From 8982118eee10dfc3390457d72c14f80746382dc5 Mon Sep 17 00:00:00 2001
From: Hardik <shardik99@gmail.com>
Date: Mon, 22 Jun 2026 21:59:31 +0530
Subject: [PATCH] =?UTF-8?q?feat(crewing):=20Phase=205a=20=E2=80=94=20verif?=
 =?UTF-8?q?ication=20queue=20(flagged)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

First slice of Phase 5 (verification + appraisal). The office queue for verifying
site-entered records, per Crewing-Implementation-Spec §8.11/R11. Stacks on 4c.
Behind NEXT_PUBLIC_CREWING_ENABLED.

What's in
- Schema: CrewActionType += RECORD_VERIFIED/RECORD_REJECTED (migration
  crewing_verification_actions). No model changes — SeafarerDocument/BankDetail/
  EpfDetail already carry verificationStatus + verifiedById (3b/4a).
- Actions (crewing/verification/actions.ts): verifyDocument (verify_site_records —
  MPO/Manager) and verifyBankEpf (verify_bank_epf — Accounts) set
  verificationStatus VERIFIED/REJECTED + verifiedById; rejection requires remarks;
  each writes a CrewAction. Already-decided records are guarded.
- Screen: /crewing/verification — role-aware (MPO: pending documents with expiry
  flags; Accounts: pending bank/EPF), Verify / Reject-with-remarks. Leave is not
  here (Manager approval, R11). Verification added to nav (MPO + Accounts + SU, §7).

Tests & docs
- Integration: verification.test.ts (6) — doc verify/reject + already-decided
  guard, bank/EPF verify, permission gating (Accounts can't verify docs, MPO can't
  verify bank/EPF). type-check clean; full unit (241) + integration (201) green
  (verified with RESEND_API_KEY unset, mimicking CI).
- CLAUDE.md updated.

Deferred (per decision): PPE / next-of-kin verification gates.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 App/CLAUDE.md                                 |   6 +
 .../(portal)/crewing/verification/actions.ts  |  84 +++++++++++
 .../(portal)/crewing/verification/page.tsx    |  64 ++++++++
 .../verification/verification-manager.tsx     | 139 ++++++++++++++++++
 App/components/layout/sidebar.tsx             |   2 +
 .../migration.sql                             |  10 ++
 App/prisma/schema.prisma                      |   2 +
 App/tests/integration/verification.test.ts    | 103 +++++++++++++
 8 files changed, 410 insertions(+)
 create mode 100644 App/app/(portal)/crewing/verification/actions.ts
 create mode 100644 App/app/(portal)/crewing/verification/page.tsx
 create mode 100644 App/app/(portal)/crewing/verification/verification-manager.tsx
 create mode 100644 App/prisma/migrations/20260622162555_crewing_verification_actions/migration.sql
 create mode 100644 App/tests/integration/verification.test.ts

diff --git a/App/CLAUDE.md b/App/CLAUDE.md
index b5a26ad..9ae7198 100644
--- a/App/CLAUDE.md
+++ b/App/CLAUDE.md
@@ -186,6 +186,12 @@ A crew-management module built incrementally per the **wiki `Crewing-Implementat
 - **Screen:** a **Sign off** button on the crew-profile header (`/crewing/crew/[id]`, `sign_off_crew` holders — Site staff / MPO / Manager); on success it redirects to the Crew directory (the member is no longer `EMPLOYEE`).
 - This closes **Phase 4** (E/F/G + K). Remaining roadmap: Phase 5 (verification + appraisal), Phase 6 (payroll, dashboards, notifications).
 
+**Phase 5a — Verification (Epic I; spec §8.11/R11):** the office queue for site-entered records (Phase 5 ships as 5a verification → 5b appraisal).
+
+- **Actions** (`crewing/verification/actions.ts`): `verifyDocument(id, approve, remarks)` (`verify_site_records` — MPO/Manager) sets a `SeafarerDocument`'s `verificationStatus` + `verifiedById`; `verifyBankEpf(crewMemberId, "bank"|"epf", approve, remarks)` (`verify_bank_epf` — Accounts) does the same for `BankDetail`/`EpfDetail`. Rejection requires remarks; both write a `CrewAction` (`RECORD_VERIFIED`/`RECORD_REJECTED`). No new models — the verification fields already existed (3b/4a).
