From 4dd16ec37058486a6b9f9f729eb77c8f815f75a0 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 3 Mar 2025 16:53:28 -0500
Subject: [PATCH 001/285] add omb analyst group, add omb analyst permission,
 refine is_staff decorator as appropriate

---
 src/registrar/decorators.py                   |  6 ++
 .../migrations/0141_create_groups_v18.py      | 38 +++++++
 src/registrar/models/user.py                  |  1 +
 src/registrar/models/user_group.py            | 98 +++++++++++++++++++
 src/registrar/views/report_views.py           | 20 ++--
 src/registrar/views/transfer_user.py          |  4 +-
 src/registrar/views/utility/api_views.py      | 50 ++--------
 7 files changed, 162 insertions(+), 55 deletions(-)
 create mode 100644 src/registrar/migrations/0141_create_groups_v18.py

diff --git a/src/registrar/decorators.py b/src/registrar/decorators.py
index 7cb2792f4..8188b152e 100644
--- a/src/registrar/decorators.py
+++ b/src/registrar/decorators.py
@@ -6,6 +6,9 @@ from registrar.models import Domain, DomainInformation, DomainInvitation, Domain
 # Constants for clarity
 ALL = "all"
 IS_STAFF = "is_staff"
+IS_CISA_ANALYST = "is_cisa_analyst"
+IS_OMB_ANALYST = "is_omb_analyst"
+IS_FULL_ACCESS = "is_full_access"
 IS_DOMAIN_MANAGER = "is_domain_manager"
 IS_DOMAIN_REQUEST_CREATOR = "is_domain_request_creator"
 IS_STAFF_MANAGING_DOMAIN = "is_staff_managing_domain"
@@ -101,6 +104,9 @@ def _user_has_permission(user, request, rules, **kwargs):
     # Define permission checks
     permission_checks = [
         (IS_STAFF, lambda: user.is_staff),
+        (IS_CISA_ANALYST, lambda: user.has_perm("registrar.analyst_access_permission")),
+        (IS_OMB_ANALYST, lambda: user.has_perm("registrar.omb_analyst_access_permission")),
+        (IS_FULL_ACCESS, lambda: user.has_perm("registrar.full_access_permission")),
         (IS_DOMAIN_MANAGER, lambda: _is_domain_manager(user, **kwargs)),
         (IS_STAFF_MANAGING_DOMAIN, lambda: _is_staff_managing_domain(request, **kwargs)),
         (IS_PORTFOLIO_MEMBER, lambda: user.is_org_user(request)),
diff --git a/src/registrar/migrations/0141_create_groups_v18.py b/src/registrar/migrations/0141_create_groups_v18.py
new file mode 100644
index 000000000..c416f0f1e
--- /dev/null
+++ b/src/registrar/migrations/0141_create_groups_v18.py
@@ -0,0 +1,38 @@
+# This migration creates the create_full_access_group and create_cisa_analyst_group groups
+# It is dependent on 0079 (which populates federal agencies)
+# If permissions on the groups need changing, edit CISA_ANALYST_GROUP_PERMISSIONS
+# in the user_group model then:
+# [NOT RECOMMENDED]
+# step 1: docker-compose exec app ./manage.py migrate --fake registrar 0035_contenttypes_permissions
+# step 2: docker-compose exec app ./manage.py migrate registrar 0036_create_groups
+# step 3: fake run the latest migration in the migrations list
+# [RECOMMENDED]
+# Alternatively:
+# step 1: duplicate the migration that loads data
+# step 2: docker-compose exec app ./manage.py migrate
+
+from django.db import migrations
+from registrar.models import UserGroup
+from typing import Any
+
+
+# For linting: RunPython expects a function reference,
+# so let's give it one
+def create_groups(apps, schema_editor) -> Any:
+    UserGroup.create_cisa_analyst_group(apps, schema_editor)
+    UserGroup.create_omb_analyst_group(apps, schema_editor)
+    UserGroup.create_full_access_group(apps, schema_editor)
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("registrar", "0140_alter_portfolioinvitation_additional_permissions_and_more"),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            create_groups,
+            reverse_code=migrations.RunPython.noop,
+            atomic=True,
+        ),
+    ]
diff --git a/src/registrar/models/user.py b/src/registrar/models/user.py
index d5476ab9a..7ee4fefdf 100644
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@@ -40,6 +40,7 @@ class User(AbstractUser):
 
         permissions = [
             ("analyst_access_permission", "Analyst Access Permission"),
+            ("omb_analyst_access_permission", "OMB Analyst Access Permission"),
             ("full_access_permission", "Full Access Permission"),
         ]
 
diff --git a/src/registrar/models/user_group.py b/src/registrar/models/user_group.py
index 4770f34bc..b3bddee66 100644
--- a/src/registrar/models/user_group.py
+++ b/src/registrar/models/user_group.py
@@ -141,6 +141,104 @@ class UserGroup(Group):
         except Exception as e:
             logger.error(f"Error creating analyst permissions group: {e}")
 
+    def create_omb_analyst_group(apps, schema_editor):
+        """This method gets run from a data migration."""
+
+        # Hard to pass self to these methods as the calls from migrations
+        # are only expecting apps and schema_editor, so we'll just define
+        # apps, schema_editor in the local scope instead
+        OMB_ANALYST_GROUP_PERMISSIONS = [
+            {
+                "app_label": "registrar",
+                "model": "domainrequest",
+                "permissions": ["change_domainrequest"],
+            },
+            {
+                "app_label": "registrar",
+                "model": "domain",
+                "permissions": ["view_domain"],
+            },
+            {
+                "app_label": "registrar",
+                "model": "user",
+                "permissions": ["omb_analyst_access_permission"],
+            },
+            {
+                "app_label": "registrar",
+                "model": "domaininvitation",
+                "permissions": ["view_domaininvitation"],
+            },
+            {
+                "app_label": "registrar",
+                "model": "federalagency",
+                "permissions": ["change_federalagency", "delete_federalagency"],
+            },
+            {
+                "app_label": "registrar",
+                "model": "portfolio",
+                "permissions": ["change_portfolio", "delete_portfolio"],
+            },
+            {
+                "app_label": "registrar",
+                "model": "suborganization",
+                "permissions": ["change_suborganization", "delete_suborganization"],
+            },
+            {
+                "app_label": "registrar",
+                "model": "seniorofficial",
+                "permissions": ["change_seniorofficial", "delete_seniorofficial"],
+            },
+        ]
+
+        # Avoid error: You can't execute queries until the end
+        # of the 'atomic' block.
+        # From django docs:
+        # https://docs.djangoproject.com/en/4.2/topics/migrations/#data-migrations
+        # We can’t import the Person model directly as it may be a newer
+        # version than this migration expects. We use the historical version.
+        ContentType = apps.get_model("contenttypes", "ContentType")
+        Permission = apps.get_model("auth", "Permission")
+        UserGroup = apps.get_model("registrar", "UserGroup")
+
+        logger.info("Going to create the OMB Analyst Group")
+        try:
+            omb_analysts_group, _ = UserGroup.objects.get_or_create(
+                name="omb_analysts_group",
+            )
+
+            omb_analysts_group.permissions.clear()
+
+            for permission in OMB_ANALYST_GROUP_PERMISSIONS:
+                app_label = permission["app_label"]
+                model_name = permission["model"]
+                permissions = permission["permissions"]
+
+                # Retrieve the content type for the app and model
+                content_type = ContentType.objects.get(app_label=app_label, model=model_name)
+
+                # Retrieve the permissions based on their codenames
+                permissions = Permission.objects.filter(content_type=content_type, codename__in=permissions)
+
+                # Assign the permissions to the group
+                omb_analysts_group.permissions.add(*permissions)
+
+                # Convert the permissions QuerySet to a list of codenames
+                permission_list = list(permissions.values_list("codename", flat=True))
+
+                logger.debug(
+                    app_label
+                    + " | "
+                    + model_name
+                    + " | "
+                    + ", ".join(permission_list)
+                    + " added to group "
+                    + omb_analysts_group.name
+                )
+
+                logger.debug("OMB Analyst permissions added to group " + omb_analysts_group.name)
+        except Exception as e:
+            logger.error(f"Error creating analyst permissions group: {e}")
+
     def create_full_access_group(apps, schema_editor):
         """This method gets run from a data migration."""
 
diff --git a/src/registrar/views/report_views.py b/src/registrar/views/report_views.py
index c07dcfc1b..7f1e63e32 100644
--- a/src/registrar/views/report_views.py
+++ b/src/registrar/views/report_views.py
@@ -6,7 +6,7 @@ from django.shortcuts import render
 from django.contrib import admin
 from django.db.models import Avg, F
 
-from registrar.decorators import ALL, HAS_PORTFOLIO_MEMBERS_VIEW, IS_STAFF, grant_access
+from registrar.decorators import ALL, HAS_PORTFOLIO_MEMBERS_VIEW, IS_CISA_ANALYST, IS_FULL_ACCESS, grant_access
 from .. import models
 import datetime
 from django.utils import timezone
@@ -16,7 +16,7 @@ import logging
 logger = logging.getLogger(__name__)
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
 class AnalyticsView(View):
     def get(self, request):
         thirty_days_ago = datetime.datetime.today() - datetime.timedelta(days=30)
@@ -176,7 +176,7 @@ class AnalyticsView(View):
         return render(request, "admin/analytics.html", context)
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
 class ExportDataType(View):
     def get(self, request, *args, **kwargs):
         # match the CSV example with all the fields
@@ -227,7 +227,7 @@ class ExportMembersPortfolio(View):
         return response
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
 class ExportDataFull(View):
     def get(self, request, *args, **kwargs):
         # Smaller export based on 1
@@ -237,7 +237,7 @@ class ExportDataFull(View):
         return response
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
 class ExportDataFederal(View):
     def get(self, request, *args, **kwargs):
         # Federal only
@@ -247,7 +247,7 @@ class ExportDataFederal(View):
         return response
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
 class ExportDomainRequestDataFull(View):
     """Generates a downloaded report containing all Domain Requests (except started)"""
 
@@ -259,7 +259,7 @@ class ExportDomainRequestDataFull(View):
         return response
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
 class ExportDataDomainsGrowth(View):
     def get(self, request, *args, **kwargs):
         start_date = request.GET.get("start_date", "")
@@ -272,7 +272,7 @@ class ExportDataDomainsGrowth(View):
         return response
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
 class ExportDataRequestsGrowth(View):
     def get(self, request, *args, **kwargs):
         start_date = request.GET.get("start_date", "")
@@ -285,7 +285,7 @@ class ExportDataRequestsGrowth(View):
         return response
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
 class ExportDataManagedDomains(View):
     def get(self, request, *args, **kwargs):
         start_date = request.GET.get("start_date", "")
@@ -297,7 +297,7 @@ class ExportDataManagedDomains(View):
         return response
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
 class ExportDataUnmanagedDomains(View):
     def get(self, request, *args, **kwargs):
         start_date = request.GET.get("start_date", "")
diff --git a/src/registrar/views/transfer_user.py b/src/registrar/views/transfer_user.py
index 62cd0a9d2..ee8ebad35 100644
--- a/src/registrar/views/transfer_user.py
+++ b/src/registrar/views/transfer_user.py
@@ -4,7 +4,7 @@ from django.db.models import ForeignKey, OneToOneField, ManyToManyField, ManyToO
 
 from django.shortcuts import render, get_object_or_404, redirect
 from django.views import View
-from registrar.decorators import IS_STAFF, grant_access
+from registrar.decorators import IS_CISA_ANALYST, IS_FULL_ACCESS, grant_access
 from registrar.models.domain import Domain
 from registrar.models.domain_request import DomainRequest
 from registrar.models.user import User
@@ -19,7 +19,7 @@ from registrar.utility.db_helpers import ignore_unique_violation
 logger = logging.getLogger(__name__)
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_FULL_ACCESS)
 class TransferUserView(View):
     """Transfer user methods that set up the transfer_user template and handle the forms on it."""
 
diff --git a/src/registrar/views/utility/api_views.py b/src/registrar/views/utility/api_views.py
index 6d0a2b5ec..ea794e185 100644
--- a/src/registrar/views/utility/api_views.py
+++ b/src/registrar/views/utility/api_views.py
@@ -1,7 +1,7 @@
 import logging
 from django.http import JsonResponse
 from django.forms.models import model_to_dict
-from registrar.decorators import IS_STAFF, grant_access
+from registrar.decorators import IS_CISA_ANALYST, IS_FULL_ACCESS, IS_OMB_ANALYST, grant_access
 from registrar.models import FederalAgency, SeniorOfficial, DomainRequest
 from registrar.utility.admin_helpers import get_action_needed_reason_default_email, get_rejection_reason_default_email
 from registrar.models.portfolio import Portfolio
@@ -10,16 +10,10 @@ from registrar.utility.constants import BranchChoices
 logger = logging.getLogger(__name__)
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_OMB_ANALYST, IS_FULL_ACCESS)
 def get_senior_official_from_federal_agency_json(request):
     """Returns federal_agency information as a JSON"""
 
-    # This API is only accessible to admins and analysts
-    superuser_perm = request.user.has_perm("registrar.full_access_permission")
-    analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
-    if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
-        return JsonResponse({"error": "You do not have access to this resource"}, status=403)
-
     agency_name = request.GET.get("agency_name")
     agency = FederalAgency.objects.filter(agency=agency_name).first()
     senior_official = SeniorOfficial.objects.filter(federal_agency=agency).first()
@@ -37,16 +31,10 @@ def get_senior_official_from_federal_agency_json(request):
         return JsonResponse({"error": "Senior Official not found"}, status=404)
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_OMB_ANALYST, IS_FULL_ACCESS)
 def get_portfolio_json(request):
     """Returns portfolio information as a JSON"""
 
-    # This API is only accessible to admins and analysts
-    superuser_perm = request.user.has_perm("registrar.full_access_permission")
-    analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
-    if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
-        return JsonResponse({"error": "You do not have access to this resource"}, status=403)
-
     portfolio_id = request.GET.get("id")
     try:
         portfolio = Portfolio.objects.get(id=portfolio_id)
@@ -93,16 +81,10 @@ def get_portfolio_json(request):
     return JsonResponse(portfolio_dict)
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_OMB_ANALYST, IS_FULL_ACCESS)
 def get_suborganization_list_json(request):
     """Returns suborganization list information for a portfolio as a JSON"""
 
-    # This API is only accessible to admins and analysts
-    superuser_perm = request.user.has_perm("registrar.full_access_permission")
-    analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
-    if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
-        return JsonResponse({"error": "You do not have access to this resource"}, status=403)
-
     portfolio_id = request.GET.get("portfolio_id")
     try:
         portfolio = Portfolio.objects.get(id=portfolio_id)
@@ -115,17 +97,11 @@ def get_suborganization_list_json(request):
     return JsonResponse({"results": results, "pagination": {"more": False}})
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_OMB_ANALYST, IS_FULL_ACCESS)
 def get_federal_and_portfolio_types_from_federal_agency_json(request):
     """Returns specific portfolio information as a JSON. Request must have
     both agency_name and organization_type."""
 
-    # This API is only accessible to admins and analysts
-    superuser_perm = request.user.has_perm("registrar.full_access_permission")
-    analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
-    if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
-        return JsonResponse({"error": "You do not have access to this resource"}, status=403)
-
     federal_type = None
     portfolio_type = None
 
@@ -143,16 +119,10 @@ def get_federal_and_portfolio_types_from_federal_agency_json(request):
     return JsonResponse(response_data)
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_OMB_ANALYST, IS_FULL_ACCESS)
 def get_action_needed_email_for_user_json(request):
     """Returns a default action needed email for a given user"""
 
-    # This API is only accessible to admins and analysts
-    superuser_perm = request.user.has_perm("registrar.full_access_permission")
-    analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
-    if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
-        return JsonResponse({"error": "You do not have access to this resource"}, status=403)
-
     reason = request.GET.get("reason")
     domain_request_id = request.GET.get("domain_request_id")
     if not reason:
@@ -167,16 +137,10 @@ def get_action_needed_email_for_user_json(request):
     return JsonResponse({"email": email}, status=200)
 
 
-@grant_access(IS_STAFF)
+@grant_access(IS_CISA_ANALYST, IS_OMB_ANALYST, IS_FULL_ACCESS)
 def get_rejection_email_for_user_json(request):
     """Returns a default rejection email for a given user"""
 
-    # This API is only accessible to admins and analysts
-    superuser_perm = request.user.has_perm("registrar.full_access_permission")
-    analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
-    if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
-        return JsonResponse({"error": "You do not have access to this resource"}, status=403)
-
     reason = request.GET.get("reason")
     domain_request_id = request.GET.get("domain_request_id")
     if not reason:

From 562ff46faa8ed44ee12b97507f1d9851a8579722 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 3 Mar 2025 17:05:57 -0500
Subject: [PATCH 002/285] refine permissions on analytics

---
 src/registrar/templates/admin/app_list.html | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/registrar/templates/admin/app_list.html b/src/registrar/templates/admin/app_list.html
index ecce12a3e..6f30e3031 100644
--- a/src/registrar/templates/admin/app_list.html
+++ b/src/registrar/templates/admin/app_list.html
@@ -63,6 +63,7 @@
       </table>
     </div>
   {% endfor %}
+  {% if perms.registrar.analyst_access_permission or perms.full_access_permission %}
   <div class="module">
     <table class="width-full">
       <caption class="text-bold">Analytics</caption>
@@ -78,6 +79,7 @@
       </tbody>
     </table>
   </div>
+  {% endif %}
 {% else %}
   <p>{% translate 'You don’t have permission to view or edit anything.' %}</p>
 {% endif %}

From a93dbdc5cc1375a7837794a5d46f9619c37385da Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 3 Mar 2025 17:20:31 -0500
Subject: [PATCH 003/285] import and export buttons and functions limited by
 permission

---
 src/registrar/admin.py | 37 +++++++++++++++++++++++--------------
 1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 4b05bbb6d..7808a7cc7 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -75,6 +75,15 @@ from django.utils.translation import gettext_lazy as _
 logger = logging.getLogger(__name__)
 
 
+class ImportExportRegistrarModelAdmin(ImportExportModelAdmin):
+
+    def has_import_permission(self, request):
+        return request.user.has_perm("registrar.analyst_access_permission") or request.user.has_perm("registrar.full_access_permission")
+
+    def has_export_permission(self, request):
+        return request.user.has_perm("registrar.analyst_access_permission") or request.user.has_perm("registrar.full_access_permission")
+
+
 class FsmModelResource(resources.ModelResource):
     """ModelResource is extended to support importing of tables which
     have FSMFields.  ModelResource is extended with the following changes
@@ -751,7 +760,7 @@ class ListHeaderAdmin(AuditedAdmin, OrderableFieldsMixin):
         return filters
 
 
-class MyUserAdmin(BaseUserAdmin, ImportExportModelAdmin):
+class MyUserAdmin(BaseUserAdmin, ImportExportRegistrarModelAdmin):
     """Custom user admin class to use our inlines."""
 
     resource_classes = [UserResource]
@@ -1044,7 +1053,7 @@ class HostResource(resources.ModelResource):
         model = models.Host
 
 
-class MyHostAdmin(AuditedAdmin, ImportExportModelAdmin):
+class MyHostAdmin(AuditedAdmin, ImportExportRegistrarModelAdmin):
     """Custom host admin class to use our inlines."""
 
     resource_classes = [HostResource]
@@ -1070,7 +1079,7 @@ class HostIpResource(resources.ModelResource):
         model = models.HostIP
 
 
-class HostIpAdmin(AuditedAdmin, ImportExportModelAdmin):
+class HostIpAdmin(AuditedAdmin, ImportExportRegistrarModelAdmin):
     """Custom host ip admin class"""
 
     resource_classes = [HostIpResource]
@@ -1093,7 +1102,7 @@ class ContactResource(resources.ModelResource):
         model = models.Contact
 
 
-class ContactAdmin(ListHeaderAdmin, ImportExportModelAdmin):
+class ContactAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     """Custom contact admin class to add search."""
 
     resource_classes = [ContactResource]
@@ -1244,7 +1253,7 @@ class WebsiteResource(resources.ModelResource):
         model = models.Website
 
 
-class WebsiteAdmin(ListHeaderAdmin, ImportExportModelAdmin):
+class WebsiteAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     """Custom website admin class."""
 
     resource_classes = [WebsiteResource]
@@ -1344,7 +1353,7 @@ class UserPortfolioPermissionAdmin(ListHeaderAdmin):
             obj.delete()  # Calls the overridden delete method on each instance
 
 
-class UserDomainRoleAdmin(ListHeaderAdmin, ImportExportModelAdmin):
+class UserDomainRoleAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     """Custom user domain role admin class."""
 
     resource_classes = [UserDomainRoleResource]
@@ -1760,7 +1769,7 @@ class DomainInformationResource(resources.ModelResource):
         model = models.DomainInformation
 
 
-class DomainInformationAdmin(ListHeaderAdmin, ImportExportModelAdmin):
+class DomainInformationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     """Customize domain information admin class."""
 
     class GenericOrgFilter(admin.SimpleListFilter):
@@ -2098,7 +2107,7 @@ class DomainRequestResource(FsmModelResource):
         model = models.DomainRequest
 
 
-class DomainRequestAdmin(ListHeaderAdmin, ImportExportModelAdmin):
+class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     """Custom domain requests admin class."""
 
     resource_classes = [DomainRequestResource]
@@ -3309,7 +3318,7 @@ class DomainResource(FsmModelResource):
         model = models.Domain
 
 
-class DomainAdmin(ListHeaderAdmin, ImportExportModelAdmin):
+class DomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     """Custom domain admin class to add extra buttons."""
 
     resource_classes = [DomainResource]
@@ -3902,7 +3911,7 @@ class DraftDomainResource(resources.ModelResource):
         model = models.DraftDomain
 
 
-class DraftDomainAdmin(ListHeaderAdmin, ImportExportModelAdmin):
+class DraftDomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     """Custom draft domain admin class."""
 
     resource_classes = [DraftDomainResource]
@@ -4022,7 +4031,7 @@ class PublicContactResource(resources.ModelResource):
         self.after_save_instance(instance, using_transactions, dry_run)
 
 
-class PublicContactAdmin(ListHeaderAdmin, ImportExportModelAdmin):
+class PublicContactAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     """Custom PublicContact admin class."""
 
     resource_classes = [PublicContactResource]
@@ -4358,7 +4367,7 @@ class FederalAgencyResource(resources.ModelResource):
         model = models.FederalAgency
 
 
-class FederalAgencyAdmin(ListHeaderAdmin, ImportExportModelAdmin):
+class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     list_display = ["agency"]
     search_fields = ["agency"]
     search_help_text = "Search by federal agency."
@@ -4415,11 +4424,11 @@ class WaffleFlagAdmin(FlagAdmin):
         return super().changelist_view(request, extra_context=extra_context)
 
 
-class DomainGroupAdmin(ListHeaderAdmin, ImportExportModelAdmin):
+class DomainGroupAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     list_display = ["name", "portfolio"]
 
 
-class SuborganizationAdmin(ListHeaderAdmin, ImportExportModelAdmin):
+class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
 
     list_display = ["name", "portfolio"]
     autocomplete_fields = [

From 2bd188b267a185ccaa715d75dd4e0108918113e4 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 4 Mar 2025 06:38:34 -0500
Subject: [PATCH 004/285] filtered admin views based on specific permission
 groups

---
 src/registrar/admin.py | 193 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 193 insertions(+)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 7808a7cc7..d58ded2f9 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -1244,6 +1244,32 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
     # in autocomplete_fields for Senior Official
     ordering = ["first_name", "last_name"]
 
+    def get_annotated_queryset(self, queryset):
+        return queryset.annotate(
+            converted_federal_type=Case(
+                # When portfolio is present, use its value instead
+                When(
+                    Q(federal_agency__isnull=False),
+                    then=F("federal_agency__federal_type"),
+                ),
+                # Otherwise, return the natively assigned value
+                default=Value(""),
+            ),
+        )
+    
+    def get_queryset(self, request):
+        """Restrict queryset based on user permissions."""
+        qs = super().get_queryset(request)
+
+        # Check if user is in OMB analysts group
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            annotated_qs = self.get_annotated_queryset(qs)
+            return annotated_qs.filter(
+                converted_federal_type=BranchChoices.EXECUTIVE,
+            )
+
+        return qs  # Return full queryset if the user doesn't have the restriction
+    
 
 class WebsiteResource(resources.ModelResource):
     """defines how each field in the referenced model should be mapped to the corresponding fields in the
@@ -1536,6 +1562,39 @@ class DomainInvitationAdmin(BaseInvitationAdmin):
     # Override for the delete confirmation page on the domain table (bulk delete action)
     delete_selected_confirmation_template = "django/admin/domain_invitation_delete_selected_confirmation.html"
 
+    def get_annotated_queryset(self, queryset):
+        return queryset.annotate(
+            converted_generic_org_type=Case(
+                # When portfolio is present, use its value instead
+                When(domain__domain_info__portfolio__isnull=False, then=F("domain__domain_info__portfolio__organization_type")),
+                # Otherwise, return the natively assigned value
+                default=F("domain__domain_info__generic_org_type"),
+            ),
+            converted_federal_type=Case(
+                # When portfolio is present, use its value instead
+                When(
+                    Q(domain__domain_info__portfolio__isnull=False) & Q(domain__domain_info__portfolio__federal_agency__isnull=False),
+                    then=F("domain__domain_info__portfolio__federal_agency__federal_type"),
+                ),
+                # Otherwise, return the natively assigned value
+                default=F("domain__domain_info__federal_agency__federal_type"),
+            ),
+        )
+    
+    def get_queryset(self, request):
+        """Restrict queryset based on user permissions."""
+        qs = super().get_queryset(request)
+
+        # Check if user is in OMB analysts group
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            annotated_qs = self.get_annotated_queryset(qs)
+            return annotated_qs.filter(
+                converted_generic_org_type=DomainRequest.OrganizationChoices.FEDERAL,
+                converted_federal_type=BranchChoices.EXECUTIVE,
+            )
+
+        return qs  # Return full queryset if the user doesn't have the restriction
+    
     # Select domain invitations to change -> Domain invitations
     def changelist_view(self, request, extra_context=None):
         if extra_context is None:
@@ -2098,6 +2157,38 @@ class DomainInformationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         use_sort = db_field.name != "senior_official"
         return super().formfield_for_foreignkey(db_field, request, use_admin_sort_fields=use_sort, **kwargs)
 
+    def get_annotated_queryset(self, queryset):
+        return queryset.annotate(
+            conv_generic_org_type=Case(
+                # When portfolio is present, use its value instead
+                When(portfolio__isnull=False, then=F("portfolio__organization_type")),
+                # Otherwise, return the natively assigned value
+                default=F("generic_org_type"),
+            ),
+            conv_federal_type=Case(
+                # When portfolio is present, use its value instead
+                When(
+                    Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False),
+                    then=F("portfolio__federal_agency__federal_type"),
+                ),
+                # Otherwise, return the natively assigned value
+                default=F("federal_agency__federal_type"),
+            ),
+        )
+
+    def get_queryset(self, request):
+        """Custom get_queryset to filter by portfolio if portfolio is in the
+        request params."""
+        qs = super().get_queryset(request)
+        # Check if user is in OMB analysts group
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            annotated_qs = self.get_annotated_queryset(qs)
+            return annotated_qs.filter(
+                conv_generic_org_type=DomainRequest.OrganizationChoices.FEDERAL,
+                conv_federal_type=BranchChoices.EXECUTIVE,
+            )
+        return qs
+
 
 class DomainRequestResource(FsmModelResource):
     """defines how each field in the referenced model should be mapped to the corresponding fields in the
@@ -3050,6 +3141,25 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         use_sort = db_field.name != "senior_official"
         return super().formfield_for_foreignkey(db_field, request, use_admin_sort_fields=use_sort, **kwargs)
 
+    def get_annotated_queryset(self, queryset):
+        return queryset.annotate(
+            conv_generic_org_type=Case(
+                # When portfolio is present, use its value instead
+                When(portfolio__isnull=False, then=F("portfolio__organization_type")),
+                # Otherwise, return the natively assigned value
+                default=F("generic_org_type"),
+            ),
+            conv_federal_type=Case(
+                # When portfolio is present, use its value instead
+                When(
+                    Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False),
+                    then=F("portfolio__federal_agency__federal_type"),
+                ),
+                # Otherwise, return the natively assigned value
+                default=F("federal_agency__federal_type"),
+            ),
+        )
+
     def get_queryset(self, request):
         """Custom get_queryset to filter by portfolio if portfolio is in the
         request params."""
@@ -3059,6 +3169,13 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         if portfolio_id:
             # Further filter the queryset by the portfolio
             qs = qs.filter(portfolio=portfolio_id)
+        # Check if user is in OMB analysts group
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            annotated_qs = self.get_annotated_queryset(qs)
+            return annotated_qs.filter(
+                conv_generic_org_type=DomainRequest.OrganizationChoices.FEDERAL,
+                conv_federal_type=BranchChoices.EXECUTIVE,
+            )
         return qs
 
     def get_search_results(self, request, queryset, search_term):
@@ -3900,6 +4017,12 @@ class DomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         if portfolio_id:
             # Further filter the queryset by the portfolio
             qs = qs.filter(domain_info__portfolio=portfolio_id)
+        # Check if user is in OMB analysts group
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            return qs.filter(
+                converted_generic_org_type=DomainRequest.OrganizationChoices.FEDERAL,
+                converted_federal_type=BranchChoices.EXECUTIVE,
+            )
         return qs
 
 
@@ -4314,6 +4437,34 @@ class PortfolioAdmin(ListHeaderAdmin):
         readonly_fields.extend([field for field in self.analyst_readonly_fields])
         return readonly_fields
 
+    def get_annotated_queryset(self, queryset):
+        return queryset.annotate(
+            converted_federal_type=Case(
+                # When portfolio is present, use its value instead
+                When(
+                    Q(federal_agency__isnull=False),
+                    then=F("federal_agency__federal_type"),
+                ),
+                # Otherwise, return the natively assigned value
+                default=Value(""),
+            ),
+        )
+    
+    def get_queryset(self, request):
+        """Restrict queryset based on user permissions."""
+        qs = super().get_queryset(request)
+
+        # Check if user is in OMB analysts group
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            annotated_qs = self.get_annotated_queryset(qs)
+            return annotated_qs.filter(
+                organization_type=DomainRequest.OrganizationChoices.FEDERAL,
+                converted_federal_type=BranchChoices.EXECUTIVE,
+            )
+
+        return qs  # Return full queryset if the user doesn't have the restriction
+    
+
     def change_view(self, request, object_id, form_url="", extra_context=None):
         """Add related suborganizations and domain groups.
         Add the summary for the portfolio members field (list of members that link to change_forms)."""
@@ -4374,6 +4525,17 @@ class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     ordering = ["agency"]
     resource_classes = [FederalAgencyResource]
 
+    def get_queryset(self, request):
+        """Restrict queryset based on user permissions."""
+        qs = super().get_queryset(request)
+
+        # Check if user is in OMB analysts group
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            return qs.filter(
+                federal_type=BranchChoices.EXECUTIVE,
+            )
+
+        return qs  # Return full queryset if the user doesn't have the restriction
 
 class UserGroupAdmin(AuditedAdmin):
     """Overwrite the generated UserGroup admin class"""
@@ -4456,6 +4618,37 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         extra_context = {"domain_requests": domain_requests, "domains": domains}
         return super().change_view(request, object_id, form_url, extra_context)
 
+    def get_annotated_queryset(self, queryset):
+        return queryset.annotate(
+            converted_federal_type=Case(
+                # When portfolio is present, use its value instead
+                When(
+                    Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False),
+                    then=F("portfolio__federal_agency__federal_type"),
+                ),
+                # Otherwise, return the natively assigned value
+                default=Value(""),
+            ),
+        )
+
+    def get_queryset(self, request):
+        """Custom get_queryset to filter by portfolio if portfolio is in the
+        request params."""
+        qs = super().get_queryset(request)
+        # Check if a 'portfolio' parameter is passed in the request
+        portfolio_id = request.GET.get("portfolio")
+        if portfolio_id:
+            # Further filter the queryset by the portfolio
+            qs = qs.filter(portfolio=portfolio_id)
+        # Check if user is in OMB analysts group
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            annotated_qs = self.get_annotated_queryset(qs)
+            return annotated_qs.filter(
+                portfolio__organization_type=DomainRequest.OrganizationChoices.FEDERAL,
+                converted_federal_type=BranchChoices.EXECUTIVE,
+            )
+        return qs
+
 
 class AllowedEmailAdmin(ListHeaderAdmin):
     class Meta:

From 16bcae0dc281cad5ab03c917d01e57150933eb53 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 4 Mar 2025 20:48:22 -0500
Subject: [PATCH 005/285] added admin object and group specific permissions for
 view, add, change and or delete

---
 src/registrar/admin.py | 152 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 151 insertions(+), 1 deletion(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index d58ded2f9..387712bbb 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -1270,6 +1270,33 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
 
         return qs  # Return full queryset if the user doesn't have the restriction
     
+    def has_view_permission(self, request, obj=None):
+        """Restrict view permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.federal_agency and obj.federal_agency.federal_type == BranchChoices.EXECUTIVE
+        return super().has_view_permission(request, obj)
+    
+    def has_change_permission(self, request, obj=None):
+        """Restrict update permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.federal_agency and obj.federal_agency.federal_type == BranchChoices.EXECUTIVE
+        return super().has_change_permission(request, obj)
+
+    def has_delete_permission(self, request, obj=None):
+        """Restrict delete permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.federal_agency and obj.federal_agency.federal_type == BranchChoices.EXECUTIVE
+        return super().has_delete_permisssion(request, obj)
+
 
 class WebsiteResource(resources.ModelResource):
     """defines how each field in the referenced model should be mapped to the corresponding fields in the
@@ -1595,6 +1622,16 @@ class DomainInvitationAdmin(BaseInvitationAdmin):
 
         return qs  # Return full queryset if the user doesn't have the restriction
     
+    def has_view_permission(self, request, obj=None):
+        """Restrict view permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.domain.domain_info.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL and \
+                    obj.domain.domain_info.federal_type == BranchChoices.EXECUTIVE
+        return super().has_view_permission(request, obj)
+    
     # Select domain invitations to change -> Domain invitations
     def changelist_view(self, request, extra_context=None):
         if extra_context is None:
@@ -3177,7 +3214,27 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
                 conv_federal_type=BranchChoices.EXECUTIVE,
             )
         return qs
-
+    
+    def has_view_permission(self, request, obj=None):
+        """Restrict view permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL and \
+                    obj.converted_federal_type == BranchChoices.EXECUTIVE        
+        return super().has_view_permission(request, obj)
+    
+    def has_change_permission(self, request, obj=None):
+        """Restrict update permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL and \
+                    obj.converted_federal_type == BranchChoices.EXECUTIVE        
+        return super().has_change_permission(request, obj)
+    
     def get_search_results(self, request, queryset, search_term):
         # Call the parent's method to apply default search logic
         base_queryset, use_distinct = super().get_search_results(request, queryset, search_term)
@@ -4025,6 +4082,16 @@ class DomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
             )
         return qs
 
+    def has_view_permission(self, request, obj=None):
+        """Restrict view permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.domain_info.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL and \
+                    obj.domain_info.converted_federal_type == BranchChoices.EXECUTIVE        
+        return super().has_view_permission(request, obj)
+    
 
 class DraftDomainResource(resources.ModelResource):
     """defines how each field in the referenced model should be mapped to the corresponding fields in the
@@ -4464,6 +4531,32 @@ class PortfolioAdmin(ListHeaderAdmin):
 
         return qs  # Return full queryset if the user doesn't have the restriction
     
+    def has_view_permission(self, request, obj=None):
+        """Restrict view permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.federal_type == BranchChoices.EXECUTIVE
+        return super().has_view_permission(request, obj)
+    
+    def has_change_permission(self, request, obj=None):
+        """Restrict update permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.federal_type == BranchChoices.EXECUTIVE        
+        return super().has_change_permission(request, obj)
+
+    def has_delete_permission(self, request, obj=None):
+        """Restrict delete permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.federal_type == BranchChoices.EXECUTIVE
+        return super().has_delete_permisssion(request, obj)
 
     def change_view(self, request, object_id, form_url="", extra_context=None):
         """Add related suborganizations and domain groups.
@@ -4537,6 +4630,36 @@ class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
 
         return qs  # Return full queryset if the user doesn't have the restriction
 
+    def has_view_permission(self, request, obj=None):
+        """Restrict view permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.domain.domain_info.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL and \
+                    obj.domain.domain_info.federal_type == BranchChoices.EXECUTIVE
+        return super().has_view_permission(request, obj)
+    
+    def has_change_permission(self, request, obj=None):
+        """Restrict update permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL and \
+                    obj.converted_federal_type == BranchChoices.EXECUTIVE        
+        return super().has_change_permission(request, obj)
+
+    def has_delete_permission(self, request, obj=None):
+        """Restrict delete permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.federal_type == BranchChoices.EXECUTIVE
+        return super().has_delete_permisssion(request, obj)
+    
+
 class UserGroupAdmin(AuditedAdmin):
     """Overwrite the generated UserGroup admin class"""
 
@@ -4648,6 +4771,33 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
                 converted_federal_type=BranchChoices.EXECUTIVE,
             )
         return qs
+    
+    def has_view_permission(self, request, obj=None):
+        """Restrict view permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.portfolio and obj.portfolio.federal_type == BranchChoices.EXECUTIVE
+        return super().has_view_permission(request, obj)
+    
+    def has_change_permission(self, request, obj=None):
+        """Restrict update permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.portfolio and obj.portfolio.federal_type == BranchChoices.EXECUTIVE     
+        return super().has_change_permission(request, obj)
+
+    def has_delete_permission(self, request, obj=None):
+        """Restrict delete permissions based on group membership and model attributes."""
+        if request.user.has_perm("registrar.full_access_permission"):
+            return True
+        if obj:
+            if request.user.groups.filter(name="omb_analysts_group").exists():
+                return obj.portfolio and obj.portfolio.federal_type == BranchChoices.EXECUTIVE
+        return super().has_delete_permisssion(request, obj)
 
 
 class AllowedEmailAdmin(ListHeaderAdmin):

From 996d8eaccfe12e9f8ca74868880251e8a8f4756d Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Wed, 5 Mar 2025 18:30:17 -0500
Subject: [PATCH 006/285] changes to domain request admin form

---
 src/registrar/admin.py                        | 70 +++++++++++++++++--
 .../admin/includes/contact_detail_list.html   |  6 +-
 .../admin/includes/detail_table_fieldset.html | 16 ++++-
 3 files changed, 84 insertions(+), 8 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 387712bbb..e16463fb8 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -323,9 +323,10 @@ class DomainRequestAdminForm(forms.ModelForm):
             # only set the available transitions if the user is not restricted
             # from editing the domain request; otherwise, the form will be
             # readonly and the status field will not have a widget
-            if not domain_request.creator.is_restricted():
+            if not domain_request.creator.is_restricted() and "status" in self.fields:
                 self.fields["status"].widget.choices = available_transitions
 
+
     def get_custom_field_transitions(self, instance, field):
         """Custom implementation of get_available_FIELD_transitions
         in the FSM. Allows us to still display fields filtered out by a condition."""
@@ -1295,7 +1296,7 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
                 return obj.federal_agency and obj.federal_agency.federal_type == BranchChoices.EXECUTIVE
-        return super().has_delete_permisssion(request, obj)
+        return super().has_delete_permission(request, obj)
 
 
 class WebsiteResource(resources.ModelResource):
@@ -2749,6 +2750,53 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         "cisa_representative_email",
     ]
 
+    # Read only that we'll leverage for OMB Analysts
+    omb_analyst_readonly_fields = [
+        "federal_agency",
+        "creator",
+        "about_your_organization",
+        "requested_domain",
+        "approved_domain",
+        "alternative_domains",
+        "purpose",
+        "no_other_contacts_rationale",
+        "anything_else",
+        "is_policy_acknowledged",
+        "cisa_representative_first_name",
+        "cisa_representative_last_name",
+        "cisa_representative_email",
+        "status",
+        "investigator",
+        "notes",
+        "senior_official",
+        "organization_type",
+        "organization_name",
+        "state_territory",
+        "address_line1",
+        "address_line2",
+        "city",
+        "zipcode",
+        "urbanization",
+        "portfolio_organization_type",
+        "portfolio_federal_type",
+        "portfolio_organization_name",
+        "portfolio_federal_agency",
+        "portfolio_state_territory",
+        "portfolio_address_line1",
+        "portfolio_address_line2",
+        "portfolio_city",
+        "portfolio_zipcode",
+        "portfolio_urbanization",
+        "is_election_board",
+        "organization_type",
+        "federal_type",
+        "federal_agency",
+        "tribe_name",
+        "federally_recognized_tribe",
+        "state_recognized_tribe",
+        "about_your_organization",
+    ]
+
     autocomplete_fields = [
         "approved_domain",
         "requested_domain",
@@ -2990,6 +3038,10 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
 
         if request.user.has_perm("registrar.full_access_permission"):
             return readonly_fields
+        # Return restrictive Read-only fields for OMB analysts
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            readonly_fields.extend([field for field in self.omb_analyst_readonly_fields])
+            return readonly_fields
         # Return restrictive Read-only fields for analysts and
         # users who might not belong to groups
         readonly_fields.extend([field for field in self.analyst_readonly_fields])
@@ -3254,6 +3306,14 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
 
         return combined_queryset, use_distinct
 
+    def get_form(self, request, obj=None, **kwargs):
+        """Pass the 'is_omb_analyst' attribute to the form."""
+        form = super().get_form(request, obj, **kwargs)
+
+        # Store attribute in the form for template access
+        form.show_contact_as_plain_text = request.user.groups.filter(name="omb_analysts_group").exists()
+
+        return form
 
 class TransitionDomainAdmin(ListHeaderAdmin):
     """Custom transition domain admin class."""
@@ -4556,7 +4616,7 @@ class PortfolioAdmin(ListHeaderAdmin):
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
                 return obj.federal_type == BranchChoices.EXECUTIVE
-        return super().has_delete_permisssion(request, obj)
+        return super().has_delete_permission(request, obj)
 
     def change_view(self, request, object_id, form_url="", extra_context=None):
         """Add related suborganizations and domain groups.
@@ -4657,7 +4717,7 @@ class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
                 return obj.federal_type == BranchChoices.EXECUTIVE
-        return super().has_delete_permisssion(request, obj)
+        return super().has_delete_permission(request, obj)
     
 
 class UserGroupAdmin(AuditedAdmin):
@@ -4797,7 +4857,7 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
                 return obj.portfolio and obj.portfolio.federal_type == BranchChoices.EXECUTIVE
-        return super().has_delete_permisssion(request, obj)
+        return super().has_delete_permission(request, obj)
 
 
 class AllowedEmailAdmin(ListHeaderAdmin):
diff --git a/src/registrar/templates/django/admin/includes/contact_detail_list.html b/src/registrar/templates/django/admin/includes/contact_detail_list.html
index 0baabac17..b3cdeb875 100644
--- a/src/registrar/templates/django/admin/includes/contact_detail_list.html
+++ b/src/registrar/templates/django/admin/includes/contact_detail_list.html
@@ -6,7 +6,11 @@
 
     {% if show_formatted_name %}
         {% if user.get_formatted_name %}
-            <a class="contact_info_name" href="{% url 'admin:registrar_contact_change' user.id %}">{{ user.get_formatted_name }}</a>
+            {% if adminform.form.show_contact_as_plain_text %}
+                {{ user.get_formatted_name }}
+            {% else %}
+                <a class="contact_info_name" href="{% url 'admin:registrar_contact_change' user.id %}">{{ user.get_formatted_name }}</a>
+            {% endif %}
         {% else %}
             None
         {% endif %}
diff --git a/src/registrar/templates/django/admin/includes/detail_table_fieldset.html b/src/registrar/templates/django/admin/includes/detail_table_fieldset.html
index a074e8a7c..c800a7c84 100644
--- a/src/registrar/templates/django/admin/includes/detail_table_fieldset.html
+++ b/src/registrar/templates/django/admin/includes/detail_table_fieldset.html
@@ -69,7 +69,11 @@ This is using a custom implementation fieldset.html (see admin/fieldset.html)
     {% elif field.field.name == "portfolio_senior_official" %}
         <div class="readonly">
             {% if original_object.portfolio.senior_official %}
-                <a href="{% url 'admin:registrar_seniorofficial_change' original_object.portfolio.senior_official.id %}">{{ field.contents }}</a>
+                {% if adminform.form.show_contact_as_plain_text %}
+                    {{ field.contents|striptags }}
+                {% else %}
+                    <a href="{% url 'admin:registrar_seniorofficial_change' original_object.portfolio.senior_official.id %}">{{ field.contents }}</a>
+                {% endif %}
             {% else %}
                 No senior official found.<br>
             {% endif %}
@@ -78,7 +82,11 @@ This is using a custom implementation fieldset.html (see admin/fieldset.html)
         {% if all_contacts.count > 2 %}
             <div class="readonly">
                 {% for contact in all_contacts %}
-                    <a href="{% url 'admin:registrar_contact_change' contact.id %}">{{ contact.get_formatted_name }}</a>{% if not forloop.last %}, {% endif %}
+                    {% if adminform.form.show_contact_as_plain_text %}
+                        {{ contact.get_formatted_name }}{% if not forloop.last %}, {% endif %}
+                    {% else %}
+                        <a href="{% url 'admin:registrar_contact_change' contact.id %}">{{ contact.get_formatted_name }}</a>{% if not forloop.last %}, {% endif %}
+                    {% endif %}
                 {% endfor %}
             </div>
         {% else %}
@@ -153,6 +161,10 @@ This is using a custom implementation fieldset.html (see admin/fieldset.html)
                 <p>No additional members found.</p>
             {% endif %}
         </div>
+    {% elif field.field.name == "creator" and adminform.form.show_contact_as_plain_text %}
+        <div class="readonly">{{ field.contents|striptags }}</div>
+    {% elif field.field.name == "senior_official" and adminform.form.show_contact_as_plain_text %}
+        <div class="readonly">{{ field.contents|striptags }}</div>
     {% else %}
         <div class="readonly">{{ field.contents }}</div>
     {% endif %}

From 70970fbcc56266ed97e64e1df619b1a61a9a4c20 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 6 Mar 2025 08:55:31 -0500
Subject: [PATCH 007/285]  portfolio admin updates

---
 src/registrar/admin.py                        | 130 +++++++++++++++---
 src/registrar/models/user_group.py            |   2 +-
 .../django/admin/domain_change_form.html      |   6 +-
 .../portfolio/portfolio_admins_table.html     |   6 +-
 .../portfolio/portfolio_fieldset.html         |   3 +
 5 files changed, 124 insertions(+), 23 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index e16463fb8..f556db16d 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -326,7 +326,6 @@ class DomainRequestAdminForm(forms.ModelForm):
             if not domain_request.creator.is_restricted() and "status" in self.fields:
                 self.fields["status"].widget.choices = available_transitions
 
-
     def get_custom_field_transitions(self, instance, field):
         """Custom implementation of get_available_FIELD_transitions
         in the FSM. Allows us to still display fields filtered out by a condition."""
@@ -3345,6 +3344,16 @@ class DomainInformationInline(admin.StackedInline):
     template = "django/admin/includes/domain_info_inline_stacked.html"
     model = models.DomainInformation
 
+    def __init__(self, *args, **kwargs):
+        """Initialize the admin class and define a default value for is_omb_analyst."""
+        super().__init__(*args, **kwargs)
+        self.is_omb_analyst = False  # Default value in case it's accessed before being set
+
+    def get_queryset(self, request):
+        """Ensure self.is_omb_analyst is set early."""
+        self.is_omb_analyst = request.user.groups.filter(name="omb_analysts_group").exists()
+        return super().get_queryset(request)
+    
     # Define methods to display fields from the related portfolio
     def portfolio_senior_official(self, obj) -> Optional[SeniorOfficial]:
         return obj.portfolio.senior_official if obj.portfolio and obj.portfolio.senior_official else None
@@ -3432,12 +3441,16 @@ class DomainInformationInline(admin.StackedInline):
         if not domain_managers:
             return "No domain managers found."
 
-        domain_manager_details = "<table><thead><tr><th>UID</th><th>Name</th><th>Email</th></tr></thead><tbody>"
+        domain_manager_details = "<table><thead><tr>"
+        if not self.is_omb_analyst:
+            domain_manager_details += "<th>UID</th>"
+        domain_manager_details += "<th>Name</th><th>Email</th></tr></thead><tbody>"
         for domain_manager in domain_managers:
             full_name = domain_manager.get_formatted_name()
             change_url = reverse("admin:registrar_user_change", args=[domain_manager.pk])
             domain_manager_details += "<tr>"
-            domain_manager_details += f'<td><a href="{change_url}">{escape(domain_manager.username)}</a>'
+            if not self.is_omb_analyst:
+                domain_manager_details += f'<td><a href="{change_url}">{escape(domain_manager.username)}</a>'
             domain_manager_details += f"<td>{escape(full_name)}</td>"
             domain_manager_details += f"<td>{escape(domain_manager.email)}</td>"
             domain_manager_details += "</tr>"
@@ -3469,7 +3482,8 @@ class DomainInformationInline(admin.StackedInline):
 
         superuser_perm = request.user.has_perm("registrar.full_access_permission")
         analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
-        if analyst_perm and not superuser_perm:
+        omb_analyst_perm = request.user.groups.filter(name="omb_analysts_group").exists()
+        if (analyst_perm or omb_analyst_perm) and not superuser_perm:
             return True
         return super().has_change_permission(request, obj)
 
@@ -3542,6 +3556,17 @@ class DomainInformationInline(admin.StackedInline):
                 modified_fieldsets.append(fieldsets_to_move)
 
         return modified_fieldsets
+    
+    def get_form(self, request, obj=None, **kwargs):
+        """Pass the 'is_omb_analyst' attribute to the form."""
+        form = super().get_form(request, obj, **kwargs)
+
+        # Store attribute in the form for template access
+        self.is_omb_analyst = request.user.groups.filter(name="omb_analysts_group").exists()
+        form.show_contact_as_plain_text = self.is_omb_analyst
+        form.is_omb_analyst = self.is_omb_analyst
+
+        return form
 
 
 class DomainResource(FsmModelResource):
@@ -4152,7 +4177,17 @@ class DomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
                     obj.domain_info.converted_federal_type == BranchChoices.EXECUTIVE        
         return super().has_view_permission(request, obj)
     
+    def get_form(self, request, obj=None, **kwargs):
+        """Pass the 'is_omb_analyst' attribute to the form."""
+        form = super().get_form(request, obj, **kwargs)
 
+        # Store attribute in the form for template access
+        is_omb_analyst = request.user.groups.filter(name="omb_analysts_group").exists()
+        form.show_contact_as_plain_text = is_omb_analyst
+        form.is_omb_analyst = is_omb_analyst
+
+        return form
+    
 class DraftDomainResource(resources.ModelResource):
     """defines how each field in the referenced model should be mapped to the corresponding fields in the
     import/export file"""
@@ -4336,6 +4371,11 @@ class PortfolioAdmin(ListHeaderAdmin):
 
     _meta = Meta()
 
+    def __init__(self, *args, **kwargs):
+        """Initialize the admin class and define a default value for is_omb_analyst."""
+        super().__init__(*args, **kwargs)
+        self.is_omb_analyst = False  # Default value in case it's accessed before being set
+
     change_form_template = "django/admin/portfolio_change_form.html"
     fieldsets = [
         # created_on is the created_at field
@@ -4417,6 +4457,19 @@ class PortfolioAdmin(ListHeaderAdmin):
     # rather than strip it out of our logic.
     analyst_readonly_fields = []  # type: ignore
 
+    omb_analyst_readonly_fields = [
+        "notes",
+        "organization_type",
+        "organization_name",
+        "federal_agency",
+        "state_territory",
+        "address_line1",
+        "address_line2",
+        "city",
+        "zipcode",
+        "urbanization",
+    ]
+
     def get_admin_users(self, obj):
         # Filter UserPortfolioPermission objects related to the portfolio
         admin_permissions = self.get_user_portfolio_permission_admins(obj)
@@ -4502,6 +4555,8 @@ class PortfolioAdmin(ListHeaderAdmin):
         """Returns the number of administrators for this portfolio"""
         admin_count = len(self.get_user_portfolio_permission_admins(obj))
         if admin_count > 0:
+            if self.is_omb_analyst:
+                return format_html(f"{admin_count} administrators")
             url = reverse("admin:registrar_userportfoliopermission_changelist") + f"?portfolio={obj.id}"
             # Create a clickable link with the count
             return format_html(f'<a href="{url}">{admin_count} administrators</a>')
@@ -4513,6 +4568,8 @@ class PortfolioAdmin(ListHeaderAdmin):
         """Returns the number of members for this portfolio"""
         member_count = len(self.get_user_portfolio_permission_non_admins(obj))
         if member_count > 0:
+            if self.is_omb_analyst:
+                return format_html(f"{member_count} members")
             url = reverse("admin:registrar_userportfoliopermission_changelist") + f"?portfolio={obj.id}"
             # Create a clickable link with the count
             return format_html(f'<a href="{url}">{member_count} members</a>')
@@ -4558,7 +4615,10 @@ class PortfolioAdmin(ListHeaderAdmin):
 
         if request.user.has_perm("registrar.full_access_permission"):
             return readonly_fields
-
+        # Return restrictive Read-only fields for OMB analysts
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            readonly_fields.extend([field for field in self.omb_analyst_readonly_fields])
+            return readonly_fields
         # Return restrictive Read-only fields for analysts and
         # users who might not belong to groups
         readonly_fields.extend([field for field in self.analyst_readonly_fields])
@@ -4583,6 +4643,7 @@ class PortfolioAdmin(ListHeaderAdmin):
 
         # Check if user is in OMB analysts group
         if request.user.groups.filter(name="omb_analysts_group").exists():
+            self.is_omb_analyst = True
             annotated_qs = self.get_annotated_queryset(qs)
             return annotated_qs.filter(
                 organization_type=DomainRequest.OrganizationChoices.FEDERAL,
@@ -4609,15 +4670,6 @@ class PortfolioAdmin(ListHeaderAdmin):
                 return obj.federal_type == BranchChoices.EXECUTIVE        
         return super().has_change_permission(request, obj)
 
-    def has_delete_permission(self, request, obj=None):
-        """Restrict delete permissions based on group membership and model attributes."""
-        if request.user.has_perm("registrar.full_access_permission"):
-            return True
-        if obj:
-            if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.federal_type == BranchChoices.EXECUTIVE
-        return super().has_delete_permission(request, obj)
-
     def change_view(self, request, object_id, form_url="", extra_context=None):
         """Add related suborganizations and domain groups.
         Add the summary for the portfolio members field (list of members that link to change_forms)."""
@@ -4662,6 +4714,17 @@ class PortfolioAdmin(ListHeaderAdmin):
 
         super().save_model(request, obj, form, change)
 
+    def get_form(self, request, obj=None, **kwargs):
+        """Pass the 'is_omb_analyst' attribute to the form."""
+        form = super().get_form(request, obj, **kwargs)
+
+        # Store attribute in the form for template access
+        self.is_omb_analyst = request.user.groups.filter(name="omb_analysts_group").exists()
+        form.show_contact_as_plain_text = self.is_omb_analyst
+        form.is_omb_analyst = self.is_omb_analyst
+
+        return form
+
 
 class FederalAgencyResource(resources.ModelResource):
     """defines how each field in the referenced model should be mapped to the corresponding fields in the
@@ -4678,6 +4741,20 @@ class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     ordering = ["agency"]
     resource_classes = [FederalAgencyResource]
 
+    # Readonly fields for analysts and superusers
+    readonly_fields = []
+
+    # Read only that we'll leverage for CISA Analysts
+    analyst_readonly_fields = []
+
+    # Read only that we'll leverage for OMB Analysts
+    omb_analyst_readonly_fields = [
+        "agency",
+        "federal_type",
+        "acronym",
+        "is_fceb",
+    ]
+
     def get_queryset(self, request):
         """Restrict queryset based on user permissions."""
         qs = super().get_queryset(request)
@@ -4696,8 +4773,7 @@ class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
             return True
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.domain.domain_info.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL and \
-                    obj.domain.domain_info.federal_type == BranchChoices.EXECUTIVE
+                return obj.federal_type == BranchChoices.EXECUTIVE
         return super().has_view_permission(request, obj)
     
     def has_change_permission(self, request, obj=None):
@@ -4706,8 +4782,7 @@ class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
             return True
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL and \
-                    obj.converted_federal_type == BranchChoices.EXECUTIVE        
+                return obj.federal_type == BranchChoices.EXECUTIVE        
         return super().has_change_permission(request, obj)
 
     def has_delete_permission(self, request, obj=None):
@@ -4718,7 +4793,24 @@ class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
             if request.user.groups.filter(name="omb_analysts_group").exists():
                 return obj.federal_type == BranchChoices.EXECUTIVE
         return super().has_delete_permission(request, obj)
-    
+
+    def get_readonly_fields(self, request, obj=None):
+        """Set the read-only state on form elements.
+        We have 2 conditions that determine which fields are read-only:
+        admin user permissions and the domain request creator's status, so
+        we'll use the baseline readonly_fields and extend it as needed.
+        """
+        readonly_fields = list(self.readonly_fields)
+        if request.user.has_perm("registrar.full_access_permission"):
+            return readonly_fields
+        # Return restrictive Read-only fields for OMB analysts
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            readonly_fields.extend([field for field in self.omb_analyst_readonly_fields])
+            return readonly_fields
+        # Return restrictive Read-only fields for analysts and
+        # users who might not belong to groups
+        readonly_fields.extend([field for field in self.analyst_readonly_fields])
+        return readonly_fields  
 
 class UserGroupAdmin(AuditedAdmin):
     """Overwrite the generated UserGroup admin class"""
diff --git a/src/registrar/models/user_group.py b/src/registrar/models/user_group.py
index b3bddee66..031fe8e06 100644
--- a/src/registrar/models/user_group.py
+++ b/src/registrar/models/user_group.py
@@ -176,7 +176,7 @@ class UserGroup(Group):
             {
                 "app_label": "registrar",
                 "model": "portfolio",
-                "permissions": ["change_portfolio", "delete_portfolio"],
+                "permissions": ["change_portfolio"],
             },
             {
                 "app_label": "registrar",
diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index 7aa0034b9..9f34feae6 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -11,13 +11,15 @@
 {% block field_sets %}
     <div class="display-flex flex-row flex-justify submit-row">
         <div class="flex-align-self-start button-list-mobile">
+            {% if not adminform.form.is_omb_analyst %}
             <input id="manageDomainSubmitButton" type="submit" value="Manage domain" name="_edit_domain">
             {# Dja has margin styles defined on inputs as is. Lets work with it, rather than fight it. #}
             <span class="mini-spacer"></span>
             <input type="submit" value="Get registry status" name="_get_status">
+            {% endif %}
         </div>
         <div class="desktop:flex-align-self-end">
-            {% if original.state != original.State.DELETED %}
+            {% if original.state != original.State.DELETED and not adminform.form.is_omb_analyst %}
             <a class="text-middle" href="#toggle-extend-expiration-alert" aria-controls="toggle-extend-expiration-alert" data-open-modal>
                 Extend expiration date
             </a>
@@ -33,7 +35,7 @@
             {% if original.state == original.State.READY or original.state == original.State.ON_HOLD %}
             <span class="margin-left-05 margin-right-05 text-middle"> | </span>
             {% endif %}
-            {% if original.state != original.State.DELETED %}
+            {% if original.state != original.State.DELETED and not adminform.form.is_omb_analyst %}
             <a class="text-middle" href="#toggle-remove-from-registry" aria-controls="toggle-remove-from-registry" data-open-modal>
                 Remove from registry
             </a>
diff --git a/src/registrar/templates/django/admin/includes/portfolio/portfolio_admins_table.html b/src/registrar/templates/django/admin/includes/portfolio/portfolio_admins_table.html
index 7add74323..574c05738 100644
--- a/src/registrar/templates/django/admin/includes/portfolio/portfolio_admins_table.html
+++ b/src/registrar/templates/django/admin/includes/portfolio/portfolio_admins_table.html
@@ -16,7 +16,11 @@
         {% for admin in admins %}
         {% url 'admin:registrar_userportfoliopermission_change' admin.pk as url %}
         <tr>
-            <td><a href={{url}}>{{ admin.user.get_formatted_name}}</a></td>
+            {% if adminform.form.is_omb_analyst %}
+                <td>{{ admin.user.get_formatted_name }}</td>
+            {% else %}
+                <td><a href={{url}}>{{ admin.user.get_formatted_name}}</a></td>
+            {% endif %}
             <td>{{ admin.user.title }}</td>
             <td>
                 {% if admin.user.email %}
diff --git a/src/registrar/templates/django/admin/includes/portfolio/portfolio_fieldset.html b/src/registrar/templates/django/admin/includes/portfolio/portfolio_fieldset.html
index 87b56cb60..54ac502d1 100644
--- a/src/registrar/templates/django/admin/includes/portfolio/portfolio_fieldset.html
+++ b/src/registrar/templates/django/admin/includes/portfolio/portfolio_fieldset.html
@@ -30,6 +30,9 @@
                 <a href={{ url }}>No senior official found. Create one now.</a>
             </div>
         {% endif %}
+
+    {% elif field.field.name == "creator" and adminform.form.show_contact_as_plain_text %}
+        <div class="readonly">{{ field.contents|striptags }}</div>
     {% else %}
         <div class="readonly">{{ field.contents }}</div>
     {% endif %}

From b022b13706de0dd85b11e897f2525614db1a79b8 Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Thu, 6 Mar 2025 11:56:41 -0600
Subject: [PATCH 008/285] additional details forms

---
 src/registrar/assets/src/js/getgov/main.js    |  3 +-
 src/registrar/forms/domain_request_wizard.py  |  2 +-
 .../domainrequestwizard/additional_details.py | 85 +++++++++++++++++++
 ..._domainrequest_feb_eop_contact_and_more.py | 30 +++++++
 src/registrar/models/domain_request.py        | 13 +++
 ...lio_domain_request_additional_details.html | 60 +++++++++++--
 src/registrar/tests/test_admin_request.py     |  2 +
 src/registrar/tests/test_views_request.py     | 38 ++++++++-
 src/registrar/views/domain_request.py         | 42 ++++++++-
 9 files changed, 260 insertions(+), 15 deletions(-)
 create mode 100644 src/registrar/forms/domainrequestwizard/additional_details.py
 create mode 100644 src/registrar/migrations/0143_domainrequest_feb_eop_contact_and_more.py

diff --git a/src/registrar/assets/src/js/getgov/main.js b/src/registrar/assets/src/js/getgov/main.js
index 139c8484a..724f8b9d0 100644
--- a/src/registrar/assets/src/js/getgov/main.js
+++ b/src/registrar/assets/src/js/getgov/main.js
@@ -25,6 +25,8 @@ nameserversFormListener();
 hookupYesNoListener("other_contacts-has_other_contacts",'other-employees', 'no-other-employees');
 hookupYesNoListener("additional_details-has_anything_else_text",'anything-else', null);
 hookupYesNoListener("additional_details-has_cisa_representative",'cisa-representative', null);
+hookupYesNoListener("portfolio_additional_details-working_with_eop", "eop-contact-container", null);
+hookupYesNoListener("portfolio_additional_details-has_anything_else_text", 'anything-else-details-container', null);
 hookupYesNoListener("dotgov_domain-feb_naming_requirements", null, "domain-naming-requirements-details-container");
 
 hookupCallbacksToRadioToggler("purpose-feb_purpose_choice", domain_purpose_choice_callbacks);
@@ -32,7 +34,6 @@ hookupCallbacksToRadioToggler("purpose-feb_purpose_choice", domain_purpose_choic
 hookupYesNoListener("purpose-has_timeframe", "purpose-timeframe-details-container", null);
 hookupYesNoListener("purpose-is_interagency_initiative", "purpose-interagency-initaitive-details-container", null);
 
-
 initializeUrbanizationToggle();
 
 userProfileListener();
diff --git a/src/registrar/forms/domain_request_wizard.py b/src/registrar/forms/domain_request_wizard.py
index 7cbb159b4..8c89a35ec 100644
--- a/src/registrar/forms/domain_request_wizard.py
+++ b/src/registrar/forms/domain_request_wizard.py
@@ -599,7 +599,7 @@ class DotGovDomainForm(RegistrarForm):
             return_type=ValidationReturnType.FORM_VALIDATION_ERROR,
         )
         return validated
-    
+
     def is_valid(self):
         return super().is_valid()
 
diff --git a/src/registrar/forms/domainrequestwizard/additional_details.py b/src/registrar/forms/domainrequestwizard/additional_details.py
new file mode 100644
index 000000000..8ae0629d5
--- /dev/null
+++ b/src/registrar/forms/domainrequestwizard/additional_details.py
@@ -0,0 +1,85 @@
+from django import forms
+from django.core.validators import MaxLengthValidator
+from registrar.forms.utility.wizard_form_helper import BaseDeletableRegistrarForm, BaseYesNoForm
+from registrar.models.contact import Contact
+
+
+class WorkingWithEOPYesNoForm(BaseDeletableRegistrarForm, BaseYesNoForm):
+    """
+    Form for determining if the Federal Executive Branch (FEB) agency is working with the
+    Executive Office of the President (EOP) on the domain request.
+    """
+
+    field_name = "working_with_eop"
+
+    @property
+    def form_is_checked(self):
+        """
+        Determines the initial checked state of the form based on the domain_request's attributes.
+        """
+        return self.domain_request.working_with_eop
+
+
+class EOPContactForm(BaseDeletableRegistrarForm):
+    """
+    Form for contact information of the representative of the
+    Executive Office of the President (EOP) that the Federal
+    Executive Branch (FEB) agency is working with.
+    """
+
+    field_name = "eop_contact"
+
+    first_name = forms.CharField(
+        label="First name / given name",
+        error_messages={"required": "Enter the first name / given name of this contact."},
+        required=True,
+    )
+    last_name = forms.CharField(
+        label="Last name / family name",
+        error_messages={"required": "Enter the last name / family name of this contact."},
+        required=True,
+    )
+    email = forms.EmailField(
+        label="Email",
+        max_length=None,
+        error_messages={
+            "required": ("Enter an email address in the required format, like name@example.com."),
+            "invalid": ("Enter an email address in the required format, like name@example.com."),
+        },
+        validators=[
+            MaxLengthValidator(
+                320,
+                message="Response must be less than 320 characters.",
+            )
+        ],
+        required=True,
+        help_text="Enter an email address in the required format, like name@example.com.",
+    )
+
+    @classmethod
+    def from_database(cls, obj):
+        # if not obj.eop_contact:
+        #     return {}
+        # return {
+        #     "first_name": obj.feb_eop_contact.first_name,
+        #     "last_name": obj.feb_eop_contact.last_name,
+        #     "email": obj.feb_eop_contact.email,
+        # }
+        return {}
+
+    def to_database(self, obj):
+        if not self.is_valid():
+            return
+        obj.eop_contact = Contact.objects.create(
+            first_name=self.cleaned_data["first_name"],
+            last_name=self.cleaned_data["last_name"],
+            email=self.cleaned_data["email"],
+        )
+        obj.save()
+
+
+class FEBAnythingElseYesNoForm(BaseYesNoForm, BaseDeletableRegistrarForm):
+    """Yes/no toggle for the anything else question on additional details"""
+
+    form_is_checked = property(lambda self: self.domain_request.has_anything_else_text)  # type: ignore
+    field_name = "has_anything_else_text"
diff --git a/src/registrar/migrations/0143_domainrequest_feb_eop_contact_and_more.py b/src/registrar/migrations/0143_domainrequest_feb_eop_contact_and_more.py
new file mode 100644
index 000000000..7001e47d6
--- /dev/null
+++ b/src/registrar/migrations/0143_domainrequest_feb_eop_contact_and_more.py
@@ -0,0 +1,30 @@
+# Generated by Django 4.2.17 on 2025-03-05 15:48
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("registrar", "0142_domainrequest_feb_purpose_choice_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="domainrequest",
+            name="eop_contact",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="eop_contact",
+                to="registrar.contact",
+            ),
+        ),
+        migrations.AddField(
+            model_name="domainrequest",
+            name="working_with_eop",
+            field=models.BooleanField(blank=True, null=True),
+        ),
+    ]
diff --git a/src/registrar/models/domain_request.py b/src/registrar/models/domain_request.py
index b7aaff65d..b181094aa 100644
--- a/src/registrar/models/domain_request.py
+++ b/src/registrar/models/domain_request.py
@@ -523,6 +523,19 @@ class DomainRequest(TimeStampedModel):
         choices=FEBPurposeChoices.choices,
     )
 
+    working_with_eop = models.BooleanField(
+        null=True,
+        blank=True,
+    )
+
+    eop_contact = models.ForeignKey(
+        "registrar.Contact",
+        null=True,
+        blank=True,
+        related_name="eop_contact",
+        on_delete=models.PROTECT,
+    )
+
     # This field is alternately used for generic domain purpose explanations
     # and for explanations of the specific purpose chosen with feb_purpose_choice
     # by a Federal Executive Branch agency.
diff --git a/src/registrar/templates/portfolio_domain_request_additional_details.html b/src/registrar/templates/portfolio_domain_request_additional_details.html
index 5bc529243..d7d53dd1a 100644
--- a/src/registrar/templates/portfolio_domain_request_additional_details.html
+++ b/src/registrar/templates/portfolio_domain_request_additional_details.html
@@ -6,16 +6,60 @@
 {% endblock %}
 
 {% block form_fields %}
+    {% if requires_feb_questions %}
+        {{forms.2.management_form}}
+        {{forms.3.management_form}}
+        {{forms.4.management_form}}
+        {{forms.5.management_form}}
+        <fieldset class="usa-fieldset">          
+            <h2 class="margin-top-0 margin-bottom-0">Are you working with someone in the Executive Office of the President (EOP) on this request?</h2> 
+            
+            <p class="margin-bottom-0 margin-top-1">
+              <em>Select one. <abbr class="usa-hint usa-hint--required" title="required">*</abbr></em>
+            </p>
+            {% with add_class="usa-radio__input--tile" add_legend_class="usa-sr-only" %}
+              {% input_with_errors forms.0.working_with_eop %}
+            {% endwith %}
 
-    <fieldset class="usa-fieldset">          
+            <div id="eop-contact-container" class="conditional-panel display-none">
+              <p class="margin-bottom-0 margin-top-1">
+                Provide the name and email of the person you're working with.<span class="usa-label--required">*</span>
+              </p>
+              {% with add_class="usa-radio__input--tile" add_legend_class="usa-sr-only" %}
+                {% input_with_errors forms.1.first_name %}
+                {% input_with_errors forms.1.last_name %}
+                {% input_with_errors forms.1.email %}
+              {% endwith %}
+            </div>
+
+            <h2 class="margin-top-0 margin-bottom-0">Is there anything else you'd like us to know about your domain request?</h2> 
+            <p class="margin-bottom-0 margin-top-1">
+              <em>Select one. <abbr class="usa-hint usa-hint--required" title="required">*</abbr></em>
+            </p>
+            {% with add_class="usa-radio__input--tile" add_legend_class="usa-sr-only" %}
+              {% input_with_errors forms.2.has_anything_else_text %}
+            {% endwith %}
+    
+            <div id="anything-else-details-container" class="conditional-panel display-none">
+              <p class="usa-label">
+                <em>Provide details below <span class="usa-label--required">*</span></em>
+              </p>
+              {% with add_label_class="usa-sr-only" attr_required="required" attr_maxlength="2000" %}
+                {% input_with_errors forms.3.anything_else %}
+              {% endwith %}
+            </div>
+        </fieldset>
+    {% else %}
+        <fieldset class="usa-fieldset">          
             <h2 class="margin-top-0 margin-bottom-0">Is there anything else you’d like us to know about your domain request?</h2> 
         </legend>
-    </fieldset>
+        </fieldset>
 
-    <div id="anything-else">
-        <p><em>This question is optional.</em></p>
-        {% with attr_maxlength=2000 add_label_class="usa-sr-only" %}
-            {% input_with_errors forms.0.anything_else %}
-        {% endwith %}
-    </div>
+        <div id="anything-else">
+            <p><em>This question is optional.</em></p>
+            {% with attr_maxlength=2000 add_label_class="usa-sr-only" %}
+                {% input_with_errors forms.0.anything_else %}
+            {% endwith %}
+        </div>
+    {% endif %}
 {% endblock %}
diff --git a/src/registrar/tests/test_admin_request.py b/src/registrar/tests/test_admin_request.py
index 9320dd3d3..7bc150326 100644
--- a/src/registrar/tests/test_admin_request.py
+++ b/src/registrar/tests/test_admin_request.py
@@ -1984,6 +1984,8 @@ class TestDomainRequestAdmin(MockEppLib):
             "feb_naming_requirements",
             "feb_naming_requirements_details",
             "feb_purpose_choice",
+            "working_with_eop",
+            "eop_contact",
             "purpose",
             "has_timeframe",
             "time_frame_details",
diff --git a/src/registrar/tests/test_views_request.py b/src/registrar/tests/test_views_request.py
index 7b117f67d..7db89a9e8 100644
--- a/src/registrar/tests/test_views_request.py
+++ b/src/registrar/tests/test_views_request.py
@@ -2550,7 +2550,7 @@ class DomainRequestTests(TestWithUser, WebTest):
 
     # @less_console_noise_decorator
     @override_flag("organization_feature", active=True)
-    def test_domain_request_dotgov_domain_FEB_questions(self):
+    def test_domain_request_FEB_questions(self):
         """
         Test that for a member of a federal executive branch portfolio with org feature on, the dotgov domain page
         contains additional questions for OMB.
@@ -2612,13 +2612,14 @@ class DomainRequestTests(TestWithUser, WebTest):
         # separate out these tests for readability
         self.feb_dotgov_domain_tests(dotgov_page)
 
-        # Now proceed with the actual test
         domain_form = dotgov_page.forms[0]
         domain = "test.gov"
         domain_form["dotgov_domain-requested_domain"] = domain
         domain_form["dotgov_domain-feb_naming_requirements"] = "True"
         domain_form["dotgov_domain-feb_naming_requirements_details"] = "test"
-        with patch('registrar.forms.domain_request_wizard.DotGovDomainForm.clean_requested_domain', return_value=domain):  # noqa
+        with patch(
+            "registrar.forms.domain_request_wizard.DotGovDomainForm.clean_requested_domain", return_value=domain
+        ):  # noqa
             self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
             domain_result = domain_form.submit()
 
@@ -2628,6 +2629,20 @@ class DomainRequestTests(TestWithUser, WebTest):
 
         self.feb_purpose_page_tests(purpose_page)
 
+        purpose_form = purpose_page.forms[0]
+        purpose_form["purpose-feb_purpose_choice"] = "redirect"
+        purpose_form["purpose-purpose"] = "test"
+        purpose_form["purpose-has_timeframe"] = "True"
+        purpose_form["purpose-time_frame_details"] = "test"
+        purpose_form["purpose-is_interagency_initiative"] = "True"
+        purpose_form["purpose-interagency_initiative_details"] = "test"
+        self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
+        purpose_result = purpose_form.submit()
+
+        # ---- ADDITIONAL DETAILS PAGE  ----
+        self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
+        additional_details_page = purpose_result.follow()
+        self.feb_additional_details_page_tests(additional_details_page)
 
     def feb_purpose_page_tests(self, purpose_page):
         self.assertContains(purpose_page, "What is the purpose of your requested domain?")
@@ -2669,6 +2684,23 @@ class DomainRequestTests(TestWithUser, WebTest):
         # Check that the details form was included
         self.assertContains(dotgov_page, "feb_naming_requirements_details")
 
