feat: wire Tufts SCO to DentaQuest portal and fix insurance credential dropdown

- Add /dentaquest-eligibility endpoint in Python agent (Tufts SCO uses providers.dentaquest.com)
- Add backend route, processor, and service client for Tufts SCO (separate from UnitedSCO/DentalHub)
- Fix Tufts SCO button to post to new tuftssco route instead of unitedsco
- Fix credential field names: dentaquestUsername/Password (was tuftsscoUsername/Password)
- Fix socket event: listen for selenium:dentaquest_session_started (was unitedsco)
- Fix error visibility: keep session alive 30s on error so backend reads real message
- Replace free-text Site Key field with dropdown to prevent key mismatches

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

apps/Backend/src/queue/jobRunner.ts

@@ -14,6 +14,7 @@ import { runOcrProcessor } from "./processors/ocrProcessor";
 import { runDdmaEligibilityProcessor } from "./processors/ddmaEligibilityProcessor";
 import { runDeltaInsEligibilityProcessor } from "./processors/deltaInsEligibilityProcessor";
 import { runUnitedSCOEligibilityProcessor } from "./processors/unitedSCOEligibilityProcessor";
+import { runDentaQuestEligibilityProcessor } from "./processors/dentaQuestEligibilityProcessor";
 import { runCCAEligibilityProcessor } from "./processors/ccaEligibilityProcessor";
 import type { SeleniumJobData, OcrJobData } from "./queues";
 
@@ -114,6 +115,20 @@ export function enqueueSeleniumJob(data: SeleniumJobData): string {
         job.id
       );
     }
+    if (jobType === "tuftssco-eligibility-check") {
+      return runDentaQuestEligibilityProcessor(
+        {
+          enrichedPayload: data.enrichedPayload,
+          userId: data.userId,
+          insuranceId: data.insuranceId!,
+          formFirstName: data.formFirstName,
+          formLastName: data.formLastName,
+          formDob: data.formDob,
+          socketId: data.socketId,
+        },
+        job.id
+      );
+    }
     if (jobType === "cca-eligibility-check") {
       return runCCAEligibilityProcessor(
         {

