@open-mercato/core 0.6.5-develop.4588.1.ecaa16cfc0 → 0.6.5-develop.4620.1.c20bc7e4bb

package/src/helpers/integration/crudFormFields.ts

@@ -0,0 +1,48 @@
+import { parseBooleanWithDefault } from '@open-mercato/shared/lib/boolean';
+
+/**
+ * Pure, runner-agnostic helpers for the CrudForm field-persistence sweep (umbrella #2466).
+ *
+ * Kept free of any `@playwright/test` import so this logic is unit-testable under jest.
+ * The Playwright harness (`crudFormPersistence.ts`) re-exports everything here.
+ */
+
+export const CRUDFORM_EXTENSION_TESTS_DISABLED_ENV = 'OM_INTEGRATION_CRUDFORM_EXTENSION_TESTS_DISABLED';
+
+export type CrudRecord = Record<string, unknown>;
+
+/**
+ * Reads the sweep disable flag. Default `false` so the sweep runs unless explicitly turned off
+ * via `OM_INTEGRATION_CRUDFORM_EXTENSION_TESTS_DISABLED=1` (or `true`/`yes`/`on`).
+ */
+export function crudFormExtensionTestsDisabled(env: NodeJS.ProcessEnv = process.env): boolean {
+  return parseBooleanWithDefault(env[CRUDFORM_EXTENSION_TESTS_DISABLED_ENV], false);
+}
+
+/**
+ * Resolves a custom-field value from a CRUD response record, tolerating every shape the
+ * platform emits: bare keys under `customValues`, top-level `cf_<name>` / `cf:<name>`, or a
+ * `customFields` definition array carrying `value`. Returns `undefined` when absent.
+ */
+export function getCustomFieldValue(record: CrudRecord, fieldName: string): unknown {
+  const customValues = record.customValues;
+  if (customValues && typeof customValues === 'object' && fieldName in (customValues as CrudRecord)) {
+    return (customValues as CrudRecord)[fieldName];
+  }
+  const prefixedUnderscore = record[`cf_${fieldName}`];
+  if (prefixedUnderscore !== undefined) return prefixedUnderscore;
+  const prefixedColon = record[`cf:${fieldName}`];
+  if (prefixedColon !== undefined) return prefixedColon;
+  const customFields = record.customFields;
+  if (Array.isArray(customFields)) {
+    const match = customFields.find((entry) => {
+      if (!entry || typeof entry !== 'object') return false;
+      const candidate = entry as CrudRecord;
+      return candidate.key === fieldName || candidate.id === fieldName || candidate.name === fieldName;
+    });
+    if (match && typeof match === 'object') {
+      return (match as CrudRecord).value;
+    }
+  }
+  return undefined;
+}

