@open-mercato/core 0.5.1-develop.2975.ccbadc8198 → 0.5.1-develop.2996.ce62fd491c

package/src/modules/auth/migrations/Migration20260427081815.ts

@@ -0,0 +1,16 @@
+import { Migration } from '@mikro-orm/migrations';
+
+export class Migration20260427081815 extends Migration {
+
+  override up(): void | Promise<void> {
+    this.addSql(`create table "sidebar_variants" ("id" uuid not null default gen_random_uuid(), "user_id" uuid not null, "tenant_id" uuid null, "organization_id" uuid null, "locale" text not null, "name" text not null, "settings_json" jsonb null, "is_active" boolean not null default false, "created_at" timestamptz not null, "updated_at" timestamptz null, "deleted_at" timestamptz null, primary key ("id"));`);
+    this.addSql(`alter table "sidebar_variants" add constraint "sidebar_variants_user_id_tenant_id_locale_name_unique" unique ("user_id", "tenant_id", "locale", "name");`);
+
+    this.addSql(`alter table "sidebar_variants" add constraint "sidebar_variants_user_id_foreign" foreign key ("user_id") references "users" ("id");`);
+  }
+
+  override down(): void | Promise<void> {
+    this.addSql(`drop table if exists "sidebar_variants" cascade;`);
+  }
+
+}

package/src/modules/auth/migrations/Migration20260427124900.ts

@@ -0,0 +1,19 @@
+import { Migration } from '@mikro-orm/migrations';
+
+// Replace the full unique constraint on sidebar_variants with a partial unique index
+// scoped to live rows (deleted_at IS NULL). Without this, soft-deleting a variant and
+// then trying to recreate one with the same name throws a duplicate-key error because
+// the regular unique constraint considers tombstoned rows.
+export class Migration20260427124900 extends Migration {
+
+  override up(): void | Promise<void> {
+    this.addSql(`alter table "sidebar_variants" drop constraint if exists "sidebar_variants_user_id_tenant_id_locale_name_unique";`);
+    this.addSql(`create unique index if not exists "sidebar_variants_active_name_unique_idx" on "sidebar_variants" ("user_id", "tenant_id", "locale", "name") where "deleted_at" is null;`);
+  }
+
+  override down(): void | Promise<void> {
+    this.addSql(`drop index if exists "sidebar_variants_active_name_unique_idx";`);
+    this.addSql(`alter table "sidebar_variants" add constraint "sidebar_variants_user_id_tenant_id_locale_name_unique" unique ("user_id", "tenant_id", "locale", "name");`);
+  }
+
+}

