Troubleshooting and Runbook

Authentication and Portal Context

Verify the correct portal URL and Keycloak client are in use.
Distinguish identity failures from context failures.
For password-grant verification, use: curl -s -X POST 'https://auth.test.emali2.damplabs.com/realms/emali2/protocol/openid-connect/token' -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=password' --data-urlencode 'client_id=emali2-cli' --data-urlencode 'username=<user>' --data-urlencode 'password=<password>'
If the org console redirects to /forbidden?reason=missing-org-context, confirm the account resolves to a live organization and has assigned units where required.
During this refresh on 2026-03-25, customer1, admin1, and sp-finance authenticated successfully, while the previously documented seeded org users did not. Treat that as a live test-environment drift, not as intended product behavior.

The loans page shows a current loan but the repayment panel does not behave as expected.
A repayment amount larger than the balance due seems to post only partially.
The page rejects repayment because no wallet is selected or because the balance is too low.

Confirm the customer is on /app/loans and that a platform loan with a local loan ID is selected.
Verify the repayment request includes walletId.
Confirm the selected wallet balance is at least the amount the system can actually apply right now.
Expect the platform to cap the applied amount to the loan's outstanding balance. Excess value should remain in the wallet and be described back to the customer in the success message.
If the customer has an active loan, new offers are intentionally secondary to the servicing experience.

Confirm the agent is tier SUPER or MASTER.
Verify the hierarchy endpoint directly: curl -s 'https://api.test.emali2.damplabs.com/api/v1/agents/<agentId>/hierarchy' -H "Authorization: Bearer <token>"
To find live super agents in the admin environment, query: curl -s 'https://api.test.emali2.damplabs.com/api/v1/admin/agents?page=0&size=20&tier=SUPER' -H "Authorization: Bearer <token>"
Remember that /app/agents in the service-provider portal is an alias route and not the primary list surface anymore.

Confirm the signed-in user has assigned organization units.
Verify the selected unit resolves to an agent-backed organization unit.
Check the unit-scoped calls used by the page:
GET /api/v1/organization-units/assigned
organization journal report for the selected unitId
organization-unit transaction search for the same unitId
Treat float history as unit-scoped evidence. The page now pairs current balance with the selected unit's journal and transaction snapshot.

Opening /app/agents does not show the old standalone agent directory.
Opening /app/agents/:agentId renders a blank page in the current test deployment.

This is expected. /app/agents now redirects to /app/organizations.
If /app/agents/:agentId renders blank, open the browser console. During this refresh on 2026-03-25 the live admin bundle threw ReferenceError: Stack is not defined on that direct detail route.
Use /app/agents/:agentId/children for child-agent hierarchy review while the direct detail rendering issue is being corrected.
Use the organization surfaces to navigate into agents when you need the canonical admin entry point.

Verify the profile-security endpoints are deployed and routable from the gateway.
Confirm the token and client are accepted by the identity-backed 2FA flows.
Expect the portal to use the live identity service rather than a separate local 2FA store.

The docs image build is versioned with DOCS_VERSION=dev.
The current Docker workflow also moves the latest alias with that build.
Use emali2-docs/scripts/build-image.sh when you need the mike-based image workflow exercised end to end.

Store raw capture artifacts under output/playwright/.
This refresh used output/playwright/refresh-20260325/.
Copy only stable screenshots into docs/assets/images/user-guides/.
Re-run portal-specific capture when auth or route behavior changes, especially for customer loans and agent hierarchy flows.