✨ app: add card limit kyc flow

[aguxez]

---

This is part 2 of 2 in a stack made with GitButler:

•  2  ✨ app: add card limit kyc flow #903 👈
•  1  ✨ server: add card limit update handler #898

Summary by CodeRabbit

• New Features

  • Persona-based verification flow to request card spending limit increases; action now closes the dialog immediately and starts the verification flow.

• Improvements

  • Unified, cross-platform verification flow with consistent success/cancel/error signals.
  • User-facing notifications added: distinct messages for pending review, verification errors, and other failures.
  • Server accepts a card-limit verification scope so the flow can be initiated from the app.

---

[changeset-bot]

⚠️ No Changeset found

Latest commit: df0d24e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Replaces the Intercom message flow with an immediate modal close and a card-limit scoped Persona KYC initiation; generalizes Persona inquiry state to use a scope discriminator and adds a new cardLimit KYC entrypoint; expands server token API to accept "cardLimit" scope.

Changes

Cohort / File(s)	Summary
Spending limits UI src/components/card/SpendingLimits.tsx	Button handler now calls onClose() then starts startCardLimitKYC() instead of sending an Intercom message; KYC results show conditional toasts for status === "error" and for rejected APIError with "already approved"/"pending"; rejections still call reportError(error).
Persona utilities src/utils/persona.ts	Replaced type with scope discriminator and introduced InquiryResult; added startScopedInquiry(scope, ...) helper; refactored startMantecaKYC to use scoped flow; added exported startCardLimitKYC(): Promise<InquiryResult>; unified web/native branches to consistently return InquiryResult; resume logic now checks current.scope.
Server KYC token endpoint src/utils/server.ts	Expanded getKYCTokens scope union to include \"cardLimit\" (`"basic"

Sequence Diagram

sequenceDiagram
    participant User as User
    participant UI as SpendingLimits UI
    participant Server as KYC Token Server
    participant Persona as Persona Service

    User->>UI: Click "Increase spending limit"
    UI->>UI: onClose()
    UI->>Server: request getKYCTokens("cardLimit")
    Server-->>UI: return { inquiryId, sessionToken }
    UI->>Persona: startCardLimitKYC(inquiryId, sessionToken)
    Persona->>Persona: initialize cardLimit inquiry
    Persona-->>UI: InquiryResult (complete / cancel / error)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• ✨ implement persona web sdk #683 — Modifies src/utils/persona.ts KYC startup flows and in-flight inquiry handling; closely related to the scoped inquiry refactor.
• ♻️ app: use new kyc flow #653 — Related Persona/KYC flow changes and adjustments to token acquisition; touches similar modules.
• 🚸 app: handle invalid id flow #769 — Overlaps on in-flight KYC state and token/session behavior in src/utils/persona.ts.

Suggested reviewers

• dieguezguille
• cruzdanilo
• franm91

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'add card limit kyc flow' accurately describes the main purpose of the pull request, which introduces a new card limit KYC (Know Your Customer) flow as evidenced by the changes across SpendingLimits.tsx, persona.ts, and server.ts.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch card-limit

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a new user flow for increasing card spending limits by integrating with the Persona identity verification service. It generalizes the existing Persona integration to support multiple types of KYC inquiries, making the system more flexible and scalable for future identity verification needs. The change provides a direct, automated path for users to request higher limits.

Highlights

• New Card Limit KYC Flow: Introduced a new Know Your Customer (KYC) flow specifically for increasing card spending limits, integrating with the Persona identity verification platform.
• Persona Integration Refactoring: Refactored the Persona KYC initiation logic to be more generic, allowing different types of inquiries (e.g., 'manteca' and 'cardLimit') to share common code.
• UI Integration: The 'Increase spending limit' button in the SpendingLimits component now triggers the new cardLimit Persona KYC flow instead of sending an Intercom message.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sentry]

✅ All tests passed.

[coderabbitai]

♻️ Duplicate comments (1)

src/components/card/SpendingLimits.tsx (1)

47-50: ⚠️ Potential issue | 🟠 Major

Handle non-success outcomes from startCardLimitKYC().