package/src/modules/auth/migrations/Migration20260427143311.ts

@@ -0,0 +1,83 @@
+import { Migration } from '@mikro-orm/migrations';
+
+// Cross-locale sidebar customization. Strip `locale` from uniqueness scope so the same
+// variant/preference applies regardless of the user's active language. Soft-delete any
+// historical duplicates first (keep the most-recently-updated row per scope) so the new
+// constraints can be created without violations.
+export class Migration20260427143311 extends Migration {
+
+  override up(): void | Promise<void> {
+    // --- sidebar_variants: collapse (user_id, tenant_id, name) across locales ---------
+    this.addSql(`
+      with ranked as (
+        select id,
+               row_number() over (
+                 partition by user_id, tenant_id, name
+                 order by coalesce(updated_at, created_at) desc, created_at desc, id desc
+               ) as rn
+        from sidebar_variants
+        where deleted_at is null
+      )
+      update sidebar_variants
+      set deleted_at = now()
+      from ranked
+      where sidebar_variants.id = ranked.id and ranked.rn > 1;
+    `);
+    this.addSql(`drop index if exists "sidebar_variants_active_name_unique_idx";`);
+    this.addSql(`alter table "sidebar_variants" drop constraint if exists "sidebar_variants_user_id_tenant_id_locale_name_unique";`);
+    this.addSql(`create unique index if not exists "sidebar_variants_active_name_unique_idx" on "sidebar_variants" ("user_id", "tenant_id", "name") where "deleted_at" is null;`);
+
+    // --- user_sidebar_preferences: collapse (user_id, tenant_id, organization_id) -----
+    this.addSql(`
+      with ranked as (
+        select id,
+               row_number() over (
+                 partition by user_id, tenant_id, organization_id
+                 order by coalesce(updated_at, created_at) desc, created_at desc, id desc
+               ) as rn
+        from user_sidebar_preferences
+        where deleted_at is null
+      )
+      update user_sidebar_preferences
+      set deleted_at = now()
+      from ranked
+      where user_sidebar_preferences.id = ranked.id and ranked.rn > 1;
+    `);
+    this.addSql(`alter table "user_sidebar_preferences" drop constraint if exists "user_sidebar_preferences_user_id_tenant_id_organi_35248_unique";`);
+    this.addSql(`alter table "user_sidebar_preferences" drop constraint if exists "user_sidebar_preferences_user_id_tenant_id_organi_f3f2f_unique";`);
+    this.addSql(`drop index if exists "user_sidebar_preferences_active_unique_idx";`);
+    this.addSql(`create unique index if not exists "user_sidebar_preferences_active_unique_idx" on "user_sidebar_preferences" ("user_id", "tenant_id", "organization_id") where "deleted_at" is null;`);
+
+    // --- role_sidebar_preferences: collapse (role_id, tenant_id) ----------------------
+    this.addSql(`
+      with ranked as (
+        select id,
+               row_number() over (
+                 partition by role_id, tenant_id
+                 order by coalesce(updated_at, created_at) desc, created_at desc, id desc
+               ) as rn
+        from role_sidebar_preferences
+        where deleted_at is null
+      )
+      update role_sidebar_preferences
+      set deleted_at = now()
+      from ranked
+      where role_sidebar_preferences.id = ranked.id and ranked.rn > 1;
+    `);
+    this.addSql(`alter table "role_sidebar_preferences" drop constraint if exists "role_sidebar_preferences_role_id_tenant_id_locale_unique";`);
+    this.addSql(`drop index if exists "role_sidebar_preferences_active_unique_idx";`);
+    this.addSql(`create unique index if not exists "role_sidebar_preferences_active_unique_idx" on "role_sidebar_preferences" ("role_id", "tenant_id") where "deleted_at" is null;`);
+  }
+
+  override down(): void | Promise<void> {
+    this.addSql(`drop index if exists "sidebar_variants_active_name_unique_idx";`);
+    this.addSql(`alter table "sidebar_variants" add constraint "sidebar_variants_user_id_tenant_id_locale_name_unique" unique ("user_id", "tenant_id", "locale", "name");`);
+
+    this.addSql(`drop index if exists "user_sidebar_preferences_active_unique_idx";`);
+    this.addSql(`alter table "user_sidebar_preferences" add constraint "user_sidebar_preferences_user_id_tenant_id_organi_35248_unique" unique ("user_id", "tenant_id", "organization_id", "locale");`);
+
+    this.addSql(`drop index if exists "role_sidebar_preferences_active_unique_idx";`);
+    this.addSql(`alter table "role_sidebar_preferences" add constraint "role_sidebar_preferences_role_id_tenant_id_locale_unique" unique ("role_id", "tenant_id", "locale");`);
+  }
+
+}

package/src/modules/auth/services/sidebarPreferencesService.ts

@@ -1,5 +1,6 @@
-import { EntityManager } from '@mikro-orm/postgresql'
-import { Role, RoleSidebarPreference, User, UserSidebarPreference } from '../data/entities'
+import { EntityManager, type FilterQuery } from '@mikro-orm/postgresql'
+import { findOneWithDecryption, findWithDecryption } from '@open-mercato/shared/lib/encryption/find'
+import { Role, RoleSidebarPreference, SidebarVariant, User, UserSidebarPreference } from '../data/entities'
 import {
   SIDEBAR_PREFERENCES_VERSION,
   SidebarPreferencesSettings,
@@ -39,8 +40,16 @@ export async function loadSidebarPreference(
   em: EntityManager,
   scope: SidebarPreferenceScope,
 ): Promise<SidebarPreferencesSettings> {
-  const { userId, tenantId, organizationId, locale } = normalizeScope(scope)
-  const existing = await em.findOne(UserSidebarPreference, { user: userId, tenantId, organizationId, locale })
+  // Cross-locale: variants & preferences are scoped per (user, tenant, org) only.
+  // The `locale` field on the row is kept for audit / when the row was created.
+  const { userId, tenantId, organizationId } = normalizeScope(scope)
+  const existing = await findOneWithDecryption(
+    em,
+    UserSidebarPreference,
+    { user: userId, tenantId, organizationId },
+    undefined,
+    { tenantId, organizationId },
+  )
   return normalizeSidebarSettings(existing?.settingsJson as SidebarPreferencesSettings | undefined)
 }
 