apps/Backend/src/queue/processors/dentaQuestEligibilityProcessor.ts

@@ -0,0 +1,304 @@
+import fs from "fs/promises";
+import fsSync from "fs";
+import path from "path";
+import { storage } from "../../storage";
+import { emptyFolderContainingFile } from "../../utils/emptyTempFolder";
+import {
+  forwardToSeleniumDentaQuestEligibilityAgent,
+  getSeleniumDentaQuestSessionStatus,
+} from "../../services/seleniumDentaQuestEligibilityClient";
+import { splitName, createOrUpdatePatientByInsuranceId, imageToPdfBuffer } from "./_shared";
+import { io } from "../../socket";
+
+function now() {
+  return new Date().toISOString();
+}
+
+function log(tag: string, msg: string, ctx?: any) {
+  console.log(`${now()} [${tag}] ${msg}`, ctx ?? "");
+}
+
+function emitToSocket(socketId: string | undefined, event: string, payload: any) {
+  if (!socketId || !io) return;
+  try {
+    const socket = io.sockets.sockets.get(socketId);
+    if (socket) {
+      socket.emit(event, payload);
+      log("dentaquest-processor", `emitted ${event}`, { socketId });
+    }
+  } catch (err: any) {
+    log("dentaquest-processor", `emit failed for ${event}`, { err: err?.message });
+  }
+}
+
+export interface DentaQuestEligibilityProcessorInput {
+  enrichedPayload: any;
+  userId: number;
+  insuranceId: string;
+  formFirstName?: string;
+  formLastName?: string;
+  formDob?: string;
+  socketId?: string;
+}
+
+export interface DentaQuestEligibilityProcessorResult {
+  patientUpdateStatus?: string;
+  pdfUploadStatus?: string;
+  pdfFileId?: number | null;
+  pdfFilename?: string | null;
+}
+
+async function processDentaQuestResult(
+  userId: number,
+  insuranceId: string,
+  formFirstName: string | undefined,
+  formLastName: string | undefined,
+  formDob: string | undefined,
+  seleniumResult: any
+): Promise<DentaQuestEligibilityProcessorResult> {
+  const output: DentaQuestEligibilityProcessorResult = {};
+  let createdPdfFileId: number | null = null;
+
+  try {
+    const rawName =
+      typeof seleniumResult?.patientName === "string"
+        ? seleniumResult.patientName.trim()
+        : null;
+
+    const { firstName, lastName } = rawName
+      ? splitName(rawName)
+      : { firstName: formFirstName ?? "", lastName: formLastName ?? "" };
+
+    await createOrUpdatePatientByInsuranceId({
+      insuranceId,
+      firstName,
+      lastName,
+      dob: formDob,
+      userId,
+    });
+
+    const patient = await storage.getPatientByInsuranceId(insuranceId);
+    if (!patient?.id) {
+      output.patientUpdateStatus = "Patient not found; no update performed";
+      return output;
+    }
+
+    const eligStatus = (seleniumResult?.eligibility ?? "").toLowerCase();
+    const newStatus = eligStatus === "active" || eligStatus === "y" ? "ACTIVE" : "INACTIVE";
+
+    await storage.updatePatient(patient.id, {
+      status: newStatus,
+      insuranceProvider: "Tufts SCO",
+    });
+    output.patientUpdateStatus = `Patient status updated to ${newStatus}`;
+
+    let pdfBuffer: Buffer | null = null;
+    let pdfFilename: string | null = null;
+
+    const pdfPath: string | null =
+      seleniumResult?.pdf_path ?? seleniumResult?.ss_path ?? null;
+
+    if (pdfPath && fsSync.existsSync(pdfPath)) {
+      if (pdfPath.endsWith(".pdf")) {
+        try {
+          pdfBuffer = await fs.readFile(pdfPath);
+          pdfFilename = path.basename(pdfPath);
+          log("dentaquest-processor", "read PDF directly", { pdfPath });
+        } catch (e: any) {
+          output.pdfUploadStatus = `Failed to read PDF: ${e.message}`;
+        }
+      } else if (
+        pdfPath.endsWith(".png") ||
+        pdfPath.endsWith(".jpg") ||
+        pdfPath.endsWith(".jpeg")
+      ) {
+        try {
+          pdfBuffer = await imageToPdfBuffer(pdfPath);
+          pdfFilename = `dentaquest_eligibility_${insuranceId}_${Date.now()}.pdf`;
+          log("dentaquest-processor", "converted screenshot to PDF", { pdfPath });
+        } catch (e: any) {
+          output.pdfUploadStatus = `Failed to convert screenshot to PDF: ${e.message}`;
+        }
+      }
+    } else {
+      output.pdfUploadStatus = "No valid file path from Selenium; nothing uploaded.";
+    }
+
+    if (pdfBuffer && pdfFilename) {
+      const groupTitleKey = "ELIGIBILITY_STATUS";
+      const groupTitle = "Eligibility Status";
+
+      let group = await storage.findPdfGroupByPatientTitleKey(patient.id, groupTitleKey);
+      if (!group) group = await storage.createPdfGroup(patient.id, groupTitle, groupTitleKey);
+      if (!group?.id) throw new Error("PDF group creation failed");
+
+      const created = await storage.createPdfFile(group.id, pdfFilename, pdfBuffer);
+      if (created && typeof created === "object" && "id" in created) {
+        createdPdfFileId = Number(created.id);
+      }
+      output.pdfUploadStatus = `PDF saved to group: ${group.title}`;
+      output.pdfFilename = pdfFilename;
+    }
+
+    output.pdfFileId = createdPdfFileId;
+    return output;
