fix(frontend): unwrap ResponseSchema in service methods to prevent .map() errors

Multiple frontend services returned the full API ResponseSchema wrapper
({status, message, data}) instead of extracting the inner .data payload.
This caused TypeError: y.map is not a function when components tried to
iterate over what they expected to be arrays.

Fixed services: apiKey, ai, settings, parts, dynamic-supplier
Also fixed CredentialEditor.tsx build errors (added 'file' field_type,
fixed .split() on potential array type).

Added 29 regression tests for apiKey.service.ts to catch this pattern.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: ril3y

MakerMatrix/frontend/src/__tests__/services/apiKey.service.test.ts

@@ -6,7 +6,7 @@
  */
 
 import React, { useState, useEffect, useMemo, useRef } from 'react'
-import { Eye, EyeOff, TestTube, Save, HelpCircle, CheckCircle, XCircle } from 'lucide-react'
+import { Eye, EyeOff, TestTube, Save, HelpCircle, CheckCircle, XCircle, Upload } from 'lucide-react'
 import { useFormWithValidation } from '@/hooks/useFormWithValidation'
 import {
   createCredentialFormSchema,
@@ -76,9 +76,13 @@ export const CredentialEditor: React.FC<CredentialEditorProps> = ({
     },
   })
 
-  // Initialize credentials when schema changes or credential status loads
+  // Track if initialization has already happened
+  const initializedRef = useRef(false)
+
+  // Initialize credentials when schema changes or credential status loads (only once)
   useEffect(() => {
     if (credentialSchema.length === 0) return
+    if (initializedRef.current) return // Don't re-initialize
 
     const initializeCredentials = async () => {
       const credentials: CredentialFormData = {}
@@ -121,6 +125,8 @@ export const CredentialEditor: React.FC<CredentialEditorProps> = ({
       Object.entries(credentials).forEach(([key, value]) => {
         form.setValue(key as keyof CredentialFormData, value)
       })
+
+      initializedRef.current = true
     }
 
     initializeCredentials()
@@ -280,6 +286,7 @@ export const CredentialEditor: React.FC<CredentialEditorProps> = ({
       <div className="space-y-3">
         {credentialSchema.map((field) => {
           const isPassword = field.field_type === 'password'
+          const isFile = field.field_type === 'file'
           const currentValue = form.watch(field.name) || ''
           const isConfigured = credentialStatus?.configured_fields?.includes(field.name) || false
           const shouldShow = showValues[field.name]
@@ -323,25 +330,83 @@ export const CredentialEditor: React.FC<CredentialEditorProps> = ({
               </div>
 