+    def feb_additional_details_page_tests(self, additional_details_page):
+        test_text = "Are you working with someone in the Executive Office of the President (EOP) on this request?"
+        self.assertContains(additional_details_page, test_text)
+
+        # Make sure the EOP form is present
+        self.assertContains(additional_details_page, "working_with_eop")
+
+        # Make sure the EOP contact form is present
+        self.assertContains(additional_details_page, "eop-contact-container")
+        self.assertContains(additional_details_page, "additional_details-first_name")
+        self.assertContains(additional_details_page, "additional_details-last_name")
+        self.assertContains(additional_details_page, "additional_details-email")
+
+        # Make sure the additional details form is present
+        self.assertContains(additional_details_page, "additional_details-has_anything_else_text")
+        self.assertContains(additional_details_page, "additional_details-anything_else")
+
     @less_console_noise_decorator
     def test_domain_request_formsets(self):
         """Users are able to add more than one of some fields."""
diff --git a/src/registrar/views/domain_request.py b/src/registrar/views/domain_request.py
index 55cd9a19e..1aeb52a20 100644
--- a/src/registrar/views/domain_request.py
+++ b/src/registrar/views/domain_request.py
@@ -15,7 +15,7 @@ from registrar.decorators import (
     grant_access,
 )
 from registrar.forms import domain_request_wizard as forms
-from registrar.forms.domainrequestwizard import purpose
+from registrar.forms.domainrequestwizard import (purpose, additional_details)
 from registrar.forms.utility.wizard_form_helper import request_step_list
 from registrar.models import DomainRequest
 from registrar.models.contact import Contact
@@ -609,7 +609,45 @@ class RequestingEntity(DomainRequestWizard):
 class PortfolioAdditionalDetails(DomainRequestWizard):
     template_name = "portfolio_domain_request_additional_details.html"
 
-    forms = [forms.PortfolioAnythingElseForm]
+    forms = [
+        additional_details.WorkingWithEOPYesNoForm,
+        additional_details.EOPContactForm,
+        additional_details.FEBAnythingElseYesNoForm,
+        forms.PortfolioAnythingElseForm,
+    ]
+
+    def get_context_data(self):
+        context = super().get_context_data()
+        context["requires_feb_questions"] = self.requires_feb_questions()
+        return context
+
+    def is_valid(self, forms: list) -> bool:
+        """
+        Validates the forms for portfolio additional details.
+
+        Expected order of forms_list:
+            0: WorkingWithEOPYesNoForm
+            1: EOPContactForm
+            2: FEBAnythingElseYesNoForm
+            3: PortfolioAnythingElseForm
+        """
+        eop_forms_valid = True
+        if not forms[0].is_valid():
+            # If the user isn't working with EOP, don't validate the EOP contact form
+            forms[1].mark_form_for_deletion()
+            eop_forms_valid = False        
+        if forms[0].cleaned_data.get("working_with_eop"):
+            eop_forms_valid = forms[1].is_valid()
+        else:
+            forms[1].mark_form_for_deletion()        
+        anything_else_forms_valid = True
+        if not forms[2].is_valid():
+            forms[3].mark_form_for_deletion()
+            anything_else_forms_valid = False        
+        if forms[2].cleaned_data.get("has_anything_else_text"):
+            forms[3].fields["anything_else"].required = True
+            anything_else_forms_valid = forms[3].is_valid()        
+        return (eop_forms_valid and anything_else_forms_valid)
 
 
 # Non-portfolio pages

From 76bb219a2a8325d7d8c798c338828a0834fde7ea Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 6 Mar 2025 13:55:00 -0500
Subject: [PATCH 009/285] suborgs and senior officials

---
 src/registrar/admin.py             | 84 +++++++++++++++++++++++-------
 src/registrar/models/user_group.py |  4 +-
 2 files changed, 68 insertions(+), 20 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index f556db16d..1f5dae5f1 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -1257,6 +1257,40 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
             ),
         )
     
+    readonly_fields = []
+
+    # Even though this is empty, I will leave it as a stub for easy changes in the future
+    # rather than strip it out of our logic.
+    analyst_readonly_fields = []  # type: ignore
+
+    omb_analyst_readonly_fields = [
+        "first_name",
+        "last_name",
+        "title",
+        "phone",
+        "email",
+        "federal_agency",
+    ]
+
+    def get_readonly_fields(self, request, obj=None):
+        """Set the read-only state on form elements.
+        We have conditions that determine which fields are read-only:
+        admin user permissions and analyst (cisa or omb) status, so
+        we'll use the baseline readonly_fields and extend it as needed.
+        """
+        readonly_fields = list(self.readonly_fields)
+
+        if request.user.has_perm("registrar.full_access_permission"):
+            return readonly_fields
+        # Return restrictive Read-only fields for OMB analysts
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            readonly_fields.extend([field for field in self.omb_analyst_readonly_fields])
+            return readonly_fields
+        # Return restrictive Read-only fields for analysts and
+        # users who might not belong to groups
+        readonly_fields.extend([field for field in self.analyst_readonly_fields])
+        return readonly_fields
+    
     def get_queryset(self, request):
         """Restrict queryset based on user permissions."""
         qs = super().get_queryset(request)
@@ -1288,15 +1322,6 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
                 return obj.federal_agency and obj.federal_agency.federal_type == BranchChoices.EXECUTIVE
         return super().has_change_permission(request, obj)
 
-    def has_delete_permission(self, request, obj=None):
-        """Restrict delete permissions based on group membership and model attributes."""
-        if request.user.has_perm("registrar.full_access_permission"):
-            return True
-        if obj:
-            if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.federal_agency and obj.federal_agency.federal_type == BranchChoices.EXECUTIVE
-        return super().has_delete_permission(request, obj)
-
 
 class WebsiteResource(resources.ModelResource):
     """defines how each field in the referenced model should be mapped to the corresponding fields in the
@@ -4876,6 +4901,38 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
 
     change_form_template = "django/admin/suborg_change_form.html"
 
+    readonly_fields = []
+
+    # Even though this is empty, I will leave it as a stub for easy changes in the future
+    # rather than strip it out of our logic.
+    analyst_readonly_fields = []  # type: ignore
+
+    omb_analyst_readonly_fields = [
+        "name",
+        "portfolio",
+        "city",
+        "state_territory",
+    ]
+
+    def get_readonly_fields(self, request, obj=None):
+        """Set the read-only state on form elements.
+        We have conditions that determine which fields are read-only:
+        admin user permissions and analyst (cisa or omb) status, so
+        we'll use the baseline readonly_fields and extend it as needed.
+        """
+        readonly_fields = list(self.readonly_fields)
+
+        if request.user.has_perm("registrar.full_access_permission"):
+            return readonly_fields
+        # Return restrictive Read-only fields for OMB analysts
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            readonly_fields.extend([field for field in self.omb_analyst_readonly_fields])
+            return readonly_fields
+        # Return restrictive Read-only fields for analysts and
+        # users who might not belong to groups
+        readonly_fields.extend([field for field in self.analyst_readonly_fields])
+        return readonly_fields
+
     def change_view(self, request, object_id, form_url="", extra_context=None):
         """Add suborg's related domains and requests to context"""
         obj = self.get_object(request, object_id)
@@ -4942,15 +4999,6 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
                 return obj.portfolio and obj.portfolio.federal_type == BranchChoices.EXECUTIVE     
         return super().has_change_permission(request, obj)
 
-    def has_delete_permission(self, request, obj=None):
-        """Restrict delete permissions based on group membership and model attributes."""
-        if request.user.has_perm("registrar.full_access_permission"):
-            return True
-        if obj:
-            if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.portfolio and obj.portfolio.federal_type == BranchChoices.EXECUTIVE
-        return super().has_delete_permission(request, obj)
-
 
 class AllowedEmailAdmin(ListHeaderAdmin):
     class Meta:
diff --git a/src/registrar/models/user_group.py b/src/registrar/models/user_group.py
index 031fe8e06..781dbb64c 100644
--- a/src/registrar/models/user_group.py
+++ b/src/registrar/models/user_group.py
@@ -181,12 +181,12 @@ class UserGroup(Group):
             {
                 "app_label": "registrar",
                 "model": "suborganization",
-                "permissions": ["change_suborganization", "delete_suborganization"],
+                "permissions": ["change_suborganization"],
             },
             {
                 "app_label": "registrar",
                 "model": "seniorofficial",
-                "permissions": ["change_seniorofficial", "delete_seniorofficial"],
+                "permissions": ["change_seniorofficial"],
             },
         ]
 

From 7d2a37970fc9e67bc518dc8153ffd9a79cbcfafd Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 6 Mar 2025 14:00:21 -0500
Subject: [PATCH 010/285] lint

---
 src/registrar/admin.py | 93 +++++++++++++++++++++++++-----------------
 1 file changed, 56 insertions(+), 37 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 1f5dae5f1..303d82f05 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -78,10 +78,14 @@ logger = logging.getLogger(__name__)
 class ImportExportRegistrarModelAdmin(ImportExportModelAdmin):
 
     def has_import_permission(self, request):
-        return request.user.has_perm("registrar.analyst_access_permission") or request.user.has_perm("registrar.full_access_permission")
+        return request.user.has_perm("registrar.analyst_access_permission") or request.user.has_perm(
+            "registrar.full_access_permission"
+        )
 
     def has_export_permission(self, request):
-        return request.user.has_perm("registrar.analyst_access_permission") or request.user.has_perm("registrar.full_access_permission")
+        return request.user.has_perm("registrar.analyst_access_permission") or request.user.has_perm(
+            "registrar.full_access_permission"
+        )
 
 
 class FsmModelResource(resources.ModelResource):
@@ -1256,7 +1260,7 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
                 default=Value(""),
             ),
         )
-    
+
     readonly_fields = []
 
     # Even though this is empty, I will leave it as a stub for easy changes in the future
@@ -1290,7 +1294,7 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
         # users who might not belong to groups
         readonly_fields.extend([field for field in self.analyst_readonly_fields])
         return readonly_fields
-    
+
     def get_queryset(self, request):
         """Restrict queryset based on user permissions."""
         qs = super().get_queryset(request)
@@ -1303,7 +1307,7 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
             )
 
         return qs  # Return full queryset if the user doesn't have the restriction
-    
+
     def has_view_permission(self, request, obj=None):
         """Restrict view permissions based on group membership and model attributes."""
         if request.user.has_perm("registrar.full_access_permission"):
@@ -1312,7 +1316,7 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
             if request.user.groups.filter(name="omb_analysts_group").exists():
                 return obj.federal_agency and obj.federal_agency.federal_type == BranchChoices.EXECUTIVE
         return super().has_view_permission(request, obj)
-    
+
     def has_change_permission(self, request, obj=None):
         """Restrict update permissions based on group membership and model attributes."""
         if request.user.has_perm("registrar.full_access_permission"):
@@ -1618,21 +1622,25 @@ class DomainInvitationAdmin(BaseInvitationAdmin):
         return queryset.annotate(
             converted_generic_org_type=Case(
                 # When portfolio is present, use its value instead
-                When(domain__domain_info__portfolio__isnull=False, then=F("domain__domain_info__portfolio__organization_type")),
+                When(
+                    domain__domain_info__portfolio__isnull=False,
+                    then=F("domain__domain_info__portfolio__organization_type"),
+                ),
                 # Otherwise, return the natively assigned value
                 default=F("domain__domain_info__generic_org_type"),
             ),
             converted_federal_type=Case(
                 # When portfolio is present, use its value instead
                 When(
-                    Q(domain__domain_info__portfolio__isnull=False) & Q(domain__domain_info__portfolio__federal_agency__isnull=False),
+                    Q(domain__domain_info__portfolio__isnull=False)
+                    & Q(domain__domain_info__portfolio__federal_agency__isnull=False),
                     then=F("domain__domain_info__portfolio__federal_agency__federal_type"),
                 ),
                 # Otherwise, return the natively assigned value
                 default=F("domain__domain_info__federal_agency__federal_type"),
             ),
         )
-    
+
     def get_queryset(self, request):
         """Restrict queryset based on user permissions."""
         qs = super().get_queryset(request)
@@ -1646,17 +1654,19 @@ class DomainInvitationAdmin(BaseInvitationAdmin):
             )
 
         return qs  # Return full queryset if the user doesn't have the restriction
-    
+
     def has_view_permission(self, request, obj=None):
         """Restrict view permissions based on group membership and model attributes."""
         if request.user.has_perm("registrar.full_access_permission"):
             return True
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.domain.domain_info.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL and \
-                    obj.domain.domain_info.federal_type == BranchChoices.EXECUTIVE
+                return (
+                    obj.domain.domain_info.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL
+                    and obj.domain.domain_info.federal_type == BranchChoices.EXECUTIVE
+                )
         return super().has_view_permission(request, obj)
-    
+
     # Select domain invitations to change -> Domain invitations
     def changelist_view(self, request, extra_context=None):
         if extra_context is None:
@@ -3290,27 +3300,31 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
                 conv_federal_type=BranchChoices.EXECUTIVE,
             )
         return qs
-    
+
     def has_view_permission(self, request, obj=None):
         """Restrict view permissions based on group membership and model attributes."""
         if request.user.has_perm("registrar.full_access_permission"):
             return True
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL and \
-                    obj.converted_federal_type == BranchChoices.EXECUTIVE        
+                return (
+                    obj.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL
+                    and obj.converted_federal_type == BranchChoices.EXECUTIVE
+                )
         return super().has_view_permission(request, obj)
-    
+
     def has_change_permission(self, request, obj=None):
         """Restrict update permissions based on group membership and model attributes."""
         if request.user.has_perm("registrar.full_access_permission"):
             return True
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL and \
-                    obj.converted_federal_type == BranchChoices.EXECUTIVE        
+                return (
+                    obj.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL
+                    and obj.converted_federal_type == BranchChoices.EXECUTIVE
+                )
         return super().has_change_permission(request, obj)
-    
+
     def get_search_results(self, request, queryset, search_term):
         # Call the parent's method to apply default search logic
         base_queryset, use_distinct = super().get_search_results(request, queryset, search_term)
@@ -3339,6 +3353,7 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
 
         return form
 
+
 class TransitionDomainAdmin(ListHeaderAdmin):
     """Custom transition domain admin class."""
 
@@ -3378,7 +3393,7 @@ class DomainInformationInline(admin.StackedInline):
         """Ensure self.is_omb_analyst is set early."""
         self.is_omb_analyst = request.user.groups.filter(name="omb_analysts_group").exists()
         return super().get_queryset(request)
-    
+
     # Define methods to display fields from the related portfolio
     def portfolio_senior_official(self, obj) -> Optional[SeniorOfficial]:
         return obj.portfolio.senior_official if obj.portfolio and obj.portfolio.senior_official else None
@@ -3581,7 +3596,7 @@ class DomainInformationInline(admin.StackedInline):
                 modified_fieldsets.append(fieldsets_to_move)
 
         return modified_fieldsets
-    
+
     def get_form(self, request, obj=None, **kwargs):
         """Pass the 'is_omb_analyst' attribute to the form."""
         form = super().get_form(request, obj, **kwargs)
@@ -4198,10 +4213,12 @@ class DomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
             return True
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.domain_info.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL and \
-                    obj.domain_info.converted_federal_type == BranchChoices.EXECUTIVE        
+                return (
+                    obj.domain_info.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL
+                    and obj.domain_info.converted_federal_type == BranchChoices.EXECUTIVE
+                )
         return super().has_view_permission(request, obj)
-    
+
     def get_form(self, request, obj=None, **kwargs):
         """Pass the 'is_omb_analyst' attribute to the form."""
         form = super().get_form(request, obj, **kwargs)
@@ -4212,7 +4229,8 @@ class DomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         form.is_omb_analyst = is_omb_analyst
 
         return form
-    
+
+
 class DraftDomainResource(resources.ModelResource):
     """defines how each field in the referenced model should be mapped to the corresponding fields in the
     import/export file"""
@@ -4661,7 +4679,7 @@ class PortfolioAdmin(ListHeaderAdmin):
                 default=Value(""),
             ),
         )
-    
+
     def get_queryset(self, request):
         """Restrict queryset based on user permissions."""
         qs = super().get_queryset(request)
@@ -4676,7 +4694,7 @@ class PortfolioAdmin(ListHeaderAdmin):
             )
 
         return qs  # Return full queryset if the user doesn't have the restriction
-    
+
     def has_view_permission(self, request, obj=None):
         """Restrict view permissions based on group membership and model attributes."""
         if request.user.has_perm("registrar.full_access_permission"):
@@ -4685,14 +4703,14 @@ class PortfolioAdmin(ListHeaderAdmin):
             if request.user.groups.filter(name="omb_analysts_group").exists():
                 return obj.federal_type == BranchChoices.EXECUTIVE
         return super().has_view_permission(request, obj)
-    
+
     def has_change_permission(self, request, obj=None):
         """Restrict update permissions based on group membership and model attributes."""
         if request.user.has_perm("registrar.full_access_permission"):
             return True
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.federal_type == BranchChoices.EXECUTIVE        
+                return obj.federal_type == BranchChoices.EXECUTIVE
         return super().has_change_permission(request, obj)
 
     def change_view(self, request, object_id, form_url="", extra_context=None):
@@ -4770,7 +4788,7 @@ class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     readonly_fields = []
 
     # Read only that we'll leverage for CISA Analysts
-    analyst_readonly_fields = []
+    analyst_readonly_fields = []  # type: ignore
 
     # Read only that we'll leverage for OMB Analysts
     omb_analyst_readonly_fields = [
@@ -4800,14 +4818,14 @@ class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
             if request.user.groups.filter(name="omb_analysts_group").exists():
                 return obj.federal_type == BranchChoices.EXECUTIVE
         return super().has_view_permission(request, obj)
-    
+
     def has_change_permission(self, request, obj=None):
         """Restrict update permissions based on group membership and model attributes."""
         if request.user.has_perm("registrar.full_access_permission"):
             return True
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.federal_type == BranchChoices.EXECUTIVE        
+                return obj.federal_type == BranchChoices.EXECUTIVE
         return super().has_change_permission(request, obj)
 
     def has_delete_permission(self, request, obj=None):
@@ -4835,7 +4853,8 @@ class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         # Return restrictive Read-only fields for analysts and
         # users who might not belong to groups
         readonly_fields.extend([field for field in self.analyst_readonly_fields])
-        return readonly_fields  
+        return readonly_fields
+
 
 class UserGroupAdmin(AuditedAdmin):
     """Overwrite the generated UserGroup admin class"""
@@ -4980,7 +4999,7 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
                 converted_federal_type=BranchChoices.EXECUTIVE,
             )
         return qs
-    
+
     def has_view_permission(self, request, obj=None):
         """Restrict view permissions based on group membership and model attributes."""
         if request.user.has_perm("registrar.full_access_permission"):
@@ -4989,14 +5008,14 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
             if request.user.groups.filter(name="omb_analysts_group").exists():
                 return obj.portfolio and obj.portfolio.federal_type == BranchChoices.EXECUTIVE
         return super().has_view_permission(request, obj)
-    
+
     def has_change_permission(self, request, obj=None):
         """Restrict update permissions based on group membership and model attributes."""
         if request.user.has_perm("registrar.full_access_permission"):
             return True
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.portfolio and obj.portfolio.federal_type == BranchChoices.EXECUTIVE     
+                return obj.portfolio and obj.portfolio.federal_type == BranchChoices.EXECUTIVE
         return super().has_change_permission(request, obj)
 
 

From 97be3dc56d8b1cbae2d6f7de094ec5ccf2a329e5 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 6 Mar 2025 15:00:41 -0500
Subject: [PATCH 011/285] additional migration

---
 .../migrations/0143_alter_user_options.py     | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 src/registrar/migrations/0143_alter_user_options.py

diff --git a/src/registrar/migrations/0143_alter_user_options.py b/src/registrar/migrations/0143_alter_user_options.py
new file mode 100644
index 000000000..58e5cf3d5
--- /dev/null
+++ b/src/registrar/migrations/0143_alter_user_options.py
@@ -0,0 +1,23 @@
+# Generated by Django 4.2.17 on 2025-03-06 20:00
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("registrar", "0142_create_groups_v18"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="user",
+            options={
+                "permissions": [
+                    ("analyst_access_permission", "Analyst Access Permission"),
+                    ("omb_analyst_access_permission", "OMB Analyst Access Permission"),
+                    ("full_access_permission", "Full Access Permission"),
+                ]
+            },
+        ),
+    ]

From fe1e64828b7fefc2146254af3b588addaa4ca597 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 6 Mar 2025 19:18:22 -0500
Subject: [PATCH 012/285] fix placing holds on domains

---
 src/registrar/admin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 71884b4a7..e3ef6f0ad 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -4327,7 +4327,7 @@ class DomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         # but cannot access this page when it is a request of type POST.
         if request.user.has_perm("registrar.full_access_permission") or request.user.has_perm(
             "registrar.analyst_access_permission"
-        ):
+        ) or request.user.has_perm("registrar.omb_analyst_access_permission"):
             return True
         return super().has_change_permission(request, obj)
 

From 183fd2443dc4abb9dbc02f20907d5d5827f97be2 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Thu, 6 Mar 2025 21:52:25 -0500
Subject: [PATCH 013/285] Update documentation on uswds updates

---
 docs/developer/README.md |  6 +++---
 src/package-lock.json    | 25 ++++++++++++++++++++-----
 src/package.json         |  1 +
 3 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/docs/developer/README.md b/docs/developer/README.md
index 46194bd70..c7b63a89f 100644
--- a/docs/developer/README.md
+++ b/docs/developer/README.md
@@ -308,12 +308,12 @@ We use the [CSS Block Element Modifier (BEM)](https://getbem.com/naming/) naming
 ### Upgrading USWDS and other JavaScript packages
 
 1. Version numbers can be manually controlled in `package.json`. Edit that, if desired.
-2. Now run `docker-compose run node npm update`.
-3. Then run `docker-compose up` to recompile and recopy the assets, or run `docker-compose updateUswds` if your docker is already up.
-4. Make note of the dotgov changes in uswds-edited.js.
+2. Now run `npx gulp updateUswds`. Refer to [official docs](https://designsystem.digital.gov/documentation/getting-started/developers/phase-two-compile/) to see what this is doing.
+4. Make note of the dotgov changes in uswds-edited.js (Ctrl-F DOTGOV for modifications to USWDS compiled code).
 5. Copy over the newly compiled code from uswds.js into uswds-edited.js.
 6. Put back the dotgov changes you made note of into uswds-edited.js.
 7. Examine the results in the running application (remember to empty your cache!) and commit `package.json` and `package-lock.json` if all is well.
+8. read the [release notes](https://github.com/uswds/uswds/releases) for the new versions installed, note 'Breaking' and 'Markup change' and make adjustments to the code base as needed.
 
 ## Finite State Machines
 
diff --git a/src/package-lock.json b/src/package-lock.json
index 0f2a8c38b..7fa78f1db 100644
--- a/src/package-lock.json
+++ b/src/package-lock.json
@@ -18,6 +18,7 @@
         "@babel/preset-env": "^7.26.0",
         "@uswds/compile": "1.2.1",
         "babel-loader": "^9.2.1",
+        "sass-embedded-darwin-x64": "^1.85.1",
         "sass-loader": "^12.6.0",
         "webpack": "^5.96.1",
         "webpack-stream": "^7.0.0"
@@ -6353,15 +6354,13 @@
       }
     },
     "node_modules/sass-embedded-darwin-x64": {
-      "version": "1.83.0",
-      "resolved": "https://registry.npmjs.org/sass-embedded-darwin-x64/-/sass-embedded-darwin-x64-1.83.0.tgz",
-      "integrity": "sha512-ERQ7Tvp1kFOW3ux4VDFIxb7tkYXHYc+zJpcrbs0hzcIO5ilIRU2tIOK1OrNwrFO6Qxyf7AUuBwYKLAtIU/Nz7g==",
+      "version": "1.85.1",
+      "resolved": "https://registry.npmjs.org/sass-embedded-darwin-x64/-/sass-embedded-darwin-x64-1.85.1.tgz",
+      "integrity": "sha512-J4UFHUiyI9Z+mwYMwz11Ky9TYr3hY1fCxeQddjNGL/+ovldtb0yAIHvoVM0BGprQDm5JqhtUk8KyJ3RMJqpaAA==",
       "cpu": [
         "x64"
       ],
       "dev": true,
-      "license": "MIT",
-      "optional": true,
       "os": [
         "darwin"
       ],
@@ -6590,6 +6589,22 @@
         "node": ">=14.0.0"
       }
     },
+    "node_modules/sass-embedded/node_modules/sass-embedded-darwin-x64": {
+      "version": "1.83.0",
+      "resolved": "https://registry.npmjs.org/sass-embedded-darwin-x64/-/sass-embedded-darwin-x64-1.83.0.tgz",
+      "integrity": "sha512-ERQ7Tvp1kFOW3ux4VDFIxb7tkYXHYc+zJpcrbs0hzcIO5ilIRU2tIOK1OrNwrFO6Qxyf7AUuBwYKLAtIU/Nz7g==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
     "node_modules/sass-embedded/node_modules/supports-color": {
       "version": "8.1.1",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz",
diff --git a/src/package.json b/src/package.json
index 9c50c93e1..468bfd7e3 100644
--- a/src/package.json
+++ b/src/package.json
@@ -19,6 +19,7 @@
     "@babel/preset-env": "^7.26.0",
     "@uswds/compile": "1.2.1",
     "babel-loader": "^9.2.1",
+    "sass-embedded-darwin-x64": "^1.85.1",
     "sass-loader": "^12.6.0",
     "webpack": "^5.96.1",
     "webpack-stream": "^7.0.0"

From 343d8dc962f4a371018b5652ff50dc5fa5cd9018 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 6 Mar 2025 22:00:37 -0500
Subject: [PATCH 014/285] fixed javascript and other issues on domain request
 admin

---
 src/registrar/admin.py                        |   4 +
 .../js/getgov-admin/domain-request-form.js    | 233 +++++++++++-------
 .../helpers-portfolio-dynamic-fields.js       |   4 +-
 3 files changed, 149 insertions(+), 92 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index e3ef6f0ad..d9b9509e1 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -2976,6 +2976,10 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         "federally_recognized_tribe",
         "state_recognized_tribe",
         "about_your_organization",
+        "rejection_reason",
+        "rejection_reason_email",
+        "action_needed_reason",
+        "action_needed_reason_email",
     ]
 
     autocomplete_fields = [
diff --git a/src/registrar/assets/src/js/getgov-admin/domain-request-form.js b/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
index db6467875..8823cb46c 100644
--- a/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
+++ b/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
@@ -106,7 +106,9 @@ export function initApprovedDomain() {
         }
 
         const statusToCheck = "approved";
+        const readonlyStatusToCheck = "Approved";
         const statusSelect = document.getElementById("id_status");
+        const statusField = document.querySelector("field-status");
         const sessionVariableName = "showApprovedDomain";
         let approvedDomainFormGroup = document.querySelector(".field-approved_domain");
 
@@ -120,18 +122,30 @@ export function initApprovedDomain() {
 
         // Handle showing/hiding the related fields on page load.
         function initializeFormGroups() {
-            let isStatus = statusSelect.value == statusToCheck;
+            let isStatus = false;
+            if (statusSelect) {
+                isStatus = statusSelect.value == statusToCheck;
+            } else {
+                // statusSelect does not exist, indicating readonly
+                if (statusField) {
+                    let readonlyDiv = statusField.querySelector("div.readonly");
+                    let readonlyStatusText = readonlyDiv.textContent.trim();
+                    isStatus = readonlyStatusText == readonlyStatusToCheck;
+                }
+            }
 
             // Initial handling of these groups.
             updateFormGroupVisibility(isStatus);
 
-            // Listen to change events and handle rejectionReasonFormGroup display, then save status to session storage
-            statusSelect.addEventListener('change', () => {
-                // Show the approved if the status is what we expect.
-                isStatus = statusSelect.value == statusToCheck;
-                updateFormGroupVisibility(isStatus);
-                addOrRemoveSessionBoolean(sessionVariableName, isStatus);
-            });
+            if (statusSelect) {
+                // Listen to change events and handle rejectionReasonFormGroup display, then save status to session storage
+                statusSelect.addEventListener('change', () => {
+                    // Show the approved if the status is what we expect.
+                    isStatus = statusSelect.value == statusToCheck;
+                    updateFormGroupVisibility(isStatus);
+                    addOrRemoveSessionBoolean(sessionVariableName, isStatus);
+                });
+            }
             
             // Listen to Back/Forward button navigation and handle approvedDomainFormGroup display based on session storage
             // When you navigate using forward/back after changing status but not saving, when you land back on the DA page the
@@ -322,6 +336,7 @@ class CustomizableEmailBase {
      * @property {HTMLElement} modalConfirm - The confirm button in the modal.
      * @property {string} apiUrl - The API URL for fetching email content.
      * @property {string} statusToCheck - The status to check against. Used for show/hide on textAreaFormGroup/dropdownFormGroup.
+     * @property {string} readonlyStatusToCheck - The status to check against when readonly. Used for show/hide on textAreaFormGroup/dropdownFormGroup.
      * @property {string} sessionVariableName - The session variable name. Used for show/hide on textAreaFormGroup/dropdownFormGroup.
      * @property {string} apiErrorMessage - The error message that the ajax call returns.
      */
@@ -338,6 +353,7 @@ class CustomizableEmailBase {
         this.textAreaFormGroup = config.textAreaFormGroup;
         this.dropdownFormGroup = config.dropdownFormGroup;
         this.statusToCheck = config.statusToCheck;
+        this.readonlyStatusToCheck = config.readonlyStatusToCheck;
         this.sessionVariableName = config.sessionVariableName;
 
         // Non-configurable variables
@@ -363,19 +379,31 @@ class CustomizableEmailBase {
 
     // Handle showing/hiding the related fields on page load.
     initializeFormGroups() {
-        let isStatus = this.statusSelect.value == this.statusToCheck;
+        let isStatus = false;
+        if (this.statusSelect) {
+            this.statusSelect.value == this.statusToCheck;
+        } else {
+            // statusSelect does not exist, indicating readonly
+            if (this.dropdownFormGroup) {
+                let readonlyDiv = this.dropdownFormGroup.querySelector("div.readonly");
+                let readonlyStatusText = readonlyDiv.textContent.trim();
+                isStatus = readonlyStatusText == this.readonlyStatusToCheck;
+            }
+        }
 
         // Initial handling of these groups.
         this.updateFormGroupVisibility(isStatus);
 
-        // Listen to change events and handle rejectionReasonFormGroup display, then save status to session storage
-        this.statusSelect.addEventListener('change', () => {
-            // Show the action needed field if the status is what we expect.
-            // Then track if its shown or hidden in our session cache.
-            isStatus = this.statusSelect.value == this.statusToCheck;
-            this.updateFormGroupVisibility(isStatus);
-            addOrRemoveSessionBoolean(this.sessionVariableName, isStatus);
-        });
+        if (this.statusSelect) {
+            // Listen to change events and handle rejectionReasonFormGroup display, then save status to session storage
+            this.statusSelect.addEventListener('change', () => {
+                // Show the action needed field if the status is what we expect.
+                // Then track if its shown or hidden in our session cache.
+                isStatus = this.statusSelect.value == this.statusToCheck;
+                this.updateFormGroupVisibility(isStatus);
+                addOrRemoveSessionBoolean(this.sessionVariableName, isStatus);
+            });
+        }
         
         // Listen to Back/Forward button navigation and handle rejectionReasonFormGroup display based on session storage
         // When you navigate using forward/back after changing status but not saving, when you land back on the DA page the
@@ -403,58 +431,64 @@ class CustomizableEmailBase {
     }
 
     initializeDropdown() {
-        this.dropdown.addEventListener("change", () => {
-            let reason = this.dropdown.value;
-            if (this.initialDropdownValue !== this.dropdown.value || this.initialEmailValue !== this.textarea.value) {
-                let searchParams = new URLSearchParams(
-                    {
-                        "reason": reason,
-                        "domain_request_id": this.domainRequestId,
-                    }
-                );
-                // Replace the email content
-                fetch(`${this.apiUrl}?${searchParams.toString()}`)
-                .then(response => {
-                    return response.json().then(data => data);
-                })
-                .then(data => {
-                    if (data.error) {
-                        console.error("Error in AJAX call: " + data.error);
-                    }else {
-                        this.textarea.value = data.email;
-                    }
-                    this.updateUserInterface(reason);
-                })
-                .catch(error => {
-                    console.error(this.apiErrorMessage, error)
-                });
-            }
-        });
+        if (this.dropdown) {
+            this.dropdown.addEventListener("change", () => {
+                let reason = this.dropdown.value;
+                if (this.initialDropdownValue !== this.dropdown.value || this.initialEmailValue !== this.textarea.value) {
+                    let searchParams = new URLSearchParams(
+                        {
+                            "reason": reason,
+                            "domain_request_id": this.domainRequestId,
+                        }
+                    );
+                    // Replace the email content
+                    fetch(`${this.apiUrl}?${searchParams.toString()}`)
+                    .then(response => {
+                        return response.json().then(data => data);
+                    })
+                    .then(data => {
+                        if (data.error) {
+                            console.error("Error in AJAX call: " + data.error);
+                        }else {
+                            this.textarea.value = data.email;
+                        }
+                        this.updateUserInterface(reason);
+                    })
+                    .catch(error => {
+                        console.error(this.apiErrorMessage, error)
+                    });
+                }
+            });
+        }
     }
 
     initializeModalConfirm() {
-        this.modalConfirm.addEventListener("click", () => {
-            this.textarea.removeAttribute('readonly');
-            this.textarea.focus();
-                hideElement(this.directEditButton);
-                hideElement(this.modalTrigger);  
-        });
+        if (this.modalConfirm) {
+            this.modalConfirm.addEventListener("click", () => {
+                this.textarea.removeAttribute('readonly');
+                this.textarea.focus();
+                    hideElement(this.directEditButton);
+                    hideElement(this.modalTrigger);  
+            });
+        }
     }
 
     initializeDirectEditButton() {
-        this.directEditButton.addEventListener("click", () => {
-            this.textarea.removeAttribute('readonly');
-            this.textarea.focus();
-                hideElement(this.directEditButton);
-                hideElement(this.modalTrigger);  
-        });
+        if (this.directEditButton) {
+            this.directEditButton.addEventListener("click", () => {
+                this.textarea.removeAttribute('readonly');
+                this.textarea.focus();
+                    hideElement(this.directEditButton);
+                    hideElement(this.modalTrigger);  
+            });
+        }
     }
 
     isEmailAlreadySent() {
         return this.lastSentEmailContent.value.replace(/\s+/g, '') === this.textarea.value.replace(/\s+/g, '');
     }
 
-    updateUserInterface(reason=this.dropdown.value, excluded_reasons=["other"]) {
+    updateUserInterface(reason, excluded_reasons=["other"]) {
         if (!reason) {
             // No reason selected, we will set the label to "Email", show the "Make a selection" placeholder, hide the trigger, textarea, hide the help text
             this.showPlaceholderNoReason();
@@ -468,23 +502,25 @@ class CustomizableEmailBase {
 
     // Helper function that makes overriding the readonly textarea easy
     showReadonlyTextarea() {
-        // A triggering selection is selected, all hands on board:
-        this.textarea.setAttribute('readonly', true);
-        showElement(this.textarea);
-        hideElement(this.textareaPlaceholder);
+        if (this.textarea && this.textareaPlaceholder) {
+            // A triggering selection is selected, all hands on board:
+            this.textarea.setAttribute('readonly', true);
+            showElement(this.textarea);
+            hideElement(this.textareaPlaceholder);
 
-            if (this.isEmailAlreadySentConst) {
-                hideElement(this.directEditButton);
-                showElement(this.modalTrigger);
+                if (this.isEmailAlreadySentConst) {
+                    hideElement(this.directEditButton);
+                    showElement(this.modalTrigger);
+                } else {
+                    showElement(this.directEditButton);
+                    hideElement(this.modalTrigger);
+            }
+
+            if (this.isEmailAlreadySent()) {
+                this.formLabel.innerHTML = "Email sent to creator:";
             } else {
-                showElement(this.directEditButton);
-                hideElement(this.modalTrigger);
-        }
-
-        if (this.isEmailAlreadySent()) {
-            this.formLabel.innerHTML = "Email sent to creator:";
-        } else {
-            this.formLabel.innerHTML = "Email:";
+                this.formLabel.innerHTML = "Email:";
+            }
         }
     }
 
@@ -516,9 +552,10 @@ class customActionNeededEmail extends CustomizableEmailBase {
             lastSentEmailContent: document.getElementById("last-sent-action-needed-email-content"),
             modalConfirm: document.getElementById("action-needed-reason__confirm-edit-email"),
             apiUrl: document.getElementById("get-action-needed-email-for-user-json")?.value || null,
-            textAreaFormGroup: document.querySelector('.field-action_needed_reason'),
-            dropdownFormGroup: document.querySelector('.field-action_needed_reason_email'),
+            textAreaFormGroup: document.querySelector('.field-action_needed_reason_email'),
+            dropdownFormGroup: document.querySelector('.field-action_needed_reason'),
             statusToCheck: "action needed",
+            readonlyStatusToCheck: "Action needed",
             sessionVariableName: "showActionNeededReason",
             apiErrorMessage: "Error when attempting to grab action needed email: "
         }
@@ -529,7 +566,15 @@ class customActionNeededEmail extends CustomizableEmailBase {
         // Hide/show the email fields depending on the current status
         this.initializeFormGroups();
         // Setup the textarea, edit button, helper text
-        this.updateUserInterface();
+        let reason = null;
+        if (this.dropdown) {
+            reason = this.dropdown.value;
+        } else if (this.dropdownFormGroup && this.dropdownFormGroup.querySelector("div.readonly")) {
+            if (this.dropdownFormGroup.querySelector("div.readonly").textContent) {
+                reason = this.dropdownFormGroup.querySelector("div.readonly").textContent.trim()
+            }
+        }
+        this.updateUserInterface(reason);
         this.initializeDropdown();
         this.initializeModalConfirm();
         this.initializeDirectEditButton();
@@ -560,12 +605,12 @@ export function initActionNeededEmail() {
         // Initialize UI
         const customEmail = new customActionNeededEmail();
 
-        // Check that every variable was setup correctly
-        const nullItems = Object.entries(customEmail.config).filter(([key, value]) => value === null).map(([key]) => key);
-        if (nullItems.length > 0) {
-            console.error(`Failed to load customActionNeededEmail(). Some variables were null: ${nullItems.join(", ")}`)
-            return;
-        }
+        // // Check that every variable was setup correctly
+        // const nullItems = Object.entries(customEmail.config).filter(([key, value]) => value === null).map(([key]) => key);
+        // if (nullItems.length > 0) {
+        //     console.error(`Failed to load customActionNeededEmail(). Some variables were null: ${nullItems.join(", ")}`)
+        //     return;
+        // }
         customEmail.loadActionNeededEmail()
     });
 }
@@ -581,6 +626,7 @@ class customRejectedEmail extends CustomizableEmailBase {
             textAreaFormGroup: document.querySelector('.field-rejection_reason'),
             dropdownFormGroup: document.querySelector('.field-rejection_reason_email'),
             statusToCheck: "rejected",
+            readonlyStatusToCheck: "Rejected",
             sessionVariableName: "showRejectionReason",
             errorMessage: "Error when attempting to grab rejected email: "
         };
@@ -589,7 +635,15 @@ class customRejectedEmail extends CustomizableEmailBase {
 
     loadRejectedEmail() {
         this.initializeFormGroups();
-        this.updateUserInterface();
+        let reason = null;
+        if (this.dropdown) {
+            reason = this.dropdown.value;
+        } else if (this.dropdownFormGroup && this.dropdownFormGroup.querySelector("div.readonly")) {
+            if (this.dropdownFormGroup.querySelector("div.readonly").textContent) {
+                reason = this.dropdownFormGroup.querySelector("div.readonly").textContent.trim()
+            }
+        }
+        this.updateUserInterface(reason);
         this.initializeDropdown();
         this.initializeModalConfirm();
         this.initializeDirectEditButton();
@@ -600,7 +654,7 @@ class customRejectedEmail extends CustomizableEmailBase {
         this.showPlaceholder("Email:", "Select a rejection reason to see email");
     }
 
-    updateUserInterface(reason=this.dropdown.value, excluded_reasons=[]) {
+    updateUserInterface(reason, excluded_reasons=[]) {
         super.updateUserInterface(reason, excluded_reasons);
     }
 }
@@ -619,12 +673,12 @@ export function initRejectedEmail() {
 
         // Initialize UI
         const customEmail = new customRejectedEmail();
-        // Check that every variable was setup correctly
-        const nullItems = Object.entries(customEmail.config).filter(([key, value]) => value === null).map(([key]) => key);
-        if (nullItems.length > 0) {
-            console.error(`Failed to load customRejectedEmail(). Some variables were null: ${nullItems.join(", ")}`)
-            return;
-        }
+        // // Check that every variable was setup correctly
+        // const nullItems = Object.entries(customEmail.config).filter(([key, value]) => value === null).map(([key]) => key);
+        // if (nullItems.length > 0) {
+        //     console.error(`Failed to load customRejectedEmail(). Some variables were null: ${nullItems.join(", ")}`)
+        //     return;
+        // }
         customEmail.loadRejectedEmail()
     });
 }
@@ -648,7 +702,6 @@ function handleSuborgFieldsAndButtons() {
 
     // Ensure that every variable is present before proceeding
     if (!requestedSuborganizationField || !suborganizationCity || !suborganizationStateTerritory || !rejectButton) {
-        console.warn("handleSuborganizationSelection() => Could not find required fields.")
         return;
     }
 
diff --git a/src/registrar/assets/src/js/getgov-admin/helpers-portfolio-dynamic-fields.js b/src/registrar/assets/src/js/getgov-admin/helpers-portfolio-dynamic-fields.js
index 9a60e1684..54d0e073b 100644
--- a/src/registrar/assets/src/js/getgov-admin/helpers-portfolio-dynamic-fields.js
+++ b/src/registrar/assets/src/js/getgov-admin/helpers-portfolio-dynamic-fields.js
@@ -404,7 +404,7 @@ export function handlePortfolioSelection(
             updateSubOrganizationDropdown(portfolio_id);
 
             // Show fields relevant to a selected portfolio
-            showElement(suborganizationField);
+            if (suborganizationField) showElement(suborganizationField);
             hideElement(seniorOfficialField);
             showElement(portfolioSeniorOfficialField);
 
@@ -427,7 +427,7 @@ export function handlePortfolioSelection(
             // No portfolio is selected - reverse visibility of fields
 
             // Hide suborganization field as no portfolio is selected
-            hideElement(suborganizationField);
+            if (suborganizationField) hideElement(suborganizationField);
 
             // Show fields that are relevant when no portfolio is selected
             showElement(seniorOfficialField);

From 210164da3a1c18c1c26588cb27da8e230089d6b5 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Thu, 6 Mar 2025 22:03:50 -0500
Subject: [PATCH 015/285] cleanup

---
 docs/developer/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/developer/README.md b/docs/developer/README.md
index c7b63a89f..eab77f645 100644
--- a/docs/developer/README.md
+++ b/docs/developer/README.md
@@ -305,7 +305,7 @@ You can also compile the **Sass** at any time using `npx gulp compile`. Similarl
 
 We use the [CSS Block Element Modifier (BEM)](https://getbem.com/naming/) naming convention for our custom classes. This is in line with how USWDS [approaches](https://designsystem.digital.gov/whats-new/updates/2019/04/08/introducing-uswds-2-0/) their CSS class architecture and helps keep our code cohesive and readable.
 
-### Upgrading USWDS and other JavaScript packages
+### Upgrading USWDS
 
 1. Version numbers can be manually controlled in `package.json`. Edit that, if desired.
 2. Now run `npx gulp updateUswds`. Refer to [official docs](https://designsystem.digital.gov/documentation/getting-started/developers/phase-two-compile/) to see what this is doing.

From 9e12699009a9d8f6aae9bb5979585973a8795bd1 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Thu, 6 Mar 2025 22:07:02 -0500
Subject: [PATCH 016/285] cleanup

---
 docs/developer/README.md | 2 +-
 src/package.json         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/developer/README.md b/docs/developer/README.md
index eab77f645..63a4e08c6 100644
--- a/docs/developer/README.md
+++ b/docs/developer/README.md
@@ -313,7 +313,7 @@ We use the [CSS Block Element Modifier (BEM)](https://getbem.com/naming/) naming
 5. Copy over the newly compiled code from uswds.js into uswds-edited.js.
 6. Put back the dotgov changes you made note of into uswds-edited.js.
 7. Examine the results in the running application (remember to empty your cache!) and commit `package.json` and `package-lock.json` if all is well.
-8. read the [release notes](https://github.com/uswds/uswds/releases) for the new versions installed, note 'Breaking' and 'Markup change' and make adjustments to the code base as needed.
+8. Read the [release notes](https://github.com/uswds/uswds/releases) for the new versions installed, note 'Breaking' and 'Markup change' and make adjustments to the code base as needed.
 
 ## Finite State Machines
 
diff --git a/src/package.json b/src/package.json
index 468bfd7e3..ed5cefa09 100644
--- a/src/package.json
+++ b/src/package.json
@@ -19,7 +19,7 @@
     "@babel/preset-env": "^7.26.0",
     "@uswds/compile": "1.2.1",
     "babel-loader": "^9.2.1",
-    "sass-embedded-darwin-x64": "^1.85.1",
+    
     "sass-loader": "^12.6.0",
     "webpack": "^5.96.1",
     "webpack-stream": "^7.0.0"

From 4f1171c00b0a3664ffee0a1fa7d81e39f7a67dd7 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Thu, 6 Mar 2025 22:12:35 -0500
Subject: [PATCH 017/285] add sass-embed-darwin-x64 to package.json

---
 src/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/package.json b/src/package.json
index ed5cefa09..468bfd7e3 100644
--- a/src/package.json
+++ b/src/package.json
@@ -19,7 +19,7 @@
     "@babel/preset-env": "^7.26.0",
     "@uswds/compile": "1.2.1",
     "babel-loader": "^9.2.1",
-    
+    "sass-embedded-darwin-x64": "^1.85.1",
     "sass-loader": "^12.6.0",
     "webpack": "^5.96.1",
     "webpack-stream": "^7.0.0"

From ed7626d5299875035facde33ed5f6e39cfcd77e2 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Thu, 6 Mar 2025 22:28:46 -0500
Subject: [PATCH 018/285] Remove sass-embed-darwin and update other packages

---
 src/package-lock.json | 317 ++++++++++++++----------------------------
 src/package.json      |   1 -
 2 files changed, 107 insertions(+), 211 deletions(-)

diff --git a/src/package-lock.json b/src/package-lock.json
index 7fa78f1db..f46ecd3e8 100644
--- a/src/package-lock.json
+++ b/src/package-lock.json
@@ -18,7 +18,6 @@
         "@babel/preset-env": "^7.26.0",
         "@uswds/compile": "1.2.1",
         "babel-loader": "^9.2.1",
-        "sass-embedded-darwin-x64": "^1.85.1",
         "sass-loader": "^12.6.0",
         "webpack": "^5.96.1",
         "webpack-stream": "^7.0.0"
@@ -64,23 +63,22 @@
       }
     },
     "node_modules/@babel/core": {
-      "version": "7.26.8",
-      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.26.8.tgz",
-      "integrity": "sha512-l+lkXCHS6tQEc5oUpK28xBOZ6+HwaH7YwoYQbLFiYb4nS2/l1tKnZEtEWkD0GuiYdvArf9qBS0XlQGXzPMsNqQ==",
+      "version": "7.26.9",
+      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.26.9.tgz",
+      "integrity": "sha512-lWBYIrF7qK5+GjY5Uy+/hEgp8OJWOD/rpy74GplYRhEauvbHDeFB8t5hPOZxCZ0Oxf4Cc36tK51/l3ymJysrKw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@ampproject/remapping": "^2.2.0",
         "@babel/code-frame": "^7.26.2",
-        "@babel/generator": "^7.26.8",
+        "@babel/generator": "^7.26.9",
         "@babel/helper-compilation-targets": "^7.26.5",
         "@babel/helper-module-transforms": "^7.26.0",
-        "@babel/helpers": "^7.26.7",
-        "@babel/parser": "^7.26.8",
-        "@babel/template": "^7.26.8",
-        "@babel/traverse": "^7.26.8",
-        "@babel/types": "^7.26.8",
-        "@types/gensync": "^1.0.0",
+        "@babel/helpers": "^7.26.9",
+        "@babel/parser": "^7.26.9",
+        "@babel/template": "^7.26.9",
+        "@babel/traverse": "^7.26.9",
+        "@babel/types": "^7.26.9",
         "convert-source-map": "^2.0.0",
         "debug": "^4.1.0",
         "gensync": "^1.0.0-beta.2",
@@ -96,14 +94,14 @@
       }
     },
     "node_modules/@babel/generator": {
-      "version": "7.26.8",
-      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.26.8.tgz",
-      "integrity": "sha512-ef383X5++iZHWAXX0SXQR6ZyQhw/0KtTkrTz61WXRhFM6dhpHulO/RJz79L8S6ugZHJkOOkUrUdxgdF2YiPFnA==",
+      "version": "7.26.9",
+      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.26.9.tgz",
+      "integrity": "sha512-kEWdzjOAUMW4hAyrzJ0ZaTOu9OmpyDIQicIh0zg0EEcEkYXZb2TjtBhnHi2ViX7PKwZqF4xwqfAm299/QMP3lg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@babel/parser": "^7.26.8",
-        "@babel/types": "^7.26.8",
+        "@babel/parser": "^7.26.9",
+        "@babel/types": "^7.26.9",
         "@jridgewell/gen-mapping": "^0.3.5",
         "@jridgewell/trace-mapping": "^0.3.25",
         "jsesc": "^3.0.2"
@@ -143,18 +141,18 @@
       }
     },
     "node_modules/@babel/helper-create-class-features-plugin": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.25.9.tgz",
-      "integrity": "sha512-UTZQMvt0d/rSz6KI+qdu7GQze5TIajwTS++GUozlw8VBJDEOAqSXwm1WvmYEZwqdqSGQshRocPDqrt4HBZB3fQ==",
+      "version": "7.26.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.26.9.tgz",
+      "integrity": "sha512-ubbUqCofvxPRurw5L8WTsCLSkQiVpov4Qx0WMA+jUN+nXBK8ADPlJO1grkFw5CWKC5+sZSOfuGMdX1aI1iT9Sg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@babel/helper-annotate-as-pure": "^7.25.9",
         "@babel/helper-member-expression-to-functions": "^7.25.9",
         "@babel/helper-optimise-call-expression": "^7.25.9",
-        "@babel/helper-replace-supers": "^7.25.9",
+        "@babel/helper-replace-supers": "^7.26.5",
         "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9",
-        "@babel/traverse": "^7.25.9",
+        "@babel/traverse": "^7.26.9",
         "semver": "^6.3.1"
       },
       "engines": {
@@ -364,27 +362,27 @@
       }
     },
     "node_modules/@babel/helpers": {
-      "version": "7.26.7",
-      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.7.tgz",
-      "integrity": "sha512-8NHiL98vsi0mbPQmYAGWwfcFaOy4j2HY49fXJCfuDcdE7fMIsH9a7GdaeXpIBsbT7307WU8KCMp5pUVDNL4f9A==",
+      "version": "7.26.9",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.9.tgz",
+      "integrity": "sha512-Mz/4+y8udxBKdmzt/UjPACs4G3j5SshJJEFFKxlCGPydG4JAHXxjWjAwjd09tf6oINvl1VfMJo+nB7H2YKQ0dA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@babel/template": "^7.25.9",
-        "@babel/types": "^7.26.7"
+        "@babel/template": "^7.26.9",
+        "@babel/types": "^7.26.9"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/parser": {
-      "version": "7.26.8",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.8.tgz",
-      "integrity": "sha512-TZIQ25pkSoaKEYYaHbbxkfL36GNsQ6iFiBbeuzAkLnXayKR1yP1zFe+NxuZWWsUyvt8icPU9CCq0sgWGXR1GEw==",
+      "version": "7.26.9",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.9.tgz",
+      "integrity": "sha512-81NWa1njQblgZbQHxWHpxxCzNsa3ZwvFqpUg7P+NNUU6f3UU2jBEg4OlF/J6rl8+PQGh1q6/zWScd001YwcA5A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@babel/types": "^7.26.8"
+        "@babel/types": "^7.26.9"
       },
       "bin": {
         "parser": "bin/babel-parser.js"
@@ -810,13 +808,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-for-of": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.25.9.tgz",
-      "integrity": "sha512-LqHxduHoaGELJl2uhImHwRQudhCM50pT46rIBNvtT/Oql3nqiS3wOwP+5ten7NpYSXrrVLgtZU3DZmPtWZo16A==",
+      "version": "7.26.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.26.9.tgz",
+      "integrity": "sha512-Hry8AusVm8LW5BVFgiyUReuoGzPUpdHQQqJY5bZnbbf+ngOHWuCuYFKw/BqaaWlvEUrF91HMhDtEaI1hZzNbLg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.26.5",
         "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9"
       },
       "engines": {
@@ -1377,9 +1375,9 @@
       }
     },
     "node_modules/@babel/preset-env": {
-      "version": "7.26.8",
-      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.26.8.tgz",
-      "integrity": "sha512-um7Sy+2THd697S4zJEfv/U5MHGJzkN2xhtsR3T/SWRbVSic62nbISh51VVfU9JiO/L/Z97QczHTaFVkOU8IzNg==",
+      "version": "7.26.9",
+      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.26.9.tgz",
+      "integrity": "sha512-vX3qPGE8sEKEAZCWk05k3cpTAE3/nOYca++JA+Rd0z2NCNzabmYvEiSShKzm10zdquOIAVXsy2Ei/DTW34KlKQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1412,7 +1410,7 @@
         "@babel/plugin-transform-dynamic-import": "^7.25.9",
         "@babel/plugin-transform-exponentiation-operator": "^7.26.3",
         "@babel/plugin-transform-export-namespace-from": "^7.25.9",
-        "@babel/plugin-transform-for-of": "^7.25.9",
+        "@babel/plugin-transform-for-of": "^7.26.9",
         "@babel/plugin-transform-function-name": "^7.25.9",
         "@babel/plugin-transform-json-strings": "^7.25.9",
         "@babel/plugin-transform-literals": "^7.25.9",
@@ -1476,9 +1474,9 @@
       }
     },
     "node_modules/@babel/runtime": {
-      "version": "7.26.7",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.26.7.tgz",
-      "integrity": "sha512-AOPI3D+a8dXnja+iwsUqGRjr1BbZIe771sXdapOtYI531gSqpi92vXivKcq2asu/DFpdl1ceFAKZyRzK2PCVcQ==",
+      "version": "7.26.9",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.26.9.tgz",
+      "integrity": "sha512-aA63XwOkcl4xxQa3HjPMqOP6LiK0ZDv3mUPYEFXkpHbaFjtGggE1A61FjFzJnB+p7/oy2gA8E+rcBNl/zC1tMg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1489,32 +1487,32 @@
       }
     },
     "node_modules/@babel/template": {
-      "version": "7.26.8",
-      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.26.8.tgz",
-      "integrity": "sha512-iNKaX3ZebKIsCvJ+0jd6embf+Aulaa3vNBqZ41kM7iTWjx5qzWKXGHiJUW3+nTpQ18SG11hdF8OAzKrpXkb96Q==",
+      "version": "7.26.9",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.26.9.tgz",
+      "integrity": "sha512-qyRplbeIpNZhmzOysF/wFMuP9sctmh2cFzRAZOn1YapxBsE1i9bJIY586R/WBLfLcmcBlM8ROBiQURnnNy+zfA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@babel/code-frame": "^7.26.2",
-        "@babel/parser": "^7.26.8",
-        "@babel/types": "^7.26.8"
+        "@babel/parser": "^7.26.9",
+        "@babel/types": "^7.26.9"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/traverse": {
-      "version": "7.26.8",
-      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.26.8.tgz",
-      "integrity": "sha512-nic9tRkjYH0oB2dzr/JoGIm+4Q6SuYeLEiIiZDwBscRMYFJ+tMAz98fuel9ZnbXViA2I0HVSSRRK8DW5fjXStA==",
+      "version": "7.26.9",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.26.9.tgz",
+      "integrity": "sha512-ZYW7L+pL8ahU5fXmNbPF+iZFHCv5scFak7MZ9bwaRPLUhHh7QQEMjZUg0HevihoqCM5iSYHN61EyCoZvqC+bxg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@babel/code-frame": "^7.26.2",
-        "@babel/generator": "^7.26.8",
-        "@babel/parser": "^7.26.8",
-        "@babel/template": "^7.26.8",
-        "@babel/types": "^7.26.8",
+        "@babel/generator": "^7.26.9",
+        "@babel/parser": "^7.26.9",
+        "@babel/template": "^7.26.9",
+        "@babel/types": "^7.26.9",
         "debug": "^4.3.1",
         "globals": "^11.1.0"
       },
@@ -1523,9 +1521,9 @@
       }
     },
     "node_modules/@babel/types": {
-      "version": "7.26.8",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.8.tgz",
-      "integrity": "sha512-eUuWapzEGWFEpHFxgEaBG8e3n6S8L3MSu0oda755rOfabWPnh0Our1AozNFVUxGFIhbKgd1ksprsoDGMinTOTA==",
+      "version": "7.26.9",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.9.tgz",
+      "integrity": "sha512-Y3IR1cRnOxOCDvMmNiym7XpXQ93iGDDPHx+Zj+NM+rg0fBaShfQLkg+hKPaZCEvg5N/LeCo4+Rj/i3FuJsIQaw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -2000,13 +1998,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/@types/gensync": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/@types/gensync/-/gensync-1.0.4.tgz",
-      "integrity": "sha512-C3YYeRQWp2fmq9OryX+FoDy8nXS6scQ7dPptD8LnFDAUNcKWJjXQKDNJD3HVm+kOUsXhTOkpi69vI4EuAr95bA==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/@types/json-schema": {
       "version": "7.0.15",
       "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz",
@@ -2015,9 +2006,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "22.13.1",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.1.tgz",
-      "integrity": "sha512-jK8uzQlrvXqEU91UxiK5J7pKHyzgnI1Qnl0QDHIgVGuolJhRb9EEl28Cj9b3rGR8B2lhFCtvIm5os8lFnO/1Ew==",
+      "version": "22.13.9",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.9.tgz",
+      "integrity": "sha512-acBjXdRJ3A6Pb3tqnw9HZmyR3Fiol3aGxRCK1x3d+6CDAMjl7I649wpSd+yNURCjbOUGu9tqtLKnTGxmK6CyGw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -2256,9 +2247,9 @@
       "license": "Apache-2.0"
     },
     "node_modules/acorn": {
-      "version": "8.14.0",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz",
-      "integrity": "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==",
+      "version": "8.14.1",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.1.tgz",
+      "integrity": "sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -2869,9 +2860,9 @@
       "license": "MIT"
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001699",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001699.tgz",
-      "integrity": "sha512-b+uH5BakXZ9Do9iK+CkDmctUSEqZl+SP056vc5usa0PL+ev5OHw003rZXcnjNDv3L8P5j6rwT6C0BPKSikW08w==",
+      "version": "1.0.30001702",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001702.tgz",
+      "integrity": "sha512-LoPe/D7zioC0REI5W73PeR1e1MLCipRGq/VkovJnd6Df+QVqT+vT33OXCp8QUd7kA7RZrHWxb1B36OQKI/0gOA==",
       "dev": true,
       "funding": [
         {
@@ -3143,13 +3134,13 @@
       }
     },
     "node_modules/core-js-compat": {
-      "version": "3.40.0",
-      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.40.0.tgz",
-      "integrity": "sha512-0XEDpr5y5mijvw8Lbc6E5AkjrHfp7eEoPlu36SWeAbcL8fn1G1ANe8DBlo2XoNN89oVpxWwOjYIPVzR4ZvsKCQ==",
+      "version": "3.41.0",
+      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.41.0.tgz",
+      "integrity": "sha512-RFsU9LySVue9RTwdDVX/T0e2Y6jRYWXERKElIjpuEOEnxaXffI0X7RUwVzfYLfzuLXSNJDYoRYUAmRUcyln20A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "browserslist": "^4.24.3"
+        "browserslist": "^4.24.4"
       },
       "funding": {
         "type": "opencollective",
@@ -3372,9 +3363,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.97",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.97.tgz",
-      "integrity": "sha512-HKLtaH02augM7ZOdYRuO19rWDeY+QSJ1VxnXFa/XDFLf07HvM90pALIJFgrO+UVaajI3+aJMMpojoUTLZyQ7JQ==",
+      "version": "1.5.113",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.113.tgz",
+      "integrity": "sha512-wjT2O4hX+wdWPJ76gWSkMhcHAV2PTMX+QetUCPYEdCIe+cxmgzzSSiGRCKW8nuh4mwKZlpv0xvoW7OF2X+wmHg==",
       "dev": true,
       "license": "ISC"
     },
@@ -3662,13 +3653,6 @@
         "node": ">=8.6.0"
       }
     },
-    "node_modules/fast-json-stable-stringify": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
-      "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/fast-levenshtein": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz",
@@ -3707,9 +3691,9 @@
       }
     },
     "node_modules/fastq": {
-      "version": "1.19.0",
-      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.19.0.tgz",
-      "integrity": "sha512-7SFSRCNjBQIZH/xZR3iy5iQYR8aGBE0h3VG6/cwlbrpdciNYBMotQav8c1XI3HjHH+NikUpP53nPdlZSdWmFzA==",
+      "version": "1.19.1",
+      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.19.1.tgz",
+      "integrity": "sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -5719,16 +5703,6 @@
         "once": "^1.3.1"
       }
     },
-    "node_modules/punycode": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
-      "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=6"
-      }
-    },
     "node_modules/puppeteer": {
       "version": "9.1.1",
       "resolved": "https://registry.npmjs.org/puppeteer/-/puppeteer-9.1.1.tgz",
@@ -6114,9 +6088,9 @@
       }
     },
     "node_modules/reusify": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz",
-      "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz",
+      "integrity": "sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -6165,9 +6139,9 @@
       }
     },
     "node_modules/rxjs": {
-      "version": "7.8.1",
-      "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz",
-      "integrity": "sha512-AA3TVj+0A2iuIoQkWEK/tqFjBq2j+6PO6Y0zJcvzLAFhEFIO3HL0vls9hWLncZbAAbK0mar7oZ4V079I/qPMxg==",
+      "version": "7.8.2",
+      "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.2.tgz",
+      "integrity": "sha512-dhKf903U/PQZY6boNNtAGdWbG85WAbjT/1xYoZIC7FAY0yWapOBQVsVrDl58W86//e1VpMNBtRV4MaXfdMySFA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -6187,9 +6161,9 @@
       "license": "MIT"
     },
     "node_modules/sass": {
-      "version": "1.84.0",
-      "resolved": "https://registry.npmjs.org/sass/-/sass-1.84.0.tgz",
-      "integrity": "sha512-XDAbhEPJRxi7H0SxrnOpiXFQoUJHwkR2u3Zc4el+fK/Tt5Hpzw5kkQ59qVDfvdaUq6gCrEZIbySFBM2T9DNKHg==",
+      "version": "1.85.1",
+      "resolved": "https://registry.npmjs.org/sass/-/sass-1.85.1.tgz",
+      "integrity": "sha512-Uk8WpxM5v+0cMR0XjX9KfRIacmSG86RH4DCCZjLU2rFh5tyutt9siAXJ7G+YfxQ99Q6wrRMbMlVl6KqUms71ag==",
       "license": "MIT",
       "dependencies": {
         "chokidar": "^4.0.0",
@@ -6354,13 +6328,15 @@
       }
     },
     "node_modules/sass-embedded-darwin-x64": {
-      "version": "1.85.1",
-      "resolved": "https://registry.npmjs.org/sass-embedded-darwin-x64/-/sass-embedded-darwin-x64-1.85.1.tgz",
-      "integrity": "sha512-J4UFHUiyI9Z+mwYMwz11Ky9TYr3hY1fCxeQddjNGL/+ovldtb0yAIHvoVM0BGprQDm5JqhtUk8KyJ3RMJqpaAA==",
+      "version": "1.83.0",
+      "resolved": "https://registry.npmjs.org/sass-embedded-darwin-x64/-/sass-embedded-darwin-x64-1.83.0.tgz",
+      "integrity": "sha512-ERQ7Tvp1kFOW3ux4VDFIxb7tkYXHYc+zJpcrbs0hzcIO5ilIRU2tIOK1OrNwrFO6Qxyf7AUuBwYKLAtIU/Nz7g==",
       "cpu": [
         "x64"
       ],
       "dev": true,
+      "license": "MIT",
+      "optional": true,
       "os": [
         "darwin"
       ],
@@ -6589,22 +6565,6 @@
         "node": ">=14.0.0"
       }
     },
-    "node_modules/sass-embedded/node_modules/sass-embedded-darwin-x64": {
-      "version": "1.83.0",
-      "resolved": "https://registry.npmjs.org/sass-embedded-darwin-x64/-/sass-embedded-darwin-x64-1.83.0.tgz",
-      "integrity": "sha512-ERQ7Tvp1kFOW3ux4VDFIxb7tkYXHYc+zJpcrbs0hzcIO5ilIRU2tIOK1OrNwrFO6Qxyf7AUuBwYKLAtIU/Nz7g==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": ">=14.0.0"
-      }
-    },
     "node_modules/sass-embedded/node_modules/supports-color": {
       "version": "8.1.1",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz",
@@ -6676,9 +6636,9 @@
       }
     },
     "node_modules/sass/node_modules/readdirp": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.1.tgz",
-      "integrity": "sha512-h80JrZu/MHUZCyHu5ciuoI0+WxsCxzxJTILn6Fs8rxSnFPh+UVHYfeIxK1nVGugMqkfC4vJcBOYbkfkwYK0+gw==",
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.2.tgz",
+      "integrity": "sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==",
       "license": "MIT",
       "engines": {
         "node": ">= 14.18.0"
@@ -6993,9 +6953,9 @@
       }
     },
     "node_modules/terser": {
-      "version": "5.38.2",
-      "resolved": "https://registry.npmjs.org/terser/-/terser-5.38.2.tgz",
-      "integrity": "sha512-w8CXxxbFA5zfNsR/i8HZq5bvn18AK0O9jj7hyo1YqkovLxEFa0uP0LCVGZRqiRaKRFxXhELBp8SteeAjEnfeJg==",
+      "version": "5.39.0",
+      "resolved": "https://registry.npmjs.org/terser/-/terser-5.39.0.tgz",
+      "integrity": "sha512-LBAhFyLho16harJoWMg/nZsQYgTrg5jXOn2nCYjRUcZZEdE3qa2zb8QEDRUGVZBW4rlazf2fxkg8tztybTaqWw==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
@@ -7012,9 +6972,9 @@
       }
     },
     "node_modules/terser-webpack-plugin": {
-      "version": "5.3.11",
-      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.11.tgz",
-      "integrity": "sha512-RVCsMfuD0+cTt3EwX8hSl2Ks56EbFHWmhluwcqoPKtBnfjiT6olaq7PRIRfhyU8nnC2MrnDrBLfrD/RGE+cVXQ==",
+      "version": "5.3.14",
+      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.14.tgz",
+      "integrity": "sha512-vkZjpUjb6OMS7dhV+tILUW6BhpDR7P2L/aQSAv+Uwk+m8KATX9EccViHTJR2qDtACKPIYndLGCyl3FMo+r2LMw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7244,9 +7204,9 @@
       }
     },
     "node_modules/update-browserslist-db": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.2.tgz",
-      "integrity": "sha512-PPypAm5qvlD7XMZC3BujecnaOxwhrtoFR+Dqkk5Aa/6DssiH0ibKoketaj9w8LP7Bont1rYeoV5plxD7RTEPRg==",
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.3.tgz",
+      "integrity": "sha512-UxhIZQ+QInVdunkDAaiazvvT/+fXL5Osr0JZlJulepYu6Jd7qJtDZjlur0emRlT71EN3ScPoE7gvsuIKKNavKw==",
       "dev": true,
       "funding": [
         {
@@ -7274,16 +7234,6 @@
         "browserslist": ">= 4.21.0"
       }
     },
-    "node_modules/uri-js": {
-      "version": "4.4.1",
-      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz",
-      "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==",
-      "dev": true,
-      "license": "BSD-2-Clause",
-      "dependencies": {
-        "punycode": "^2.1.0"
-      }
-    },
     "node_modules/util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
@@ -7537,9 +7487,9 @@
       "license": "BSD-2-Clause"
     },
     "node_modules/webpack": {
-      "version": "5.97.1",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.97.1.tgz",
-      "integrity": "sha512-EksG6gFY3L1eFMROS/7Wzgrii5mBAFe4rIr3r2BTfo7bcc+DWwFZ4OJ/miOuHJO/A85HwyI4eQ0F6IKXesO7Fg==",
+      "version": "5.98.0",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.98.0.tgz",
+      "integrity": "sha512-UFynvx+gM44Gv9qFgj0acCQK2VE1CtdfwFdimkapco3hlPCJ/zeq73n2yVKimVbtm+TnApIugGhLJnkU6gjYXA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7561,9 +7511,9 @@
         "loader-runner": "^4.2.0",
         "mime-types": "^2.1.27",
         "neo-async": "^2.6.2",
-        "schema-utils": "^3.2.0",
+        "schema-utils": "^4.3.0",
         "tapable": "^2.1.1",
-        "terser-webpack-plugin": "^5.3.10",
+        "terser-webpack-plugin": "^5.3.11",
         "watchpack": "^2.4.1",
         "webpack-sources": "^3.2.3"
       },
@@ -7632,59 +7582,6 @@
         "url": "https://github.com/chalk/supports-color?sponsor=1"
       }
     },
-    "node_modules/webpack/node_modules/ajv": {
-      "version": "6.12.6",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
-      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "fast-deep-equal": "^3.1.1",
-        "fast-json-stable-stringify": "^2.0.0",
-        "json-schema-traverse": "^0.4.1",
-        "uri-js": "^4.2.2"
-      },
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/epoberezkin"
-      }
-    },
-    "node_modules/webpack/node_modules/ajv-keywords": {
-      "version": "3.5.2",
-      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz",
-      "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==",
-      "dev": true,
-      "license": "MIT",
-      "peerDependencies": {
-        "ajv": "^6.9.1"
-      }
-    },
-    "node_modules/webpack/node_modules/json-schema-traverse": {
-      "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
-      "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==",
-      "dev": true,
-      "license": "MIT"
-    },
-    "node_modules/webpack/node_modules/schema-utils": {
-      "version": "3.3.0",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz",
-      "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@types/json-schema": "^7.0.8",
-        "ajv": "^6.12.5",
-        "ajv-keywords": "^3.5.2"
-      },
-      "engines": {
-        "node": ">= 10.13.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/webpack"
-      }
-    },
     "node_modules/whatwg-encoding": {
       "version": "3.1.1",
       "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-3.1.1.tgz",
@@ -7857,9 +7754,9 @@
       }
     },
     "node_modules/yocto-queue": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.1.1.tgz",
-      "integrity": "sha512-b4JR1PFR10y1mKjhHY9LaGo6tmrgjit7hxVIeAmyMw3jegXR4dhYqLaQF5zMXZxY7tLpMyJeLjr1C4rLmkVe8g==",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.2.0.tgz",
+      "integrity": "sha512-KHBC7z61OJeaMGnF3wqNZj+GGNXOyypZviiKpQeiHirG5Ib1ImwcLBH70rbMSkKfSmUNBsdf2PwaEJtKvgmkNw==",
       "dev": true,
       "license": "MIT",
       "engines": {
diff --git a/src/package.json b/src/package.json
index 468bfd7e3..9c50c93e1 100644
--- a/src/package.json
+++ b/src/package.json
@@ -19,7 +19,6 @@
     "@babel/preset-env": "^7.26.0",
     "@uswds/compile": "1.2.1",
     "babel-loader": "^9.2.1",
-    "sass-embedded-darwin-x64": "^1.85.1",
     "sass-loader": "^12.6.0",
     "webpack": "^5.96.1",
     "webpack-stream": "^7.0.0"

From 04007712cd2ff4149d6d1532bf03999423716ceb Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Thu, 6 Mar 2025 22:30:20 -0500
Subject: [PATCH 019/285] Cleanup

---
 docs/developer/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/developer/README.md b/docs/developer/README.md
index 63a4e08c6..442a13634 100644
--- a/docs/developer/README.md
+++ b/docs/developer/README.md
@@ -305,7 +305,7 @@ You can also compile the **Sass** at any time using `npx gulp compile`. Similarl
 
 We use the [CSS Block Element Modifier (BEM)](https://getbem.com/naming/) naming convention for our custom classes. This is in line with how USWDS [approaches](https://designsystem.digital.gov/whats-new/updates/2019/04/08/introducing-uswds-2-0/) their CSS class architecture and helps keep our code cohesive and readable.
 
-### Upgrading USWDS
+### Updating USWDS
 
 1. Version numbers can be manually controlled in `package.json`. Edit that, if desired.
 2. Now run `npx gulp updateUswds`. Refer to [official docs](https://designsystem.digital.gov/documentation/getting-started/developers/phase-two-compile/) to see what this is doing.