+  } catch (err: any) {
+    return {
+      ...output,
+      pdfUploadStatus:
+        output.pdfUploadStatus ?? `Processing failed: ${err?.message ?? String(err)}`,
+      pdfFileId: createdPdfFileId,
+    };
+  } finally {
+    const cleanupPath = seleniumResult?.pdf_path ?? seleniumResult?.ss_path ?? null;
+    if (cleanupPath) {
+      try {
+        await emptyFolderContainingFile(cleanupPath);
+      } catch (e) {
+        log("dentaquest-processor", "cleanup failed", { cleanupPath });
+      }
+    }
+  }
+}
+
+async function pollUntilDone(
+  sessionId: string,
+  socketId: string | undefined,
+  jobId: string,
+  pollTimeoutMs = 5 * 60 * 1000
+): Promise<any> {
+  const maxAttempts = 600;
+  const pollIntervalMs = 500;
+  const maxTransientErrors = 12;
+  const noProgressLimit = 120;
+
+  let transientErrors = 0;
+  let consecutiveNoProgress = 0;
+  let lastStatus: string | null = null;
+  const deadline = Date.now() + pollTimeoutMs;
+
+  for (let attempt = 0; attempt < maxAttempts; attempt++) {
+    if (Date.now() > deadline) {
+      throw new Error(
+        `DentaQuest polling timeout (${Math.round(pollTimeoutMs / 1000)}s) for session ${sessionId}`
+      );
+    }
+
+    try {
+      const st = await getSeleniumDentaQuestSessionStatus(sessionId);
+      const status: string = st?.status ?? "unknown";
+
+      log("dentaquest-processor", `poll attempt=${attempt}`, { sessionId, status });
+
+      transientErrors = 0;
+
+      const isTerminal =
+        status === "completed" || status === "error" || status === "not_found";
+      if (status === lastStatus && !isTerminal) {
+        consecutiveNoProgress++;
+      } else {
+        consecutiveNoProgress = 0;
+      }
+      lastStatus = status;
+
+      if (consecutiveNoProgress >= noProgressLimit) {
+        throw new Error(
+          `No progress from Python agent (status="${status}") after ${consecutiveNoProgress} polls`
+        );
+      }
+
+      if (status === "waiting_for_otp") {
+        emitToSocket(socketId, "selenium:otp_required", {
+          session_id: sessionId,
+          jobId,
+          message: "OTP required. Please enter the verification code.",
+        });
+        await new Promise((r) => setTimeout(r, pollIntervalMs));
+        continue;
+      }
+
+      if (status === "completed") {
+        log("dentaquest-processor", "session completed", { sessionId });
+        return st.result;
+      }
+
+      if (status === "error" || status === "not_found") {
+        throw new Error(st?.message || `DentaQuest session ended with status: ${status}`);
+      }
+
+      await new Promise((r) => setTimeout(r, pollIntervalMs));
+    } catch (err: any) {
+      const isTerminal =
+        err?.response?.status === 404 ||
+        (typeof err?.message === "string" &&
+          (err.message.includes("not_found") ||
+            err.message.includes("polling timeout") ||
+            err.message.includes("No progress")));
+
+      if (isTerminal) throw err;
+
+      transientErrors++;
+      if (transientErrors > maxTransientErrors) {
+        throw new Error(
+          `Too many transient network errors polling DentaQuest session ${sessionId}`
+        );
+      }
+      const backoff = Math.min(30_000, 500 * Math.pow(2, transientErrors - 1));
+      log("dentaquest-processor", `transient error #${transientErrors}, backoff ${backoff}ms`, {
+        err: err?.message,
+      });
+      await new Promise((r) => setTimeout(r, backoff));
+    }
+  }
+
+  throw new Error(`DentaQuest polling exhausted all attempts for session ${sessionId}`);
+}
+
+export async function runDentaQuestEligibilityProcessor(
+  input: DentaQuestEligibilityProcessorInput,
+  jobId: string
+): Promise<DentaQuestEligibilityProcessorResult> {
+  const {
+    enrichedPayload,
+    userId,
+    insuranceId,
+    formFirstName,
+    formLastName,
+    formDob,
+    socketId,
+  } = input;
+
+  log("dentaquest-processor", "starting Python agent session", { insuranceId });
+  const agentResp = await forwardToSeleniumDentaQuestEligibilityAgent(enrichedPayload);
+
+  if (!agentResp?.session_id) {
+    throw new Error("Python agent did not return a session_id for DentaQuest eligibility");
+  }
+
+  const sessionId = agentResp.session_id as string;
+  log("dentaquest-processor", "got session_id", { sessionId });
+
+  emitToSocket(socketId, "selenium:dentaquest_session_started", {
+    session_id: sessionId,
+    jobId,
+  });
+
+  const seleniumResult = await pollUntilDone(sessionId, socketId, jobId);
+
+  if (!seleniumResult || seleniumResult.status === "error") {
+    throw new Error(seleniumResult?.message ?? "DentaQuest session returned an error result");
+  }
+
+  log("dentaquest-processor", "processing DB result", { insuranceId });
+  const result = await processDentaQuestResult(
+    userId,
+    insuranceId,
+    formFirstName,
+    formLastName,
+    formDob,
+    seleniumResult
+  );
+
+  log("dentaquest-processor", "done", { result });
+  return result;
+}