               <div className="relative">
-                <FormInput
-                  label={field.label}
-                  type={shouldShow ? 'text' : 'password'}
-                  placeholder={field.placeholder || `Enter ${field.label.toLowerCase()}`}
-                  registration={form.register(field.name)}
-                  error={form.getFieldError(field.name)}
-                  disabled={loading}
-                  className="pr-10"
-                />
-
-                {(isPassword || hasValue) && (
-                  <button
-                    type="button"
-                    onClick={() => toggleShowValue(field.name)}
-                    className="absolute inset-y-0 right-0 pr-3 flex items-center text-gray-400 hover:text-gray-600 dark:hover:text-gray-300 z-10"
-                    title="Toggle visibility"
-                  >
-                    {shouldShow ? <EyeOff className="w-4 h-4" /> : <Eye className="w-4 h-4" />}
-                  </button>
+                {/* File upload field */}
+                {isFile ? (
+                  <div className="flex items-center space-x-2">
+                    <label className="cursor-pointer inline-flex items-center px-4 py-2 border border-gray-300 dark:border-gray-600 text-sm font-medium rounded-md text-gray-700 dark:text-gray-200 bg-white dark:bg-gray-700 hover:bg-gray-50 dark:hover:bg-gray-600">
+                      <Upload className="w-4 h-4 mr-2" />
+                      Upload File
+                      <input
+                        type="file"
+                        className="hidden"
+                        accept=".pfx,.p12,.pem,.crt,.key"
+                        onChange={async (e) => {
+                          if (e.target.files && e.target.files[0]) {
+                            const file = e.target.files[0]
+                            try {
+                              // Upload the file to the backend
+                              const formData = new FormData()
+                              formData.append('file', file)
+                              const response = await fetch(
+                                `/api/suppliers/${supplierName.toLowerCase()}/file-upload`,
+                                {
+                                  method: 'POST',
+                                  headers: {
+                                    Authorization: `Bearer ${localStorage.getItem('auth_token')}`,
+                                  },
+                                  body: formData,
+                                }
+                              )
+                              if (response.ok) {
+                                const data = await response.json()
+                                const filePath = data.data?.file_path || data.file_path
+                                form.setValue(field.name as keyof CredentialFormData, filePath)
+                                toast.success(`File "${file.name}" uploaded successfully`)
+                              } else {
+                                toast.error('Failed to upload file')
+                              }
+                            } catch (error) {
+                              console.error('File upload error:', error)
+                              toast.error('Failed to upload file')
+                            }
+                          }
+                        }}
+                        disabled={loading}
+                      />
+                    </label>
+                    {hasValue && (
+                      <div className="flex items-center text-green-600 dark:text-green-400">
+                        <CheckCircle className="w-4 h-4 mr-1" />
+                        <span className="text-sm">
+                          {String(currentValue).split('/').pop() || String(currentValue).split('\\').pop() || 'Uploaded'}
+                        </span>
+                      </div>
+                    )}
+                  </div>
+                ) : (
+                  /* Text/Password fields */
+                  <>
+                    <FormInput
+                      label={field.label}
+                      type={shouldShow ? 'text' : 'password'}
+                      placeholder={field.placeholder || `Enter ${field.label.toLowerCase()}`}
+                      registration={form.register(field.name)}
+                      error={form.getFieldError(field.name)}
+                      disabled={loading}
+                      className="pr-10"
+                    />
+
+                    {(isPassword || hasValue) && (
+                      <button
+                        type="button"
+                        onClick={() => toggleShowValue(field.name)}
+                        className="absolute inset-y-0 right-0 pr-3 flex items-center text-gray-400 hover:text-gray-600 dark:hover:text-gray-300 z-10"
+                        title="Toggle visibility"
+                      >
+                        {shouldShow ? <EyeOff className="w-4 h-4" /> : <Eye className="w-4 h-4" />}
+                      </button>
+                    )}
+                  </>
                 )}
               </div>
             </div>

MakerMatrix/frontend/src/components/suppliers/CredentialEditor.tsx

@@ -4,7 +4,7 @@ import { z } from 'zod'
 export const credentialFieldSchema = z.object({
   name: z.string().min(1, 'Field name is required'),
   label: z.string().min(1, 'Field label is required'),
-  field_type: z.enum(['text', 'password', 'url', 'email']),
+  field_type: z.enum(['text', 'password', 'url', 'email', 'file']),
   required: z.boolean(),
   description: z.string().optional(),
   placeholder: z.string().optional(),

MakerMatrix/frontend/src/schemas/credentials.ts

@@ -1,4 +1,4 @@
-import { apiClient } from './api'
+import { apiClient, type ApiResponse } from './api'
 
 export interface AICommandResponse {
   action?: 'search-parts' | 'navigate' | 'query' | 'update'
@@ -26,11 +26,14 @@ class AIService {
     context?: Record<string, unknown>
   ): Promise<AICommandResponse> {
     try {
-      const response = await apiClient.post<AICommandResponse>('/api/ai/process-command', {
-        command,
-        context,
-      })
-      return response.data
+      const response = await apiClient.post<ApiResponse<AICommandResponse>>(
+        '/api/ai/process-command',
+        {
+          command,
+          context,
+        }
+      )
+      return response.data as AICommandResponse
     } catch (error) {
       console.error('AI service error:', error)
       // Fallback to local processing if API fails
@@ -91,17 +94,20 @@ class AIService {
   }
 
