profile.youtube_url && { youtube: affiliate.profile.youtube_url }),
+      ...(affiliate.profile.twitter_url && { twitter: affiliate.profile.twitter_url }),
+      ...(affiliate.profile.linkedin_url && { linkedin: affiliate.profile.linkedin_url }),
+      ...(affiliate.profile.instagram_url && { instagram: affiliate.profile.instagram_url }),
+      ...(affiliate.profile.tiktok_url && { tiktok: affiliate.profile.tiktok_url }),
+      ...(affiliate.profile.company_name && { companyName: affiliate.profile.company_name }),
+      ...(affiliate.profile.address && { invoiceSettings: { address: affiliate.profile.address } }),
+    },

---

142-144: Keep enrollment group/reward fields in sync on update

Only status updates; group/reward changes won’t propagate.

-    update: {
-      status: "approved",
-    },
+    update: {
+      status: "approved",
+      groupId: group.id,
+      clickRewardId: group.clickRewardId,
+      leadRewardId: group.leadRewardId,
+      saleRewardId: group.saleRewardId,
+      discountId: group.discountId,
+    },

---

155-171: Create missing campaign links idempotently; avoid bailing if any exist

Current early return blocks linking new campaigns; fallback keys are non-deterministic.

-  if (programEnrollment.links.length > 0) {
-    console.log("Partner already has links", partner.id);
-    return;
-  }
-
-  const links = affiliate.promoter_campaigns.map((campaign) => ({
-    key: campaign.ref_token || nanoid(),
+  const existingKeys = new Set(programEnrollment.links.map((l) => l.key));
+  const links = affiliate.promoter_campaigns
+    .filter((c) => !(c.ref_token && existingKeys.has(c.ref_token)))
+    .map((campaign) => ({
+    // Deterministic fallback to prevent dupes on re-runs
+    key: campaign.ref_token || `fp-${affiliate.id}-${campaign.campaign.name.toLowerCase().replace(/\W+/g, "-")}`,
     domain: program.domain!,
     url: program.url!,
     programId: program.id,
     projectId: program.workspaceId,
     folderId: program.defaultFolderId,
     partnerId: partner.id,
     trackConversion: true,
     userId,
-  }));
+  }));
+  if (links.length === 0) return;

apps/web/tests/tracks/track-sale.test.ts (1)

251-251: Consider asserting the lead side-effect

You pass leadEventName for direct sale tracking but don’t verify a lead was recorded/linked. If the API exposes a way to fetch leads or lead events for the invoice/click, add an assertion to prevent regressions.

packages/email/src/templates/program-imported.tsx (1)

29-29: Derive provider union from a single source of truth

To avoid drift with PROGRAM_IMPORT_SOURCES, derive the provider type from the constants instead of hardcoding the string union.

Example:

// shared types pkg or reachable path
type Provider = (typeof PROGRAM_IMPORT_SOURCES)[number]["value"];
// ...
provider: Provider;

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/import-export-buttons.tsx (1)

6-6: Nice integration; consider code-splitting modals

Hook + modal wiring for FirstPromoter looks correct. To reduce initial JS, consider dynamically loading only the selected provider’s modal instead of mounting all four.

Also applies to: 23-24, 30-34

apps/web/lib/zod/schemas/import-error-log.ts (1)

6-6: Enum extensions look good; centralize codes for reuse

Adding "firstpromoter" and new codes is consistent. Consider exporting the code enum/type for reuse across importers to prevent typos.

Also applies to: 19-21

apps/web/lib/actions/partners/start-firstpromoter-import.ts (2)

54-60: Return the importId and avoid generating it inline

Returning the importId helps the UI track progress; creating it once also avoids discrepancies.