+- **Screen:** `/crewing/verification` — role-aware (MPO sees pending documents with expiry flags; Accounts sees pending bank/EPF), Verify / Reject-with-remarks. **Leave is not here** (it's a Manager approval, R11). Added to nav (MPO + Accounts + SuperUser, §7).
+- **Deferred (per decision):** PPE / next-of-kin verification gates (low-risk; no `verificationStatus` on those models).
+
 ### GST Calculation
 
 `totalAmount = sum(quantity × unitPrice × (1 + gstRate))` for each line item. The `gstRate` is stored as a decimal on `POLineItem` (e.g., `0.18` = 18%). This applies in Server Actions when computing `totalPrice` per line and the PO `totalAmount`.
diff --git a/App/app/(portal)/crewing/verification/actions.ts b/App/app/(portal)/crewing/verification/actions.ts
new file mode 100644
index 0000000..f4b6306
--- /dev/null
+++ b/App/app/(portal)/crewing/verification/actions.ts
@@ -0,0 +1,84 @@
+"use server";
+
+import { auth } from "@/auth";
+import { db } from "@/lib/db";
+import { hasPermission, type Permission } from "@/lib/permissions";
+import { CREWING_ENABLED } from "@/lib/feature-flags";
+import type { Role } from "@prisma/client";
+import { revalidatePath } from "next/cache";
+
+type ActionResult = { ok: true } | { error: string };
+const PATH = "/crewing/verification";
+
+async function guard(permission: Permission): Promise<{ error: string } | { userId: string; role: Role }> {
+  if (!CREWING_ENABLED) return { error: "Crewing is not enabled" };
+  const session = await auth();
+  if (!session?.user) return { error: "Unauthorized" };
+  if (!hasPermission(session.user.role, permission)) return { error: "Unauthorized" };
+  return { userId: session.user.id, role: session.user.role };
+}
+
+// ── Document verification (MPO / Manager) ──────────────────────────────────────
+
+export async function verifyDocument(id: string, approve: boolean, remarks?: string): Promise<ActionResult> {
+  const g = await guard("verify_site_records");
+  if ("error" in g) return g;
+  if (!approve && !remarks?.trim()) return { error: "A reason is required to reject" };
+
+  const doc = await db.seafarerDocument.findUnique({ where: { id }, select: { crewMemberId: true, verificationStatus: true } });
+  if (!doc) return { error: "Document not found" };
+  if (doc.verificationStatus !== "PENDING") return { error: `This document is already ${doc.verificationStatus.toLowerCase()}` };
+
+  await db.seafarerDocument.update({
+    where: { id },
+    data: { verificationStatus: approve ? "VERIFIED" : "REJECTED", verifiedById: g.userId },
+  });
+  await db.crewAction.create({
+    data: {
+      actionType: approve ? "RECORD_VERIFIED" : "RECORD_REJECTED",
+      actorId: g.userId,
+      crewMemberId: doc.crewMemberId,
+      note: remarks?.trim() || null,
+      metadata: { record: "document" },
+    },
+  });
+
+  revalidatePath(PATH);
+  revalidatePath(`/crewing/crew/${doc.crewMemberId}`);
+  return { ok: true };
+}
+
+// ── Bank / EPF verification (Accounts) ─────────────────────────────────────────
+
+export async function verifyBankEpf(crewMemberId: string, kind: "bank" | "epf", approve: boolean, remarks?: string): Promise<ActionResult> {
+  const g = await guard("verify_bank_epf");
+  if ("error" in g) return g;
+  if (!approve && !remarks?.trim()) return { error: "A reason is required to reject" };
+
+  const status = approve ? "VERIFIED" : "REJECTED";
+  if (kind === "bank") {
+    const rec = await db.bankDetail.findUnique({ where: { crewMemberId }, select: { id: true, verificationStatus: true } });
+    if (!rec) return { error: "Bank details not found" };
+    if (rec.verificationStatus !== "PENDING") return { error: `Bank details already ${rec.verificationStatus.toLowerCase()}` };