apps/Backend/src/routes/index.ts

@@ -14,6 +14,7 @@ import insuranceStatusRoutes from "./insuranceStatus";
 import insuranceStatusDdmaRoutes from "./insuranceStatusDDMA";
 import insuranceStatusDeltaInsRoutes from "./insuranceStatusDeltaIns";
 import insuranceStatusUnitedSCORoutes from "./insuranceStatusUnitedSCO";
+import insuranceStatusTuftsSCORoutes from "./insuranceStatusTuftsSCO";
 import insuranceStatusCCARoutes from "./insuranceStatusCCA";
 import paymentsRoutes from "./payments";
 import databaseManagementRoutes from "./database-management";
@@ -41,6 +42,7 @@ router.use("/insurance-status", insuranceStatusRoutes);
 router.use("/insurance-status-ddma", insuranceStatusDdmaRoutes);
 router.use("/insurance-status-deltains", insuranceStatusDeltaInsRoutes);
 router.use("/insurance-status-unitedsco", insuranceStatusUnitedSCORoutes);
+router.use("/insurance-status-tuftssco", insuranceStatusTuftsSCORoutes);
 router.use("/insurance-status-cca", insuranceStatusCCARoutes);
 router.use("/payments", paymentsRoutes);
 router.use("/database-management", databaseManagementRoutes);

apps/Backend/src/routes/insuranceStatusTuftsSCO.ts

@@ -0,0 +1,108 @@
+import { Router, Request, Response } from "express";
+import { storage } from "../storage";
+import { forwardOtpToSeleniumDentaQuestAgent } from "../services/seleniumDentaQuestEligibilityClient";
+import { io } from "../socket";
+import { enqueueSeleniumJob } from "../queue/jobRunner";
+
+const router = Router();
+
+function log(tag: string, msg: string, ctx?: any) {
+  console.log(`${new Date().toISOString()} [${tag}] ${msg}`, ctx ?? "");
+}
+
+function emitSafe(socketId: string | undefined, event: string, payload: any) {
+  if (!socketId || !io) return;
+  try {
+    const socket = io.sockets.sockets.get(socketId);
+    if (socket) socket.emit(event, payload);
+  } catch (err: any) {
+    log("socket", "emit failed", { socketId, event, err: err?.message });
+  }
+}
+
+router.post(
+  "/tuftssco-eligibility",
+  async (req: Request, res: Response): Promise<any> => {
+    if (!req.body.data) {
+      return res.status(400).json({ error: "Missing eligibility data for selenium" });
+    }
+    if (!req.user?.id) {
+      return res.status(401).json({ error: "Unauthorized: user info missing" });
+    }
+
+    try {
+      const rawData =
+        typeof req.body.data === "string" ? JSON.parse(req.body.data) : req.body.data;
+
+      const credentials = await storage.getInsuranceCredentialByUserAndSiteKey(
+        req.user.id,
+        rawData.insuranceSiteKey
+      );
+      if (!credentials) {
+        return res.status(404).json({
+          error: "No credentials found for Tufts SCO. Please add them on the Settings page.",
+        });
+      }
+
+      const enrichedData = {
+        ...rawData,
+        dentaquestUsername: credentials.username,
+        dentaquestPassword: credentials.password,
+      };
+
+      const socketId: string | undefined = req.body.socketId;
+
+      const jobId = enqueueSeleniumJob({
+        jobType: "tuftssco-eligibility-check",
+        userId: req.user.id,
+        socketId,
+        enrichedPayload: enrichedData,
+        insuranceId: String(rawData.memberId ?? "").trim(),
+        formFirstName: rawData.firstName,
+        formLastName: rawData.lastName,
+        formDob: rawData.dateOfBirth,
+      });
+
+      log("tuftssco-route", "job enqueued", { jobId, insuranceId: rawData.memberId });
+
+      return res.json({ status: "queued", jobId });
+    } catch (err: any) {
+      console.error("[tuftssco-route] enqueue failed:", err);
+      return res.status(500).json({
+        error: err.message || "Failed to enqueue Tufts SCO selenium job",
+      });
+    }
+  }
+);
+
+router.post(
+  "/selenium/submit-otp",
+  async (req: Request, res: Response): Promise<any> => {
+    const { session_id: sessionId, otp, socketId } = req.body;
+    if (!sessionId || !otp) {
+      return res.status(400).json({ error: "session_id and otp are required" });
+    }
+
+    try {
+      const r = await forwardOtpToSeleniumDentaQuestAgent(sessionId, otp);
+
+      emitSafe(socketId, "selenium:otp_submitted", {
+        session_id: sessionId,
+        result: r,
+      });
+
+      return res.json(r);
+    } catch (err: any) {
+      console.error(
+        "[tuftssco-route] submit-otp failed:",
+        err?.response?.data || err?.message || err
+      );
+      return res.status(500).json({
+        error: "Failed to forward OTP to selenium agent",
+        detail: err?.message || err,
+      });
+    }
+  }
+);
+
+export default router;