package/src/helpers/integration/crudFormPersistence.ts

@@ -0,0 +1,166 @@
+import { expect, test, type APIRequestContext, type APIResponse } from '@playwright/test';
+import { apiRequest } from './api';
+import { expectId, readJsonSafe } from './generalFixtures';
+import {
+  CRUDFORM_EXTENSION_TESTS_DISABLED_ENV,
+  crudFormExtensionTestsDisabled,
+  getCustomFieldValue,
+  type CrudRecord,
+} from './crudFormFields';
+
+/**
+ * Playwright harness for the CrudForm field-persistence sweep (umbrella #2466).
+ *
+ * Every spec proves a CrudForm surface saves AND reloads every field type — scalars,
+ * dictionary references, multiselect/array values, and **custom fields** — on both create
+ * and update.
+ *
+ * The whole sweep is gated by `OM_INTEGRATION_CRUDFORM_EXTENSION_TESTS_DISABLED`
+ * (default `false` → tests run). When set truthy the specs `test.skip()` themselves, so the
+ * sweep can be disabled wholesale without deleting any spec.
+ */
+
+export {
+  CRUDFORM_EXTENSION_TESTS_DISABLED_ENV,
+  crudFormExtensionTestsDisabled,
+  getCustomFieldValue,
+  type CrudRecord,
+};
+
+/**
+ * Call inside `test.beforeAll` (or a test body) to skip the spec when the sweep is disabled.
+ * Uses Playwright's `test.skip(condition, reason)` so the spec is reported as skipped, not failed.
+ */
+export function skipIfCrudFormExtensionTestsDisabled(): void {
+  test.skip(
+    crudFormExtensionTestsDisabled(),
+    `${CRUDFORM_EXTENSION_TESTS_DISABLED_ENV} is set — CrudForm field-persistence sweep skipped`,
+  );
+}
+
+/** Asserts each expected scalar field round-tripped (deep equality so arrays/objects work). */
+export function assertScalarFieldsPersisted(record: CrudRecord, expected: CrudRecord, label = 'record'): void {
+  for (const [key, value] of Object.entries(expected)) {
+    expect(record[key], `${label}.${key} should persist`).toEqual(value);
+  }
+}
+
+/** Asserts each expected custom field round-tripped, regardless of response shape. */
+export function assertCustomFieldsPersisted(record: CrudRecord, expected: CrudRecord, label = 'record'): void {
+  for (const [name, value] of Object.entries(expected)) {
+    expect(getCustomFieldValue(record, name), `${label} custom field "${name}" should persist`).toEqual(value);
+  }
+}
+
+async function safeText(response: APIResponse): Promise<string> {
+  try {
+    return (await response.text()).slice(0, 500);
+  } catch {
+    return '<unreadable body>';
+  }
+}
+
+export type CrudFormExpectation = {
+  scalars?: CrudRecord;
+  customFields?: CrudRecord;
+};
+
+export type CrudFormRoundTripConfig = {
+  request: APIRequestContext;
+  token: string;
+  /** Collection route handling POST/PUT/DELETE and a `?id=` list GET, e.g. `/api/currencies/currencies`. */
+  collectionPath: string;
+  create: { payload: CrudRecord; expectedStatus?: number };
+  /** Build the PUT body from the created id. MUST include the id the route expects. */
+  update: { payload: (id: string) => CrudRecord; expectedStatus?: number };
+  expectAfterCreate: CrudFormExpectation;
+  expectAfterUpdate: CrudFormExpectation;
+  /** Override id extraction from the create response (default: `id` ?? `entityId`). */
+  idFromCreate?: (body: CrudRecord) => string;
+  /** Override read-back (default: list `?id=` and match on `id`). Useful for detail-GET routes. */
+  readById?: (id: string) => Promise<CrudRecord | null>;
+  /** Delete the fixture in `finally` (default true). */
+  cleanup?: boolean;
+};
+
+async function defaultReadById(
