Engineering
Architecture, conventions, runbooks, and technical deep dives for the Loan Portal.
The trusted engineering reference for the Loan Portal: a Laravel API plus a Next.js BFF/UI, modeled as one connected Eloquent graph with data-scoped authorization.
Backend Conventions
The vendor seam, enums, casts, and first-party extension points — and why they're idiomatic.
Artisan Commands
Every custom artisan command across the Portal API and FlexRate engine, with flags and when to run them.
Authentication
MLM-backed login, the dual Sanctum + Portal-JWT session, httpOnly cookies at the BFF, and the two-factor challenge.
Authorization & Visibility
The two gates every request passes — permission and data-scoped visibility — and why even admins hold no visibility bypass.
Disclosures
The DisclosureProvider port, the MeridianLink Document Framework adapter, and the caller-ticket model.
Change of Circumstance
The typed details value object, the form-context read model, the submit/PDF flow, and the documentation-only MeridianLink writes.
Event-Driven Architecture
Domain events, listeners, and the workflow engine.
MLM Change Webhook & Freshness
The inbound change webhook, the self-write timestamp guard, and what a webhook re-syncs.
Provisioning a New Instance
The flexpoint:provision runbook for bootstrapping an instance.
Initial Closing Disclosure
How the Initial Closing Disclosure request behaves — the five-precondition eligibility gate, the business-purpose block, what submission writes to MeridianLink versus what it only documents, and the contacts and non-obligor collections it syncs.
Backend Conventions
Why the FlexPoint API is structured the way it is — the vendor seam, enums, casts, and first-party extension points.