@@ -54,7 +63,13 @@ export async function saveSidebarPreference(
     version: input?.version ?? SIDEBAR_PREFERENCES_VERSION,
   })
   const { userId, tenantId, organizationId, locale } = normalizeScope(scope)
-  let pref = await em.findOne(UserSidebarPreference, { user: userId, tenantId, organizationId, locale })
+  let pref = await findOneWithDecryption(
+    em,
+    UserSidebarPreference,
+    { user: userId, tenantId, organizationId },
+    undefined,
+    { tenantId, organizationId },
+  )
   if (!pref) {
     pref = em.create(UserSidebarPreference, {
       user: em.getReference(User, userId),
@@ -73,16 +88,18 @@ export async function saveSidebarPreference(
 
 export async function loadRoleSidebarPreferences(
   em: EntityManager,
-  options: { roleIds: string[]; tenantId?: string | null; locale: string },
+  options: { roleIds: string[]; tenantId?: string | null; locale?: string },
 ): Promise<Map<string, SidebarPreferencesSettings>> {
   if (!options.roleIds.length) return new Map()
   const tenantId = options.tenantId ?? null
   const tenantFilter = tenantId === null ? null : { $in: [tenantId, null] }
-  const prefs = await em.find(RoleSidebarPreference, {
-    role: { $in: options.roleIds },
-    tenantId: tenantFilter,
-    locale: options.locale,
-  })
+  const prefs = await findWithDecryption(
+    em,
+    RoleSidebarPreference,
+    { role: { $in: options.roleIds }, tenantId: tenantFilter } as FilterQuery<RoleSidebarPreference>,
+    undefined,
+    { tenantId, organizationId: null },
+  )
   const map = new Map<string, SidebarPreferencesSettings>()
   for (const pref of prefs) {
     const key = pref.role.id
@@ -101,16 +118,18 @@ export async function loadRoleSidebarPreferences(
 