From 6ef3f50a7bcccd0157d81fa2566c517bf6467050 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 6 Mar 2025 22:46:12 -0500
Subject: [PATCH 020/285] fix portfolio javascript

---
 .../assets/src/js/getgov-admin/portfolio-form.js          | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov-admin/portfolio-form.js b/src/registrar/assets/src/js/getgov-admin/portfolio-form.js
index 74729c2b2..2e437c520 100644
--- a/src/registrar/assets/src/js/getgov-admin/portfolio-form.js
+++ b/src/registrar/assets/src/js/getgov-admin/portfolio-form.js
@@ -285,9 +285,11 @@ function handlePortfolioFields(){
                 handleStateTerritoryChange();
             });
         }
-        organizationTypeDropdown.addEventListener("change", function() {
-            handleOrganizationTypeChange();
-        });
+        if (organizationTypeDropdown) {
+            organizationTypeDropdown.addEventListener("change", function() {
+                handleOrganizationTypeChange();
+            });
+        }
     }
 
     // Run initial setup functions

From 952f1c35cc052dda6ccf21a15dcc2635efc44bed Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 7 Mar 2025 07:04:39 -0500
Subject: [PATCH 021/285] fixed place and remove hold

---
 src/registrar/admin.py                                    | 8 +++++---
 .../templates/django/admin/domain_change_form.html        | 2 ++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index d9b9509e1..020dc2540 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -4329,9 +4329,11 @@ class DomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         # Fixes a bug wherein users which are only is_staff
         # can access 'change' when GET,
         # but cannot access this page when it is a request of type POST.
-        if request.user.has_perm("registrar.full_access_permission") or request.user.has_perm(
-            "registrar.analyst_access_permission"
-        ) or request.user.has_perm("registrar.omb_analyst_access_permission"):
+        if (
+            request.user.has_perm("registrar.full_access_permission")
+            or request.user.has_perm("registrar.analyst_access_permission")
+            or request.user.has_perm("registrar.omb_analyst_access_permission")
+        ):
             return True
         return super().has_change_permission(request, obj)
 
diff --git a/src/registrar/templates/django/admin/domain_change_form.html b/src/registrar/templates/django/admin/domain_change_form.html
index 9f34feae6..2e6f57237 100644
--- a/src/registrar/templates/django/admin/domain_change_form.html
+++ b/src/registrar/templates/django/admin/domain_change_form.html
@@ -33,8 +33,10 @@
             <input type="submit" value="Remove hold" name="_remove_client_hold" class="custom-link-button">
             {% endif %}
             {% if original.state == original.State.READY or original.state == original.State.ON_HOLD %}
+            {% if not adminform.form.is_omb_analyst %}
             <span class="margin-left-05 margin-right-05 text-middle"> | </span>
             {% endif %}
+            {% endif %}
             {% if original.state != original.State.DELETED and not adminform.form.is_omb_analyst %}
             <a class="text-middle" href="#toggle-remove-from-registry" aria-controls="toggle-remove-from-registry" data-open-modal>
                 Remove from registry

From 237e79e4938bcee8186e46a5f8db83e9a60cceeb Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Fri, 7 Mar 2025 09:22:27 -0800
Subject: [PATCH 022/285] Add portfolio org email templates

---
 .../portfolio_org_update_notification.txt     | 34 +++++++++++++++++++
 ...tfolio_org_update_notification_subject.txt |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 src/registrar/templates/emails/portfolio_org_update_notification.txt
 create mode 100644 src/registrar/templates/emails/portfolio_org_update_notification_subject.txt

diff --git a/src/registrar/templates/emails/portfolio_org_update_notification.txt b/src/registrar/templates/emails/portfolio_org_update_notification.txt
new file mode 100644
index 000000000..80dfd2ecb
--- /dev/null
+++ b/src/registrar/templates/emails/portfolio_org_update_notification.txt
@@ -0,0 +1,34 @@
+{% autoescape off %}{# In a text file, we don't want to have HTML entities escaped #}
+Hi, {% if portfolio_admin and portfolio_admin.first_name %}
+
+An update was made to your .gov organization
+
+ORGANIZATION: {{ portfolio.organization_name }}
+UPDATED BY: {{ editor_email }}
+UPDATED ON: {{ date }}
+INFORMATION UPDATED: put page where info was edited here
+
+You can view this update in the .gov registrar <https://manage.get.gov>.
+
+----------------------------------------------------------------
+
+WHY DID YOU RECEIVE THIS EMAIL?
+You're listed as an admin for {{ $portfolio.organization_name }}, so you'll receive a
+notification whenever changes are made to that .gov organization.
+
+If you have questions or concerns, reach out to the person who made the change or reply
+to this email.
+
+THANK YOU
+.Gov helps the public identify official, trusted information. Thank you for using a .gov
+domain.
+
+----------------------------------------------------------------
+
+The .gov team
+Contact us: <https://get.gov/contact/>
+Learn about .gov <https://get.gov>
+
+The .gov registry is a part of the Cybersecurity and Infrastructure Security Agency
+(CISA) <https://cisa.gov/>
+{% endautoescape %}
diff --git a/src/registrar/templates/emails/portfolio_org_update_notification_subject.txt b/src/registrar/templates/emails/portfolio_org_update_notification_subject.txt
new file mode 100644
index 000000000..a30f72a54
--- /dev/null
+++ b/src/registrar/templates/emails/portfolio_org_update_notification_subject.txt
@@ -0,0 +1 @@
+An update was made to your .gov organization
\ No newline at end of file

From dd5d00ddcaf21536b466753fdd6b4aa5daf0c1b2 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Fri, 7 Mar 2025 15:49:07 -0800
Subject: [PATCH 023/285] Create portfolio org update email methods

---
 src/registrar/utility/email_invitations.py | 46 ++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index 08ebb4d86..eaac4f06a 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -226,6 +226,52 @@ def send_portfolio_invitation_email(email: str, requestor, portfolio, is_admin_i
         )
     return all_admin_emails_sent
 
+def send_portfolio_organization_update_email(editor, portfolio-portfolio):
+    """
+    Sends an email notification to all portfolio admin when portfolio organization is updated.
+
+    Raises exceptions for validation or email-sending issues.
+
+    Args:
+        editor (User): The user editing the portfolio organization.
+        portfolio (Portfolio): The portfolio object whose organization information is changed.
+
+    Returns:
+        Boolean indicating if all messages were sent successfully.
+
+    Raises:
+        MissingEmailError: If the requestor has no email associated with their account.
+        EmailSendingError: If there is an error while sending the email.
+    """
+    editor_email = _get_requestor_email(editor, portfolio=portfolio)
+    # Get each portfolio admin from list
+    user_portfolio_permissions = UserPortfolioPermission.objects.filter(
+        portfolio=portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+    ).exclude(user__email=editor_email)
+    for user_portfolio_permission in user_portfolio_permissions:
+        # Send email to each portfolio_admin
+        user = user_portfolio_permission.user
+        try:
+            send_templated_email(
+                "emails/portfolio_org_update_notification.txt",
+                "emails/portfolio_org_update_notification_subject.txt",
+                to_address=user.email,
+                context={
+                    "portfolio": portfolio,
+                    "editor_email": editor_email,
+                    "portfolio_admin": user,
+                    "date": date.today(),
+                },
+            )
+        except EmailSendingError:
+            logger.warning(
+                "Could not send email organization admin notification to %s " "for portfolio: %s",
+                user.email,
+                portfolio.organization_name,
+                exc_info=True,
+            )
+            all_emails_sent = False
+    return all_emails_sent
 
 def send_portfolio_member_permission_update_email(requestor, permissions: UserPortfolioPermission):
     """

From 7994484fed1d15e308a5ce16b0bcd6fe0b1be43c Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 7 Mar 2025 19:36:24 -0500
Subject: [PATCH 024/285] DomainInvitationAdmin tests

---
 src/registrar/admin.py            |   2 +-
 src/registrar/tests/common.py     |  19 +++++
 src/registrar/tests/test_admin.py | 125 ++++++++++++++++++++++++++++--
 3 files changed, 140 insertions(+), 6 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 020dc2540..c72c5271a 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -1820,7 +1820,7 @@ class DomainInvitationAdmin(BaseInvitationAdmin):
             if request.user.groups.filter(name="omb_analysts_group").exists():
                 return (
                     obj.domain.domain_info.converted_generic_org_type == DomainRequest.OrganizationChoices.FEDERAL
-                    and obj.domain.domain_info.federal_type == BranchChoices.EXECUTIVE
+                    and obj.domain.domain_info.converted_federal_type == BranchChoices.EXECUTIVE
                 )
         return super().has_view_permission(request, obj)
 
diff --git a/src/registrar/tests/common.py b/src/registrar/tests/common.py
index bb65ef6b1..7b6068c6a 100644
--- a/src/registrar/tests/common.py
+++ b/src/registrar/tests/common.py
@@ -1009,6 +1009,25 @@ def create_user(**kwargs):
     user.groups.set([group])
     return user
 
+def create_omb_analyst_user(**kwargs):
+    """Creates a analyst user with is_staff=True and the group cisa_analysts_group"""
+    User = get_user_model()
+    p = "userpass"
+    user = User.objects.create_user(
+        username=kwargs.get("username", "ombanalystuser"),
+        email=kwargs.get("email", "ombanalyst@example.com"),
+        first_name=kwargs.get("first_name", "first"),
+        last_name=kwargs.get("last_name", "last"),
+        is_staff=kwargs.get("is_staff", True),
+        title=kwargs.get("title", "title"),
+        password=kwargs.get("password", p),
+        phone=kwargs.get("phone", "8003111234"),
+    )
+    # Retrieve the group or create it if it doesn't exist
+    group, _ = UserGroup.objects.get_or_create(name="omb_analysts_group")
+    # Add the user to the group
+    user.groups.set([group])
+    return user
 
 def create_test_user():
     username = "test_user"
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 1de6b1be3..3f2edbafb 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -3,6 +3,7 @@ from django.utils import timezone
 from django.test import TestCase, RequestFactory, Client
 from django.contrib.admin.sites import AdminSite
 from registrar import models
+from registrar.utility.constants import BranchChoices
 from registrar.utility.email import EmailSendingError
 from registrar.utility.errors import MissingEmailError
 from waffle.testutils import override_flag
@@ -57,6 +58,7 @@ from .common import (
     MockDbForSharedTests,
     AuditedAdminMockData,
     completed_domain_request,
+    create_omb_analyst_user,
     create_test_user,
     generic_domain_object,
     less_console_noise,
@@ -136,18 +138,21 @@ class TestDomainInvitationAdmin(WebTest):
     csrf_checks = False
 
     @classmethod
-    def setUpClass(self):
+    def setUpClass(cls):
         super().setUpClass()
-        self.site = AdminSite()
-        self.factory = RequestFactory()
-        self.superuser = create_superuser()
+        cls.site = AdminSite()
+        cls.factory = RequestFactory()
 
     def setUp(self):
         super().setUp()
+        self.superuser = create_superuser()
+        self.cisa_analyst = create_user()
+        self.omb_analyst = create_omb_analyst_user()
         self.admin = ListHeaderAdmin(model=DomainInvitationAdmin, admin_site=AdminSite())
         self.domain = Domain.objects.create(name="example.com")
+        self.fed_agency = FederalAgency.objects.create(agency="New FedExec Agency", federal_type=BranchChoices.EXECUTIVE)
         self.portfolio = Portfolio.objects.create(organization_name="new portfolio", creator=self.superuser)
-        DomainInformation.objects.create(domain=self.domain, portfolio=self.portfolio, creator=self.superuser)
+        self.domain_info = DomainInformation.objects.create(domain=self.domain, portfolio=self.portfolio, creator=self.superuser)
         """Create a client object"""
         self.client = Client(HTTP_HOST="localhost:8080")
         self.client.force_login(self.superuser)
@@ -159,10 +164,120 @@ class TestDomainInvitationAdmin(WebTest):
         DomainInvitation.objects.all().delete()
         DomainInformation.objects.all().delete()
         Portfolio.objects.all().delete()
+        self.fed_agency.delete()
         Domain.objects.all().delete()
         Contact.objects.all().delete()
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_analyst_view(self):
+        """Ensure regular analysts can view domain invitations."""
+        invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
+        self.client.force_login(self.cisa_analyst)
+        response = self.client.get(reverse("admin:registrar_domaininvitation_changelist"))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, invitation.email)
+
+    @less_console_noise_decorator
+    def test_omb_analyst_view_non_feb_domain(self):
+        """Ensure OMB analysts cannot view non-federal domains."""
+        invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_domaininvitation_changelist"))
+        self.assertNotContains(response, invitation.email)
+
+    @less_console_noise_decorator
+    def test_omb_analyst_view_feb_domain(self):
+        """Ensure OMB analysts can view federal executive branch domains."""
+        invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
+        self.portfolio.organization_type = DomainRequest.OrganizationChoices.FEDERAL
+        self.portfolio.federal_agency = self.fed_agency
+        self.portfolio.save()
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_domaininvitation_changelist"))
+        self.assertContains(response, invitation.email)
+
+    @less_console_noise_decorator      
+    def test_superuser_view(self):
+        """Ensure superusers can view domain invitations."""
+        invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
+        response = self.client.get(reverse("admin:registrar_domaininvitation_changelist"))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, invitation.email)
+
+    @less_console_noise_decorator
+    def test_analyst_change(self):
+        """Ensure regular analysts can view domain invitations but not update."""
+        invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
+        self.client.force_login(self.cisa_analyst)
+        response = self.client.get(reverse("admin:registrar_domaininvitation_change", args=[invitation.id]))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, invitation.email)
+        # test whether fields are readonly or editable
+        self.assertNotContains(response, "id_domain")
+        self.assertNotContains(response, "id_email")
+
+    @less_console_noise_decorator
+    def test_omb_analyst_change_non_feb_domain(self):
+        """Ensure OMB analysts cannot change non-federal domains."""
+        invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_domaininvitation_change", args=[invitation.id]))
+        self.assertEqual(response.status_code, 302)
+
+    @less_console_noise_decorator
+    def test_omb_analyst_change_feb_domain(self):
+        """Ensure OMB analysts can view federal executive branch domains."""
+        invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
+        # update domain 
+        self.portfolio.organization_type = DomainRequest.OrganizationChoices.FEDERAL
+        self.portfolio.federal_agency = self.fed_agency
+        self.portfolio.save()
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_domaininvitation_change", args=[invitation.id]))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, invitation.email)
+        # test whether fields are readonly or editable
+        self.assertNotContains(response, "id_domain")
+        self.assertNotContains(response, "id_email")
+
+    @less_console_noise_decorator
+    def test_superuser_change(self):
+        """Ensure superusers can change domain invitations."""
+        invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
+        response = self.client.get(reverse("admin:registrar_domaininvitation_change", args=[invitation.id]))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, invitation.email)
+        # test whether fields are readonly or editable
+        self.assertContains(response, "id_domain")
+        self.assertContains(response, "id_email")
+
+    @less_console_noise_decorator
+    def test_omb_analyst_filter_feb_domain(self):
+        """Ensure OMB analysts can apply filters and only federal executive branch domains show."""
+        # create invitation on domain that is not FEB
+        invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_domaininvitation_changelist"), {"status": DomainInvitation.DomainInvitationStatus.INVITED})
+        self.assertNotContains(response, invitation.email)
+        # update domain 
+        self.portfolio.organization_type = DomainRequest.OrganizationChoices.FEDERAL
+        self.portfolio.federal_agency = self.fed_agency
+        self.portfolio.save()
+        response = self.client.get(reverse("admin:registrar_domaininvitation_changelist"), {"status": DomainInvitation.DomainInvitationStatus.INVITED})
+        self.assertContains(response, invitation.email)
+
+    # test_analyst_view
+    # test_omb_analyst_view_non_feb_domain
+    # test_omb_analyst_view_feb_domain
+    # test_superuser_view
+    # test_analyst_change
+    # test_omb_analyst_change_non_feb_domain
+    # test_omb_analyst_change_feb_domain
+    # test_superuser
+    # test_filter_feb
+
+
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""

From 8fb349f0b953c8e8357846ab65295607e1ad2b72 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Fri, 7 Mar 2025 16:50:11 -0800
Subject: [PATCH 025/285] Save email template progress

---
 .../portfolio_org_update_notification.txt     |  8 ++++----
 src/registrar/utility/email_invitations.py    | 10 +++++-----
 src/registrar/views/portfolios.py             | 19 ++++++++++++++++++-
 3 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/src/registrar/templates/emails/portfolio_org_update_notification.txt b/src/registrar/templates/emails/portfolio_org_update_notification.txt
index 80dfd2ecb..639f08fdf 100644
--- a/src/registrar/templates/emails/portfolio_org_update_notification.txt
+++ b/src/registrar/templates/emails/portfolio_org_update_notification.txt
@@ -1,10 +1,10 @@
 {% autoescape off %}{# In a text file, we don't want to have HTML entities escaped #}
-Hi, {% if portfolio_admin and portfolio_admin.first_name %}
+Hi, {% if portfolio_admin and portfolio_admin.first_name %}{% endif %}
 
 An update was made to your .gov organization
 
-ORGANIZATION: {{ portfolio.organization_name }}
-UPDATED BY: {{ editor_email }}
+ORGANIZATION: {{ portfolio }}
+UPDATED BY: {{ editor.email }}
 UPDATED ON: {{ date }}
 INFORMATION UPDATED: put page where info was edited here
 
@@ -13,7 +13,7 @@ You can view this update in the .gov registrar <https://manage.get.gov>.
 ----------------------------------------------------------------
 
 WHY DID YOU RECEIVE THIS EMAIL?
-You're listed as an admin for {{ $portfolio.organization_name }}, so you'll receive a
+You're listed as an admin for {{ portfolio }}, so you'll receive a
 notification whenever changes are made to that .gov organization.
 
 If you have questions or concerns, reach out to the person who made the change or reply
diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index eaac4f06a..df1ee1bd4 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -226,7 +226,7 @@ def send_portfolio_invitation_email(email: str, requestor, portfolio, is_admin_i
         )
     return all_admin_emails_sent
 
-def send_portfolio_organization_update_email(editor, portfolio-portfolio):
+def send_portfolio_organization_update_email(editor, portfolio):
     """
     Sends an email notification to all portfolio admin when portfolio organization is updated.
 
@@ -243,7 +243,7 @@ def send_portfolio_organization_update_email(editor, portfolio-portfolio):
         MissingEmailError: If the requestor has no email associated with their account.
         EmailSendingError: If there is an error while sending the email.
     """
-    editor_email = _get_requestor_email(editor, portfolio=portfolio)
+    editor_email = editor.email
     # Get each portfolio admin from list
     user_portfolio_permissions = UserPortfolioPermission.objects.filter(
         portfolio=portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
@@ -258,7 +258,7 @@ def send_portfolio_organization_update_email(editor, portfolio-portfolio):
                 to_address=user.email,
                 context={
                     "portfolio": portfolio,
-                    "editor_email": editor_email,
+                    "editor": editor,
                     "portfolio_admin": user,
                     "date": date.today(),
                 },
@@ -267,7 +267,7 @@ def send_portfolio_organization_update_email(editor, portfolio-portfolio):
             logger.warning(
                 "Could not send email organization admin notification to %s " "for portfolio: %s",
                 user.email,
-                portfolio.organization_name,
+                portfolio,
                 exc_info=True,
             )
             all_emails_sent = False
@@ -444,7 +444,7 @@ def _send_portfolio_admin_addition_emails_to_portfolio_admins(email: str, reques
             logger.warning(
                 "Could not send email organization admin notification to %s " "for portfolio: %s",
                 user.email,
-                portfolio.organization_name,
+                portfolio,
                 exc_info=True,
             )
             all_emails_sent = False
diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index 1882cc11b..5d33adf17 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -35,6 +35,7 @@ from registrar.utility.email_invitations import (
     send_portfolio_invitation_remove_email,
     send_portfolio_member_permission_remove_email,
     send_portfolio_member_permission_update_email,
+    send_portfolio_organization_update_email
 )
 from registrar.utility.errors import MissingEmailError
 from registrar.utility.enums import DefaultUserValues
@@ -840,7 +841,23 @@ class PortfolioOrganizationView(DetailView, FormMixin):
         self.object = self.get_object()
         form = self.get_form()
         if form.is_valid():
-            return self.form_valid(form)
+            user=request.user
+            try:
+                if not send_portfolio_organization_update_email(
+                    editor=user, portfolio=self.request.session.get("portfolio")
+                ):
+                    messages.warning(self.request, f"Could not send email notification to {user.email}.")
+                    return redirect(reverse("organization"))
+            except Exception as e:
+                messages.error(
+                    request,
+                    f"An unexpected error occurred: {str(e)}. If the issue persists, "
+                    f"please contact {DefaultUserValues.HELP_EMAIL}.",
+                )
+                logger.error(f"An unexpected error occurred: {str(e)}.", exc_info=True)
+                return None
+            messages.success(self.request, "The portfolio organization information has been updated.")
+            return redirect(reverse("organization"))
         else:
             return self.form_invalid(form)
 

From 394147d657bca5371a9be53d04791ab1a2e8d638 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 7 Mar 2025 19:51:40 -0500
Subject: [PATCH 026/285] DomainInvitationAdmin tests

---
 src/registrar/tests/common.py     |  2 ++
 src/registrar/tests/test_admin.py | 34 +++++++++++++++++++++++--------
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/src/registrar/tests/common.py b/src/registrar/tests/common.py
index 7b6068c6a..622bd5b22 100644
--- a/src/registrar/tests/common.py
+++ b/src/registrar/tests/common.py
@@ -1009,6 +1009,7 @@ def create_user(**kwargs):
     user.groups.set([group])
     return user
 
+
 def create_omb_analyst_user(**kwargs):
     """Creates a analyst user with is_staff=True and the group cisa_analysts_group"""
     User = get_user_model()
@@ -1029,6 +1030,7 @@ def create_omb_analyst_user(**kwargs):
     user.groups.set([group])
     return user
 
+
 def create_test_user():
     username = "test_user"
     first_name = "First"
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 3f2edbafb..a21bfd4f2 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -150,9 +150,13 @@ class TestDomainInvitationAdmin(WebTest):
         self.omb_analyst = create_omb_analyst_user()
         self.admin = ListHeaderAdmin(model=DomainInvitationAdmin, admin_site=AdminSite())
         self.domain = Domain.objects.create(name="example.com")
-        self.fed_agency = FederalAgency.objects.create(agency="New FedExec Agency", federal_type=BranchChoices.EXECUTIVE)
+        self.fed_agency = FederalAgency.objects.create(
+            agency="New FedExec Agency", federal_type=BranchChoices.EXECUTIVE
+        )
         self.portfolio = Portfolio.objects.create(organization_name="new portfolio", creator=self.superuser)
-        self.domain_info = DomainInformation.objects.create(domain=self.domain, portfolio=self.portfolio, creator=self.superuser)
+        self.domain_info = DomainInformation.objects.create(
+            domain=self.domain, portfolio=self.portfolio, creator=self.superuser
+        )
         """Create a client object"""
         self.client = Client(HTTP_HOST="localhost:8080")
         self.client.force_login(self.superuser)
@@ -197,7 +201,7 @@ class TestDomainInvitationAdmin(WebTest):
         response = self.client.get(reverse("admin:registrar_domaininvitation_changelist"))
         self.assertContains(response, invitation.email)
 
-    @less_console_noise_decorator      
+    @less_console_noise_decorator
     def test_superuser_view(self):
         """Ensure superusers can view domain invitations."""
         invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
@@ -216,6 +220,9 @@ class TestDomainInvitationAdmin(WebTest):
         # test whether fields are readonly or editable
         self.assertNotContains(response, "id_domain")
         self.assertNotContains(response, "id_email")
+        self.assertContains(response, "closelink")
+        self.assertNotContains(response, "Save")
+        self.assertNotContains(response, "Delete")
 
     @less_console_noise_decorator
     def test_omb_analyst_change_non_feb_domain(self):
@@ -229,7 +236,7 @@ class TestDomainInvitationAdmin(WebTest):
     def test_omb_analyst_change_feb_domain(self):
         """Ensure OMB analysts can view federal executive branch domains."""
         invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
-        # update domain 
+        # update domain
         self.portfolio.organization_type = DomainRequest.OrganizationChoices.FEDERAL
         self.portfolio.federal_agency = self.fed_agency
         self.portfolio.save()
@@ -240,6 +247,9 @@ class TestDomainInvitationAdmin(WebTest):
         # test whether fields are readonly or editable
         self.assertNotContains(response, "id_domain")
         self.assertNotContains(response, "id_email")
+        self.assertContains(response, "closelink")
+        self.assertNotContains(response, "Save")
+        self.assertNotContains(response, "Delete")
 
     @less_console_noise_decorator
     def test_superuser_change(self):
@@ -251,6 +261,9 @@ class TestDomainInvitationAdmin(WebTest):
         # test whether fields are readonly or editable
         self.assertContains(response, "id_domain")
         self.assertContains(response, "id_email")
+        self.assertNotContains(response, "closelink")
+        self.assertContains(response, "Save")
+        self.assertContains(response, "Delete")
 
     @less_console_noise_decorator
     def test_omb_analyst_filter_feb_domain(self):
@@ -258,13 +271,19 @@ class TestDomainInvitationAdmin(WebTest):
         # create invitation on domain that is not FEB
         invitation = DomainInvitation.objects.create(email="test@example.com", domain=self.domain)
         self.client.force_login(self.omb_analyst)
-        response = self.client.get(reverse("admin:registrar_domaininvitation_changelist"), {"status": DomainInvitation.DomainInvitationStatus.INVITED})
+        response = self.client.get(
+            reverse("admin:registrar_domaininvitation_changelist"),
+            {"status": DomainInvitation.DomainInvitationStatus.INVITED},
+        )
         self.assertNotContains(response, invitation.email)
-        # update domain 
+        # update domain
         self.portfolio.organization_type = DomainRequest.OrganizationChoices.FEDERAL
         self.portfolio.federal_agency = self.fed_agency
         self.portfolio.save()
-        response = self.client.get(reverse("admin:registrar_domaininvitation_changelist"), {"status": DomainInvitation.DomainInvitationStatus.INVITED})
+        response = self.client.get(
+            reverse("admin:registrar_domaininvitation_changelist"),
+            {"status": DomainInvitation.DomainInvitationStatus.INVITED},
+        )
         self.assertContains(response, invitation.email)
 
     # test_analyst_view
@@ -277,7 +296,6 @@ class TestDomainInvitationAdmin(WebTest):
     # test_superuser
     # test_filter_feb
 
-
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""

From fb4e278ba5e3cbaafc5bc5f348f5c7ececc59f19 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 7 Mar 2025 20:14:44 -0500
Subject: [PATCH 027/285] UserPortfolioPermissionAdmin tests

---
 src/registrar/tests/test_admin.py | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index a21bfd4f2..e17c311ec 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -286,16 +286,6 @@ class TestDomainInvitationAdmin(WebTest):
         )
         self.assertContains(response, invitation.email)
 
-    # test_analyst_view
-    # test_omb_analyst_view_non_feb_domain
-    # test_omb_analyst_view_feb_domain
-    # test_superuser_view
-    # test_analyst_change
-    # test_omb_analyst_change_non_feb_domain
-    # test_omb_analyst_change_feb_domain
-    # test_superuser
-    # test_filter_feb
-
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""
@@ -1272,6 +1262,7 @@ class TestUserPortfolioPermissionAdmin(TestCase):
         self.client = Client(HTTP_HOST="localhost:8080")
         self.superuser = create_superuser()
         self.testuser = create_test_user()
+        self.omb_analyst = create_omb_analyst_user()
         self.portfolio = Portfolio.objects.create(organization_name="Test Portfolio", creator=self.superuser)
 
     def tearDown(self):
@@ -1281,6 +1272,26 @@ class TestUserPortfolioPermissionAdmin(TestCase):
         User.objects.all().delete()
         UserPortfolioPermission.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts cannot view user portfolio permissions list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_userportfoliopermission_changelist"))
+        self.assertEqual(response.status_code, 403)
+
+    @less_console_noise_decorator
+    def test_omb_analyst_change(self):
+        """Ensure OMB analysts cannot change user portfolio permission."""
+        self.client.force_login(self.omb_analyst)
+        user_portfolio_permission, _ = UserPortfolioPermission.objects.get_or_create(
+            user=self.superuser, portfolio=self.portfolio, roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+        )
+        response = self.client.get(
+            "/admin/registrar/userportfoliopermission/{}/change/".format(user_portfolio_permission.pk),
+            follow=True,
+        )
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_has_change_form_description(self):
         """Tests if this model has a model description on the change form view"""

From a2091c54958486d0fa56b3f3b2c412a7b12e1c25 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 7 Mar 2025 20:21:12 -0500
Subject: [PATCH 028/285] PortfolioInvitationAdmin tests

---
 src/registrar/tests/test_admin.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index e17c311ec..156e8566a 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -1348,6 +1348,7 @@ class TestPortfolioInvitationAdmin(TestCase):
     def setUp(self):
         """Create a client object"""
         self.client = Client(HTTP_HOST="localhost:8080")
+        self.omb_analyst = create_omb_analyst_user()
         self.portfolio = Portfolio.objects.create(organization_name="Test Portfolio", creator=self.superuser)
 
     def tearDown(self):
@@ -1361,6 +1362,26 @@ class TestPortfolioInvitationAdmin(TestCase):
     def tearDownClass(self):
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts cannot view portfolio invitations list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_portfolioinvitation_changelist"))
+        self.assertEqual(response.status_code, 403)
+
+    @less_console_noise_decorator
+    def test_omb_analyst_change(self):
+        """Ensure OMB analysts cannot change portfolio invitation."""
+        self.client.force_login(self.omb_analyst)
+        invitation, _ = PortfolioInvitation.objects.get_or_create(
+            email=self.superuser.email, portfolio=self.portfolio, roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+        )
+        response = self.client.get(
+            "/admin/registrar/portfolioinvitation/{}/change/".format(invitation.pk),
+            follow=True,
+        )
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""

From 3bf8333f3dd87546644b9a844ab976771257e01a Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sat, 8 Mar 2025 07:20:49 -0500
Subject: [PATCH 029/285] TestDomainInformationAdmin tests

---
 src/registrar/tests/test_admin.py | 71 +++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 156e8566a..f9b9b1980 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -1956,6 +1956,7 @@ class TestHostAdmin(TestCase):
         cls.factory = RequestFactory()
         cls.admin = MyHostAdmin(model=Host, admin_site=cls.site)
         cls.superuser = create_superuser()
+        cls.omb_analyst = create_omb_analyst_user()
 
     def setUp(self):
         """Setup environment for a mock admin user"""
@@ -1971,6 +1972,13 @@ class TestHostAdmin(TestCase):
     def tearDownClass(cls):
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts cannot view hosts list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_host_changelist"))
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""
@@ -2035,6 +2043,7 @@ class TestDomainInformationAdmin(TestCase):
         cls.admin = DomainInformationAdmin(model=DomainInformation, admin_site=cls.site)
         cls.superuser = create_superuser()
         cls.staffuser = create_user()
+        cls.omb_analyst = create_omb_analyst_user()
         cls.mock_data_generator = AuditedAdminMockData()
         cls.test_helper = GenericTestHelper(
             factory=cls.factory,
@@ -2046,12 +2055,24 @@ class TestDomainInformationAdmin(TestCase):
 
     def setUp(self):
         self.client = Client(HTTP_HOST="localhost:8080")
+        self.nonfeddomain = Domain.objects.create(name="nonfeddomain.com")
+        self.feddomain = Domain.objects.create(name="feddomain.com")
+        self.fed_agency = FederalAgency.objects.create(
+            agency="New FedExec Agency", federal_type=BranchChoices.EXECUTIVE
+        )
+        self.portfolio = Portfolio.objects.create(organization_name="new portfolio", creator=self.superuser)
+        self.domain_info = DomainInformation.objects.create(
+            domain=self.feddomain, portfolio=self.portfolio, creator=self.superuser
+        )
 
     def tearDown(self):
         """Delete all Users, Domains, and UserDomainRoles"""
         DomainInformation.objects.all().delete()
         DomainRequest.objects.all().delete()
         Domain.objects.all().delete()
+        DomainInformation.objects.all().delete()
+        Portfolio.objects.all().delete()
+        self.fed_agency.delete()
         Contact.objects.all().delete()
 
     @classmethod
@@ -2059,6 +2080,56 @@ class TestDomainInformationAdmin(TestCase):
         User.objects.all().delete()
         SeniorOfficial.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_analyst_view(self):
+        """Ensure regular analysts cannot view domain information list."""
+        self.client.force_login(self.staffuser)
+        response = self.client.get(reverse("admin:registrar_domaininformation_changelist"))
+        self.assertEqual(response.status_code, 403)
+
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts cannot view domain information list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_domaininformation_changelist"))
+        self.assertEqual(response.status_code, 403)
+
+    @less_console_noise_decorator
+    def test_superuser_view(self):
+        """Ensure superusers can view domain information list."""
+        self.client.force_login(self.superuser)
+        response = self.client.get(reverse("admin:registrar_domaininformation_changelist"))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.feddomain.name)
+
+    @less_console_noise_decorator
+    def test_analyst_change(self):
+        """Ensure regular analysts cannot view/edit domain information directly."""
+        self.client.force_login(self.staffuser)
+        response = self.client.get(
+            reverse("admin:registrar_domaininformation_change", args=[self.feddomain.domain_info.id])
+        )
+        self.assertEqual(response.status_code, 403)
+
+    @less_console_noise_decorator
+    def test_omb_analyst_change(self):
+        """Ensure OMB analysts cannot view/edit domain information directly."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(
+            reverse("admin:registrar_domaininformation_change", args=[self.feddomain.domain_info.id])
+        )
+        self.assertEqual(response.status_code, 403)
+
+    @less_console_noise_decorator
+    def test_superuser_change(self):
+        """Ensure superusers can view/change domain information directly."""
+        self.client.force_login(self.superuser)
+        response = self.client.get(
+            reverse("admin:registrar_domaininformation_change", args=[self.feddomain.domain_info.id])
+        )
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.feddomain.name)
+
     @less_console_noise_decorator
     def test_domain_information_senior_official_is_alphabetically_sorted(self):
         """Tests if the senior offical dropdown is alphanetically sorted in the django admin display"""

From b8636b3473ebbdf5d842a0589e1ec05a60bfac2e Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sat, 8 Mar 2025 07:32:49 -0500
Subject: [PATCH 030/285] TestUserDomainRoleAdmin tests

---
 src/registrar/tests/test_admin.py | 35 +++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index f9b9b1980..ccb54747a 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -1956,6 +1956,7 @@ class TestHostAdmin(TestCase):
         cls.factory = RequestFactory()
         cls.admin = MyHostAdmin(model=Host, admin_site=cls.site)
         cls.superuser = create_superuser()
+        cls.staffuser = create_user()
         cls.omb_analyst = create_omb_analyst_user()
 
     def setUp(self):
@@ -1972,6 +1973,13 @@ class TestHostAdmin(TestCase):
     def tearDownClass(cls):
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_analyst_view(self):
+        """Ensure analysts cannot view hosts list."""
+        self.client.force_login(self.staffuser)
+        response = self.client.get(reverse("admin:registrar_host_changelist"))
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_omb_analyst_view(self):
         """Ensure OMB analysts cannot view hosts list."""
@@ -2494,6 +2502,8 @@ class TestUserDomainRoleAdmin(WebTest):
         cls.factory = RequestFactory()
         cls.admin = UserDomainRoleAdmin(model=UserDomainRole, admin_site=cls.site)
         cls.superuser = create_superuser()
+        cls.staffuser = create_user()
+        cls.omb_analyst = create_omb_analyst_user()
         cls.test_helper = GenericTestHelper(
             factory=cls.factory,
             user=cls.superuser,
@@ -2521,6 +2531,31 @@ class TestUserDomainRoleAdmin(WebTest):
         super().tearDownClass()
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_analyst_view(self):
+        """Ensure analysts cannot view user domain roles list."""
+        self.client.force_login(self.staffuser)
+        response = self.client.get(reverse("admin:registrar_userdomainrole_changelist"))
+        self.assertEqual(response.status_code, 200)
+
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts cannot view user domain roles list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_userdomainrole_changelist"))
+        self.assertEqual(response.status_code, 403)
+
+    @less_console_noise_decorator
+    def test_omb_analyst_change(self):
+        """Ensure OMB analysts cannot view/edit user domain roles list."""
+        domain, _ = Domain.objects.get_or_create(name="anyrandomdomain.com")
+        user_domain_role, _ = UserDomainRole.objects.get_or_create(
+            user=self.superuser, domain=domain, role=[UserDomainRole.Roles.MANAGER]
+        )
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_userdomainrole_change", args=[user_domain_role.id]))
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""

From 8ef58f6053e38f7facdf0cc94e817c793fc23a69 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sat, 8 Mar 2025 07:41:38 -0500
Subject: [PATCH 031/285] TestNyUserAdmin and ContactAdmin tests

---
 src/registrar/tests/test_admin.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index ccb54747a..214160c14 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -2851,6 +2851,7 @@ class TestMyUserAdmin(MockDbForSharedTests, WebTest):
         cls.admin = MyUserAdmin(model=get_user_model(), admin_site=admin_site)
         cls.superuser = create_superuser()
         cls.staffuser = create_user()
+        cls.omb_analyst = create_omb_analyst_user()
         cls.test_helper = GenericTestHelper(admin=cls.admin)
 
     def setUp(self):
@@ -2867,6 +2868,13 @@ class TestMyUserAdmin(MockDbForSharedTests, WebTest):
         super().tearDownClass()
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts cannot view users list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_user_changelist"))
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""
@@ -3492,6 +3500,7 @@ class TestContactAdmin(TestCase):
         cls.admin = ContactAdmin(model=Contact, admin_site=None)
         cls.superuser = create_superuser()
         cls.staffuser = create_user()
+        cls.omb_analyst = create_omb_analyst_user()
 
     def setUp(self):
         super().setUp()
@@ -3507,6 +3516,13 @@ class TestContactAdmin(TestCase):
         super().tearDownClass()
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts cannot view contact list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_contact_changelist"))
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""

From 67ed777900446205e1e90ec2f7245f694c8148b2 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sat, 8 Mar 2025 07:53:51 -0500
Subject: [PATCH 032/285] DraftDomain Website and VerifiedByStaff Admin tests

---
 src/registrar/tests/test_admin.py | 45 +++++++++++++++++++------------
 1 file changed, 28 insertions(+), 17 deletions(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 214160c14..f8358a966 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -3569,6 +3569,7 @@ class TestVerifiedByStaffAdmin(TestCase):
         super().setUpClass()
         cls.site = AdminSite()
         cls.superuser = create_superuser()
+        cls.omb_analyst = create_omb_analyst_user()
         cls.admin = VerifiedByStaffAdmin(model=VerifiedByStaff, admin_site=cls.site)
         cls.factory = RequestFactory()
         cls.test_helper = GenericTestHelper(admin=cls.admin)
@@ -3586,18 +3587,20 @@ class TestVerifiedByStaffAdmin(TestCase):
         super().tearDownClass()
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts cannot view verified by staff list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_verifiedbystaff_changelist"))
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""
         self.client.force_login(self.superuser)
-        response = self.client.get(
-            "/admin/registrar/verifiedbystaff/",
-            follow=True,
-        )
-
+        response = self.client.get(reverse("admin:registrar_verifiedbystaff_changelist"))
         # Make sure that the page is loaded correctly
         self.assertEqual(response.status_code, 200)
-
         # Test for a description snippet
         self.assertContains(
             response, "This table contains users who have been allowed to bypass " "identity proofing through Login.gov"
@@ -3652,6 +3655,7 @@ class TestWebsiteAdmin(TestCase):
         super().setUp()
         self.site = AdminSite()
         self.superuser = create_superuser()
+        self.omb_analyst = create_omb_analyst_user()
         self.admin = WebsiteAdmin(model=Website, admin_site=self.site)
         self.factory = RequestFactory()
         self.client = Client(HTTP_HOST="localhost:8080")
@@ -3662,15 +3666,18 @@ class TestWebsiteAdmin(TestCase):
         Website.objects.all().delete()
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts cannot view website list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_website_changelist"))
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""
         self.client.force_login(self.superuser)
-        response = self.client.get(
-            "/admin/registrar/website/",
-            follow=True,
-        )
-
+        response = self.client.get(reverse("admin:registrar_website_changelist"))
         # Make sure that the page is loaded correctly
         self.assertEqual(response.status_code, 200)
 
@@ -3679,13 +3686,14 @@ class TestWebsiteAdmin(TestCase):
         self.assertContains(response, "Show more")
 
 
-class TestDraftDomain(TestCase):
+class TestDraftDomainAdmin(TestCase):
 
     @classmethod
     def setUpClass(cls):
         super().setUpClass()
         cls.site = AdminSite()
         cls.superuser = create_superuser()
+        cls.omb_analyst = create_omb_analyst_user()
         cls.admin = DraftDomainAdmin(model=DraftDomain, admin_site=cls.site)
         cls.factory = RequestFactory()
         cls.test_helper = GenericTestHelper(admin=cls.admin)
@@ -3703,15 +3711,18 @@ class TestDraftDomain(TestCase):
         super().tearDownClass()
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts cannot view draft domain list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_draftdomain_changelist"))
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""
         self.client.force_login(self.superuser)
-        response = self.client.get(
-            "/admin/registrar/draftdomain/",
-            follow=True,
-        )
-
+        response = self.client.get(reverse("admin:registrar_draftdomain_changelist"))
         # Make sure that the page is loaded correctly
         self.assertEqual(response.status_code, 200)
 

From 17b7c83b4555481949849b889a78259aed9ab4a8 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sat, 8 Mar 2025 08:44:37 -0500
Subject: [PATCH 033/285] FederalAgency Admin tests

---
 src/registrar/tests/test_admin.py | 104 +++++++++++++++++++++++++++++-
 1 file changed, 103 insertions(+), 1 deletion(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index f8358a966..8a79ccba5 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -3733,13 +3733,21 @@ class TestDraftDomainAdmin(TestCase):
         self.assertContains(response, "Show more")
 
 
-class TestFederalAgency(TestCase):
+class TestFederalAgencyAdmin(TestCase):
 
     @classmethod
     def setUpClass(cls):
         super().setUpClass()
         cls.site = AdminSite()
         cls.superuser = create_superuser()
+        cls.staffuser = create_user()
+        cls.omb_analyst = create_omb_analyst_user()
+        cls.non_feb_agency = FederalAgency.objects.create(
+            agency="Fake judicial agency", federal_type=BranchChoices.JUDICIAL
+        )
+        cls.feb_agency = FederalAgency.objects.create(
+            agency="Fake executive agency", federal_type=BranchChoices.EXECUTIVE
+        )
         cls.admin = FederalAgencyAdmin(model=FederalAgency, admin_site=cls.site)
         cls.factory = RequestFactory()
         cls.test_helper = GenericTestHelper(admin=cls.admin)
@@ -3752,6 +3760,100 @@ class TestFederalAgency(TestCase):
         super().tearDownClass()
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_analyst_view(self):
+        """Ensure regular analysts can view federal agencies."""
+        self.client.force_login(self.staffuser)
+        response = self.client.get(reverse("admin:registrar_federalagency_changelist"))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.non_feb_agency.agency)
+        self.assertContains(response, self.feb_agency.agency)
+
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts can view FEB agencies but not other branches."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_federalagency_changelist"))
+        self.assertEqual(response.status_code, 200)
+        self.assertNotContains(response, self.non_feb_agency.agency)
+        self.assertContains(response, self.feb_agency.agency)
+
+    @less_console_noise_decorator
+    def test_superuser_view(self):
+        """Ensure superusers can view domain invitations."""
+        self.client.force_login(self.superuser)
+        response = self.client.get(reverse("admin:registrar_federalagency_changelist"))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.non_feb_agency.agency)
+        self.assertContains(response, self.feb_agency.agency)
+
+    @less_console_noise_decorator
+    def test_analyst_change(self):
+        """Ensure regular analysts can view/edit federal agencies list."""
+        self.client.force_login(self.staffuser)
+        response = self.client.get(reverse("admin:registrar_federalagency_change", args=[self.non_feb_agency.id]))
+        self.assertEqual(response.status_code, 200)
+        response = self.client.get(reverse("admin:registrar_federalagency_change", args=[self.feb_agency.id]))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.feb_agency.agency)
+        # test whether fields are readonly or editable
+        self.assertContains(response, "id_agency")
+        self.assertContains(response, "id_federal_type")
+        self.assertContains(response, "id_acronym")
+        self.assertContains(response, "id_is_fceb")
+        self.assertNotContains(response, "closelink")
+        self.assertContains(response, "Save")
+        self.assertContains(response, "Delete")
+
+    @less_console_noise_decorator
+    def test_omb_analyst_change(self):
+        """Ensure OMB analysts can change FEB agencies but not others."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_federalagency_change", args=[self.non_feb_agency.id]))
+        self.assertEqual(response.status_code, 302)
+        response = self.client.get(reverse("admin:registrar_federalagency_change", args=[self.feb_agency.id]))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.feb_agency.agency)
+        # test whether fields are readonly or editable
+        self.assertNotContains(response, "id_agency")
+        self.assertNotContains(response, "id_federal_type")
+        self.assertNotContains(response, "id_acronym")
+        self.assertNotContains(response, "id_is_fceb")
+        self.assertNotContains(response, "closelink")
+        self.assertContains(response, "Save")
+        self.assertContains(response, "Delete")
+
+    @less_console_noise_decorator
+    def test_superuser_change(self):
+        """Ensure superusers can change all federal agencies."""
+        self.client.force_login(self.superuser)
+        response = self.client.get(reverse("admin:registrar_federalagency_change", args=[self.non_feb_agency.id]))
+        self.assertEqual(response.status_code, 200)
+        response = self.client.get(reverse("admin:registrar_federalagency_change", args=[self.feb_agency.id]))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.feb_agency.agency)
+        # test whether fields are readonly or editable
+        self.assertContains(response, "id_agency")
+        self.assertContains(response, "id_federal_type")
+        self.assertContains(response, "id_acronym")
+        self.assertContains(response, "id_is_fceb")
+        self.assertNotContains(response, "closelink")
+        self.assertContains(response, "Save")
+        self.assertContains(response, "Delete")
+
+    @less_console_noise_decorator
+    def test_omb_analyst_filter_feb_agencies(self):
+        """Ensure OMB analysts can apply filters and only federal agencies show."""
+        self.client.force_login(self.omb_analyst)
+        # in setup, created two agencies: Fake judicial agency and Fake executive agency
+        # only executive agency should show up with the search for 'fake'
+        response = self.client.get(
+            reverse("admin:registrar_federalagency_changelist"),
+            data = {"q": "fake"},
+        )
+        self.assertNotContains(response, self.non_feb_agency.agency)
+        self.assertContains(response, self.feb_agency.agency)
+
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""

From 8aff93c2f2009a9d342ed542eb63e7430db6d719 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sat, 8 Mar 2025 08:52:57 -0500
Subject: [PATCH 034/285] TransitionDomain UserGroup PublicContact Admin tests

---
 src/registrar/tests/test_admin.py | 50 +++++++++++++++++++------------
 1 file changed, 31 insertions(+), 19 deletions(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 8a79ccba5..ced19b5b7 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -3849,7 +3849,7 @@ class TestFederalAgencyAdmin(TestCase):
         # only executive agency should show up with the search for 'fake'
         response = self.client.get(
             reverse("admin:registrar_federalagency_changelist"),
-            data = {"q": "fake"},
+            data={"q": "fake"},
         )
         self.assertNotContains(response, self.non_feb_agency.agency)
         self.assertContains(response, self.feb_agency.agency)
@@ -3871,11 +3871,12 @@ class TestFederalAgencyAdmin(TestCase):
         self.assertContains(response, "Show more")
 
 
-class TestPublicContact(TestCase):
+class TestPublicContactAdmin(TestCase):
     def setUp(self):
         super().setUp()
         self.site = AdminSite()
         self.superuser = create_superuser()
+        self.omb_analyst = create_omb_analyst_user()
         self.admin = PublicContactAdmin(model=PublicContact, admin_site=self.site)
         self.factory = RequestFactory()
         self.client = Client(HTTP_HOST="localhost:8080")
@@ -3886,16 +3887,19 @@ class TestPublicContact(TestCase):
         PublicContact.objects.all().delete()
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts cannot view public contact list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_publiccontact_changelist"))
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""
         p = "adminpass"
         self.client.login(username="superuser", password=p)
-        response = self.client.get(
-            "/admin/registrar/publiccontact/",
-            follow=True,
-        )
-
+        response = self.client.get(reverse("admin:registrar_publiccontact_changelist"))
         # Make sure that the page is loaded correctly
         self.assertEqual(response.status_code, 200)
 
@@ -3904,11 +3908,12 @@ class TestPublicContact(TestCase):
         self.assertContains(response, "Show more")
 
 
-class TestTransitionDomain(TestCase):
+class TestTransitionDomainAdmin(TestCase):
     def setUp(self):
         super().setUp()
         self.site = AdminSite()
         self.superuser = create_superuser()
+        self.omb_analyst = create_omb_analyst_user()
         self.admin = TransitionDomainAdmin(model=TransitionDomain, admin_site=self.site)
         self.factory = RequestFactory()
         self.client = Client(HTTP_HOST="localhost:8080")
@@ -3919,15 +3924,18 @@ class TestTransitionDomain(TestCase):
         PublicContact.objects.all().delete()
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts cannot view transition domain list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_transitiondomain_changelist"))
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""
         self.client.force_login(self.superuser)
-        response = self.client.get(
-            "/admin/registrar/transitiondomain/",
-            follow=True,
-        )
-
+        response = self.client.get(reverse("admin:registrar_transitiondomain_changelist"))
         # Make sure that the page is loaded correctly
         self.assertEqual(response.status_code, 200)
 
@@ -3936,11 +3944,12 @@ class TestTransitionDomain(TestCase):
         self.assertContains(response, "Show more")
 
 
-class TestUserGroup(TestCase):
+class TestUserGroupAdmin(TestCase):
     def setUp(self):
         super().setUp()
         self.site = AdminSite()
         self.superuser = create_superuser()
+        self.omb_analyst = create_omb_analyst_user()
         self.admin = UserGroupAdmin(model=UserGroup, admin_site=self.site)
         self.factory = RequestFactory()
         self.client = Client(HTTP_HOST="localhost:8080")
@@ -3950,15 +3959,18 @@ class TestUserGroup(TestCase):
         super().tearDown()
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts cannot view user group list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_usergroup_changelist"))
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_has_model_description(self):
         """Tests if this model has a model description on the table view"""
         self.client.force_login(self.superuser)
-        response = self.client.get(
-            "/admin/registrar/usergroup/",
-            follow=True,
-        )
-
+        response = self.client.get(reverse("admin:registrar_usergroup_changelist"))
         # Make sure that the page is loaded correctly
         self.assertEqual(response.status_code, 200)
 

From 0708d54c48fa46f83ccfdf9acccdf99dc34203c3 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sat, 8 Mar 2025 09:52:36 -0500
Subject: [PATCH 035/285] Portfolio Admin tests

---
 src/registrar/tests/test_admin.py | 123 +++++++++++++++++++++++++++++-
 1 file changed, 122 insertions(+), 1 deletion(-)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index ced19b5b7..abf151184 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -3987,12 +3987,23 @@ class TestPortfolioAdmin(TestCase):
         super().setUpClass()
         cls.site = AdminSite()
         cls.superuser = create_superuser()
+        cls.staffuser = create_user()
+        cls.omb_analyst = create_omb_analyst_user()
         cls.admin = PortfolioAdmin(model=Portfolio, admin_site=cls.site)
         cls.factory = RequestFactory()
 
     def setUp(self):
         self.client = Client(HTTP_HOST="localhost:8080")
-        self.portfolio = Portfolio.objects.create(organization_name="Test Portfolio", creator=self.superuser)
+        self.portfolio = Portfolio.objects.create(organization_name="Test portfolio", creator=self.superuser)
+        self.feb_agency = FederalAgency.objects.create(
+            agency="Test FedExec Agency", federal_type=BranchChoices.EXECUTIVE
+        )
+        self.feb_portfolio = Portfolio.objects.create(
+            organization_name="Test FEB portfolio",
+            creator=self.superuser,
+            federal_agency=self.feb_agency,
+            organization_type=DomainRequest.OrganizationChoices.FEDERAL,
+        )
 
     def tearDown(self):
         Suborganization.objects.all().delete()
@@ -4000,8 +4011,118 @@ class TestPortfolioAdmin(TestCase):
         DomainRequest.objects.all().delete()
         Domain.objects.all().delete()
         Portfolio.objects.all().delete()
+        self.feb_agency.delete()
         User.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_analyst_view(self):
+        """Ensure regular analysts can view portfolios."""
+        self.client.force_login(self.staffuser)
+        response = self.client.get(reverse("admin:registrar_portfolio_changelist"))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.portfolio.organization_name)
+        self.assertContains(response, self.feb_portfolio.organization_name)
+
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts can view FEB portfolios but not others."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_portfolio_changelist"))
+        self.assertEqual(response.status_code, 200)
+        self.assertNotContains(response, self.portfolio.organization_name)
+        self.assertContains(response, self.feb_portfolio.organization_name)
+
+    @less_console_noise_decorator
+    def test_superuser_view(self):
+        """Ensure superusers can view portfolios."""
+        self.client.force_login(self.superuser)
+        response = self.client.get(reverse("admin:registrar_portfolio_changelist"))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.portfolio.organization_name)
+        self.assertContains(response, self.feb_portfolio.organization_name)
+
+    @less_console_noise_decorator
+    def test_analyst_change(self):
+        """Ensure regular analysts can view/edit portfolios."""
+        self.client.force_login(self.staffuser)
+        response = self.client.get(reverse("admin:registrar_portfolio_change", args=[self.portfolio.id]))
+        self.assertEqual(response.status_code, 200)
+        response = self.client.get(reverse("admin:registrar_portfolio_change", args=[self.feb_portfolio.id]))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.feb_portfolio.organization_name)
+        # test whether fields are readonly or editable
+        self.assertContains(response, "id_organization_name")
+        self.assertContains(response, "id_notes")
+        self.assertContains(response, "id_organization_type")
+        self.assertContains(response, "id_state_territory")
+        self.assertContains(response, "id_address_line1")
+        self.assertContains(response, "id_address_line2")
+        self.assertContains(response, "id_city")
+        self.assertContains(response, "id_zipcode")
+        self.assertContains(response, "id_urbanization")
+        self.assertNotContains(response, "closelink")
+        self.assertContains(response, "Save")
+        self.assertContains(response, "Delete")
+
+    @less_console_noise_decorator
+    def test_omb_analyst_change(self):
+        """Ensure OMB analysts can change FEB portfolios but not others."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_portfolio_change", args=[self.portfolio.id]))
+        self.assertEqual(response.status_code, 302)
+        response = self.client.get(reverse("admin:registrar_portfolio_change", args=[self.feb_portfolio.id]))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.feb_portfolio.organization_name)
+        # test whether fields are readonly or editable
+        self.assertNotContains(response, "id_organization_name")
+        self.assertNotContains(response, "id_notes")
+        self.assertNotContains(response, "id_organization_type")
+        self.assertNotContains(response, "id_state_territory")
+        self.assertNotContains(response, "id_address_line1")
+        self.assertNotContains(response, "id_address_line2")
+        self.assertNotContains(response, "id_city")
+        self.assertNotContains(response, "id_zipcode")
+        self.assertNotContains(response, "id_urbanization")
+        self.assertNotContains(response, "closelink")
+        self.assertContains(response, "Save")
+        self.assertNotContains(response, "Delete")
+
+    @less_console_noise_decorator
+    def test_superuser_change(self):
+        """Ensure superusers can change all portfolios."""
+        self.client.force_login(self.superuser)
+        response = self.client.get(reverse("admin:registrar_portfolio_change", args=[self.portfolio.id]))
+        self.assertEqual(response.status_code, 200)
+        response = self.client.get(reverse("admin:registrar_portfolio_change", args=[self.feb_portfolio.id]))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.feb_portfolio.organization_name)
+        # test whether fields are readonly or editable
+        self.assertContains(response, "id_organization_name")
+        self.assertContains(response, "id_notes")
+        self.assertContains(response, "id_organization_type")
+        self.assertContains(response, "id_state_territory")
+        self.assertContains(response, "id_address_line1")
+        self.assertContains(response, "id_address_line2")
+        self.assertContains(response, "id_city")
+        self.assertContains(response, "id_zipcode")
+        self.assertContains(response, "id_urbanization")
+        self.assertNotContains(response, "closelink")
+        self.assertContains(response, "Save")
+        self.assertContains(response, "Delete")
+
+    @less_console_noise_decorator
+    def test_omb_analyst_filter_feb_portfolios(self):
+        """Ensure OMB analysts can apply filters and only feb portfolios show."""
+        self.client.force_login(self.omb_analyst)
+        # in setup, created two portfolios: Test portfolio and Test FEB portfolio
+        # only executive portfolio should show up with the search for 'portfolio'
+        response = self.client.get(
+            reverse("admin:registrar_portfolio_changelist"),
+            data={"q": "test"},
+        )
+        self.assertNotContains(response, self.portfolio.organization_name)
+        self.assertContains(response, self.feb_portfolio.organization_name)
+
     @less_console_noise_decorator
     def test_created_on_display(self):
         """Tests the custom created on which is a reskin of the created_at field"""

From b474e0eb6b6a2ca2fcb3abd99c17af2a5574504e Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sat, 8 Mar 2025 09:57:53 -0500
Subject: [PATCH 036/285] Transfer User tests

---
 src/registrar/tests/test_admin.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index abf151184..e89a6352c 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -4310,6 +4310,7 @@ class TestTransferUser(WebTest):
         super().setUpClass()
         cls.site = AdminSite()
         cls.superuser = create_superuser()
+        cls.omb_analyst = create_omb_analyst_user()
         cls.admin = PortfolioAdmin(model=Portfolio, admin_site=cls.site)
         cls.factory = RequestFactory()
 
@@ -4330,6 +4331,13 @@ class TestTransferUser(WebTest):
         Portfolio.objects.all().delete()
         UserDomainRole.objects.all().delete()
 
+    @less_console_noise_decorator
+    def test_omb_analyst(self):
+        """Ensure OMB analysts cannot view transfer_user."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("transfer_user", args=[self.user1.pk]))
+        self.assertEqual(response.status_code, 403)
+
     @less_console_noise_decorator
     def test_transfer_user_shows_current_and_selected_user_information(self):
         """Assert we pull the current user info and display it on the transfer page"""

From 6702dca37dc7e8861ad5596f601738666a9ec4e5 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sun, 9 Mar 2025 10:39:49 -0400
Subject: [PATCH 037/285] wip

---
 src/registrar/admin.py                   | 18 +++++++
 src/registrar/tests/test_admin_domain.py | 64 ++++++++++++++++++++++++
 2 files changed, 82 insertions(+)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index c72c5271a..532b0b615 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -412,6 +412,17 @@ class DomainInformationAdminForm(forms.ModelForm):
 class DomainInformationInlineForm(forms.ModelForm):
     """This form utilizes the custom widget for its class's ManyToMany UIs."""
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        # for OMB analysts, limit portfolio dropdown to FEB portfolios
+        user = self.request.user if hasattr(self, 'request') else None
+        if user and user.groups.filter(name="omb_analysts_group").exists():
+            self.fields["portfolio"].queryset = models.Portfolio.objects.filter(
+                Q(organization_type=DomainRequest.OrganizationChoices.FEDERAL) &
+                Q(federal_agency__federal_type=BranchChoices.EXECUTIVE)
+            )
+    
     class Meta:
         model = models.DomainInformation
         fields = "__all__"
@@ -2980,6 +2991,7 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         "rejection_reason_email",
         "action_needed_reason",
         "action_needed_reason_email",
+        "portfolio",
     ]
 
     autocomplete_fields = [
@@ -3753,6 +3765,12 @@ class DomainInformationInline(admin.StackedInline):
         form.is_omb_analyst = self.is_omb_analyst
 
         return form
+    
+    def get_formset(self, request, obj=None, **kwargs):
+        """Attach request to the formset so that it can be available in the form"""
+        formset = super().get_formset(request, obj, **kwargs)
+        formset.form.request = request  # Attach request to form
+        return formset
 
 
 class DomainResource(FsmModelResource):
diff --git a/src/registrar/tests/test_admin_domain.py b/src/registrar/tests/test_admin_domain.py
index 969d043d7..2122c576f 100644
--- a/src/registrar/tests/test_admin_domain.py
+++ b/src/registrar/tests/test_admin_domain.py
@@ -17,14 +17,17 @@ from registrar.models import (
     Host,
     Portfolio,
 )
+from registrar.models.federal_agency import FederalAgency
 from registrar.models.public_contact import PublicContact
 from registrar.models.user_domain_role import UserDomainRole
+from registrar.utility.constants import BranchChoices
 from .common import (
     MockSESClient,
     completed_domain_request,
     less_console_noise,
     create_superuser,
     create_user,
+    create_omb_analyst_user,
     create_ready_domain,
     MockEppLib,
     GenericTestHelper,
@@ -49,6 +52,7 @@ class TestDomainAdminAsStaff(MockEppLib):
     def setUpClass(self):
         super().setUpClass()
         self.staffuser = create_user()
+        self.omb_analyst = create_omb_analyst_user()
         self.site = AdminSite()
         self.admin = DomainAdmin(model=Domain, admin_site=self.site)
         self.factory = RequestFactory()
@@ -56,6 +60,24 @@ class TestDomainAdminAsStaff(MockEppLib):
     def setUp(self):
         self.client = Client(HTTP_HOST="localhost:8080")
         self.client.force_login(self.staffuser)
+        self.nonfebdomain = Domain.objects.create(name="nonfebexample.com")
+        self.febdomain = Domain.objects.create(name="febexample.com", state=Domain.State.READY)
+        self.fed_agency = FederalAgency.objects.create(
+            agency="New FedExec Agency", federal_type=BranchChoices.EXECUTIVE
+        )
+        self.portfolio = Portfolio.objects.create(
+            organization_name="new portfolio",
+            organization_type=DomainRequest.OrganizationChoices.FEDERAL,
+            federal_agency=self.fed_agency,
+            creator=self.staffuser,
+        )
+        self.domain_info = DomainInformation.objects.create(
+            domain=self.febdomain, portfolio=self.portfolio, creator=self.staffuser
+        )
+        self.nonfebportfolio = Portfolio.objects.create(
+            organization_name="non feb portfolio",
+            creator=self.staffuser,
+        )
         super().setUp()
 
     def tearDown(self):
@@ -65,12 +87,54 @@ class TestDomainAdminAsStaff(MockEppLib):
         Domain.objects.all().delete()
         DomainInformation.objects.all().delete()
         DomainRequest.objects.all().delete()
+        Portfolio.objects.all().delete()
+        self.fed_agency.delete()
 
     @classmethod
     def tearDownClass(self):
         User.objects.all().delete()
         super().tearDownClass()
 
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts can view domain list."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_domain_changelist"))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.febdomain.name)
+        self.assertNotContains(response, self.nonfebdomain.name)
+        self.assertNotContains(response, "Import")
+        self.assertNotContains(response, "Export")
+
+    @less_console_noise_decorator
+    def test_omb_analyst_change(self):
+        """Ensure OMB analysts can view/edit federal executive branch domains."""
+        self.client.force_login(self.omb_analyst)
+        response = self.client.get(reverse("admin:registrar_domain_change", args=[self.nonfebdomain.id]))
+        self.assertEqual(response.status_code, 302)
+        response = self.client.get(reverse("admin:registrar_domain_change", args=[self.febdomain.id]))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.febdomain.name)
+        # test portfolio dropdown
+        self.assertContains(response, self.portfolio.organization_name)
+        self.assertNotContains(response, self.nonfebportfolio.organization_name)
+        # test buttons
+        self.assertNotContains(response, "Manage domain")
+        self.assertNotContains(response, "Get registry status")
+        self.assertNotContains(response, "Extend expiration date")
+        self.assertNotContains(response, "Remove from registry")
+        self.assertContains(response, "Place hold")
+        self.assertContains(response, "Save")
+        self.assertNotContains(response, ">Delete<")
+        # test whether fields are readonly or editable
+        self.assertContains(response, "id_domain_info-0-portfolio")
+        self.assertContains(response, "id_domain_info-0-sub_organization")
+        self.assertNotContains(response, "id_domain_info-0-creator")
+        # self.assertNotContains(response, "id_email")
+        # self.assertContains(response, "closelink")
+        # self.assertNotContains(response, "Save")
+        # self.assertNotContains(response, "Delete")
+    
     @less_console_noise_decorator
     def test_staff_can_see_cisa_region_federal(self):
         """Tests if staff can see CISA Region: N/A"""

From bb913a937248c77c3dc39e54a683db5863b26c3e Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sun, 9 Mar 2025 19:21:09 -0400
Subject: [PATCH 038/285] fixed some fields that should have been readonly in
 Domains and Domain Requests

---
 src/registrar/admin.py                   | 61 +++++++++++++---
 src/registrar/tests/test_admin_domain.py | 91 ++++++++++++++++++++++--
 2 files changed, 136 insertions(+), 16 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 532b0b615..59d46eb55 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -411,17 +411,6 @@ class DomainInformationAdminForm(forms.ModelForm):
 
 class DomainInformationInlineForm(forms.ModelForm):
     """This form utilizes the custom widget for its class's ManyToMany UIs."""
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-
-        # for OMB analysts, limit portfolio dropdown to FEB portfolios
-        user = self.request.user if hasattr(self, 'request') else None
-        if user and user.groups.filter(name="omb_analysts_group").exists():
-            self.fields["portfolio"].queryset = models.Portfolio.objects.filter(
-                Q(organization_type=DomainRequest.OrganizationChoices.FEDERAL) &
-                Q(federal_agency__federal_type=BranchChoices.EXECUTIVE)
-            )
     
     class Meta:
         model = models.DomainInformation
@@ -2343,6 +2332,47 @@ class DomainInformationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         "is_policy_acknowledged",
     ]
 
+    # Read only that we'll leverage for OMB Analysts
+    omb_analyst_readonly_fields = [
+        "federal_agency",
+        "creator",
+        "about_your_organization",
+        "anything_else",
+        "cisa_representative_first_name",
+        "cisa_representative_last_name",
+        "cisa_representative_email",
+        "domain_request",
+        "notes",
+        "senior_official",
+        "organization_type",
+        "organization_name",
+        "state_territory",
+        "address_line1",
+        "address_line2",
+        "city",
+        "zipcode",
+        "urbanization",
+        "portfolio_organization_type",
+        "portfolio_federal_type",
+        "portfolio_organization_name",
+        "portfolio_federal_agency",
+        "portfolio_state_territory",
+        "portfolio_address_line1",
+        "portfolio_address_line2",
+        "portfolio_city",
+        "portfolio_zipcode",
+        "portfolio_urbanization",
+        "organization_type",
+        "federal_type",
+        "federal_agency",
+        "tribe_name",
+        "federally_recognized_tribe",
+        "state_recognized_tribe",
+        "about_your_organization",
+        "portfolio",
+        "sub_organization",
+    ]
+
     # For each filter_horizontal, init in admin js initFilterHorizontalWidget
     # to activate the edit/delete/view buttons
     filter_horizontal = ("other_contacts",)
@@ -2371,6 +2401,10 @@ class DomainInformationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
 
         if request.user.has_perm("registrar.full_access_permission"):
             return readonly_fields
+        # Return restrictive Read-only fields for OMB analysts
+        if request.user.groups.filter(name="omb_analysts_group").exists():
+            readonly_fields.extend([field for field in self.omb_analyst_readonly_fields])
+            return readonly_fields
         # Return restrictive Read-only fields for analysts and
         # users who might not belong to groups
         readonly_fields.extend([field for field in self.analyst_readonly_fields])
@@ -2992,6 +3026,10 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         "action_needed_reason",
         "action_needed_reason_email",
         "portfolio",
+        "sub_organization",
+        "requested_suborganization",
+        "suborganization_city",
+        "suborganization_state_territory",
     ]
 
     autocomplete_fields = [
@@ -3619,6 +3657,7 @@ class DomainInformationInline(admin.StackedInline):
     fieldsets = copy.deepcopy(list(DomainInformationAdmin.fieldsets))
     readonly_fields = copy.deepcopy(DomainInformationAdmin.readonly_fields)
     analyst_readonly_fields = copy.deepcopy(DomainInformationAdmin.analyst_readonly_fields)
+    omb_analyst_readonly_fields = copy.deepcopy(DomainInformationAdmin.omb_analyst_readonly_fields)
     autocomplete_fields = copy.deepcopy(DomainInformationAdmin.autocomplete_fields)
 
     def get_domain_managers(self, obj):
diff --git a/src/registrar/tests/test_admin_domain.py b/src/registrar/tests/test_admin_domain.py
index 2122c576f..6a65f5f5e 100644
--- a/src/registrar/tests/test_admin_domain.py
+++ b/src/registrar/tests/test_admin_domain.py
@@ -51,6 +51,7 @@ class TestDomainAdminAsStaff(MockEppLib):
     @classmethod
     def setUpClass(self):
         super().setUpClass()
+        self.superuser = create_superuser()
         self.staffuser = create_user()
         self.omb_analyst = create_omb_analyst_user()
         self.site = AdminSite()
@@ -127,13 +128,93 @@ class TestDomainAdminAsStaff(MockEppLib):
         self.assertContains(response, "Save")
         self.assertNotContains(response, ">Delete<")
         # test whether fields are readonly or editable
+        self.assertNotContains(response, "id_domain_info-0-portfolio")
+        self.assertNotContains(response, "id_domain_info-0-sub_organization")
+        self.assertNotContains(response, "id_domain_info-0-creator")
+        self.assertNotContains(response, "id_domain_info-0-federal_agency")
+        self.assertNotContains(response, "id_domain_info-0-about_your_organization")
+        self.assertNotContains(response, "id_domain_info-0-anything_else")
+        self.assertNotContains(response, "id_domain_info-0-cisa_representative_first_name")
+        self.assertNotContains(response, "id_domain_info-0-cisa_representative_last_name")
+        self.assertNotContains(response, "id_domain_info-0-cisa_representative_email")
+        self.assertNotContains(response, "id_domain_info-0-domain_request")
+        self.assertNotContains(response, "id_domain_info-0-notes")
+        self.assertNotContains(response, "id_domain_info-0-senior_official")
+        self.assertNotContains(response, "id_domain_info-0-organization_type")
+        self.assertNotContains(response, "id_domain_info-0-state_territory")
+        self.assertNotContains(response, "id_domain_info-0-address_line1")        
+        self.assertNotContains(response, "id_domain_info-0-address_line2")
+        self.assertNotContains(response, "id_domain_info-0-city")        
+        self.assertNotContains(response, "id_domain_info-0-zipcode")
+        self.assertNotContains(response, "id_domain_info-0-urbanization")
+        self.assertNotContains(response, "id_domain_info-0-portfolio_organization_type")
+        self.assertNotContains(response, "id_domain_info-0-portfolio_federal_type")
+        self.assertNotContains(response, "id_domain_info-0-portfolio_organization_name")
+        self.assertNotContains(response, "id_domain_info-0-portfolio_federal_agency")
+        self.assertNotContains(response, "id_domain_info-0-portfolio_state_territory")
+        self.assertNotContains(response, "id_domain_info-0-portfolio_address_line1")
+        self.assertNotContains(response, "id_domain_info-0-portfolio_address_line2")
+        self.assertNotContains(response, "id_domain_info-0-portfolio_city")
+        self.assertNotContains(response, "id_domain_info-0-portfolio_zipcode")
+        self.assertNotContains(response, "id_domain_info-0-portfolio_urbanization")
+        self.assertNotContains(response, "id_domain_info-0-organization_type")
+        self.assertNotContains(response, "id_domain_info-0-federal_type")
+        self.assertNotContains(response, "id_domain_info-0-federal_agency")
+        self.assertNotContains(response, "id_domain_info-0-tribe_name")
+        self.assertNotContains(response, "id_domain_info-0-federally_recognized_tribe")
+        self.assertNotContains(response, "id_domain_info-0-state_recognized_tribe")
+        self.assertNotContains(response, "id_domain_info-0-about_your_organization")
+        self.assertNotContains(response, "id_domain_info-0-portfolio")
+        self.assertNotContains(response, "id_domain_info-0-sub_organization")
+    
+    @less_console_noise_decorator
+    def test_superuser_change(self):
+        """Ensure super user can view/edit all domains."""
+        self.client.force_login(self.superuser)
+        response = self.client.get(reverse("admin:registrar_domain_change", args=[self.nonfebdomain.id]))
+        self.assertEqual(response.status_code, 200)
+        response = self.client.get(reverse("admin:registrar_domain_change", args=[self.febdomain.id]))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.febdomain.name)
+        # test portfolio dropdown
+        self.assertContains(response, self.portfolio.organization_name)
+        # test buttons
+        self.assertContains(response, "Manage domain")
+        self.assertContains(response, "Get registry status")
+        self.assertContains(response, "Extend expiration date")
+        self.assertContains(response, "Remove from registry")
+        self.assertContains(response, "Place hold")
+        self.assertContains(response, "Save")
+        self.assertContains(response, ">Delete<")
+        # test whether fields are readonly or editable
+        self.assertContains(response, "id_domain_info-0-portfolio")
+        self.assertContains(response, "id_domain_info-0-sub_organization")
+        self.assertContains(response, "id_domain_info-0-creator")
+        self.assertContains(response, "id_domain_info-0-federal_agency")
+        self.assertContains(response, "id_domain_info-0-about_your_organization")
+        self.assertContains(response, "id_domain_info-0-anything_else")
+        self.assertContains(response, "id_domain_info-0-cisa_representative_first_name")
+        self.assertContains(response, "id_domain_info-0-cisa_representative_last_name")
+        self.assertContains(response, "id_domain_info-0-cisa_representative_email")
+        self.assertContains(response, "id_domain_info-0-domain_request")
+        self.assertContains(response, "id_domain_info-0-notes")
+        self.assertContains(response, "id_domain_info-0-senior_official")
+        self.assertContains(response, "id_domain_info-0-organization_type")
+        self.assertContains(response, "id_domain_info-0-state_territory")
+        self.assertContains(response, "id_domain_info-0-address_line1")        
+        self.assertContains(response, "id_domain_info-0-address_line2")
+        self.assertContains(response, "id_domain_info-0-city")        
+        self.assertContains(response, "id_domain_info-0-zipcode")
+        self.assertContains(response, "id_domain_info-0-urbanization")
+        self.assertContains(response, "id_domain_info-0-organization_type")
+        self.assertContains(response, "id_domain_info-0-federal_type")
+        self.assertContains(response, "id_domain_info-0-federal_agency")
+        self.assertContains(response, "id_domain_info-0-tribe_name")
+        self.assertContains(response, "id_domain_info-0-federally_recognized_tribe")
+        self.assertContains(response, "id_domain_info-0-state_recognized_tribe")
+        self.assertContains(response, "id_domain_info-0-about_your_organization")
         self.assertContains(response, "id_domain_info-0-portfolio")
         self.assertContains(response, "id_domain_info-0-sub_organization")
-        self.assertNotContains(response, "id_domain_info-0-creator")
-        # self.assertNotContains(response, "id_email")
-        # self.assertContains(response, "closelink")
-        # self.assertNotContains(response, "Save")
-        # self.assertNotContains(response, "Delete")
     
     @less_console_noise_decorator
     def test_staff_can_see_cisa_region_federal(self):

From 8aeeb3c9e35c8d98e6029caf18908ffb832433f7 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sun, 9 Mar 2025 19:27:43 -0400
Subject: [PATCH 039/285] lint

---
 src/registrar/admin.py                   |  4 ++--
 src/registrar/tests/test_admin_domain.py | 12 ++++++------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 59d46eb55..a5ab53071 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -411,7 +411,7 @@ class DomainInformationAdminForm(forms.ModelForm):
 
 class DomainInformationInlineForm(forms.ModelForm):
     """This form utilizes the custom widget for its class's ManyToMany UIs."""
-    
+
     class Meta:
         model = models.DomainInformation
         fields = "__all__"
@@ -3804,7 +3804,7 @@ class DomainInformationInline(admin.StackedInline):
         form.is_omb_analyst = self.is_omb_analyst
 
         return form
-    
+
     def get_formset(self, request, obj=None, **kwargs):
         """Attach request to the formset so that it can be available in the form"""
         formset = super().get_formset(request, obj, **kwargs)
diff --git a/src/registrar/tests/test_admin_domain.py b/src/registrar/tests/test_admin_domain.py
index 6a65f5f5e..ab32f7c2a 100644
--- a/src/registrar/tests/test_admin_domain.py
+++ b/src/registrar/tests/test_admin_domain.py
@@ -142,9 +142,9 @@ class TestDomainAdminAsStaff(MockEppLib):
         self.assertNotContains(response, "id_domain_info-0-senior_official")
         self.assertNotContains(response, "id_domain_info-0-organization_type")
         self.assertNotContains(response, "id_domain_info-0-state_territory")
-        self.assertNotContains(response, "id_domain_info-0-address_line1")        
+        self.assertNotContains(response, "id_domain_info-0-address_line1")
         self.assertNotContains(response, "id_domain_info-0-address_line2")
-        self.assertNotContains(response, "id_domain_info-0-city")        
+        self.assertNotContains(response, "id_domain_info-0-city")
         self.assertNotContains(response, "id_domain_info-0-zipcode")
         self.assertNotContains(response, "id_domain_info-0-urbanization")
         self.assertNotContains(response, "id_domain_info-0-portfolio_organization_type")
@@ -166,7 +166,7 @@ class TestDomainAdminAsStaff(MockEppLib):
         self.assertNotContains(response, "id_domain_info-0-about_your_organization")
         self.assertNotContains(response, "id_domain_info-0-portfolio")
         self.assertNotContains(response, "id_domain_info-0-sub_organization")
-    
+
     @less_console_noise_decorator
     def test_superuser_change(self):
         """Ensure super user can view/edit all domains."""
@@ -201,9 +201,9 @@ class TestDomainAdminAsStaff(MockEppLib):
         self.assertContains(response, "id_domain_info-0-senior_official")
         self.assertContains(response, "id_domain_info-0-organization_type")
         self.assertContains(response, "id_domain_info-0-state_territory")
-        self.assertContains(response, "id_domain_info-0-address_line1")        
+        self.assertContains(response, "id_domain_info-0-address_line1")
         self.assertContains(response, "id_domain_info-0-address_line2")
-        self.assertContains(response, "id_domain_info-0-city")        
+        self.assertContains(response, "id_domain_info-0-city")
         self.assertContains(response, "id_domain_info-0-zipcode")
         self.assertContains(response, "id_domain_info-0-urbanization")
         self.assertContains(response, "id_domain_info-0-organization_type")
@@ -215,7 +215,7 @@ class TestDomainAdminAsStaff(MockEppLib):
         self.assertContains(response, "id_domain_info-0-about_your_organization")
         self.assertContains(response, "id_domain_info-0-portfolio")
         self.assertContains(response, "id_domain_info-0-sub_organization")
-    
+
     @less_console_noise_decorator
     def test_staff_can_see_cisa_region_federal(self):
         """Tests if staff can see CISA Region: N/A"""