+    await db.bankDetail.update({ where: { crewMemberId }, data: { verificationStatus: status, verifiedById: g.userId } });
+  } else {
+    const rec = await db.epfDetail.findUnique({ where: { crewMemberId }, select: { id: true, verificationStatus: true } });
+    if (!rec) return { error: "EPF details not found" };
+    if (rec.verificationStatus !== "PENDING") return { error: `EPF details already ${rec.verificationStatus.toLowerCase()}` };
+    await db.epfDetail.update({ where: { crewMemberId }, data: { verificationStatus: status, verifiedById: g.userId } });
+  }
+
+  await db.crewAction.create({
+    data: {
+      actionType: approve ? "RECORD_VERIFIED" : "RECORD_REJECTED",
+      actorId: g.userId,
+      crewMemberId,
+      note: remarks?.trim() || null,
+      metadata: { record: kind },
+    },
+  });
+
+  revalidatePath(PATH);
+  revalidatePath(`/crewing/crew/${crewMemberId}`);
+  return { ok: true };
+}
diff --git a/App/app/(portal)/crewing/verification/page.tsx b/App/app/(portal)/crewing/verification/page.tsx
new file mode 100644
index 0000000..60372ac
--- /dev/null
+++ b/App/app/(portal)/crewing/verification/page.tsx
@@ -0,0 +1,64 @@
+import { auth } from "@/auth";
+import { db } from "@/lib/db";
+import { hasPermission } from "@/lib/permissions";
+import { CREWING_ENABLED } from "@/lib/feature-flags";
+import { redirect, notFound } from "next/navigation";
+import { VerificationManager } from "./verification-manager";
+import type { Metadata } from "next";
+
+export const metadata: Metadata = { title: "Verification" };
+
+export default async function VerificationPage() {
+  if (!CREWING_ENABLED) notFound();
+
+  const session = await auth();
+  if (!session?.user) redirect("/login");
+  const role = session.user.role;
+  const canDocs = hasPermission(role, "verify_site_records");
+  const canBankEpf = hasPermission(role, "verify_bank_epf");
+  if (!canDocs && !canBankEpf) redirect("/dashboard");
+
+  const [docs, bank, epf] = await Promise.all([
+    canDocs
+      ? db.seafarerDocument.findMany({
+          where: { verificationStatus: "PENDING" },
+          orderBy: { createdAt: "asc" },
+          include: {
+            crewMember: {
+              select: {
+                name: true,
+                assignments: { where: { status: { not: "SIGNED_OFF" } }, take: 1, include: { vessel: { select: { name: true } }, site: { select: { name: true } } } },
+              },
+            },
+          },
+        })
+      : [],
+    canBankEpf
+      ? db.bankDetail.findMany({ where: { verificationStatus: "PENDING" }, orderBy: { createdAt: "asc" }, include: { crewMember: { select: { name: true } } } })
+      : [],
+    canBankEpf
+      ? db.epfDetail.findMany({ where: { verificationStatus: "PENDING" }, orderBy: { createdAt: "asc" }, include: { crewMember: { select: { name: true } } } })
+      : [],
+  ]);
+
+  return (
+    <VerificationManager
+      docs={docs.map((d) => {
+        const a = d.crewMember.assignments[0];
+        return {
+          id: d.id,
+          crewName: d.crewMember.name,
+          location: a?.vessel?.name ?? a?.site?.name ?? "—",
+          docType: d.docType,
+          number: d.number,
+          expiryDate: d.expiryDate?.toISOString() ?? null,
+          submitted: d.createdAt.toISOString(),
+        };
+      })}
+      bank={bank.map((b) => ({ crewMemberId: b.crewMemberId, crewName: b.crewMember.name, accountName: b.accountName, accountNumber: b.accountNumber, ifsc: b.ifsc, bankName: b.bankName }))}
+      epf={epf.map((e) => ({ crewMemberId: e.crewMemberId, crewName: e.crewMember.name, uan: e.uan, aadhaarLast4: e.aadhaarLast4, pfNumber: e.pfNumber }))}
+      canDocs={canDocs}
+      canBankEpf={canBankEpf}
+    />
+  );
+}
diff --git a/App/app/(portal)/crewing/verification/verification-manager.tsx b/App/app/(portal)/crewing/verification/verification-manager.tsx