 export async function loadFirstRoleSidebarPreference(
   em: EntityManager,
-  options: { roleIds: string[]; tenantId?: string | null; locale: string },
+  options: { roleIds: string[]; tenantId?: string | null; locale?: string },
 ): Promise<SidebarPreferencesSettings | null> {
   if (!options.roleIds.length) return null
   const tenantId = options.tenantId ?? null
   const tenantFilter = tenantId === null ? null : { $in: [tenantId, null] }
-  const prefs = await em.find(RoleSidebarPreference, {
-    role: { $in: options.roleIds },
-    tenantId: tenantFilter,
-    locale: options.locale,
-  })
+  const prefs = await findWithDecryption(
+    em,
+    RoleSidebarPreference,
+    { role: { $in: options.roleIds }, tenantId: tenantFilter } as FilterQuery<RoleSidebarPreference>,
+    undefined,
+    { tenantId, organizationId: null },
+  )
   if (!prefs.length) return null
   const ordered = options.roleIds
     .map((id) => {
@@ -135,7 +154,13 @@ export async function saveRoleSidebarPreference(
     version: input?.version ?? SIDEBAR_PREFERENCES_VERSION,
   })
   const { roleId, tenantId, locale } = normalizeRoleScope(scope)
-  let pref = await em.findOne(RoleSidebarPreference, { role: roleId, tenantId, locale })
+  let pref = await findOneWithDecryption(
+    em,
+    RoleSidebarPreference,
+    { role: roleId, tenantId },
+    undefined,
+    { tenantId, organizationId: null },
+  )
   if (!pref) {
     pref = em.create(RoleSidebarPreference, {
       role: em.getReference(Role, roleId),
@@ -217,3 +242,203 @@ function normalizeRoleScope(scope: RoleSidebarPreferenceScope) {
     locale: scope.locale,
   }
 }
+
+// --- Named variants (per-user library of saved sidebar layouts) ----------------
+
+export type VariantScope = {
+  userId: string
+  tenantId?: string | null
+  organizationId?: string | null
+  locale: string
+}
+
+export type SidebarVariantRecord = {
+  id: string
+  name: string
+  isActive: boolean
+  settings: SidebarPreferencesSettings
+  createdAt: Date
+  updatedAt?: Date | null
+}
+
+function toVariantRecord(variant: SidebarVariant): SidebarVariantRecord {
+  return {
+    id: variant.id,
+    name: variant.name,
+    isActive: variant.isActive === true,
+    settings: normalizeSidebarSettings(variant.settingsJson as SidebarPreferencesSettings | undefined),
+    createdAt: variant.createdAt,
+    updatedAt: variant.updatedAt ?? null,
+  }
+}
+
+export async function listSidebarVariants(
+  em: EntityManager,
+  scope: VariantScope,
+): Promise<SidebarVariantRecord[]> {
+  // Cross-locale: variants are scoped per (user, tenant) only.
+  const { userId, tenantId, organizationId } = normalizeVariantScope(scope)
+  const variants = await findWithDecryption(
+    em,
+    SidebarVariant,
+    { user: userId, tenantId, deletedAt: null },
+    { orderBy: { createdAt: 'asc' } },
+    { tenantId, organizationId },
+  )
+  return variants.map(toVariantRecord)
+}
+
+export async function loadSidebarVariant(
+  em: EntityManager,
+  scope: VariantScope,
+  variantId: string,
+): Promise<SidebarVariantRecord | null> {
+  const { userId, tenantId, organizationId } = normalizeVariantScope(scope)
+  const variant = await findOneWithDecryption(
+    em,
+    SidebarVariant,
+    { id: variantId, user: userId, tenantId, deletedAt: null },
+    undefined,
+    { tenantId, organizationId },
+  )
+  return variant ? toVariantRecord(variant) : null
+}
+
+export async function nextVariantAutoName(
+  em: EntityManager,
+  scope: VariantScope,
+  prefix = 'My preferences',
+): Promise<string> {
+  const variants = await listSidebarVariants(em, scope)
+  // Match names like "My preferences", "My preferences 2", "My preferences 17"
+  const usedNumbers = new Set<number>()
+  for (const variant of variants) {
+    if (variant.name === prefix) {
+      usedNumbers.add(1)
+      continue
+    }
+    const escaped = prefix.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
+    const match = variant.name.match(new RegExp(`^${escaped}\\s+(\\d+)$`))
+    if (match) {
+      const n = Number.parseInt(match[1], 10)
+      if (!Number.isNaN(n)) usedNumbers.add(n)
+    }
+  }
+  if (!usedNumbers.has(1)) return prefix
+  let next = 2
+  while (usedNumbers.has(next)) next += 1
+  return `${prefix} ${next}`
+}
+
+export async function createSidebarVariant(
+  em: EntityManager,
+  scope: VariantScope,
+  input: {
+    name?: string | null
+    settings?: Partial<SidebarPreferencesSettings> | null
+    isActive?: boolean
+  },
+): Promise<SidebarVariantRecord> {
+  const { userId, tenantId, organizationId, locale } = normalizeVariantScope(scope)
+  const finalName = (input.name ?? '').trim() || (await nextVariantAutoName(em, scope))
+  const settings = normalizeSidebarSettings({
+    ...(input.settings ?? {}),
+    version: input.settings?.version ?? SIDEBAR_PREFERENCES_VERSION,
+  })
+
+  if (input.isActive === true) {
+    await deactivateAllVariants(em, scope)
+  }
+
+  const variant = em.create(SidebarVariant, {
+    user: em.getReference(User, userId),
+    tenantId,
+    organizationId,
+    locale,
+    name: finalName,
+    settingsJson: settings,
+    isActive: input.isActive === true,
+    createdAt: new Date(),
+  })
+  await em.flush()
+  return toVariantRecord(variant)
+}
+
+export async function updateSidebarVariant(
+  em: EntityManager,
+  scope: VariantScope,
+  variantId: string,
+  input: {
+    name?: string
+    settings?: Partial<SidebarPreferencesSettings> | null
+    isActive?: boolean
+  },
+): Promise<SidebarVariantRecord | null> {
+  const { userId, tenantId, organizationId } = normalizeVariantScope(scope)
+  const variant = await findOneWithDecryption(
+    em,
+    SidebarVariant,
+    { id: variantId, user: userId, tenantId, deletedAt: null },
+    undefined,
+    { tenantId, organizationId },
+  )
+  if (!variant) return null
+  if (typeof input.name === 'string' && input.name.trim().length > 0) {
+    variant.name = input.name.trim()
+  }
+  if (input.settings) {
+    variant.settingsJson = normalizeSidebarSettings({
+      ...input.settings,
+      version: input.settings.version ?? SIDEBAR_PREFERENCES_VERSION,
+    })
+  }
+  if (typeof input.isActive === 'boolean') {
+    if (input.isActive) {
+      await deactivateAllVariants(em, scope, variantId)
+    }
+    variant.isActive = input.isActive
+  }
+  await em.flush()
+  return toVariantRecord(variant)
+}
+
+export async function deleteSidebarVariant(
+  em: EntityManager,
+  scope: VariantScope,
+  variantId: string,
+): Promise<boolean> {
+  const { userId, tenantId, organizationId } = normalizeVariantScope(scope)
+  const variant = await findOneWithDecryption(
+    em,
+    SidebarVariant,
+    { id: variantId, user: userId, tenantId, deletedAt: null },
+    undefined,
+    { tenantId, organizationId },
+  )
+  if (!variant) return false
+  variant.deletedAt = new Date()
+  variant.isActive = false
+  await em.flush()
+  return true
+}
+
+async function deactivateAllVariants(
+  em: EntityManager,
+  scope: VariantScope,
+  exceptId?: string,
+): Promise<void> {
+  const { userId, tenantId } = normalizeVariantScope(scope)
+  const where: FilterQuery<SidebarVariant> = exceptId
+    ? { user: userId, tenantId, isActive: true, deletedAt: null, id: { $ne: exceptId } }
+    : { user: userId, tenantId, isActive: true, deletedAt: null }
+  await em.nativeUpdate(SidebarVariant, where, { isActive: false })
+}
+
+function normalizeVariantScope(scope: VariantScope) {
+  return {
+    userId: scope.userId,
+    tenantId: scope.tenantId ?? null,
+    organizationId: scope.organizationId ?? null,
+    locale: scope.locale,
+  }
+}