+  request: APIRequestContext,
+  token: string,
+  collectionPath: string,
+  id: string,
+): Promise<CrudRecord | null> {
+  const separator = collectionPath.includes('?') ? '&' : '?';
+  const response = await apiRequest(
+    request,
+    'GET',
+    `${collectionPath}${separator}id=${encodeURIComponent(id)}&page=1&pageSize=100`,
+    { token },
+  );
+  expect(response.status(), `read-back ${collectionPath} failed: ${response.status()}`).toBe(200);
+  const body = await readJsonSafe<{ items?: CrudRecord[] } & CrudRecord>(response);
+  if (Array.isArray(body?.items)) {
+    return body!.items.find((item) => item.id === id) ?? null;
+  }
+  // Detail routes may return the record directly.
+  return body && body.id === id ? (body as CrudRecord) : null;
+}
+
+/**
+ * Runs the canonical create → read-back → assert → update → read-back → assert → delete
+ * cycle for a makeCrud collection route and asserts every declared field persisted.
+ */
+export async function runCrudFormRoundTrip(config: CrudFormRoundTripConfig): Promise<void> {
+  const { request, token, collectionPath } = config;
+  const read = config.readById ?? ((id: string) => defaultReadById(request, token, collectionPath, id));
+  let id: string | null = null;
+
+  try {
+    const createResponse = await apiRequest(request, 'POST', collectionPath, {
+      token,
+      data: config.create.payload,
+    });
+    expect(
+      createResponse.status(),
+      `create ${collectionPath} failed (${createResponse.status()}): ${await safeText(createResponse)}`,
+    ).toBe(config.create.expectedStatus ?? 201);
+    const createBody = (await readJsonSafe<CrudRecord>(createResponse)) ?? {};
+    const rawId = config.idFromCreate
+      ? config.idFromCreate(createBody)
+      : (createBody.id ?? createBody.entityId);
+    id = expectId(rawId, `create response should include an id (${collectionPath})`);
+
+    const afterCreate = await read(id);
+    expect(afterCreate, `created record ${id} should be readable from ${collectionPath}`).toBeTruthy();
+    if (config.expectAfterCreate.scalars) {
+      assertScalarFieldsPersisted(afterCreate as CrudRecord, config.expectAfterCreate.scalars, 'after-create');
+    }
+    if (config.expectAfterCreate.customFields) {
+      assertCustomFieldsPersisted(afterCreate as CrudRecord, config.expectAfterCreate.customFields, 'after-create');
+    }
+
+    const updateResponse = await apiRequest(request, 'PUT', collectionPath, {
+      token,
+      data: config.update.payload(id),
+    });
+    expect(
+      updateResponse.status(),
+      `update ${collectionPath} failed (${updateResponse.status()}): ${await safeText(updateResponse)}`,
+    ).toBe(config.update.expectedStatus ?? 200);
+
+    const afterUpdate = await read(id);
+    expect(afterUpdate, `updated record ${id} should be readable from ${collectionPath}`).toBeTruthy();
+    if (config.expectAfterUpdate.scalars) {
+      assertScalarFieldsPersisted(afterUpdate as CrudRecord, config.expectAfterUpdate.scalars, 'after-update');
+    }
+    if (config.expectAfterUpdate.customFields) {
+      assertCustomFieldsPersisted(afterUpdate as CrudRecord, config.expectAfterUpdate.customFields, 'after-update');
+    }
+  } finally {
+    if (id && config.cleanup !== false) {
+      const separator = collectionPath.includes('?') ? '&' : '?';
+      await apiRequest(request, 'DELETE', `${collectionPath}${separator}id=${encodeURIComponent(id)}`, {
+        token,
+      }).catch(() => undefined);
+    }
+  }
+}