new file mode 100644
index 0000000..6588bef
--- /dev/null
+++ b/App/app/(portal)/crewing/verification/verification-manager.tsx
@@ -0,0 +1,139 @@
+"use client";
+
+import { useState } from "react";
+import { useRouter } from "next/navigation";
+import type { SeafarerDocType } from "@prisma/client";
+import { AdminDialog } from "@/components/ui/admin-dialog";
+import { verifyDocument, verifyBankEpf } from "./actions";
+
+const label = (s: string) => s.replace(/_/g, " ").toLowerCase().replace(/\b\w/g, (m) => m.toUpperCase());
+const fmt = (iso: string | null) => (iso ? new Date(iso).toLocaleDateString() : "—");
+const isExpired = (iso: string | null) => Boolean(iso && new Date(iso) < new Date());
+
+type Doc = { id: string; crewName: string; location: string; docType: SeafarerDocType; number: string | null; expiryDate: string | null; submitted: string };
+type Bank = { crewMemberId: string; crewName: string; accountName: string | null; accountNumber: string | null; ifsc: string | null; bankName: string | null };
+type Epf = { crewMemberId: string; crewName: string; uan: string | null; aadhaarLast4: string | null; pfNumber: string | null };
+
+function Actions({ onVerify, onReject }: { onVerify: () => Promise<{ ok: true } | { error: string }>; onReject: (reason: string) => Promise<{ ok: true } | { error: string }> }) {
+  const router = useRouter();
+  const [pending, setPending] = useState(false);
+  const [error, setError] = useState("");
+  const [open, setOpen] = useState(false);
+  const [reason, setReason] = useState("");
+
+  async function verify() {
+    setPending(true); setError("");
+    const res = await onVerify();
+    setPending(false);
+    if ("error" in res) setError(res.error); else router.refresh();
+  }
+  async function reject(e: React.FormEvent) {
+    e.preventDefault();
+    setPending(true); setError("");
+    const res = await onReject(reason);
+    setPending(false);
+    if ("error" in res) setError(res.error); else { setOpen(false); router.refresh(); }
+  }
+
+  return (
+    <div className="text-right">
+      <div className="flex justify-end gap-2">
+        <button onClick={verify} disabled={pending} className="rounded-md bg-primary-600 px-3 py-1.5 text-xs font-semibold text-white hover:bg-primary-700 disabled:opacity-60">Verify</button>
+        <button onClick={() => setOpen(true)} disabled={pending} className="rounded-md border border-neutral-300 px-3 py-1.5 text-xs font-medium text-neutral-700 hover:bg-neutral-50">Reject</button>
+      </div>
+      {error && <p className="text-xs text-danger-700 mt-1">{error}</p>}
+      <AdminDialog title="Reject record" open={open} onClose={() => setOpen(false)}>
+        <form onSubmit={reject} className="space-y-4 text-left">
+          <textarea className="w-full rounded-lg border border-neutral-300 px-3 py-2 text-sm" rows={3} value={reason} onChange={(e) => setReason(e.target.value)} required placeholder="Reason for rejection" />
+          <div className="flex justify-end gap-3">
+            <button type="button" className="rounded-lg border border-neutral-300 px-4 py-2 text-sm font-medium text-neutral-700 hover:bg-neutral-50" onClick={() => setOpen(false)}>Cancel</button>
+            <button type="submit" disabled={pending} className="rounded-lg bg-primary-600 px-4 py-2 text-sm font-semibold text-white hover:bg-primary-700 disabled:opacity-60">Reject</button>
+          </div>
+        </form>
+      </AdminDialog>
+    </div>
+  );
+}
+
+function Card({ title, sub, empty, children }: { title: string; sub: string; empty: boolean; children: React.ReactNode }) {
+  return (
+    <div className="mb-8">
+      <h2 className="text-sm font-semibold text-neutral-900">{title}</h2>