package/src/modules/customers/backend/customers/companies/[id]/page.tsx

@@ -35,6 +35,7 @@ import { CompanyHighlights } from '../../../../components/detail/CompanyHighligh
 import { normalizeCustomFieldSubmitValue } from '../../../../components/detail/customFieldUtils'
 import { InlineDictionaryEditor, renderMultilineMarkdownDisplay } from '../../../../components/detail/InlineEditors'
 import { formatTemplate } from '../../../../components/detail/utils'
+import { coerceDisplayName } from '../../../../lib/displayName'
 import { createTranslatorWithFallback } from '@open-mercato/shared/lib/i18n/translate'
 import {
   CompanyPeopleSection,
@@ -117,10 +118,10 @@ export default function CustomerCompanyDetailPage({ params }: { params?: { id?:
   const [sectionAction, setSectionAction] = React.useState<SectionAction | null>(null)
   const [isDeleting, setIsDeleting] = React.useState(false)
   const currentCompanyId = data?.company?.id ?? null
-  const companyName =
-    data?.company?.displayName && data.company.displayName.trim().length
-      ? data.company.displayName
-      : t('customers.companies.list.deleteFallbackName', 'this company')
+  const companyDisplayName = coerceDisplayName(data?.company?.displayName)
+  const companyName = companyDisplayName.trim().length
+    ? companyDisplayName
+    : t('customers.companies.list.deleteFallbackName', 'this company')
   const translateCompanyDetail = React.useCallback(
     (key: string, fallback?: string, params?: Record<string, string | number>) => {
       const mappedKey = key.startsWith('customers.people.detail.')

package/src/modules/customers/backend/customers/companies-v2/[id]/page.tsx

@@ -25,6 +25,7 @@ import { ActivityLogTab } from '../../../../components/detail/ActivityLogTab'
 import { CompanyPeopleSection, type CompanyPersonSummary } from '../../../../components/detail/CompanyPeopleSection'
 import type { TagSummary } from '../../../../components/detail/types'
 import type { TagsSectionController } from '@open-mercato/ui/backend/detail'
+import { coerceDisplayName } from '../../../../lib/displayName'
 import { CompanyDetailHeader } from '../../../../components/detail/CompanyDetailHeader'
 import { CompanyDetailTabs, resolveLegacyTab, type CompanyTabId } from '../../../../components/detail/CompanyDetailTabs'
 import { CompanyKpiBar } from '../../../../components/detail/CompanyKpiBar'
@@ -103,10 +104,10 @@ export default function CompanyDetailV2Page({ params }: { params?: { id?: string
     blockedMessage: t('ui.forms.flash.saveBlocked', 'Save blocked by validation'),
   })
 