From 64de8302545dc6dbb2ea6ccab4384cb0d26e8e28 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 10 Mar 2025 06:02:15 -0400
Subject: [PATCH 040/285] update tests for admin domain requests

---
 src/registrar/tests/test_admin_request.py | 156 ++++++++++++++++++++++
 1 file changed, 156 insertions(+)

diff --git a/src/registrar/tests/test_admin_request.py b/src/registrar/tests/test_admin_request.py
index 968de0d65..e1e6f45d3 100644
--- a/src/registrar/tests/test_admin_request.py
+++ b/src/registrar/tests/test_admin_request.py
@@ -1,6 +1,8 @@
 from datetime import datetime
 from django.forms import ValidationError
 from django.utils import timezone
+from registrar.models.federal_agency import FederalAgency
+from registrar.utility.constants import BranchChoices
 from waffle.testutils import override_flag
 import re
 from django.test import RequestFactory, Client, TestCase, override_settings
@@ -37,6 +39,7 @@ from .common import (
     less_console_noise,
     create_superuser,
     create_user,
+    create_omb_analyst_user,
     multiple_unalphabetical_domain_objects,
     MockEppLib,
     GenericTestHelper,
@@ -68,6 +71,7 @@ class TestDomainRequestAdmin(MockEppLib):
         self.admin = DomainRequestAdmin(model=DomainRequest, admin_site=self.site)
         self.superuser = create_superuser()
         self.staffuser = create_user()
+        self.ombanalyst = create_omb_analyst_user()
         self.client = Client(HTTP_HOST="localhost:8080")
         self.test_helper = GenericTestHelper(
             factory=self.factory,
@@ -80,6 +84,12 @@ class TestDomainRequestAdmin(MockEppLib):
         allowed_emails = [AllowedEmail(email="mayor@igorville.gov"), AllowedEmail(email="help@get.gov")]
         AllowedEmail.objects.bulk_create(allowed_emails)
 
+    def setUp(self):
+        super().setUp()
+        self.fed_agency = FederalAgency.objects.create(
+            agency="New FedExec Agency", federal_type=BranchChoices.EXECUTIVE
+        )
+
     def tearDown(self):
         super().tearDown()
         Host.objects.all().delete()
@@ -92,6 +102,7 @@ class TestDomainRequestAdmin(MockEppLib):
         SeniorOfficial.objects.all().delete()
         Suborganization.objects.all().delete()
         Portfolio.objects.all().delete()
+        self.fed_agency.delete()
         self.mock_client.EMAILS_SENT.clear()
 
     @classmethod
@@ -100,6 +111,71 @@ class TestDomainRequestAdmin(MockEppLib):
         User.objects.all().delete()
         AllowedEmail.objects.all().delete()
 
+    @override_flag("organization_feature", active=True)
+    @less_console_noise_decorator
+    def test_omb_analyst_view(self):
+        """Ensure OMB analysts can view domain request list."""
+        febportfolio = Portfolio.objects.create(
+            organization_name="new portfolio",
+            organization_type=DomainRequest.OrganizationChoices.FEDERAL,
+            federal_agency=self.fed_agency,
+            creator=self.ombanalyst,
+        )
+        nonfebportfolio = Portfolio.objects.create(
+            organization_name="non feb portfolio",
+            creator=self.ombanalyst,
+        )
+        nonfebdomainrequest = completed_domain_request(
+            name="test1234nonfeb.gov",
+            portfolio=nonfebportfolio,
+            status=DomainRequest.DomainRequestStatus.SUBMITTED,
+        )
+        febdomainrequest = completed_domain_request(
+            name="test1234feb.gov",
+            portfolio=febportfolio,
+            status=DomainRequest.DomainRequestStatus.SUBMITTED,
+        )
+        self.client.force_login(self.ombanalyst)
+        response = self.client.get(reverse("admin:registrar_domainrequest_changelist"))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, febdomainrequest.requested_domain.name)
+        self.assertNotContains(response, nonfebdomainrequest.requested_domain.name)
+        self.assertNotContains(response, ">Import<")
+        self.assertNotContains(response, ">Export<")
+
+    @less_console_noise_decorator
+    def test_omb_analyst_change(self):
+        """Ensure OMB analysts can view/edit federal executive branch domain requests."""
+        self.client.force_login(self.ombanalyst)
+        febportfolio = Portfolio.objects.create(
+            organization_name="new portfolio",
+            organization_type=DomainRequest.OrganizationChoices.FEDERAL,
+            federal_agency=self.fed_agency,
+            creator=self.ombanalyst,
+        )
+        nonfebportfolio = Portfolio.objects.create(
+            organization_name="non feb portfolio",
+            creator=self.ombanalyst,
+        )
+        nonfebdomainrequest = completed_domain_request(
+            name="test1234nonfeb.gov",
+            portfolio=nonfebportfolio,
+            status=DomainRequest.DomainRequestStatus.SUBMITTED,
+        )
+        febdomainrequest = completed_domain_request(
+            name="test1234feb.gov",
+            portfolio=febportfolio,
+            status=DomainRequest.DomainRequestStatus.SUBMITTED,
+        )
+        response = self.client.get(reverse("admin:registrar_domainrequest_change", args=[nonfebdomainrequest.id]))
+        self.assertEqual(response.status_code, 302)
+        response = self.client.get(reverse("admin:registrar_domainrequest_change", args=[febdomainrequest.id]))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, febdomainrequest.requested_domain.name)
+        # test buttons
+        self.assertContains(response, "Save")
+        self.assertNotContains(response, ">Delete<")
+
     @override_flag("organization_feature", active=True)
     @less_console_noise_decorator
     def test_clean_validates_duplicate_suborganization(self):
@@ -2065,6 +2141,86 @@ class TestDomainRequestAdmin(MockEppLib):
 
             self.assertEqual(readonly_fields, expected_fields)
 
+    def test_readonly_fields_for_omb_analyst(self):
+        with less_console_noise():
+            request = self.factory.get("/")  # Use the correct method and path
+            request.user = self.ombanalyst
+
+            readonly_fields = self.admin.get_readonly_fields(request)
+
+            expected_fields = [
+                "portfolio_senior_official",
+                "portfolio_organization_type",
+                "portfolio_federal_type",
+                "portfolio_organization_name",
+                "portfolio_federal_agency",
+                "portfolio_state_territory",
+                "portfolio_address_line1",
+                "portfolio_address_line2",
+                "portfolio_city",
+                "portfolio_zipcode",
+                "portfolio_urbanization",
+                "other_contacts",
+                "current_websites",
+                "alternative_domains",
+                "is_election_board",
+                "status_history",
+                "federal_agency",
+                "creator",
+                "about_your_organization",
+                "requested_domain",
+                "approved_domain",
+                "alternative_domains",
+                "purpose",
+                "no_other_contacts_rationale",
+                "anything_else",
+                "is_policy_acknowledged",
+                "cisa_representative_first_name",
+                "cisa_representative_last_name",
+                "cisa_representative_email",
+                "status",
+                "investigator",
+                "notes",
+                "senior_official",
+                "organization_type",
+                "organization_name",
+                "state_territory",
+                "address_line1",
+                "address_line2",
+                "city",
+                "zipcode",
+                "urbanization",
+                "portfolio_organization_type",
+                "portfolio_federal_type",
+                "portfolio_organization_name",
+                "portfolio_federal_agency",
+                "portfolio_state_territory",
+                "portfolio_address_line1",
+                "portfolio_address_line2",
+                "portfolio_city",
+                "portfolio_zipcode",
+                "portfolio_urbanization",
+                "is_election_board",
+                "organization_type",
+                "federal_type",
+                "federal_agency",
+                "tribe_name",
+                "federally_recognized_tribe",
+                "state_recognized_tribe",
+                "about_your_organization",
+                "rejection_reason",
+                "rejection_reason_email",
+                "action_needed_reason",
+                "action_needed_reason_email",
+                "portfolio",
+                "sub_organization",
+                "requested_suborganization",
+                "suborganization_city",
+                "suborganization_state_territory",
+            ]
+
+            self.assertEqual(readonly_fields, expected_fields)
+
     def test_saving_when_restricted_creator(self):
         with less_console_noise():
             # Create an instance of the model

From d6746af538dbbd3c2bbba66688929223b16c6cd9 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 10 Mar 2025 06:09:15 -0400
Subject: [PATCH 041/285] fix test on Import

---
 src/registrar/tests/test_admin_domain.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/tests/test_admin_domain.py b/src/registrar/tests/test_admin_domain.py
index ab32f7c2a..aa6e799bd 100644
--- a/src/registrar/tests/test_admin_domain.py
+++ b/src/registrar/tests/test_admin_domain.py
@@ -104,8 +104,8 @@ class TestDomainAdminAsStaff(MockEppLib):
         self.assertEqual(response.status_code, 200)
         self.assertContains(response, self.febdomain.name)
         self.assertNotContains(response, self.nonfebdomain.name)
-        self.assertNotContains(response, "Import")
-        self.assertNotContains(response, "Export")
+        self.assertNotContains(response, ">Import<")
+        self.assertNotContains(response, ">Export<")
 
     @less_console_noise_decorator
     def test_omb_analyst_change(self):

From 15c41cdce4ef35a8de0263d06e99c508647ef376 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 10 Mar 2025 06:18:55 -0400
Subject: [PATCH 042/285] removed federal agency delete for OMB analysts

---
 src/registrar/models/user_group.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/models/user_group.py b/src/registrar/models/user_group.py
index 781dbb64c..f2ffa50ed 100644
--- a/src/registrar/models/user_group.py
+++ b/src/registrar/models/user_group.py
@@ -171,7 +171,7 @@ class UserGroup(Group):
             {
                 "app_label": "registrar",
                 "model": "federalagency",
-                "permissions": ["change_federalagency", "delete_federalagency"],
+                "permissions": ["change_federalagency"],
             },
             {
                 "app_label": "registrar",

From b5ab09db823a2aecea804f8b3485a6e57a886978 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 10 Mar 2025 06:24:10 -0400
Subject: [PATCH 043/285] removed federal agency delete for OMB analysts

---
 src/registrar/admin.py            | 9 ---------
 src/registrar/tests/test_admin.py | 2 +-
 2 files changed, 1 insertion(+), 10 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index a5ab53071..9bb9efe69 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -5025,15 +5025,6 @@ class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
                 return obj.federal_type == BranchChoices.EXECUTIVE
         return super().has_change_permission(request, obj)
 
-    def has_delete_permission(self, request, obj=None):
-        """Restrict delete permissions based on group membership and model attributes."""
-        if request.user.has_perm("registrar.full_access_permission"):
-            return True
-        if obj:
-            if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.federal_type == BranchChoices.EXECUTIVE
-        return super().has_delete_permission(request, obj)
-
     def get_readonly_fields(self, request, obj=None):
         """Set the read-only state on form elements.
         We have 2 conditions that determine which fields are read-only:
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index e89a6352c..7e34c63c7 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -3821,7 +3821,7 @@ class TestFederalAgencyAdmin(TestCase):
         self.assertNotContains(response, "id_is_fceb")
         self.assertNotContains(response, "closelink")
         self.assertContains(response, "Save")
-        self.assertContains(response, "Delete")
+        self.assertNotContains(response, "Delete")
 
     @less_console_noise_decorator
     def test_superuser_change(self):

From 7516e1af0b331178fa5814616282d87d34d12460 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Mon, 10 Mar 2025 10:13:31 -0600
Subject: [PATCH 044/285] Change defaults

---
 src/registrar/models/domain.py         |  2 +-
 src/registrar/models/public_contact.py | 19 +++++++++----------
 src/registrar/utility/csv_export.py    |  2 +-
 src/registrar/utility/enums.py         |  9 +++++----
 src/registrar/views/domain.py          |  6 +++---
 5 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index d3c0ed347..9a54adb0d 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1680,7 +1680,7 @@ class Domain(TimeStampedModel, DomainHelper):
         DF = epp.DiscloseField
         fields = {DF.EMAIL}
 
-        hidden_security_emails = [DefaultEmail.PUBLIC_CONTACT_DEFAULT.value, DefaultEmail.LEGACY_DEFAULT.value]
+        hidden_security_emails = [email for email in DefaultEmail]
         disclose = is_security and contact.email not in hidden_security_emails
         # Delete after testing on other devices
         logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose)
diff --git a/src/registrar/models/public_contact.py b/src/registrar/models/public_contact.py
index 71ed07de5..6a0228a7b 100644
--- a/src/registrar/models/public_contact.py
+++ b/src/registrar/models/public_contact.py
@@ -92,13 +92,12 @@ class PublicContact(TimeStampedModel):
         return cls(
             contact_type=PublicContact.ContactTypeChoices.REGISTRANT,
             registry_id=get_id(),
-            name="CSD/CB – Attn: Cameron Dixon",
+            name="CSD/CB – Attn: .gov TLD",
             org="Cybersecurity and Infrastructure Security Agency",
-            street1="CISA – NGR STOP 0645",
-            street2="1110 N. Glebe Rd.",
+            street1="1110 N. Glebe Rd",
             city="Arlington",
             sp="VA",
-            pc="20598-0645",
+            pc="22201",
             cc="US",
             email=DefaultEmail.PUBLIC_CONTACT_DEFAULT.value,
             voice="+1.8882820870",
@@ -110,9 +109,9 @@ class PublicContact(TimeStampedModel):
         return cls(
             contact_type=PublicContact.ContactTypeChoices.ADMINISTRATIVE,
             registry_id=get_id(),
-            name="Program Manager",
+            name="CSD/CB – Attn: .gov TLD",
             org="Cybersecurity and Infrastructure Security Agency",
-            street1="4200 Wilson Blvd.",
+            street1="1110 N. Glebe Rd",
             city="Arlington",
             sp="VA",
             pc="22201",
@@ -127,9 +126,9 @@ class PublicContact(TimeStampedModel):
         return cls(
             contact_type=PublicContact.ContactTypeChoices.TECHNICAL,
             registry_id=get_id(),
-            name="Registry Customer Service",
+            name="CSD/CB – Attn: .gov TLD",
             org="Cybersecurity and Infrastructure Security Agency",
-            street1="4200 Wilson Blvd.",
+            street1="1110 N. Glebe Rd",
             city="Arlington",
             sp="VA",
             pc="22201",
@@ -144,9 +143,9 @@ class PublicContact(TimeStampedModel):
         return cls(
             contact_type=PublicContact.ContactTypeChoices.SECURITY,
             registry_id=get_id(),
-            name="Registry Customer Service",
+            name="CSD/CB – Attn: .gov TLD",
             org="Cybersecurity and Infrastructure Security Agency",
-            street1="4200 Wilson Blvd.",
+            street1="1110 N. Glebe Rd",
             city="Arlington",
             sp="VA",
             pc="22201",
diff --git a/src/registrar/utility/csv_export.py b/src/registrar/utility/csv_export.py
index fad58b2e2..5660cb41d 100644
--- a/src/registrar/utility/csv_export.py
+++ b/src/registrar/utility/csv_export.py
@@ -740,7 +740,7 @@ class DomainExport(BaseExport):
             domain_type = f"{human_readable_domain_org_type} - {human_readable_domain_federal_type}"
 
         security_contact_email = model.get("security_contact_email")
-        invalid_emails = {DefaultEmail.LEGACY_DEFAULT.value, DefaultEmail.PUBLIC_CONTACT_DEFAULT.value}
+        invalid_emails = [email for email in DefaultEmail]
         if (
             not security_contact_email
             or not isinstance(security_contact_email, str)
diff --git a/src/registrar/utility/enums.py b/src/registrar/utility/enums.py
index 47e6da47f..8b3aff7ad 100644
--- a/src/registrar/utility/enums.py
+++ b/src/registrar/utility/enums.py
@@ -29,16 +29,17 @@ class LogCode(Enum):
     DEFAULT = 5
 
 
-class DefaultEmail(Enum):
+class DefaultEmail(StrEnum):
     """Stores the string values of default emails
 
     Overview of emails:
-    - PUBLIC_CONTACT_DEFAULT: "dotgov@cisa.dhs.gov"
+    - PUBLIC_CONTACT_DEFAULT: "help@get.gov"
+    - OLD_PUBLIC_CONTACT_DEFAULT: "dotgov@cisa.dhs.gov"
     - LEGACY_DEFAULT: "registrar@dotgov.gov"
-    - HELP_EMAIL: "help@get.gov"
     """
 
-    PUBLIC_CONTACT_DEFAULT = "dotgov@cisa.dhs.gov"
+    PUBLIC_CONTACT_DEFAULT = "help@get.gov"
+    OLD_PUBLIC_CONTACT_DEFAULT = "dotgov@cisa.dhs.gov"
     LEGACY_DEFAULT = "registrar@dotgov.gov"
 
 
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 3a083393e..0b13dda69 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -398,7 +398,7 @@ class DomainView(DomainBaseView):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
 
-        default_emails = [DefaultEmail.PUBLIC_CONTACT_DEFAULT.value, DefaultEmail.LEGACY_DEFAULT.value]
+        default_emails = [email for email in DefaultEmail]
 
         context["hidden_security_emails"] = default_emails
 
@@ -456,7 +456,7 @@ class DomainRenewalView(DomainBaseView):
 
         context = super().get_context_data(**kwargs)
 
-        default_emails = [DefaultEmail.PUBLIC_CONTACT_DEFAULT.value, DefaultEmail.LEGACY_DEFAULT.value]
+        default_emails = [email for email in DefaultEmail]
 
         context["hidden_security_emails"] = default_emails
 
@@ -1166,7 +1166,7 @@ class DomainSecurityEmailView(DomainFormBaseView):
         initial = super().get_initial()
         security_contact = self.object.security_contact
 
-        invalid_emails = [DefaultEmail.PUBLIC_CONTACT_DEFAULT.value, DefaultEmail.LEGACY_DEFAULT.value]
+        invalid_emails = [email for email in DefaultEmail]
         if security_contact is None or security_contact.email in invalid_emails:
             initial["security_email"] = None
             return initial

From 55a101b7f6a99602d49aa004977f6e33a183d03c Mon Sep 17 00:00:00 2001
From: Rebecca Hsieh <rebecca.hsieh@truss.works>
Date: Mon, 10 Mar 2025 12:53:23 -0700
Subject: [PATCH 045/285] Add files with print statements

---
 src/registrar/forms/domain_request_wizard.py |  6 +++-
 src/registrar/models/domain.py               | 17 ++++-----
 src/registrar/views/domain_request.py        | 37 ++++++++++++++++++--
 3 files changed, 49 insertions(+), 11 deletions(-)

diff --git a/src/registrar/forms/domain_request_wizard.py b/src/registrar/forms/domain_request_wizard.py
index d7a02b124..0ca74dacc 100644
--- a/src/registrar/forms/domain_request_wizard.py
+++ b/src/registrar/forms/domain_request_wizard.py
@@ -83,14 +83,16 @@ class RequestingEntityForm(RegistrarForm):
         Overrides RegistrarForm method in order to set sub_organization to 'other'
         on GETs of the RequestingEntityForm."""
         if obj is None:
+            print("!!!! FROM_DATABASE receive a NONE object")
             return {}
         # get the domain request as a dict, per usual method
         domain_request_dict = {name: getattr(obj, name) for name in cls.declared_fields.keys()}  # type: ignore
-
+        print(f"**** FROM_DATABASE BEFORE modification: {domain_request_dict}")
         # set sub_organization to 'other' if is_requesting_new_suborganization is True
         if isinstance(obj, DomainRequest) and obj.is_requesting_new_suborganization():
             domain_request_dict["sub_organization"] = "other"
 
+        print(f"***** FROM_DATABASE: AFTER modification: {domain_request_dict}")
         return domain_request_dict
 
     def clean_sub_organization(self):
@@ -163,6 +165,7 @@ class RequestingEntityForm(RegistrarForm):
     def clean(self):
         """Custom clean implementation to handle our desired logic flow for suborganization."""
         cleaned_data = super().clean()
+        print(f"**** CLEAN: data before: {cleaned_data}")
 
         # Get the cleaned data
         suborganization = cleaned_data.get("sub_organization")
@@ -190,6 +193,7 @@ class RequestingEntityForm(RegistrarForm):
         elif not self.data and getattr(self, "_original_suborganization", None) == "other":
             self.cleaned_data["sub_organization"] = self._original_suborganization
 
+        print(f"**** CLEAN: clean data after: {cleaned_data}")
         return cleaned_data
 
 
diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index d3c0ed347..cb241db52 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -245,15 +245,16 @@ class Domain(TimeStampedModel, DomainHelper):
         is called in the validate function on the request/domain page
 
         throws- RegistryError or InvalidDomainError"""
-        if not cls.string_could_be_domain(domain):
-            logger.warning("Not a valid domain: %s" % str(domain))
-            # throw invalid domain error so that it can be caught in
-            # validate_and_handle_errors in domain_helper
-            raise errors.InvalidDomainError()
+        return True
+        # if not cls.string_could_be_domain(domain):
+        #     logger.warning("Not a valid domain: %s" % str(domain))
+        #     # throw invalid domain error so that it can be caught in
+        #     # validate_and_handle_errors in domain_helper
+        #     raise errors.InvalidDomainError()
 
-        domain_name = domain.lower()
-        req = commands.CheckDomain([domain_name])
-        return registry.send(req, cleaned=True).res_data[0].avail
+        # domain_name = domain.lower()
+        # req = commands.CheckDomain([domain_name])
+        # return registry.send(req, cleaned=True).res_data[0].avail
 
     @classmethod
     def registered(cls, domain: str) -> bool:
diff --git a/src/registrar/views/domain_request.py b/src/registrar/views/domain_request.py
index 1d17e3047..dda309fa8 100644
--- a/src/registrar/views/domain_request.py
+++ b/src/registrar/views/domain_request.py
@@ -21,6 +21,7 @@ from registrar.models.contact import Contact
 from registrar.models.user import User
 from registrar.views.utility import StepsHelper
 from registrar.utility.enums import Step, PortfolioDomainRequestStep
+from registrar.models.utility.generic_helper import get_url_name
 
 logger = logging.getLogger(__name__)
 
@@ -205,30 +206,39 @@ class DomainRequestWizard(TemplateView):
         else:
             raise ValueError("Invalid value for User")
 
+        print("****** LINE ABOVE ******")
         if self.has_pk():
             try:
                 self._domain_request = DomainRequest.objects.get(
                     creator=creator,
                     pk=self.kwargs.get("domain_request_pk"),
                 )
+                print(f"@@@@ Retrieved existing DomainRequest: {self._domain_request}")
                 return self._domain_request
             except DomainRequest.DoesNotExist:
                 logger.debug("DomainRequest id %s did not have a DomainRequest" % self.kwargs.get("domain_request_pk"))
 
+        print("****** LINE BELOW ******")
         # If a user is creating a request, we assume that perms are handled upstream
         if self.request.user.is_org_user(self.request):
             portfolio = self.request.session.get("portfolio")
+            print(f"@@@@ User is an org user. Portfolio retrieved: {portfolio}")
             self._domain_request = DomainRequest.objects.create(
                 creator=self.request.user,
                 portfolio=portfolio,
             )
-
+            print(f"@@@@ New DomainRequest created: {self._domain_request}")
             # Question for reviewers: we should probably be doing this right?
             if portfolio and not self._domain_request.generic_org_type:
+                print(f"@@@@ Set generic_org_type to {portfolio.organization_type}")
                 self._domain_request.generic_org_type = portfolio.organization_type
                 self._domain_request.save()
+                print(f"@@@@ Updated DomainRequest: {self._domain_request}")
         else:
+            # Should not see this statement wanyway bc we are creating w portfolio
+            print("XXXX User is not an org user - create domain request w/o portfolio")
             self._domain_request = DomainRequest.objects.create(creator=self.request.user)
+            print(f"XXXX New DomainRequest created for non-org user: {self._domain_request}")
         return self._domain_request
 
     @property
@@ -255,8 +265,11 @@ class DomainRequestWizard(TemplateView):
 
     def done(self):
         """Called when the user clicks the submit button, if all forms are valid."""
+        print("***** DONE: Submitting")
         self.domain_request.submit()  # change the status to submitted
+        print("***** DONE: Saving")
         self.domain_request.save()
+        print(f"***** DONE Finished saving, domain request is {self.domain_request}")
         logger.debug("Domain Request object saved: %s", self.domain_request.id)
         return redirect(reverse(f"{self.URL_NAMESPACE}:finished"))
 
@@ -439,6 +452,14 @@ class DomainRequestWizard(TemplateView):
 
     def get_context_data(self):
         """Define context for access on all wizard pages."""
+        print("in get_context_data")
+        # current_url = self.request.get_full_path()
+        # print("current_url is", current_url)
+        # print("reverse", reverse(f"{self.URL_NAMESPACE}:finished"))
+        # if current_url == reverse(f"{self.URL_NAMESPACE}:finished"):
+        #     return None
+
+        # print("past the check")
         requested_domain_name = None
         if self.domain_request.requested_domain is not None:
             requested_domain_name = self.domain_request.requested_domain.name
@@ -511,9 +532,11 @@ class DomainRequestWizard(TemplateView):
 
         forms = self.get_forms(use_post=True)
         if self.is_valid(forms):
+            print("YYYYY should come into here bc it's valid")
             # always save progress
             self.save(forms)
         else:
+            print("XXXXXX should not come into here to call get context data again bc it's valid")
             context = self.get_context_data()
             context["forms"] = forms
             return render(request, self.template_name, context)
@@ -593,8 +616,18 @@ class RequestingEntity(DomainRequestWizard):
                     "suborganization_state_territory": None,
                 }
             )
-
+        print("!!!!! DomainRequest Instance:", self.domain_request)
+        print("!!!!! Cleaned Data for RequestingEntityForm:", requesting_entity_form.cleaned_data)
+        print("!!!!! Suborganization Data Before Submit: Requested:", cleaned_data.get("requested_suborganization"))
+        print("!!!!! City:", cleaned_data.get("suborganization_city"))
+        print("!!!!! State/Territory:", cleaned_data.get("suborganization_state_territory"))
+        print("$$$$$ DomainRequest before form save:", self.domain_request)
+        print("$$$$$ forms is", forms)
+        # So maybe bc it's saving 2 forms, one actually gets saved and the other becomes a draft?
+        # super().save(forms[0])
         super().save(forms)
+        print("$$$$$ After super().save() called, domain request instance:", self.domain_request)
+        # super().save(forms)
 
 
 class PortfolioAdditionalDetails(DomainRequestWizard):

From 918fc689c13afd8c51cd6923d666233540542f62 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Mon, 10 Mar 2025 14:54:58 -0700
Subject: [PATCH 046/285] Send email when senior official updated

---
 .../portfolio_org_update_notification.txt     |  6 ++---
 src/registrar/utility/email_invitations.py    |  4 ++-
 src/registrar/views/portfolios.py             | 27 ++++++++++++++++++-
 3 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/src/registrar/templates/emails/portfolio_org_update_notification.txt b/src/registrar/templates/emails/portfolio_org_update_notification.txt
index 639f08fdf..1b9dbf2fc 100644
--- a/src/registrar/templates/emails/portfolio_org_update_notification.txt
+++ b/src/registrar/templates/emails/portfolio_org_update_notification.txt
@@ -1,12 +1,12 @@
 {% autoescape off %}{# In a text file, we don't want to have HTML entities escaped #}
-Hi, {% if portfolio_admin and portfolio_admin.first_name %}{% endif %}
+Hi,{% if requested_user and requested_user.first_name %} {{ requested_user.first_name }}.{% endif %}
 
-An update was made to your .gov organization
+An update was made to your .gov organization.
 
 ORGANIZATION: {{ portfolio }}
 UPDATED BY: {{ editor.email }}
 UPDATED ON: {{ date }}
-INFORMATION UPDATED: put page where info was edited here
+INFORMATION UPDATED: {{ updated_info }}
 
 You can view this update in the .gov registrar <https://manage.get.gov>.
 
diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index df1ee1bd4..729da3f11 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -226,7 +226,7 @@ def send_portfolio_invitation_email(email: str, requestor, portfolio, is_admin_i
         )
     return all_admin_emails_sent
 
-def send_portfolio_organization_update_email(editor, portfolio):
+def send_portfolio_organization_update_email(editor, portfolio, updated_page):
     """
     Sends an email notification to all portfolio admin when portfolio organization is updated.
 
@@ -257,10 +257,12 @@ def send_portfolio_organization_update_email(editor, portfolio):
                 "emails/portfolio_org_update_notification_subject.txt",
                 to_address=user.email,
                 context={
+                    "requested_user": user,
                     "portfolio": portfolio,
                     "editor": editor,
                     "portfolio_admin": user,
                     "date": date.today(),
+                    "updated_info": "Organization"
                 },
             )
         except EmailSendingError:
diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index 5d33adf17..14e6234b8 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -844,7 +844,7 @@ class PortfolioOrganizationView(DetailView, FormMixin):
             user=request.user
             try:
                 if not send_portfolio_organization_update_email(
-                    editor=user, portfolio=self.request.session.get("portfolio")
+                    editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Organization"
                 ):
                     messages.warning(self.request, f"Could not send email notification to {user.email}.")
                     return redirect(reverse("organization"))
@@ -909,6 +909,31 @@ class PortfolioSeniorOfficialView(DetailView, FormMixin):
         form = self.get_form()
         return self.render_to_response(self.get_context_data(form=form))
 
+    def post(self, request, *args, **kwargs):
+        """Handle POST requests to process form submission."""
+        self.object = self.get_object()
+        form = self.get_form()
+        if form.is_valid():
+            user=request.user
+            try:
+                if not send_portfolio_organization_update_email(
+                    editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Senior Official"
+                ):
+                    messages.warning(self.request, f"Could not send email notification to {user.email}.")
+                    return redirect(reverse("senior-official"))
+            except Exception as e:
+                messages.error(
+                    request,
+                    f"An unexpected error occurred: {str(e)}. If the issue persists, "
+                    f"please contact {DefaultUserValues.HELP_EMAIL}.",
+                )
+                logger.error(f"An unexpected error occurred: {str(e)}.", exc_info=True)
+                return None
+            messages.success(self.request, "The portfolio organization information has been updated.")
+            return redirect(reverse("senior-official"))
+        else:
+            return self.form_invalid(form)
+
 
 @grant_access(HAS_PORTFOLIO_MEMBERS_ANY_PERM)
 class PortfolioMembersView(View):

From d6d68c401d47f9151fe3b458e658e0767b956e3b Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 10 Mar 2025 18:52:14 -0400
Subject: [PATCH 047/285] initial ds data redesign

---
 .../assets/src/js/getgov/domain-dsdata.js     |  27 -
 .../assets/src/js/getgov/form-dsdata.js       | 472 ++++++++++++++++++
 .../assets/src/js/getgov/form-helpers.js      |   5 +
 .../assets/src/js/getgov/formset-forms.js     |  36 +-
 src/registrar/assets/src/js/getgov/main.js    |   9 +-
 src/registrar/forms/domain.py                 |   2 +-
 src/registrar/templates/domain_dsdata.html    | 416 +++++++++++----
 src/registrar/views/domain.py                 |  32 +-
 8 files changed, 804 insertions(+), 195 deletions(-)
 delete mode 100644 src/registrar/assets/src/js/getgov/domain-dsdata.js
 create mode 100644 src/registrar/assets/src/js/getgov/form-dsdata.js

diff --git a/src/registrar/assets/src/js/getgov/domain-dsdata.js b/src/registrar/assets/src/js/getgov/domain-dsdata.js
deleted file mode 100644
index 14132d812..000000000
--- a/src/registrar/assets/src/js/getgov/domain-dsdata.js
+++ /dev/null
@@ -1,27 +0,0 @@
-import { submitForm } from './form-helpers.js';
-
-export function initDomainDSData() {
-    document.addEventListener('DOMContentLoaded', function() {
-        let domain_dsdata_page = document.getElementById("domain-dsdata");
-        if (domain_dsdata_page) {
-            const override_button = document.getElementById("disable-override-click-button");
-            const cancel_button = document.getElementById("btn-cancel-click-button");
-            const cancel_close_button = document.getElementById("btn-cancel-click-close-button");
-            if (override_button) {
-                override_button.addEventListener("click", function () {
-                    submitForm("disable-override-click-form");
-                });
-            }
-            if (cancel_button) {
-                cancel_button.addEventListener("click", function () {
-                    submitForm("btn-cancel-click-form");
-                });
-            } 
-            if (cancel_close_button) {
-                cancel_close_button.addEventListener("click", function () {
-                    submitForm("btn-cancel-click-form");
-                });
-            } 
-        }
-    });
-}
\ No newline at end of file
diff --git a/src/registrar/assets/src/js/getgov/form-dsdata.js b/src/registrar/assets/src/js/getgov/form-dsdata.js
new file mode 100644
index 000000000..e9be4135e
--- /dev/null
+++ b/src/registrar/assets/src/js/getgov/form-dsdata.js
@@ -0,0 +1,472 @@
+import { showElement, hideElement, scrollToElement } from './helpers';
+import { removeErrorsFromElement, removeFormErrors } from './form-helpers';
+
+export class DSDataForm {
+    constructor() {
+        this.addDSDataButton = document.getElementById('dsdata-add-button');
+        this.addDSDataForm = document.querySelector('.add-dsdata-form');
+        this.formChanged = false;
+        this.callback = null;
+
+        // Bind event handlers to maintain 'this' context
+        this.handleAddFormClick = this.handleAddFormClick.bind(this);
+        this.handleEditClick = this.handleEditClick.bind(this);
+        this.handleDeleteClick = this.handleDeleteClick.bind(this);
+        this.handleDeleteKebabClick = this.handleDeleteKebabClick.bind(this);
+        this.handleCancelClick = this.handleCancelClick.bind(this);
+        this.handleCancelAddFormClick = this.handleCancelAddFormClick.bind(this);
+    }
+
+    /**
+     * Initialize the DSDataForm by setting up display and event listeners.
+     */
+    init() {
+        this.initializeDSDataFormDisplay();
+        this.initializeEventListeners();
+    }
+
+
+    /**
+     * Determines the initial display state of the DS dara form,
+     * handling validation errors and setting visibility of elements accordingly.
+     */
+    initializeDSDataFormDisplay() {
+
+        // This check indicates that there is an Add DS Data form
+        // and that form has errors in it. In this case, show the form, and indicate that the form has
+        // changed.
+        if (this.addDSDataForm && this.addDSDataForm.querySelector('.usa-input--error')) {
+            showElement(this.addDSDataForm);
+            this.formChanged = true;
+        }
+
+        // handle display of table view errors
+        // if error exists in an edit-row, make that row show, and readonly row hide
+        const formTable = document.getElementById('dsdata-table')
+        if (formTable) {
+            const editRows = formTable.querySelectorAll('.edit-row');
+            editRows.forEach(editRow => {
+                if (editRow.querySelector('.usa-input--error')) {
+                    const readOnlyRow = editRow.previousElementSibling;
+                    this.formChanged = true;
+                    showElement(editRow);
+                    hideElement(readOnlyRow);
+                }
+            })
+        }
+
+    }
+
+    /**
+     * Attaches event listeners to relevant UI elements for interaction handling.
+     */
+    initializeEventListeners() {
+        this.addDSDataButton.addEventListener('click', this.handleAddFormClick);
+    
+        const editButtons = document.querySelectorAll('.dsdata-edit');
+        editButtons.forEach(editButton => {
+            editButton.addEventListener('click', this.handleEditClick);
+        });
+    
+        const cancelButtons = document.querySelectorAll('.dsdata-cancel');
+        cancelButtons.forEach(cancelButton => {
+            cancelButton.addEventListener('click', this.handleCancelClick);
+        });
+
+        const cancelAddFormButtons = document.querySelectorAll('.dsdata-cancel-add-form');
+        cancelAddFormButtons.forEach(cancelAddFormButton => {
+            cancelAddFormButton.addEventListener('click', this.handleCancelAddFormClick);
+        });
+
+        const deleteButtons = document.querySelectorAll('.dsdata-delete');
+        deleteButtons.forEach(deleteButton => {
+            deleteButton.addEventListener('click', this.handleDeleteClick);
+        });
+
+        const deleteKebabButtons = document.querySelectorAll('.dsdata-delete-kebab');
+        deleteKebabButtons.forEach(deleteKebabButton => {
+            deleteKebabButton.addEventListener('click', this.handleDeleteKebabClick);
+        });
+
+        const textInputs = document.querySelectorAll("input[type='text']");
+        textInputs.forEach(input => {
+            input.addEventListener("input", () => {
+                this.formChanged = true;
+            });
+        });
+
+        // Set event listeners on the submit buttons for the modals. Event listeners
+        // should execute the callback function, which has its logic updated prior
+        // to modal display
+        const unsaved_changes_modal = document.getElementById('unsaved-changes-modal');
+        if (unsaved_changes_modal) {
+            const submitButton = document.getElementById('unsaved-changes-click-button');
+            const closeButton = unsaved_changes_modal.querySelector('.usa-modal__close');
+            submitButton.addEventListener('click', () => {
+                closeButton.click();
+                this.executeCallback();
+            });
+        }
+        const delete_modal = document.getElementById('delete-modal');
+        if (delete_modal) {
+            const submitButton = document.getElementById('delete-click-button');
+            const closeButton = delete_modal.querySelector('.usa-modal__close');
+            submitButton.addEventListener('click', () => {
+                closeButton.click();
+                this.executeCallback();
+            });
+        }
+        const disable_dnssec_modal = document.getElementById('disable-dnssec-modal');
+        if (disable_dnssec_modal) {
+            const submitButton = document.getElementById('disable-dnssec-click-button');
+            const closeButton = disable_dnssec_modal.querySelector('.usa-modal__close');
+            submitButton.addEventListener('click', () => {
+                closeButton.click();
+                this.executeCallback();
+            });
+        }
+
+    }
+
+    /**
+     * Executes a stored callback function if defined, otherwise logs a warning.
+     */
+    executeCallback() {
+        if (this.callback) {
+            this.callback();
+            this.callback = null;
+        } else {
+            console.warn("No callback function set.");
+        }
+    }
+
+    /**
+     * Handles clicking the 'Add DS data' button, showing the form if needed.
+     * @param {Event} event - Click event
+     */
+    handleAddFormClick(event) {
+        this.callback = () => {
+            console.log("handleAddFormClick callback");
+            // Check if any other edit row is currently visible and hide it
+            document.querySelectorAll('tr.edit-row:not(.display-none)').forEach(openEditRow => {
+                this.resetEditRowAndFormAndCollapseEditRow(openEditRow);
+            });
+            if (this.addDSDataForm) {
+                // Check if this.addDSDataForm is visible (i.e., does not have 'display-none')
+                if (!this.addDSDataForm.classList.contains('display-none')) {
+                    this.resetAddDSDataForm();
+                }
+                // show add ds data form
+                showElement(this.addDSDataForm);
+            }
+        };
+        if (this.formChanged) {
+            //------- Show the unsaved changes confirmation modal
+            let modalTrigger = document.querySelector("#unsaved_changes_trigger");
+            if (modalTrigger) {
+                modalTrigger.click();
+            }
+        } else {
+            this.executeCallback();
+        }
+    }
+
+    /**
+     * Handles clicking an 'Edit' button on a readonly row, which hides the readonly row
+     * and displays the edit row, after performing some checks and possibly displaying modal.
+     * @param {Event} event - Click event
+     */
+    handleEditClick(event) {
+        let editButton = event.target;
+        let readOnlyRow = editButton.closest('tr'); // Find the closest row
+        let editRow = readOnlyRow.nextElementSibling; // Get the next row
+        if (!editRow || !readOnlyRow) {
+            console.warn("Expected DOM element but did not find it");
+            return;
+        }
+        this.callback = () => {
+            // Check if any other edit row is currently visible and hide it
+            document.querySelectorAll('tr.edit-row:not(.display-none)').forEach(openEditRow => {
+                this.resetEditRowAndFormAndCollapseEditRow(openEditRow);
+            });
+            // Check if this.addDSDataForm is visible (i.e., does not have 'display-none')
+            if (this.addDSDataForm && !this.addDSDataForm.classList.contains('display-none')) {
+                this.resetAddDSDataForm();
+            }
+            // hide and show rows as appropriate
+            hideElement(readOnlyRow);
+            showElement(editRow);
+        };
+        if (this.formChanged) {
+            //------- Show the unsaved changes confirmation modal
+            let modalTrigger = document.querySelector("#unsaved_changes_trigger");
+            if (modalTrigger) {
+                modalTrigger.click();
+            }
+        } else {
+            this.executeCallback();
+        }
+    }
+
+    /**
+     * Handles clicking a 'Delete' button on an edit row, which hattempts to delete the DS record
+     * after displaying modal.
+     * @param {Event} event - Click event
+     */
+    handleDeleteClick(event) {
+        let deleteButton = event.target;
+        let editRow = deleteButton.closest('tr');
+        if (!editRow) {
+            console.warn("Expected DOM element but did not find it");
+            return;
+        }
+        this.deleteRow(editRow);
+    }
+
+    /**
+     * Handles clicking a 'Delete' button on a readonly row in a kebab, which attempts to delete the DS record
+     * after displaying modal.
+     * @param {Event} event - Click event
+     */
+    handleDeleteKebabClick(event) {
+        let deleteKebabButton = event.target;
+        let accordionDiv = deleteKebabButton.closest('div'); 
+        // hide the accordion
+        accordionDiv.hidden = true;
+        let readOnlyRow = deleteKebabButton.closest('tr'); // Find the closest row
+        let editRow = readOnlyRow.nextElementSibling; // Get the next row
+        if (!editRow) {
+            console.warn("Expected DOM element but did not find it");
+            return;
+        }
+        this.deleteRow(editRow);
+    }
+
+    /**
+     * Deletes a DS record row. If there is only one DS record, prompt the user
+     * that they will be disabling DNSSEC. Otherwise, prompt with delete confiration.
+     * If deletion proceeds, the input fields are cleared, and the form is submitted.
+     * @param {HTMLElement} editRow - The row corresponding to the DS record being deleted.
+     */
+    deleteRow(editRow) {
+        // update the callback method
+        this.callback = () => {
+            hideElement(editRow);
+            let deleteInput = editRow.querySelector("input[name$='-DELETE']");
+            if (deleteInput) {
+                deleteInput.checked = true;
+            }
+            document.querySelector("form").submit();
+        };
+        // Check if at least 2 DS data records exist before the delete row action is taken
+        const thirdDSData = document.getElementById('id_form-2-key_tag')
+        if (thirdDSData) {
+            let modalTrigger = document.querySelector('#delete_trigger');
+            if (modalTrigger) {
+                modalTrigger.click();
+            }
+        } else {
+            let modalTrigger = document.querySelector('#disable_dnssec_trigger');
+            if (modalTrigger) {
+                modalTrigger.click();
+            }
+        }
+    }
+
+    /**
+     * Handles the click event on the "Cancel" button in the add DS data form.
+     * Resets the form fields and hides the add form section.
+     * @param {Event} event - Click event
+     */
+    handleCancelAddFormClick(event) {
+        this.resetAddDSDataForm();
+    }
+
+    /**
+     * Handles the click event for the cancel button within the table form.
+     * 
+     * This method identifies the edit row containing the cancel button and resets
+     * it to its initial state, restoring the corresponding read-only row.
+     * 
+     * @param {Event} event - the click event triggered by the cancel button
+     */
+    handleCancelClick(event) {
+        // get the cancel button that was clicked
+        let cancelButton = event.target;
+        // find the closest table row that contains the cancel button
+        let editRow = cancelButton.closest('tr');
+        if (editRow) {
+            this.resetEditRowAndFormAndCollapseEditRow(editRow);
+        } else {
+            console.warn("Expected DOM element but did not find it");
+        }
+    }
+
+    /**
+     * Resets the edit row, restores its original values, removes validation errors, 
+     * and collapses the edit row while making the readonly row visible again.
+     * @param {HTMLElement} editRow - The row that is being reset and collapsed.
+     */
+    resetEditRowAndFormAndCollapseEditRow(editRow) {
+        let readOnlyRow = editRow.previousElementSibling; // Get the next row
+        if (!editRow || !readOnlyRow) {
+            console.warn("Expected DOM element but did not find it");
+            return;
+        }
+        // reset the values set in editRow
+        this.resetInputValuesInElement(editRow);
+        // copy values from editRow to readOnlyRow
+        this.copyEditRowToReadonlyRow(editRow, readOnlyRow);
+        // remove errors from the editRow
+        removeErrorsFromElement(editRow);
+        // remove errors from the entire form
+        removeFormErrors();
+        // reset formChanged
+        this.resetFormChanged();
+        // hide and show rows as appropriate
+        hideElement(editRow);
+        showElement(readOnlyRow);
+    }
+
+    /**
+     * Resets the 'Add DS data' form by clearing its input fields, removing errors, 
+     * and hiding the form to return it to its initial state.
+     */
+    resetAddDSDataForm() {
+        if (this.addDSDataForm) {
+            // reset the values set in addDSDataForm
+            this.resetInputValuesInElement(this.addDSDataForm);
+            // remove errors from the addDSDataForm
+            removeErrorsFromElement(this.addDSDataForm);
+            // remove errors from the entire form
+            removeFormErrors();
+            // reset formChanged
+            this.resetFormChanged();
+            // hide the addDSDataForm
+            hideElement(this.addDSDataForm);
+        }
+    }
+
+    /**
+     * Resets all text input fields within the specified DOM element to their initial values.
+     * Triggers an 'input' event to ensure any event listeners update accordingly.
+     * @param {HTMLElement} domElement - The parent element containing text input fields to be reset.
+     */
+    resetInputValuesInElement(domElement) {
+        const inputEvent = new Event('input');
+        const changeEvent = new Event('change');
+        // Reset text and number inputs
+        let inputs = domElement.querySelectorAll("input[type='text'], input[type='number']");
+        inputs.forEach(input => {
+            // Reset input value to its initial stored value
+            input.value = input.dataset.initialValue;
+            // Dispatch input event to update any event-driven changes
+            input.dispatchEvent(inputEvent);
+        });
+        // Reset select elements
+        let selects = domElement.querySelectorAll("select");
+        selects.forEach(select => {
+            // Reset select value to its initial stored value
+            select.value = select.dataset.initialValue;
+            // Dispatch change event to update any event-driven changes
+            select.dispatchEvent(changeEvent);
+        });
+    }
+
+    /**
+     * Copies values from the editable row's text inputs into the corresponding
+     * readonly row cells, formatting them appropriately.
+     * @param {HTMLElement} editRow - The row containing editable input fields.
+     * @param {HTMLElement} readOnlyRow - The row where values will be displayed in a non-editable format.
+     */
+    copyEditRowToReadonlyRow(editRow, readOnlyRow) {
+        let numberInput = editRow.querySelector("input[type='number']");
+        let selects = editRow.querySelectorAll("select");
+        let textInput = editRow.querySelector("input[type='text']");
+        let tds = readOnlyRow.querySelectorAll("td");
+        let updatedText = '';
+
+        // Copy the number input value
+        if (numberInput) {
+            tds[0].innerText = numberInput.value || "";
+        }
+
+        // Copy select values (showing the selected label instead of value)
+        selects.forEach((select, index) => {
+            let selectedOption = select.options[select.selectedIndex];
+            if (tds[index + 1]) {
+                tds[index + 1].innerText = selectedOption ? selectedOption.text : "";
+            }
+        });
+
+        // Copy the text input value
+        if (textInput) {
+            tds[3].innerText = textInput.value || "";
+        }
+    }
+
+    /**
+     * Resets the form change state.
+     * This method marks the form as unchanged by setting `formChanged` to false.
+     * It is useful for tracking whether a user has modified any form fields.
+     */
+    resetFormChanged() {
+        this.formChanged = false;
+    }
+
+    /**
+     * Removes all existing alert messages from the main content area.
+     * This ensures that only the latest alert is displayed to the user.
+     */
+    resetAlerts() {
+        const mainContent = document.getElementById("main-content");
+        if (mainContent) {
+            // Remove all alert elements within the main content area
+            mainContent.querySelectorAll(".usa-alert:not(.usa-alert--do-not-reset)").forEach(alert => alert.remove());
+        } else {
+            console.warn("Expecting main-content DOM element");
+        }
+    }
+
+    /**
+     * Displays an alert message at the top of the main content area.
+     * It first removes any existing alerts before adding a new one to ensure only the latest alert is visible.
+     * @param {string} level - The alert level (e.g., 'error', 'success', 'warning', 'info').
+     * @param {string} message - The message to display inside the alert.
+     */
+    addAlert(level, message) {
+        this.resetAlerts(); // Remove any existing alerts before adding a new one
+        
+        const mainContent = document.getElementById("main-content");
+        if (!mainContent) return;
+
+        // Create a new alert div with appropriate classes based on alert level
+        const alertDiv = document.createElement("div");
+        alertDiv.className = `usa-alert usa-alert--${level} usa-alert--slim margin-bottom-2`;
+        alertDiv.setAttribute("role", "alert"); // Add the role attribute
+
+        // Create the alert body to hold the message text
+        const alertBody = document.createElement("div");
+        alertBody.className = "usa-alert__body";
+        alertBody.textContent = message;
+
+        // Append the alert body to the alert div and insert it at the top of the main content area
+        alertDiv.appendChild(alertBody);
+        mainContent.insertBefore(alertDiv, mainContent.firstChild);
+
+        // Scroll the page to make the alert visible to the user
+        scrollToElement("class", "usa-alert__body");
+    }
+}
+
+/**
+ * Initializes the DSDataForm when the DOM is fully loaded.
+ */
+export function initFormDSData() {
+    document.addEventListener('DOMContentLoaded', () => {
+        if (document.getElementById('dsdata-add-button')) {
+            const dsDataForm = new DSDataForm();
+            dsDataForm.init();
+        }
+    });
+}
diff --git a/src/registrar/assets/src/js/getgov/form-helpers.js b/src/registrar/assets/src/js/getgov/form-helpers.js
index fabfab98a..7a9b0c38f 100644
--- a/src/registrar/assets/src/js/getgov/form-helpers.js
+++ b/src/registrar/assets/src/js/getgov/form-helpers.js
@@ -38,6 +38,11 @@ export function removeErrorsFromElement(domElement) {
     domElement.querySelectorAll("input.usa-input--error").forEach(input => {
         input.classList.remove("usa-input--error");
     });
+
+    // Remove the 'usa-input--error' class from all select elements
+    domElement.querySelectorAll("select.usa-input--error").forEach(select => {
+        select.classList.remove("usa-input--error");
+    });
 }
 
 /**
diff --git a/src/registrar/assets/src/js/getgov/formset-forms.js b/src/registrar/assets/src/js/getgov/formset-forms.js
index b4a40e5cf..1d2724b7f 100644
--- a/src/registrar/assets/src/js/getgov/formset-forms.js
+++ b/src/registrar/assets/src/js/getgov/formset-forms.js
@@ -84,7 +84,7 @@ function markForm(e, formLabel){
 }
   
 /**
- * Prepare the namerservers, DS data and Other Contacts formsets' delete button
+ * Prepare the Other Contacts formsets' delete button
  * for the last added form. We call this from the Add function
  * 
  */
@@ -108,7 +108,7 @@ function prepareNewDeleteButton(btn, formLabel) {
 }
   
 /**
- * Prepare the namerservers, DS data and Other Contacts formsets' delete buttons
+ * Prepare the Other Contacts formsets' delete buttons
  * We will call this on the forms init
  * 
  */
@@ -172,16 +172,11 @@ export function initFormsetsForms() {
   let cloneIndex = 0;
   let formLabel = '';
   let isOtherContactsForm = document.querySelector(".other-contacts-form");
-  let isDsDataForm = document.querySelector(".ds-data-form");
   let isDotgovDomain = document.querySelector(".dotgov-domain-form");
-  if( !(isOtherContactsForm || isDotgovDomain || isDsDataForm) ){
+  if( !(isOtherContactsForm || isDotgovDomain) ){
     return
   }
-  // DNSSEC: DS Data
-  if (isDsDataForm) {
-    formLabel = "DS data record";
-  // The Other Contacts form
-  } else if (isOtherContactsForm) {
+  if (isOtherContactsForm) {
     formLabel = "Organization contact";
     container = document.querySelector("#other-employees");
     formIdentifier = "other_contacts"
@@ -287,26 +282,3 @@ export function initFormsetsForms() {
         prepareNewDeleteButton(newDeleteButton, formLabel);
   }
 }
-
-export function triggerModalOnDsDataForm() {
-  let saveButon = document.querySelector("#save-ds-data");
-
-  // The view context will cause a hitherto hidden modal trigger to
-  // show up. On save, we'll test for that modal trigger appearing. We'll
-  // run that test once every 100 ms for 5 secs, which should balance performance
-  // while accounting for network or lag issues.
-  if (saveButon) {
-    let i = 0;
-    var tryToTriggerModal = setInterval(function() {
-        i++;
-        if (i > 100) {
-          clearInterval(tryToTriggerModal);
-        }
-        let modalTrigger = document.querySelector("#ds-toggle-dnssec-alert");
-        if (modalTrigger) {
-          modalTrigger.click()
-          clearInterval(tryToTriggerModal);
-        }
-    }, 50);
-  }
-}
diff --git a/src/registrar/assets/src/js/getgov/main.js b/src/registrar/assets/src/js/getgov/main.js
index 0529d3614..03d970d7e 100644
--- a/src/registrar/assets/src/js/getgov/main.js
+++ b/src/registrar/assets/src/js/getgov/main.js
@@ -1,7 +1,8 @@
 import { hookupYesNoListener } from './radios.js';
 import { initDomainValidators } from './domain-validators.js';
-import { initFormsetsForms, triggerModalOnDsDataForm } from './formset-forms.js';
-import { initFormNameservers } from './form-nameservers'
+import { initFormsetsForms } from './formset-forms.js';
+import { initFormNameservers } from './form-nameservers';
+import { initFormDSData } from './form-dsdata.js';
 import { initializeUrbanizationToggle } from './urbanization.js';
 import { userProfileListener, finishUserSetupListener } from './user-profile.js';
 import { handleRequestingEntityFieldset } from './requesting-entity.js';
@@ -13,7 +14,6 @@ import { initEditMemberDomainsTable } from './table-edit-member-domains.js';
 import { initPortfolioNewMemberPageToggle, initAddNewMemberPageListeners, initPortfolioMemberPageRadio } from './portfolio-member-page.js';
 import { initDomainRequestForm } from './domain-request-form.js';
 import { initDomainManagersPage } from './domain-managers.js';
-import { initDomainDSData } from './domain-dsdata.js';
 import { initDomainDNSSEC } from './domain-dnssec.js';
 import { initFormErrorHandling } from './form-errors.js';
 import { initButtonLinks } from '../getgov-admin/button-utils.js';
@@ -21,8 +21,8 @@ import { initButtonLinks } from '../getgov-admin/button-utils.js';
 initDomainValidators();
 
 initFormsetsForms();
-triggerModalOnDsDataForm();
 initFormNameservers();
+initFormDSData();
 
 hookupYesNoListener("other_contacts-has_other_contacts",'other-employees', 'no-other-employees');
 hookupYesNoListener("additional_details-has_anything_else_text",'anything-else', null);
@@ -42,7 +42,6 @@ initEditMemberDomainsTable();
 
 initDomainRequestForm();
 initDomainManagersPage();
-initDomainDSData();
 initDomainDNSSEC();
 
 initFormErrorHandling();
diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index 538edc7ab..bb87ad119 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -688,7 +688,7 @@ class DomainDsdataForm(forms.Form):
 
 DomainDsdataFormset = formset_factory(
     DomainDsdataForm,
-    extra=0,
+    extra=1,
     can_delete=True,
 )
 
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 95e8e3d5f..14b8ad519 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -34,122 +34,334 @@
   {% endif %}
   {% endblock breadcrumb %}
 
-  {% if domain.dnssecdata is None %}
-  <div class="usa-alert usa-alert--info usa-alert--slim margin-bottom-3">
-    <div class="usa-alert__body">
-      You have no DS data added. Enable DNSSEC by adding DS data.
+  <div class="grid-row grid-gap">
+    <div class="tablet:grid-col-6">
+      <h1 class="tablet:margin-bottom-1" id="domain-dsdata">DS data</h1>
+    </div>
+    
+    <div class="tablet:grid-col-6 text-right--tablet">
+      <button type="button" class="usa-button margin-bottom-1 tablet:float-right" id="dsdata-add-button">
+        Add DS data
+      </button>
     </div>
   </div>
+
+  <p>In order to enable DNSSEC, you must first configure it with your DNS provider.</p>
+
+  <p>Click "Add DS data" and enter the values given by your DNS provider for DS (Delegation Signer) data.</p>
+
+  {% comment %}
+  This template supports the rendering of three different DS data forms, conditionally displayed:
+  1 - Add DS Data form (rendered when there are no existing DS data records defined for the domain)
+  2 - DS Data table (rendered when the domain has existing DS data, which can be viewed and edited)
+  3 - Add DS Data form (rendered above the DS Data table to add a single additional DS Data record)
+  {% endcomment %}
+
+  {% if formset.initial and formset.forms.0.initial %}
+    
+    {% comment %}This section renders both the DS Data table and the Add DS Data form {% endcomment %}
+
+    {% include "includes/required_fields.html" %}
+
+    <form class="usa-form usa-form--extra-large ds-data-form" method="post" novalidate id="form-container">
+      {% csrf_token %}
+      {{ formset.management_form }}
+
+      {% for form in formset %}
+        {% if forloop.last %}
+
+          {% comment %}This section renders the Add DS data form.{% endcomment %}
+          <section class="add-dsdata-form display-none section-outlined">
+            <h2 class="margin-top-0">Add DS record</h2>
+            <div class="repeatable-form">
+              <div class="grid-row grid-gap-2 flex-end">
+                <div class="tablet:grid-col-4">
+                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                    {% input_with_errors form.key_tag %}
+                  {% endwith %}
+                </div>
+                <div class="tablet:grid-col-4">
+                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                    {% input_with_errors form.algorithm %}
+                  {% endwith %}
+                </div>
+                <div class="tablet:grid-col-4">
+                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                    {% input_with_errors form.digest_type %}
+                  {% endwith %}
+                </div>
+              </div>
+        
+              <div class="grid-row">
+                <div class="grid-col">
+                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                    {% input_with_errors form.digest %}
+                  {% endwith %}
+                </div>
+              </div>
+            </div>
+            <div class="margin-top-2">
+              <button
+                type="submit"
+                class="usa-button usa-button--outline"
+                name="btn-cancel-click"
+                aria-label="Reset the data in the DS records to the registry state (undo changes)"
+              >Cancel
+              </button>
+              <button
+                id="save-ds-data"
+                type="submit"
+                class="usa-button"
+              >Save
+              </button>
+            </div>
+          </section>
+        {% endif %}
+      {% endfor %}
+
+
+      <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="dsdata-table">
+        <thead>
+          <tr>
+            <th scope="col" role="columnheader">Key tag</th>
+            <th scope="col" role="columnheader">Algorithm</th>
+            <th scope="col" role="columnheader">Digest type</th>
+            <th scope="col" role="columnheader">Digest</th>
+            <th scope="col" role="columnheader" class="width-0 padding-right-0">Action</th>
+          </tr>
+        </thead>
+        <tbody>
+          {% for form in formset %}
+            {% if not forloop.last or form.initial %}
+
+              {% comment %}
+              This section renders table rows for each existing DS data records. Two rows are rendered, a readonly row
+              and an edit row. Only one of which is displayed at a time.
+              {% endcomment %}
+              
+              <!-- Readonly row -->
+              <tr>
+                <td>{{ form.key_tag.value }}</td>
+                <td>
+                  {% for value, label in form.algorithm.field.choices %}
+                    {% if value|stringformat:"s" == form.algorithm.value|stringformat:"s" %}
+                      {{ label }}
+                    {% endif %}
+                  {% endfor %}
+                </td>
+                <td>
+                  {% for value, label in form.digest_type.field.choices %}
+                    {% if value|stringformat:"s" == form.digest_type.value|stringformat:"s" %}
+                      {{ label }}
+                    {% endif %}
+                  {% endfor %}
+                </td>
+                <td>{{ form.digest.value }}</td>
+                <td class="padding-right-0">
+                  <div class="tablet:display-flex tablet:flex-row">
+                    <button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 dsdata-edit'>
+                      <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
+                        <use xlink:href="/public/img/sprite.svg#edit"></use>
+                      </svg>
+                      Edit <span class="usa-sr-only">DS record {{forloop.counter}}</span>
+                    </button>
+
+                    <a 
+                      role="button" 
+                      id="button-trigger-delete-dsdata-{{ forloop.counter }}"
+                      class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex dsdata-delete-kebab"
+                    >
+                      <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
+                        <use xlink:href="/public/img/sprite.svg#delete"></use>
+                      </svg>
+                      Delete
+                    </a>
+
+                    <div class="usa-accordion usa-accordion--more-actions margin-right-2 hidden-mobile-flex">
+                      <div class="usa-accordion__heading">
+                        <button
+                          type="button"
+                          class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-0"
+                          aria-expanded="false"
+                          aria-controls="more-actions-dsdata-{{ forloop.counter }}"
+                          aria-label="More Actions for DS record {{ forloop.counter }}"
+                        >
+                          <svg class="usa-icon top-2px" aria-hidden="true" focusable="false" role="img" width="24">
+                            <use xlink:href="/public/img/sprite.svg#more_vert"></use>
+                          </svg>
+                        </button>
+                      </div>
+                      <div id="more-actions-dsdata-{{ forloop.counter }}" class="usa-accordion__content usa-prose shadow-1 left-auto right-neg-1" hidden>
+                        <h2>More options</h2>
+                        <button 
+                          type="button" 
+                          class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary dsdata-delete-kebab"
+                          name="btn-delete-kebab-click"
+                          aria-label="Delete the DS record from the registry"
+                        >
+                          Delete
+                        </button>
+                      </div>
+                    </div>
+                  </div>
+                </td>
+              </tr>
+              <!-- Edit row -->
+              <tr class="edit-row display-none">
+                <td class="text-bottom">
+                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                      {% input_with_errors form.key_tag %}
+                    {% endwith %}
+                </td>
+                <td class="text-bottom">
+                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                      {% input_with_errors form.algorithm %}
+                    {% endwith %}
+                </td>
+                <td class="text-bottom">
+                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                      {% input_with_errors form.digest_type %}
+                    {% endwith %}
+                </td>
+                <td class="text-bottom">
+                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                      {% input_with_errors form.digest %}
+                    {% endwith %}
+                </td>
+                <td class="padding-right-0 text-bottom">
+                  <button class="usa-button usa-button--unstyled display-block margin-top-1" type="submit">Save</button>
+                  
+                  <button
+                        type="button"
+                        class="usa-button usa-button--unstyled display-block dsdata-cancel"
+                        name="btn-cancel-click"
+                        aria-label="Reset the data in the DS record form to the registry state (undo changes)"
+                    >Cancel
+                  </button>
+                  <button
+                        type="button"
+                        class="usa-button usa-button--unstyled display-block text-secondary dsdata-delete"
+                        name="btn-delete-click"
+                        aria-label="Delete the DS record from the registry"
+                    >Delete
+                  </button>
+                  <div class="display-none">{{ form.DELETE }}</div>
+                </td>
+              </tr>
+            {% endif %}
+          {% endfor %}
+        </tbody>
+      </table>
+    </form>
+
+  {% else %}
+
+    {% comment %}
+    This section renders Add DS Data form which renders when there are no existing
+    DS records defined on the domain.
+    {% endcomment %} 
+
+    <section class="add-dsdata-form display-none section-outlined">
+      {% include "includes/required_fields.html" %} 
+      <form class="usa-form usa-form--extra-large" method="post" novalidate>
+        <h2>Add DS record</h2>
+        {% csrf_token %}
+        {{ formset.management_form }}
+        {% for form in formset %}
+        <div class="repeatable-form">
+          <div class="grid-row grid-gap-2 flex-end">
+            <div class="tablet:grid-col-4">
+              {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                {% input_with_errors form.key_tag %}
+              {% endwith %}
+            </div>
+            <div class="tablet:grid-col-4">
+              {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                {% input_with_errors form.algorithm %}
+              {% endwith %}
+            </div>
+            <div class="tablet:grid-col-4">
+              {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                {% input_with_errors form.digest_type %}
+              {% endwith %}
+            </div>
+          </div>
+    
+          <div class="grid-row">
+            <div class="grid-col">
+              {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                {% input_with_errors form.digest %}
+              {% endwith %}
+            </div>
+          </div>
+        </div>
+        {% endfor %}
+        <div class="margin-top-2">
+          <button
+            type="button"
+            class="usa-button usa-button--outline dsdata-cancel-add-form"
+            name="btn-cancel-click"
+            aria-label="Reset the data in the DS records to the registry state (undo changes)"
+          >Cancel
+          </button>
+          <button
+            id="save-ds-data"
+            type="submit"
+            class="usa-button"
+          >Save
+          </button>
+        </div>
+      </form>
+    </section>
   {% endif %}
 
-  <h1 id="domain-dsdata">DS data</h1>
-
-  <p>In order to enable DNSSEC, you must first configure it with your DNS hosting service.</p>
-
-  <p>Enter the values given by your DNS provider for DS data.</p>
-
-  {% include "includes/required_fields.html" %}
-
-  <form class="usa-form usa-form--extra-large ds-data-form" method="post" novalidate id="form-container">
-    {% csrf_token %}
-    {{ formset.management_form }}
-
-    {% for form in formset %}
-    <fieldset class="repeatable-form">
-
-      <legend class="sr-only">DS data record {{forloop.counter}}</legend>
-
-      <h2 class="margin-top-0">DS data record {{forloop.counter}}</h2>
-
-      <div class="grid-row grid-gap-2 flex-end">
-        <div class="tablet:grid-col-4">
-          {% with attr_required=True add_group_class="usa-form-group--unstyled-error" %}
-            {% input_with_errors form.key_tag %}
-          {% endwith %}
-        </div>
-        <div class="tablet:grid-col-4">
-          {% with attr_required=True add_group_class="usa-form-group--unstyled-error" %}
-            {% input_with_errors form.algorithm %}
-          {% endwith %}
-        </div>
-        <div class="tablet:grid-col-4">
-          {% with attr_required=True add_group_class="usa-form-group--unstyled-error" %}
-            {% input_with_errors form.digest_type %}
-          {% endwith %}
-        </div>
-      </div>
-
-      <div class="grid-row">
-        <div class="grid-col">
-          {% with attr_required=True add_group_class="usa-form-group--unstyled-error" %}
-            {% input_with_errors form.digest %}
-          {% endwith %}
-        </div>
-      </div>
-
-      <div class="grid-row margin-top-1">
-        <div class="grid-col">
-            <button type="button" id="button label" class="usa-button usa-button--unstyled usa-button--with-icon float-right-tablet delete-record text-secondary line-height-sans-5">
-              <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24" height="24">
-                <use xlink:href="{%static 'img/sprite.svg'%}#delete"></use>
-              </svg>Delete
-              <span class="sr-only">DS data record {{forloop.counter}}</span>
-            </button>
-        </div>
-      </div>
-
-    </fieldset>
-    {% endfor %}
-
-    <button type="button" class="usa-button usa-button--unstyled usa-button--with-icon margin-bottom-2" id="add-form">
-      <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24" height="24">
-        <use xlink:href="{%static 'img/sprite.svg'%}#add_circle"></use>
-      </svg>Add new record
-    </button>
-
-    <button
-          id="save-ds-data"
-          type="submit"
-          class="usa-button"
-      >Save
-    </button>
-
-    <button
-          type="submit"
-          class="usa-button usa-button--outline"
-          name="btn-cancel-click"
-          aria-label="Reset the data in the DS records to the registry state (undo changes)"
-      >Cancel
-    </button>
-  </form>
-
-  {% if trigger_modal %}
   <a
-      id="ds-toggle-dnssec-alert"
-      href="#toggle-dnssec-alert"
+    id="unsaved_changes_trigger"
+    href="#unsaved-changes-modal"
+    class="usa-button usa-button--outline margin-top-1 display-none"
+    aria-controls="unsaved-changes-modal"
+    data-open-modal
+    >Trigger unsaved changes modal</a>
+  <div 
+    class="usa-modal"
+    id="unsaved-changes-modal"
+    aria-labelledby="Are you sure you want to continue?"
+    aria-describedby="You have unsaved changes that will be lost."
+  >
+    {% include 'includes/modal.html' with modal_heading="Are you sure you want to continue?" modal_description="You have unsaved changes that will be lost." modal_button_id="unsaved-changes-click-button" modal_button_text="Continue without saving" cancel_button_text="Go back" %}
+  </div>
+
+  <a
+    id="delete_trigger"
+    href="#delete-modal"
+    class="usa-button usa-button--outline margin-top-1 display-none"
+    aria-controls="delete-modal"
+    data-open-modal
+    >Trigger delete modal</a>
+  <div 
+    class="usa-modal"
+    id="delete-modal"
+    aria-labelledby="Are you sure you want to delete this DS data record?"
+    aria-describedby="This action cannot be undone."
+  >
+    {% include 'includes/modal.html' with modal_heading="Are you sure you want to delete this DS data record?" modal_description="This action cannot be undone." modal_button_id="delete-click-button" modal_button_text="Yes, delete" modal_button_class="usa-button--secondary" %}
+  </div>
+
+  <a
+      id="disable_dnssec_trigger"
+      href="#disable-dnssec-modal"
       class="usa-button usa-button--outline margin-top-1 display-none"
-      aria-controls="toggle-dnssec-alert"
+      aria-controls="disable-dnssec-modal"
       data-open-modal
       >Trigger Disable DNSSEC Modal</a
     >
-  {% endif %}
-  {# Use data-force-action to take esc out of the equation and pass cancel_button_resets_ds_form to effectuate a reset in the view #}
   <div
     class="usa-modal"
-    id="toggle-dnssec-alert"
+    id="disable-dnssec-modal"
     aria-labelledby="Are you sure you want to continue?"
     aria-describedby="Your DNSSEC records will be deleted from the registry."
-    data-force-action
   >
-      {% include 'includes/modal.html' with cancel_button_resets_ds_form=True modal_heading="Warning: You are about to remove all DS records on your domain." modal_description="To fully disable DNSSEC: In addition to removing your DS records here, you’ll need to delete the DS records at your DNS host. To avoid causing your domain to appear offline, you should wait to delete your DS records at your DNS host until the Time to Live (TTL) expires. This is often less than 24 hours, but confirm with your provider." modal_button_id="disable-override-click-button" modal_button_text="Remove all DS data" modal_button_class="usa-button--secondary" %}
+    {% include 'includes/modal.html' with modal_heading="Warning: You are about to remove all DS records on your domain." modal_description="To fully disable DNSSEC: In addition to removing your DS records here, you’ll need to delete the DS records at your DNS host. To avoid causing your domain to appear offline, you should wait to delete your DS records at your DNS host until the Time to Live (TTL) expires. This is often less than 24 hours, but confirm with your provider." modal_button_id="disable-dnssec-click-button" modal_button_text="Remove all DS data" modal_button_class="usa-button--secondary" %}
   </div>
-  <form method="post" id="disable-override-click-form">
-    {% csrf_token %}
-    <input type="hidden" name="disable-override-click" value="1">
-  </form>
-  <form method="post" id="btn-cancel-click-form">
-    {% csrf_token %}
-    <input type="hidden" name="btn-cancel-click" value="1">
-  </form>
 
 {% endblock %}  {# domain_content #}
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 3a083393e..4f44f0b01 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -1060,10 +1060,6 @@ class DomainDsDataView(DomainFormBaseView):
                 for record in dnssecdata.dsData
             )
 
-        # Ensure at least 1 record, filled or empty
-        while len(initial_data) == 0:
-            initial_data.append({})
-
         return initial_data
 
     def get_success_url(self):
@@ -1082,29 +1078,8 @@ class DomainDsDataView(DomainFormBaseView):
         """Formset submission posts to this view."""
         self._get_domain(request)
         formset = self.get_form()
-        override = False
 
-        # This is called by the form cancel button,
-        # and also by the modal's X and cancel buttons
-        if "btn-cancel-click" in request.POST:
-            url = self.get_success_url()
-            return HttpResponseRedirect(url)
-
-        # This is called by the Disable DNSSEC modal to override
-        if "disable-override-click" in request.POST:
-            override = True
-
-        # This is called when all DNSSEC data has been deleted and the
-        # Save button is pressed
-        if len(formset) == 0 and formset.initial != [{}] and override is False:
-            # trigger the modal
-            # get context data from super() rather than self
-            # to preserve the context["form"]
-            context = super().get_context_data(form=formset)
-            context["trigger_modal"] = True
-            return self.render_to_response(context)
-
-        if formset.is_valid() or override:
+        if formset.is_valid():
             return self.form_valid(formset)
         else:
             return self.form_invalid(formset)
@@ -1116,9 +1091,10 @@ class DomainDsDataView(DomainFormBaseView):
         dnssecdata = extensions.DNSSECExtension()
 
         for form in formset:
+            if form.cleaned_data.get("DELETE"):  # Check if form is marked for deletion
+                continue  # Skip processing this form
+
             try:
-                # if 'delete' not in form.cleaned_data
-                # or form.cleaned_data['delete'] == False:
                 dsrecord = {
                     "keyTag": form.cleaned_data["key_tag"],
                     "alg": int(form.cleaned_data["algorithm"]),

From 0d44b3426024464c93f4997a9a96ea6638a576de Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 10 Mar 2025 19:02:03 -0400
Subject: [PATCH 048/285] cleaned up modal code