+      <p className="text-xs text-neutral-500 mt-0.5 mb-3">{sub}</p>
+      <div className="rounded-lg border border-neutral-200 bg-white overflow-hidden">
+        {empty ? <p className="px-4 py-10 text-center text-sm text-neutral-400">Nothing awaiting verification.</p> : (
+          <table className="w-full text-sm">{children}</table>
+        )}
+      </div>
+    </div>
+  );
+}
+
+export function VerificationManager({ docs, bank, epf, canDocs, canBankEpf }: { docs: Doc[]; bank: Bank[]; epf: Epf[]; canDocs: boolean; canBankEpf: boolean }) {
+  return (
+    <div className="max-w-4xl">
+      <div className="mb-6">
+        <h1 className="text-2xl font-semibold text-neutral-900">Verification</h1>
+        <p className="text-sm text-neutral-500 mt-0.5">Site-entered records awaiting office verification.</p>
+      </div>
+
+      {canDocs && (
+        <Card title="Documents" sub="Verify or reject crew documents (MPO)." empty={docs.length === 0}>
+          <thead><tr className="border-b border-neutral-200 bg-neutral-50 text-left text-xs font-semibold text-neutral-500 uppercase tracking-wide">
+            <th className="px-4 py-3">Crew</th><th className="px-4 py-3">Vessel / site</th><th className="px-4 py-3">Document</th><th className="px-4 py-3">Expiry</th><th className="px-4 py-3">Submitted</th><th className="px-4 py-3 w-32"></th>
+          </tr></thead>
+          <tbody>
+            {docs.map((d) => (
+              <tr key={d.id} className="border-b border-neutral-100 last:border-0 hover:bg-neutral-50">
+                <td className="px-4 py-3 font-medium text-neutral-900">{d.crewName}</td>
+                <td className="px-4 py-3 text-neutral-600">{d.location}</td>
+                <td className="px-4 py-3 text-neutral-700">{label(d.docType)}{d.number ? ` · ${d.number}` : ""}</td>
+                <td className="px-4 py-3">{d.expiryDate ? <span className={isExpired(d.expiryDate) ? "text-danger-700 font-medium" : "text-neutral-600"}>{fmt(d.expiryDate)}{isExpired(d.expiryDate) ? " · expired" : ""}</span> : "—"}</td>
+                <td className="px-4 py-3 text-neutral-500">{fmt(d.submitted)}</td>
+                <td className="px-4 py-3"><Actions onVerify={() => verifyDocument(d.id, true)} onReject={(r) => verifyDocument(d.id, false, r)} /></td>
+              </tr>
+            ))}
+          </tbody>
+        </Card>
+      )}
+
+      {canBankEpf && (
+        <Card title="Bank details" sub="Verify or reject crew bank details (Accounts)." empty={bank.length === 0}>
+          <thead><tr className="border-b border-neutral-200 bg-neutral-50 text-left text-xs font-semibold text-neutral-500 uppercase tracking-wide">
+            <th className="px-4 py-3">Crew</th><th className="px-4 py-3">Account</th><th className="px-4 py-3">IFSC</th><th className="px-4 py-3">Bank</th><th className="px-4 py-3 w-32"></th>
+          </tr></thead>
+          <tbody>
+            {bank.map((b) => (
+              <tr key={b.crewMemberId} className="border-b border-neutral-100 last:border-0 hover:bg-neutral-50">
+                <td className="px-4 py-3 font-medium text-neutral-900">{b.crewName}</td>
+                <td className="px-4 py-3 font-mono text-xs text-neutral-700">{b.accountNumber ?? "—"}{b.accountName ? ` (${b.accountName})` : ""}</td>
+                <td className="px-4 py-3 text-neutral-600">{b.ifsc ?? "—"}</td>
+                <td className="px-4 py-3 text-neutral-600">{b.bankName ?? "—"}</td>
+                <td className="px-4 py-3"><Actions onVerify={() => verifyBankEpf(b.crewMemberId, "bank", true)} onReject={(r) => verifyBankEpf(b.crewMemberId, "bank", false, r)} /></td>
+              </tr>
+            ))}
+          </tbody>
+        </Card>
+      )}
+
+      {canBankEpf && (