-  const companyName =
-    data?.company?.displayName && data.company.displayName.trim().length
-      ? data.company.displayName
-      : t('customers.companies.list.deleteFallbackName', 'this company')
+  const companyDisplayName = coerceDisplayName(data?.company?.displayName)
+  const companyName = companyDisplayName.trim().length
+    ? companyDisplayName
+    : t('customers.companies.list.deleteFallbackName', 'this company')
 
   // Data loading
   const initialLoadDoneRef = React.useRef(false)
@@ -425,7 +426,7 @@ export default function CompanyDetailV2Page({ params }: { params?: { id?: string
                 {activeTab === 'people' && (
                   <CompanyPeopleSection
                     companyId={companyId}
-                    companyName={data.company?.displayName ?? ''}
+                    companyName={companyDisplayName}
                     initialPeople={[]}
                     addActionLabel={t('customers.companies.detail.people.add', 'Add person')}
                     emptyLabel={t('customers.companies.detail.people.empty', 'No people linked to this company yet.')}

package/src/modules/customers/backend/customers/people-v2/[id]/page.tsx

@@ -45,6 +45,7 @@ import {
   type PersonEditFormValues,
   type PersonOverview,
 } from '../../../../components/formConfig'
+import { coerceDisplayName, coerceDisplayNameOrNull } from '../../../../lib/displayName'
 
 export default function PersonDetailV2Page({ params }: { params?: { id?: string } }) {
   const id = params?.id
@@ -95,15 +96,18 @@ export default function PersonDetailV2Page({ params }: { params?: { id?: string
     contextId: mutationContextId,
     blockedMessage: t('ui.forms.flash.saveBlocked', 'Save blocked by validation'),
   })
-  const personName =
-    data?.person?.displayName && data.person.displayName.trim().length
-      ? data.person.displayName
-      : t('customers.people.list.deleteFallbackName', 'this person')
+  const personDisplayName = coerceDisplayName(data?.person?.displayName)
+  const personName = personDisplayName.trim().length
+    ? personDisplayName
+    : t('customers.people.list.deleteFallbackName', 'this person')
 
-  const personDisplayNameForGroups =
-    typeof data?.person?.displayName === 'string' && data.person.displayName.trim().length
-      ? data.person.displayName.trim()
-      : null
+  const personDisplayNameForGroups = personDisplayName.trim().length
+    ? personDisplayName.trim()
+    : null
+
+  const scheduleDialogCompanyName = coerceDisplayNameOrNull(
+    data?.company?.displayName ?? data?.companies?.[0]?.displayName ?? null,
+  )
 
   const groups = React.useMemo(
     () => createPersonPersonalDataGroups(t, { entityName: personDisplayNameForGroups }),
@@ -579,7 +583,7 @@ export default function PersonDetailV2Page({ params }: { params?: { id?: string
             onClose={() => { setScheduleDialogOpen(false); setScheduleEditData(null) }}
             entityId={personId}
             entityName={personName}
-            companyName={data.company?.displayName ?? data.companies?.[0]?.displayName ?? null}
+            companyName={scheduleDialogCompanyName}
             entityType="person"
             onActivityCreated={handleActivityCreated}
             editData={scheduleEditData}

package/src/modules/customers/components/detail/CompanyPeopleSection.tsx

@@ -17,6 +17,7 @@ import { useAppEvent } from '@open-mercato/ui/backend/injection/useAppEvent'
 import type { SectionAction, TabEmptyStateConfig, Translator } from './types'
 import { CreatePersonDialog } from './CreatePersonDialog'
 import { PersonCard } from './PersonCard'
+import { coerceDisplayName } from '../../lib/displayName'
 import { DecisionMakersFooter } from './DecisionMakersFooter'
 import { RolesSection } from './RolesSection'
 import { LinkEntityDialog, type LinkEntityOption } from '../linking/LinkEntityDialog'
@@ -165,8 +166,8 @@ function sortCompanyPeople(
       const rightTimestamp = Date.parse(right.linkedAt ?? right.createdAt ?? '') || 0
       return rightTimestamp - leftTimestamp
     }
-    const leftLabel = left.displayName.trim().toLowerCase()
-    const rightLabel = right.displayName.trim().toLowerCase()
+    const leftLabel = coerceDisplayName(left.displayName).trim().toLowerCase()
+    const rightLabel = coerceDisplayName(right.displayName).trim().toLowerCase()
     if (sortMode === 'name-desc') return rightLabel.localeCompare(leftLabel)
     return leftLabel.localeCompare(rightLabel)
   })

