rl-docs-hub

Bank MVP journeys & GraphQL schema (MVP contract)

Status: Draft MVP contract for rl-bank-api + first customer/staff clients.

This doc defines the minimum viable set of customer and staff journeys for the fake bank, and the corresponding GraphQL schema (MVP only) that rl-bank-api must implement. It is intentionally narrow: accounts, transactions, internal transfers, and basic staff approval flows only.

No cards, loans, or KYC flows are included here.

1. Customer journeys (MVP)

Assume authentication/session is already handled by an IdP + JWT. All customer flows below start from an authenticated customer context.

Customer visits the customer app (web or mobile).
Customer clicks Log in.
App redirects to IdP (e.g. Auth0) and completes the browser/mobile login flow.
On success, app receives an ID/access token with:
- sub (stable customer identifier)
- basic profile fields (e.g. name, email)
App configures GraphQL client with the bearer token.
App calls me to fetch the current customer profile and basic data needed to personalize the UI.

1.2 View accounts (list)

Precondition: authenticated customer.
App calls customerAccounts.
API returns all customer-owned accounts (e.g. transaction, savings).
For each account, app renders:
- account name / product name
- masked account number
- account type (e.g. CHECKING, SAVINGS)
- currency
- available balance
- status (e.g. ACTIVE, FROZEN)
App may show a simple list or cards with these details.

1.3 View account detail + transactions

From the accounts list, customer selects one account.
App navigates to an account detail screen.
App calls accountTransactions(accountId: ID!).
API returns a page of recent transactions for that account in reverse-chronological order.
Account detail screen shows:
- account header (name, masked number, available balance, currency, status)
- recent transactions list with:
  - date/time
  - description / merchant
  - amount (signed, with +/− or credit/debit styling)
  - running balance or post-transaction balance (optional)
  - status (e.g. POSTED, PENDING)

1.4 Create an internal transfer (between own accounts)

From either:
- a dedicated Transfers screen, or
- an action button on the accounts list/detail,
- customer chooses Transfer between my accounts.
App loads eligible source/target accounts from customerAccounts.
Customer selects:
- fromAccount (must be owned by the same customer)
- toAccount (different account but owned by the same customer)
- transfer amount
- optional description / reference
App validates basic rules client-side (e.g. positive amount, different source/target).
App calls initiateTransfer mutation.
API performs server-side validation:
- both accounts exist and are owned by the authenticated customer
- accounts are not closed/frozen (or otherwise blocked) for transfers
- sufficient available balance on fromAccount
- amount within reasonable min/max limits for demo
On success:
- API creates a Transfer record and corresponding Transaction records.
- Transfer is created in a PENDING or COMPLETED state depending on demo rules:
  - MVP default: internal transfers between own accounts auto-complete (COMPLETED) unless we later add risk controls.
- App receives the Transfer payload and shows a confirmation state (e.g. success screen or banner).
On failure:
- API surfaces a safe, human-readable error message (insufficient funds, account blocked, etc.).

2. Staff journeys (MVP)

Assume staff users log in via a staff portal (web/mobile) using the same IdP but different audience/roles. All flows start from an authenticated staff context.

Staff user visits the staff portal.
Staff clicks Log in.
IdP returns an ID/access token with:
- sub (stable staff user identifier)
- basic profile fields (e.g. name, email)
- role/permission claims (e.g. staff, support_agent)
App configures GraphQL client with the bearer token.
App calls staffMe to fetch the staff profile and any relevant capabilities/permissions.

2.2 Search for a customer

From a staff workspace home/search screen, staff can search for a customer by:
- name (partial match)
- email (exact or partial)
- customerId (exact)
App calls a customer search query (MVP name: searchCustomers — see schema).
API returns a paged list of matches with enough information to disambiguate:
- customer id
- full name
- email
- primary customer status (e.g. ACTIVE, SUSPENDED)
Staff selects a customer to drill into their portfolio.

2.3 View a customer’s accounts and recent transactions

From the search result or a customer detail screen, staff chooses View accounts.
App calls customerAccounts(customerId: ID) with an explicit customerId.
API returns all accounts for the specified customer (same shape as customer self-view, plus possibly extra staff-only fields).
Staff app shows:
- account list with balances and status
- for each account, a quick view of recent transactions (either inline or via a drill-down screen).
For a specific account, app may call accountTransactions(accountId: ID!) (same query as customer but authorized for staff context) to show more history.