The handler only logs errors via .catch(reportError) but doesn't surface resolved non-success statuses ("error", "cancel") or backend rejection codes ("already approved", "pending", "failed") to the user. When the backend rejects because the inquiry is already approved or pending, the button appears broken with no feedback.

Consider branching on the result status and displaying appropriate toasts or modals:

🛠️ Suggested approach

 <Button
   onPress={() => {
-    startCardLimitKYC().catch(reportError);
+    startCardLimitKYC()
+      .then((result) => {
+        if (result.status === "complete") {
+          // optionally show success feedback or close modal
+          onClose();
+        }
+        // "cancel" can be silent - user intentionally dismissed
+      })
+      .catch((error) => {
+        // surface API errors like "already approved", "pending"
+        toast.show(t("Unable to increase spending limit"), { native: true });
+        reportError(error);
+      });
   }}
   primary
 >

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: e9a0dfa3-5166-45d6-89ec-250e0cecdb5a

📥 Commits

Reviewing files that changed from the base of the PR and between f935605 and 4d9d901.

📒 Files selected for processing (3)

• src/components/card/SpendingLimits.tsx
• src/utils/persona.ts
• src/utils/server.ts

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/utils/persona.ts (1)

170-175: ⚠️ Potential issue | 🟠 Major

Defer or poll the cache refresh until the webhook confirms the card limit update.

The cardLimit write happens asynchronously in the Persona webhook (server/hooks/persona.ts:271), not in the request path. When onComplete invalidates ["card", "details"] immediately (lines 170-175 web, 210-213 native), a refetch can race the webhook write and cache the old limit. Because the promise resolves right after scheduling the invalidate, there is no second refresh to pick up the new limit once the webhook completes.

Either wait for a webhook acknowledgment before invalidating, or implement polling to ensure the new limit is fetched after the backend update lands.

♻️ Duplicate comments (1)

src/components/card/SpendingLimits.tsx (1)

47-50: ⚠️ Potential issue | 🟠 Major

Still unresolved: handle startCardLimitKYC() outcomes in the button handler.

startCardLimitKYC() now fulfills with { status: "cancel" | "complete" | "error" } for SDK outcomes and only rejects preflight/API failures. This handler still only logs rejections, so pending/already approved/Persona error paths can leave the CTA looking inert and skip any explicit UX or refetch handling. Await the promise here and branch on both the resolved status and the caught API codes.

example

-                <Button
-                  onPress={() => {
-                    startCardLimitKYC().catch(reportError);
-                  }}
+                <Button
+                  onPress={async () => {
+                    try {
+                      const result = await startCardLimitKYC();
+                      if (result.status === "error") {
+                        // show toast / inline state
+                      }
+                    } catch (error) {
+                      reportError(error);
+                      // map pending/already approved to ux + refresh path
+                    }
+                  }}
                   primary
                 >

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: ebe6e209-809b-438e-833c-d8347e0478e5

📥 Commits

Reviewing files that changed from the base of the PR and between 4d9d901 and bdcdb4a.

📒 Files selected for processing (3)

• src/components/card/SpendingLimits.tsx
• src/utils/persona.ts
• src/utils/server.ts

[coderabbitai]

♻️ Duplicate comments (1)

src/components/card/SpendingLimits.tsx (1)

48-50: ⚠️ Potential issue | 🟠 Major

Handle the resolved startCardLimitKYC() statuses here.

src/utils/persona.ts:startCardLimitKYC() now resolves { status: "cancel" | "complete" | "error" } for Persona-side outcomes, so this fire-and-forget call silently drops the "error" path after onClose() has already dismissed the sheet. Please await the result and branch on status instead of relying only on .catch(reportError).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 123d3047-b3d3-489f-bf9d-592d77170f68

📥 Commits

Reviewing files that changed from the base of the PR and between bdcdb4a and 74535e3.

📒 Files selected for processing (3)

• src/components/card/SpendingLimits.tsx
• src/utils/persona.ts
• src/utils/server.ts

[devin-ai-integration]

Devin Review found 1 new potential issue.

View 3 additional findings in Devin Review.