package/src/helpers/integration/undoHarness.ts

@@ -0,0 +1,111 @@
+import { type APIRequestContext, type APIResponse, expect } from '@playwright/test'
+import { apiRequest } from './api'
+
+/**
+ * Shared harness for verifying Undo/Redo correctness against the real command bus.
+ *
+ * Every mutating Open Mercato API response carries the operation metadata in the
+ * `x-om-operation` header (`omop:<urlencoded JSON>`) containing the `undoToken` and the
+ * audit log `id` (used as `logId` for redo). These helpers extract that envelope and drive
+ * the real undo/redo endpoints so tests can assert full state restoration per TC-UNDO-001.
+ */
+
+const HEADER_PREFIX = 'omop:'
+const UNDO_PATH = '/api/audit_logs/audit-logs/actions/undo'
+const REDO_PATH = '/api/audit_logs/audit-logs/actions/redo'
+const ACTIONS_PATH = '/api/audit_logs/audit-logs/actions'
+
+export type Operation = {
+  logId: string
+  undoToken: string
+  commandId: string
+  resourceKind: string | null
+  resourceId: string | null
+}
+
+/** Parse the `x-om-operation` header into a structured operation, or null when absent/malformed. */
+export function extractOperation(response: APIResponse): Operation | null {
+  const header = response.headers()['x-om-operation']
+  if (!header || typeof header !== 'string') return null
+  const trimmed = header.startsWith(HEADER_PREFIX) ? header.slice(HEADER_PREFIX.length) : header
+  try {
+    const parsed = JSON.parse(decodeURIComponent(trimmed)) as Record<string, unknown>
+    if (typeof parsed.id !== 'string' || typeof parsed.commandId !== 'string') return null
+    if (typeof parsed.undoToken !== 'string' || !parsed.undoToken) return null
+    return {
+      logId: parsed.id,
+      undoToken: parsed.undoToken,
+      commandId: parsed.commandId,
+      resourceKind: (parsed.resourceKind as string) ?? null,
+      resourceId: (parsed.resourceId as string) ?? null,
+    }
+  } catch {
+    return null
+  }
+}
+
+/** Like extractOperation but fails the test if no undo token was issued. */
+export function expectOperation(response: APIResponse, context: string): Operation {
+  const op = extractOperation(response)
+  expect(op, `Expected an undo token (x-om-operation header) for ${context}, got none`).toBeTruthy()
+  return op as Operation
+}
+
+export async function undoByToken(request: APIRequestContext, token: string, undoToken: string): Promise<APIResponse> {
+  return apiRequest(request, 'POST', UNDO_PATH, { token, data: { undoToken } })
+}
+
+export async function redoByLogId(request: APIRequestContext, token: string, logId: string): Promise<APIResponse> {
+  return apiRequest(request, 'POST', REDO_PATH, { token, data: { logId } })
+}
+
+/** Undo and assert success; returns the resolved logId. */
+export async function undoOk(request: APIRequestContext, token: string, undoToken: string, context: string): Promise<string> {
+  const res = await undoByToken(request, token, undoToken)
+  const body = (await res.json().catch(() => null)) as { ok?: boolean; logId?: string } | null
+  expect(res.ok(), `Undo failed for ${context}: status ${res.status()} body ${JSON.stringify(body)}`).toBeTruthy()
+  expect(body?.ok, `Undo not ok for ${context}: ${JSON.stringify(body)}`).toBeTruthy()
+  return body?.logId as string
+}
+
+/** Redo and assert success; returns the new operation (new undoToken + logId). */
+export async function redoOk(request: APIRequestContext, token: string, logId: string, context: string): Promise<{ logId: string; undoToken: string | null }> {
+  const res = await redoByLogId(request, token, logId)
+  const body = (await res.json().catch(() => null)) as { ok?: boolean; logId?: string; undoToken?: string } | null
+  expect(res.ok(), `Redo failed for ${context}: status ${res.status()} body ${JSON.stringify(body)}`).toBeTruthy()
+  expect(body?.ok, `Redo not ok for ${context}: ${JSON.stringify(body)}`).toBeTruthy()
+  return { logId: body?.logId as string, undoToken: body?.undoToken ?? null }
+}
+
+/** Assert that undoing an already-consumed token is rejected (token consumption / no double-undo). */
+export async function expectTokenConsumed(request: APIRequestContext, token: string, undoToken: string, context: string): Promise<void> {
+  const res = await undoByToken(request, token, undoToken)
+  expect(res.ok(), `Expected double-undo to be rejected for ${context}, but it succeeded`).toBeFalsy()
+}
+
+/** Fetch undoable actions list (for Version History assertions). */
+export async function listUndoable(request: APIRequestContext, token: string, params: Record<string, string> = {}): Promise<unknown> {
+  const qs = new URLSearchParams({ undoableOnly: 'true', ...params }).toString()
+  const res = await apiRequest(request, 'GET', `${ACTIONS_PATH}?${qs}`, { token })
+  return res.json().catch(() => null)
+}
+
+/**
+ * Deep-equality assertion for a selected set of fields between two entity snapshots.
+ * Reports the first mismatching field with context for clear bug triage.
+ */
+export function assertFieldsEqual(
+  actual: Record<string, unknown> | null | undefined,
+  expected: Record<string, unknown> | null | undefined,
+  fields: string[],
+  context: string,
+): void {
+  expect(actual, `${context}: actual entity missing`).toBeTruthy()
+  expect(expected, `${context}: expected entity missing`).toBeTruthy()
+  for (const field of fields) {
+    expect(
+      JSON.stringify((actual as Record<string, unknown>)[field]),
+      `${context}: field "${field}" not restored (expected ${JSON.stringify((expected as Record<string, unknown>)[field])}, got ${JSON.stringify((actual as Record<string, unknown>)[field])})`,
+    ).toBe(JSON.stringify((expected as Record<string, unknown>)[field]))
+  }
+}

package/src/modules/customers/components/formConfig.tsx

@@ -1427,15 +1427,20 @@ export function buildCompanyPayload(
 // Edit-mode types
 // ---------------------------------------------------------------------------
 
-export type CompanyEditFormValues = Omit<CompanyFormValues, 'addresses'> & {
+// URL/email fields are clearable on edit: blanking a previously-set value transmits null,
+// so the edit-form value types widen to `string | null` to match the edit-schema output. See #2526.
+export type CompanyEditFormValues = Omit<CompanyFormValues, 'addresses' | 'primaryEmail' | 'websiteUrl'> & {
   id: string
+  primaryEmail?: string | null
+  websiteUrl?: string | null
 }
 