---
 src/registrar/templates/includes/modal.html | 49 +++++----------------
 1 file changed, 11 insertions(+), 38 deletions(-)

diff --git a/src/registrar/templates/includes/modal.html b/src/registrar/templates/includes/modal.html
index af49d2b6c..09e2909c0 100644
--- a/src/registrar/templates/includes/modal.html
+++ b/src/registrar/templates/includes/modal.html
@@ -58,18 +58,7 @@
                     {% endif %}
                 </li>
                 <li class="usa-button-group__item">
-                    {% comment %} The cancel button the DS form actually triggers a context change in the view,
-                    in addition to being a close modal hook {% endcomment %}
-                    {% if cancel_button_resets_ds_form %}
-                        <button
-                            type="submit"
-                            class="usa-button usa-button--unstyled padding-105 text-center"
-                            id="btn-cancel-click-button"
-                            data-close-modal
-                        >
-                            Cancel
-                        </button>
-                    {% elif not cancel_button_only %}
+                    {% if not cancel_button_only %}
                         <button
                             type="button"
                             class="usa-button usa-button--unstyled padding-105 text-center"
@@ -82,30 +71,14 @@
             </ul>
         </div>
     </div>
-    {% comment %} The cancel button the DS form actually triggers a context change in the view,
-    in addition to being a close modal hook {% endcomment %}
-    {% if cancel_button_resets_ds_form %}
-        <button
-            type="submit"
-            class="usa-button usa-modal__close"
-            aria-label="Close this window"
-            id="btn-cancel-click-close-button"
-            data-close-modal
-        >
-            <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
-                <use xlink:href="{%static 'img/sprite.svg'%}#close"></use>
-            </svg>
-        </button>
-    {% else %}
-        <button
-            type="button"
-            class="usa-button usa-modal__close"
-            aria-label="Close this window"
-            data-close-modal
-        >
-            <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
-                <use xlink:href="{%static 'img/sprite.svg'%}#close"></use>
-            </svg>
-        </button>
-    {% endif %}
+    <button
+        type="button"
+        class="usa-button usa-modal__close"
+        aria-label="Close this window"
+        data-close-modal
+    >
+        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
+            <use xlink:href="{%static 'img/sprite.svg'%}#close"></use>
+        </svg>
+    </button>
 </div>

From b1e6730d87cf43441cadac3a734521d59b50cd0d Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 10 Mar 2025 19:30:10 -0400
Subject: [PATCH 049/285] added cancel modal

---
 .../assets/src/js/getgov/form-dsdata.js       | 40 ++++++++++++++++---
 src/registrar/templates/domain_dsdata.html    | 16 ++++++++
 2 files changed, 51 insertions(+), 5 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov/form-dsdata.js b/src/registrar/assets/src/js/getgov/form-dsdata.js
index e9be4135e..a9219ae94 100644
--- a/src/registrar/assets/src/js/getgov/form-dsdata.js
+++ b/src/registrar/assets/src/js/getgov/form-dsdata.js
@@ -107,6 +107,15 @@ export class DSDataForm {
                 this.executeCallback();
             });
         }
+        const cancel_changes_modal = document.getElementById('cancel-changes-modal');
+        if (cancel_changes_modal) {
+            const submitButton = document.getElementById('cancel-changes-click-button');
+            const closeButton = cancel_changes_modal.querySelector('.usa-modal__close');
+            submitButton.addEventListener('click', () => {
+                closeButton.click();
+                this.executeCallback();
+            });
+        }
         const delete_modal = document.getElementById('delete-modal');
         if (delete_modal) {
             const submitButton = document.getElementById('delete-click-button');
@@ -146,7 +155,6 @@ export class DSDataForm {
      */
     handleAddFormClick(event) {
         this.callback = () => {
-            console.log("handleAddFormClick callback");
             // Check if any other edit row is currently visible and hide it
             document.querySelectorAll('tr.edit-row:not(.display-none)').forEach(openEditRow => {
                 this.resetEditRowAndFormAndCollapseEditRow(openEditRow);
@@ -279,7 +287,18 @@ export class DSDataForm {
      * @param {Event} event - Click event
      */
     handleCancelAddFormClick(event) {
-        this.resetAddDSDataForm();
+        this.callback = () => {
+            this.resetAddDSDataForm();
+        }
+        if (this.formChanged) {
+            // Show the cancel changes confirmation modal
+            let modalTrigger = document.querySelector("#cancel_changes_trigger");
+            if (modalTrigger) {
+                modalTrigger.click();
+            }
+        } else {
+            this.executeCallback();
+        }
     }
 
     /**
@@ -295,10 +314,21 @@ export class DSDataForm {
         let cancelButton = event.target;
         // find the closest table row that contains the cancel button
         let editRow = cancelButton.closest('tr');
-        if (editRow) {
-            this.resetEditRowAndFormAndCollapseEditRow(editRow);
+        this.callback = () => {
+            if (editRow) {
+                this.resetEditRowAndFormAndCollapseEditRow(editRow);
+            } else {
+                console.warn("Expected DOM element but did not find it");
+            }
+        }
+        if (this.formChanged) {
+            // Show the cancel changes confirmation modal
+            let modalTrigger = document.querySelector("#cancel_changes_trigger");
+            if (modalTrigger) {
+                modalTrigger.click();
+            }
         } else {
-            console.warn("Expected DOM element but did not find it");
+            this.executeCallback();
         }
     }
 
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 14b8ad519..42c94c9f5 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -331,6 +331,22 @@
     {% include 'includes/modal.html' with modal_heading="Are you sure you want to continue?" modal_description="You have unsaved changes that will be lost." modal_button_id="unsaved-changes-click-button" modal_button_text="Continue without saving" cancel_button_text="Go back" %}
   </div>
 
+  <a
+    id="cancel_changes_trigger"
+    href="#cancel-changes-modal"
+    class="usa-button usa-button--outline margin-top-1 display-none"
+    aria-controls="cancel-changes-modal"
+    data-open-modal
+    >Trigger cancel changes modal</a>
+  <div 
+    class="usa-modal"
+    id="cancel-changes-modal"
+    aria-labelledby="Are you sure you want to cancel your changes?"
+    aria-describedby="This action cannot be undone."
+  >
+    {% include 'includes/modal.html' with modal_heading="Are you sure you want to cancel your changes?" modal_description="This action cannot be undone." modal_button_id="cancel-changes-click-button" modal_button_text="Yes, cancel" cancel_button_text="Go back" %}
+  </div>
+
   <a
     id="delete_trigger"
     href="#delete-modal"

From a233420af9e0c2678a52e7fbec75e65dfd50ccd4 Mon Sep 17 00:00:00 2001
From: Rebecca Hsieh <rebecca.hsieh@truss.works>
Date: Mon, 10 Mar 2025 17:19:56 -0700
Subject: [PATCH 050/285] Add in documentation and updated code

---
 docs/developer/README.md                     | 12 +++++++
 src/registrar/forms/domain_request_wizard.py |  5 ---
 src/registrar/models/domain.py               | 18 +++++-----
 src/registrar/views/domain_request.py        | 37 +-------------------
 4 files changed, 22 insertions(+), 50 deletions(-)

diff --git a/docs/developer/README.md b/docs/developer/README.md
index 46194bd70..e89a7ad0e 100644
--- a/docs/developer/README.md
+++ b/docs/developer/README.md
@@ -207,6 +207,18 @@ Linters:
 docker-compose exec app ./manage.py lint
 ```
 
+### Get availability for domain requests to work locally
+
+If you're on local (localhost:8080) and want to submit a domain request, and keep getting the "We’re experiencing a system error. Please wait a few minutes and try again. If you continue to get this error, contact help@get.gov." error, you can get past the availability check by updating the available() function in registrar/models/domain.py to return True and comment everything else out - see below for reference!
+
+```
+@classmethod
+def available(cls, domain: str) -> bool:
+  # Comment everything else out in the function
+  return True 
+```
+
+
 ### Testing behind logged in pages
 
 To test behind logged in pages with external tools, like `pa11y-ci` or `OWASP Zap`, add
diff --git a/src/registrar/forms/domain_request_wizard.py b/src/registrar/forms/domain_request_wizard.py
index 0ca74dacc..ba72078b0 100644
--- a/src/registrar/forms/domain_request_wizard.py
+++ b/src/registrar/forms/domain_request_wizard.py
@@ -83,16 +83,13 @@ class RequestingEntityForm(RegistrarForm):
         Overrides RegistrarForm method in order to set sub_organization to 'other'
         on GETs of the RequestingEntityForm."""
         if obj is None:
-            print("!!!! FROM_DATABASE receive a NONE object")
             return {}
         # get the domain request as a dict, per usual method
         domain_request_dict = {name: getattr(obj, name) for name in cls.declared_fields.keys()}  # type: ignore
-        print(f"**** FROM_DATABASE BEFORE modification: {domain_request_dict}")
         # set sub_organization to 'other' if is_requesting_new_suborganization is True
         if isinstance(obj, DomainRequest) and obj.is_requesting_new_suborganization():
             domain_request_dict["sub_organization"] = "other"
 
-        print(f"***** FROM_DATABASE: AFTER modification: {domain_request_dict}")
         return domain_request_dict
 
     def clean_sub_organization(self):
@@ -165,7 +162,6 @@ class RequestingEntityForm(RegistrarForm):
     def clean(self):
         """Custom clean implementation to handle our desired logic flow for suborganization."""
         cleaned_data = super().clean()
-        print(f"**** CLEAN: data before: {cleaned_data}")
 
         # Get the cleaned data
         suborganization = cleaned_data.get("sub_organization")
@@ -193,7 +189,6 @@ class RequestingEntityForm(RegistrarForm):
         elif not self.data and getattr(self, "_original_suborganization", None) == "other":
             self.cleaned_data["sub_organization"] = self._original_suborganization
 
-        print(f"**** CLEAN: clean data after: {cleaned_data}")
         return cleaned_data
 
 
diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index cb241db52..01ed246ac 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -245,16 +245,16 @@ class Domain(TimeStampedModel, DomainHelper):
         is called in the validate function on the request/domain page
 
         throws- RegistryError or InvalidDomainError"""
-        return True
-        # if not cls.string_could_be_domain(domain):
-        #     logger.warning("Not a valid domain: %s" % str(domain))
-        #     # throw invalid domain error so that it can be caught in
-        #     # validate_and_handle_errors in domain_helper
-        #     raise errors.InvalidDomainError()
 
-        # domain_name = domain.lower()
-        # req = commands.CheckDomain([domain_name])
-        # return registry.send(req, cleaned=True).res_data[0].avail
+        if not cls.string_could_be_domain(domain):
+            logger.warning("Not a valid domain: %s" % str(domain))
+            # throw invalid domain error so that it can be caught in
+            # validate_and_handle_errors in domain_helper
+            raise errors.InvalidDomainError()
+
+        domain_name = domain.lower()
+        req = commands.CheckDomain([domain_name])
+        return registry.send(req, cleaned=True).res_data[0].avail
 
     @classmethod
     def registered(cls, domain: str) -> bool:
diff --git a/src/registrar/views/domain_request.py b/src/registrar/views/domain_request.py
index dda309fa8..77457beea 100644
--- a/src/registrar/views/domain_request.py
+++ b/src/registrar/views/domain_request.py
@@ -206,39 +206,30 @@ class DomainRequestWizard(TemplateView):
         else:
             raise ValueError("Invalid value for User")
 
-        print("****** LINE ABOVE ******")
         if self.has_pk():
             try:
                 self._domain_request = DomainRequest.objects.get(
                     creator=creator,
                     pk=self.kwargs.get("domain_request_pk"),
                 )
-                print(f"@@@@ Retrieved existing DomainRequest: {self._domain_request}")
                 return self._domain_request
             except DomainRequest.DoesNotExist:
                 logger.debug("DomainRequest id %s did not have a DomainRequest" % self.kwargs.get("domain_request_pk"))
 
-        print("****** LINE BELOW ******")
         # If a user is creating a request, we assume that perms are handled upstream
         if self.request.user.is_org_user(self.request):
             portfolio = self.request.session.get("portfolio")
-            print(f"@@@@ User is an org user. Portfolio retrieved: {portfolio}")
             self._domain_request = DomainRequest.objects.create(
                 creator=self.request.user,
                 portfolio=portfolio,
             )
-            print(f"@@@@ New DomainRequest created: {self._domain_request}")
             # Question for reviewers: we should probably be doing this right?
             if portfolio and not self._domain_request.generic_org_type:
-                print(f"@@@@ Set generic_org_type to {portfolio.organization_type}")
                 self._domain_request.generic_org_type = portfolio.organization_type
                 self._domain_request.save()
-                print(f"@@@@ Updated DomainRequest: {self._domain_request}")
         else:
             # Should not see this statement wanyway bc we are creating w portfolio
-            print("XXXX User is not an org user - create domain request w/o portfolio")
             self._domain_request = DomainRequest.objects.create(creator=self.request.user)
-            print(f"XXXX New DomainRequest created for non-org user: {self._domain_request}")
         return self._domain_request
 
     @property
@@ -265,11 +256,8 @@ class DomainRequestWizard(TemplateView):
 
     def done(self):
         """Called when the user clicks the submit button, if all forms are valid."""
-        print("***** DONE: Submitting")
         self.domain_request.submit()  # change the status to submitted
-        print("***** DONE: Saving")
         self.domain_request.save()
-        print(f"***** DONE Finished saving, domain request is {self.domain_request}")
         logger.debug("Domain Request object saved: %s", self.domain_request.id)
         return redirect(reverse(f"{self.URL_NAMESPACE}:finished"))
 
@@ -452,14 +440,6 @@ class DomainRequestWizard(TemplateView):
 
     def get_context_data(self):
         """Define context for access on all wizard pages."""
-        print("in get_context_data")
-        # current_url = self.request.get_full_path()
-        # print("current_url is", current_url)
-        # print("reverse", reverse(f"{self.URL_NAMESPACE}:finished"))
-        # if current_url == reverse(f"{self.URL_NAMESPACE}:finished"):
-        #     return None
-
-        # print("past the check")
         requested_domain_name = None
         if self.domain_request.requested_domain is not None:
             requested_domain_name = self.domain_request.requested_domain.name
@@ -532,11 +512,9 @@ class DomainRequestWizard(TemplateView):
 
         forms = self.get_forms(use_post=True)
         if self.is_valid(forms):
-            print("YYYYY should come into here bc it's valid")
             # always save progress
             self.save(forms)
         else:
-            print("XXXXXX should not come into here to call get context data again bc it's valid")
             context = self.get_context_data()
             context["forms"] = forms
             return render(request, self.template_name, context)
@@ -616,18 +594,7 @@ class RequestingEntity(DomainRequestWizard):
                     "suborganization_state_territory": None,
                 }
             )
-        print("!!!!! DomainRequest Instance:", self.domain_request)
-        print("!!!!! Cleaned Data for RequestingEntityForm:", requesting_entity_form.cleaned_data)
-        print("!!!!! Suborganization Data Before Submit: Requested:", cleaned_data.get("requested_suborganization"))
-        print("!!!!! City:", cleaned_data.get("suborganization_city"))
-        print("!!!!! State/Territory:", cleaned_data.get("suborganization_state_territory"))
-        print("$$$$$ DomainRequest before form save:", self.domain_request)
-        print("$$$$$ forms is", forms)
-        # So maybe bc it's saving 2 forms, one actually gets saved and the other becomes a draft?
-        # super().save(forms[0])
         super().save(forms)
-        print("$$$$$ After super().save() called, domain request instance:", self.domain_request)
-        # super().save(forms)
 
 
 class PortfolioAdditionalDetails(DomainRequestWizard):
@@ -849,11 +816,9 @@ class Finished(DomainRequestWizard):
     forms = []  # type: ignore
 
     def get(self, request, *args, **kwargs):
-        context = self.get_context_data()
-        context["domain_request_id"] = self.domain_request.id
         # clean up this wizard session, because we are done with it
         del self.storage
-        return render(self.request, self.template_name, context)
+        return render(self.request, self.template_name)
 
 
 @grant_access(IS_DOMAIN_REQUEST_CREATOR, HAS_PORTFOLIO_DOMAIN_REQUESTS_EDIT)

From ca06625c14453d4b12e4849e491bff2ded89b509 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 11 Mar 2025 08:46:51 -0600
Subject: [PATCH 051/285] Test disclose settings

---
 src/registrar/models/domain.py | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 9a54adb0d..fede6c96d 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1676,15 +1676,17 @@ class Domain(TimeStampedModel, DomainHelper):
         """creates a disclose object that can be added to a contact Create using
         .disclose= <this function> on the command before sending.
         if item is security email then make sure email is visible"""
-        is_security = contact.contact_type == contact.ContactTypeChoices.SECURITY
         DF = epp.DiscloseField
-        fields = {DF.EMAIL}
-
-        hidden_security_emails = [email for email in DefaultEmail]
-        disclose = is_security and contact.email not in hidden_security_emails
-        # Delete after testing on other devices
+        fields = {}
+        disclose = False
+        match contact.contact_type:
+            case contact.ContactTypeChoices.SECURITY:
+                fields = {DF.EMAIL}
+                disclose = True
+            case contact.ContactTypeChoices.ADMINISTRATIVE:
+                fields = {DF.EMAIL, DF.VOICE, DF.ADDR}
+                disclose = True
         logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose)
-        # Will only disclose DF.EMAIL if its not the default
         return epp.Disclose(
             flag=disclose,
             fields=fields,

From 705f1d6614c0d54077bbc86a965c773395096813 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 11 Mar 2025 10:58:50 -0400
Subject: [PATCH 052/285] added cancel modal to nameservers page

---
 .../assets/src/js/getgov/form-nameservers.js  | 39 +++++++++++++++++--
 .../templates/domain_nameservers.html         | 16 ++++++++
 2 files changed, 51 insertions(+), 4 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov/form-nameservers.js b/src/registrar/assets/src/js/getgov/form-nameservers.js
index 57b868d70..75a35f35b 100644
--- a/src/registrar/assets/src/js/getgov/form-nameservers.js
+++ b/src/registrar/assets/src/js/getgov/form-nameservers.js
@@ -176,6 +176,15 @@ export class NameserverForm {
                 this.executeCallback();
             });
         }
+        const cancel_changes_modal = document.getElementById('cancel-changes-modal');
+        if (cancel_changes_modal) {
+            const submitButton = document.getElementById('cancel-changes-click-button');
+            const closeButton = cancel_changes_modal.querySelector('.usa-modal__close');
+            submitButton.addEventListener('click', () => {
+                closeButton.click();
+                this.executeCallback();
+            });
+        }
         const delete_modal = document.getElementById('delete-modal');
         if (delete_modal) {
             const submitButton = document.getElementById('delete-click-button');
@@ -338,7 +347,18 @@ export class NameserverForm {
      * @param {Event} event - Click event
      */
     handleCancelAddFormClick(event) {
-        this.resetAddNameserversForm();
+        this.callback = () => {
+            this.resetAddNameserversForm();
+        }
+        if (this.formChanged) {
+            // Show the cancel changes confirmation modal
+            let modalTrigger = document.querySelector("#cancel_changes_trigger");
+            if (modalTrigger) {
+                modalTrigger.click();
+            }
+        } else {
+            this.executeCallback();
+        }
     }
 
     /**
@@ -354,10 +374,21 @@ export class NameserverForm {
         let cancelButton = event.target;
         // find the closest table row that contains the cancel button
         let editRow = cancelButton.closest('tr');
-        if (editRow) {
-            this.resetEditRowAndFormAndCollapseEditRow(editRow);
+        this.callback = () => {
+            if (editRow) {
+                this.resetEditRowAndFormAndCollapseEditRow(editRow);
+            } else {
+                console.warn("Expected DOM element but did not find it");
+            }
+        }
+        if (this.formChanged) {
+            // Show the cancel changes confirmation modal
+            let modalTrigger = document.querySelector("#cancel_changes_trigger");
+            if (modalTrigger) {
+                modalTrigger.click();
+            }
         } else {
-            console.warn("Expected DOM element but did not find it");
+            this.executeCallback();
         }
     }
 
diff --git a/src/registrar/templates/domain_nameservers.html b/src/registrar/templates/domain_nameservers.html
index bd8216d05..b6314ea5f 100644
--- a/src/registrar/templates/domain_nameservers.html
+++ b/src/registrar/templates/domain_nameservers.html
@@ -309,6 +309,22 @@
   >
     {% include 'includes/modal.html' with modal_heading="Are you sure you want to continue?" modal_description="You have unsaved changes that will be lost." modal_button_id="unsaved-changes-click-button" modal_button_text="Continue without saving" cancel_button_text="Go back" %}
   </div>
+  
+  <a
+    id="cancel_changes_trigger"
+    href="#cancel-changes-modal"
+    class="usa-button usa-button--outline margin-top-1 display-none"
+    aria-controls="cancel-changes-modal"
+    data-open-modal
+    >Trigger cancel changes modal</a>
+  <div 
+    class="usa-modal"
+    id="cancel-changes-modal"
+    aria-labelledby="Are you sure you want to cancel your changes?"
+    aria-describedby="This action cannot be undone."
+  >
+    {% include 'includes/modal.html' with modal_heading="Are you sure you want to cancel your changes?" modal_description="This action cannot be undone." modal_button_id="cancel-changes-click-button" modal_button_text="Yes, cancel" cancel_button_text="Go back" %}
+  </div>
 
   <a
     id="delete_trigger"

From f2277694de22adead2be8fa48116df512c76fe92 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 11 Mar 2025 12:00:16 -0400
Subject: [PATCH 053/285] button click interaction and helper text in form

---
 .../assets/src/js/getgov/form-dsdata.js       |  5 +++
 src/registrar/templates/domain_dsdata.html    | 34 +++++++++++++------
 2 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov/form-dsdata.js b/src/registrar/assets/src/js/getgov/form-dsdata.js
index a9219ae94..a8c022056 100644
--- a/src/registrar/assets/src/js/getgov/form-dsdata.js
+++ b/src/registrar/assets/src/js/getgov/form-dsdata.js
@@ -166,6 +166,11 @@ export class DSDataForm {
                 }
                 // show add ds data form
                 showElement(this.addDSDataForm);
+                // focus on key tag in the form
+                let keyTagInput = this.addDSDataForm.querySelector('input[name$="-key_tag"]');
+                if (keyTagInput) {
+                    keyTagInput.focus();
+                }
             }
         };
         if (this.formChanged) {
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 42c94c9f5..e419a03b4 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -76,8 +76,10 @@
             <div class="repeatable-form">
               <div class="grid-row grid-gap-2 flex-end">
                 <div class="tablet:grid-col-4">
-                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
-                    {% input_with_errors form.key_tag %}
+                  {% with sublabel_text="Numbers (0-9) only." %}
+                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                      {% input_with_errors form.key_tag %}
+                    {% endwith %}
                   {% endwith %}
                 </div>
                 <div class="tablet:grid-col-4">
@@ -94,8 +96,10 @@
         
               <div class="grid-row">
                 <div class="grid-col">
-                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
-                    {% input_with_errors form.digest %}
+                  {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
+                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                      {% input_with_errors form.digest %}
+                    {% endwith %}
                   {% endwith %}
                 </div>
               </div>
@@ -197,7 +201,7 @@
                           type="button" 
                           class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary dsdata-delete-kebab"
                           name="btn-delete-kebab-click"
-                          aria-label="Delete the DS record from the registry"
+                          aria-label="Delete DS record {{ forloop.counter }} from the registry"
                         >
                           Delete
                         </button>
@@ -209,9 +213,11 @@
               <!-- Edit row -->
               <tr class="edit-row display-none">
                 <td class="text-bottom">
-                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                  {% with sublabel_text="Numbers (0-9) only." %}
+                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
                       {% input_with_errors form.key_tag %}
                     {% endwith %}
+                  {% endwith %}
                 </td>
                 <td class="text-bottom">
                   {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
@@ -224,9 +230,11 @@
                     {% endwith %}
                 </td>
                 <td class="text-bottom">
-                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                  {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
+                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
                       {% input_with_errors form.digest %}
                     {% endwith %}
+                  {% endwith %}
                 </td>
                 <td class="padding-right-0 text-bottom">
                   <button class="usa-button usa-button--unstyled display-block margin-top-1" type="submit">Save</button>
@@ -271,8 +279,10 @@
         <div class="repeatable-form">
           <div class="grid-row grid-gap-2 flex-end">
             <div class="tablet:grid-col-4">
-              {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
-                {% input_with_errors form.key_tag %}
+              {% with sublabel_text="Numbers (0-9) only." %}
+                {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                  {% input_with_errors form.key_tag %}
+                {% endwith %}
               {% endwith %}
             </div>
             <div class="tablet:grid-col-4">
@@ -289,8 +299,10 @@
     
           <div class="grid-row">
             <div class="grid-col">
-              {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
-                {% input_with_errors form.digest %}
+              {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
+                {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                  {% input_with_errors form.digest %}
+                {% endwith %}
               {% endwith %}
             </div>
           </div>

From 7c42ed958b4dc58f28d5290d349bc90d5e666b3f Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 11 Mar 2025 11:32:50 -0600
Subject: [PATCH 054/285] cleanup

---
 src/registrar/models/public_contact.py             | 8 ++++----
 src/registrar/templates/domain_security_email.html | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/registrar/models/public_contact.py b/src/registrar/models/public_contact.py
index 6a0228a7b..6c123474d 100644
--- a/src/registrar/models/public_contact.py
+++ b/src/registrar/models/public_contact.py
@@ -99,7 +99,7 @@ class PublicContact(TimeStampedModel):
             sp="VA",
             pc="22201",
             cc="US",
-            email=DefaultEmail.PUBLIC_CONTACT_DEFAULT.value,
+            email=DefaultEmail.PUBLIC_CONTACT_DEFAULT,
             voice="+1.8882820870",
             pw="thisisnotapassword",
         )
@@ -116,7 +116,7 @@ class PublicContact(TimeStampedModel):
             sp="VA",
             pc="22201",
             cc="US",
-            email=DefaultEmail.PUBLIC_CONTACT_DEFAULT.value,
+            email=DefaultEmail.PUBLIC_CONTACT_DEFAULT,
             voice="+1.8882820870",
             pw="thisisnotapassword",
         )
@@ -133,7 +133,7 @@ class PublicContact(TimeStampedModel):
             sp="VA",
             pc="22201",
             cc="US",
-            email=DefaultEmail.PUBLIC_CONTACT_DEFAULT.value,
+            email=DefaultEmail.PUBLIC_CONTACT_DEFAULT,
             voice="+1.8882820870",
             pw="thisisnotapassword",
         )
@@ -150,7 +150,7 @@ class PublicContact(TimeStampedModel):
             sp="VA",
             pc="22201",
             cc="US",
-            email=DefaultEmail.PUBLIC_CONTACT_DEFAULT.value,
+            email=DefaultEmail.PUBLIC_CONTACT_DEFAULT,
             voice="+1.8882820870",
             pw="thisisnotapassword",
         )
diff --git a/src/registrar/templates/domain_security_email.html b/src/registrar/templates/domain_security_email.html
index e74ecf709..662eec152 100644
--- a/src/registrar/templates/domain_security_email.html
+++ b/src/registrar/templates/domain_security_email.html
@@ -40,7 +40,7 @@
     <button
       type="submit"
       class="usa-button"
-    >{% if form.security_email.value is None or form.security_email.value == "dotgov@cisa.dhs.gov" or form.security_email.value == "registrar@dotgov.gov"%}Add security email{% else %}Save{% endif %}</button>
+    >{% if form.security_email.value is None or form.security_email.value == "dotgov@cisa.dhs.gov" or form.security_email.value == "registrar@dotgov.gov" or form.security_email.value == "help@get.gov" %}Add security email{% else %}Save{% endif %}</button>
   </form>
 
 {% endblock %}  {# domain_content #}

From 85f85d013ed5fe5c62d390b88afede1effe5f1be Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 11 Mar 2025 12:09:45 -0600
Subject: [PATCH 055/285] Update domain.py

---
 src/registrar/models/domain.py | 39 ++++++++++++++++++++++------------
 1 file changed, 25 insertions(+), 14 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index fede6c96d..c5af4ef0a 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1677,20 +1677,31 @@ class Domain(TimeStampedModel, DomainHelper):
         .disclose= <this function> on the command before sending.
         if item is security email then make sure email is visible"""
         DF = epp.DiscloseField
-        fields = {}
-        disclose = False
-        match contact.contact_type:
-            case contact.ContactTypeChoices.SECURITY:
-                fields = {DF.EMAIL}
-                disclose = True
-            case contact.ContactTypeChoices.ADMINISTRATIVE:
-                fields = {DF.EMAIL, DF.VOICE, DF.ADDR}
-                disclose = True
-        logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose)
-        return epp.Disclose(
-            flag=disclose,
-            fields=fields,
-        )
+        contact_disclose_map = {
+            contact.ContactTypeChoices.SECURITY: {
+                "fields": [DF.EMAIL],
+                "disclose": True
+            },
+            contact.ContactTypeChoices.ADMINISTRATIVE: {
+                "fields": [DF.EMAIL, DF.VOICE, DF.ADDR],
+                "types": {DF.ADDR: "loc"},
+                "disclose": True
+            },
+            contact.ContactTypeChoices.REGISTRANT: {
+                "fields": [],
+                "disclose": False,
+            },
+            contact.ContactTypeChoices.TECHNICAL: {
+                "fields": [],
+                "disclose": False,
+            }
+        }
+        if contact.contact_type not in contact_disclose_map:
+            raise ValueError(f"_disclose_fields => Invalid or misconfigured contact type '{contact.contact_type}'")
+
+        disclose_config = contact_disclose_map.get(contact.contact_type, {"fields": [], "disclose": False})
+        logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose_config.get("disclose"))
+        return epp.Disclose(**disclose_config)
 
     def _make_epp_contact_postal_info(self, contact: PublicContact):  # type: ignore
         return epp.PostalInfo(  # type: ignore

From 6cc477985cd4e5db1769ab828d4a798620fb0abc Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 11 Mar 2025 12:21:46 -0600
Subject: [PATCH 056/285] Update domain.py

---
 src/registrar/models/domain.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index c5af4ef0a..21da23405 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1676,31 +1676,32 @@ class Domain(TimeStampedModel, DomainHelper):
         """creates a disclose object that can be added to a contact Create using
         .disclose= <this function> on the command before sending.
         if item is security email then make sure email is visible"""
+        # Helpful Note: 'flag' is what toggles disclosure
         DF = epp.DiscloseField
         contact_disclose_map = {
             contact.ContactTypeChoices.SECURITY: {
                 "fields": [DF.EMAIL],
-                "disclose": True
+                "flag": True
             },
             contact.ContactTypeChoices.ADMINISTRATIVE: {
                 "fields": [DF.EMAIL, DF.VOICE, DF.ADDR],
                 "types": {DF.ADDR: "loc"},
-                "disclose": True
+                "flag": True
             },
             contact.ContactTypeChoices.REGISTRANT: {
                 "fields": [],
-                "disclose": False,
+                "flag": False,
             },
             contact.ContactTypeChoices.TECHNICAL: {
                 "fields": [],
-                "disclose": False,
+                "flag": False,
             }
         }
         if contact.contact_type not in contact_disclose_map:
             raise ValueError(f"_disclose_fields => Invalid or misconfigured contact type '{contact.contact_type}'")
 
-        disclose_config = contact_disclose_map.get(contact.contact_type, {"fields": [], "disclose": False})
-        logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose_config.get("disclose"))
+        disclose_config = contact_disclose_map.get(contact.contact_type, {"fields": [], "flag": False})
+        logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose_config.get("flag"))
         return epp.Disclose(**disclose_config)
 
     def _make_epp_contact_postal_info(self, contact: PublicContact):  # type: ignore

From fa7e69251d64332986935bfdfc5f97add9549408 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 11 Mar 2025 12:22:37 -0600
Subject: [PATCH 057/285] cleanup part 2

---
 src/registrar/models/domain.py | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 21da23405..a92823788 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1688,18 +1688,7 @@ class Domain(TimeStampedModel, DomainHelper):
                 "types": {DF.ADDR: "loc"},
                 "flag": True
             },
-            contact.ContactTypeChoices.REGISTRANT: {
-                "fields": [],
-                "flag": False,
-            },
-            contact.ContactTypeChoices.TECHNICAL: {
-                "fields": [],
-                "flag": False,
-            }
         }
-        if contact.contact_type not in contact_disclose_map:
-            raise ValueError(f"_disclose_fields => Invalid or misconfigured contact type '{contact.contact_type}'")
-
         disclose_config = contact_disclose_map.get(contact.contact_type, {"fields": [], "flag": False})
         logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose_config.get("flag"))
         return epp.Disclose(**disclose_config)

From d5c5007b349d1776114fb0cf18d9b0f48426c099 Mon Sep 17 00:00:00 2001
From: Rebecca Hsieh <rebecca.hsieh@truss.works>
Date: Tue, 11 Mar 2025 11:41:04 -0700
Subject: [PATCH 058/285] Remove comment

---
 docs/developer/README.md              | 1 -
 src/registrar/views/domain_request.py | 2 --
 2 files changed, 3 deletions(-)

diff --git a/docs/developer/README.md b/docs/developer/README.md
index e89a7ad0e..0629bb124 100644
--- a/docs/developer/README.md
+++ b/docs/developer/README.md
@@ -218,7 +218,6 @@ def available(cls, domain: str) -> bool:
   return True 
 ```
 
-
 ### Testing behind logged in pages
 
 To test behind logged in pages with external tools, like `pa11y-ci` or `OWASP Zap`, add
diff --git a/src/registrar/views/domain_request.py b/src/registrar/views/domain_request.py
index 77457beea..6780f48ef 100644
--- a/src/registrar/views/domain_request.py
+++ b/src/registrar/views/domain_request.py
@@ -21,7 +21,6 @@ from registrar.models.contact import Contact
 from registrar.models.user import User
 from registrar.views.utility import StepsHelper
 from registrar.utility.enums import Step, PortfolioDomainRequestStep
-from registrar.models.utility.generic_helper import get_url_name
 
 logger = logging.getLogger(__name__)
 
@@ -228,7 +227,6 @@ class DomainRequestWizard(TemplateView):
                 self._domain_request.generic_org_type = portfolio.organization_type
                 self._domain_request.save()
         else:
-            # Should not see this statement wanyway bc we are creating w portfolio
             self._domain_request = DomainRequest.objects.create(creator=self.request.user)
         return self._domain_request
 

From 2644839e9a5788de389064755b76646122e1da4d Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Tue, 11 Mar 2025 14:15:50 -0500
Subject: [PATCH 059/285] tests and requirements form

---
 src/registrar/forms/domain_request_wizard.py  |  23 ++++
 .../domainrequestwizard/additional_details.py |  85 --------------
 .../purpose.py => feb.py}                     | 105 ++++++++++++++----
 ...142_domainrequest_eop_contact_and_more.py} |   4 +-
 .../domain_request_requirements.html          |  31 +++++-
 src/registrar/tests/test_views_request.py     |  24 ++++
 src/registrar/views/domain_request.py         |  46 ++++++--
 7 files changed, 191 insertions(+), 127 deletions(-)
 delete mode 100644 src/registrar/forms/domainrequestwizard/additional_details.py
 rename src/registrar/forms/{domainrequestwizard/purpose.py => feb.py} (53%)
 rename src/registrar/migrations/{0143_domainrequest_feb_eop_contact_and_more.py => 0142_domainrequest_eop_contact_and_more.py} (84%)

diff --git a/src/registrar/forms/domain_request_wizard.py b/src/registrar/forms/domain_request_wizard.py
index 4e7182843..9192153b7 100644
--- a/src/registrar/forms/domain_request_wizard.py
+++ b/src/registrar/forms/domain_request_wizard.py
@@ -885,6 +885,28 @@ class CisaRepresentativeYesNoForm(BaseYesNoForm):
     field_name = "has_cisa_representative"
 
 
+class PurposeDetailsForm(BaseDeletableRegistrarForm):
+
+    field_name = "purpose"
+
+    purpose = forms.CharField(
+        label="Purpose",
+        widget=forms.Textarea(
+            attrs={
+                "aria-label": "What is the purpose of your requested domain? Describe how you’ll use your .gov domain. \
+                Will it be used for a website, email, or something else?"
+            }
+        ),
+        validators=[
+            MaxLengthValidator(
+                2000,
+                message="Response must be less than 2000 characters.",
+            )
+        ],
+        error_messages={"required": "Describe how you’ll use the .gov domain you’re requesting."},
+    )
+
+
 class AnythingElseForm(BaseDeletableRegistrarForm):
     anything_else = forms.CharField(
         required=True,
@@ -934,6 +956,7 @@ class AnythingElseYesNoForm(BaseYesNoForm):
 
 
 class RequirementsForm(RegistrarForm):
+
     is_policy_acknowledged = forms.BooleanField(
         label="I read and agree to the requirements for operating a .gov domain.",
         error_messages={
diff --git a/src/registrar/forms/domainrequestwizard/additional_details.py b/src/registrar/forms/domainrequestwizard/additional_details.py
deleted file mode 100644
index 8ae0629d5..000000000
--- a/src/registrar/forms/domainrequestwizard/additional_details.py
+++ /dev/null
@@ -1,85 +0,0 @@
-from django import forms
-from django.core.validators import MaxLengthValidator
-from registrar.forms.utility.wizard_form_helper import BaseDeletableRegistrarForm, BaseYesNoForm
-from registrar.models.contact import Contact
-
-
-class WorkingWithEOPYesNoForm(BaseDeletableRegistrarForm, BaseYesNoForm):
-    """
-    Form for determining if the Federal Executive Branch (FEB) agency is working with the
-    Executive Office of the President (EOP) on the domain request.
-    """
-
-    field_name = "working_with_eop"
-
-    @property
-    def form_is_checked(self):
-        """
-        Determines the initial checked state of the form based on the domain_request's attributes.
-        """
-        return self.domain_request.working_with_eop
-
-
-class EOPContactForm(BaseDeletableRegistrarForm):
-    """
-    Form for contact information of the representative of the
-    Executive Office of the President (EOP) that the Federal
-    Executive Branch (FEB) agency is working with.
-    """
-
-    field_name = "eop_contact"
-
-    first_name = forms.CharField(
-        label="First name / given name",
-        error_messages={"required": "Enter the first name / given name of this contact."},
-        required=True,
-    )
-    last_name = forms.CharField(
-        label="Last name / family name",
-        error_messages={"required": "Enter the last name / family name of this contact."},
-        required=True,
-    )
-    email = forms.EmailField(
-        label="Email",
-        max_length=None,
-        error_messages={
-            "required": ("Enter an email address in the required format, like name@example.com."),
-            "invalid": ("Enter an email address in the required format, like name@example.com."),
-        },
-        validators=[
-            MaxLengthValidator(
-                320,
-                message="Response must be less than 320 characters.",
-            )
-        ],
-        required=True,
-        help_text="Enter an email address in the required format, like name@example.com.",
-    )
-
-    @classmethod
-    def from_database(cls, obj):
-        # if not obj.eop_contact:
-        #     return {}
-        # return {
-        #     "first_name": obj.feb_eop_contact.first_name,
-        #     "last_name": obj.feb_eop_contact.last_name,
-        #     "email": obj.feb_eop_contact.email,
-        # }
-        return {}
-
-    def to_database(self, obj):
-        if not self.is_valid():
-            return
-        obj.eop_contact = Contact.objects.create(
-            first_name=self.cleaned_data["first_name"],
-            last_name=self.cleaned_data["last_name"],
-            email=self.cleaned_data["email"],
-        )
-        obj.save()
-
-
-class FEBAnythingElseYesNoForm(BaseYesNoForm, BaseDeletableRegistrarForm):
-    """Yes/no toggle for the anything else question on additional details"""
-
-    form_is_checked = property(lambda self: self.domain_request.has_anything_else_text)  # type: ignore
-    field_name = "has_anything_else_text"
diff --git a/src/registrar/forms/domainrequestwizard/purpose.py b/src/registrar/forms/feb.py
similarity index 53%
rename from src/registrar/forms/domainrequestwizard/purpose.py
rename to src/registrar/forms/feb.py
index 43dd62290..839a659e6 100644
--- a/src/registrar/forms/domainrequestwizard/purpose.py
+++ b/src/registrar/forms/feb.py
@@ -1,7 +1,7 @@
 from django import forms
 from django.core.validators import MaxLengthValidator
 from registrar.forms.utility.wizard_form_helper import BaseDeletableRegistrarForm, BaseYesNoForm
-
+from registrar.models.contact import Contact
 
 class FEBPurposeOptionsForm(BaseDeletableRegistrarForm):
 
@@ -24,28 +24,6 @@ class FEBPurposeOptionsForm(BaseDeletableRegistrarForm):
     )
 
 
-class PurposeDetailsForm(BaseDeletableRegistrarForm):
-
-    field_name = "purpose"
-
-    purpose = forms.CharField(
-        label="Purpose",
-        widget=forms.Textarea(
-            attrs={
-                "aria-label": "What is the purpose of your requested domain? Describe how you’ll use your .gov domain. \
-                Will it be used for a website, email, or something else?"
-            }
-        ),
-        validators=[
-            MaxLengthValidator(
-                2000,
-                message="Response must be less than 2000 characters.",
-            )
-        ],
-        error_messages={"required": "Describe how you’ll use the .gov domain you’re requesting."},
-    )
-
-
 class FEBTimeFrameYesNoForm(BaseDeletableRegistrarForm, BaseYesNoForm):
     """
     Form for determining whether the domain request comes with a target timeframe for launch.
@@ -109,3 +87,84 @@ class FEBInteragencyInitiativeDetailsForm(BaseDeletableRegistrarForm):
         ],
         error_messages={"required": "Name the agencies that will be involved in this initiative."},
     )
+
+
+class WorkingWithEOPYesNoForm(BaseDeletableRegistrarForm, BaseYesNoForm):
+    """
+    Form for determining if the Federal Executive Branch (FEB) agency is working with the
+    Executive Office of the President (EOP) on the domain request.
+    """
+
+    field_name = "working_with_eop"
+
+    @property
+    def form_is_checked(self):
+        """
+        Determines the initial checked state of the form based on the domain_request's attributes.
+        """
+        return self.domain_request.working_with_eop
+
+
+class EOPContactForm(BaseDeletableRegistrarForm):
+    """
+    Form for contact information of the representative of the
+    Executive Office of the President (EOP) that the Federal
+    Executive Branch (FEB) agency is working with.
+    """
+
+    field_name = "eop_contact"
+
+    first_name = forms.CharField(
+        label="First name / given name",
+        error_messages={"required": "Enter the first name / given name of this contact."},
+        required=True,
+    )
+    last_name = forms.CharField(
+        label="Last name / family name",
+        error_messages={"required": "Enter the last name / family name of this contact."},
+        required=True,
+    )
+    email = forms.EmailField(
+        label="Email",
+        max_length=None,
+        error_messages={
+            "required": ("Enter an email address in the required format, like name@example.com."),
+            "invalid": ("Enter an email address in the required format, like name@example.com."),
+        },
+        validators=[
+            MaxLengthValidator(
+                320,
+                message="Response must be less than 320 characters.",
+            )
+        ],
+        required=True,
+        help_text="Enter an email address in the required format, like name@example.com.",
+    )
+
+    @classmethod
+    def from_database(cls, obj):
+        # if not obj.eop_contact:
+        #     return {}
+        # return {
+        #     "first_name": obj.feb_eop_contact.first_name,
+        #     "last_name": obj.feb_eop_contact.last_name,
+        #     "email": obj.feb_eop_contact.email,
+        # }
+        return {}
+
+    def to_database(self, obj):
+        if not self.is_valid():
+            return
+        obj.eop_contact = Contact.objects.create(
+            first_name=self.cleaned_data["first_name"],
+            last_name=self.cleaned_data["last_name"],
+            email=self.cleaned_data["email"],
+        )
+        obj.save()
+
+
+class FEBAnythingElseYesNoForm(BaseYesNoForm, BaseDeletableRegistrarForm):
+    """Yes/no toggle for the anything else question on additional details"""
+
+    form_is_checked = property(lambda self: self.domain_request.has_anything_else_text)  # type: ignore
+    field_name = "has_anything_else_text"
\ No newline at end of file
diff --git a/src/registrar/migrations/0143_domainrequest_feb_eop_contact_and_more.py b/src/registrar/migrations/0142_domainrequest_eop_contact_and_more.py
similarity index 84%
rename from src/registrar/migrations/0143_domainrequest_feb_eop_contact_and_more.py
rename to src/registrar/migrations/0142_domainrequest_eop_contact_and_more.py
index 7001e47d6..f91c02259 100644
--- a/src/registrar/migrations/0143_domainrequest_feb_eop_contact_and_more.py
+++ b/src/registrar/migrations/0142_domainrequest_eop_contact_and_more.py
@@ -1,4 +1,4 @@
-# Generated by Django 4.2.17 on 2025-03-05 15:48
+# Generated by Django 4.2.17 on 2025-03-11 18:10
 
 from django.db import migrations, models
 import django.db.models.deletion
@@ -7,7 +7,7 @@ import django.db.models.deletion
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("registrar", "0142_domainrequest_feb_purpose_choice_and_more"),
+        ("registrar", "0141_domainrequest_feb_naming_requirements_and_more"),
     ]
 
     operations = [
diff --git a/src/registrar/templates/domain_request_requirements.html b/src/registrar/templates/domain_request_requirements.html
index 115c3ee69..761add71a 100644
--- a/src/registrar/templates/domain_request_requirements.html
+++ b/src/registrar/templates/domain_request_requirements.html
@@ -2,6 +2,10 @@
 {% load field_helpers %}
 {% load url_helpers %}
 
+{% block form_required_fields_help_text %}
+{# commented out so it does not appear on this page #}
+{% endblock %}
+
 {% block form_instructions %}
   <p>Please read this page. Check the box at the bottom to show that you agree to the requirements for operating a .gov domain.</p>
 <p>The .gov domain space exists to support a broad diversity of government missions. Generally, we don’t review or audit how government organizations use their registered domains. However, misuse of a .gov domain can reflect upon the integrity of the entire .gov space. There are categories of misuse that are statutorily prohibited or abusive in nature.</p>
@@ -53,19 +57,34 @@
   
   <p>Though a domain may expire, it will not automatically be put on hold or deleted. We’ll make extensive efforts to contact your organization before holding or deleting a domain.</p>
 
-{% endblock %}
+  {% if requires_feb_questions %}
+    <h2>Required and prohibited activities</h2>
+    <h3>Prohibitions on non-governmental use</h3>
 
-{% block form_required_fields_help_text %}
-{# commented out so it does not appear on this page #}
-{% endblock %}
+    <p>Agencies may not use a .gov domain name:
+      <ul class="usa-list"> 
+        <li>On behalf of a non-federal executive branch entity</li>
+        <li>For a non-governmental purpose</li>
+      </ul>
+    </p>
 
-{% block form_fields %}
+    <h3>Compliance with the 21st Century IDEA Act is required</h3>
+    <p>As required by the DOTGOV Act, agencies must ensure 
+      that any website or digital service that uses a .gov 
+      domain name is in compliance with the 
+      <a href="https://digital.gov/resources/delivering-digital-first-public-experience-act/" target="_blank" rel="noopener noreferrer">21st Century Integrated Digital Experience Act</a>.
+      and 
+      <a href="https://bidenwhitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf" target="_blank" rel="noopener noreferrer">Guidance for Agencies</a>.
+    </p>
+    <h2>Acknowledgement of .gov domain requirements</h2>
+    {% input_with_errors forms.0.is_policy_acknowledged %}
+  {% else %}
     <fieldset class="usa-fieldset">
       <legend>
         <h2>Acknowledgement of .gov domain requirements</h2>
       </legend>
 
       {% input_with_errors forms.0.is_policy_acknowledged %}
-
     </fieldset>
+  {% endif %}
 {% endblock %}
diff --git a/src/registrar/tests/test_views_request.py b/src/registrar/tests/test_views_request.py
index 7db89a9e8..08108124c 100644
--- a/src/registrar/tests/test_views_request.py
+++ b/src/registrar/tests/test_views_request.py
@@ -2644,6 +2644,21 @@ class DomainRequestTests(TestWithUser, WebTest):
         additional_details_page = purpose_result.follow()
         self.feb_additional_details_page_tests(additional_details_page)
 
+        additional_details_form = additional_details_page.forms[0]
+        additional_details_form["portfolio_additional_details-working_with_eop"] = "True"
+        additional_details_form["portfolio_additional_details-first_name"] = "Testy"
+        additional_details_form["portfolio_additional_details-last_name"] = "Tester"
+        additional_details_form["portfolio_additional_details-email"] = "testy@town.com"
+        additional_details_form["portfolio_additional_details-has_anything_else_text"] = "True"
+        additional_details_form["portfolio_additional_details-anything_else"] = "test"
+        self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
+        additional_details_result = additional_details_form.submit()
+
+        # ---- REQUIREMENTS PAGE  ----
+        self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
+        requirements_page = additional_details_result.follow()
+        self.feb_requirements_page_tests(requirements_page)
+
     def feb_purpose_page_tests(self, purpose_page):
         self.assertContains(purpose_page, "What is the purpose of your requested domain?")
 
@@ -2701,6 +2716,15 @@ class DomainRequestTests(TestWithUser, WebTest):
         self.assertContains(additional_details_page, "additional_details-has_anything_else_text")
         self.assertContains(additional_details_page, "additional_details-anything_else")
 
+    def feb_requirements_page_tests(self, requirements_page):
+        # Check for the 21st Century IDEA Act links
+        self.assertContains(requirements_page, "https://digital.gov/resources/delivering-digital-first-public-experience-act/")
+        self.assertContains(requirements_page, "https://bidenwhitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf")
+        
+        # Check for the policy acknowledgement form
+        self.assertContains(requirements_page, "is_policy_acknowledged")
+        self.assertContains(requirements_page, "I read and understand the guidance outlined in the DOTGOV Act for operating a .gov domain.")
+
     @less_console_noise_decorator
     def test_domain_request_formsets(self):
         """Users are able to add more than one of some fields."""
diff --git a/src/registrar/views/domain_request.py b/src/registrar/views/domain_request.py
index c62c39179..9250485e0 100644
--- a/src/registrar/views/domain_request.py
+++ b/src/registrar/views/domain_request.py
@@ -15,7 +15,7 @@ from registrar.decorators import (
     grant_access,
 )
 from registrar.forms import domain_request_wizard as forms
-from registrar.forms.domainrequestwizard import (purpose, additional_details)
+from registrar.forms import feb
 from registrar.forms.utility.wizard_form_helper import request_step_list
 from registrar.models import DomainRequest
 from registrar.models.contact import Contact
@@ -183,7 +183,9 @@ class DomainRequestWizard(TemplateView):
         return PortfolioDomainRequestStep if self.is_portfolio else Step
 
     def requires_feb_questions(self) -> bool:
-        return self.domain_request.is_feb() and flag_is_active_for_user(self.request.user, "organization_feature")
+        # TODO: remove this
+        return True
+        # return self.domain_request.is_feb() and flag_is_active_for_user(self.request.user, "organization_feature")
 
     @property
     def prefix(self):
@@ -606,9 +608,9 @@ class PortfolioAdditionalDetails(DomainRequestWizard):
     template_name = "portfolio_domain_request_additional_details.html"
 
     forms = [
-        additional_details.WorkingWithEOPYesNoForm,
-        additional_details.EOPContactForm,
-        additional_details.FEBAnythingElseYesNoForm,
+        feb.WorkingWithEOPYesNoForm,
+        feb.EOPContactForm,
+        feb.FEBAnythingElseYesNoForm,
         forms.PortfolioAnythingElseForm,
     ]
 
@@ -642,6 +644,8 @@ class PortfolioAdditionalDetails(DomainRequestWizard):
             anything_else_forms_valid = False        
         if forms[2].cleaned_data.get("has_anything_else_text"):
             forms[3].fields["anything_else"].required = True
+            forms[3].fields["anything_else"].error_messages["required"] = "Please provide additional details you'd like us to know. \
+                If you have nothing to add, select 'No'."
             anything_else_forms_valid = forms[3].is_valid()        
         return (eop_forms_valid and anything_else_forms_valid)
 
@@ -745,12 +749,12 @@ class Purpose(DomainRequestWizard):
     template_name = "domain_request_purpose.html"
 
     forms = [
-        purpose.FEBPurposeOptionsForm,
-        purpose.PurposeDetailsForm,
-        purpose.FEBTimeFrameYesNoForm,
-        purpose.FEBTimeFrameDetailsForm,
-        purpose.FEBInteragencyInitiativeYesNoForm,
-        purpose.FEBInteragencyInitiativeDetailsForm,
+        feb.FEBPurposeOptionsForm,
+        forms.PurposeDetailsForm,
+        feb.FEBTimeFrameYesNoForm,
+        feb.FEBTimeFrameDetailsForm,
+        feb.FEBInteragencyInitiativeYesNoForm,
+        feb.FEBInteragencyInitiativeDetailsForm,
     ]
 
     def get_context_data(self):
@@ -927,6 +931,25 @@ class Requirements(DomainRequestWizard):
     template_name = "domain_request_requirements.html"
     forms = [forms.RequirementsForm]
 
+    def get_context_data(self):
+        context = super().get_context_data()
+        context["requires_feb_questions"] = self.requires_feb_questions()
+        return context
+
+    # Override the get_forms method to set the policy acknowledgement label conditionally based on feb status
+    def get_forms(self, step=None, use_post=False, use_db=False, files=None):
+        forms_list = super().get_forms(step, use_post, use_db, files)
+        
+        # Pass the is_federal context to the form
+        for form in forms_list:
+            if isinstance(form, forms.RequirementsForm):
+                if self.requires_feb_questions():
+                    form.fields['is_policy_acknowledged'].label = "I read and understand the guidance outlined in the DOTGOV Act for operating a .gov domain." # noqa: E501
+                else:
+                    form.fields['is_policy_acknowledged'].label = "I read and agree to the requirements for operating a .gov domain." # noqa: E501
+                
+        return forms_list
+
 
 class Review(DomainRequestWizard):
     template_name = "domain_request_review.html"
@@ -939,6 +962,7 @@ class Review(DomainRequestWizard):
         context = super().get_context_data()
         context["Step"] = self.get_step_enum().__members__
         context["domain_request"] = self.domain_request
+        context["requires_feb_questions"] = self.requires_feb_questions()
         return context
 
     def goto_next_step(self):

From f60ea28062a15c29df41ed8baafc7fa0ab54d362 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 11 Mar 2025 16:51:13 -0400
Subject: [PATCH 060/285] key tag from number to char field

---
 src/registrar/forms/domain.py   | 24 ++++++++++++++++++------
 src/registrar/utility/errors.py |  3 +++
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index bb87ad119..53517d99e 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -630,14 +630,10 @@ class DomainDsdataForm(forms.Form):
         if not re.match(r"^[0-9a-fA-F]+$", value):
             raise forms.ValidationError(str(DsDataError(code=DsDataErrorCodes.INVALID_DIGEST_CHARS)))
 
-    key_tag = forms.IntegerField(
+    key_tag = forms.CharField(
         required=True,
         label="Key tag",
-        validators=[
-            MinValueValidator(0, message=str(DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE))),
-            MaxValueValidator(65535, message=str(DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE))),
-        ],
-        error_messages={"required": ("Key tag is required.")},
+        error_messages={"required": "Key tag is required."},
     )
 
     algorithm = forms.TypedChoiceField(
@@ -672,6 +668,22 @@ class DomainDsdataForm(forms.Form):
         cleaned_data = super().clean()
         digest_type = cleaned_data.get("digest_type", 0)
         digest = cleaned_data.get("digest", "")
+
+        # Convert key_tag to an integer safely
+        key_tag = cleaned_data.get("key_tag", 0)
+        try:
+            key_tag = int(key_tag)
+            if key_tag < 0 or key_tag > 65535:
+                self.add_error(
+                    "key_tag",
+                    DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE),
+                )
+        except ValueError:
+            self.add_error(
+                "key_tag",
+                DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_CHARS),
+            )
+
         # validate length of digest depending on digest_type
         if digest_type == 1 and len(digest) != 40:
             self.add_error(
diff --git a/src/registrar/utility/errors.py b/src/registrar/utility/errors.py
index 0a6f00c36..eccd118f8 100644
--- a/src/registrar/utility/errors.py
+++ b/src/registrar/utility/errors.py
@@ -238,6 +238,7 @@ class DsDataErrorCodes(IntEnum):
         - 3 INVALID_DIGEST_SHA256 invalid digest for digest type SHA-256
         - 4 INVALID_DIGEST_CHARS invalid chars in digest
         - 5 INVALID_KEYTAG_SIZE invalid key tag size > 65535
+        - 6 INVALID_KEYTAG_CHARS invalid key tag, not numeric
     """
 
     BAD_DATA = 1
@@ -245,6 +246,7 @@ class DsDataErrorCodes(IntEnum):
     INVALID_DIGEST_SHA256 = 3
     INVALID_DIGEST_CHARS = 4
     INVALID_KEYTAG_SIZE = 5
+    INVALID_KEYTAG_CHARS = 6
 
 
 class DsDataError(Exception):
@@ -261,6 +263,7 @@ class DsDataError(Exception):
         DsDataErrorCodes.INVALID_DIGEST_SHA256: ("SHA-256 digest must be exactly 64 characters."),
         DsDataErrorCodes.INVALID_DIGEST_CHARS: ("Digest must contain only alphanumeric characters (0-9, a-f)."),
         DsDataErrorCodes.INVALID_KEYTAG_SIZE: ("Key tag must be less than 65535."),
+        DsDataErrorCodes.INVALID_KEYTAG_CHARS: ("Key tag must be numeric (0-9)."),
     }
 
     def __init__(self, *args, code=None, **kwargs):

From e92e2567e03a3f5a8542462d01100015e3477d68 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 11 Mar 2025 16:58:43 -0400
Subject: [PATCH 061/285] update js to properly handle text input instead of
 number

---
 .../assets/src/js/getgov/form-dsdata.js       | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov/form-dsdata.js b/src/registrar/assets/src/js/getgov/form-dsdata.js
index a8c022056..3f04dbb26 100644
--- a/src/registrar/assets/src/js/getgov/form-dsdata.js
+++ b/src/registrar/assets/src/js/getgov/form-dsdata.js
@@ -390,8 +390,8 @@ export class DSDataForm {
     resetInputValuesInElement(domElement) {
         const inputEvent = new Event('input');
         const changeEvent = new Event('change');
-        // Reset text and number inputs
-        let inputs = domElement.querySelectorAll("input[type='text'], input[type='number']");
+        // Reset text inputs
+        let inputs = domElement.querySelectorAll("input[type='text']");
         inputs.forEach(input => {
             // Reset input value to its initial stored value
             input.value = input.dataset.initialValue;
@@ -415,15 +415,15 @@ export class DSDataForm {
      * @param {HTMLElement} readOnlyRow - The row where values will be displayed in a non-editable format.
      */
     copyEditRowToReadonlyRow(editRow, readOnlyRow) {
-        let numberInput = editRow.querySelector("input[type='number']");
+        let inputs = editRow.querySelectorAll("input[type='text']");
+        let keyTagInput = inputs[0];
         let selects = editRow.querySelectorAll("select");
-        let textInput = editRow.querySelector("input[type='text']");
+        let digestInput = inputs[1];
         let tds = readOnlyRow.querySelectorAll("td");
-        let updatedText = '';
 
-        // Copy the number input value
-        if (numberInput) {
-            tds[0].innerText = numberInput.value || "";
+        // Copy the key tag input value
+        if (keyTagInput) {
+            tds[0].innerText = keyTagInput.value || "";
         }
 
         // Copy select values (showing the selected label instead of value)
@@ -434,9 +434,9 @@ export class DSDataForm {
             }
         });
 
-        // Copy the text input value
-        if (textInput) {
-            tds[3].innerText = textInput.value || "";
+        // Copy the digest input value
+        if (digestInput) {
+            tds[3].innerText = digestInput.value || "";
         }
     }
 

From 50fb3adfa497c7bb1c623dd583558b131a08ddfe Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Tue, 11 Mar 2025 14:08:53 -0700
Subject: [PATCH 062/285] Correct misdeleted line

---
 src/registrar/utility/email_invitations.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index 729da3f11..74fa8a5ce 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -446,7 +446,7 @@ def _send_portfolio_admin_addition_emails_to_portfolio_admins(email: str, reques
             logger.warning(
                 "Could not send email organization admin notification to %s " "for portfolio: %s",
                 user.email,
-                portfolio,
+                portfolio.organization_name,
                 exc_info=True,
             )
             all_emails_sent = False

From 548317eb0b66a31d07c5843f647256ce7ba07135 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Tue, 11 Mar 2025 14:23:23 -0700
Subject: [PATCH 063/285] Update portfolio org email warning text

---
 src/registrar/views/portfolios.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index 14e6234b8..82b212c48 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -846,7 +846,7 @@ class PortfolioOrganizationView(DetailView, FormMixin):
                 if not send_portfolio_organization_update_email(
                     editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Organization"
                 ):
-                    messages.warning(self.request, f"Could not send email notification to {user.email}.")
+                    messages.warning(self.request, f"Could not send email notification to all organization admins.")
                     return redirect(reverse("organization"))
             except Exception as e:
                 messages.error(
@@ -919,7 +919,7 @@ class PortfolioSeniorOfficialView(DetailView, FormMixin):
                 if not send_portfolio_organization_update_email(
                     editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Senior Official"
                 ):
-                    messages.warning(self.request, f"Could not send email notification to {user.email}.")
+                    messages.warning(self.request, f"Could not send email notification to all organization admins.")
                     return redirect(reverse("senior-official"))
             except Exception as e:
                 messages.error(

From 884e6a30b9046d9278a50fa374565256874e0aa7 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Tue, 11 Mar 2025 14:29:18 -0700
Subject: [PATCH 064/285] Fix linting

---
 src/registrar/utility/email_invitations.py | 4 +++-
 src/registrar/views/portfolios.py          | 6 +++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index 74fa8a5ce..1604eeaf2 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -226,6 +226,7 @@ def send_portfolio_invitation_email(email: str, requestor, portfolio, is_admin_i
         )
     return all_admin_emails_sent
 
+
 def send_portfolio_organization_update_email(editor, portfolio, updated_page):
     """
     Sends an email notification to all portfolio admin when portfolio organization is updated.
@@ -262,7 +263,7 @@ def send_portfolio_organization_update_email(editor, portfolio, updated_page):
                     "editor": editor,
                     "portfolio_admin": user,
                     "date": date.today(),
-                    "updated_info": "Organization"
+                    "updated_info": "Organization",
                 },
             )
         except EmailSendingError:
@@ -275,6 +276,7 @@ def send_portfolio_organization_update_email(editor, portfolio, updated_page):
             all_emails_sent = False
     return all_emails_sent
 
+
 def send_portfolio_member_permission_update_email(requestor, permissions: UserPortfolioPermission):
     """
     Sends an email notification to a portfolio member when their permissions are updated.
diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index 82b212c48..084ec6edd 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -35,7 +35,7 @@ from registrar.utility.email_invitations import (
     send_portfolio_invitation_remove_email,
     send_portfolio_member_permission_remove_email,
     send_portfolio_member_permission_update_email,
-    send_portfolio_organization_update_email
+    send_portfolio_organization_update_email,
 )
 from registrar.utility.errors import MissingEmailError
 from registrar.utility.enums import DefaultUserValues
@@ -841,7 +841,7 @@ class PortfolioOrganizationView(DetailView, FormMixin):
         self.object = self.get_object()
         form = self.get_form()
         if form.is_valid():
-            user=request.user
+            user = request.user
             try:
                 if not send_portfolio_organization_update_email(
                     editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Organization"
@@ -914,7 +914,7 @@ class PortfolioSeniorOfficialView(DetailView, FormMixin):
         self.object = self.get_object()
         form = self.get_form()
         if form.is_valid():
-            user=request.user
+            user = request.user
             try:
                 if not send_portfolio_organization_update_email(
                     editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Senior Official"

From b4aed440b88aa9f239334fb8b76aa5d67dd03ff0 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Tue, 11 Mar 2025 14:34:33 -0700
Subject: [PATCH 065/285] Remove unused f strings

---
 src/registrar/views/portfolios.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index 25d44cb78..d6002ba14 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -856,7 +856,7 @@ class PortfolioOrganizationView(DetailView, FormMixin):
                 if not send_portfolio_organization_update_email(
                     editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Organization"
                 ):
-                    messages.warning(self.request, f"Could not send email notification to all organization admins.")
+                    messages.warning(self.request, "Could not send email notification to all organization admins.")
                     return redirect(reverse("organization"))
             except Exception as e:
                 messages.error(
@@ -929,7 +929,7 @@ class PortfolioSeniorOfficialView(DetailView, FormMixin):
                 if not send_portfolio_organization_update_email(
                     editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Senior Official"
                 ):
-                    messages.warning(self.request, f"Could not send email notification to all organization admins.")
+                    messages.warning(self.request, "Could not send email notification to all organization admins.")
                     return redirect(reverse("senior-official"))
             except Exception as e:
                 messages.error(

From e56c533e9a1ad78ffa6be8d91b579afe9617ddb0 Mon Sep 17 00:00:00 2001
From: CocoByte <nicolle.leclair@gmail.com>
Date: Tue, 11 Mar 2025 16:16:42 -0600
Subject: [PATCH 066/285] width adjustments

---
 .../assets/src/sass/_theme/_containers.scss   |   6 +-
 src/registrar/templates/domain_base.html      |   4 +-
 src/registrar/templates/domain_dsdata.html    | 259 +++++++++---------
 .../templates/domain_request_form.html        |   4 +-
 4 files changed, 139 insertions(+), 134 deletions(-)

diff --git a/src/registrar/assets/src/sass/_theme/_containers.scss b/src/registrar/assets/src/sass/_theme/_containers.scss
index 24ad480f2..213389fc0 100644
--- a/src/registrar/assets/src/sass/_theme/_containers.scss
+++ b/src/registrar/assets/src/sass/_theme/_containers.scss
@@ -22,5 +22,9 @@
 // regular grid-container within a widescreen (see instances
 // where is_widescreen_centered is used in the html).
 .max-width--grid-container {
-  max-width: 960px;
+  max-width: 1024px;
+}
+
+.grid-col--sidenav {
+  max-width: 230px;
 }
\ No newline at end of file
diff --git a/src/registrar/templates/domain_base.html b/src/registrar/templates/domain_base.html
index 249f69d32..a1392cbe1 100644
--- a/src/registrar/templates/domain_base.html
+++ b/src/registrar/templates/domain_base.html
@@ -9,7 +9,7 @@
 <div class="grid-container grid-container--widescreen">
 
   <div class="grid-row grid-gap {% if not is_widescreen_centered %}max-width--grid-container{% endif %}">
-    <div class="tablet:grid-col-3 ">
+    <div class="tablet:grid-col-3 grid-col--sidenav">
       <p class="font-body-md margin-top-0 margin-bottom-2
                 text-primary-darker text-semibold string-wrap"
       >
@@ -21,7 +21,7 @@
       {% endif %}
     </div>
 
-    <div class="tablet:grid-col-9">
+    <div class="tablet:grid-col">
       <main id="main-content" class="grid-container">
       {% if not domain.domain_info %}
         <div class="usa-alert usa-alert--error margin-bottom-2">
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index e419a03b4..f6574600c 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -123,143 +123,144 @@
         {% endif %}
       {% endfor %}
 
+      <div class="usa-table-container--scrollable usa-table-container--override-overflow margin-top-0" tabindex="0" id="domains__table-wrapper">
+        <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="dsdata-table">
+          <thead>
+            <tr>
+              <th scope="col" role="columnheader">Key tag</th>
+              <th scope="col" role="columnheader">Algorithm</th>
+              <th scope="col" role="columnheader">Digest type</th>
+              <th scope="col" role="columnheader">Digest</th>
+              <th scope="col" role="columnheader" class="width-0 padding-right-0">Action</th>
+            </tr>
+          </thead>
+          <tbody>
+            {% for form in formset %}
+              {% if not forloop.last or form.initial %}
 
-      <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="dsdata-table">
-        <thead>
-          <tr>
-            <th scope="col" role="columnheader">Key tag</th>
-            <th scope="col" role="columnheader">Algorithm</th>
-            <th scope="col" role="columnheader">Digest type</th>
-            <th scope="col" role="columnheader">Digest</th>
-            <th scope="col" role="columnheader" class="width-0 padding-right-0">Action</th>
-          </tr>
-        </thead>
-        <tbody>
-          {% for form in formset %}
-            {% if not forloop.last or form.initial %}
+                {% comment %}
+                This section renders table rows for each existing DS data records. Two rows are rendered, a readonly row
+                and an edit row. Only one of which is displayed at a time.
+                {% endcomment %}
+                
+                <!-- Readonly row -->
+                <tr>
+                  <td>{{ form.key_tag.value }}</td>
+                  <td>
+                    {% for value, label in form.algorithm.field.choices %}
+                      {% if value|stringformat:"s" == form.algorithm.value|stringformat:"s" %}
+                        {{ label }}
+                      {% endif %}
+                    {% endfor %}
+                  </td>
+                  <td>
+                    {% for value, label in form.digest_type.field.choices %}
+                      {% if value|stringformat:"s" == form.digest_type.value|stringformat:"s" %}
+                        {{ label }}
+                      {% endif %}
+                    {% endfor %}
+                  </td>
+                  <td>{{ form.digest.value }}</td>
+                  <td class="padding-right-0">
+                    <div class="tablet:display-flex tablet:flex-row">
+                      <button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 dsdata-edit'>
+                        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
+                          <use xlink:href="/public/img/sprite.svg#edit"></use>
+                        </svg>
+                        Edit <span class="usa-sr-only">DS record {{forloop.counter}}</span>
+                      </button>
 
-              {% comment %}
-              This section renders table rows for each existing DS data records. Two rows are rendered, a readonly row
-              and an edit row. Only one of which is displayed at a time.
-              {% endcomment %}
-              
-              <!-- Readonly row -->
-              <tr>
-                <td>{{ form.key_tag.value }}</td>
-                <td>
-                  {% for value, label in form.algorithm.field.choices %}
-                    {% if value|stringformat:"s" == form.algorithm.value|stringformat:"s" %}
-                      {{ label }}
-                    {% endif %}
-                  {% endfor %}
-                </td>
-                <td>
-                  {% for value, label in form.digest_type.field.choices %}
-                    {% if value|stringformat:"s" == form.digest_type.value|stringformat:"s" %}
-                      {{ label }}
-                    {% endif %}
-                  {% endfor %}
-                </td>
-                <td>{{ form.digest.value }}</td>
-                <td class="padding-right-0">
-                  <div class="tablet:display-flex tablet:flex-row">
-                    <button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 dsdata-edit'>
-                      <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
-                        <use xlink:href="/public/img/sprite.svg#edit"></use>
-                      </svg>
-                      Edit <span class="usa-sr-only">DS record {{forloop.counter}}</span>
-                    </button>
+                      <a 
+                        role="button" 
+                        id="button-trigger-delete-dsdata-{{ forloop.counter }}"
+                        class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex dsdata-delete-kebab"
+                      >
+                        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
+                          <use xlink:href="/public/img/sprite.svg#delete"></use>
+                        </svg>
+                        Delete
+                      </a>
 
-                    <a 
-                      role="button" 
-                      id="button-trigger-delete-dsdata-{{ forloop.counter }}"
-                      class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex dsdata-delete-kebab"
-                    >
-                      <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
-                        <use xlink:href="/public/img/sprite.svg#delete"></use>
-                      </svg>
-                      Delete
-                    </a>
-
-                    <div class="usa-accordion usa-accordion--more-actions margin-right-2 hidden-mobile-flex">
-                      <div class="usa-accordion__heading">
-                        <button
-                          type="button"
-                          class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-0"
-                          aria-expanded="false"
-                          aria-controls="more-actions-dsdata-{{ forloop.counter }}"
-                          aria-label="More Actions for DS record {{ forloop.counter }}"
-                        >
-                          <svg class="usa-icon top-2px" aria-hidden="true" focusable="false" role="img" width="24">
-                            <use xlink:href="/public/img/sprite.svg#more_vert"></use>
-                          </svg>
-                        </button>
-                      </div>
-                      <div id="more-actions-dsdata-{{ forloop.counter }}" class="usa-accordion__content usa-prose shadow-1 left-auto right-neg-1" hidden>
-                        <h2>More options</h2>
-                        <button 
-                          type="button" 
-                          class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary dsdata-delete-kebab"
-                          name="btn-delete-kebab-click"
-                          aria-label="Delete DS record {{ forloop.counter }} from the registry"
-                        >
-                          Delete
-                        </button>
+                      <div class="usa-accordion usa-accordion--more-actions margin-right-2 hidden-mobile-flex">
+                        <div class="usa-accordion__heading">
+                          <button
+                            type="button"
+                            class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-0"
+                            aria-expanded="false"
+                            aria-controls="more-actions-dsdata-{{ forloop.counter }}"
+                            aria-label="More Actions for DS record {{ forloop.counter }}"
+                          >
+                            <svg class="usa-icon top-2px" aria-hidden="true" focusable="false" role="img" width="24">
+                              <use xlink:href="/public/img/sprite.svg#more_vert"></use>
+                            </svg>
+                          </button>
+                        </div>
+                        <div id="more-actions-dsdata-{{ forloop.counter }}" class="usa-accordion__content usa-prose shadow-1 left-auto right-neg-1" hidden>
+                          <h2>More options</h2>
+                          <button 
+                            type="button" 
+                            class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary dsdata-delete-kebab"
+                            name="btn-delete-kebab-click"
+                            aria-label="Delete DS record {{ forloop.counter }} from the registry"
+                          >
+                            Delete
+                          </button>
+                        </div>
                       </div>
                     </div>
-                  </div>
-                </td>
-              </tr>
-              <!-- Edit row -->
-              <tr class="edit-row display-none">
-                <td class="text-bottom">
-                  {% with sublabel_text="Numbers (0-9) only." %}
+                  </td>
+                </tr>
+                <!-- Edit row -->
+                <tr class="edit-row display-none">
+                  <td class="text-bottom">
+                    {% with sublabel_text="Numbers (0-9) only." %}
+                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                        {% input_with_errors form.key_tag %}
+                      {% endwith %}
+                    {% endwith %}
+                  </td>
+                  <td class="text-bottom">
                     {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
-                      {% input_with_errors form.key_tag %}
-                    {% endwith %}
-                  {% endwith %}
-                </td>
-                <td class="text-bottom">
-                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
-                      {% input_with_errors form.algorithm %}
-                    {% endwith %}
-                </td>
-                <td class="text-bottom">
-                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
-                      {% input_with_errors form.digest_type %}
-                    {% endwith %}
-                </td>
-                <td class="text-bottom">
-                  {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
+                        {% input_with_errors form.algorithm %}
+                      {% endwith %}
+                  </td>
+                  <td class="text-bottom">
                     {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
-                      {% input_with_errors form.digest %}
+                        {% input_with_errors form.digest_type %}
+                      {% endwith %}
+                  </td>
+                  <td class="text-bottom">
+                    {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
+                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                        {% input_with_errors form.digest %}
+                      {% endwith %}
                     {% endwith %}
-                  {% endwith %}
-                </td>
-                <td class="padding-right-0 text-bottom">
-                  <button class="usa-button usa-button--unstyled display-block margin-top-1" type="submit">Save</button>
-                  
-                  <button
-                        type="button"
-                        class="usa-button usa-button--unstyled display-block dsdata-cancel"
-                        name="btn-cancel-click"
-                        aria-label="Reset the data in the DS record form to the registry state (undo changes)"
-                    >Cancel
-                  </button>
-                  <button
-                        type="button"
-                        class="usa-button usa-button--unstyled display-block text-secondary dsdata-delete"
-                        name="btn-delete-click"
-                        aria-label="Delete the DS record from the registry"
-                    >Delete
-                  </button>
-                  <div class="display-none">{{ form.DELETE }}</div>
-                </td>
-              </tr>
-            {% endif %}
-          {% endfor %}
-        </tbody>
-      </table>
+                  </td>
+                  <td class="padding-right-0 text-bottom">
+                    <button class="usa-button usa-button--unstyled display-block margin-top-1" type="submit">Save</button>
+                    
+                    <button
+                          type="button"
+                          class="usa-button usa-button--unstyled display-block dsdata-cancel"
+                          name="btn-cancel-click"
+                          aria-label="Reset the data in the DS record form to the registry state (undo changes)"
+                      >Cancel
+                    </button>
+                    <button
+                          type="button"
+                          class="usa-button usa-button--unstyled display-block text-secondary dsdata-delete"
+                          name="btn-delete-click"
+                          aria-label="Delete the DS record from the registry"
+                      >Delete
+                    </button>
+                    <div class="display-none">{{ form.DELETE }}</div>
+                  </td>
+                </tr>
+              {% endif %}
+            {% endfor %}
+          </tbody>
+        </table>
+      </div>
     </form>
 