Apply:

-    await firstPromoterImporter.queue({
-      importId: createId({ prefix: "import_" }),
+    const importId = createId({ prefix: "import_" });
+    await firstPromoterImporter.queue({
+      importId,
       action: "import-campaigns",
       userId: user.id,
       programId,
     });
+    return { importId };

---

49-53: Credentials storage: confirm secrecy and TTL

Ensure firstPromoterImporter.setCredentials persists secrets encrypted and with an expiry tied to import lifecycle.

apps/web/app/(ee)/api/cron/import/firstpromoter/route.ts (1)

24-42: Make the switch exhaustive at compile-time.
Use an assertUnreachable helper to catch unhandled actions during builds, not just at runtime.

   switch (payload.action) {
     case "import-campaigns":
       await importCampaigns(payload);
       break;
@@
     case "update-stripe-customers":
       await updateStripeCustomers(payload);
       break;
     default:
-      throw new Error(`Unknown action: ${payload.action}`);
+      return assertUnreachable(payload.action);
   }

Add outside the handler:

function assertUnreachable(x: never): never {
  throw new Error(`Unknown action: ${x}`);
}

apps/web/lib/firstpromoter/import-campaigns.ts (1)

13-21: Narrow the groups selection to only what you use.
Reduce payload size from Prisma by selecting just name/slug.

   const program = await prisma.program.findUniqueOrThrow({
     where: {
       id: programId,
     },
-    include: {
-      groups: true,
-    },
+    select: {
+      id: true,
+      workspaceId: true,
+      groups: { select: { name: true, slug: true } },
+    },
   });

apps/web/lib/firstpromoter/update-stripe-customers.ts (2)

148-151: Use a distinct error code for multiple matches.
Differentiate between “not found” and “multiple customers”.

-          code: "STRIPE_CUSTOMER_NOT_FOUND",
+          code: "STRIPE_MULTIPLE_CUSTOMERS",

Confirm this code exists in your import-error-log schema; add it if missing.

---

84-88: Extract batch delay to a named constant.
Minor readability win and easier tuning.

-    await new Promise((resolve) => setTimeout(resolve, 2000));
+    await new Promise((resolve) => setTimeout(resolve, BATCH_DELAY_MS));

Add near CUSTOMERS_PER_BATCH:

const BATCH_DELAY_MS = 2000;

apps/web/ui/modals/import-firstpromoter-modal.tsx (2)

92-93: Provide a safer toast fallback for unknown server errors.
Avoids blank toasts if serverError is undefined.

-      onError: ({ error }) => toast.error(error.serverError),
+      onError: ({ error }) =>
+        toast.error(error.serverError ?? "Failed to start FirstPromoter import."),

---

120-127: Consider disabling password managers for the API key input.
Optional: reduce autofill noise on secrets inputs.

   <input
     type="password"
     id="apiKey"
     value={apiKey}
     autoFocus={!isMobile}
     onChange={(e) => setApiKey(e.target.value)}
+    autoComplete="new-password"

apps/web/lib/firstpromoter/import-commissions.ts (1)

340-341: Default metadata to empty string to match other callsites

Prevents undefined from leaking to Tinybird and aligns with import-customers.

-      metadata: JSON.stringify(commission.metadata),
+      metadata: commission.metadata ? JSON.stringify(commission.metadata) : "",

apps/web/lib/firstpromoter/api.ts (1)

38-44: Preserve error context in testConnection

Return specific auth failure vs generic error to aid debugging.

-    } catch (error) {
-      throw new Error("Invalid FirstPromoter API token.");
+    } catch (error: any) {
+      const msg = String(error?.message || "");
+      if (msg.toLowerCase().includes("401") || msg.toLowerCase().includes("invalid")) {
+        throw new Error("Invalid FirstPromoter API token.");
+      }
+      throw new Error(`FirstPromoter connectivity error: ${msg || "unknown"}`);
     }

apps/web/lib/firstpromoter/import-partners.ts (1)

50-62: Case-normalize campaign name mapping to reduce misses

APIs/user input can vary in casing; normalize keys when building and reading.

-  const campaignMap = Object.fromEntries(
-    groups.map((group) => [group.name, group]),
-  );
+  const campaignMap = Object.fromEntries(
+    groups.map((g) => [g.name.toLowerCase(), g]),
+  );
...
-              ? campaignMap[promoterCampaigns[0].campaign.name] ?? defaultGroup
+              ? campaignMap[promoterCampaigns[0].campaign.name.toLowerCase()] ??
+                defaultGroup
               : defaultGroup;

apps/web/lib/firstpromoter/schemas.ts (7)

21-21: Constrain page to integers and non-negative

Avoids floats/negatives slipping through and breaking pagination logic.

