Counterparty UI pages

[chris-okuda]

Scope of changes

This PR introduces the complete UI pages, Gin handlers, and routes for Counterparty management, mirroring the existing Account UI flow. Previously, the Counterparty UI lacked detail and edit pages, as well as interactive create and delete functionalities.

The solution implements:

• Full detail and edit pages for Counterparties, including form fields for LegalPerson IVMS data (legal name, country of registration, internal customer identifier, national identification, geographic address).
• Create and delete modals for Counterparties.
• A pkg/web/scene/counterparty.go adapter to flatten LegalPerson IVMS fields for template rendering.
• Frontend JavaScript to handle HTMX interactions for creation, updates, deletion, and dynamic list refreshing.
• Permission-protected routes for Counterparty pages.
• Counterparties are only able to be edited when they are user-created Sunrise entities.

Type of change

• new feature

Acceptance criteria

NOTE: this is in draft right now because it needs a good review and probably more work put into it; Cursor is pretty good overall but it kinda made a mess in here...

Create — modal (Add Counterparty)

• Protocol is fixed to Sunrise (dropdown disabled/read-only); no TRISA/TRP options
• Form has: Country, Legal Entity Name, Contact Name (optional), Contact Email (required), Website — no Endpoint or Common Name fields
• Submitting with valid data creates the counterparty and redirects to the edit page
• New counterparty has endpoint = mailto:{contact_email} and common_name from website host or contact email domain
• Submitting without contact email shows a validation error (422) in the create modal
• Submitting with invalid email format shows a validation error (422)
• Leaving contact name blank stores the Legal Entity Name as the contact name
• Invalid website with no valid email domain shows a validation error; valid email domain is used when website is invalid
• After a successful create, the modal form is cleared when closed/reopened

Create — API (POST /v1/counterparties)

• POST with protocol: "trisa" or "trp" returns 400 (only Sunrise can be created)
• POST with protocol: "sunrise" and no contact_email returns 422
• POST with protocol: "sunrise", valid contact_email, and optional contact_name/website returns 201; endpoint and common_name are derived by the server

Detail page

• Edit link/button is shown only for user-created Sunrise counterparties
• TRISA/TRP or non–user-created counterparties do not show an Edit link (or it does not lead to the edit page)

Edit page — access

• Opening /counterparties/{id}/edit for a user-created Sunrise counterparty loads the edit page with the form
• Opening /counterparties/{id}/edit for a TRISA/TRP or non–user-created counterparty redirects to the detail page (/counterparties/{id})

Edit page — save

• Saving changes on a user-created Sunrise counterparty succeeds (e.g. success message, no 403)
• PUT to /v1/counterparties/{id} for a non–user-created or non-Sunrise counterparty returns 403 Forbidden

List page

• "Add Counterparty" opens the create modal
• Delete works for counterparties that support it; errors (e.g. 403/404) are shown in page alerts

Author checklist

• I have manually tested the change and/or added automation in the form of unit tests or integration tests
• I have updated the dependencies list
• I have added new test fixtures as needed to support added tests
• I have added or updated the documentation
• Check this box if a reviewer can merge this pull request after approval (leave it unchecked if you want to do it yourself)

Reviewer(s) checklist

• Any new user-facing content that has been added for this PR has been QA'ed to ensure correct grammar, spelling, and understandability.
• To the best of my ability, I believe that this PR represents a good solution to the specified problem and that it should be merged into the main code base.

---

Note

Medium Risk
Adds and changes counterparty create/update/delete behavior (including derived endpoint/common_name and new edit restrictions), which can impact data integrity and user workflows, but is scoped to Counterparties and gated by protocol/source checks and permissions.

Overview
Adds full Counterparty management UI, including new detail and edit pages, plus create/delete modals and HTMX-driven interactions (list refresh, redirects, alerts).

Updates the Counterparty API/handlers to support a Sunrise-only create flow using contact_email/contact_name, deriving endpoint (mailto:) and common_name (from website host or email domain), and restricting updates to user-created Sunrise records; create/update/delete now return HTMX-friendly redirects/triggers and JSON responses.

Introduces a new scene.Counterparty adapter to flatten IVMS101 legal person data for templates, adds route-level permissions for counterparty pages, and expands tests around Sunrise validation and CommonNameFromWebsiteOrEmail.

^{Written by Cursor Bugbot for commit fa2569d. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[chris-okuda]

@cursor push 3b8030a

[chris-okuda]

Cursor bot keeps closing this for some reason, I just wanted to note that's why it was closed/opened a bunch

[chris-okuda]

A valuable exercise to see how agentic coding worked.