-export type PersonEditFormValues = Omit<PersonFormValues, 'addresses'> & {
+export type PersonEditFormValues = Omit<PersonFormValues, 'addresses' | 'primaryEmail'> & {
   id: string
   department?: string
-  linkedInUrl?: string
-  twitterUrl?: string
+  primaryEmail?: string | null
+  linkedInUrl?: string | null
+  twitterUrl?: string | null
 }
 
 // ---------------------------------------------------------------------------
@@ -1451,31 +1456,44 @@ const optionalString = () =>
     .transform((val) => (val === '' ? undefined : val))
     .optional()
 
+// Edit-mode URL/email fields map to nullable columns and must be clearable: blanking a
+// previously-set value transforms '' → null so the payload builder can transmit an explicit
+// clear (omitting the key can never remove an existing value). Create-mode schemas keep the
+// '' → undefined transform. See #2526.
+const clearableUrlField = () =>
+  z
+    .string()
+    .trim()
+    .url()
+    .optional()
+    .or(z.literal(''))
+    .transform((val) => (val === '' ? null : val))
+    .optional()
+
+const clearableEmailField = () =>
+  z
+    .string()
+    .trim()
+    .email()
+    .optional()
+    .or(z.literal(''))
+    .transform((val) => (val === '' ? null : val))
+    .optional()
+
 export const createCompanyEditSchema = () =>
   createCompanyFormSchema().extend({
     id: z.string().uuid(),
+    primaryEmail: clearableEmailField(),
+    websiteUrl: clearableUrlField(),
   })
 
 export const createPersonEditSchema = () =>
   createPersonFormSchema().extend({
     id: z.string().uuid(),
     department: optionalString(),
-    linkedInUrl: z
-      .string()
-      .trim()
-      .url()
-      .optional()
-      .or(z.literal(''))
-      .transform((val) => (val === '' ? undefined : val))
-      .optional(),
-    twitterUrl: z
-      .string()
-      .trim()
-      .url()
-      .optional()
-      .or(z.literal(''))
-      .transform((val) => (val === '' ? undefined : val))
-      .optional(),
+    primaryEmail: clearableEmailField(),
+    linkedInUrl: clearableUrlField(),
+    twitterUrl: clearableUrlField(),
   })
 
 // ---------------------------------------------------------------------------
@@ -1755,9 +1773,27 @@ export const createPersonPersonalDataGroups = (
 // Edit-mode payload builders
 // ---------------------------------------------------------------------------
 
+// On edit, optional URL/email fields that map to nullable columns must transmit an explicit
+// `null` when the user blanks a previously-set value — omitting the key can never clear it.
+// The base create-mode builders omit blanks (correct for create), so the edit builders
+// override these clearable fields here. See #2526.
+const assignClearable = (payload: Record<string, unknown>, key: string, raw: unknown): void => {
+  if (raw === null) {
+    payload[key] = null
+    return
+  }
+  if (typeof raw !== 'string') return
+  const trimmed = raw.trim()
+  payload[key] = trimmed.length ? trimmed : null
+}
+
 export function buildCompanyEditPayload(values: CompanyEditFormValues, organizationId?: string | null): Record<string, unknown> {
   const payload = buildCompanyPayload(values, organizationId)
   payload.id = values.id
+
+  assignClearable(payload, 'primaryEmail', values.primaryEmail)
+  assignClearable(payload, 'websiteUrl', values.websiteUrl)
+
   return payload
 }
 
@@ -1768,11 +1804,9 @@ export function buildPersonEditPayload(values: PersonEditFormValues, organizatio
   const department = typeof values.department === 'string' ? values.department.trim() : ''
   if (department.length) payload.department = department
 