   {% else %}
diff --git a/src/registrar/templates/domain_request_form.html b/src/registrar/templates/domain_request_form.html
index 2142372e8..b9844aa06 100644
--- a/src/registrar/templates/domain_request_form.html
+++ b/src/registrar/templates/domain_request_form.html
@@ -5,10 +5,10 @@
 {% block content %}
 <div class="grid-container grid-container--widescreen">
   <div class="grid-row grid-gap {% if not is_widescreen_centered %}max-width--grid-container{% endif %}">
-    <div class="tablet:grid-col-3">
+    <div class="tablet:grid-col-3 grid-col--sidenav">
       {% include 'domain_request_sidebar.html' %}
     </div>
-    <div class="tablet:grid-col-9">
+    <div class="tablet:grid-col">
       <main id="main-content" class="grid-container register-form-step">
         <input type="hidden" class="display-none" id="wizard-domain-request-id" value="{{domain_request_id}}"/>
         {% if steps.current == steps.first %}

From 0bc6595a17321739e5748d6e828a904ff8b1b216 Mon Sep 17 00:00:00 2001
From: Rebecca Hsieh <rebecca.hsieh@truss.works>
Date: Tue, 11 Mar 2025 15:16:48 -0700
Subject: [PATCH 067/285] Fix the manage url issue for action needed emails

---
 .../templates/emails/transition_domain_invitation.txt     | 2 +-
 src/registrar/utility/admin_helpers.py                    | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/emails/transition_domain_invitation.txt b/src/registrar/templates/emails/transition_domain_invitation.txt
index 14dd626dd..35947eb72 100644
--- a/src/registrar/templates/emails/transition_domain_invitation.txt
+++ b/src/registrar/templates/emails/transition_domain_invitation.txt
@@ -57,7 +57,7 @@ THANK YOU
 The .gov team
 
 .Gov blog <https://get.gov/updates/> 
-Domain management <{{ manage_url }}}>
+Domain management <{{ manage_url }}>
 Get.gov <https://get.gov>
 
 The .gov registry is a part of the Cybersecurity and Infrastructure Security Agency (CISA) <https://cisa.gov/>
diff --git a/src/registrar/utility/admin_helpers.py b/src/registrar/utility/admin_helpers.py
index 93a0a16b5..adbc182d0 100644
--- a/src/registrar/utility/admin_helpers.py
+++ b/src/registrar/utility/admin_helpers.py
@@ -1,4 +1,5 @@
 from registrar.models.domain_request import DomainRequest
+from django.conf import settings
 from django.template.loader import get_template
 from django.utils.html import format_html
 from django.urls import reverse
@@ -35,8 +36,13 @@ def _get_default_email(domain_request, file_path, reason, excluded_reasons=None)
         return None
 
     recipient = domain_request.creator
+    env_base_url = settings.BASE_URL
+    # If NOT in prod, update instances of "manage.get.gov" links to point to
+    # current environment, ie "getgov-rh.app.cloud.gov"
+    manage_url = env_base_url if not settings.IS_PRODUCTION else "https://manage.get.gov"
+
     # Return the context of the rendered views
-    context = {"domain_request": domain_request, "recipient": recipient, "reason": reason}
+    context = {"domain_request": domain_request, "recipient": recipient, "reason": reason, "manage_url": manage_url}
 
     email_body_text = get_template(file_path).render(context=context)
     email_body_text_cleaned = email_body_text.strip().lstrip("\n") if email_body_text else None

From 2d21129a870762765d07c619c606e69ce5ece9c4 Mon Sep 17 00:00:00 2001
From: CocoByte <nicolle.leclair@gmail.com>
Date: Tue, 11 Mar 2025 16:32:30 -0600
Subject: [PATCH 068/285] ellipsis

---
 src/registrar/templates/domain_dsdata.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index f6574600c..0c5e78859 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -160,7 +160,7 @@
                       {% endif %}
                     {% endfor %}
                   </td>
-                  <td>{{ form.digest.value }}</td>
+                  <td class="ellipsis ellipsis--23">{{ form.digest.value }}</td>
                   <td class="padding-right-0">
                     <div class="tablet:display-flex tablet:flex-row">
                       <button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 dsdata-edit'>

From df930c949705be2bf83aecbf4bc3af4bf969ff92 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Tue, 11 Mar 2025 15:39:27 -0700
Subject: [PATCH 069/285] Change return value of posting to org forms

---
 src/registrar/utility/email_invitations.py | 4 +---
 src/registrar/views/portfolios.py          | 8 ++++----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index 1604eeaf2..74fa8a5ce 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -226,7 +226,6 @@ def send_portfolio_invitation_email(email: str, requestor, portfolio, is_admin_i
         )
     return all_admin_emails_sent
 
-
 def send_portfolio_organization_update_email(editor, portfolio, updated_page):
     """
     Sends an email notification to all portfolio admin when portfolio organization is updated.
@@ -263,7 +262,7 @@ def send_portfolio_organization_update_email(editor, portfolio, updated_page):
                     "editor": editor,
                     "portfolio_admin": user,
                     "date": date.today(),
-                    "updated_info": "Organization",
+                    "updated_info": "Organization"
                 },
             )
         except EmailSendingError:
@@ -276,7 +275,6 @@ def send_portfolio_organization_update_email(editor, portfolio, updated_page):
             all_emails_sent = False
     return all_emails_sent
 
-
 def send_portfolio_member_permission_update_email(requestor, permissions: UserPortfolioPermission):
     """
     Sends an email notification to a portfolio member when their permissions are updated.
diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index d6002ba14..67b470bea 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -857,7 +857,7 @@ class PortfolioOrganizationView(DetailView, FormMixin):
                     editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Organization"
                 ):
                     messages.warning(self.request, "Could not send email notification to all organization admins.")
-                    return redirect(reverse("organization"))
+                    return self.form_valid(form)
             except Exception as e:
                 messages.error(
                     request,
@@ -867,7 +867,7 @@ class PortfolioOrganizationView(DetailView, FormMixin):
                 logger.error(f"An unexpected error occurred: {str(e)}.", exc_info=True)
                 return None
             messages.success(self.request, "The portfolio organization information has been updated.")
-            return redirect(reverse("organization"))
+            return self.form_valid(form)
         else:
             return self.form_invalid(form)
 
@@ -930,7 +930,7 @@ class PortfolioSeniorOfficialView(DetailView, FormMixin):
                     editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Senior Official"
                 ):
                     messages.warning(self.request, "Could not send email notification to all organization admins.")
-                    return redirect(reverse("senior-official"))
+                    return self.form_valid(form)
             except Exception as e:
                 messages.error(
                     request,
@@ -940,7 +940,7 @@ class PortfolioSeniorOfficialView(DetailView, FormMixin):
                 logger.error(f"An unexpected error occurred: {str(e)}.", exc_info=True)
                 return None
             messages.success(self.request, "The portfolio organization information has been updated.")
-            return redirect(reverse("senior-official"))
+            return self.form_valid(form)
         else:
             return self.form_invalid(form)
 

From c91a0181fe984cc66e3e3c9796da58cf98044d55 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Tue, 11 Mar 2025 15:40:14 -0700
Subject: [PATCH 070/285] Remove unused form valid

---
 src/registrar/views/portfolios.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index 67b470bea..0bc7911e0 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -857,7 +857,6 @@ class PortfolioOrganizationView(DetailView, FormMixin):
                     editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Organization"
                 ):
                     messages.warning(self.request, "Could not send email notification to all organization admins.")
-                    return self.form_valid(form)
             except Exception as e:
                 messages.error(
                     request,
@@ -930,7 +929,6 @@ class PortfolioSeniorOfficialView(DetailView, FormMixin):
                     editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Senior Official"
                 ):
                     messages.warning(self.request, "Could not send email notification to all organization admins.")
-                    return self.form_valid(form)
             except Exception as e:
                 messages.error(
                     request,

From e971ba60c7c5e7def0785d570864af3ed4d5aaae Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Tue, 11 Mar 2025 15:41:39 -0700
Subject: [PATCH 071/285] Add form validation for senior official

---
 src/registrar/views/portfolios.py | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index 0bc7911e0..6bfc44286 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -865,7 +865,6 @@ class PortfolioOrganizationView(DetailView, FormMixin):
                 )
                 logger.error(f"An unexpected error occurred: {str(e)}.", exc_info=True)
                 return None
-            messages.success(self.request, "The portfolio organization information has been updated.")
             return self.form_valid(form)
         else:
             return self.form_invalid(form)
@@ -937,11 +936,27 @@ class PortfolioSeniorOfficialView(DetailView, FormMixin):
                 )
                 logger.error(f"An unexpected error occurred: {str(e)}.", exc_info=True)
                 return None
-            messages.success(self.request, "The portfolio organization information has been updated.")
             return self.form_valid(form)
         else:
             return self.form_invalid(form)
 
+    def form_valid(self, form):
+        """Handle the case when the form is valid."""
+        self.object = form.save(commit=False)
+        self.object.creator = self.request.user
+        self.object.save()
+        messages.success(self.request, "The senior official information for this portfolio has been updated.")
+        return super().form_valid(form)
+
+    def form_invalid(self, form):
+        """Handle the case when the form is invalid."""
+        return self.render_to_response(self.get_context_data(form=form))
+
+    def get_success_url(self):
+        """Redirect to the overview page for the portfolio."""
+        return reverse("senior-official")
+
+
 
 @grant_access(HAS_PORTFOLIO_MEMBERS_ANY_PERM)
 class PortfolioMembersView(View):

From 2ac4c047032d91bb9db36cafeaee21ef0d7c0c09 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Tue, 11 Mar 2025 15:52:28 -0700
Subject: [PATCH 072/285] Fix linting

---
 src/registrar/utility/email_invitations.py | 4 +++-
 src/registrar/views/portfolios.py          | 1 -
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index 74fa8a5ce..1604eeaf2 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -226,6 +226,7 @@ def send_portfolio_invitation_email(email: str, requestor, portfolio, is_admin_i
         )
     return all_admin_emails_sent
 
+
 def send_portfolio_organization_update_email(editor, portfolio, updated_page):
     """
     Sends an email notification to all portfolio admin when portfolio organization is updated.
@@ -262,7 +263,7 @@ def send_portfolio_organization_update_email(editor, portfolio, updated_page):
                     "editor": editor,
                     "portfolio_admin": user,
                     "date": date.today(),
-                    "updated_info": "Organization"
+                    "updated_info": "Organization",
                 },
             )
         except EmailSendingError:
@@ -275,6 +276,7 @@ def send_portfolio_organization_update_email(editor, portfolio, updated_page):
             all_emails_sent = False
     return all_emails_sent
 
+
 def send_portfolio_member_permission_update_email(requestor, permissions: UserPortfolioPermission):
     """
     Sends an email notification to a portfolio member when their permissions are updated.
diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index 6bfc44286..5f2532f8f 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -957,7 +957,6 @@ class PortfolioSeniorOfficialView(DetailView, FormMixin):
         return reverse("senior-official")
 
 
-
 @grant_access(HAS_PORTFOLIO_MEMBERS_ANY_PERM)
 class PortfolioMembersView(View):
 

From c7124669aa88111fb8ef6be0049446874be0c8cd Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 11 Mar 2025 18:55:15 -0400
Subject: [PATCH 073/285] updated tests

---
 src/registrar/tests/test_views_domain.py | 49 +++++++++++++-----------
 1 file changed, 27 insertions(+), 22 deletions(-)

diff --git a/src/registrar/tests/test_views_domain.py b/src/registrar/tests/test_views_domain.py
index c2120b58f..62d463627 100644
--- a/src/registrar/tests/test_views_domain.py
+++ b/src/registrar/tests/test_views_domain.py
@@ -2547,8 +2547,8 @@ class TestDomainDNSSEC(TestDomainOverview):
         domain DNSSEC data and shows a button to Add new record"""
 
         page = self.client.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dnssec_none.id}))
-        self.assertContains(page, "You have no DS data added")
-        self.assertContains(page, "Add new record")
+        self.assertEqual(page.status_code, 200)
+        self.assertContains(page, "Add DS record")
 
     @less_console_noise_decorator
     def test_ds_form_loads_with_ds_data(self):
@@ -2556,26 +2556,8 @@ class TestDomainDNSSEC(TestDomainOverview):
         domain DNSSEC DS data and shows the data"""
 
         page = self.client.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id}))
-        self.assertContains(page, "DS data record 1")
-
-    @less_console_noise_decorator
-    def test_ds_data_form_modal(self):
-        """When user clicks on save, a modal pops up."""
-        add_data_page = self.app.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id}))
-        # Assert that a hidden trigger for the modal does not exist.
-        # This hidden trigger will pop on the page when certain condition are met:
-        # 1) Initial form contained DS data, 2) All data is deleted and form is
-        # submitted.
-        self.assertNotContains(add_data_page, "Trigger Disable DNSSEC Modal")
-        # Simulate a delete all data
-        form_data = {}
-        response = self.client.post(
-            reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id}),
-            data=form_data,
-        )
-        self.assertEqual(response.status_code, 200)  # Adjust status code as needed
-        # Now check to see whether the JS trigger for the modal is present on the page
-        self.assertContains(response, "Trigger Disable DNSSEC Modal")
+        self.assertContains(page, "Add DS record")  # assert add form is present
+        self.assertContains(page, "Action")  # assert table is present
 
     @less_console_noise_decorator
     def test_ds_data_form_submits(self):
@@ -2643,6 +2625,29 @@ class TestDomainDNSSEC(TestDomainOverview):
             result, str(DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE)), count=2, status_code=200
         )
 
+    @less_console_noise_decorator
+    def test_ds_data_form_invalid_keytag_chars(self):
+        """DS data form errors with invalid data (key tag not numeric)
+
+        Uses self.app WebTest because we need to interact with forms.
+        """
+        add_data_page = self.app.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id}))
+        session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
+        self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
+        # first two nameservers are required, so if we empty one out we should
+        # get a form error
+        add_data_page.forms[0]["form-0-key_tag"] = "invalid"  # not numeric
+        add_data_page.forms[0]["form-0-algorithm"] = ""
+        add_data_page.forms[0]["form-0-digest_type"] = ""
+        add_data_page.forms[0]["form-0-digest"] = ""
+        result = add_data_page.forms[0].submit()
+        # form submission was a post with an error, response should be a 200
+        # error text appears twice, once at the top of the page, once around
+        # the field.
+        self.assertContains(
+            result, str(DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_CHARS)), count=2, status_code=200
+        )
+
     @less_console_noise_decorator
     def test_ds_data_form_invalid_digest_chars(self):
         """DS data form errors with invalid data (digest contains non hexadecimal chars)

From 61443e0f9224c0a5fb0163df202af975e27aef74 Mon Sep 17 00:00:00 2001
From: CocoByte <nicolle.leclair@gmail.com>
Date: Tue, 11 Mar 2025 17:03:09 -0600
Subject: [PATCH 074/285] remove scrollabe for now..

---
 src/registrar/templates/domain_dsdata.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 0c5e78859..bf41543e3 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -123,7 +123,7 @@
         {% endif %}
       {% endfor %}
 
-      <div class="usa-table-container--scrollable usa-table-container--override-overflow margin-top-0" tabindex="0" id="domains__table-wrapper">
+      <div tabindex="0" id="domains__table-wrapper">
         <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="dsdata-table">
           <thead>
             <tr>

From 54d8859064ff5b479d58040937d045c82828dadb Mon Sep 17 00:00:00 2001
From: CocoByte <nicolle.leclair@gmail.com>
Date: Tue, 11 Mar 2025 17:56:11 -0600
Subject: [PATCH 075/285] text wrap experiments

---
 src/registrar/forms/domain.py              | 1 +
 src/registrar/templates/domain_dsdata.html | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index 53517d99e..4882e12e2 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -659,6 +659,7 @@ class DomainDsdataForm(forms.Form):
         error_messages={
             "required": "Digest is required.",
         },
+        widget=forms.TextInput(attrs={"class": "text-wrap"}),
     )
 
     def clean(self):
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index bf41543e3..83642cf66 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -146,7 +146,7 @@
                 <!-- Readonly row -->
                 <tr>
                   <td>{{ form.key_tag.value }}</td>
-                  <td>
+                  <td class="ellipsis ellipsis--15">
                     {% for value, label in form.algorithm.field.choices %}
                       {% if value|stringformat:"s" == form.algorithm.value|stringformat:"s" %}
                         {{ label }}

From 29a48cb7f23c2d42a900c34d49a50475100101be Mon Sep 17 00:00:00 2001
From: CocoByte <nicolle.leclair@gmail.com>
Date: Tue, 11 Mar 2025 18:14:54 -0600
Subject: [PATCH 076/285] let's try textarea

---
 src/registrar/forms/domain.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index 4882e12e2..5ffbdb3d8 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -659,7 +659,7 @@ class DomainDsdataForm(forms.Form):
         error_messages={
             "required": "Digest is required.",
         },
-        widget=forms.TextInput(attrs={"class": "text-wrap"}),
+        widget=forms.TextArea(attrs={"class": "text-wrap word-break", "rows": "2"}),
     )
 
     def clean(self):

From d148e50cdfb7d91c492a018f18c9348ee1e337af Mon Sep 17 00:00:00 2001
From: CocoByte <nicolle.leclair@gmail.com>
Date: Tue, 11 Mar 2025 19:13:55 -0600
Subject: [PATCH 077/285] repair

---
 src/registrar/forms/domain.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index 5ffbdb3d8..874f35804 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -659,7 +659,13 @@ class DomainDsdataForm(forms.Form):
         error_messages={
             "required": "Digest is required.",
         },
-        widget=forms.TextArea(attrs={"class": "text-wrap word-break", "rows": "2"}),
+        widget=forms.Textarea(
+            attrs={
+                "class": "text-wrap",
+                "aria-label": "Is there anything else you’d like us to know about your domain request? \
+                    Provide details below. You can enter up to 2000 characters"
+            }
+        ),
     )
 
     def clean(self):

From 5962264fae12c5d0c5157296483062c5043939ce Mon Sep 17 00:00:00 2001
From: CocoByte <nicolle.leclair@gmail.com>
Date: Tue, 11 Mar 2025 21:24:00 -0600
Subject: [PATCH 078/285] use textarea

---
 src/registrar/forms/domain.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index 874f35804..6bc057abd 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -661,11 +661,10 @@ class DomainDsdataForm(forms.Form):
         },
         widget=forms.Textarea(
             attrs={
-                "class": "text-wrap",
-                "aria-label": "Is there anything else you’d like us to know about your domain request? \
-                    Provide details below. You can enter up to 2000 characters"
+                "class": "text-wrap resize-none",
+                "rows": "2"
             }
-        ),
+        )
     )
 
     def clean(self):

From 58c6871299fef0844948c5598cd05975afb7f9be Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Wed, 12 Mar 2025 10:33:43 -0500
Subject: [PATCH 079/285] migration fixes

---
 ...y => 0143_domainrequest_feb_naming_requirements_and_more.py} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename src/registrar/migrations/{0142_domainrequest_feb_naming_requirements_and_more.py => 0143_domainrequest_feb_naming_requirements_and_more.py} (96%)

diff --git a/src/registrar/migrations/0142_domainrequest_feb_naming_requirements_and_more.py b/src/registrar/migrations/0143_domainrequest_feb_naming_requirements_and_more.py
similarity index 96%
rename from src/registrar/migrations/0142_domainrequest_feb_naming_requirements_and_more.py
rename to src/registrar/migrations/0143_domainrequest_feb_naming_requirements_and_more.py
index 5a8dbeec8..fb6976a53 100644
--- a/src/registrar/migrations/0142_domainrequest_feb_naming_requirements_and_more.py
+++ b/src/registrar/migrations/0143_domainrequest_feb_naming_requirements_and_more.py
@@ -6,7 +6,7 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("registrar", "0141_alter_portfolioinvitation_additional_permissions_and_more"),
+        ("registrar", "0142_alter_portfolioinvitation_additional_permissions_and_more"),
     ]
 
     operations = [

From 71c3332c72fe2667f1e48f55137d06a5229a7df0 Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Wed, 12 Mar 2025 10:52:19 -0500
Subject: [PATCH 080/285] fix eop contact deletable functionality

---
 src/registrar/forms/feb.py | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/src/registrar/forms/feb.py b/src/registrar/forms/feb.py
index 4342acdba..e14e2741e 100644
--- a/src/registrar/forms/feb.py
+++ b/src/registrar/forms/feb.py
@@ -177,16 +177,21 @@ class EOPContactForm(BaseDeletableRegistrarForm):
 
     @classmethod
     def from_database(cls, obj):
-        # if not obj.eop_contact:
-        #     return {}
-        # return {
-        #     "first_name": obj.feb_eop_contact.first_name,
-        #     "last_name": obj.feb_eop_contact.last_name,
-        #     "email": obj.feb_eop_contact.email,
-        # }
-        return {}
+        if not obj.eop_contact:
+            return {}
+        return {
+            "first_name": obj.feb_eop_contact.first_name,
+            "last_name": obj.feb_eop_contact.last_name,
+            "email": obj.feb_eop_contact.email,
+        }
 
     def to_database(self, obj):
+        # This function overrides the behavior of the BaseDeletableRegistrarForm.
+        # in order to preserve deletable functionality, we need to call the
+        # superclass's to_database method if the form is marked for deletion.
+        if self.form_data_marked_for_deletion:
+            super().to_database(obj)
+            return
         if not self.is_valid():
             return
         obj.eop_contact = Contact.objects.create(

From 5f2574389e7b18d6675953af1cde95a529bd2e58 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:54:15 -0600
Subject: [PATCH 081/285] Cleanup for unit test

---
 src/registrar/models/domain.py            | 27 ++++++++++-------------
 src/registrar/tests/common.py             | 17 +++++++++-----
 src/registrar/tests/test_models_domain.py | 18 ++++++++++++---
 3 files changed, 38 insertions(+), 24 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index a92823788..5397d1f7f 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1676,22 +1676,19 @@ class Domain(TimeStampedModel, DomainHelper):
         """creates a disclose object that can be added to a contact Create using
         .disclose= <this function> on the command before sending.
         if item is security email then make sure email is visible"""
-        # Helpful Note: 'flag' is what toggles disclosure
         DF = epp.DiscloseField
-        contact_disclose_map = {
-            contact.ContactTypeChoices.SECURITY: {
-                "fields": [DF.EMAIL],
-                "flag": True
-            },
-            contact.ContactTypeChoices.ADMINISTRATIVE: {
-                "fields": [DF.EMAIL, DF.VOICE, DF.ADDR],
-                "types": {DF.ADDR: "loc"},
-                "flag": True
-            },
-        }
-        disclose_config = contact_disclose_map.get(contact.contact_type, {"fields": [], "flag": False})
-        logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose_config.get("flag"))
-        return epp.Disclose(**disclose_config)
+        disclose_fields = {"fields": [], "flag": False}
+        match contact.contact_type:
+            case contact.ContactTypeChoices.SECURITY:
+                hidden_security_emails = [email for email in DefaultEmail]
+                disclose_fields = {
+                    "fields": [DF.EMAIL],
+                    "flag": contact.email not in hidden_security_emails,
+                }
+            case contact.ContactTypeChoices.ADMINISTRATIVE:
+                disclose_fields = {"fields": [DF.EMAIL, DF.VOICE, DF.ADDR], "types": {DF.ADDR: "loc"}, "flag": True}
+        logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose_fields.get("flag"))
+        return epp.Disclose(**disclose_fields)
 
     def _make_epp_contact_postal_info(self, contact: PublicContact):  # type: ignore
         return epp.PostalInfo(  # type: ignore
diff --git a/src/registrar/tests/common.py b/src/registrar/tests/common.py
index 8fbf052a4..500ecfe39 100644
--- a/src/registrar/tests/common.py
+++ b/src/registrar/tests/common.py
@@ -1941,14 +1941,19 @@ class MockEppLib(TestCase):
         self.mockedSendFunction = self.mockSendPatch.start()
         self.mockedSendFunction.side_effect = self.mockSend
 
-    def _convertPublicContactToEpp(self, contact: PublicContact, disclose_email=False, createContact=True):
+    def _convertPublicContactToEpp(
+        self,
+        contact: PublicContact,
+        disclose_email=False,
+        createContact=True,
+        disclose_fields=None,
+        disclose_types=None,
+    ):
         DF = common.DiscloseField
-        fields = {DF.EMAIL}
+        if disclose_fields is None:
+            disclose_fields = [DF.EMAIL]
 
-        di = common.Disclose(
-            flag=disclose_email,
-            fields=fields,
-        )
+        di = common.Disclose(flag=disclose_email, fields=disclose_fields, types=disclose_types)
 
         # check docs here looks like we may have more than one address field but
         addr = common.ContactAddr(
diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index 93072f93b..27567a211 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -988,9 +988,21 @@ class TestRegistrantContacts(MockEppLib):
             for contact in contacts:
                 expected_contact = contact[0]
                 actual_contact = contact[1]
-                is_security = expected_contact.contact_type == "security"
-                expectedCreateCommand = self._convertPublicContactToEpp(expected_contact, disclose_email=is_security)
-                # Should only be disclosed if the type is security, as the email is valid
+                if expected_contact.contact_type == PublicContact.ContactTypeChoices.SECURITY:
+                    expectedCreateCommand = self._convertPublicContactToEpp(
+                        expected_contact, disclose_email=True, disclose_fields=["email"]
+                    )
+                elif expected_contact.contact_type == PublicContact.ContactTypeChoices.ADMINISTRATIVE:
+                    expectedCreateCommand = self._convertPublicContactToEpp(
+                        expected_contact,
+                        disclose_email=True,
+                        disclose_fields=["email", "voice", "addr"],
+                        disclose_types={"addr": "loc"},
+                    )
+                else:
+                    expectedCreateCommand = self._convertPublicContactToEpp(
+                        expected_contact, disclose_email=False, disclose_fields=[]
+                    )
                 self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
                 # The emails should match on both items
                 self.assertEqual(expected_contact.email, actual_contact.email)

From a3088c47d10b8bf5dad70dd19483e98a12bbe61b Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 08:59:21 -0700
Subject: [PATCH 082/285] Create design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .github/ISSUE_TEMPLATE/design-issue.yml

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -0,0 +1 @@
+

From de2163eff09572638faba60a1251c925645f1a92 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:02:33 -0700
Subject: [PATCH 083/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 41 +++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 8b1378917..16d16bd4e 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -1 +1,42 @@
+name: Design Issue / story
+description: Specifically for design and content tickets
+
+body:
+  - type: markdown
+    id: title-help
+    attributes:
+      value: |
+        > Titles should be short, descriptive, and compelling. Use sentence case: don't capitalize words unnecessarily.
+  - type: textarea
+    id: issue-description
+    attributes:
+      label: Issue description
+      description: |
+        Describe the issue so that someone who wasn't present for its discovery can understand why it matters. For stories, use the user story format (e.g., As a user, I want, so that). Use full sentences, plain language, and [good formatting](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax).
+    validations:
+      required: true
+  - type: textarea
+    id: acceptance-criteria
+    attributes:
+      label: Acceptance criteria
+      description: "If known, share 1-3 statements that would need to be true for this issue to be considered resolved. Use a [task list](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists#creating-task-lists) if appropriate."
+      placeholder: "- [ ]"
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional context
+      description: "Share any other thoughts, like how this might be implemented or fixed. Screenshots and links to documents/discussions are welcome."
+  - type: textarea
+    id: links-to-other-issues
+    attributes:
+      label: Links to other issues
+      description: |
+        "Use a dash (`-`) to start the line. Add an issue by typing "`#`" then the issue number. Add information to describe any dependancies, blockers, etc. (e.g., 🚧 [construction] Blocks, ⛔️ [no_entry] Is blocked by, 🔄 [arrows_counterclockwise] Relates to). If this is a parent issue, use sub-issues instead of linking other issues here."
+      placeholder: "- 🔄 Relates to..."
+  - type: markdown
+    id: note
+    attributes:
+      value: |
+        > We may edit the text in this issue to document our understanding and clarify the product work.
+        
 

From 83d672e07e2e24f7cf21a55a25ccad136577886b Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:21:42 -0700
Subject: [PATCH 084/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 16d16bd4e..98bbd3ae4 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -15,10 +15,16 @@ body:
         Describe the issue so that someone who wasn't present for its discovery can understand why it matters. For stories, use the user story format (e.g., As a user, I want, so that). Use full sentences, plain language, and [good formatting](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax).
     validations:
       required: true
-  - type: textarea
-    id: acceptance-criteria
+  - type: markdown
+    id: acceptance-criteria-design
     attributes:
-      label: Acceptance criteria
+      label: Acceptance criteria for design updates
+      description: "If known, share 1-3 statements that would need to be true for this issue to be considered resolved. Use a [task list](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists#creating-task-lists) if appropriate."
+      placeholder: "- [ ]"
+  - type: markdown
+    id: acceptance-criteria-content
+    attributes:
+      label: Acceptance criteria for content updates
       description: "If known, share 1-3 statements that would need to be true for this issue to be considered resolved. Use a [task list](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists#creating-task-lists) if appropriate."
       placeholder: "- [ ]"
   - type: textarea

From d614657721ac26a5358ebb4f2e2a2c88a78800eb Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:23:52 -0700
Subject: [PATCH 085/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 98bbd3ae4..c24ba0cd2 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -18,15 +18,13 @@ body:
   - type: markdown
     id: acceptance-criteria-design
     attributes:
-      label: Acceptance criteria for design updates
-      description: "If known, share 1-3 statements that would need to be true for this issue to be considered resolved. Use a [task list](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists#creating-task-lists) if appropriate."
-      placeholder: "- [ ]"
+      value: |
+        > Acceptance criteria for design updates
   - type: markdown
     id: acceptance-criteria-content
     attributes:
-      label: Acceptance criteria for content updates
-      description: "If known, share 1-3 statements that would need to be true for this issue to be considered resolved. Use a [task list](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists#creating-task-lists) if appropriate."
-      placeholder: "- [ ]"
+      value: |
+        > Acceptance criteria for content updates
   - type: textarea
     id: additional-context
     attributes:

From b307bbb87ab27ad3b9aaf4ab78b34f0c9ad5c65c Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:26:29 -0700
Subject: [PATCH 086/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index c24ba0cd2..e89ed6c24 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -19,12 +19,12 @@ body:
     id: acceptance-criteria-design
     attributes:
       value: |
-        > Acceptance criteria for design updates
+        > #Acceptance criteria for design updates
   - type: markdown
     id: acceptance-criteria-content
     attributes:
       value: |
-        > Acceptance criteria for content updates
+        > #Acceptance criteria for content updates
   - type: textarea
     id: additional-context
     attributes:

From 585569a006420b713f416c88a5402645b38ca514 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 10:29:38 -0600
Subject: [PATCH 087/285] bug fix

---
 src/registrar/forms/portfolio.py              | 10 +++-
 .../models/utility/portfolio_helper.py        | 60 +++++++++++++++----
 2 files changed, 57 insertions(+), 13 deletions(-)

diff --git a/src/registrar/forms/portfolio.py b/src/registrar/forms/portfolio.py
index b83e718cb..2ee174050 100644
--- a/src/registrar/forms/portfolio.py
+++ b/src/registrar/forms/portfolio.py
@@ -22,6 +22,7 @@ from registrar.models.utility.portfolio_helper import (
     get_domains_display,
     get_members_description_display,
     get_members_display,
+    get_portfolio_invitation_associations,
 )
 
 logger = logging.getLogger(__name__)
@@ -459,7 +460,14 @@ class PortfolioNewMemberForm(BasePortfolioMemberForm):
             if hasattr(e, "code"):
                 field = "email" if "email" in self.fields else None
                 if e.code == "has_existing_permissions":
-                    self.add_error(field, f"{self.instance.email} is already a member of another .gov organization.")
+                    existing_permissions, existing_invitations = (
+                        get_portfolio_invitation_associations(self.instance)
+                    )
+
+                    same_portfolio_for_permissions = existing_permissions.exclude(portfolio=self.instance.portfolio)
+                    same_portfolio_for_invitations = existing_invitations.exclude(portfolio=self.instance.portfolio)
+                    if same_portfolio_for_permissions.exists() or same_portfolio_for_invitations.exists():
+                        self.add_error(field, f"{self.instance.email} is already a member of another .gov organization.")
                     override_error = True
                 elif e.code == "has_existing_invitations":
                     self.add_error(
diff --git a/src/registrar/models/utility/portfolio_helper.py b/src/registrar/models/utility/portfolio_helper.py
index 009ea3c26..707dfcf54 100644
--- a/src/registrar/models/utility/portfolio_helper.py
+++ b/src/registrar/models/utility/portfolio_helper.py
@@ -286,8 +286,8 @@ def validate_user_portfolio_permission(user_portfolio_permission):
 
     # == Validate the multiple_porfolios flag. == #
     if not flag_is_active_for_user(user_portfolio_permission.user, "multiple_portfolios"):
-        existing_permissions = UserPortfolioPermission.objects.exclude(id=user_portfolio_permission.id).filter(
-            user=user_portfolio_permission.user
+        existing_permissions, existing_invitations = (
+            get_user_portfolio_permission_associations(user_portfolio_permission)
         )
         if existing_permissions.exists():
             raise ValidationError(
@@ -296,10 +296,6 @@ def validate_user_portfolio_permission(user_portfolio_permission):
                 code="has_existing_permissions",
             )
 
-        existing_invitations = PortfolioInvitation.objects.filter(email=user_portfolio_permission.user.email).exclude(
-            Q(portfolio=user_portfolio_permission.portfolio)
-            | Q(status=PortfolioInvitation.PortfolioInvitationStatus.RETRIEVED)
-        )
         if existing_invitations.exists():
             raise ValidationError(
                 "This user is already assigned to a portfolio invitation. "
@@ -307,6 +303,29 @@ def validate_user_portfolio_permission(user_portfolio_permission):
                 code="has_existing_invitations",
             )
 
+def get_user_portfolio_permission_associations(user_portfolio_permission):
+    """
+    Retrieves the associations for a user portfolio invitation.
+
+    Returns:
+      A tuple:
+        (existing_permissions, existing_invitations)
+      where:
+        - existing_permissions: UserPortfolioPermission objects excluding the current permission.
+        - existing_invitations: PortfolioInvitation objects for the user email excluding 
+        the current invitation and those with status RETRIEVED.
+    """
+    PortfolioInvitation = apps.get_model("registrar.PortfolioInvitation")
+    UserPortfolioPermission = apps.get_model("registrar.UserPortfolioPermission")
+    existing_permissions = UserPortfolioPermission.objects.exclude(id=user_portfolio_permission.id).filter(
+        user=user_portfolio_permission.user
+    )
+    existing_invitations = PortfolioInvitation.objects.filter(email__iexact=user_portfolio_permission.user.email).exclude(
+        Q(portfolio=user_portfolio_permission.portfolio)
+        | Q(status=PortfolioInvitation.PortfolioInvitationStatus.RETRIEVED)
+    )
+    return (existing_permissions, existing_invitations)
+
 
 def validate_portfolio_invitation(portfolio_invitation):
     """
@@ -351,17 +370,14 @@ def validate_portfolio_invitation(portfolio_invitation):
         )
 
     # == Validate the multiple_porfolios flag. == #
-    user = User.objects.filter(email=portfolio_invitation.email).first()
+    user = User.objects.filter(email__iexact=portfolio_invitation.email).first()
 
     # If user returns None, then we check for global assignment of multiple_portfolios.
     # Otherwise we just check on the user.
     if not flag_is_active_for_user(user, "multiple_portfolios"):
-        existing_permissions = UserPortfolioPermission.objects.filter(user=user)
-
-        existing_invitations = PortfolioInvitation.objects.filter(email=portfolio_invitation.email).exclude(
-            Q(id=portfolio_invitation.id) | Q(status=PortfolioInvitation.PortfolioInvitationStatus.RETRIEVED)
+        existing_permissions, existing_invitations = (
+            get_portfolio_invitation_associations(portfolio_invitation)
         )
-
         if existing_permissions.exists():
             raise ValidationError(
                 "This user is already assigned to a portfolio. "
@@ -376,6 +392,26 @@ def validate_portfolio_invitation(portfolio_invitation):
                 code="has_existing_invitations",
             )
 
+def get_portfolio_invitation_associations(portfolio_invitation):
+    """
+    Retrieves the associations for a portfolio invitation.
+
+    Returns:
+      A tuple:
+        (existing_permissions, existing_invitations)
+      where:
+        - existing_permissions: UserPortfolioPermission objects matching the email.
+        - existing_invitations: PortfolioInvitation objects for the email excluding 
+        the current invitation and those with status RETRIEVED.
+    """
+    PortfolioInvitation = apps.get_model("registrar.PortfolioInvitation")
+    UserPortfolioPermission = apps.get_model("registrar.UserPortfolioPermission")
+    existing_permissions = UserPortfolioPermission.objects.filter(user__email__iexact=portfolio_invitation.email)
+    existing_invitations = PortfolioInvitation.objects.filter(email__iexact=portfolio_invitation.email).exclude(
+        Q(id=portfolio_invitation.id) | Q(status=PortfolioInvitation.PortfolioInvitationStatus.RETRIEVED)
+    )
+    return (existing_permissions, existing_invitations)
+
 
 def cleanup_after_portfolio_member_deletion(portfolio, email, user=None):
     """

From 13146aaa3ee441f7e82e42f2fbd3119ff8924155 Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Wed, 12 Mar 2025 11:31:15 -0500
Subject: [PATCH 088/285] fix migrations

---
 ...y => 0142_domainrequest_feb_naming_requirements_and_more.py} | 2 +-
 ...t_and_more.py => 0143_domainrequest_eop_contact_and_more.py} | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename src/registrar/migrations/{0143_domainrequest_feb_naming_requirements_and_more.py => 0142_domainrequest_feb_naming_requirements_and_more.py} (96%)
 rename src/registrar/migrations/{0142_domainrequest_eop_contact_and_more.py => 0143_domainrequest_eop_contact_and_more.py} (92%)

diff --git a/src/registrar/migrations/0143_domainrequest_feb_naming_requirements_and_more.py b/src/registrar/migrations/0142_domainrequest_feb_naming_requirements_and_more.py
similarity index 96%
rename from src/registrar/migrations/0143_domainrequest_feb_naming_requirements_and_more.py
rename to src/registrar/migrations/0142_domainrequest_feb_naming_requirements_and_more.py
index fb6976a53..5a8dbeec8 100644
--- a/src/registrar/migrations/0143_domainrequest_feb_naming_requirements_and_more.py
+++ b/src/registrar/migrations/0142_domainrequest_feb_naming_requirements_and_more.py
@@ -6,7 +6,7 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("registrar", "0142_alter_portfolioinvitation_additional_permissions_and_more"),
+        ("registrar", "0141_alter_portfolioinvitation_additional_permissions_and_more"),
     ]
 
     operations = [
diff --git a/src/registrar/migrations/0142_domainrequest_eop_contact_and_more.py b/src/registrar/migrations/0143_domainrequest_eop_contact_and_more.py
similarity index 92%
rename from src/registrar/migrations/0142_domainrequest_eop_contact_and_more.py
rename to src/registrar/migrations/0143_domainrequest_eop_contact_and_more.py
index f91c02259..a5c65f26f 100644
--- a/src/registrar/migrations/0142_domainrequest_eop_contact_and_more.py
+++ b/src/registrar/migrations/0143_domainrequest_eop_contact_and_more.py
@@ -7,7 +7,7 @@ import django.db.models.deletion
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("registrar", "0141_domainrequest_feb_naming_requirements_and_more"),
+        ("registrar", "0142_domainrequest_feb_naming_requirements_and_more"),
     ]
 
     operations = [

From c1965ffacd022e6e4eecd4ae25ce45ff20d50e55 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:32:30 -0700
Subject: [PATCH 089/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index e89ed6c24..7305b54bd 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -17,14 +17,16 @@ body:
       required: true
   - type: markdown
     id: acceptance-criteria-design
+    label: Acceptance criteria for design updates
     attributes:
       value: |
-        > #Acceptance criteria for design updates
+        > - [ ] Criteria 1
   - type: markdown
     id: acceptance-criteria-content
+    label: Acceptance criteria for content updates
     attributes:
       value: |
-        > #Acceptance criteria for content updates
+        > - [ ] Criteria 1
   - type: textarea
     id: additional-context
     attributes:

From ab57447d752b08a0c8d038f5c3e8d37287139ad2 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:38:03 -0700
Subject: [PATCH 090/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 7305b54bd..2488199d5 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -17,16 +17,15 @@ body:
       required: true
   - type: markdown
     id: acceptance-criteria-design
-    label: Acceptance criteria for design updates
     attributes:
       value: |
-        > - [ ] Criteria 1
+        > - [ ] Criteria 1 for design updates
   - type: markdown
     id: acceptance-criteria-content
     label: Acceptance criteria for content updates
     attributes:
       value: |
-        > - [ ] Criteria 1
+        > - [ ] Criteria 1 for content
   - type: textarea
     id: additional-context
     attributes:

From 171744e68f6988cb6857ba69bf7efdbfed07066e Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:38:42 -0700
Subject: [PATCH 091/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 2488199d5..cf450884c 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -22,7 +22,6 @@ body:
         > - [ ] Criteria 1 for design updates
   - type: markdown
     id: acceptance-criteria-content
-    label: Acceptance criteria for content updates
     attributes:
       value: |
         > - [ ] Criteria 1 for content

From ea38658870c9a6745eecb9229b41dc6c71e09d65 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:43:12 -0700
Subject: [PATCH 092/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index cf450884c..07c8321bb 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -17,6 +17,7 @@ body:
       required: true
   - type: markdown
     id: acceptance-criteria-design
+    title: Acceptance criteria for design updates
     attributes:
       value: |
         > - [ ] Criteria 1 for design updates

From ff8ae8e43fad028a5f3d6cd4240fde4a8db4cf3d Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:47:54 -0700
Subject: [PATCH 093/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 07c8321bb..af9e93d4a 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -15,9 +15,9 @@ body:
         Describe the issue so that someone who wasn't present for its discovery can understand why it matters. For stories, use the user story format (e.g., As a user, I want, so that). Use full sentences, plain language, and [good formatting](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax).
     validations:
       required: true
+  - title: Acceptance criteria for design updates
   - type: markdown
     id: acceptance-criteria-design
-    title: Acceptance criteria for design updates
     attributes:
       value: |
         > - [ ] Criteria 1 for design updates

From 947c4ed9e8a277de4c6a35b45d0151f3ff954861 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:51:01 -0700
Subject: [PATCH 094/285] Readded all emails sent reference

---
 src/registrar/utility/email_invitations.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index 1604eeaf2..f98ef5459 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -245,6 +245,7 @@ def send_portfolio_organization_update_email(editor, portfolio, updated_page):
         EmailSendingError: If there is an error while sending the email.
     """
     editor_email = editor.email
+    all_emails_sent = True
     # Get each portfolio admin from list
     user_portfolio_permissions = UserPortfolioPermission.objects.filter(
         portfolio=portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]

From 2e1f79434c2db97f6f8c20737e0b56b05db10c1b Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 10:58:38 -0600
Subject: [PATCH 095/285] Unit tests

---
 src/registrar/tests/common.py             |  4 +-
 src/registrar/tests/test_models_domain.py | 58 +++++++++++++++++++----
 2 files changed, 52 insertions(+), 10 deletions(-)

diff --git a/src/registrar/tests/common.py b/src/registrar/tests/common.py
index 500ecfe39..cad041242 100644
--- a/src/registrar/tests/common.py
+++ b/src/registrar/tests/common.py
@@ -1424,9 +1424,9 @@ class MockEppLib(TestCase):
     )
 
     mockDefaultTechnicalContact = InfoDomainWithContacts.dummyInfoContactResultData(
-        "defaultTech", "dotgov@cisa.dhs.gov"
+        "defaultTech", "help@get.gov"
     )
-    mockDefaultSecurityContact = InfoDomainWithContacts.dummyInfoContactResultData("defaultSec", "dotgov@cisa.dhs.gov")
+    mockDefaultSecurityContact = InfoDomainWithContacts.dummyInfoContactResultData("defaultSec", "help@get.gov")
     mockSecurityContact = InfoDomainWithContacts.dummyInfoContactResultData("securityContact", "security@mail.gov")
     mockTechnicalContact = InfoDomainWithContacts.dummyInfoContactResultData("technicalContact", "tech@mail.gov")
     mockAdministrativeContact = InfoDomainWithContacts.dummyInfoContactResultData("adminContact", "admin@mail.gov")
diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index 27567a211..08d2687ca 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -1014,20 +1014,21 @@ class TestRegistrantContacts(MockEppLib):
             test_disclose = self._convertPublicContactToEpp(dummy_contact, disclose_email=True).__dict__
             test_not_disclose = self._convertPublicContactToEpp(dummy_contact, disclose_email=False).__dict__
             # Separated for linter
-            disclose_email_field = {common.DiscloseField.EMAIL}
+            disclose_email_field = [common.DiscloseField.EMAIL]
+            self.maxDiff = None
             expected_disclose = {
                 "auth_info": common.ContactAuthInfo(pw="2fooBAR123fooBaz"),
                 "disclose": common.Disclose(flag=True, fields=disclose_email_field, types=None),
-                "email": "dotgov@cisa.dhs.gov",
+                "email": "help@get.gov",
                 "extensions": [],
                 "fax": None,
                 "id": "ThIq2NcRIDN7PauO",
                 "ident": None,
                 "notify_email": None,
                 "postal_info": common.PostalInfo(
-                    name="Registry Customer Service",
+                    name="CSD/CB – Attn: .gov TLD",
                     addr=common.ContactAddr(
-                        street=["4200 Wilson Blvd.", None, None],
+                        street=["1110 N. Glebe Rd", None, None],
                         city="Arlington",
                         pc="22201",
                         cc="US",
@@ -1043,16 +1044,16 @@ class TestRegistrantContacts(MockEppLib):
             expected_not_disclose = {
                 "auth_info": common.ContactAuthInfo(pw="2fooBAR123fooBaz"),
                 "disclose": common.Disclose(flag=False, fields=disclose_email_field, types=None),
-                "email": "dotgov@cisa.dhs.gov",
+                "email": "help@get.gov",
                 "extensions": [],
                 "fax": None,
                 "id": "ThrECENCHI76PGLh",
                 "ident": None,
                 "notify_email": None,
                 "postal_info": common.PostalInfo(
-                    name="Registry Customer Service",
+                    name="CSD/CB – Attn: .gov TLD",
                     addr=common.ContactAddr(
-                        street=["4200 Wilson Blvd.", None, None],
+                        street=["1110 N. Glebe Rd", None, None],
                         city="Arlington",
                         pc="22201",
                         cc="US",
@@ -1070,6 +1071,45 @@ class TestRegistrantContacts(MockEppLib):
             self.assertEqual(test_disclose, expected_disclose)
             self.assertEqual(test_not_disclose, expected_not_disclose)
 
+    @less_console_noise_decorator
+    def test_convert_public_contact_with_custom_fields(self):
+        """Test converting a contact with custom disclosure fields."""
+        domain, _ = Domain.objects.get_or_create(name="freeman.gov")
+        dummy_contact = domain.get_default_administrative_contact()
+        DF = common.DiscloseField
+        
+        # Create contact with multiple disclosure fields
+        result = self._convertPublicContactToEpp(
+            dummy_contact, 
+            disclose_email=True, 
+            disclose_fields=[DF.EMAIL, DF.VOICE, DF.ADDR],
+            disclose_types={DF.ADDR: "loc"},
+        )
+        self.assertEqual(result.disclose.flag, True)
+        self.assertEqual(result.disclose.fields, [DF.EMAIL, DF.VOICE, DF.ADDR])
+        self.assertIn(DF.EMAIL, result.disclose.fields)
+        self.assertIn(DF.VOICE, result.disclose.fields)
+        self.assertIn(DF.ADDR, result.disclose.fields)
+        self.assertEqual(result.disclose.types, {DF.ADDR: "loc"})
+
+    @less_console_noise
+    def test_convert_public_contact_with_empty_fields(self):
+        """Test converting a contact with empty disclosure fields."""
+        domain, _ = Domain.objects.get_or_create(name="freeman.gov")
+        dummy_contact = domain.get_default_security_contact()
+        
+        # Create contact with empty fields list
+        result = self._convertPublicContactToEpp(
+            dummy_contact, 
+            disclose_email=True, 
+            disclose_fields=[]
+        )
+        
+        # Verify disclosure settings
+        self.assertEqual(result.disclose.flag, True)
+        self.assertEqual(result.disclose.fields, [])
+        self.assertIsNone(result.disclose.types)
+
     def test_not_disclosed_on_default_security_contact(self):
         """
         Scenario: Registrant creates a new domain with no security email
@@ -1101,7 +1141,9 @@ class TestRegistrantContacts(MockEppLib):
             expectedTechContact.domain = domain
             expectedTechContact.registry_id = "defaultTech"
             domain.technical_contact = expectedTechContact
-            expectedCreateCommand = self._convertPublicContactToEpp(expectedTechContact, disclose_email=False)
+            expectedCreateCommand = self._convertPublicContactToEpp(
+                expectedTechContact, disclose_email=False, disclose_fields=[]
+            )
             self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
             # Confirm that we are getting a default email
             self.assertEqual(domain.technical_contact.email, expectedTechContact.email)

From 8037c7d4be894962da0630acfb9c1ac4fd950941 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 10:27:45 -0700
Subject: [PATCH 096/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index af9e93d4a..191a965fc 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -15,16 +15,16 @@ body:
         Describe the issue so that someone who wasn't present for its discovery can understand why it matters. For stories, use the user story format (e.g., As a user, I want, so that). Use full sentences, plain language, and [good formatting](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax).
     validations:
       required: true
-  - title: Acceptance criteria for design updates
   - type: markdown
     id: acceptance-criteria-design
     attributes:
-      value: |
-        > - [ ] Criteria 1 for design updates
+      item: |
+        ## Acceptance criteria for design
+        - [ ] Criteria 1 for design updates
   - type: markdown
     id: acceptance-criteria-content
     attributes:
-      value: |
+      item: |
         > - [ ] Criteria 1 for content
   - type: textarea
     id: additional-context

From 4f7667a85b6ca51e8007c786bb47c37f96481c0d Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 10:28:32 -0700
Subject: [PATCH 097/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 191a965fc..2f5af1cc4 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -18,13 +18,13 @@ body:
   - type: markdown
     id: acceptance-criteria-design
     attributes:
-      item: |
+      value: |
         ## Acceptance criteria for design
         - [ ] Criteria 1 for design updates
   - type: markdown
     id: acceptance-criteria-content
     attributes:
-      item: |
+      value: |
         > - [ ] Criteria 1 for content
   - type: textarea
     id: additional-context

From b061f902b9d94fd305207613fe02ddb8a57f3a7e Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 10:29:39 -0700
Subject: [PATCH 098/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 2f5af1cc4..bc5a365e8 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -19,13 +19,14 @@ body:
     id: acceptance-criteria-design
     attributes:
       value: |
-        ## Acceptance criteria for design
+        ### Acceptance criteria for design updates
         - [ ] Criteria 1 for design updates
   - type: markdown
     id: acceptance-criteria-content
     attributes:
       value: |
-        > - [ ] Criteria 1 for content
+        ### Acceptance criteria for content updates
+        - [ ] Criteria 1 for content
   - type: textarea
     id: additional-context
     attributes:

From ed957919c2757b1477a0e68a553c1abd55de1ec9 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 10:30:08 -0700
Subject: [PATCH 099/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index bc5a365e8..a8aeb3413 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -19,13 +19,14 @@ body:
     id: acceptance-criteria-design
     attributes:
       value: |
-        ### Acceptance criteria for design updates
+        #### Acceptance criteria for design updates
         - [ ] Criteria 1 for design updates
+        
   - type: markdown
     id: acceptance-criteria-content
     attributes:
       value: |
-        ### Acceptance criteria for content updates
+        #### Acceptance criteria for content updates
         - [ ] Criteria 1 for content
   - type: textarea
     id: additional-context

From 1863b5548a31e717cf2dae82c3762e856c80f718 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 11:36:22 -0600
Subject: [PATCH 100/285] fix unit tests and lint

---
 src/registrar/tests/common.py             |  4 +---
 src/registrar/tests/test_models_domain.py | 18 +++++++-----------
 2 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/src/registrar/tests/common.py b/src/registrar/tests/common.py
index cad041242..68fc71a33 100644
--- a/src/registrar/tests/common.py
+++ b/src/registrar/tests/common.py
@@ -1423,9 +1423,7 @@ class MockEppLib(TestCase):
         ],
     )
 
-    mockDefaultTechnicalContact = InfoDomainWithContacts.dummyInfoContactResultData(
-        "defaultTech", "help@get.gov"
-    )
+    mockDefaultTechnicalContact = InfoDomainWithContacts.dummyInfoContactResultData("defaultTech", "help@get.gov")
     mockDefaultSecurityContact = InfoDomainWithContacts.dummyInfoContactResultData("defaultSec", "help@get.gov")
     mockSecurityContact = InfoDomainWithContacts.dummyInfoContactResultData("securityContact", "security@mail.gov")
     mockTechnicalContact = InfoDomainWithContacts.dummyInfoContactResultData("technicalContact", "tech@mail.gov")
diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index 08d2687ca..d8650d062 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -1077,11 +1077,11 @@ class TestRegistrantContacts(MockEppLib):
         domain, _ = Domain.objects.get_or_create(name="freeman.gov")
         dummy_contact = domain.get_default_administrative_contact()
         DF = common.DiscloseField
-        
+
         # Create contact with multiple disclosure fields
         result = self._convertPublicContactToEpp(
-            dummy_contact, 
-            disclose_email=True, 
+            dummy_contact,
+            disclose_email=True,
             disclose_fields=[DF.EMAIL, DF.VOICE, DF.ADDR],
             disclose_types={DF.ADDR: "loc"},
         )
@@ -1092,19 +1092,15 @@ class TestRegistrantContacts(MockEppLib):
         self.assertIn(DF.ADDR, result.disclose.fields)
         self.assertEqual(result.disclose.types, {DF.ADDR: "loc"})
 
-    @less_console_noise
+    @less_console_noise_decorator
     def test_convert_public_contact_with_empty_fields(self):
         """Test converting a contact with empty disclosure fields."""
         domain, _ = Domain.objects.get_or_create(name="freeman.gov")
         dummy_contact = domain.get_default_security_contact()
-        
+
         # Create contact with empty fields list
-        result = self._convertPublicContactToEpp(
-            dummy_contact, 
-            disclose_email=True, 
-            disclose_fields=[]
-        )
-        
+        result = self._convertPublicContactToEpp(dummy_contact, disclose_email=True, disclose_fields=[])
+
         # Verify disclosure settings
         self.assertEqual(result.disclose.flag, True)
         self.assertEqual(result.disclose.fields, [])

From 768867ffb5d53e1e77911c56791d381a09339d25 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 11:57:33 -0600
Subject: [PATCH 101/285] Linter

---
 src/registrar/models/domain.py            | 6 +++---
 src/registrar/tests/test_models_domain.py | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 5397d1f7f..328ed7aee 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1682,13 +1682,13 @@ class Domain(TimeStampedModel, DomainHelper):
             case contact.ContactTypeChoices.SECURITY:
                 hidden_security_emails = [email for email in DefaultEmail]
                 disclose_fields = {
-                    "fields": [DF.EMAIL],
+                    "fields": {DF.EMAIL},
                     "flag": contact.email not in hidden_security_emails,
                 }
             case contact.ContactTypeChoices.ADMINISTRATIVE:
-                disclose_fields = {"fields": [DF.EMAIL, DF.VOICE, DF.ADDR], "types": {DF.ADDR: "loc"}, "flag": True}
+                disclose_fields = {"fields": {DF.EMAIL, DF.VOICE, DF.ADDR}, "types": {DF.ADDR: "loc"}, "flag": True}
         logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose_fields.get("flag"))
-        return epp.Disclose(**disclose_fields)
+        return epp.Disclose(**disclose_fields)  # type: ignore
 
     def _make_epp_contact_postal_info(self, contact: PublicContact):  # type: ignore
         return epp.PostalInfo(  # type: ignore
diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index d8650d062..c5fabb6bc 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -1014,7 +1014,7 @@ class TestRegistrantContacts(MockEppLib):
             test_disclose = self._convertPublicContactToEpp(dummy_contact, disclose_email=True).__dict__
             test_not_disclose = self._convertPublicContactToEpp(dummy_contact, disclose_email=False).__dict__
             # Separated for linter
-            disclose_email_field = [common.DiscloseField.EMAIL]
+            disclose_email_field = {common.DiscloseField.EMAIL}
             self.maxDiff = None
             expected_disclose = {
                 "auth_info": common.ContactAuthInfo(pw="2fooBAR123fooBaz"),
@@ -1082,11 +1082,11 @@ class TestRegistrantContacts(MockEppLib):
         result = self._convertPublicContactToEpp(
             dummy_contact,
             disclose_email=True,
-            disclose_fields=[DF.EMAIL, DF.VOICE, DF.ADDR],
+            disclose_fields={DF.EMAIL, DF.VOICE, DF.ADDR},
             disclose_types={DF.ADDR: "loc"},
         )
         self.assertEqual(result.disclose.flag, True)
-        self.assertEqual(result.disclose.fields, [DF.EMAIL, DF.VOICE, DF.ADDR])
+        self.assertEqual(result.disclose.fields, {DF.EMAIL, DF.VOICE, DF.ADDR})
         self.assertIn(DF.EMAIL, result.disclose.fields)
         self.assertIn(DF.VOICE, result.disclose.fields)
         self.assertIn(DF.ADDR, result.disclose.fields)
@@ -1099,7 +1099,7 @@ class TestRegistrantContacts(MockEppLib):
         dummy_contact = domain.get_default_security_contact()
 
         # Create contact with empty fields list
-        result = self._convertPublicContactToEpp(dummy_contact, disclose_email=True, disclose_fields=[])
+        result = self._convertPublicContactToEpp(dummy_contact, disclose_email=True, disclose_fields={})
 
         # Verify disclosure settings
         self.assertEqual(result.disclose.flag, True)

From 3d72463806c9b5f065abb610a66a0bea856a04d3 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 12:15:18 -0600
Subject: [PATCH 102/285] Update common.py

---
 src/registrar/tests/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/tests/common.py b/src/registrar/tests/common.py
index 68fc71a33..101be51ef 100644
--- a/src/registrar/tests/common.py
+++ b/src/registrar/tests/common.py
@@ -1949,7 +1949,7 @@ class MockEppLib(TestCase):
     ):
         DF = common.DiscloseField
         if disclose_fields is None:
-            disclose_fields = [DF.EMAIL]
+            disclose_fields = {DF.EMAIL}
 
         di = common.Disclose(flag=disclose_email, fields=disclose_fields, types=disclose_types)
 

From ca82f103d8e6f08e4032ed47255743ee3ae7d0b2 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 12:54:46 -0600
Subject: [PATCH 103/285] Get better debug info

---
 src/registrar/models/domain.py         | 26 ++++++------------
 src/registrar/models/public_contact.py | 38 ++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 18 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 328ed7aee..410d763ba 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1350,20 +1350,6 @@ class Domain(TimeStampedModel, DomainHelper):
         )
         return street_dict
 
-    def _request_contact_info(self, contact: PublicContact):
-        try:
-            req = commands.InfoContact(id=contact.registry_id)
-            return registry.send(req, cleaned=True).res_data[0]
-        except RegistryError as error:
-            logger.error(
-                "Registry threw error for contact id %s contact type is %s, error code is\n %s full error is %s",  # noqa
-                contact.registry_id,
-                contact.contact_type,
-                error.code,
-                error,
-            )
-            raise error
-
     def generic_contact_getter(self, contact_type_choice: PublicContact.ContactTypeChoices) -> PublicContact | None:
         """Retrieves the desired PublicContact from the registry.
         This abstracts the caching and EPP retrieval for
@@ -1686,7 +1672,11 @@ class Domain(TimeStampedModel, DomainHelper):
                     "flag": contact.email not in hidden_security_emails,
                 }
             case contact.ContactTypeChoices.ADMINISTRATIVE:
-                disclose_fields = {"fields": {DF.EMAIL, DF.VOICE, DF.ADDR}, "types": {DF.ADDR: "loc"}, "flag": True}
+                disclose_fields = {
+                    "fields": {DF.EMAIL, DF.VOICE, DF.ADDR},
+                    "types": {DF.ADDR: "loc"},
+                    "flag": True,
+                }
         logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose_fields.get("flag"))
         return epp.Disclose(**disclose_fields)  # type: ignore
 
@@ -1773,13 +1763,13 @@ class Domain(TimeStampedModel, DomainHelper):
         """Try to fetch info about a contact. Create it if it does not exist."""
         logger.info("_get_or_create_contact() -> Fetching contact info")
         try:
-            return self._request_contact_info(contact)
+            return contact.get_contact_info_from_epp()
         except RegistryError as e:
             if e.code == ErrorCode.OBJECT_DOES_NOT_EXIST:
                 logger.info("_get_or_create_contact()-> contact doesn't exist so making it")
                 contact.domain = self
                 contact.save()  # this will call the function based on type of contact
-                return self._request_contact_info(contact=contact)
+                return contact.get_contact_info_from_epp()
             else:
                 logger.error(
                     "Registry threw error for contact id %s"
@@ -2230,7 +2220,7 @@ class Domain(TimeStampedModel, DomainHelper):
             contact_type=PublicContact.ContactTypeChoices.REGISTRANT,
         )
         # Grabs the expanded contact
-        full_object = self._request_contact_info(contact)
+        full_object = contact.get_contact_info_from_epp()
         # Maps it to type PublicContact
         mapped_object = self.map_epp_contact_to_public_contact(full_object, contact.registry_id, contact.contact_type)
         return self._get_or_create_public_contact(mapped_object)
diff --git a/src/registrar/models/public_contact.py b/src/registrar/models/public_contact.py
index 6c123474d..7a091a0a0 100644
--- a/src/registrar/models/public_contact.py
+++ b/src/registrar/models/public_contact.py
@@ -1,3 +1,4 @@
+import logging
 from datetime import datetime
 from random import choices
 from string import ascii_uppercase, ascii_lowercase, digits
@@ -7,7 +8,13 @@ from django.db import models
 from registrar.utility.enums import DefaultEmail
 
 from .utility.time_stamped_model import TimeStampedModel
+from epplibwrapper import (
+    CLIENT as registry,
+    commands,
+    RegistryError,
+)
 
+logger = logging.getLogger(__name__)
 
 def get_id():
     """Generate a 16 character registry ID with a low probability of collision."""
@@ -87,6 +94,37 @@ class PublicContact(TimeStampedModel):
     )
     pw = models.CharField(null=False, help_text="Contact's authorization code. 16 characters minimum.")
 
+    def get_contact_info_from_epp(self):
+        """Grabs the resultant contact information in epp for this public contact
+        by using the InfoContact command.
+        Returns `registry.send(req, cleaned=True).res_data[0]`."""
+        try:
+            req = commands.InfoContact(id=self.registry_id)
+            return registry.send(req, cleaned=True).res_data[0]
+        except RegistryError as error:
+            logger.error(
+                "Registry threw error for contact id %s contact type is %s, error code is\n %s full error is %s",  # noqa
+                self.registry_id,
+                self.contact_type,
+                error.code,
+                error,
+            )
+            raise error
+    
+    # NOTE: REMOVE THIS BEFORE MERGING, USED FOR PR REVIEW ONLY
+    def debug_contact_info_epp(self):
+        results = self.get_contact_info_from_epp()
+        logger.info("Contact Info from EPP:")
+        logger.info("=====================")
+        for key, value in results.items():
+            logger.info(f"{key}: {value}")
+        
+        logger.info("Contact Info on PublicContact model (compare against EPP):")
+        logger.info("=====================")
+        for key in results.keys():
+            if value_on_model := getattr(self, key) is not None:
+                logger.info(f"{key}: {value_on_model}")
+
     @classmethod
     def get_default_registrant(cls):
         return cls(

From 0eddbcffb76a5c4afa605449ca28c44faf08f686 Mon Sep 17 00:00:00 2001
From: CocoByte <nicolle.leclair@gmail.com>
Date: Wed, 12 Mar 2025 13:01:55 -0600
Subject: [PATCH 104/285] temporary styling

---
 src/registrar/forms/domain.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index 6bc057abd..02c4225ee 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -661,8 +661,9 @@ class DomainDsdataForm(forms.Form):
         },
         widget=forms.Textarea(
             attrs={
-                "class": "text-wrap resize-none",
-                "rows": "2"
+                "class": "text-wrap",
+                "rows": "2",
+                "style": "height: fit-content; resize: none; overflow:hidden;"
             }
         )
     )

From 5265ce80cc8956ce708d05a4ca1cc7c9064bbef1 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 13:04:36 -0600
Subject: [PATCH 105/285] Update test_models_domain.py

---
 src/registrar/tests/test_models_domain.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index c5fabb6bc..e10b16843 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -990,18 +990,18 @@ class TestRegistrantContacts(MockEppLib):
                 actual_contact = contact[1]
                 if expected_contact.contact_type == PublicContact.ContactTypeChoices.SECURITY:
                     expectedCreateCommand = self._convertPublicContactToEpp(
-                        expected_contact, disclose_email=True, disclose_fields=["email"]
+                        expected_contact, disclose_email=True, disclose_fields={"email"}
                     )
                 elif expected_contact.contact_type == PublicContact.ContactTypeChoices.ADMINISTRATIVE:
                     expectedCreateCommand = self._convertPublicContactToEpp(
                         expected_contact,
                         disclose_email=True,
-                        disclose_fields=["email", "voice", "addr"],
+                        disclose_fields={"email", "voice", "addr"},
                         disclose_types={"addr": "loc"},
                     )
                 else:
                     expectedCreateCommand = self._convertPublicContactToEpp(
-                        expected_contact, disclose_email=False, disclose_fields=[]
+                        expected_contact, disclose_email=False, disclose_fields={}
                     )
                 self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
                 # The emails should match on both items
@@ -1103,7 +1103,7 @@ class TestRegistrantContacts(MockEppLib):
 
         # Verify disclosure settings
         self.assertEqual(result.disclose.flag, True)
-        self.assertEqual(result.disclose.fields, [])
+        self.assertEqual(result.disclose.fields, {})
         self.assertIsNone(result.disclose.types)
 
     def test_not_disclosed_on_default_security_contact(self):

From 8aaa247f78ede051d3419c7dc1d07c23c91e7b8d Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 12:12:52 -0700
Subject: [PATCH 106/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index a8aeb3413..9bd2f1348 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -21,7 +21,6 @@ body:
       value: |
         #### Acceptance criteria for design updates
         - [ ] Criteria 1 for design updates
-        
   - type: markdown
     id: acceptance-criteria-content
     attributes:

From eff89aae21cb1ba8446aaf25e76da3449f1869eb Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 13:13:37 -0600
Subject: [PATCH 107/285] Update public_contact.py

---
 src/registrar/models/public_contact.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/registrar/models/public_contact.py b/src/registrar/models/public_contact.py
index 7a091a0a0..72abbb210 100644
--- a/src/registrar/models/public_contact.py
+++ b/src/registrar/models/public_contact.py
@@ -94,13 +94,14 @@ class PublicContact(TimeStampedModel):
     )
     pw = models.CharField(null=False, help_text="Contact's authorization code. 16 characters minimum.")
 