+        <Card title="EPF details" sub="Verify or reject crew EPF / identity details (Accounts)." empty={epf.length === 0}>
+          <thead><tr className="border-b border-neutral-200 bg-neutral-50 text-left text-xs font-semibold text-neutral-500 uppercase tracking-wide">
+            <th className="px-4 py-3">Crew</th><th className="px-4 py-3">UAN</th><th className="px-4 py-3">Aadhaar</th><th className="px-4 py-3">PF no.</th><th className="px-4 py-3 w-32"></th>
+          </tr></thead>
+          <tbody>
+            {epf.map((e) => (
+              <tr key={e.crewMemberId} className="border-b border-neutral-100 last:border-0 hover:bg-neutral-50">
+                <td className="px-4 py-3 font-medium text-neutral-900">{e.crewName}</td>
+                <td className="px-4 py-3 font-mono text-xs text-neutral-700">{e.uan ?? "—"}</td>
+                <td className="px-4 py-3 font-mono text-xs text-neutral-700">{e.aadhaarLast4 ?? "—"}</td>
+                <td className="px-4 py-3 text-neutral-600">{e.pfNumber ?? "—"}</td>
+                <td className="px-4 py-3"><Actions onVerify={() => verifyBankEpf(e.crewMemberId, "epf", true)} onReject={(r) => verifyBankEpf(e.crewMemberId, "epf", false, r)} /></td>
+              </tr>
+            ))}
+          </tbody>
+        </Card>
+      )}
+    </div>
+  );
+}
diff --git a/App/components/layout/sidebar.tsx b/App/components/layout/sidebar.tsx
index 8ab5328..e894771 100644
--- a/App/components/layout/sidebar.tsx
+++ b/App/components/layout/sidebar.tsx
@@ -32,6 +32,7 @@ import {
   CalendarCheck,
   UserCog,
   Gauge,
+  BadgeCheck,
 } from "lucide-react";
 import type { Role } from "@prisma/client";
 
@@ -87,6 +88,7 @@ const CREWING_ITEMS: NavItem[] = CREWING_ENABLED
       { href: "/crewing/crew",         label: "Crew",         icon: Contact,       roles: ["MANNING", "MANAGER", "SUPERUSER", "SITE_STAFF", "ACCOUNTS"] },
       { href: "/crewing/leave",        label: "Leave",        icon: CalendarDays,  roles: ["MANAGER", "SUPERUSER", "SITE_STAFF"] },
       { href: "/crewing/attendance",   label: "Attendance",   icon: CalendarCheck, roles: ["MANAGER", "SUPERUSER", "SITE_STAFF"] },
+      { href: "/crewing/verification", label: "Verification", icon: BadgeCheck,    roles: ["MANNING", "SUPERUSER", "ACCOUNTS"] },
     ]
   : [];
 
diff --git a/App/prisma/migrations/20260622162555_crewing_verification_actions/migration.sql b/App/prisma/migrations/20260622162555_crewing_verification_actions/migration.sql
new file mode 100644
index 0000000..6571786
--- /dev/null
+++ b/App/prisma/migrations/20260622162555_crewing_verification_actions/migration.sql
@@ -0,0 +1,10 @@
+-- AlterEnum
+-- This migration adds more than one value to an enum.
+-- With PostgreSQL versions 11 and earlier, this is not possible
+-- in a single migration. This can be worked around by creating
+-- multiple migrations, each migration adding only one value to
+-- the enum.
+
+
+ALTER TYPE "CrewActionType" ADD VALUE 'RECORD_VERIFIED';
+ALTER TYPE "CrewActionType" ADD VALUE 'RECORD_REJECTED';
diff --git a/App/prisma/schema.prisma b/App/prisma/schema.prisma
index e5fa897..bf15089 100644
--- a/App/prisma/schema.prisma
+++ b/App/prisma/schema.prisma
@@ -155,6 +155,8 @@ enum CrewActionType {
   LEAVE_DECIDED
   ATTENDANCE_RECORDED
   CREW_SIGNED_OFF
+  RECORD_VERIFIED
+  RECORD_REJECTED
 }
 
 // ─── Crewing leave & attendance (Phase 4b, Epic G) ──────────────────────────
diff --git a/App/tests/integration/verification.test.ts b/App/tests/integration/verification.test.ts
new file mode 100644
index 0000000..eb52feb
--- /dev/null
+++ b/App/tests/integration/verification.test.ts
@@ -0,0 +1,103 @@
+/**
+ * Integration tests for Crewing Phase 5a verification: documents (MPO) and
+ * bank/EPF (Accounts), with role gating per §6/§8.11.