2.4 View and approve/reject pending transfers

Staff portal includes a Transfers or Approvals workspace.
App calls pendingTransfersForApproval.
API returns transfers that are in a PENDING state and require staff action.
For each pending transfer, staff can see:
- transfer id
- createdAt
- from/to accounts (masked identifiers, customer names)
- amount and currency
- status (PENDING)
- optional notes / reason
Staff selects a transfer and can choose:
- Approve (calls approveTransfer)
- Reject (calls rejectTransfer)
On approval:
- API marks the transfer as APPROVED and, if not yet settled, posts the necessary ledger movements.
- Corresponding account balances and transactions are updated.
On rejection:
- API marks the transfer as REJECTED.
- If any holds/temporary movements exist, they are reversed according to MVP rules.
Staff app shows updated status and may remove the item from the pending list.

3. GraphQL schema (MVP only)

This section defines the MVP contract between rl-bank-api and clients. It is deliberately small; future slices can extend it via additional fields and mutations without breaking these basics.

Note: Names and shapes are written in GraphQL SDL. Implementation details (NestJS modules, resolvers, etc.) are out of scope here.

3.1 Core enums (MVP)

"Supported account types in the MVP."
enum AccountType {
  CHECKING
  SAVINGS
}

"High-level transaction categorisation."
enum TransactionType {
  DEBIT
  CREDIT
}

"Transaction posting state."
enum TransactionStatus {
  PENDING
  POSTED
  REVERSED
}

"Lifecycle of an internal transfer."
enum TransferStatus {
  PENDING
  APPROVED
  REJECTED
  COMPLETED
  FAILED
}

3.2 Core types (MVP)

"Authenticated customer user."
type Customer {
  id: ID!
  name: String
  email: String
}

"Authenticated staff user."
type StaffUser {
  id: ID!
  name: String
  email: String
  role: String
}

"Bank account owned by a customer."
type Account {
  id: ID!
  customerId: ID!
  name: String
  accountNumberMasked: String!
  type: AccountType!
  currency: String!
  status: String! # e.g. ACTIVE, FROZEN, CLOSED (string for now to avoid over-specifying)
  availableBalance: Float!
  currentBalance: Float!
}

"Ledger transaction for an account."
type Transaction {
  id: ID!
  accountId: ID!
  postedAt: String!
  description: String!
  amount: Float! # positive for credit, negative for debit in MVP
  type: TransactionType!
  status: TransactionStatus!
  runningBalance: Float
}

"Internal transfer between customer-owned accounts."
type Transfer {
  id: ID!
  fromAccountId: ID!
  toAccountId: ID!
  amount: Float!
  currency: String!
  status: TransferStatus!
  createdAt: String!
  approvedAt: String
  rejectedAt: String
  completedAt: String
  failureReason: String
  description: String
}

3.3 Query operations (MVP)

Customer-facing queries

"Returns the currently authenticated customer (self)."
me: Customer

"Returns accounts for the current customer.

When called in a customer context, `customerId` is derived from the token and
this field should be ignored. When called in a staff context, `customerId`
may be provided explicitly to view that customer's accounts."
customerAccounts(customerId: ID): [Account!]!

"Returns recent transactions for a specific account."
accountTransactions(accountId: ID!): [Transaction!]!

Staff-facing queries

"Returns the currently authenticated staff user (self)."
staffMe: StaffUser

"Staff search for customers by name/email/id."
searchCustomers(
  query: String!
  page: Int = 0
  pageSize: Int = 20
): [Customer!]!

"Transfers that are currently pending and require staff action."
pendingTransfersForApproval: [Transfer!]!

3.4 Mutations (MVP)

input InitiateTransferInput {
  fromAccountId: ID!
  toAccountId: ID!
  amount: Float!
  description: String
}

"Initiate an internal transfer between accounts owned by the same customer."
initiateTransfer(input: InitiateTransferInput!): Transfer!

"Approve a pending transfer as staff."
approveTransfer(transferId: ID!): Transfer!

"Reject a pending transfer as staff."
rejectTransfer(transferId: ID!, reason: String): Transfer!

4. MVP constraints & notes

Ownership:
- initiateTransfer must verify both fromAccountId and toAccountId are owned by the authenticated customer.
- Staff operations (pendingTransfersForApproval, approveTransfer, rejectTransfer) require a staff role/permission; details of RBAC are out of scope for this doc.
Balances & limits:
- Transfers must not allow the fromAccount to go below an implementation-defined minimum (e.g. zero) unless/until overdrafts are explicitly added to scope.
- Demo-friendly limits may cap the maximum transfer amount per operation.
Idempotency:
- Re-approving an already-approved or completed transfer should be a no-op.
- Re-rejecting an already-rejected transfer should be a no-op.
Extensibility:
- Future slices may introduce richer account/transaction views, external payees, FX, etc. without breaking this contract.