-    def get_contact_info_from_epp(self):
+    def get_contact_info_from_epp(self, get_result_as_dict=False):
         """Grabs the resultant contact information in epp for this public contact
         by using the InfoContact command.
         Returns `registry.send(req, cleaned=True).res_data[0]`."""
         try:
             req = commands.InfoContact(id=self.registry_id)
-            return registry.send(req, cleaned=True).res_data[0]
+            result = registry.send(req, cleaned=True).res_data[0]
+            return result if not get_result_as_dict else vars(result)
         except RegistryError as error:
             logger.error(
                 "Registry threw error for contact id %s contact type is %s, error code is\n %s full error is %s",  # noqa
@@ -112,8 +113,9 @@ class PublicContact(TimeStampedModel):
             raise error
     
     # NOTE: REMOVE THIS BEFORE MERGING, USED FOR PR REVIEW ONLY
-    def debug_contact_info_epp(self):
-        results = self.get_contact_info_from_epp()
+    @classmethod
+    def debug_contact_info_epp(cls):
+        results = cls.get_contact_info_from_epp(get_result_as_dict=True)
         logger.info("Contact Info from EPP:")
         logger.info("=====================")
         for key, value in results.items():

From c469bab07c70975bacd6d15a7646870ca252b06b Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 12:14:07 -0700
Subject: [PATCH 108/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 9bd2f1348..2af135b47 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -27,6 +27,12 @@ body:
       value: |
         #### Acceptance criteria for content updates
         - [ ] Criteria 1 for content
+  - type: textarea
+    id: additional-acceptance-criteria
+    attributes:
+      label: Additional acceptance criteria
+      description: "If known, add more statements that would need to be true for this issue to be considered resolved. Use a [task list](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists#creating-task-lists) if appropriate."
+      placeholder: "- [ ]"
   - type: textarea
     id: additional-context
     attributes:

From 51e833acd0ac87c815a48e8ca6d4765282da130b Mon Sep 17 00:00:00 2001
From: CocoByte <nicolle.leclair@gmail.com>
Date: Wed, 12 Mar 2025 13:14:31 -0600
Subject: [PATCH 109/285] add ellipsis--15 back into css

---
 src/registrar/assets/src/sass/_theme/_base.scss | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/registrar/assets/src/sass/_theme/_base.scss b/src/registrar/assets/src/sass/_theme/_base.scss
index 2484cd534..6a0dec2ab 100644
--- a/src/registrar/assets/src/sass/_theme/_base.scss
+++ b/src/registrar/assets/src/sass/_theme/_base.scss
@@ -217,6 +217,10 @@ abbr[title] {
   max-width: 23ch;
 }
 
+.ellipsis--15 {
+  max-width: 15ch;
+}
+
 .vertical-align-middle {
   vertical-align: middle;
 }

From 2faeded1ea78f97cb827fc07f89b55190dcd9dc8 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 13:14:45 -0600
Subject: [PATCH 110/285] Update public_contact.py

---
 src/registrar/models/public_contact.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/models/public_contact.py b/src/registrar/models/public_contact.py
index 72abbb210..a02c9b11a 100644
--- a/src/registrar/models/public_contact.py
+++ b/src/registrar/models/public_contact.py
@@ -97,7 +97,7 @@ class PublicContact(TimeStampedModel):
     def get_contact_info_from_epp(self, get_result_as_dict=False):
         """Grabs the resultant contact information in epp for this public contact
         by using the InfoContact command.
-        Returns `registry.send(req, cleaned=True).res_data[0]`."""
+        Returns a commands.InfoContactResultData object, or a dict if get_result_as_dict is True."""
         try:
             req = commands.InfoContact(id=self.registry_id)
             result = registry.send(req, cleaned=True).res_data[0]
@@ -124,7 +124,7 @@ class PublicContact(TimeStampedModel):
         logger.info("Contact Info on PublicContact model (compare against EPP):")
         logger.info("=====================")
         for key in results.keys():
-            if value_on_model := getattr(self, key) is not None:
+            if value_on_model := getattr(cls, key) is not None:
                 logger.info(f"{key}: {value_on_model}")
 
     @classmethod

From 8884baaa15794adc41b3be08711fb381c88a002b Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 13:32:23 -0600
Subject: [PATCH 111/285] Update test_models_domain.py

---
 src/registrar/tests/test_models_domain.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index e10b16843..cde46c518 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -1001,7 +1001,7 @@ class TestRegistrantContacts(MockEppLib):
                     )
                 else:
                     expectedCreateCommand = self._convertPublicContactToEpp(
-                        expected_contact, disclose_email=False, disclose_fields={}
+                        expected_contact, disclose_email=False, disclose_fields=[]
                     )
                 self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
                 # The emails should match on both items

From 5e4879785013d81dc45de0dc797e30d7c40db6c8 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 13:34:34 -0600
Subject: [PATCH 112/285] Final fix

---
 src/registrar/models/public_contact.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/registrar/models/public_contact.py b/src/registrar/models/public_contact.py
index a02c9b11a..e9fb89825 100644
--- a/src/registrar/models/public_contact.py
+++ b/src/registrar/models/public_contact.py
@@ -113,9 +113,8 @@ class PublicContact(TimeStampedModel):
             raise error
     
     # NOTE: REMOVE THIS BEFORE MERGING, USED FOR PR REVIEW ONLY
-    @classmethod
-    def debug_contact_info_epp(cls):
-        results = cls.get_contact_info_from_epp(get_result_as_dict=True)
+    def debug_contact_info_epp(self):
+        results = self.get_contact_info_from_epp(get_result_as_dict=True)
         logger.info("Contact Info from EPP:")
         logger.info("=====================")
         for key, value in results.items():
@@ -124,7 +123,7 @@ class PublicContact(TimeStampedModel):
         logger.info("Contact Info on PublicContact model (compare against EPP):")
         logger.info("=====================")
         for key in results.keys():
-            if value_on_model := getattr(cls, key) is not None:
+            if value_on_model := getattr(self, key) is not None:
                 logger.info(f"{key}: {value_on_model}")
 
     @classmethod

From e16e2cac0f2888e74ca361cc154fb2ba0d4ba825 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 14:04:11 -0600
Subject: [PATCH 113/285] The final lintdown

---
 src/registrar/models/public_contact.py | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/registrar/models/public_contact.py b/src/registrar/models/public_contact.py
index e9fb89825..a4c2c10d0 100644
--- a/src/registrar/models/public_contact.py
+++ b/src/registrar/models/public_contact.py
@@ -16,6 +16,7 @@ from epplibwrapper import (
 
 logger = logging.getLogger(__name__)
 
+
 def get_id():
     """Generate a 16 character registry ID with a low probability of collision."""
     day = datetime.today().strftime("%A")[:2]
@@ -111,7 +112,7 @@ class PublicContact(TimeStampedModel):
                 error,
             )
             raise error
-    
+
     # NOTE: REMOVE THIS BEFORE MERGING, USED FOR PR REVIEW ONLY
     def debug_contact_info_epp(self):
         results = self.get_contact_info_from_epp(get_result_as_dict=True)
@@ -119,12 +120,6 @@ class PublicContact(TimeStampedModel):
         logger.info("=====================")
         for key, value in results.items():
             logger.info(f"{key}: {value}")
-        
-        logger.info("Contact Info on PublicContact model (compare against EPP):")
-        logger.info("=====================")
-        for key in results.keys():
-            if value_on_model := getattr(self, key) is not None:
-                logger.info(f"{key}: {value_on_model}")
 
     @classmethod
     def get_default_registrant(cls):

From f73158eeb08d3909a98fe6d0f16b79f33fdc1746 Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Wed, 12 Mar 2025 16:44:03 -0500
Subject: [PATCH 114/285] minor bug fixes

---
 src/registrar/forms/feb.py            | 6 +++---
 src/registrar/views/domain_request.py | 4 +---
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/registrar/forms/feb.py b/src/registrar/forms/feb.py
index e14e2741e..d4322f512 100644
--- a/src/registrar/forms/feb.py
+++ b/src/registrar/forms/feb.py
@@ -180,9 +180,9 @@ class EOPContactForm(BaseDeletableRegistrarForm):
         if not obj.eop_contact:
             return {}
         return {
-            "first_name": obj.feb_eop_contact.first_name,
-            "last_name": obj.feb_eop_contact.last_name,
-            "email": obj.feb_eop_contact.email,
+            "first_name": obj.eop_contact.first_name,
+            "last_name": obj.eop_contact.last_name,
+            "email": obj.eop_contact.email,
         }
 
     def to_database(self, obj):
diff --git a/src/registrar/views/domain_request.py b/src/registrar/views/domain_request.py
index bd3e22fce..ef6df0151 100644
--- a/src/registrar/views/domain_request.py
+++ b/src/registrar/views/domain_request.py
@@ -183,9 +183,7 @@ class DomainRequestWizard(TemplateView):
         return PortfolioDomainRequestStep if self.is_portfolio else Step
 
     def requires_feb_questions(self) -> bool:
-        # TODO: remove this
-        return True
-        # return self.domain_request.is_feb() and flag_is_active_for_user(self.request.user, "organization_feature")
+        return self.domain_request.is_feb() and flag_is_active_for_user(self.request.user, "organization_feature")
 
     @property
     def prefix(self):

From beb4e722b377c3297ad5f0d142e4a98597dac07d Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 12 Mar 2025 15:44:57 -0600
Subject: [PATCH 115/285] Fix unrelated test failure

---
 src/registrar/forms/portfolio.py               |  8 ++++----
 .../models/utility/portfolio_helper.py         | 18 ++++++++++--------
 src/registrar/tests/test_views_portfolio.py    |  8 +++++---
 3 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/src/registrar/forms/portfolio.py b/src/registrar/forms/portfolio.py
index 2ee174050..db1f58d88 100644
--- a/src/registrar/forms/portfolio.py
+++ b/src/registrar/forms/portfolio.py
@@ -460,14 +460,14 @@ class PortfolioNewMemberForm(BasePortfolioMemberForm):
             if hasattr(e, "code"):
                 field = "email" if "email" in self.fields else None
                 if e.code == "has_existing_permissions":
-                    existing_permissions, existing_invitations = (
-                        get_portfolio_invitation_associations(self.instance)
-                    )
+                    existing_permissions, existing_invitations = get_portfolio_invitation_associations(self.instance)
 
                     same_portfolio_for_permissions = existing_permissions.exclude(portfolio=self.instance.portfolio)
                     same_portfolio_for_invitations = existing_invitations.exclude(portfolio=self.instance.portfolio)
                     if same_portfolio_for_permissions.exists() or same_portfolio_for_invitations.exists():
-                        self.add_error(field, f"{self.instance.email} is already a member of another .gov organization.")
+                        self.add_error(
+                            field, f"{self.instance.email} is already a member of another .gov organization."
+                        )
                     override_error = True
                 elif e.code == "has_existing_invitations":
                     self.add_error(
diff --git a/src/registrar/models/utility/portfolio_helper.py b/src/registrar/models/utility/portfolio_helper.py
index 707dfcf54..98be6cc87 100644
--- a/src/registrar/models/utility/portfolio_helper.py
+++ b/src/registrar/models/utility/portfolio_helper.py
@@ -286,8 +286,8 @@ def validate_user_portfolio_permission(user_portfolio_permission):
 
     # == Validate the multiple_porfolios flag. == #
     if not flag_is_active_for_user(user_portfolio_permission.user, "multiple_portfolios"):
-        existing_permissions, existing_invitations = (
-            get_user_portfolio_permission_associations(user_portfolio_permission)
+        existing_permissions, existing_invitations = get_user_portfolio_permission_associations(
+            user_portfolio_permission
         )
         if existing_permissions.exists():
             raise ValidationError(
@@ -303,6 +303,7 @@ def validate_user_portfolio_permission(user_portfolio_permission):
                 code="has_existing_invitations",
             )
 
+
 def get_user_portfolio_permission_associations(user_portfolio_permission):
     """
     Retrieves the associations for a user portfolio invitation.
@@ -312,7 +313,7 @@ def get_user_portfolio_permission_associations(user_portfolio_permission):
         (existing_permissions, existing_invitations)
       where:
         - existing_permissions: UserPortfolioPermission objects excluding the current permission.
-        - existing_invitations: PortfolioInvitation objects for the user email excluding 
+        - existing_invitations: PortfolioInvitation objects for the user email excluding
         the current invitation and those with status RETRIEVED.
     """
     PortfolioInvitation = apps.get_model("registrar.PortfolioInvitation")
@@ -320,7 +321,9 @@ def get_user_portfolio_permission_associations(user_portfolio_permission):
     existing_permissions = UserPortfolioPermission.objects.exclude(id=user_portfolio_permission.id).filter(
         user=user_portfolio_permission.user
     )
-    existing_invitations = PortfolioInvitation.objects.filter(email__iexact=user_portfolio_permission.user.email).exclude(
+    existing_invitations = PortfolioInvitation.objects.filter(
+        email__iexact=user_portfolio_permission.user.email
+    ).exclude(
         Q(portfolio=user_portfolio_permission.portfolio)
         | Q(status=PortfolioInvitation.PortfolioInvitationStatus.RETRIEVED)
     )
@@ -375,9 +378,7 @@ def validate_portfolio_invitation(portfolio_invitation):
     # If user returns None, then we check for global assignment of multiple_portfolios.
     # Otherwise we just check on the user.
     if not flag_is_active_for_user(user, "multiple_portfolios"):
-        existing_permissions, existing_invitations = (
-            get_portfolio_invitation_associations(portfolio_invitation)
-        )
+        existing_permissions, existing_invitations = get_portfolio_invitation_associations(portfolio_invitation)
         if existing_permissions.exists():
             raise ValidationError(
                 "This user is already assigned to a portfolio. "
@@ -392,6 +393,7 @@ def validate_portfolio_invitation(portfolio_invitation):
                 code="has_existing_invitations",
             )
 
+
 def get_portfolio_invitation_associations(portfolio_invitation):
     """
     Retrieves the associations for a portfolio invitation.
@@ -401,7 +403,7 @@ def get_portfolio_invitation_associations(portfolio_invitation):
         (existing_permissions, existing_invitations)
       where:
         - existing_permissions: UserPortfolioPermission objects matching the email.
-        - existing_invitations: PortfolioInvitation objects for the email excluding 
+        - existing_invitations: PortfolioInvitation objects for the email excluding
         the current invitation and those with status RETRIEVED.
     """
     PortfolioInvitation = apps.get_model("registrar.PortfolioInvitation")
diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 2065c2d35..bb99e875f 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -3930,17 +3930,19 @@ class TestPortfolioInviteNewMemberView(MockEppLib, WebTest):
         response = self.client.post(
             reverse("new-member"),
             {
-                "role": UserPortfolioRoleChoices.ORGANIZATION_MEMBER.value,
-                "domain_request_permission_member": UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS.value,
+                "role": UserPortfolioRoleChoices.ORGANIZATION_ADMIN,
                 "email": self.user.email,
             },
+            follow=True
         )
         self.assertEqual(response.status_code, 200)
+        with open("debug_response.html", "w") as f:
+            f.write(response.content.decode('utf-8'))
 
         # Verify messages
         self.assertContains(
             response,
-            f"{self.user.email} is already a member of another .gov organization.",
+            "User is already a member of this portfolio.",
         )
 
         # Validate Database has not changed

From 48d025019f042fef2516db8c4f648c694258909f Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Wed, 12 Mar 2025 17:11:01 -0500
Subject: [PATCH 116/285] fix bug in requirements template

---
 .../domain_request_requirements.html          | 66 ++++++++++---------
 1 file changed, 34 insertions(+), 32 deletions(-)

diff --git a/src/registrar/templates/domain_request_requirements.html b/src/registrar/templates/domain_request_requirements.html
index 761add71a..4d49b235e 100644
--- a/src/registrar/templates/domain_request_requirements.html
+++ b/src/registrar/templates/domain_request_requirements.html
@@ -2,13 +2,9 @@
 {% load field_helpers %}
 {% load url_helpers %}
 
-{% block form_required_fields_help_text %}
-{# commented out so it does not appear on this page #}
-{% endblock %}
-
 {% block form_instructions %}
   <p>Please read this page. Check the box at the bottom to show that you agree to the requirements for operating a .gov domain.</p>
-<p>The .gov domain space exists to support a broad diversity of government missions. Generally, we don’t review or audit how government organizations use their registered domains. However, misuse of a .gov domain can reflect upon the integrity of the entire .gov space. There are categories of misuse that are statutorily prohibited or abusive in nature.</p>
+  <p>The .gov domain space exists to support a broad diversity of government missions. Generally, we don’t review or audit how government organizations use their registered domains. However, misuse of a .gov domain can reflect upon the integrity of the entire .gov space. There are categories of misuse that are statutorily prohibited or abusive in nature.</p>
 
 
   <h2>What you can’t do with a .gov domain</h2>
@@ -56,35 +52,41 @@
   <p>.Gov domains are registered for a one-year period. To renew your domain, you'll be asked to verify your organization’s eligibility and your contact information. </p>
   
   <p>Though a domain may expire, it will not automatically be put on hold or deleted. We’ll make extensive efforts to contact your organization before holding or deleting a domain.</p>
+  {% endblock %}
 
-  {% if requires_feb_questions %}
-    <h2>Required and prohibited activities</h2>
-    <h3>Prohibitions on non-governmental use</h3>
+  {% block form_required_fields_help_text %}
+  {# commented out so it does not appear on this page #}
+  {% endblock %}
+  
+  {% block form_fields %}
+    {% if requires_feb_questions %}
+      <h2>Required and prohibited activities</h2>
+      <h3>Prohibitions on non-governmental use</h3>
 
-    <p>Agencies may not use a .gov domain name:
-      <ul class="usa-list"> 
-        <li>On behalf of a non-federal executive branch entity</li>
-        <li>For a non-governmental purpose</li>
-      </ul>
-    </p>
-
-    <h3>Compliance with the 21st Century IDEA Act is required</h3>
-    <p>As required by the DOTGOV Act, agencies must ensure 
-      that any website or digital service that uses a .gov 
-      domain name is in compliance with the 
-      <a href="https://digital.gov/resources/delivering-digital-first-public-experience-act/" target="_blank" rel="noopener noreferrer">21st Century Integrated Digital Experience Act</a>.
-      and 
-      <a href="https://bidenwhitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf" target="_blank" rel="noopener noreferrer">Guidance for Agencies</a>.
-    </p>
-    <h2>Acknowledgement of .gov domain requirements</h2>
-    {% input_with_errors forms.0.is_policy_acknowledged %}
-  {% else %}
-    <fieldset class="usa-fieldset">
-      <legend>
-        <h2>Acknowledgement of .gov domain requirements</h2>
-      </legend>
+      <p>Agencies may not use a .gov domain name:
+        <ul class="usa-list"> 
+          <li>On behalf of a non-federal executive branch entity</li>
+          <li>For a non-governmental purpose</li>
+        </ul>
+      </p>
 
+      <h3>Compliance with the 21st Century IDEA Act is required</h3>
+      <p>As required by the DOTGOV Act, agencies must ensure 
+        that any website or digital service that uses a .gov 
+        domain name is in compliance with the 
+        <a href="https://digital.gov/resources/delivering-digital-first-public-experience-act/" target="_blank" rel="noopener noreferrer">21st Century Integrated Digital Experience Act</a>.
+        and 
+        <a href="https://bidenwhitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf" target="_blank" rel="noopener noreferrer">Guidance for Agencies</a>.
+      </p>
+      <h2>Acknowledgement of .gov domain requirements</h2>
       {% input_with_errors forms.0.is_policy_acknowledged %}
-    </fieldset>
-  {% endif %}
+    {% else %}
+      <fieldset class="usa-fieldset">
+        <legend>
+          <h2>Acknowledgement of .gov domain requirements</h2>
+        </legend>
+
+        {% input_with_errors forms.0.is_policy_acknowledged %}
+      </fieldset>
+    {% endif %}
 {% endblock %}

From f02f95d132286762e003df6a43a366cee923d889 Mon Sep 17 00:00:00 2001
From: CocoByte <nicolle.leclair@gmail.com>
Date: Thu, 13 Mar 2025 00:46:34 -0600
Subject: [PATCH 117/285] added small text.  Added top margin.  Use textarea to
 allow wrap text on digest

---
 .../assets/src/sass/_theme/_base.scss         |  1 +
 .../assets/src/sass/_theme/_tables.scss       |  7 +++++
 src/registrar/forms/domain.py                 |  5 ++--
 src/registrar/templates/domain_dsdata.html    | 10 +++----
 .../includes/finish_profile_form.html         |  2 +-
 .../templates/includes/input_with_errors.html | 27 ++++++++++---------
 6 files changed, 30 insertions(+), 22 deletions(-)

diff --git a/src/registrar/assets/src/sass/_theme/_base.scss b/src/registrar/assets/src/sass/_theme/_base.scss
index 6a0dec2ab..37c429ae9 100644
--- a/src/registrar/assets/src/sass/_theme/_base.scss
+++ b/src/registrar/assets/src/sass/_theme/_base.scss
@@ -299,3 +299,4 @@ Fit-content itself does not work.
 .minh-143px {
   min-height: 143px;
 }
+
diff --git a/src/registrar/assets/src/sass/_theme/_tables.scss b/src/registrar/assets/src/sass/_theme/_tables.scss
index 509bdc573..7c3dc0513 100644
--- a/src/registrar/assets/src/sass/_theme/_tables.scss
+++ b/src/registrar/assets/src/sass/_theme/_tables.scss
@@ -166,3 +166,10 @@ th {
       overflow-y: visible;
   }
 }
+
+.usa-textarea--digest {
+  max-height: 4rem;
+  min-width: 13rem;
+  resize: none;
+  overflow: hidden;
+}
\ No newline at end of file
diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index 02c4225ee..0f200198e 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -661,9 +661,8 @@ class DomainDsdataForm(forms.Form):
         },
         widget=forms.Textarea(
             attrs={
-                "class": "text-wrap",
-                "rows": "2",
-                "style": "height: fit-content; resize: none; overflow:hidden;"
+                "maxlength": "40",
+                "class": "text-wrap usa-textarea--digest",
             }
         )
     )
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 83642cf66..4d5be7866 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -123,7 +123,7 @@
         {% endif %}
       {% endfor %}
 
-      <div tabindex="0" id="domains__table-wrapper">
+      <div class="margin-top-4" tabindex="0" id="domains__table-wrapper">
         <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="dsdata-table">
           <thead>
             <tr>
@@ -214,24 +214,24 @@
                 <tr class="edit-row display-none">
                   <td class="text-bottom">
                     {% with sublabel_text="Numbers (0-9) only." %}
-                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" use_small_sublabel_text=True %}
                         {% input_with_errors form.key_tag %}
                       {% endwith %}
                     {% endwith %}
                   </td>
                   <td class="text-bottom">
-                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" use_small_sublabel_text=True %}
                         {% input_with_errors form.algorithm %}
                       {% endwith %}
                   </td>
                   <td class="text-bottom">
-                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" use_small_sublabel_text=True %}
                         {% input_with_errors form.digest_type %}
                       {% endwith %}
                   </td>
                   <td class="text-bottom">
                     {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
-                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" use_small_sublabel_text=True %}
                         {% input_with_errors form.digest %}
                       {% endwith %}
                     {% endwith %}
diff --git a/src/registrar/templates/includes/finish_profile_form.html b/src/registrar/templates/includes/finish_profile_form.html
index 119862269..83020acae 100644
--- a/src/registrar/templates/includes/finish_profile_form.html
+++ b/src/registrar/templates/includes/finish_profile_form.html
@@ -62,7 +62,7 @@
 
             {% with link_href=login_help_url %}
                 {% with sublabel_text="We recommend using a Login.gov account that's only connected to your work email address. If you need to change your email, you'll need to make a change to your Login.gov account. Get help with updating your email address." %}
-                    {% with link_text="Get help with updating your email address" target_blank=True do_not_show_max_chars=True %}
+                    {% with link_text="Get help with updating your email address" target_blank=True %}
                         {% input_with_errors form.email %}
                     {% endwith %}
                 {% endwith %}
diff --git a/src/registrar/templates/includes/input_with_errors.html b/src/registrar/templates/includes/input_with_errors.html
index 80768e2b8..8361a0560 100644
--- a/src/registrar/templates/includes/input_with_errors.html
+++ b/src/registrar/templates/includes/input_with_errors.html
@@ -7,8 +7,8 @@ error messages, if necessary.
 
 {% load widget_tweaks %}
 
-{% if widget.attrs.maxlength %}
-<div class="usa-character-count">
+{% if widget.attrs.maxlength or field.widget_type == 'textarea' %}
+  <div class="usa-character-count">
 {% endif %}
 
 {% if field.use_fieldset %}
@@ -35,7 +35,7 @@ error messages, if necessary.
   {% endif %}
 
   {% if sublabel_text %}
-    <p id="{{ widget.attrs.id }}__sublabel" class="text-base margin-top-2px margin-bottom-1">
+    <p id="{{ widget.attrs.id }}__sublabel" class="{% if use_small_sublabel_text %}font-body-xs {% endif %}text-base margin-top-2px margin-bottom-1">
       {# If the link_text appears more than once, the first instance will be a link and the other instances will be ignored #}
       {% if link_text and link_text in sublabel_text %}
         {% with link_index=sublabel_text|find_index:link_text %}
@@ -92,14 +92,15 @@ error messages, if necessary.
   </div>
 {% endif %}
 
-{% if widget.attrs.maxlength and not do_not_show_max_chars %}
-  <span
-    id="{{ widget.attrs.id }}__message"
-    class="usa-character-count__message"
-    aria-live="polite"
-  >
-    You can enter up to {{ widget.attrs.maxlength }} characters
-  </span>
-
-</div>
+{% if field.widget_type == 'textarea' or widget.attrs.maxlength %}
+    {% if not do_not_show_max_chars %}
+        <span
+          id="{{ widget.attrs.id }}__message"
+          class="usa-character-count__message"
+          aria-live="polite"
+        >
+          You can enter up to {{ widget.attrs.maxlength }} characters
+        </span>
+    {% endif %}
+  </div>
 {% endif %}

From 83df7c524b29f39bf2fdc5f327555fc7e0faaefe Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 23:52:54 -0700
Subject: [PATCH 118/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 2af135b47..f2ea4a913 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -20,7 +20,7 @@ body:
     attributes:
       value: |
         #### Acceptance criteria for design updates
-        - [ ] Criteria 1 for design updates
+        - [ ] Criteria 1 for design updates\
   - type: markdown
     id: acceptance-criteria-content
     attributes:

From 6776399b3b02e30ac10e63790f87ea7e7b239936 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 23:53:16 -0700
Subject: [PATCH 119/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index f2ea4a913..90f52228c 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -20,7 +20,8 @@ body:
     attributes:
       value: |
         #### Acceptance criteria for design updates
-        - [ ] Criteria 1 for design updates\
+        - [ ] Criteria 1 for design updates
+        \
   - type: markdown
     id: acceptance-criteria-content
     attributes:

From c6ce35d263ae45613d3caec061ef728f9b7c6d7b Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 23:55:55 -0700
Subject: [PATCH 120/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 90f52228c..0c8f709ad 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -20,8 +20,7 @@ body:
     attributes:
       value: |
         #### Acceptance criteria for design updates
-        - [ ] Criteria 1 for design updates
-        \
+        - [ ] Criteria 1 for design updates  
   - type: markdown
     id: acceptance-criteria-content
     attributes:

From e1bedc913dcfe8e5114874867cb83b5da58402a0 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 23:58:28 -0700
Subject: [PATCH 121/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 0c8f709ad..c8b8158ff 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -20,7 +20,9 @@ body:
     attributes:
       value: |
         #### Acceptance criteria for design updates
-        - [ ] Criteria 1 for design updates  
+        - [ ] Used components from the Figma design system wherein possible
+        - [ ] Merged draft design(s) into the official registrar or get.gov Figma pages
+        - [ ] (If applicable) Updated components from the Figma design system if there's any inconsistencies with production
   - type: markdown
     id: acceptance-criteria-content
     attributes:

From 1171c227a1500427f9b99fdb966ada7215984e6b Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 23:58:55 -0700
Subject: [PATCH 122/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index c8b8158ff..249bdaf9c 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -27,6 +27,7 @@ body:
     id: acceptance-criteria-content
     attributes:
       value: |
+        ####   
         #### Acceptance criteria for content updates
         - [ ] Criteria 1 for content
   - type: textarea

From c63a58eb318d464bff5a57fc6d46f3d1d8dc7070 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Wed, 12 Mar 2025 23:59:24 -0700
Subject: [PATCH 123/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 249bdaf9c..4521a61a1 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -19,7 +19,7 @@ body:
     id: acceptance-criteria-design
     attributes:
       value: |
-        #### Acceptance criteria for design updates
+        ### Acceptance criteria for design updates
         - [ ] Used components from the Figma design system wherein possible
         - [ ] Merged draft design(s) into the official registrar or get.gov Figma pages
         - [ ] (If applicable) Updated components from the Figma design system if there's any inconsistencies with production
@@ -27,7 +27,6 @@ body:
     id: acceptance-criteria-content
     attributes:
       value: |
-        ####   
         #### Acceptance criteria for content updates
         - [ ] Criteria 1 for content
   - type: textarea

From cb78aa2d3867dc81790398bb757b9b1dede72f89 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:00:41 -0700
Subject: [PATCH 124/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 4521a61a1..82a3654ef 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -22,12 +22,13 @@ body:
         ### Acceptance criteria for design updates
         - [ ] Used components from the Figma design system wherein possible
         - [ ] Merged draft design(s) into the official registrar or get.gov Figma pages
-        - [ ] (If applicable) Updated components from the Figma design system if there's any inconsistencies with production
+        - [ ] (If applicable) Updated components from the Figma design system if there's any inconsistencies with production  
+        
   - type: markdown
     id: acceptance-criteria-content
     attributes:
       value: |
-        #### Acceptance criteria for content updates
+        ### Acceptance criteria for content updates
         - [ ] Criteria 1 for content
   - type: textarea
     id: additional-acceptance-criteria

From da90b273bdee294debe70c90ad615551eb26683b Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:01:32 -0700
Subject: [PATCH 125/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 82a3654ef..7956abda0 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -1,5 +1,6 @@
 name: Design Issue / story
 description: Specifically for design and content tickets
+labels: design, content
 
 body:
   - type: markdown

From 23753f5b8b37d13bc6d12d5f147c2b36721e480f Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:03:20 -0700
Subject: [PATCH 126/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 7956abda0..859345a92 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -24,7 +24,7 @@ body:
         - [ ] Used components from the Figma design system wherein possible
         - [ ] Merged draft design(s) into the official registrar or get.gov Figma pages
         - [ ] (If applicable) Updated components from the Figma design system if there's any inconsistencies with production  
-        
+        <br>
   - type: markdown
     id: acceptance-criteria-content
     attributes:

From cf03909584361b9c18be04e5c6870014244084dd Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:05:37 -0700
Subject: [PATCH 127/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 859345a92..536ce7e0f 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -30,7 +30,9 @@ body:
     attributes:
       value: |
         ### Acceptance criteria for content updates
-        - [ ] Criteria 1 for content
+        - [ ] Followed the content guide instructions, including:
+          - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0), and avoiding synonyms or alternative terms
+        <br>
   - type: textarea
     id: additional-acceptance-criteria
     attributes:

From 28305e8b65f6ec60ad52191330d9237c1d8f3d4d Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:21:14 -0700
Subject: [PATCH 128/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 536ce7e0f..439f26f8c 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -30,8 +30,16 @@ body:
     attributes:
       value: |
         ### Acceptance criteria for content updates
-        - [ ] Followed the content guide instructions, including:
-          - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0), and avoiding synonyms or alternative terms
+        - [ ] Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:
+          - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
+          - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
+          - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
+          - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
+        - [ ] Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc))
+          - [ ] Update content in the get.gov design file in Figma
+          - [ ] 
+          
+          
         <br>
   - type: textarea
     id: additional-acceptance-criteria

From d6583ac61b939c4be8fde322da6678a008002083 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:21:38 -0700
Subject: [PATCH 129/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 439f26f8c..b8f140f4c 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -31,13 +31,13 @@ body:
       value: |
         ### Acceptance criteria for content updates
         - [ ] Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:
-          - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
-          - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
-          - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
-          - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
+           - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
+           - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
+           - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
+           - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
         - [ ] Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc))
-          - [ ] Update content in the get.gov design file in Figma
-          - [ ] 
+           - [ ] Update content in the get.gov design file in Figma
+           - [ ] 
           
           
         <br>

From a263647d5af4c0f3767404f84fc14597830051ca Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:21:53 -0700
Subject: [PATCH 130/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index b8f140f4c..0e414235d 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -31,13 +31,13 @@ body:
       value: |
         ### Acceptance criteria for content updates
         - [ ] Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:
-           - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
-           - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
-           - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
-           - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
+            - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
+            - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
+            - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
+            - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
         - [ ] Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc))
-           - [ ] Update content in the get.gov design file in Figma
-           - [ ] 
+            - [ ] Update content in the get.gov design file in Figma
+            - [ ] 
           
           
         <br>

From 44d29fe1758b1f04b81d5ea9014754926d1a746b Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:23:45 -0700
Subject: [PATCH 131/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 0e414235d..b851d587e 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -31,13 +31,13 @@ body:
       value: |
         ### Acceptance criteria for content updates
         - [ ] Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:
-            - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
-            - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
-            - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
-            - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
+            &nbsp;&nbsp;&nbsp- [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
+            &nbsp;&nbsp;&nbsp- [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
+            &nbsp;&nbsp;&nbsp- [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
+            &nbsp;&nbsp;&nbsp- [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
         - [ ] Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc))
-            - [ ] Update content in the get.gov design file in Figma
-            - [ ] 
+            &nbsp;&nbsp;&nbsp- [ ] Update content in the get.gov design file in Figma
+            &nbsp;&nbsp;&nbsp- [ ] 
           
           
         <br>

From a65046042a250d384eb15d3668db6658f57ab9d3 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:24:02 -0700
Subject: [PATCH 132/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index b851d587e..1d7bcdf90 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -31,13 +31,13 @@ body:
       value: |
         ### Acceptance criteria for content updates
         - [ ] Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:
-            &nbsp;&nbsp;&nbsp- [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
-            &nbsp;&nbsp;&nbsp- [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
-            &nbsp;&nbsp;&nbsp- [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
-            &nbsp;&nbsp;&nbsp- [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
+            &nbsp;&nbsp;&nbsp - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
+            &nbsp;&nbsp;&nbsp - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
+            &nbsp;&nbsp;&nbsp - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
+            &nbsp;&nbsp;&nbsp - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
         - [ ] Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc))
-            &nbsp;&nbsp;&nbsp- [ ] Update content in the get.gov design file in Figma
-            &nbsp;&nbsp;&nbsp- [ ] 
+            &nbsp;&nbsp;&nbsp - [ ] Update content in the get.gov design file in Figma
+            &nbsp;&nbsp;&nbsp - [ ] 
           
           
         <br>

From 893af68ef593777073a6f854147beebc92618828 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:24:25 -0700
Subject: [PATCH 133/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 1d7bcdf90..2d64b23de 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -31,13 +31,13 @@ body:
       value: |
         ### Acceptance criteria for content updates
         - [ ] Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:
-            &nbsp;&nbsp;&nbsp - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
-            &nbsp;&nbsp;&nbsp - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
-            &nbsp;&nbsp;&nbsp - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
-            &nbsp;&nbsp;&nbsp - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
+            &nbsp;&nbsp;&nbsp; - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
+            &nbsp;&nbsp;&nbsp; - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
+            &nbsp;&nbsp;&nbsp; - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
+            &nbsp;&nbsp;&nbsp; - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
         - [ ] Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc))
-            &nbsp;&nbsp;&nbsp - [ ] Update content in the get.gov design file in Figma
-            &nbsp;&nbsp;&nbsp - [ ] 
+            &nbsp;&nbsp;&nbsp; - [ ] Update content in the get.gov design file in Figma
+            &nbsp;&nbsp;&nbsp; - [ ] 
           
           
         <br>

From 677b06149771c117e6ea7e12152658615721db97 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:24:53 -0700
Subject: [PATCH 134/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 2d64b23de..61ae385ee 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -31,7 +31,7 @@ body:
       value: |
         ### Acceptance criteria for content updates
         - [ ] Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:
-            &nbsp;&nbsp;&nbsp; - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
+            - [ ] &nbsp;&nbsp;&nbsp; Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
             &nbsp;&nbsp;&nbsp; - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
             &nbsp;&nbsp;&nbsp; - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
             &nbsp;&nbsp;&nbsp; - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab

From 533eeb122d4d41b25db01868515c0d661884de12 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:28:26 -0700
Subject: [PATCH 135/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 61ae385ee..5f3296cd2 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -31,7 +31,7 @@ body:
       value: |
         ### Acceptance criteria for content updates
         - [ ] Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:
-            - [ ] &nbsp;&nbsp;&nbsp; Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
+            > - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
             &nbsp;&nbsp;&nbsp; - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
             &nbsp;&nbsp;&nbsp; - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
             &nbsp;&nbsp;&nbsp; - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab

From 32bf36e6ec190f5c5b10aea3f8c29af9c4f0b565 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:32:05 -0700
Subject: [PATCH 136/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 5f3296cd2..4b722c1f6 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -31,13 +31,13 @@ body:
       value: |
         ### Acceptance criteria for content updates
         - [ ] Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:
-            > - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
-            &nbsp;&nbsp;&nbsp; - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
-            &nbsp;&nbsp;&nbsp; - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
-            &nbsp;&nbsp;&nbsp; - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
+            &emsp;- [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
+            - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
+            - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
+            - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
         - [ ] Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc))
-            &nbsp;&nbsp;&nbsp; - [ ] Update content in the get.gov design file in Figma
-            &nbsp;&nbsp;&nbsp; - [ ] 
+            - [ ] Update content in the get.gov design file in Figma
+            - [ ] 
           
           
         <br>

From 0632448298d43871bcd4dc41ade146633ea7340a Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 00:59:58 -0700
Subject: [PATCH 137/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 4b722c1f6..9a1c86c0e 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -22,8 +22,8 @@ body:
       value: |
         ### Acceptance criteria for design updates
         - [ ] Used components from the Figma design system wherein possible
-        - [ ] Merged draft design(s) into the official registrar or get.gov Figma pages
-        - [ ] (If applicable) Updated components from the Figma design system if there's any inconsistencies with production  
+        - [ ] Merged draft design(s) into the official [registrar](https://www.figma.com/design/xFtGLHVrhp0lvwh0gYWnbx/.gov-registar?m=auto) or [get.gov](https://www.figma.com/design/qeWM03sfjXgHBHB23rsD6X/get.gov?m=auto&t=NevyFHpikXLWEwaL-6) Figma pages
+        - [ ] (If applicable) Updated components from the [Figma design system](https://www.figma.com/design/G2HANRHy8pnlY5ENvmpKY8/.gov-Design-System?m=auto) if there's any inconsistencies with production  
         <br>
   - type: markdown
     id: acceptance-criteria-content
@@ -31,13 +31,20 @@ body:
       value: |
         ### Acceptance criteria for content updates
         - [ ] Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:
-            &emsp;- [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
+            - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
             - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
             - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
             - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
         - [ ] Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc))
-            - [ ] Update content in the get.gov design file in Figma
-            - [ ] 
+            - [ ] Update content in the [get.gov design file](https://www.figma.com/design/qeWM03sfjXgHBHB23rsD6X/get.gov?m=auto&t=NevyFHpikXLWEwaL-6) in Figma
+            - [ ] Update the [relevant pages](https://drive.google.com/drive/u/1/folders/1kPsaM6wTli5yjTx1k1QZNlSzYZ-usW4x) in Google Drive's Content folder
+            - [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm) if the user will need to reference text on the public site while viewing the link
+          - [ ] Instructions specific to the manage.get.gov ([instructions for how to update the registrar](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1hmsyys))
+            - [ ] Update content in the [registrar design file](https://www.figma.com/design/xFtGLHVrhp0lvwh0gYWnbx/.gov-registar?m=auto) in Figma
+            - [ ] Update the [relevant pages](https://drive.google.com/drive/folders/1dlv_w9zT-W_TStG-7icag6lqcQi86WUs?usp=drive_link) in Google Drive's Content folder
+            - [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm)
+          - [ ] Instructions specific to emails
+            - [ ] TBD
           
           
         <br>

From cb82bcf641a89b34c790e18818837a3e3ae51348 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 01:01:37 -0700
Subject: [PATCH 138/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 9a1c86c0e..2ceb93026 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -35,15 +35,15 @@ body:
             - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
             - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
             - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
-        - [ ] Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc))
+        - [ ] Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc)):
             - [ ] Update content in the [get.gov design file](https://www.figma.com/design/qeWM03sfjXgHBHB23rsD6X/get.gov?m=auto&t=NevyFHpikXLWEwaL-6) in Figma
             - [ ] Update the [relevant pages](https://drive.google.com/drive/u/1/folders/1kPsaM6wTli5yjTx1k1QZNlSzYZ-usW4x) in Google Drive's Content folder
             - [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm) if the user will need to reference text on the public site while viewing the link
-          - [ ] Instructions specific to the manage.get.gov ([instructions for how to update the registrar](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1hmsyys))
+          - [ ] Instructions specific to the manage.get.gov ([instructions for how to update the registrar](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1hmsyys)):
             - [ ] Update content in the [registrar design file](https://www.figma.com/design/xFtGLHVrhp0lvwh0gYWnbx/.gov-registar?m=auto) in Figma
             - [ ] Update the [relevant pages](https://drive.google.com/drive/folders/1dlv_w9zT-W_TStG-7icag6lqcQi86WUs?usp=drive_link) in Google Drive's Content folder
             - [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm)
-          - [ ] Instructions specific to emails
+          - [ ] Instructions specific to emails:
             - [ ] TBD
           
           

From 26b229d78b33e336c3977c622bf92dfc26a8b3c5 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 01:03:11 -0700
Subject: [PATCH 139/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 2ceb93026..00dd1887e 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -30,20 +30,20 @@ body:
     attributes:
       value: |
         ### Acceptance criteria for content updates
-        - [ ] Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:
+        - [ ] *Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:*
             - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
             - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
             - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
             - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
-        - [ ] Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc)):
+        - [ ] *Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc)):*
             - [ ] Update content in the [get.gov design file](https://www.figma.com/design/qeWM03sfjXgHBHB23rsD6X/get.gov?m=auto&t=NevyFHpikXLWEwaL-6) in Figma
             - [ ] Update the [relevant pages](https://drive.google.com/drive/u/1/folders/1kPsaM6wTli5yjTx1k1QZNlSzYZ-usW4x) in Google Drive's Content folder
             - [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm) if the user will need to reference text on the public site while viewing the link
-          - [ ] Instructions specific to the manage.get.gov ([instructions for how to update the registrar](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1hmsyys)):
+          - [ ] *Instructions specific to the manage.get.gov ([instructions for how to update the registrar](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1hmsyys)):*
             - [ ] Update content in the [registrar design file](https://www.figma.com/design/xFtGLHVrhp0lvwh0gYWnbx/.gov-registar?m=auto) in Figma
             - [ ] Update the [relevant pages](https://drive.google.com/drive/folders/1dlv_w9zT-W_TStG-7icag6lqcQi86WUs?usp=drive_link) in Google Drive's Content folder
             - [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm)
-          - [ ] Instructions specific to emails:
+          - [ ] *Instructions specific to emails:*
             - [ ] TBD
           
           

From 7fce337c74ce9bd02b339bd24bd0d701223c36ac Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 01:04:23 -0700
Subject: [PATCH 140/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 00dd1887e..a66e2a70f 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -30,23 +30,21 @@ body:
     attributes:
       value: |
         ### Acceptance criteria for content updates
-        - [ ] *Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:*
+        - [ ] **Followed the [content guide](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?usp=sharing) instructions, including:**
             - [ ] Use official terms in the [word list](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.2et92p0) wherein possible, and avoiding synonyms or alternative terms
             - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
             - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
             - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
-        - [ ] *Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc)):*
+        - [ ] **Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc)):**
             - [ ] Update content in the [get.gov design file](https://www.figma.com/design/qeWM03sfjXgHBHB23rsD6X/get.gov?m=auto&t=NevyFHpikXLWEwaL-6) in Figma
             - [ ] Update the [relevant pages](https://drive.google.com/drive/u/1/folders/1kPsaM6wTli5yjTx1k1QZNlSzYZ-usW4x) in Google Drive's Content folder
             - [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm) if the user will need to reference text on the public site while viewing the link
-          - [ ] *Instructions specific to the manage.get.gov ([instructions for how to update the registrar](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1hmsyys)):*
+          - [ ] **Instructions specific to the manage.get.gov ([instructions for how to update the registrar](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1hmsyys)):**
             - [ ] Update content in the [registrar design file](https://www.figma.com/design/xFtGLHVrhp0lvwh0gYWnbx/.gov-registar?m=auto) in Figma
             - [ ] Update the [relevant pages](https://drive.google.com/drive/folders/1dlv_w9zT-W_TStG-7icag6lqcQi86WUs?usp=drive_link) in Google Drive's Content folder
             - [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm)
-          - [ ] *Instructions specific to emails:*
+          - [ ] **Instructions specific to emails:**
             - [ ] TBD
-          
-          
         <br>
   - type: textarea
     id: additional-acceptance-criteria

From 98de052c2ecf748b58c54af1c5dd957a80df3063 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 13 Mar 2025 08:30:58 -0600
Subject: [PATCH 141/285] linting

---
 src/registrar/models/utility/portfolio_helper.py | 4 ----
 src/registrar/tests/test_views_portfolio.py      | 4 ++--
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/src/registrar/models/utility/portfolio_helper.py b/src/registrar/models/utility/portfolio_helper.py
index 98be6cc87..669985725 100644
--- a/src/registrar/models/utility/portfolio_helper.py
+++ b/src/registrar/models/utility/portfolio_helper.py
@@ -257,9 +257,6 @@ def validate_user_portfolio_permission(user_portfolio_permission):
     Raises:
         ValidationError: If any of the validation rules are violated.
     """
-    PortfolioInvitation = apps.get_model("registrar.PortfolioInvitation")
-    UserPortfolioPermission = apps.get_model("registrar.UserPortfolioPermission")
-
     has_portfolio = bool(user_portfolio_permission.portfolio_id)
     portfolio_permissions = set(user_portfolio_permission._get_portfolio_permissions())
 
@@ -346,7 +343,6 @@ def validate_portfolio_invitation(portfolio_invitation):
     Raises:
         ValidationError: If any of the validation rules are violated.
     """
-    PortfolioInvitation = apps.get_model("registrar.PortfolioInvitation")
     UserPortfolioPermission = apps.get_model("registrar.UserPortfolioPermission")
     User = get_user_model()
 
diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index bb99e875f..13a7a3bc6 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -3933,11 +3933,11 @@ class TestPortfolioInviteNewMemberView(MockEppLib, WebTest):
                 "role": UserPortfolioRoleChoices.ORGANIZATION_ADMIN,
                 "email": self.user.email,
             },
-            follow=True
+            follow=True,
         )
         self.assertEqual(response.status_code, 200)
         with open("debug_response.html", "w") as f:
-            f.write(response.content.decode('utf-8'))
+            f.write(response.content.decode("utf-8"))
 
         # Verify messages
         self.assertContains(

From 2dbbf2d757c233f131160f285696516d425b54e3 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 08:20:14 -0700
Subject: [PATCH 142/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index a66e2a70f..797f022c0 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -35,15 +35,18 @@ body:
             - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
             - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
             - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
+        <br>
         - [ ] **Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc)):**
             - [ ] Update content in the [get.gov design file](https://www.figma.com/design/qeWM03sfjXgHBHB23rsD6X/get.gov?m=auto&t=NevyFHpikXLWEwaL-6) in Figma
             - [ ] Update the [relevant pages](https://drive.google.com/drive/u/1/folders/1kPsaM6wTli5yjTx1k1QZNlSzYZ-usW4x) in Google Drive's Content folder
             - [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm) if the user will need to reference text on the public site while viewing the link
-          - [ ] **Instructions specific to the manage.get.gov ([instructions for how to update the registrar](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1hmsyys)):**
+        <br>
+        - [ ] **Instructions specific to the manage.get.gov ([instructions for how to update the registrar](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1hmsyys)):**
             - [ ] Update content in the [registrar design file](https://www.figma.com/design/xFtGLHVrhp0lvwh0gYWnbx/.gov-registar?m=auto) in Figma
             - [ ] Update the [relevant pages](https://drive.google.com/drive/folders/1dlv_w9zT-W_TStG-7icag6lqcQi86WUs?usp=drive_link) in Google Drive's Content folder
             - [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm)
-          - [ ] **Instructions specific to emails:**
+        <br>
+        - [ ] **Instructions specific to emails:**
             - [ ] TBD
         <br>
   - type: textarea

From b1c2513835b6656bd042cc1fc24031a70a023dc3 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 08:21:00 -0700
Subject: [PATCH 143/285] Update design-issue.yml


From c238e082a12179decdec6f25176877c27d50a3f1 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Thu, 13 Mar 2025 08:21:20 -0700
Subject: [PATCH 144/285] Update design-issue.yml

---
 .github/ISSUE_TEMPLATE/design-issue.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/design-issue.yml b/.github/ISSUE_TEMPLATE/design-issue.yml
index 797f022c0..558c34c2d 100644
--- a/.github/ISSUE_TEMPLATE/design-issue.yml
+++ b/.github/ISSUE_TEMPLATE/design-issue.yml
@@ -35,17 +35,17 @@ body:
             - [ ] Use [content blocks](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.23ckvvd) whenever possible (consider creating new content blocks for new content that will be referenced heavily)
             - [ ] Check for readibility using the [Hemingway Editor](https://hemingwayapp.com/)
             - [ ] Any external links have an [external link icon](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.4i7ojhp) and open in a new tab
-        <br>
+        
         - [ ] **Instructions specific to get.gov ([instructions for how to update the public site](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1pxezwc)):**
             - [ ] Update content in the [get.gov design file](https://www.figma.com/design/qeWM03sfjXgHBHB23rsD6X/get.gov?m=auto&t=NevyFHpikXLWEwaL-6) in Figma
             - [ ] Update the [relevant pages](https://drive.google.com/drive/u/1/folders/1kPsaM6wTli5yjTx1k1QZNlSzYZ-usW4x) in Google Drive's Content folder
             - [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm) if the user will need to reference text on the public site while viewing the link
-        <br>
+        
         - [ ] **Instructions specific to the manage.get.gov ([instructions for how to update the registrar](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.1hmsyys)):**
             - [ ] Update content in the [registrar design file](https://www.figma.com/design/xFtGLHVrhp0lvwh0gYWnbx/.gov-registar?m=auto) in Figma
             - [ ] Update the [relevant pages](https://drive.google.com/drive/folders/1dlv_w9zT-W_TStG-7icag6lqcQi86WUs?usp=drive_link) in Google Drive's Content folder
             - [ ] Links [open in a new window](https://docs.google.com/document/d/1U-TRx3ecCFZ-qtrCk7EYmF_nmfKh6kd7FV95Pa4iWeM/edit?tab=t.0#heading=h.g0jcbi63s6zm)
-        <br>
+        
         - [ ] **Instructions specific to emails:**
             - [ ] TBD
         <br>

From 44da71b00770174269e39eba4bf8c5e23c41b486 Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Thu, 13 Mar 2025 12:19:58 -0500
Subject: [PATCH 145/285] linter fixes

---
 src/registrar/forms/domain_request_wizard.py | 25 ++-----------------
 src/registrar/forms/feb.py                   |  3 ++-
 src/registrar/tests/test_views_request.py    | 16 +++++++++---
 src/registrar/views/domain_request.py        | 26 ++++++++++++--------
 4 files changed, 32 insertions(+), 38 deletions(-)

diff --git a/src/registrar/forms/domain_request_wizard.py b/src/registrar/forms/domain_request_wizard.py
index 0693ae837..af60c8649 100644
--- a/src/registrar/forms/domain_request_wizard.py
+++ b/src/registrar/forms/domain_request_wizard.py
@@ -616,7 +616,8 @@ class PurposeDetailsForm(BaseDeletableRegistrarForm):
         label="Purpose",
         widget=forms.Textarea(
             attrs={
-                "aria-label": "What is the purpose of your requested domain? Describe how you’ll use your .gov domain. \
+                "aria-label": "What is the purpose of your requested domain? \
+                Describe how you’ll use your .gov domain. \
                 Will it be used for a website, email, or something else?"
             }
         ),
@@ -873,28 +874,6 @@ class CisaRepresentativeYesNoForm(BaseYesNoForm):
     field_name = "has_cisa_representative"
 
 
-class PurposeDetailsForm(BaseDeletableRegistrarForm):
-
-    field_name = "purpose"
-
-    purpose = forms.CharField(
-        label="Purpose",
-        widget=forms.Textarea(
-            attrs={
-                "aria-label": "What is the purpose of your requested domain? Describe how you’ll use your .gov domain. \
-                Will it be used for a website, email, or something else?"
-            }
-        ),
-        validators=[
-            MaxLengthValidator(
-                2000,
-                message="Response must be less than 2000 characters.",
-            )
-        ],
-        error_messages={"required": "Describe how you’ll use the .gov domain you’re requesting."},
-    )
-
-
 class AnythingElseForm(BaseDeletableRegistrarForm):
     anything_else = forms.CharField(
         required=True,
diff --git a/src/registrar/forms/feb.py b/src/registrar/forms/feb.py
index d4322f512..05b2acf3f 100644
--- a/src/registrar/forms/feb.py
+++ b/src/registrar/forms/feb.py
@@ -3,6 +3,7 @@ from django.core.validators import MaxLengthValidator
 from registrar.forms.utility.wizard_form_helper import BaseDeletableRegistrarForm, BaseYesNoForm
 from registrar.models.contact import Contact
 
+
 class ExecutiveNamingRequirementsYesNoForm(BaseYesNoForm, BaseDeletableRegistrarForm):
     """
     Form for verifying if the domain request meets the Federal Executive Branch domain naming requirements.
@@ -206,4 +207,4 @@ class FEBAnythingElseYesNoForm(BaseYesNoForm, BaseDeletableRegistrarForm):
     """Yes/no toggle for the anything else question on additional details"""
 
     form_is_checked = property(lambda self: self.domain_request.has_anything_else_text)  # type: ignore
-    field_name = "has_anything_else_text"
\ No newline at end of file
+    field_name = "has_anything_else_text"
diff --git a/src/registrar/tests/test_views_request.py b/src/registrar/tests/test_views_request.py
index 4c1311d47..062c81f45 100644
--- a/src/registrar/tests/test_views_request.py
+++ b/src/registrar/tests/test_views_request.py
@@ -2718,12 +2718,20 @@ class DomainRequestTests(TestWithUser, WebTest):
 
     def feb_requirements_page_tests(self, requirements_page):
         # Check for the 21st Century IDEA Act links
-        self.assertContains(requirements_page, "https://digital.gov/resources/delivering-digital-first-public-experience-act/")
-        self.assertContains(requirements_page, "https://bidenwhitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf")
-        
+        self.assertContains(
+            requirements_page, "https://digital.gov/resources/delivering-digital-first-public-experience-act/"
+        )
+        self.assertContains(
+            requirements_page,
+            "https://bidenwhitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf",  # noqa
+        )
+
         # Check for the policy acknowledgement form
         self.assertContains(requirements_page, "is_policy_acknowledged")
-        self.assertContains(requirements_page, "I read and understand the guidance outlined in the DOTGOV Act for operating a .gov domain.")
+        self.assertContains(
+            requirements_page,
+            "I read and understand the guidance outlined in the DOTGOV Act for operating a .gov domain.",
+        )
 
     @less_console_noise_decorator
     def test_domain_request_formsets(self):
diff --git a/src/registrar/views/domain_request.py b/src/registrar/views/domain_request.py
index ef6df0151..64987c08d 100644
--- a/src/registrar/views/domain_request.py
+++ b/src/registrar/views/domain_request.py
@@ -631,21 +631,23 @@ class PortfolioAdditionalDetails(DomainRequestWizard):
         if not forms[0].is_valid():
             # If the user isn't working with EOP, don't validate the EOP contact form
             forms[1].mark_form_for_deletion()
-            eop_forms_valid = False        
+            eop_forms_valid = False
         if forms[0].cleaned_data.get("working_with_eop"):
             eop_forms_valid = forms[1].is_valid()
         else:
-            forms[1].mark_form_for_deletion()        
+            forms[1].mark_form_for_deletion()
         anything_else_forms_valid = True
         if not forms[2].is_valid():
             forms[3].mark_form_for_deletion()
-            anything_else_forms_valid = False        
+            anything_else_forms_valid = False
         if forms[2].cleaned_data.get("has_anything_else_text"):
             forms[3].fields["anything_else"].required = True
-            forms[3].fields["anything_else"].error_messages["required"] = "Please provide additional details you'd like us to know. \
+            forms[3].fields["anything_else"].error_messages[
+                "required"
+            ] = "Please provide additional details you'd like us to know. \
                 If you have nothing to add, select 'No'."
-            anything_else_forms_valid = forms[3].is_valid()        
-        return (eop_forms_valid and anything_else_forms_valid)
+            anything_else_forms_valid = forms[3].is_valid()
+        return eop_forms_valid and anything_else_forms_valid
 
 
 # Non-portfolio pages
@@ -937,15 +939,19 @@ class Requirements(DomainRequestWizard):
     # Override the get_forms method to set the policy acknowledgement label conditionally based on feb status
     def get_forms(self, step=None, use_post=False, use_db=False, files=None):
         forms_list = super().get_forms(step, use_post, use_db, files)
-        
+
         # Pass the is_federal context to the form
         for form in forms_list:
             if isinstance(form, forms.RequirementsForm):
                 if self.requires_feb_questions():
-                    form.fields['is_policy_acknowledged'].label = "I read and understand the guidance outlined in the DOTGOV Act for operating a .gov domain." # noqa: E501
+                    form.fields["is_policy_acknowledged"].label = (
+                        "I read and understand the guidance outlined in the DOTGOV Act for operating a .gov domain."  # noqa: E501
+                    )
                 else:
-                    form.fields['is_policy_acknowledged'].label = "I read and agree to the requirements for operating a .gov domain." # noqa: E501
-                
+                    form.fields["is_policy_acknowledged"].label = (
+                        "I read and agree to the requirements for operating a .gov domain."  # noqa: E501
+                    )
+
         return forms_list
 
 

From a6be508b63cc830352b3f13b4fd3eb7c5e13eab3 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:24:21 -0700
Subject: [PATCH 146/285] Add test for portfolio organization update

---
 src/registrar/tests/test_views_portfolio.py | 45 ++++++++++++++++++++-
 src/registrar/utility/email.py              |  1 -
 2 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 2065c2d35..be2129c2f 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -2,7 +2,7 @@ from django.urls import reverse
 from api.tests.common import less_console_noise_decorator
 from registrar.config import settings
 from registrar.models import Portfolio, SeniorOfficial
-from unittest.mock import MagicMock, patch
+from unittest.mock import MagicMock, patch, ANY
 from django_webtest import WebTest  # type: ignore
 from django.core.handlers.wsgi import WSGIRequest
 from registrar.models import (
@@ -398,11 +398,52 @@ class TestPortfolio(WebTest):
 
             self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
             success_result_page = portfolio_org_name_page.form.submit()
-            self.assertEqual(success_result_page.status_code, 200)
+            self.assertEqual(success_result_page.status_code, 302)
 
             self.assertContains(success_result_page, "6 Downing st")
             self.assertContains(success_result_page, "London")
 
+    @boto3_mocking.patching
+    @less_console_noise_decorator
+    @patch("registrar.utility.email_invitations.send_templated_email")
+    def test_org_update_sends_admin_email(self, mock_send_templated_email):
+        """Updating organization information emails organization admin."""
+        with override_flag("organization_feature", active=True):
+            self.app.set_user(self.user.username)
+            self.admin, _ = User.objects.get_or_create(email="mayor@igorville.com", first_name="Hello", last_name="World")
+            
+            portfolio_additional_permissions = [
+                UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
+                UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
+            ]
+            portfolio_permission, _ = UserPortfolioPermission.objects.get_or_create(
+                user=self.user, portfolio=self.portfolio, additional_permissions=portfolio_additional_permissions
+            )
+            portfolio_permission_admin, _ = UserPortfolioPermission.objects.get_or_create(
+                user=self.admin, portfolio=self.portfolio, additional_permissions=portfolio_additional_permissions,
+                roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+            )
+
+            self.portfolio.address_line1 = "1600 Penn Ave"
+            self.portfolio.save()
+            portfolio_org_name_page = self.app.get(reverse("organization"))
+            session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
+            portfolio_org_name_page.form["address_line1"] = "6 Downing st"
+            portfolio_org_name_page.form["city"] = "London"
+            portfolio_org_name_page.form["zipcode"] = "11111"
+
+            self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
+            success_result_page = portfolio_org_name_page.form.submit()
+            self.assertEqual(success_result_page.status_code, 302)
+            
+            # Verify that the notification emails were sent to domain manager
+            mock_send_templated_email.assert_called_once_with(
+                "emails/portfolio_org_update_notification.txt",
+                "emails/portfolio_org_update_notification_subject.txt",
+                to_address=self.admin.email,
+                context=ANY,
+            )
+
     @less_console_noise_decorator
     def test_portfolio_in_session_when_organization_feature_active(self):
         """When organization_feature flag is true and user has a portfolio,
diff --git a/src/registrar/utility/email.py b/src/registrar/utility/email.py
index 94e87a96b..31b8e9462 100644
--- a/src/registrar/utility/email.py
+++ b/src/registrar/utility/email.py
@@ -48,7 +48,6 @@ def send_templated_email(  # noqa
         SES client could not be accessed
         No valid recipient addresses are provided
     """
-
     if context is None:
         context = {}
 

From 4b0bcfc84c8f9c49174425120b6b17c51ed48a5d Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:25:30 -0700
Subject: [PATCH 147/285] Readd whitespace

---
 src/registrar/utility/email.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/registrar/utility/email.py b/src/registrar/utility/email.py
index 31b8e9462..94e87a96b 100644
--- a/src/registrar/utility/email.py
+++ b/src/registrar/utility/email.py
@@ -48,6 +48,7 @@ def send_templated_email(  # noqa
         SES client could not be accessed
         No valid recipient addresses are provided
     """
+
     if context is None:
         context = {}
 

From 38133552c1d94db98da5332f9850a563b5a9f04d Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:34:36 -0700
Subject: [PATCH 148/285] Revert test

---
 src/registrar/tests/test_views_portfolio.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index be2129c2f..3e1ca4198 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -398,7 +398,7 @@ class TestPortfolio(WebTest):
 
             self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
             success_result_page = portfolio_org_name_page.form.submit()
-            self.assertEqual(success_result_page.status_code, 302)
+            self.assertEqual(success_result_page.status_code, 200)
 
             self.assertContains(success_result_page, "6 Downing st")
             self.assertContains(success_result_page, "London")

From 8be43207e4db237a61a028b58de83291bf85b986 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:37:02 -0700
Subject: [PATCH 149/285] Fix incomplete test

---
 src/registrar/tests/test_views_portfolio.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 3e1ca4198..09654edb2 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -398,11 +398,18 @@ class TestPortfolio(WebTest):
 
             self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
             success_result_page = portfolio_org_name_page.form.submit()
+            # Form will not validate with missing required field (zipcode)
             self.assertEqual(success_result_page.status_code, 200)
 
             self.assertContains(success_result_page, "6 Downing st")
             self.assertContains(success_result_page, "London")
 
+            #Form validates and redirects with all required fields
+            portfolio_org_name_page.form["zipcode"] = "11111"
+            success_result_page = portfolio_org_name_page.form.submit()
+            self.assertEqual(success_result_page.status_code, 302)
+            self.assertContains(success_result_page, "11111")
+
     @boto3_mocking.patching
     @less_console_noise_decorator
     @patch("registrar.utility.email_invitations.send_templated_email")

From cbe30f781d3290af3344e04095cd436267c3431f Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 13 Mar 2025 14:37:12 -0400
Subject: [PATCH 150/285] hide character count on textarea

---
 src/registrar/forms/domain.py                             | 1 +
 src/registrar/forms/user_profile.py                       | 1 +
 .../templates/django/forms/widgets/textarea.html          | 2 +-
 src/registrar/templates/domain_dsdata.html                | 6 ++++--
 src/registrar/templates/includes/input_with_errors.html   | 8 +++++---
 src/registrar/templates/includes/profile_form.html        | 2 +-
 6 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index 0f200198e..776f2a67e 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -663,6 +663,7 @@ class DomainDsdataForm(forms.Form):
             attrs={
                 "maxlength": "40",
                 "class": "text-wrap usa-textarea--digest",
+                "hide_character_count": "True",
             }
         )
     )
diff --git a/src/registrar/forms/user_profile.py b/src/registrar/forms/user_profile.py
index 8d8e2973d..66af78d1a 100644
--- a/src/registrar/forms/user_profile.py
+++ b/src/registrar/forms/user_profile.py
@@ -60,6 +60,7 @@ class UserProfileForm(forms.ModelForm):
         self.fields["email"].error_messages = {
             "required": "Enter an email address in the required format, like name@example.com."
         }
+        self.fields["email"].widget.attrs["hide_character_count"] = "True"
         self.fields["phone"].error_messages["required"] = "Enter your phone number."
 
         if self.instance and self.instance.phone:
diff --git a/src/registrar/templates/django/forms/widgets/textarea.html b/src/registrar/templates/django/forms/widgets/textarea.html
index 068f15399..e7b089c76 100644
--- a/src/registrar/templates/django/forms/widgets/textarea.html
+++ b/src/registrar/templates/django/forms/widgets/textarea.html
@@ -1,5 +1,5 @@
 <textarea
     name="{{ widget.name }}"
-    class="usa-textarea usa-character-count__field {{ widget.attrs.class }}"
+    class="usa-textarea {% if not widget.attrs.hide_character_count %}usa-character-count__field{% endif %}{{ widget.attrs.class }}"
     {% include "django/forms/widgets/attrs.html" %}
 >{% if widget.value %}{{ widget.value }}{% endif %}</textarea>
\ No newline at end of file
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 4d5be7866..e8338c006 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -301,8 +301,10 @@
           <div class="grid-row">
             <div class="grid-col">
               {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
-                {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
-                  {% input_with_errors form.digest %}
+                {% with hide_character_count=True %}
+                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                    {% input_with_errors form.digest %}
+                  {% endwith %}
                 {% endwith %}
               {% endwith %}
             </div>
diff --git a/src/registrar/templates/includes/input_with_errors.html b/src/registrar/templates/includes/input_with_errors.html
index 8361a0560..8bcf2b40e 100644
--- a/src/registrar/templates/includes/input_with_errors.html
+++ b/src/registrar/templates/includes/input_with_errors.html
@@ -8,7 +8,9 @@ error messages, if necessary.
 {% load widget_tweaks %}
 
 {% if widget.attrs.maxlength or field.widget_type == 'textarea' %}
-  <div class="usa-character-count">
+  {% if not widget.attrs.hide_character_count %}
+    <div class="usa-character-count">
+  {% endif %}
 {% endif %}
 
 {% if field.use_fieldset %}
@@ -93,7 +95,7 @@ error messages, if necessary.
 {% endif %}
 
 {% if field.widget_type == 'textarea' or widget.attrs.maxlength %}
-    {% if not do_not_show_max_chars %}
+    {% if not widget.attrs.hide_character_count %}
         <span
           id="{{ widget.attrs.id }}__message"
           class="usa-character-count__message"
@@ -101,6 +103,6 @@ error messages, if necessary.
         >
           You can enter up to {{ widget.attrs.maxlength }} characters
         </span>
+      </div>
     {% endif %}
-  </div>
 {% endif %}
diff --git a/src/registrar/templates/includes/profile_form.html b/src/registrar/templates/includes/profile_form.html
index bd4b0209b..bb3461bcc 100644
--- a/src/registrar/templates/includes/profile_form.html
+++ b/src/registrar/templates/includes/profile_form.html
@@ -36,7 +36,7 @@
       {% with sublabel_text="We recommend using a Login.gov account that's only connected to your work email address. If you need to change your email, you'll need to make a change to your Login.gov account. Get help with updating your email address." %}
         {% with link_text="Get help with updating your email address" %}
           {% with target_blank=True %}
-            {% with do_not_show_max_chars=True %}
+            {% with hide_character_count=True %}
               {% input_with_errors form.email %}
             {% endwith %}
           {% endwith %}

From 9214c4237b1b535315b8b0caca35462acaf29018 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:39:04 -0700
Subject: [PATCH 151/285] Fix linting

---
 src/registrar/tests/test_views_portfolio.py | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 09654edb2..2d8810aa1 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -404,7 +404,7 @@ class TestPortfolio(WebTest):
             self.assertContains(success_result_page, "6 Downing st")
             self.assertContains(success_result_page, "London")
 
-            #Form validates and redirects with all required fields
+            # Form validates and redirects with all required fields
             portfolio_org_name_page.form["zipcode"] = "11111"
             success_result_page = portfolio_org_name_page.form.submit()
             self.assertEqual(success_result_page.status_code, 302)
@@ -417,8 +417,10 @@ class TestPortfolio(WebTest):
         """Updating organization information emails organization admin."""
         with override_flag("organization_feature", active=True):
             self.app.set_user(self.user.username)
-            self.admin, _ = User.objects.get_or_create(email="mayor@igorville.com", first_name="Hello", last_name="World")
-            
+            self.admin, _ = User.objects.get_or_create(
+                email="mayor@igorville.com", first_name="Hello", last_name="World"
+            )
+
             portfolio_additional_permissions = [
                 UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
                 UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
@@ -427,8 +429,10 @@ class TestPortfolio(WebTest):
                 user=self.user, portfolio=self.portfolio, additional_permissions=portfolio_additional_permissions
             )
             portfolio_permission_admin, _ = UserPortfolioPermission.objects.get_or_create(
-                user=self.admin, portfolio=self.portfolio, additional_permissions=portfolio_additional_permissions,
-                roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+                user=self.admin,
+                portfolio=self.portfolio,
+                additional_permissions=portfolio_additional_permissions,
+                roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
             )
 
             self.portfolio.address_line1 = "1600 Penn Ave"
@@ -442,7 +446,7 @@ class TestPortfolio(WebTest):
             self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
             success_result_page = portfolio_org_name_page.form.submit()
             self.assertEqual(success_result_page.status_code, 302)
-            
+
             # Verify that the notification emails were sent to domain manager
             mock_send_templated_email.assert_called_once_with(
                 "emails/portfolio_org_update_notification.txt",

From 8a78c927eaa5e4e22e953b70571e2ad288ee8a31 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 13 Mar 2025 14:44:31 -0400
Subject: [PATCH 152/285] max length increased from 40 to 64

---
 src/registrar/forms/domain.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index 776f2a67e..695a2245f 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -661,7 +661,7 @@ class DomainDsdataForm(forms.Form):
         },
         widget=forms.Textarea(
             attrs={
-                "maxlength": "40",
+                "maxlength": "64",
                 "class": "text-wrap usa-textarea--digest",
                 "hide_character_count": "True",
             }

From 6ce0add0fa09730da80f7b1bc8478fe985a16491 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:45:51 -0700
Subject: [PATCH 153/285] Clean test suite

---
 src/registrar/tests/test_views_portfolio.py | 27 +++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 2d8810aa1..5d6e0de17 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -376,8 +376,8 @@ class TestPortfolio(WebTest):
             self.assertContains(page, "Non-Federal Agency")
 
     @less_console_noise_decorator
-    def test_domain_org_name_address_form(self):
-        """Submitting changes works on the org name address page."""
+    def test_org_form_invalid_update(self):
+        """Organization form will not redirect on invalid formsets."""
         with override_flag("organization_feature", active=True):
             self.app.set_user(self.user.username)
             portfolio_additional_permissions = [
@@ -404,10 +404,33 @@ class TestPortfolio(WebTest):
             self.assertContains(success_result_page, "6 Downing st")
             self.assertContains(success_result_page, "London")
 
+    @less_console_noise_decorator
+    def test_org_form_invalid_update(self):
+         """Organization form will  redirect on invalid formsets."""
+         with override_flag("organization_feature", active=True):
+            self.app.set_user(self.user.username)
+            portfolio_additional_permissions = [
+                UserPortfolioPermissionChoices.VIEW_PORTFOLIO,
+                UserPortfolioPermissionChoices.EDIT_PORTFOLIO,
+            ]
+            portfolio_permission, _ = UserPortfolioPermission.objects.get_or_create(
+                user=self.user, portfolio=self.portfolio, additional_permissions=portfolio_additional_permissions
+            )
+
+            self.portfolio.address_line1 = "1600 Penn Ave"
+            self.portfolio.save()
+            portfolio_org_name_page = self.app.get(reverse("organization"))
+            session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
+
             # Form validates and redirects with all required fields
+            portfolio_org_name_page.form["address_line1"] = "6 Downing st"
+            portfolio_org_name_page.form["city"] = "London"
             portfolio_org_name_page.form["zipcode"] = "11111"
+
             success_result_page = portfolio_org_name_page.form.submit()
             self.assertEqual(success_result_page.status_code, 302)
+            self.assertContains(success_result_page, "6 Downing st")
+            self.assertContains(success_result_page, "London")
             self.assertContains(success_result_page, "11111")
 
     @boto3_mocking.patching

From ecd2018b9328f1ce35ea3400efa9542042ddfae9 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:46:06 -0700
Subject: [PATCH 154/285] Fix linting

---
 src/registrar/tests/test_views_portfolio.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 5d6e0de17..0a7569bbf 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -406,8 +406,8 @@ class TestPortfolio(WebTest):
 
     @less_console_noise_decorator
     def test_org_form_invalid_update(self):
-         """Organization form will  redirect on invalid formsets."""
-         with override_flag("organization_feature", active=True):
+        """Organization form will  redirect on invalid formsets."""
+        with override_flag("organization_feature", active=True):
             self.app.set_user(self.user.username)
             portfolio_additional_permissions = [
                 UserPortfolioPermissionChoices.VIEW_PORTFOLIO,

From ff1fb3982c08d64bd923d07602c15898588f65cf Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:48:14 -0700
Subject: [PATCH 155/285] Update test names

---
 src/registrar/tests/test_views_portfolio.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 0a7569bbf..357b63594 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -405,8 +405,8 @@ class TestPortfolio(WebTest):
             self.assertContains(success_result_page, "London")
 
     @less_console_noise_decorator
-    def test_org_form_invalid_update(self):
-        """Organization form will  redirect on invalid formsets."""
+    def test_org_form_valid_update(self):
+        """Organization form will redirect on valid formsets."""
         with override_flag("organization_feature", active=True):
             self.app.set_user(self.user.username)
             portfolio_additional_permissions = [

From 106976552968d391dfa099a4101a936097c2bf1c Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Thu, 13 Mar 2025 11:51:30 -0700
Subject: [PATCH 156/285] Fix unit test

---
 src/registrar/tests/test_views_portfolio.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 357b63594..dfc36dd2b 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -427,6 +427,7 @@ class TestPortfolio(WebTest):
             portfolio_org_name_page.form["city"] = "London"
             portfolio_org_name_page.form["zipcode"] = "11111"
 
+            self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
             success_result_page = portfolio_org_name_page.form.submit()
             self.assertEqual(success_result_page.status_code, 302)
             self.assertContains(success_result_page, "6 Downing st")

From ac0ac0431ad3a715d21e1da289542927e6b6e262 Mon Sep 17 00:00:00 2001
From: CocoByte <nicolle.leclair@gmail.com>
Date: Thu, 13 Mar 2025 12:53:15 -0600
Subject: [PATCH 157/285] fix grid gap

---
 src/registrar/templates/domain_dsdata.html | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index e8338c006..be9df6961 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -146,12 +146,14 @@
                 <!-- Readonly row -->
                 <tr>
                   <td>{{ form.key_tag.value }}</td>
-                  <td class="ellipsis ellipsis--15">
-                    {% for value, label in form.algorithm.field.choices %}
-                      {% if value|stringformat:"s" == form.algorithm.value|stringformat:"s" %}
-                        {{ label }}
-                      {% endif %}
-                    {% endfor %}
+                  <td>
+                    <span class="ellipsis ellipsis--15">
+                      {% for value, label in form.algorithm.field.choices %}
+                        {% if value|stringformat:"s" == form.algorithm.value|stringformat:"s" %}
+                          {{ label }}
+                        {% endif %}
+                      {% endfor %}
+                    </span>
                   </td>
                   <td>
                     {% for value, label in form.digest_type.field.choices %}
@@ -160,7 +162,9 @@
                       {% endif %}
                     {% endfor %}
                   </td>
-                  <td class="ellipsis ellipsis--23">{{ form.digest.value }}</td>
+                  <td>
+                    <span class="ellipsis ellipsis--23">{{ form.digest.value }}</span>
+                  </td>
                   <td class="padding-right-0">
                     <div class="tablet:display-flex tablet:flex-row">
                       <button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 dsdata-edit'>

From c7a2daae2b7d6fcf5d9b928b4affe17c0cb00310 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 13 Mar 2025 14:56:29 -0400
Subject: [PATCH 158/285] margin top

---
 src/registrar/templates/domain_dsdata.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index e8338c006..34f4ab165 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -214,24 +214,24 @@
                 <tr class="edit-row display-none">
                   <td class="text-bottom">
                     {% with sublabel_text="Numbers (0-9) only." %}
-                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" use_small_sublabel_text=True %}
+                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
                         {% input_with_errors form.key_tag %}
                       {% endwith %}
                     {% endwith %}
                   </td>
                   <td class="text-bottom">
-                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" use_small_sublabel_text=True %}
+                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
                         {% input_with_errors form.algorithm %}
                       {% endwith %}
                   </td>
                   <td class="text-bottom">
-                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" use_small_sublabel_text=True %}
+                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
                         {% input_with_errors form.digest_type %}
                       {% endwith %}
                   </td>
                   <td class="text-bottom">
                     {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
-                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" use_small_sublabel_text=True %}
+                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
                         {% input_with_errors form.digest %}
                       {% endwith %}
                     {% endwith %}

From 8be4b6d1b3fc73ac2a90ba6b433ce226268b9c0a Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Thu, 13 Mar 2025 14:49:45 -0700
Subject: [PATCH 159/285] Update unit test

---
 src/registrar/tests/test_views_portfolio.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index dfc36dd2b..f63275aa9 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -430,9 +430,6 @@ class TestPortfolio(WebTest):
             self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
             success_result_page = portfolio_org_name_page.form.submit()
             self.assertEqual(success_result_page.status_code, 302)
-            self.assertContains(success_result_page, "6 Downing st")
-            self.assertContains(success_result_page, "London")
-            self.assertContains(success_result_page, "11111")
 
     @boto3_mocking.patching
     @less_console_noise_decorator

From 8db741708af621f16a3f4b69898a2ee5e5820582 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 13 Mar 2025 19:13:02 -0400
Subject: [PATCH 160/285] some fixes based on change to textarea

---
 .../assets/src/js/getgov/form-dsdata.js        | 18 ++++++++++++------
 .../django/forms/widgets/textarea.html         |  2 +-
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov/form-dsdata.js b/src/registrar/assets/src/js/getgov/form-dsdata.js
index 3f04dbb26..71c03beaa 100644
--- a/src/registrar/assets/src/js/getgov/form-dsdata.js
+++ b/src/registrar/assets/src/js/getgov/form-dsdata.js
@@ -88,13 +88,20 @@ export class DSDataForm {
             deleteKebabButton.addEventListener('click', this.handleDeleteKebabClick);
         });
 
-        const textInputs = document.querySelectorAll("input[type='text']");
-        textInputs.forEach(input => {
+        const inputs = document.querySelectorAll("input[type='text'], textarea");
+        inputs.forEach(input => {
             input.addEventListener("input", () => {
                 this.formChanged = true;
             });
         });
 
+        const selects = document.querySelectorAll("select");
+        selects.forEach(select => {
+            select.addEventListener("change", () => {
+                this.formChanged = true;
+            });
+        });
+
         // Set event listeners on the submit buttons for the modals. Event listeners
         // should execute the callback function, which has its logic updated prior
         // to modal display
@@ -391,7 +398,7 @@ export class DSDataForm {
         const inputEvent = new Event('input');
         const changeEvent = new Event('change');
         // Reset text inputs
-        let inputs = domElement.querySelectorAll("input[type='text']");
+        const inputs = document.querySelectorAll("input[type='text'], textarea");
         inputs.forEach(input => {
             // Reset input value to its initial stored value
             input.value = input.dataset.initialValue;
@@ -415,10 +422,9 @@ export class DSDataForm {
      * @param {HTMLElement} readOnlyRow - The row where values will be displayed in a non-editable format.
      */
     copyEditRowToReadonlyRow(editRow, readOnlyRow) {
-        let inputs = editRow.querySelectorAll("input[type='text']");
-        let keyTagInput = inputs[0];
+        let keyTagInput = editRow.querySelector("input[type='text']");
         let selects = editRow.querySelectorAll("select");
-        let digestInput = inputs[1];
+        let digestInput = editRow.querySelector("textarea");
         let tds = readOnlyRow.querySelectorAll("td");
 
         // Copy the key tag input value
diff --git a/src/registrar/templates/django/forms/widgets/textarea.html b/src/registrar/templates/django/forms/widgets/textarea.html
index e7b089c76..ffe5dcd4a 100644
--- a/src/registrar/templates/django/forms/widgets/textarea.html
+++ b/src/registrar/templates/django/forms/widgets/textarea.html
@@ -1,5 +1,5 @@
 <textarea
     name="{{ widget.name }}"
-    class="usa-textarea {% if not widget.attrs.hide_character_count %}usa-character-count__field{% endif %}{{ widget.attrs.class }}"
+    class="usa-textarea{% if classes %} {{ classes }}{% endif %}{% if not widget.attrs.hide_character_count %} usa-character-count__field{% endif %} {{ widget.attrs.class }}"
     {% include "django/forms/widgets/attrs.html" %}
 >{% if widget.value %}{{ widget.value }}{% endif %}</textarea>
\ No newline at end of file

From ffaa140148f02fe3fc6c2ee8981b1db47cfb255f Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 13 Mar 2025 19:33:04 -0400
Subject: [PATCH 161/285] more js fixes for ellipsis classes

---
 .../assets/src/js/getgov/form-dsdata.js        | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov/form-dsdata.js b/src/registrar/assets/src/js/getgov/form-dsdata.js
index 71c03beaa..8d1cd7b00 100644
--- a/src/registrar/assets/src/js/getgov/form-dsdata.js
+++ b/src/registrar/assets/src/js/getgov/form-dsdata.js
@@ -433,16 +433,22 @@ export class DSDataForm {
         }
 
         // Copy select values (showing the selected label instead of value)
-        selects.forEach((select, index) => {
-            let selectedOption = select.options[select.selectedIndex];
-            if (tds[index + 1]) {
-                tds[index + 1].innerText = selectedOption ? selectedOption.text : "";
+        if (selects[0]) {
+            let selectedOption = selects[0].options[selects[0].selectedIndex];
+            if (tds[1]) {
+                tds[1].innerHTML = `<span class="ellipsis sllipsis--15">${selectedOption ? selectedOption.text : ""}</span>`;
             }
-        });
+        }
+        if (selects[1]) {
+            let selectedOption = selects[1].options[selects[1].selectedIndex];
+            if (tds[2]) {
+                tds[2].innerText = selectedOption ? selectedOption.text : "";
+            }
+        }
 