-  page: z.number().optional().describe("FP pagination"),
+  page: z.number().int().nonnegative().optional().describe("FP pagination"),

Is FP paging 0- or 1-based? If 1-based, prefer .gte(1) instead of .nonnegative().

---

101-101: Prefer unknown over any for metadata

Improves type-safety without constraining structure.

-  metadata: z.record(z.any()).nullable(),
+  metadata: z.record(z.unknown()).nullable(),

Also applies to: 112-112

---

83-91: Default empty array for promoter_campaigns

Safer consumers; avoids undefined checks.

-  ),
-),
+  ),
+).default([]),

---

99-101: Validate timestamps as ISO 8601 strings

Catches malformed dates early while keeping string type.

-  created_at: z.string(),
-  customer_since: z.string().nullable(),
+  created_at: z.string().datetime({ offset: true }),
+  customer_since: z.string().datetime({ offset: true }).nullable(),

-  created_at: z.string(),
+  created_at: z.string().datetime({ offset: true }),

If FP doesn’t return ISO 8601, use z.coerce.date() instead and normalize format downstream.

Also applies to: 119-119

---

115-116: Coerce numeric amounts (robust to stringified numbers)

Some APIs return numbers as strings; this hardens parsing.

-  sale_amount: z.number(),
-  amount: z.number(),
+  sale_amount: z.coerce.number(),
+  amount: z.coerce.number(),
@@
-  original_sale_amount: z.number(),
+  original_sale_amount: z.coerce.number(),

Also applies to: 120-120

---

36-82: DRY the repeated “empty string → null” transforms

Define a reusable helper to normalize optional strings; reduces duplication and mistakes.

Example helper (add after imports):

const nullableString = z.preprocess(
  (v) => (v === "" ? null : v),
  z.string().trim().nullable()
);

Then replace fields like website, company_name, … with nullableString.

---

25-31: Consider passthrough vs. strictness for API compatibility

Zod objects strip unknown keys by default. If you need to preserve extra FP fields for debugging/forwarding, use .passthrough() on these objects.

Also applies to: 32-93, 93-108, 109-145

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Learnt from: devkiran
PR: dubinc/dub#2448
File: packages/email/src/templates/partner-program-summary.tsx:0-0
Timestamp: 2025-05-29T04:45:18.504Z
Learning: In the PartnerProgramSummary email template (packages/email/src/templates/partner-program-summary.tsx), the stat titles are hardcoded constants ("Clicks", "Leads", "Sales", "Earnings") that will always match the ICONS object keys after toLowerCase() conversion, so icon lookup failures are not possible.

Learnt from: devkiran
PR: dubinc/dub#2177
File: apps/web/lib/api/links/bulk-create-links.ts:66-84
Timestamp: 2025-06-06T07:59:03.120Z
Learning: In apps/web/lib/api/links/bulk-create-links.ts, the team accepts the risk of potential undefined results from links.find() operations when building invalidLinks arrays, because existing links are fetched from the database based on the input links, so matches are expected to always exist.

Learnt from: devkiran
PR: dubinc/dub#2735
File: apps/web/lib/actions/partners/delete-reward.ts:33-41
Timestamp: 2025-08-14T05:17:51.825Z
Learning: In the partner groups system, a rewardId can only belong to one group, establishing a one-to-one relationship between rewards and groups. This means using Prisma's `update` method (rather than `updateMany`) is appropriate when updating groups by rewardId.

Learnt from: TWilson023
PR: dubinc/dub#2673
File: apps/web/ui/partners/rewards/rewards-logic.tsx:268-275
Timestamp: 2025-07-30T15:29:54.131Z
Learning: In apps/web/ui/partners/rewards/rewards-logic.tsx, when setting the entity field in a reward condition, dependent fields (attribute, operator, value) should be reset rather than preserved because different entities (customer vs sale) have different available attributes. Maintaining existing fields when the entity changes would create invalid state combinations and confusing UX.