-  const linkedInUrl = typeof values.linkedInUrl === 'string' ? values.linkedInUrl.trim() : ''
-  if (linkedInUrl.length) payload.linkedInUrl = linkedInUrl
-
-  const twitterUrl = typeof values.twitterUrl === 'string' ? values.twitterUrl.trim() : ''
-  if (twitterUrl.length) payload.twitterUrl = twitterUrl
+  assignClearable(payload, 'primaryEmail', values.primaryEmail)
+  assignClearable(payload, 'linkedInUrl', values.linkedInUrl)
+  assignClearable(payload, 'twitterUrl', values.twitterUrl)
 
   return payload
 }

package/src/modules/customers/data/validators.ts

@@ -14,6 +14,27 @@ const phoneSchema = z.string().trim().max(50).refine((val) => {
   return isValidPhoneNumber(val)
 }, { message: CUSTOMER_PHONE_INVALID_MESSAGE_KEY }).optional()
 
+// Optional URL/email fields map to nullable DB columns. Treat both '' and null as an
+// explicit "clear this value" signal (both coerce to null) so a previously-set value can
+// be removed via update; without this `''` fails `.url()/.email()` and `null` fails the
+// string type, leaving the columns effectively write-once-non-empty. The command layer
+// already persists null. See #2526.
+const emptyStringToNull = (value: unknown): unknown => {
+  if (typeof value !== 'string') return value
+  const trimmed = value.trim()
+  return trimmed.length ? trimmed : null
+}
+
+const clearableEmailSchema = z.preprocess(
+  emptyStringToNull,
+  z.string().email().max(320).nullable().optional(),
+)
+
+const clearableUrlSchema = z.preprocess(
+  emptyStringToNull,
+  z.string().url().max(300).nullable().optional(),
+)
+
 const interactionPhoneNumberSchema = z.string().trim().max(50).optional().nullable()
 
 const scopedSchema = z.object({
@@ -42,12 +63,7 @@ const baseEntitySchema = {
   displayName: displayNameSchema,
   description: z.string().trim().max(4000).optional(),
   ownerUserId: uuid().optional(),
-  primaryEmail: z
-    .string()
-    .trim()
-    .email()
-    .max(320)
-    .optional(),
+  primaryEmail: clearableEmailSchema,
   primaryPhone: phoneSchema,
   status: z.string().trim().max(100).optional(),
   lifecycleStage: z.string().trim().max(100).optional(),
@@ -65,8 +81,8 @@ const personDetailsSchema = {
   department: z.string().trim().max(150).optional(),
   seniority: z.string().trim().max(100).optional(),
   timezone: z.string().trim().max(120).optional(),
-  linkedInUrl: z.string().trim().url().max(300).optional(),
-  twitterUrl: z.string().trim().url().max(300).optional(),
+  linkedInUrl: clearableUrlSchema,
+  twitterUrl: clearableUrlSchema,
   companyEntityId: uuid().nullable().optional(),
 }
 
@@ -77,7 +93,7 @@ const companyDetailsSchema = {
   legalName: z.string().trim().max(200).optional(),
   brandName: z.string().trim().max(200).optional(),
   domain: z.string().trim().max(200).optional(),
-  websiteUrl: z.string().trim().url().max(300).optional(),
+  websiteUrl: clearableUrlSchema,
   industry: z.string().trim().max(150).optional(),
   sizeBucket: z.string().trim().max(100).optional(),
   annualRevenue: z.coerce.number().min(0).optional(),

package/src/modules/dictionaries/commands/entry-operations.ts

@@ -325,6 +325,14 @@ const setDefaultDictionaryEntryCommand: CommandHandler<
     )
     const clearedIds: string[] = []
 
+    // The partial unique index `dictionary_entries_one_default_per_dict`
+    // (dictionary_id, organization_id, tenant_id) WHERE is_default = true forbids
+    // two default entries in the same dictionary. PostgreSQL checks partial unique
+    // indexes per-statement (no deferral) and MikroORM does not guarantee that the
+    // is_default=false UPDATEs run before the is_default=true UPDATE within a single
+    // flush, so clearing and setting in one flush races to a 23505. Clear the prior
+    // default(s) in their own flush first, then set the new default in a second
+    // flush, so Postgres never observes two default rows at once.
     await withAtomicFlush(em, [
       () => {
         for (const entry of existingDefaults) {
@@ -333,6 +341,10 @@ const setDefaultDictionaryEntryCommand: CommandHandler<
           entry.updatedAt = new Date()
           clearedIds.push(entry.id)
         }
+      },
+    ], { transaction: true })
+    await withAtomicFlush(em, [
+      () => {
         targetEntry.isDefault = true
         targetEntry.updatedAt = new Date()
       },
@@ -421,12 +433,19 @@ const setDefaultDictionaryEntryCommand: CommandHandler<
         )
       : []
 