package/src/modules/customers/components/formConfig.tsx

@@ -15,7 +15,7 @@ import {
   SelectTrigger,
   SelectValue,
 } from '@open-mercato/ui/primitives/select'
-import { deriveDisplayName, isDerivedDisplayName } from '../lib/displayName'
+import { coerceDisplayName, deriveDisplayName, isDerivedDisplayName } from '../lib/displayName'
 import {
   Dialog,
   DialogContent,
@@ -1952,7 +1952,7 @@ export function mapCompanyOverviewToFormValues(overview: CompanyOverview): Parti
   const phoneValue = rawPhone == null ? '' : String(rawPhone)
   return {
     id: overview.company.id,
-    displayName: overview.company.displayName,
+    displayName: coerceDisplayName(overview.company.displayName),
     primaryEmail: overview.company.primaryEmail ?? '',
     primaryPhone: phoneValue,
     status: overview.company.status ?? '',
@@ -1975,7 +1975,7 @@ export function mapPersonOverviewToFormValues(overview: PersonOverview): Partial
   const phoneValue = rawPhone == null ? '' : String(rawPhone)
   return {
     id: overview.person.id,
-    displayName: overview.person.displayName,
+    displayName: coerceDisplayName(overview.person.displayName),
     firstName: overview.profile?.firstName ?? '',
     lastName: overview.profile?.lastName ?? '',
     primaryEmail: overview.person.primaryEmail ?? '',

package/src/modules/customers/lib/displayName.ts

@@ -1,3 +1,24 @@
+/**
+ * Coerce an arbitrary `displayName` payload to a string for safe UI consumption.
+ *
+ * The encryption pipeline used to coerce numeric-looking string display names
+ * back into numbers (issue #1734). The root cause is fixed in
+ * `parseDecryptedFieldValue`, but this helper remains as belt-and-suspenders
+ * for any persisted data that was already corrupted on read paths that bypass
+ * the new heuristic.
+ */
+export function coerceDisplayName(value: unknown): string {
+  if (typeof value === 'string') return value
+  if (value == null) return ''
+  return String(value)
+}
+
+export function coerceDisplayNameOrNull(value: unknown): string | null {
+  if (value == null) return null
+  if (typeof value === 'string') return value
+  return String(value)
+}
+
 export function deriveDisplayName(
   firstName: string | null | undefined,
   lastName: string | null | undefined,

package/src/modules/entities/cli.ts

@@ -17,7 +17,10 @@ import {
   TenantDataEncryptionError,
   TenantDataEncryptionErrorCode,
 } from '@open-mercato/shared/lib/encryption/aes'
-import { TenantDataEncryptionService } from '@open-mercato/shared/lib/encryption/tenantDataEncryptionService'
+import {
+  TenantDataEncryptionService,
+  parseDecryptedFieldValue,
+} from '@open-mercato/shared/lib/encryption/tenantDataEncryptionService'
 import { resolveEntityIdFromMetadata } from '@open-mercato/shared/lib/encryption/entityIds'
 import { Organization } from '../directory/data/entities'
 import crypto from 'node:crypto'
@@ -563,11 +566,7 @@ const rotateEncryptionKey: ModuleCli = {
             if (typeof value !== 'string' || !isEncryptedPayload(value)) continue
             const decrypted = decryptWithOldKey(value, oldDek)
             if (decrypted === null) continue
-            try {
-              payload[rule.field] = JSON.parse(decrypted)
-            } catch {
-              payload[rule.field] = decrypted
-            }
+            payload[rule.field] = parseDecryptedFieldValue(decrypted)
           }
         }
         const encrypted = await encryptionService.encryptEntityPayload(

package/src/modules/portal/frontend/[orgSlug]/portal/reset-password/page.meta.ts

@@ -0,0 +1,9 @@
+import type { PageMetadata } from '@open-mercato/shared/modules/registry'
+
+export const metadata: PageMetadata = {
+  titleKey: 'portal.nav.resetPassword',
+  title: 'Reset Password',
+  navHidden: true,
+}
+
+export default metadata