+ */
+import { vi, describe, it, expect, beforeAll, afterAll, afterEach } from "vitest";
+
+vi.mock("@/auth", () => ({ auth: vi.fn() }));
+vi.mock("next/cache", () => ({ revalidatePath: vi.fn() }));
+vi.mock("@/lib/feature-flags", () => ({ CREWING_ENABLED: true, INVENTORY_ENABLED: true }));
+
+import { auth } from "@/auth";
+import { db } from "@/lib/db";
+import { verifyDocument, verifyBankEpf } from "@/app/(portal)/crewing/verification/actions";
+import { makeSession, getSeedUser } from "./helpers";
+import type { Role } from "@prisma/client";
+
+let manningId: string;
+let accountsId: string;
+let siteStaffId: string;
+
+const SS_EMAIL = "sitestaff@itver.local";
+const as = (userId: string, role: Role) =>
+  vi.mocked(auth as unknown as () => Promise<unknown>).mockResolvedValue(makeSession(userId, role));
+
+async function crewWithRecords() {
+  const c = await db.crewMember.create({ data: { name: "To Verify", status: "EMPLOYEE", type: "NEW", source: "CAREERS" } });
+  const doc = await db.seafarerDocument.create({ data: { crewMemberId: c.id, docType: "PASSPORT", number: "P999" } });
+  await db.bankDetail.create({ data: { crewMemberId: c.id, accountNumber: "123456789", ifsc: "HDFC0001" } });
+  await db.epfDetail.create({ data: { crewMemberId: c.id, uan: "UAN-1" } });
+  return { crewId: c.id, docId: doc.id };
+}
+
+beforeAll(async () => {
+  manningId = (await getSeedUser("manning@pelagia.local")).id;
+  accountsId = (await getSeedUser("accounts@pelagia.local")).id;
+  const ss = await db.user.upsert({ where: { email: SS_EMAIL }, update: { role: "SITE_STAFF", isActive: true }, create: { employeeId: "ITVER-SS", email: SS_EMAIL, name: "SS Ver", role: "SITE_STAFF" } });
+  siteStaffId = ss.id;
+});
+
+afterEach(async () => {
+  await db.crewAction.deleteMany({});
+  await db.seafarerDocument.deleteMany({});
+  await db.bankDetail.deleteMany({});
+  await db.epfDetail.deleteMany({});
+  await db.crewMember.deleteMany({});
+  vi.clearAllMocks();
+});
+
+afterAll(async () => {
+  await db.user.deleteMany({ where: { email: SS_EMAIL } });
+});
+
+describe("document verification (MPO)", () => {
+  it("verifies a document with an audit row", async () => {
+    const { crewId, docId } = await crewWithRecords();
+    as(manningId, "MANNING");
+    expect("ok" in (await verifyDocument(docId, true))).toBe(true);
+    const d = await db.seafarerDocument.findUniqueOrThrow({ where: { id: docId } });
+    expect(d.verificationStatus).toBe("VERIFIED");
+    expect(d.verifiedById).toBe(manningId);
+    expect(await db.crewAction.count({ where: { crewMemberId: crewId, actionType: "RECORD_VERIFIED" } })).toBe(1);
+  });
+
+  it("rejection requires a reason and records it", async () => {
+    const { docId } = await crewWithRecords();
+    as(manningId, "MANNING");
+    expect("error" in (await verifyDocument(docId, false))).toBe(true);
+    expect("ok" in (await verifyDocument(docId, false, "Illegible scan"))).toBe(true);
+    expect((await db.seafarerDocument.findUniqueOrThrow({ where: { id: docId } })).verificationStatus).toBe("REJECTED");
+  });
+
+  it("won't re-verify an already-decided document", async () => {
+    const { docId } = await crewWithRecords();
+    as(manningId, "MANNING");
+    await verifyDocument(docId, true);
+    expect("error" in (await verifyDocument(docId, true))).toBe(true);
+  });
+
+  it("is rejected for roles without verify_site_records (accounts, site staff)", async () => {
+    const { docId } = await crewWithRecords();
+    as(accountsId, "ACCOUNTS");
+    expect(await verifyDocument(docId, true)).toEqual({ error: "Unauthorized" });
+    as(siteStaffId, "SITE_STAFF");
+    expect(await verifyDocument(docId, true)).toEqual({ error: "Unauthorized" });
+  });
+});
+
+describe("bank/EPF verification (Accounts)", () => {
+  it("Accounts verifies bank and EPF", async () => {
+    const { crewId } = await crewWithRecords();
+    as(accountsId, "ACCOUNTS");
+    expect("ok" in (await verifyBankEpf(crewId, "bank", true))).toBe(true);
+    expect((await db.bankDetail.findUniqueOrThrow({ where: { crewMemberId: crewId } })).verificationStatus).toBe("VERIFIED");
+    expect("ok" in (await verifyBankEpf(crewId, "epf", true))).toBe(true);
+    expect((await db.epfDetail.findUniqueOrThrow({ where: { crewMemberId: crewId } })).verificationStatus).toBe("VERIFIED");
+  });
+
+  it("is rejected for the MPO (no verify_bank_epf)", async () => {
+    const { crewId } = await crewWithRecords();
+    as(manningId, "MANNING");
+    expect(await verifyBankEpf(crewId, "bank", true)).toEqual({ error: "Unauthorized" });
+  });
+});
-- 
2.45.3