+    // Same partial-unique-index ordering constraint as `execute`: clear the
+    // current default in its own flush before restoring the previous default(s),
+    // so Postgres never sees two is_default=true rows in the dictionary at once.
     await withAtomicFlush(em, [
       () => {
         if (newDefault) {
           newDefault.isDefault = false
           newDefault.updatedAt = new Date()
         }
+      },
+    ], { transaction: true })
+    await withAtomicFlush(em, [
+      () => {
         for (const entry of previousDefaults) {
           entry.isDefault = true
           entry.updatedAt = new Date()

package/src/modules/feature_toggles/backend/feature-toggles/global/[id]/edit/page.tsx

@@ -1,6 +1,7 @@
 "use client"
 import { Page, PageBody } from "@open-mercato/ui/backend/Page";
 import { CrudForm } from "@open-mercato/ui/backend/CrudForm";
+import { ErrorMessage, LoadingMessage } from "@open-mercato/ui/backend/detail";
 import { E } from "#generated/entities.ids.generated";
 import { useT } from "@open-mercato/shared/lib/i18n/context";
 import * as React from 'react'
@@ -15,7 +16,7 @@ export default function EditFeatureTogglePage({ params }: { params?: { id?: stri
   const fields = createFieldDefinitions(t);
   const formGroups = createFormGroups(t);
 
-  const { data: featureToggleItem, isLoading } = useFeatureToggleItem(id)
+  const { data: featureToggleItem, isLoading, isError } = useFeatureToggleItem(id)
 
   // Derive the form's initial values synchronously from the loaded record. Using
   // a useState+useEffect here caused #2452: `isLoading` flips to false one render
@@ -36,6 +37,26 @@ export default function EditFeatureTogglePage({ params }: { params?: { id?: stri
     }
   }, [featureToggleItem, id])
 
+  // Gate the form on load. Mounting CrudForm with placeholder `{}` before the
+  // record arrives makes the required `type` Select mount controlled with `''`,
+  // then flip empty→value asynchronously — a transition the Radix trigger fails
+  // to re-derive, leaving Type blank and blocking save. Rendering CrudForm only
+  // once the record is present mirrors the synchronous create flow, so the
+  // Select mounts a single time with the stored value already set.
+  if (!initialValues) {
+    return (
+      <Page>
+        <PageBody>
+          {isError && !isLoading ? (
+            <ErrorMessage label={t('feature_toggles.form.errors.load', 'Failed to load feature toggle')} />
+          ) : (
+            <LoadingMessage label={t('feature_toggles.form.loading', 'Loading feature toggles')} />
+          )}
+        </PageBody>
+      </Page>
+    )
+  }
+
   return (
     <Page>
       <PageBody>
@@ -46,7 +67,7 @@ export default function EditFeatureTogglePage({ params }: { params?: { id?: stri
           versionHistory={{ resourceKind: 'feature_toggles.global', resourceId: id ? String(id) : '' }}
           fields={fields}
           entityId={E.feature_toggles.feature_toggle}
-          initialValues={initialValues ?? {}}
+          initialValues={initialValues}
           optimisticLockUpdatedAt={featureToggleItem?.updatedAt ?? null}
           isLoading={isLoading}
           groups={formGroups}

package/src/modules/translations/api/[entityType]/[entityId]/route.ts

@@ -69,7 +69,15 @@ export async function PUT(req: Request, ctx: { params?: { entityType?: string; e
       entityId: ctx.params?.entityId,
     })
 
-    const rawBody = await req.json().catch(() => ({}))
+    const rawText = await req.text()
+    let rawBody: unknown = {}
+    if (rawText.trim().length > 0) {
+      try {
+        rawBody = JSON.parse(rawText)
+      } catch {
+        return NextResponse.json({ error: 'Invalid JSON body' }, { status: 400 })
+      }
+    }
     const translations = translationBodySchema.parse(rawBody)
 
     const commandBus = context.container.resolve('commandBus') as CommandBus