apps/Backend/src/services/seleniumDentaQuestEligibilityClient.ts

@@ -0,0 +1,72 @@
+import axios from "axios";
+import http from "http";
+import https from "https";
+import dotenv from "dotenv";
+dotenv.config();
+
+const SELENIUM_AGENT_BASE = process.env.SELENIUM_AGENT_BASE_URL;
+
+const httpAgent = new http.Agent({ keepAlive: true, keepAliveMsecs: 60_000 });
+const httpsAgent = new https.Agent({ keepAlive: true, keepAliveMsecs: 60_000 });
+
+const client = axios.create({
+  baseURL: SELENIUM_AGENT_BASE,
+  timeout: 5 * 60 * 1000,
+  httpAgent,
+  httpsAgent,
+  validateStatus: (s) => s >= 200 && s < 600,
+});
+
+async function requestWithRetries(config: any, retries = 4, baseBackoffMs = 300) {
+  for (let attempt = 1; attempt <= retries; attempt++) {
+    try {
+      const r = await client.request(config);
+      if (![502, 503, 504].includes(r.status)) return r;
+      console.warn(`[dentaquest-client] retryable HTTP status ${r.status} (attempt ${attempt})`);
+    } catch (err: any) {
+      const code = err?.code;
+      const isTransient =
+        code === "ECONNRESET" || code === "ECONNREFUSED" || code === "EPIPE" || code === "ETIMEDOUT";
+      if (!isTransient) throw err;
+      console.warn(`[dentaquest-client] transient network error ${code} (attempt ${attempt})`);
+    }
+    await new Promise((r) => setTimeout(r, baseBackoffMs * attempt));
+  }
+  return client.request(config);
+}
+
+function log(tag: string, msg: string, ctx?: any) {
+  console.log(`${new Date().toISOString()} [${tag}] ${msg}`, ctx ?? "");
+}
+
+export async function forwardToSeleniumDentaQuestEligibilityAgent(data: any): Promise<any> {
+  const payload = { data };
+  const url = `/dentaquest-eligibility`;
+  log("dentaquest-client", "POST dentaquest-eligibility", { url: SELENIUM_AGENT_BASE + url });
+  const r = await requestWithRetries({ url, method: "POST", data: payload }, 4);
+  log("dentaquest-client", "agent response", { status: r.status, dataKeys: r.data ? Object.keys(r.data) : null });
+  if (r.status >= 500) throw new Error(`Selenium agent server error: ${r.status}`);
+  return r.data;
+}
+
+export async function forwardOtpToSeleniumDentaQuestAgent(sessionId: string, otp: string): Promise<any> {
+  const url = `/submit-otp`;
+  log("dentaquest-client", "POST submit-otp", { url: SELENIUM_AGENT_BASE + url, sessionId });
+  const r = await requestWithRetries({ url, method: "POST", data: { session_id: sessionId, otp } }, 4);
+  log("dentaquest-client", "submit-otp response", { status: r.status, data: r.data });
+  if (r.status >= 500) throw new Error(`Selenium agent server error on submit-otp: ${r.status}`);
+  return r.data;
+}
+
+export async function getSeleniumDentaQuestSessionStatus(sessionId: string): Promise<any> {
+  const url = `/session/${sessionId}/status`;
+  log("dentaquest-client", "GET session status", { url: SELENIUM_AGENT_BASE + url, sessionId });
+  const r = await requestWithRetries({ url, method: "GET" }, 4);
+  log("dentaquest-client", "session status response", { status: r.status, dataKeys: r.data ? Object.keys(r.data) : null });
+  if (r.status === 404) {
+    const e: any = new Error("not_found");
+    e.response = { status: 404, data: r.data };
+    throw e;
+  }
+  return r.data;
+}