   async generateLabel(partId: number): Promise<{ label_data: string }> {
-    const response = await apiClient.post<{ label_data: string }>(
+    const response = await apiClient.post<ApiResponse<{ label_data: string }>>(
       `/api/ai/generate-label/${partId}`
     )
-    return response
+    return response.data as { label_data: string }
   }
 
   async suggestCategories(partName: string): Promise<string[]> {
-    const response = await apiClient.post<{ categories: string[] }>('/api/ai/suggest-categories', {
-      part_name: partName,
-    })
-    return response.categories
+    const response = await apiClient.post<ApiResponse<{ categories: string[] }>>(
+      '/api/ai/suggest-categories',
+      {
+        part_name: partName,
+      }
+    )
+    return response.data?.categories || []
   }
 }
 

MakerMatrix/frontend/src/services/ai.service.ts

@@ -1,4 +1,4 @@
-import { apiClient } from './api'
+import { apiClient, type ApiResponse } from './api'
 
 export interface APIKeyCreate {
   name: string
@@ -42,41 +42,41 @@ class APIKeyService {
    * Get all API keys for the current user
    */
   async getUserApiKeys(): Promise<APIKey[]> {
-    const response = await apiClient.get<APIKey[]>('/api/api-keys/')
-    return response || []
+    const response = await apiClient.get<ApiResponse<APIKey[]>>('/api/api-keys/')
+    return response.data || []
   }
 
   /**
    * Create a new API key
    * Returns the key with plaintext api_key - only shown once!
    */
   async createApiKey(keyData: APIKeyCreate): Promise<APIKeyWithKey> {
-    const response = await apiClient.post<APIKeyWithKey>('/api/api-keys/', keyData)
-    return response
+    const response = await apiClient.post<ApiResponse<APIKeyWithKey>>('/api/api-keys/', keyData)
+    return response.data as APIKeyWithKey
   }
 
   /**
    * Get a specific API key by ID
    */
   async getApiKey(keyId: string): Promise<APIKey> {
-    const response = await apiClient.get<APIKey>(`/api/api-keys/${keyId}`)
-    return response
+    const response = await apiClient.get<ApiResponse<APIKey>>(`/api/api-keys/${keyId}`)
+    return response.data as APIKey
   }
 
   /**
    * Update an API key
    */
   async updateApiKey(keyId: string, updates: Partial<APIKeyCreate>): Promise<APIKey> {
-    const response = await apiClient.put<APIKey>(`/api/api-keys/${keyId}`, updates)
-    return response
+    const response = await apiClient.put<ApiResponse<APIKey>>(`/api/api-keys/${keyId}`, updates)
+    return response.data as APIKey
   }
 
   /**
    * Revoke (deactivate) an API key
    */
   async revokeApiKey(keyId: string): Promise<APIKey> {
-    const response = await apiClient.post<APIKey>(`/api/api-keys/${keyId}/revoke`)
-    return response
+    const response = await apiClient.post<ApiResponse<APIKey>>(`/api/api-keys/${keyId}/revoke`)
+    return response.data as APIKey
   }
 
   /**
@@ -90,19 +90,19 @@ class APIKeyService {
    * Get all API keys in the system (admin only)
    */
   async getAllApiKeys(): Promise<APIKey[]> {
-    const response = await apiClient.get<APIKey[]>('/api/api-keys/admin/all')
-    return response || []
+    const response = await apiClient.get<ApiResponse<APIKey[]>>('/api/api-keys/admin/all')
+    return response.data || []
   }
 
   /**
    * Get all available permissions in the system
    * Dynamically fetched from backend based on role definitions
    */
   async getAvailablePermissions(): Promise<AvailablePermission[]> {
-    const response = await apiClient.get<AvailablePermission[]>(
+    const response = await apiClient.get<ApiResponse<AvailablePermission[]>>(
       '/api/api-keys/permissions/available'
     )
-    return response || []
+    return response.data || []
   }
 }