# NGBVD Reduced-Scope Modernization Notes ## Scope Applied This patch intentionally avoids broad project-wide rewrites. It touches only the reduced project areas needed for safer case capture, cleaner UI feedback, and API readiness for Sauti / GBV Portal integrations. ## Backend Defensive Code Changes ### DataEntryController The main data-entry write methods now use guarded transactions and `saveOrFail()`: - `processvictimdata` - `processincidentdata` - `processperpetrator` - `updateperpetrator` - `processwitness` - `updatewitness` - `processaction` - `updateaction` - `processstatus` - `updatestatus` If any save inside a workflow fails, Laravel throws an exception and the database transaction rolls back. The user receives a safe message while the actual error is logged in Laravel logs. ### Removed blocking external call from case-status save `processstatus()` previously made a live cURL call to an external GBV endpoint during the normal UI save flow, using a hardcoded sample payload and disabled SSL verification. This was removed from the UI save flow because it can cause page hangs and poor user experience. External data-sharing should be handled through integration services, jobs, or explicit API endpoints, not inside the normal user save path. ## API Changes API v1 routes are now in `routes/api.php`: - `POST /api/v1/token` - `POST /api/v1/processdata` - `GET|POST /api/v1/incidentstats` The old API v1 route definitions were removed from `routes/web.php`. ### Token handling The token endpoint now returns a bearer token in `access_token` and stores only the hashed token internally. For backward compatibility, the validator accepts either the corrected bearer token flow or an already-hashed token value. ### Transaction-safe API incident submission `processdata()` now validates the payload and wraps the full API case intake in a transaction. If victim, incident, perpetrator, witness, action, or status save fails, the whole API transaction rolls back. ## Integration Structure Added Added: - `config/ngbvd_integrations.php` - `app/Services/Integrations/IncidentPayloadMapper.php` - `app/Services/Integrations/ExternalIncidentPublisher.php` These provide a clean place to support Sauti, GBV Portal, and future integrations without hardcoding URLs or cURL logic inside controllers. ## UI/UX Cleanup Added a reusable alert partial: - `resources/views/components/alerts.blade.php` Updated: - `resources/views/layouts/app.blade.php` - `resources/views/dataentry/index.blade.php` The UI changes are intentionally light: - cleaner system feedback messages - validation error display - better data-entry page title/subtitle - improved tab styling - non-critical chart/data analysis assets are no longer loaded for guest/login pages ## Important Test Checklist After applying the patch, run: ```bash php artisan optimize:clear php artisan route:clear php artisan config:clear php artisan view:clear composer dump-autoload ``` Then test: 1. Login page loads quickly. 2. Login works. 3. Dashboard loads. 4. Data-entry page opens. 5. Survivor profile creation. 6. Incident creation with multiple incident types. 7. Multiple perpetrators. 8. Multiple witnesses. 9. Action/services captured. 10. Case status submission. 11. API token generation. 12. API incident submission. 13. API incident statistics. ## Important Database Note This patch assumes the existing database schema supports the fields already used by the old controllers. If any column does not exist, `saveOrFail()` will correctly fail and roll back instead of silently continuing.