         // Copy the digest input value
         if (digestInput) {
-            tds[3].innerText = digestInput.value || "";
+            tds[3].innerHTML = `<span class="ellipsis ellipsis--23">${digestInput.value || ""}</span>`;
         }
     }
 

From d78a8cdfbc471783868846b234f992d91636cf81 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 13 Mar 2025 19:46:13 -0400
Subject: [PATCH 162/285] lint and fix typo

---
 src/registrar/assets/src/js/getgov/form-dsdata.js | 2 +-
 src/registrar/forms/domain.py                     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov/form-dsdata.js b/src/registrar/assets/src/js/getgov/form-dsdata.js
index 8d1cd7b00..788bf2df7 100644
--- a/src/registrar/assets/src/js/getgov/form-dsdata.js
+++ b/src/registrar/assets/src/js/getgov/form-dsdata.js
@@ -436,7 +436,7 @@ export class DSDataForm {
         if (selects[0]) {
             let selectedOption = selects[0].options[selects[0].selectedIndex];
             if (tds[1]) {
-                tds[1].innerHTML = `<span class="ellipsis sllipsis--15">${selectedOption ? selectedOption.text : ""}</span>`;
+                tds[1].innerHTML = `<span class="ellipsis ellipsis--15">${selectedOption ? selectedOption.text : ""}</span>`;
             }
         }
         if (selects[1]) {
diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index 695a2245f..fd6dafb1f 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -2,7 +2,7 @@
 
 import logging
 from django import forms
-from django.core.validators import MinValueValidator, MaxValueValidator, RegexValidator, MaxLengthValidator
+from django.core.validators import RegexValidator, MaxLengthValidator
 from django.forms import formset_factory
 from registrar.forms.utility.combobox import ComboboxWidget
 from registrar.models import DomainRequest, FederalAgency
@@ -665,7 +665,7 @@ class DomainDsdataForm(forms.Form):
                 "class": "text-wrap usa-textarea--digest",
                 "hide_character_count": "True",
             }
-        )
+        ),
     )
 
     def clean(self):

From 08d6b70cfe39e93e3be823613fe811c5d90effbe Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 13 Mar 2025 22:02:36 -0400
Subject: [PATCH 163/285] added comments and removed commented out code

---
 .../src/js/getgov-admin/domain-request-form.js       | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov-admin/domain-request-form.js b/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
index 8823cb46c..b1c6feb04 100644
--- a/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
+++ b/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
@@ -105,8 +105,8 @@ export function initApprovedDomain() {
             return;
         }
 
-        const statusToCheck = "approved";
-        const readonlyStatusToCheck = "Approved";
+        const statusToCheck = "approved";  // when checking against a select
+        const readonlyStatusToCheck = "Approved";  // when checking against a readonly div display value
         const statusSelect = document.getElementById("id_status");
         const statusField = document.querySelector("field-status");
         const sessionVariableName = "showApprovedDomain";
@@ -122,6 +122,8 @@ export function initApprovedDomain() {
 
         // Handle showing/hiding the related fields on page load.
         function initializeFormGroups() {
+            // Status is either in a select or in a readonly div. Both
+            // cases are handled below.
             let isStatus = false;
             if (statusSelect) {
                 isStatus = statusSelect.value == statusToCheck;
@@ -605,12 +607,6 @@ export function initActionNeededEmail() {
         // Initialize UI
         const customEmail = new customActionNeededEmail();
 
-        // // Check that every variable was setup correctly
-        // const nullItems = Object.entries(customEmail.config).filter(([key, value]) => value === null).map(([key]) => key);
-        // if (nullItems.length > 0) {
-        //     console.error(`Failed to load customActionNeededEmail(). Some variables were null: ${nullItems.join(", ")}`)
-        //     return;
-        // }
         customEmail.loadActionNeededEmail()
     });
 }

From f5429b97b0e2954de640aefa8e7f5668680acdde Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 13 Mar 2025 22:04:42 -0400
Subject: [PATCH 164/285] removed commented out code

---
 .../assets/src/js/getgov-admin/domain-request-form.js       | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov-admin/domain-request-form.js b/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
index b1c6feb04..e7bf8f00e 100644
--- a/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
+++ b/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
@@ -669,12 +669,6 @@ export function initRejectedEmail() {
 
         // Initialize UI
         const customEmail = new customRejectedEmail();
-        // // Check that every variable was setup correctly
-        // const nullItems = Object.entries(customEmail.config).filter(([key, value]) => value === null).map(([key]) => key);
-        // if (nullItems.length > 0) {
-        //     console.error(`Failed to load customRejectedEmail(). Some variables were null: ${nullItems.join(", ")}`)
-        //     return;
-        // }
         customEmail.loadRejectedEmail()
     });
 }

From 9362de496761fccdd92dde7dca80e3eea5d4d773 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 14 Mar 2025 08:51:03 -0600
Subject: [PATCH 165/285] Fix bug and add unit test

---
 src/registrar/admin.py                      |  4 +--
 src/registrar/tests/test_views_portfolio.py | 40 +++++++++++++++++++++
 src/registrar/views/portfolios.py           |  2 +-
 3 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 09d0eaa81..28f5abf57 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -1846,7 +1846,7 @@ class PortfolioInvitationAdmin(BaseInvitationAdmin):
                 requested_user = get_requested_user(requested_email)
 
                 permission_exists = UserPortfolioPermission.objects.filter(
-                    user__email=requested_email, portfolio=portfolio, user__email__isnull=False
+                    user__email__iexact=requested_email, portfolio=portfolio, user__email__isnull=False
                 ).exists()
                 if not permission_exists:
                     # if permission does not exist for a user with requested_email, send email
@@ -1857,7 +1857,7 @@ class PortfolioInvitationAdmin(BaseInvitationAdmin):
                         is_admin_invitation=is_admin_invitation,
                     ):
                         messages.warning(
-                            self.request, "Could not send email notification to existing organization admins."
+                            request, "Could not send email notification to existing organization admins."
                         )
                     # if user exists for email, immediately retrieve portfolio invitation upon creation
                     if requested_user is not None:
diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 13a7a3bc6..114c066b3 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -3952,6 +3952,46 @@ class TestPortfolioInviteNewMemberView(MockEppLib, WebTest):
         # assert that send_portfolio_invitation_email is not called
         mock_send_email.assert_not_called()
 
+    @less_console_noise_decorator
+    @override_flag("organization_feature", active=True)
+    @override_flag("organization_members", active=True)
+    @patch("registrar.views.portfolios.send_portfolio_invitation_email")
+    def test_member_invite_for_existing_member_uppercase(self, mock_send_email):
+        """Tests the member invitation flow for existing portfolio member with a different case."""
+        self.client.force_login(self.user)
+
+        # Simulate a session to ensure continuity
+        session_id = self.client.session.session_key
+        self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
+
+        invite_count_before = PortfolioInvitation.objects.count()
+
+        # Simulate submission of member invite for user who has already been invited
+        response = self.client.post(
+            reverse("new-member"),
+            {
+                "role": UserPortfolioRoleChoices.ORGANIZATION_ADMIN,
+                "email": self.user.email.upper(),
+            },
+            follow=True,
+        )
+        self.assertEqual(response.status_code, 200)
+        with open("debug_response.html", "w") as f:
+            f.write(response.content.decode("utf-8"))
+
+        # Verify messages
+        self.assertContains(
+            response,
+            "User is already a member of this portfolio.",
+        )
+
+        # Validate Database has not changed
+        invite_count_after = PortfolioInvitation.objects.count()
+        self.assertEqual(invite_count_after, invite_count_before)
+
+        # assert that send_portfolio_invitation_email is not called
+        mock_send_email.assert_not_called()
+
     @less_console_noise_decorator
     @override_flag("organization_feature", active=True)
     @override_flag("organization_members", active=True)
diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index c2ec44b9e..7fa421eaa 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -970,7 +970,7 @@ class PortfolioAddMemberView(DetailView, FormMixin):
         portfolio = form.cleaned_data["portfolio"]
         is_admin_invitation = UserPortfolioRoleChoices.ORGANIZATION_ADMIN in form.cleaned_data["roles"]
 
-        requested_user = User.objects.filter(email=requested_email).first()
+        requested_user = User.objects.filter(email__iexact=requested_email).first()
         permission_exists = UserPortfolioPermission.objects.filter(user=requested_user, portfolio=portfolio).exists()
         try:
             if not requested_user or not permission_exists:

From 127eb38259e478032b2e0de5a36d5a37d3f637ee Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 14 Mar 2025 13:28:05 -0600
Subject: [PATCH 166/285] lint

---
 src/registrar/admin.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 28f5abf57..343624915 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -1856,9 +1856,7 @@ class PortfolioInvitationAdmin(BaseInvitationAdmin):
                         portfolio=portfolio,
                         is_admin_invitation=is_admin_invitation,
                     ):
-                        messages.warning(
-                            request, "Could not send email notification to existing organization admins."
-                        )
+                        messages.warning(request, "Could not send email notification to existing organization admins.")
                     # if user exists for email, immediately retrieve portfolio invitation upon creation
                     if requested_user is not None:
                         obj.retrieve()

From a92e08061229b8ab77d6c8c322692785cfc92347 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 14 Mar 2025 13:36:11 -0600
Subject: [PATCH 167/285] Update src/registrar/models/domain.py

---
 src/registrar/models/domain.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 410d763ba..f49e9a20c 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1663,7 +1663,7 @@ class Domain(TimeStampedModel, DomainHelper):
         .disclose= <this function> on the command before sending.
         if item is security email then make sure email is visible"""
         DF = epp.DiscloseField
-        disclose_fields = {"fields": [], "flag": False}
+        disclose_fields = {"fields": {}, "flag": False}
         match contact.contact_type:
             case contact.ContactTypeChoices.SECURITY:
                 hidden_security_emails = [email for email in DefaultEmail]

From cf270ef6a32da1c450cfa7ff9b767cbea06be417 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 14 Mar 2025 15:40:17 -0400
Subject: [PATCH 168/285] fixed bug with cancel button

---
 src/registrar/templates/domain_dsdata.html | 2 +-
 src/registrar/views/domain.py              | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 1d52fec11..a7eba203c 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -106,7 +106,7 @@
             </div>
             <div class="margin-top-2">
               <button
-                type="submit"
+                type="button"
                 class="usa-button usa-button--outline"
                 name="btn-cancel-click"
                 aria-label="Reset the data in the DS records to the registry state (undo changes)"
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 4f44f0b01..0a5ee6806 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -1092,6 +1092,7 @@ class DomainDsDataView(DomainFormBaseView):
 
         for form in formset:
             if form.cleaned_data.get("DELETE"):  # Check if form is marked for deletion
+                print("form marked for deletion")
                 continue  # Skip processing this form
 
             try:

From 58291ee1fe06c7f11eeebaa545f49f6ee12f7203 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 14 Mar 2025 16:09:51 -0400
Subject: [PATCH 169/285] more fixes to cancel button

---
 src/registrar/templates/domain_dsdata.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index a7eba203c..468844654 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -107,7 +107,7 @@
             <div class="margin-top-2">
               <button
                 type="button"
-                class="usa-button usa-button--outline"
+                class="usa-button usa-button--outline dsdata-cancel-add-form"
                 name="btn-cancel-click"
                 aria-label="Reset the data in the DS records to the registry state (undo changes)"
               >Cancel

From 182f0ed693e546570c8284093c26b163ad36b402 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 14 Mar 2025 14:38:03 -0600
Subject: [PATCH 170/285] code cleanup

---
 src/registrar/models/domain.py                | 50 +++++++++++++------
 src/registrar/models/public_contact.py        | 20 +-------
 .../templates/domain_security_email.html      |  2 +-
 src/registrar/tests/test_models_domain.py     |  4 +-
 src/registrar/views/domain.py                 |  7 +++
 5 files changed, 45 insertions(+), 38 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index f49e9a20c..8d560aadb 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1350,6 +1350,24 @@ class Domain(TimeStampedModel, DomainHelper):
         )
         return street_dict
 
+    def _request_contact_info(self, contact: PublicContact, get_result_as_dict=False):
+        """Grabs the resultant contact information in epp for this public contact
+        by using the InfoContact command.
+        Returns a commands.InfoContactResultData object, or a dict if get_result_as_dict is True."""
+        try:
+            req = commands.InfoContact(id=contact.registry_id)
+            result = registry.send(req, cleaned=True).res_data[0]
+            return result if not get_result_as_dict else vars(result)
+        except RegistryError as error:
+            logger.error(
+                "Registry threw error for contact id %s contact type is %s, error code is\n %s full error is %s",  # noqa
+                contact.registry_id,
+                contact.contact_type,
+                error.code,
+                error,
+            )
+            raise error
+    
     def generic_contact_getter(self, contact_type_choice: PublicContact.ContactTypeChoices) -> PublicContact | None:
         """Retrieves the desired PublicContact from the registry.
         This abstracts the caching and EPP retrieval for
@@ -1664,19 +1682,19 @@ class Domain(TimeStampedModel, DomainHelper):
         if item is security email then make sure email is visible"""
         DF = epp.DiscloseField
         disclose_fields = {"fields": {}, "flag": False}
-        match contact.contact_type:
-            case contact.ContactTypeChoices.SECURITY:
-                hidden_security_emails = [email for email in DefaultEmail]
-                disclose_fields = {
-                    "fields": {DF.EMAIL},
-                    "flag": contact.email not in hidden_security_emails,
-                }
-            case contact.ContactTypeChoices.ADMINISTRATIVE:
-                disclose_fields = {
-                    "fields": {DF.EMAIL, DF.VOICE, DF.ADDR},
-                    "types": {DF.ADDR: "loc"},
-                    "flag": True,
-                }
+        if contact.contact_type == contact.ContactTypeChoices.SECURITY:
+            hidden_security_emails = [email for email in DefaultEmail]
+            disclose_fields = {
+                "fields": {DF.EMAIL},
+                "flag": contact.email not in hidden_security_emails,
+            }
+        elif contact.contact_type == contact.ContactTypeChoices.ADMINISTRATIVE:
+            disclose_fields = {
+                "fields": {DF.EMAIL, DF.VOICE, DF.ADDR},
+                "types": {DF.ADDR: "loc"},
+                "flag": True,
+            }
+
         logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose_fields.get("flag"))
         return epp.Disclose(**disclose_fields)  # type: ignore
 
@@ -1763,13 +1781,13 @@ class Domain(TimeStampedModel, DomainHelper):
         """Try to fetch info about a contact. Create it if it does not exist."""
         logger.info("_get_or_create_contact() -> Fetching contact info")
         try:
-            return contact.get_contact_info_from_epp()
+            return self._request_contact_info(contact)
         except RegistryError as e:
             if e.code == ErrorCode.OBJECT_DOES_NOT_EXIST:
                 logger.info("_get_or_create_contact()-> contact doesn't exist so making it")
                 contact.domain = self
                 contact.save()  # this will call the function based on type of contact
-                return contact.get_contact_info_from_epp()
+                return self._request_contact_info(contact)
             else:
                 logger.error(
                     "Registry threw error for contact id %s"
@@ -2220,7 +2238,7 @@ class Domain(TimeStampedModel, DomainHelper):
             contact_type=PublicContact.ContactTypeChoices.REGISTRANT,
         )
         # Grabs the expanded contact
-        full_object = contact.get_contact_info_from_epp()
+        full_object = self._request_contact_info(contact)
         # Maps it to type PublicContact
         mapped_object = self.map_epp_contact_to_public_contact(full_object, contact.registry_id, contact.contact_type)
         return self._get_or_create_public_contact(mapped_object)
diff --git a/src/registrar/models/public_contact.py b/src/registrar/models/public_contact.py
index a4c2c10d0..03fbe0e2b 100644
--- a/src/registrar/models/public_contact.py
+++ b/src/registrar/models/public_contact.py
@@ -95,27 +95,9 @@ class PublicContact(TimeStampedModel):
     )
     pw = models.CharField(null=False, help_text="Contact's authorization code. 16 characters minimum.")
 
-    def get_contact_info_from_epp(self, get_result_as_dict=False):
-        """Grabs the resultant contact information in epp for this public contact
-        by using the InfoContact command.
-        Returns a commands.InfoContactResultData object, or a dict if get_result_as_dict is True."""
-        try:
-            req = commands.InfoContact(id=self.registry_id)
-            result = registry.send(req, cleaned=True).res_data[0]
-            return result if not get_result_as_dict else vars(result)
-        except RegistryError as error:
-            logger.error(
-                "Registry threw error for contact id %s contact type is %s, error code is\n %s full error is %s",  # noqa
-                self.registry_id,
-                self.contact_type,
-                error.code,
-                error,
-            )
-            raise error
-
     # NOTE: REMOVE THIS BEFORE MERGING, USED FOR PR REVIEW ONLY
     def debug_contact_info_epp(self):
-        results = self.get_contact_info_from_epp(get_result_as_dict=True)
+        results = self.domain._request_contact_info(self, get_result_as_dict=True)
         logger.info("Contact Info from EPP:")
         logger.info("=====================")
         for key, value in results.items():
diff --git a/src/registrar/templates/domain_security_email.html b/src/registrar/templates/domain_security_email.html
index 662eec152..23d0c509e 100644
--- a/src/registrar/templates/domain_security_email.html
+++ b/src/registrar/templates/domain_security_email.html
@@ -40,7 +40,7 @@
     <button
       type="submit"
       class="usa-button"
-    >{% if form.security_email.value is None or form.security_email.value == "dotgov@cisa.dhs.gov" or form.security_email.value == "registrar@dotgov.gov" or form.security_email.value == "help@get.gov" %}Add security email{% else %}Save{% endif %}</button>
+    >{% if form.security_email.value is None or form.security_email.value|lower in default_emails %}Add security email{% else %}Save{% endif %}</button>
   </form>
 
 {% endblock %}  {# domain_content #}
diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index cde46c518..2b7bff831 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -1001,7 +1001,7 @@ class TestRegistrantContacts(MockEppLib):
                     )
                 else:
                     expectedCreateCommand = self._convertPublicContactToEpp(
-                        expected_contact, disclose_email=False, disclose_fields=[]
+                        expected_contact, disclose_email=False, disclose_fields={}
                     )
                 self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
                 # The emails should match on both items
@@ -1138,7 +1138,7 @@ class TestRegistrantContacts(MockEppLib):
             expectedTechContact.registry_id = "defaultTech"
             domain.technical_contact = expectedTechContact
             expectedCreateCommand = self._convertPublicContactToEpp(
-                expectedTechContact, disclose_email=False, disclose_fields=[]
+                expectedTechContact, disclose_email=False, disclose_fields={}
             )
             self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
             # Confirm that we are getting a default email
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 0b13dda69..ac858da01 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -1172,6 +1172,13 @@ class DomainSecurityEmailView(DomainFormBaseView):
             return initial
         initial["security_email"] = security_contact.email
         return initial
+    
+    def get_context_data(self, **kwargs):
+        """Adds the default emails list to the context"""
+        context = super().get_context_data(**kwargs)
+        # use "formset" instead of "form" for the key
+        context["default_emails"] = [email for email in DefaultEmail]
+        return context
 
     def get_success_url(self):
         """Redirect to the security email page for the domain."""

From 98da0099e29cf220ef4e18a15749cdecac036ff4 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 14 Mar 2025 16:39:52 -0400
Subject: [PATCH 171/285] debugging errors

---
 src/registrar/views/domain.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 0a5ee6806..51ea5032b 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -1078,6 +1078,7 @@ class DomainDsDataView(DomainFormBaseView):
         """Formset submission posts to this view."""
         self._get_domain(request)
         formset = self.get_form()
+        print(formset)
 
         if formset.is_valid():
             return self.form_valid(formset)
@@ -1091,8 +1092,9 @@ class DomainDsDataView(DomainFormBaseView):
         dnssecdata = extensions.DNSSECExtension()
 
         for form in formset:
+            print("processing form")
+            print(form)
             if form.cleaned_data.get("DELETE"):  # Check if form is marked for deletion
-                print("form marked for deletion")
                 continue  # Skip processing this form
 
             try:
@@ -1111,6 +1113,7 @@ class DomainDsDataView(DomainFormBaseView):
                 # not been interacted with; in that case, want to ignore
                 pass
         try:
+            print(dnssecdata)
             self.object.dnssecdata = dnssecdata
         except RegistryError as err:
             if err.is_connection_error():

From 0e2dc2b4f26ed240003108fca4fd75a8d24f1380 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 14 Mar 2025 14:42:00 -0600
Subject: [PATCH 172/285] lint

---
 src/registrar/models/domain.py         | 4 ++--
 src/registrar/models/public_contact.py | 7 +------
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 8d560aadb..badb95740 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1367,7 +1367,7 @@ class Domain(TimeStampedModel, DomainHelper):
                 error,
             )
             raise error
-    
+
     def generic_contact_getter(self, contact_type_choice: PublicContact.ContactTypeChoices) -> PublicContact | None:
         """Retrieves the desired PublicContact from the registry.
         This abstracts the caching and EPP retrieval for
@@ -1781,7 +1781,7 @@ class Domain(TimeStampedModel, DomainHelper):
         """Try to fetch info about a contact. Create it if it does not exist."""
         logger.info("_get_or_create_contact() -> Fetching contact info")
         try:
-            return self._request_contact_info(contact)
+            return self._request_contact_info(contact=contact)
         except RegistryError as e:
             if e.code == ErrorCode.OBJECT_DOES_NOT_EXIST:
                 logger.info("_get_or_create_contact()-> contact doesn't exist so making it")
diff --git a/src/registrar/models/public_contact.py b/src/registrar/models/public_contact.py
index 03fbe0e2b..fe12b22c5 100644
--- a/src/registrar/models/public_contact.py
+++ b/src/registrar/models/public_contact.py
@@ -8,11 +8,7 @@ from django.db import models
 from registrar.utility.enums import DefaultEmail
 
 from .utility.time_stamped_model import TimeStampedModel
-from epplibwrapper import (
-    CLIENT as registry,
-    commands,
-    RegistryError,
-)
+
 
 logger = logging.getLogger(__name__)
 
@@ -95,7 +91,6 @@ class PublicContact(TimeStampedModel):
     )
     pw = models.CharField(null=False, help_text="Contact's authorization code. 16 characters minimum.")
 
-    # NOTE: REMOVE THIS BEFORE MERGING, USED FOR PR REVIEW ONLY
     def debug_contact_info_epp(self):
         results = self.domain._request_contact_info(self, get_result_as_dict=True)
         logger.info("Contact Info from EPP:")

From e8ac747ddcb93f65ce85008713d3b04a3e4886f1 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 14 Mar 2025 14:43:48 -0600
Subject: [PATCH 173/285] Update public_contact.py

---
 src/registrar/models/public_contact.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/registrar/models/public_contact.py b/src/registrar/models/public_contact.py
index fe12b22c5..d3167960d 100644
--- a/src/registrar/models/public_contact.py
+++ b/src/registrar/models/public_contact.py
@@ -91,7 +91,8 @@ class PublicContact(TimeStampedModel):
     )
     pw = models.CharField(null=False, help_text="Contact's authorization code. 16 characters minimum.")
 
-    def debug_contact_info_epp(self):
+    def print_contact_info_epp(self):
+        """Prints registry data for this PublicContact for easier debugging"""
         results = self.domain._request_contact_info(self, get_result_as_dict=True)
         logger.info("Contact Info from EPP:")
         logger.info("=====================")

From d9a1cb2db3d5f9b28f6259bd6a93f799fccac791 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 14 Mar 2025 14:45:49 -0600
Subject: [PATCH 174/285] Update src/registrar/views/domain.py

---
 src/registrar/views/domain.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index ac858da01..254fdce27 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -1176,7 +1176,6 @@ class DomainSecurityEmailView(DomainFormBaseView):
     def get_context_data(self, **kwargs):
         """Adds the default emails list to the context"""
         context = super().get_context_data(**kwargs)
-        # use "formset" instead of "form" for the key
         context["default_emails"] = [email for email in DefaultEmail]
         return context
 

From 24eadb8135319eba78e97cb03de680df41bc6ec8 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 14 Mar 2025 14:48:04 -0600
Subject: [PATCH 175/285] Update domain.py

---
 src/registrar/models/domain.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index badb95740..47236188b 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1781,13 +1781,13 @@ class Domain(TimeStampedModel, DomainHelper):
         """Try to fetch info about a contact. Create it if it does not exist."""
         logger.info("_get_or_create_contact() -> Fetching contact info")
         try:
-            return self._request_contact_info(contact=contact)
+            return self._request_contact_info(contact)
         except RegistryError as e:
             if e.code == ErrorCode.OBJECT_DOES_NOT_EXIST:
                 logger.info("_get_or_create_contact()-> contact doesn't exist so making it")
                 contact.domain = self
                 contact.save()  # this will call the function based on type of contact
-                return self._request_contact_info(contact)
+                return self._request_contact_info(contact=contact)
             else:
                 logger.error(
                     "Registry threw error for contact id %s"

From 297ad843f4a8b9f8666cb3e7abddce835a3b4ab5 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 14 Mar 2025 14:50:03 -0600
Subject: [PATCH 176/285] Update test_models_domain.py

---
 src/registrar/tests/test_models_domain.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index 2b7bff831..400924355 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -1087,9 +1087,6 @@ class TestRegistrantContacts(MockEppLib):
         )
         self.assertEqual(result.disclose.flag, True)
         self.assertEqual(result.disclose.fields, {DF.EMAIL, DF.VOICE, DF.ADDR})
-        self.assertIn(DF.EMAIL, result.disclose.fields)
-        self.assertIn(DF.VOICE, result.disclose.fields)
-        self.assertIn(DF.ADDR, result.disclose.fields)
         self.assertEqual(result.disclose.types, {DF.ADDR: "loc"})
 
     @less_console_noise_decorator

From 104202c35caee896e3928504aa58d0a864cfc520 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 14 Mar 2025 17:01:58 -0400
Subject: [PATCH 177/285] more debugging

---
 src/registrar/views/domain.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 51ea5032b..2be03adb8 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -1115,6 +1115,8 @@ class DomainDsDataView(DomainFormBaseView):
         try:
             print(dnssecdata)
             self.object.dnssecdata = dnssecdata
+            print("dns data successfully updated")
+            print(self.object.dnssecdata)
         except RegistryError as err:
             if err.is_connection_error():
                 messages.error(

From 07260cc8dda1b8d2588eec11c464595da7e058a9 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 14 Mar 2025 15:30:21 -0600
Subject: [PATCH 178/285] lint

---
 src/registrar/templates/domain_security_email.html | 2 +-
 src/registrar/views/domain.py                      | 6 ------
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/src/registrar/templates/domain_security_email.html b/src/registrar/templates/domain_security_email.html
index 23d0c509e..66c9ae255 100644
--- a/src/registrar/templates/domain_security_email.html
+++ b/src/registrar/templates/domain_security_email.html
@@ -40,7 +40,7 @@
     <button
       type="submit"
       class="usa-button"
-    >{% if form.security_email.value is None or form.security_email.value|lower in default_emails %}Add security email{% else %}Save{% endif %}</button>
+    >{% if form.security_email.value is None or form.security_email.value == "dotgov@cisa.dhs.gov" or form.security_email.value == "registrar@dotgov.gov" or form.security_email.value == "help@get.gov"%}Add security email{% else %}Save{% endif %}</button>
   </form>
 
 {% endblock %}  {# domain_content #}
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 254fdce27..0b13dda69 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -1172,12 +1172,6 @@ class DomainSecurityEmailView(DomainFormBaseView):
             return initial
         initial["security_email"] = security_contact.email
         return initial
-    
-    def get_context_data(self, **kwargs):
-        """Adds the default emails list to the context"""
-        context = super().get_context_data(**kwargs)
-        context["default_emails"] = [email for email in DefaultEmail]
-        return context
 
     def get_success_url(self):
         """Redirect to the security email page for the domain."""

From 32aa1ab860dc754c47fc4cb9a6940224a2aedf5d Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 14 Mar 2025 20:21:47 -0400
Subject: [PATCH 179/285] omre debugging

---
 src/registrar/models/domain.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index d3c0ed347..37d278018 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -699,12 +699,14 @@ class Domain(TimeStampedModel, DomainHelper):
             if added_record:
                 registry.send(addRequest, cleaned=True)
                 dsdata_change_log = f"{user_email} added a DS data record"
+                print(dsdata_change_log)
             if deleted_record:
                 registry.send(remRequest, cleaned=True)
                 if dsdata_change_log != "":  # if they add and remove a record at same time
                     dsdata_change_log = f"{user_email} added and deleted a DS data record"
                 else:
                     dsdata_change_log = f"{user_email} deleted a DS data record"
+                print(dsdata_change_log)
             if dsdata_change_log != "":
                 self.dsdata_last_change = dsdata_change_log
                 self.save()  # audit log will now record this as a change

From 5f0b5eac74b90d6f90b95b3f07fb529a9d1fa68e Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 14 Mar 2025 20:30:58 -0400
Subject: [PATCH 180/285] omre debugging

---
 src/registrar/models/domain.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 37d278018..d957fca11 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -645,7 +645,8 @@ class Domain(TimeStampedModel, DomainHelper):
         oldDnssecdata = self.dnssecdata
         addDnssecdata: dict = {}
         remDnssecdata: dict = {}
-
+        print("oldDnssecdata")
+        print(oldDnssecdata)
         if _dnssecdata and _dnssecdata.dsData is not None:
             # initialize addDnssecdata and remDnssecdata for dsData
             addDnssecdata["dsData"] = _dnssecdata.dsData

From 0e4cd903b90d211f188c8c1aabd844a0a1c5a75e Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 14 Mar 2025 20:44:44 -0400
Subject: [PATCH 181/285] keytag to int

---
 src/registrar/views/domain.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 2be03adb8..cd9f5ad39 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -1099,7 +1099,7 @@ class DomainDsDataView(DomainFormBaseView):
 
             try:
                 dsrecord = {
-                    "keyTag": form.cleaned_data["key_tag"],
+                    "keyTag": int(form.cleaned_data["key_tag"]),
                     "alg": int(form.cleaned_data["algorithm"]),
                     "digestType": int(form.cleaned_data["digest_type"]),
                     "digest": form.cleaned_data["digest"],

From 304c27f9814c1610a7638dcf1abe64e834f2aacc Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 14 Mar 2025 21:03:38 -0400
Subject: [PATCH 182/285] cleanup

---
 src/registrar/models/domain.py | 4 ----
 src/registrar/views/domain.py  | 6 ------
 2 files changed, 10 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index d957fca11..abad9c9dc 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -645,8 +645,6 @@ class Domain(TimeStampedModel, DomainHelper):
         oldDnssecdata = self.dnssecdata
         addDnssecdata: dict = {}
         remDnssecdata: dict = {}
-        print("oldDnssecdata")
-        print(oldDnssecdata)
         if _dnssecdata and _dnssecdata.dsData is not None:
             # initialize addDnssecdata and remDnssecdata for dsData
             addDnssecdata["dsData"] = _dnssecdata.dsData
@@ -700,14 +698,12 @@ class Domain(TimeStampedModel, DomainHelper):
             if added_record:
                 registry.send(addRequest, cleaned=True)
                 dsdata_change_log = f"{user_email} added a DS data record"
-                print(dsdata_change_log)
             if deleted_record:
                 registry.send(remRequest, cleaned=True)
                 if dsdata_change_log != "":  # if they add and remove a record at same time
                     dsdata_change_log = f"{user_email} added and deleted a DS data record"
                 else:
                     dsdata_change_log = f"{user_email} deleted a DS data record"
-                print(dsdata_change_log)
             if dsdata_change_log != "":
                 self.dsdata_last_change = dsdata_change_log
                 self.save()  # audit log will now record this as a change
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index cd9f5ad39..e72553329 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -1078,7 +1078,6 @@ class DomainDsDataView(DomainFormBaseView):
         """Formset submission posts to this view."""
         self._get_domain(request)
         formset = self.get_form()
-        print(formset)
 
         if formset.is_valid():
             return self.form_valid(formset)
@@ -1092,8 +1091,6 @@ class DomainDsDataView(DomainFormBaseView):
         dnssecdata = extensions.DNSSECExtension()
 
         for form in formset:
-            print("processing form")
-            print(form)
             if form.cleaned_data.get("DELETE"):  # Check if form is marked for deletion
                 continue  # Skip processing this form
 
@@ -1113,10 +1110,7 @@ class DomainDsDataView(DomainFormBaseView):
                 # not been interacted with; in that case, want to ignore
                 pass
         try:
-            print(dnssecdata)
             self.object.dnssecdata = dnssecdata
-            print("dns data successfully updated")
-            print(self.object.dnssecdata)
         except RegistryError as err:
             if err.is_connection_error():
                 messages.error(

From e8d637fcda700e12704ef4aec83cedcbc721cf05 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sat, 15 Mar 2025 12:26:01 -0400
Subject: [PATCH 183/285] some refactors to existing functionality, no
 functional changes

---
 src/registrar/tests/test_email_invitations.py | 139 +++++++++++-
 src/registrar/tests/test_views_domain.py      |  13 +-
 src/registrar/utility/email_invitations.py    | 207 +++++++++++-------
 src/registrar/views/domain.py                 |  40 +---
 4 files changed, 264 insertions(+), 135 deletions(-)

diff --git a/src/registrar/tests/test_email_invitations.py b/src/registrar/tests/test_email_invitations.py
index 2331d35e8..10ef82e42 100644
--- a/src/registrar/tests/test_email_invitations.py
+++ b/src/registrar/tests/test_email_invitations.py
@@ -13,7 +13,8 @@ from registrar.utility.email_invitations import (
     _send_portfolio_admin_addition_emails_to_portfolio_admins,
     _send_portfolio_admin_removal_emails_to_portfolio_admins,
     send_domain_invitation_email,
-    send_emails_to_domain_managers,
+    _send_domain_invitation_update_emails_to_domain_managers,
+    send_domain_manager_removal_emails_to_domain_managers,
     send_portfolio_admin_addition_emails,
     send_portfolio_admin_removal_emails,
     send_portfolio_invitation_email,
@@ -33,7 +34,7 @@ class DomainInvitationEmail(unittest.TestCase):
     @patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
     @patch("registrar.utility.email_invitations._validate_invitation")
     @patch("registrar.utility.email_invitations._get_requestor_email")
-    @patch("registrar.utility.email_invitations.send_invitation_email")
+    @patch("registrar.utility.email_invitations._send_domain_invitation_email")
     @patch("registrar.utility.email_invitations._normalize_domains")
     def test_send_domain_invitation_email(
         self,
@@ -98,7 +99,7 @@ class DomainInvitationEmail(unittest.TestCase):
     @patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
     @patch("registrar.utility.email_invitations._validate_invitation")
     @patch("registrar.utility.email_invitations._get_requestor_email")
-    @patch("registrar.utility.email_invitations.send_invitation_email")
+    @patch("registrar.utility.email_invitations._send_domain_invitation_email")
     @patch("registrar.utility.email_invitations._normalize_domains")
     def test_send_domain_invitation_email_multiple_domains(
         self,
@@ -234,7 +235,7 @@ class DomainInvitationEmail(unittest.TestCase):
     @less_console_noise_decorator
     @patch("registrar.utility.email_invitations._validate_invitation")
     @patch("registrar.utility.email_invitations._get_requestor_email")
-    @patch("registrar.utility.email_invitations.send_invitation_email")
+    @patch("registrar.utility.email_invitations._send_domain_invitation_email")
     @patch("registrar.utility.email_invitations._normalize_domains")
     def test_send_domain_invitation_email_raises_sending_email_exception(
         self,
@@ -281,10 +282,10 @@ class DomainInvitationEmail(unittest.TestCase):
         self.assertEqual(str(context.exception), "Error sending email")
 
     @less_console_noise_decorator
-    @patch("registrar.utility.email_invitations.send_emails_to_domain_managers")
+    @patch("registrar.utility.email_invitations._send_domain_invitation_update_emails_to_domain_managers")
     @patch("registrar.utility.email_invitations._validate_invitation")
     @patch("registrar.utility.email_invitations._get_requestor_email")
-    @patch("registrar.utility.email_invitations.send_invitation_email")
+    @patch("registrar.utility.email_invitations._send_domain_invitation_email")
     @patch("registrar.utility.email_invitations._normalize_domains")
     def test_send_domain_invitation_email_manager_emails_send_mail_exception(
         self,
@@ -295,7 +296,7 @@ class DomainInvitationEmail(unittest.TestCase):
         mock_send_domain_manager_emails,
     ):
         """Test sending domain invitation email for one domain and assert exception
-        when send_emails_to_domain_managers fails.
+        when _send_domain_invitation_update_emails_to_domain_managers fails.
         """
         # Setup
         mock_domain = MagicMock(name="domain1")
@@ -354,7 +355,7 @@ class DomainInvitationEmail(unittest.TestCase):
         mock_send_templated_email.return_value = None  # No exception means success
 
         # Call function
-        result = send_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain)
+        result = _send_domain_invitation_update_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain)
 
         # Assertions
         self.assertTrue(result)  # All emails should be successfully sent
@@ -394,7 +395,7 @@ class DomainInvitationEmail(unittest.TestCase):
         mock_send_templated_email.side_effect = EmailSendingError("Email sending failed")
 
         # Call function
-        result = send_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain)
+        result = _send_domain_invitation_update_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain)
 
         # Assertions
         self.assertFalse(result)  # The result should be False as email sending failed
@@ -426,7 +427,7 @@ class DomainInvitationEmail(unittest.TestCase):
         mock_filter.return_value = []
 
         # Call function
-        result = send_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain)
+        result = _send_domain_invitation_update_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain)
 
         # Assertions
         self.assertTrue(result)  # No emails to send, so it should return True
@@ -457,7 +458,7 @@ class DomainInvitationEmail(unittest.TestCase):
         mock_send_templated_email.side_effect = [None, EmailSendingError("Failed to send email")]
 
         # Call function
-        result = send_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain)
+        result = _send_domain_invitation_update_emails_to_domain_managers(mock_email, mock_requestor_email, mock_domain)
 
         # Assertions
         self.assertFalse(result)  # One email failed, so result should be False
@@ -1112,3 +1113,119 @@ class TestSendPortfolioInvitationRemoveEmail(unittest.TestCase):
 
         # Assertions
         mock_logger.warning.assert_not_called()  # Function should fail before logging email failure
+
+
+class SendDomainManagerRemovalEmailsToManagersTests(unittest.TestCase):
+    """Unit tests for send_domain_manager_removal_emails_to_domain_managers function."""
+
+    def setUp(self):
+        """Set up test data."""
+        self.email = "removed.admin@example.com"
+        self.requestor_email = "requestor@example.com"
+        self.domain = MagicMock(spec=Domain)
+        self.domain.name = "Test Domain"
+
+        # Mock domain manager users
+        self.manager_user1 = MagicMock(spec=User)
+        self.manager_user1.email = "manager1@example.com"
+
+        self.manager_user2 = MagicMock(spec=User)
+        self.manager_user2.email = "manager2@example.com"
+
+        self.domain_manager1 = MagicMock(spec=UserDomainRole)
+        self.domain_manager1.user = self.manager_user1
+
+        self.domain_manager2 = MagicMock(spec=UserDomainRole)
+        self.domain_manager2.user = self.manager_user2
+
+    @less_console_noise_decorator
+    @patch("registrar.utility.email_invitations.send_templated_email")
+    @patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
+    def test_send_email_success(self, mock_filter, mock_send_templated_email):
+        """Test successful sending of domain manager removal emails."""
+        mock_filter.return_value = [self.domain_manager1, self.domain_manager2]
+        mock_send_templated_email.return_value = None  # No exception means success
+
+        result = send_domain_manager_removal_emails_to_domain_managers(
+            self.manager_user1, self.manager_user2, self.domain
+        )
+
+        mock_filter.assert_called_once_with(
+            domain=self.domain
+        )
+        mock_send_templated_email.assert_any_call(
+            "emails/domain_manager_deleted_notification.txt",
+            "emails/domain_manager_deleted_notification_subject.txt",
+            to_address=self.manager_user1.email,
+            context={
+                "domain": self.domain,
+                "removed_by": self.manager_user1,
+                "manager_removed": self.manager_user2,
+                "date": date.today(),
+            },
+        )
+        mock_send_templated_email.assert_any_call(
+            "emails/domain_manager_deleted_notification.txt",
+            "emails/domain_manager_deleted_notification_subject.txt",
+            to_address=self.manager_user2.email,
+            context={
+                "domain": self.domain,
+                "removed_by": self.manager_user1,
+                "manager_removed": self.manager_user2,
+                "date": date.today(),
+            },
+        )
+        self.assertTrue(result)
+
+    @less_console_noise_decorator
+    @patch("registrar.utility.email_invitations.send_templated_email", side_effect=EmailSendingError)
+    @patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
+    def test_send_email_failure(self, mock_filter, mock_send_templated_email):
+        """Test handling of failure in sending admin removal emails."""
+        mock_filter.return_value = [self.domain_manager1, self.domain_manager2]
+
+        result = send_domain_manager_removal_emails_to_domain_managers(
+            self.manager_user1, self.manager_user2, self.domain
+        )
+
+        self.assertFalse(result)
+        mock_filter.assert_called_once_with(
+            domain=self.domain
+        )
+        mock_send_templated_email.assert_any_call(
+            "emails/domain_manager_deleted_notification.txt",
+            "emails/domain_manager_deleted_notification_subject.txt",
+            to_address=self.manager_user1.email,
+            context={
+                "domain": self.domain,
+                "removed_by": self.manager_user1,
+                "manager_removed": self.manager_user2,
+                "date": date.today(),
+            },
+        )
+        mock_send_templated_email.assert_any_call(
+            "emails/domain_manager_deleted_notification.txt",
+            "emails/domain_manager_deleted_notification_subject.txt",
+            to_address=self.manager_user2.email,
+            context={
+                "domain": self.domain,
+                "removed_by": self.manager_user1,
+                "manager_removed": self.manager_user2,
+                "date": date.today(),
+            },
+        )
+
+    @less_console_noise_decorator
+    @patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
+    def test_no_managers_to_notify(self, mock_filter):
+        """Test case where there are no domain managers to notify."""
+        mock_filter.return_value = []  # No managers
+
+        result = send_domain_manager_removal_emails_to_domain_managers(
+            self.manager_user1, self.manager_user2, self.domain
+        )
+
+        self.assertTrue(result)  # No emails sent, but also no failures
+        mock_filter.assert_called_once_with(
+            domain=self.domain
+        )
diff --git a/src/registrar/tests/test_views_domain.py b/src/registrar/tests/test_views_domain.py
index c2120b58f..fa7a70d17 100644
--- a/src/registrar/tests/test_views_domain.py
+++ b/src/registrar/tests/test_views_domain.py
@@ -1084,8 +1084,8 @@ class TestDomainManagers(TestDomainOverview):
 
     @boto3_mocking.patching
     @less_console_noise_decorator
-    @patch("registrar.views.domain.send_templated_email")
-    def test_domain_remove_manager(self, mock_send_templated_email):
+    @patch("registrar.views.domain.send_domain_manager_removal_emails_to_domain_managers")
+    def test_domain_remove_manager(self, mock_send_email):
         """Removing a domain manager sends notification email to other domain managers."""
         self.manager, _ = User.objects.get_or_create(email="mayor@igorville.com", first_name="Hello", last_name="World")
         self.manager_domain_permission, _ = UserDomainRole.objects.get_or_create(user=self.manager, domain=self.domain)
@@ -1094,11 +1094,10 @@ class TestDomainManagers(TestDomainOverview):
         )
 
         # Verify that the notification emails were sent to domain manager
-        mock_send_templated_email.assert_called_once_with(
-            "emails/domain_manager_deleted_notification.txt",
-            "emails/domain_manager_deleted_notification_subject.txt",
-            to_address="info@example.com",
-            context=ANY,
+        mock_send_email.assert_called_once_with(
+            self.user,
+            self.manager,
+            self.domain
         )
 
     @less_console_noise_decorator
diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index 08ebb4d86..a079d8834 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -3,6 +3,7 @@ from django.conf import settings
 from registrar.models import Domain, DomainInvitation, UserDomainRole
 from registrar.models.portfolio import Portfolio
 from registrar.models.portfolio_invitation import PortfolioInvitation
+from registrar.models.user import User
 from registrar.models.user_portfolio_permission import UserPortfolioPermission
 from registrar.models.utility.portfolio_helper import UserPortfolioRoleChoices
 from registrar.utility.errors import (
@@ -18,6 +19,88 @@ import logging
 logger = logging.getLogger(__name__)
 
 
+def _normalize_domains(domains: Domain | list[Domain]) -> list[Domain]:
+    """Ensures domains is always a list."""
+    return [domains] if isinstance(domains, Domain) else domains
+
+
+def _get_requestor_email(requestor, domains=None, portfolio=None):
+    """Get the requestor's email or raise an error if it's missing.
+
+    If the requestor is staff, default email is returned.
+
+    Raises:
+        MissingEmailError
+    """
+    if requestor.is_staff:
+        return settings.DEFAULT_FROM_EMAIL
+
+    if not requestor.email or requestor.email.strip() == "":
+        domain_names = None
+        if domains:
+            domain_names = ", ".join([domain.name for domain in domains])
+        raise MissingEmailError(email=requestor.email, domain=domain_names, portfolio=portfolio)
+
+    return requestor.email
+
+
+def _validate_invitation(email, user, domains, requestor, is_member_of_different_org):
+    """Validate the invitation conditions."""
+    _check_outside_org_membership(email, requestor, is_member_of_different_org)
+
+    for domain in domains:
+        _validate_existing_invitation(email, user, domain)
+
+        # NOTE: should we also be validating against existing user_domain_roles
+
+
+def _check_outside_org_membership(email, requestor, is_member_of_different_org):
+    """Raise an error if the email belongs to a different organization."""
+    if (
+        flag_is_active_for_user(requestor, "organization_feature")
+        and not flag_is_active_for_user(requestor, "multiple_portfolios")
+        and is_member_of_different_org
+    ):
+        raise OutsideOrgMemberError(email=email)
+
+
+def _validate_existing_invitation(email, user, domain):
+    """Check for existing invitations and handle their status."""
+    try:
+        invite = DomainInvitation.objects.get(email=email, domain=domain)
+        if invite.status == DomainInvitation.DomainInvitationStatus.RETRIEVED:
+            raise AlreadyDomainManagerError(email)
+        elif invite.status == DomainInvitation.DomainInvitationStatus.CANCELED:
+            invite.update_cancellation_status()
+            invite.save()
+        else:
+            raise AlreadyDomainInvitedError(email)
+    except DomainInvitation.DoesNotExist:
+        pass
+    if user:
+        if UserDomainRole.objects.filter(user=user, domain=domain).exists():
+            raise AlreadyDomainManagerError(email)
+
+
+def _send_domain_invitation_email(email, requestor_email, domains, requested_user):
+    """Send the invitation email."""
+    try:
+        send_templated_email(
+            "emails/domain_invitation.txt",
+            "emails/domain_invitation_subject.txt",
+            to_address=email,
+            context={
+                "domains": domains,
+                "requestor_email": requestor_email,
+                "invitee_email_address": email,
+                "requested_user": requested_user,
+            },
+        )
+    except EmailSendingError as err:
+        domain_names = ", ".join([domain.name for domain in domains])
+        raise EmailSendingError(f"Could not send email invitation to {email} for domains: {domain_names}") from err
+
+
 def send_domain_invitation_email(
     email: str, requestor, domains: Domain | list[Domain], is_member_of_different_org, requested_user=None
 ):
@@ -46,12 +129,12 @@ def send_domain_invitation_email(
 
     _validate_invitation(email, requested_user, domains, requestor, is_member_of_different_org)
 
-    send_invitation_email(email, requestor_email, domains, requested_user)
+    _send_domain_invitation_email(email, requestor_email, domains, requested_user)
 
     all_manager_emails_sent = True
     # send emails to domain managers
     for domain in domains:
-        if not send_emails_to_domain_managers(
+        if not _send_domain_invitation_update_emails_to_domain_managers(
             email=email,
             requestor_email=requestor_email,
             domain=domain,
@@ -62,7 +145,9 @@ def send_domain_invitation_email(
     return all_manager_emails_sent
 
 
-def send_emails_to_domain_managers(email: str, requestor_email, domain: Domain, requested_user=None):
+def _send_domain_invitation_update_emails_to_domain_managers(
+    email: str, requestor_email, domain: Domain, requested_user=None
+):
     """
     Notifies all domain managers of the provided domain of a change
 
@@ -96,86 +181,48 @@ def send_emails_to_domain_managers(email: str, requestor_email, domain: Domain,
     return all_emails_sent
 
 
-def _normalize_domains(domains: Domain | list[Domain]) -> list[Domain]:
-    """Ensures domains is always a list."""
-    return [domains] if isinstance(domains, Domain) else domains
-
-
-def _get_requestor_email(requestor, domains=None, portfolio=None):
-    """Get the requestor's email or raise an error if it's missing.
-
-    If the requestor is staff, default email is returned.
-
-    Raises:
-        MissingEmailError
+def send_domain_manager_removal_emails_to_domain_managers(
+    removed_by_user: User, manager_removed: User, domain: Domain,
+):
     """
-    if requestor.is_staff:
-        return settings.DEFAULT_FROM_EMAIL
+    Notifies all domain managers that a domain manager has been removed.
 
-    if not requestor.email or requestor.email.strip() == "":
-        domain_names = None
-        if domains:
-            domain_names = ", ".join([domain.name for domain in domains])
-        raise MissingEmailError(email=requestor.email, domain=domain_names, portfolio=portfolio)
+    Args:
+        removed_by_user(User): The user who initiated the removal.
+        manager_removed(User): The user being removed.
+        domain(Domain): The domain the user is being removed from.
 
-    return requestor.email
-
-
-def _validate_invitation(email, user, domains, requestor, is_member_of_different_org):
-    """Validate the invitation conditions."""
-    check_outside_org_membership(email, requestor, is_member_of_different_org)
-
-    for domain in domains:
-        _validate_existing_invitation(email, user, domain)
-
-        # NOTE: should we also be validating against existing user_domain_roles
-
-
-def check_outside_org_membership(email, requestor, is_member_of_different_org):
-    """Raise an error if the email belongs to a different organization."""
-    if (
-        flag_is_active_for_user(requestor, "organization_feature")
-        and not flag_is_active_for_user(requestor, "multiple_portfolios")
-        and is_member_of_different_org
-    ):
-        raise OutsideOrgMemberError(email=email)
-
-
-def _validate_existing_invitation(email, user, domain):
-    """Check for existing invitations and handle their status."""
-    try:
-        invite = DomainInvitation.objects.get(email=email, domain=domain)
-        if invite.status == DomainInvitation.DomainInvitationStatus.RETRIEVED:
-            raise AlreadyDomainManagerError(email)
-        elif invite.status == DomainInvitation.DomainInvitationStatus.CANCELED:
-            invite.update_cancellation_status()
-            invite.save()
-        else:
-            raise AlreadyDomainInvitedError(email)
-    except DomainInvitation.DoesNotExist:
-        pass
-    if user:
-        if UserDomainRole.objects.filter(user=user, domain=domain).exists():
-            raise AlreadyDomainManagerError(email)
-
-
-def send_invitation_email(email, requestor_email, domains, requested_user):
-    """Send the invitation email."""
-    try:
-        send_templated_email(
-            "emails/domain_invitation.txt",
-            "emails/domain_invitation_subject.txt",
-            to_address=email,
-            context={
-                "domains": domains,
-                "requestor_email": requestor_email,
-                "invitee_email_address": email,
-                "requested_user": requested_user,
-            },
-        )
-    except EmailSendingError as err:
-        domain_names = ", ".join([domain.name for domain in domains])
-        raise EmailSendingError(f"Could not send email invitation to {email} for domains: {domain_names}") from err
+    Returns:
+        Boolean indicating if all messages were sent successfully.
+    
+    """
+    all_emails_sent = True
+    # Get each domain manager from list
+    user_domain_roles = UserDomainRole.objects.filter(domain=domain)
+    for user_domain_role in user_domain_roles:
+        # Send email to each domain manager
+        user = user_domain_role.user
+        try:
+            send_templated_email(
+                "emails/domain_manager_deleted_notification.txt",
+                "emails/domain_manager_deleted_notification_subject.txt",
+                to_address=user.email,
+                context={
+                    "domain": domain,
+                    "removed_by": removed_by_user,
+                    "manager_removed": manager_removed,
+                    "date": date.today(),
+                },
+            )
+        except EmailSendingError:
+            logger.warning(
+                    "Could not send notification email to %s for domain %s",
+                    user.email,
+                    domain.name,
+                    exc_info=True,
+                )
+            all_emails_sent = False
+    return all_emails_sent
 
 
 def send_portfolio_invitation_email(email: str, requestor, portfolio, is_admin_invitation):
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 3a083393e..f0a618921 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -68,7 +68,7 @@ from epplibwrapper import (
 )
 
 from ..utility.email import send_templated_email, EmailSendingError
-from ..utility.email_invitations import send_domain_invitation_email, send_portfolio_invitation_email
+from ..utility.email_invitations import send_domain_invitation_email, send_domain_manager_removal_emails_to_domain_managers, send_portfolio_invitation_email
 from django import forms
 
 logger = logging.getLogger(__name__)
@@ -1474,48 +1474,14 @@ class DomainDeleteUserView(DeleteView):
         super().form_valid(form)
 
         # Email all domain managers that domain manager has been removed
-        domain = self.object.domain
-
-        context = {
-            "domain": domain,
-            "removed_by": self.request.user,
-            "manager_removed": self.object.user,
-            "date": date.today(),
-            "changes": "Domain Manager",
-        }
-        self.email_domain_managers(
-            domain,
-            "emails/domain_manager_deleted_notification.txt",
-            "emails/domain_manager_deleted_notification_subject.txt",
-            context,
+        send_domain_manager_removal_emails_to_domain_managers(
+            self.request.user, self.object.user, self.object.domain
         )
 
         # Add a success message
         messages.success(self.request, self.get_success_message())
         return redirect(self.get_success_url())
 
-    def email_domain_managers(self, domain: Domain, template: str, subject_template: str, context={}):
-        manager_pks = UserDomainRole.objects.filter(domain=domain.pk, role=UserDomainRole.Roles.MANAGER).values_list(
-            "user", flat=True
-        )
-        emails = list(User.objects.filter(pk__in=manager_pks).values_list("email", flat=True))
-
-        for email in emails:
-            try:
-                send_templated_email(
-                    template,
-                    subject_template,
-                    to_address=email,
-                    context=context,
-                )
-            except EmailSendingError:
-                logger.warning(
-                    "Could not send notification email to %s for domain %s",
-                    email,
-                    domain.name,
-                    exc_info=True,
-                )
-
     def post(self, request, *args, **kwargs):
         """Custom post implementation to ensure last userdomainrole is not removed and to
         redirect to home in the event that the user deletes themselves"""

From aee03637a85b8337080e0b1aa3e4879842516a9f Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sun, 16 Mar 2025 18:44:07 -0400
Subject: [PATCH 184/285] added email notifications to domain managers when
 domain manager is removed

---
 .../domain_manager_deleted_notification.txt   |  2 +-
 src/registrar/tests/test_email_invitations.py | 12 ++---
 src/registrar/tests/test_views_domain.py      |  6 +--
 src/registrar/utility/email_invitations.py    | 22 +++++---
 src/registrar/views/domain.py                 | 10 ++--
 src/registrar/views/portfolios.py             | 51 +++++++++++++++++++
 6 files changed, 76 insertions(+), 27 deletions(-)

diff --git a/src/registrar/templates/emails/domain_manager_deleted_notification.txt b/src/registrar/templates/emails/domain_manager_deleted_notification.txt
index e2a566e42..9b8424608 100644
--- a/src/registrar/templates/emails/domain_manager_deleted_notification.txt
+++ b/src/registrar/templates/emails/domain_manager_deleted_notification.txt
@@ -5,7 +5,7 @@ A domain manager was removed from {{ domain.name }}.
 
 REMOVED BY: {{ removed_by.email }}
 REMOVED ON: {{ date }}
-MANAGER REMOVED: {{ manager_removed.email }}
+MANAGER REMOVED: {{ manager_removed_email }}
 
 ----------------------------------------------------------------
 
diff --git a/src/registrar/tests/test_email_invitations.py b/src/registrar/tests/test_email_invitations.py
index 10ef82e42..8b355650e 100644
--- a/src/registrar/tests/test_email_invitations.py
+++ b/src/registrar/tests/test_email_invitations.py
@@ -1150,9 +1150,7 @@ class SendDomainManagerRemovalEmailsToManagersTests(unittest.TestCase):
             self.manager_user1, self.manager_user2, self.domain
         )
 
-        mock_filter.assert_called_once_with(
-            domain=self.domain
-        )
+        mock_filter.assert_called_once_with(domain=self.domain)
         mock_send_templated_email.assert_any_call(
             "emails/domain_manager_deleted_notification.txt",
             "emails/domain_manager_deleted_notification_subject.txt",
@@ -1189,9 +1187,7 @@ class SendDomainManagerRemovalEmailsToManagersTests(unittest.TestCase):
         )
 
         self.assertFalse(result)
-        mock_filter.assert_called_once_with(
-            domain=self.domain
-        )
+        mock_filter.assert_called_once_with(domain=self.domain)
         mock_send_templated_email.assert_any_call(
             "emails/domain_manager_deleted_notification.txt",
             "emails/domain_manager_deleted_notification_subject.txt",
@@ -1226,6 +1222,4 @@ class SendDomainManagerRemovalEmailsToManagersTests(unittest.TestCase):
         )
 
         self.assertTrue(result)  # No emails sent, but also no failures
-        mock_filter.assert_called_once_with(
-            domain=self.domain
-        )
+        mock_filter.assert_called_once_with(domain=self.domain)
diff --git a/src/registrar/tests/test_views_domain.py b/src/registrar/tests/test_views_domain.py
index fa7a70d17..10169c919 100644
--- a/src/registrar/tests/test_views_domain.py
+++ b/src/registrar/tests/test_views_domain.py
@@ -1094,11 +1094,7 @@ class TestDomainManagers(TestDomainOverview):
         )
 
         # Verify that the notification emails were sent to domain manager
-        mock_send_email.assert_called_once_with(
-            self.user,
-            self.manager,
-            self.domain
-        )
+        mock_send_email.assert_called_once_with(self.user, self.manager, self.domain)
 
     @less_console_noise_decorator
     @patch("registrar.views.domain.send_domain_invitation_email")
diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index a079d8834..42147ab67 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -182,7 +182,10 @@ def _send_domain_invitation_update_emails_to_domain_managers(
 
 
 def send_domain_manager_removal_emails_to_domain_managers(
-    removed_by_user: User, manager_removed: User, domain: Domain,
+    removed_by_user: User,
+    manager_removed: User,
+    manager_removed_email: str,
+    domain: Domain,
 ):
     """
     Notifies all domain managers that a domain manager has been removed.
@@ -190,15 +193,18 @@ def send_domain_manager_removal_emails_to_domain_managers(
     Args:
         removed_by_user(User): The user who initiated the removal.
         manager_removed(User): The user being removed.
+        manager_removed_email(str): The email of the user being removed (in case no User).
         domain(Domain): The domain the user is being removed from.
 
     Returns:
         Boolean indicating if all messages were sent successfully.
-    
+
     """
     all_emails_sent = True
     # Get each domain manager from list
     user_domain_roles = UserDomainRole.objects.filter(domain=domain)
+    if manager_removed:
+        user_domain_roles.exclude(user=manager_removed)
     for user_domain_role in user_domain_roles:
         # Send email to each domain manager
         user = user_domain_role.user
@@ -210,17 +216,17 @@ def send_domain_manager_removal_emails_to_domain_managers(
                 context={
                     "domain": domain,
                     "removed_by": removed_by_user,
-                    "manager_removed": manager_removed,
+                    "manager_removed_email": manager_removed_email,
                     "date": date.today(),
                 },
             )
         except EmailSendingError:
             logger.warning(
-                    "Could not send notification email to %s for domain %s",
-                    user.email,
-                    domain.name,
-                    exc_info=True,
-                )
+                "Could not send notification email to %s for domain %s",
+                user.email,
+                domain.name,
+                exc_info=True,
+            )
             all_emails_sent = False
     return all_emails_sent
 
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index f0a618921..e02eb0053 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -68,7 +68,11 @@ from epplibwrapper import (
 )
 
 from ..utility.email import send_templated_email, EmailSendingError
-from ..utility.email_invitations import send_domain_invitation_email, send_domain_manager_removal_emails_to_domain_managers, send_portfolio_invitation_email
+from ..utility.email_invitations import (
+    send_domain_invitation_email,
+    send_domain_manager_removal_emails_to_domain_managers,
+    send_portfolio_invitation_email,
+)
 from django import forms
 
 logger = logging.getLogger(__name__)
@@ -1474,9 +1478,7 @@ class DomainDeleteUserView(DeleteView):
         super().form_valid(form)
 
         # Email all domain managers that domain manager has been removed
-        send_domain_manager_removal_emails_to_domain_managers(
-            self.request.user, self.object.user, self.object.domain
-        )
+        send_domain_manager_removal_emails_to_domain_managers(self.request.user, self.object.user, self.object.domain)
 
         # Add a success message
         messages.success(self.request, self.get_success_message())
diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index c2ec44b9e..12894bd3a 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -29,6 +29,7 @@ from registrar.models.utility.portfolio_helper import UserPortfolioPermissionCho
 from registrar.utility.email import EmailSendingError
 from registrar.utility.email_invitations import (
     send_domain_invitation_email,
+    send_domain_manager_removal_emails_to_domain_managers,
     send_portfolio_admin_addition_emails,
     send_portfolio_admin_removal_emails,
     send_portfolio_invitation_email,
@@ -193,6 +194,31 @@ class PortfolioMemberDeleteView(View):
                 messages.warning(
                     request, f"Could not send email notification to {portfolio_member_permission.user.email}"
                 )
+
+            # Notify domain managers for domains which the member is being removed from
+            # Get list of portfolio domains that the member is invited to:
+            invited_domains = Domain.objects.filter(
+                invitations__email=portfolio_member_permission.user.email,
+                domain_info__portfolio=portfolio_member_permission.portfolio,
+                invitations__status=DomainInvitation.DomainInvitationStatus.INVITED,
+            ).distinct()
+            # Get list of portfolio domains that the member is a manager of
+            domains = Domain.objects.filter(
+                permissions__user=portfolio_member_permission.user,
+                domain_info__portfolio=portfolio_member_permission.portfolio,
+            ).distinct()
+            # Combine both querysets while ensuring uniqueness
+            all_domains = domains.union(invited_domains)
+            for domain in all_domains:
+                if not send_domain_manager_removal_emails_to_domain_managers(
+                    removed_by_user=request.user,
+                    manager_removed=portfolio_member_permission.user,
+                    manager_removed_email=portfolio_member_permission.user.email,
+                    domain=domain,
+                ):
+                    messages.warning(
+                        request, "Could not send email notification to existing domain managers for %s", domain
+                    )
         except Exception as e:
             self._handle_exceptions(e)
 
@@ -502,6 +528,31 @@ class PortfolioInvitedMemberDeleteView(View):
                     messages.warning(self.request, "Could not send email notification to existing organization admins.")
             if not send_portfolio_invitation_remove_email(requestor=request.user, invitation=portfolio_invitation):
                 messages.warning(request, f"Could not send email notification to {portfolio_invitation.email}")
+
+            # Notify domain managers for domains which the invited member is being removed from
+            # Get list of portfolio domains that the invited member is invited to:
+            invited_domains = Domain.objects.filter(
+                invitations__email=portfolio_invitation.email,
+                domain_info__portfolio=portfolio_invitation.portfolio,
+                invitations__status=DomainInvitation.DomainInvitationStatus.INVITED,
+            ).distinct()
+            # Get list of portfolio domains that the member is a manager of
+            domains = Domain.objects.filter(
+                permissions__user__email=portfolio_invitation.email,
+                domain_info__portfolio=portfolio_invitation.portfolio,
+            ).distinct()
+            # Combine both querysets while ensuring uniqueness
+            all_domains = domains.union(invited_domains)
+            for domain in all_domains:
+                if not send_domain_manager_removal_emails_to_domain_managers(
+                    removed_by_user=request.user,
+                    manager_removed=None,
+                    manager_removed_email=portfolio_invitation.email,
+                    domain=domain,
+                ):
+                    messages.warning(
+                        request, "Could not send email notification to existing domain managers for %s", domain
+                    )
         except Exception as e:
             self._handle_exceptions(e)
 

From 4c1e8ecb71dfec10a4136462328a48f31c33581f Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sun, 16 Mar 2025 19:19:55 -0400
Subject: [PATCH 185/285] fixed existing tests for email invitation refactors

---
 src/registrar/tests/test_email_invitations.py | 58 +++++++++++++++----
 src/registrar/tests/test_views_domain.py      |  7 ++-
 src/registrar/utility/email_invitations.py    |  2 +-
 src/registrar/views/domain.py                 |  7 ++-
 4 files changed, 61 insertions(+), 13 deletions(-)

diff --git a/src/registrar/tests/test_email_invitations.py b/src/registrar/tests/test_email_invitations.py
index 8b355650e..dfe587f08 100644
--- a/src/registrar/tests/test_email_invitations.py
+++ b/src/registrar/tests/test_email_invitations.py
@@ -1143,11 +1143,14 @@ class SendDomainManagerRemovalEmailsToManagersTests(unittest.TestCase):
     @patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
     def test_send_email_success(self, mock_filter, mock_send_templated_email):
         """Test successful sending of domain manager removal emails."""
-        mock_filter.return_value = [self.domain_manager1, self.domain_manager2]
+        mock_filter.return_value.exclude.return_value = [self.domain_manager1]
         mock_send_templated_email.return_value = None  # No exception means success
 
         result = send_domain_manager_removal_emails_to_domain_managers(
-            self.manager_user1, self.manager_user2, self.domain
+            removed_by_user=self.manager_user1,
+            manager_removed=self.manager_user2,
+            manager_removed_email=self.manager_user2.email,
+            domain=self.domain,
         )
 
         mock_filter.assert_called_once_with(domain=self.domain)
@@ -1158,7 +1161,36 @@ class SendDomainManagerRemovalEmailsToManagersTests(unittest.TestCase):
             context={
                 "domain": self.domain,
                 "removed_by": self.manager_user1,
-                "manager_removed": self.manager_user2,
+                "manager_removed_email": self.manager_user2.email,
+                "date": date.today(),
+            },
+        )
+        self.assertTrue(result)
+
+    @less_console_noise_decorator
+    @patch("registrar.utility.email_invitations.send_templated_email")
+    @patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
+    def test_send_email_success_when_no_user(self, mock_filter, mock_send_templated_email):
+        """Test successful sending of domain manager removal emails."""
+        mock_filter.return_value = [self.domain_manager1, self.domain_manager2]
+        mock_send_templated_email.return_value = None  # No exception means success
+
+        result = send_domain_manager_removal_emails_to_domain_managers(
+            removed_by_user=self.manager_user1,
+            manager_removed=None,
+            manager_removed_email=self.manager_user2.email,
+            domain=self.domain,
+        )
+
+        mock_filter.assert_called_once_with(domain=self.domain)
+        mock_send_templated_email.assert_any_call(
+            "emails/domain_manager_deleted_notification.txt",
+            "emails/domain_manager_deleted_notification_subject.txt",
+            to_address=self.manager_user1.email,
+            context={
+                "domain": self.domain,
+                "removed_by": self.manager_user1,
+                "manager_removed_email": self.manager_user2.email,
                 "date": date.today(),
             },
         )
@@ -1169,7 +1201,7 @@ class SendDomainManagerRemovalEmailsToManagersTests(unittest.TestCase):
             context={
                 "domain": self.domain,
                 "removed_by": self.manager_user1,
-                "manager_removed": self.manager_user2,
+                "manager_removed_email": self.manager_user2.email,
                 "date": date.today(),
             },
         )
@@ -1180,10 +1212,13 @@ class SendDomainManagerRemovalEmailsToManagersTests(unittest.TestCase):
     @patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
     def test_send_email_failure(self, mock_filter, mock_send_templated_email):
         """Test handling of failure in sending admin removal emails."""
-        mock_filter.return_value = [self.domain_manager1, self.domain_manager2]
+        mock_filter.return_value.exclude.return_value = [self.domain_manager1, self.domain_manager2]
 
         result = send_domain_manager_removal_emails_to_domain_managers(
-            self.manager_user1, self.manager_user2, self.domain
+            removed_by_user=self.manager_user1,
+            manager_removed=self.manager_user2,
+            manager_removed_email=self.manager_user2.email,
+            domain=self.domain,
         )
 
         self.assertFalse(result)
@@ -1195,7 +1230,7 @@ class SendDomainManagerRemovalEmailsToManagersTests(unittest.TestCase):
             context={
                 "domain": self.domain,
                 "removed_by": self.manager_user1,
-                "manager_removed": self.manager_user2,
+                "manager_removed_email": self.manager_user2.email,
                 "date": date.today(),
             },
         )
@@ -1206,7 +1241,7 @@ class SendDomainManagerRemovalEmailsToManagersTests(unittest.TestCase):
             context={
                 "domain": self.domain,
                 "removed_by": self.manager_user1,
-                "manager_removed": self.manager_user2,
+                "manager_removed_email": self.manager_user2.email,
                 "date": date.today(),
             },
         )
@@ -1215,10 +1250,13 @@ class SendDomainManagerRemovalEmailsToManagersTests(unittest.TestCase):
     @patch("registrar.utility.email_invitations.UserDomainRole.objects.filter")
     def test_no_managers_to_notify(self, mock_filter):
         """Test case where there are no domain managers to notify."""
-        mock_filter.return_value = []  # No managers
+        mock_filter.return_value.exclude.return_value = []  # No managers
 
         result = send_domain_manager_removal_emails_to_domain_managers(
-            self.manager_user1, self.manager_user2, self.domain
+            removed_by_user=self.manager_user1,
+            manager_removed=self.manager_user2,
+            manager_removed_email=self.manager_user2.email,
+            domain=self.domain,
         )
 
         self.assertTrue(result)  # No emails sent, but also no failures
diff --git a/src/registrar/tests/test_views_domain.py b/src/registrar/tests/test_views_domain.py
index 10169c919..69c376fd4 100644
--- a/src/registrar/tests/test_views_domain.py
+++ b/src/registrar/tests/test_views_domain.py
@@ -1094,7 +1094,12 @@ class TestDomainManagers(TestDomainOverview):
         )
 
         # Verify that the notification emails were sent to domain manager
-        mock_send_email.assert_called_once_with(self.user, self.manager, self.domain)
+        mock_send_email.assert_called_once_with(
+            removed_by_user=self.user,
+            manager_removed=self.manager,
+            manager_removed_email=self.manager.email,
+            domain=self.domain,
+        )
 
     @less_console_noise_decorator
     @patch("registrar.views.domain.send_domain_invitation_email")
diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index 42147ab67..0dcfa5bf9 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -204,7 +204,7 @@ def send_domain_manager_removal_emails_to_domain_managers(
     # Get each domain manager from list
     user_domain_roles = UserDomainRole.objects.filter(domain=domain)
     if manager_removed:
-        user_domain_roles.exclude(user=manager_removed)
+        user_domain_roles = user_domain_roles.exclude(user=manager_removed)
     for user_domain_role in user_domain_roles:
         # Send email to each domain manager
         user = user_domain_role.user
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index e02eb0053..0e5350e93 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -1478,7 +1478,12 @@ class DomainDeleteUserView(DeleteView):
         super().form_valid(form)
 
         # Email all domain managers that domain manager has been removed
-        send_domain_manager_removal_emails_to_domain_managers(self.request.user, self.object.user, self.object.domain)
+        send_domain_manager_removal_emails_to_domain_managers(
+            removed_by_user=self.request.user,
+            manager_removed=self.object.user,
+            manager_removed_email=self.object.user.email,
+            domain=self.object.domain,
+        )
 
         # Add a success message
         messages.success(self.request, self.get_success_message())

From 718a78b8a81071fed50bd4731dd7d6375741b3c5 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sun, 16 Mar 2025 20:14:27 -0400
Subject: [PATCH 186/285] updated existing tests

---
 src/registrar/tests/test_views_portfolio.py | 38 ++++++++++++++++++---
 1 file changed, 34 insertions(+), 4 deletions(-)

diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 2065c2d35..2b29701bc 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -1657,16 +1657,19 @@ class TestPortfolioMemberDeleteView(WebTest):
         self.user = create_test_user()
         self.domain, _ = Domain.objects.get_or_create(name="igorville.gov")
         self.portfolio, _ = Portfolio.objects.get_or_create(creator=self.user, organization_name="Hotel California")
+        self.domain_information, _ = DomainInformation.objects.get_or_create(
+            creator=self.user, domain=self.domain, portfolio=self.portfolio
+        )
         self.role, _ = UserDomainRole.objects.get_or_create(
             user=self.user, domain=self.domain, role=UserDomainRole.Roles.MANAGER
         )
 
     def tearDown(self):
         UserPortfolioPermission.objects.all().delete()
+        DomainInformation.objects.all().delete()
         Portfolio.objects.all().delete()
         UserDomainRole.objects.all().delete()
         DomainRequest.objects.all().delete()
-        DomainInformation.objects.all().delete()
         Domain.objects.all().delete()
         User.objects.all().delete()
         super().tearDown()
@@ -1676,7 +1679,10 @@ class TestPortfolioMemberDeleteView(WebTest):
     @override_flag("organization_members", active=True)
     @patch("registrar.views.portfolios.send_portfolio_admin_removal_emails")
     @patch("registrar.views.portfolios.send_portfolio_member_permission_remove_email")
-    def test_portfolio_member_delete_view_members_table_active_requests(self, send_member_removal, send_removal_emails):
+    @patch("registrar.views.portfolios.send_domain_manager_removal_emails_to_domain_managers")
+    def test_portfolio_member_delete_view_members_table_active_requests(
+        self, send_domain_manager_removal_emails, send_member_removal, send_removal_emails
+    ):
         """Error state w/ deleting a member with active request on Members Table"""
         # I'm a user
         UserPortfolioPermission.objects.get_or_create(
@@ -1718,13 +1724,18 @@ class TestPortfolioMemberDeleteView(WebTest):
             send_removal_emails.assert_not_called()
             # assert that send_portfolio_member_permission_remove_email is not called
             send_member_removal.assert_not_called()
+            # assert that send_domain_manager_removal_emails is not called
+            send_domain_manager_removal_emails.assert_not_called()
 
     @less_console_noise_decorator
     @override_flag("organization_feature", active=True)
     @override_flag("organization_members", active=True)
     @patch("registrar.views.portfolios.send_portfolio_admin_removal_emails")
     @patch("registrar.views.portfolios.send_portfolio_member_permission_remove_email")
-    def test_portfolio_member_delete_view_members_table_only_admin(self, send_member_removal, send_removal_emails):
+    @patch("registrar.views.portfolios.send_domain_manager_removal_emails_to_domain_managers")
+    def test_portfolio_member_delete_view_members_table_only_admin(
+        self, send_domain_manager_removal_emails, send_member_removal, send_removal_emails
+    ):
         """Error state w/ deleting a member that's the only admin on Members Table"""
 
         # I'm a user with admin permission
@@ -1757,13 +1768,18 @@ class TestPortfolioMemberDeleteView(WebTest):
             send_removal_emails.assert_not_called()
             # assert that send_portfolio_member_permission_remove_email is not called
             send_member_removal.assert_not_called()
+            # assert that send_domain_manager_removal_emails is not called
+            send_domain_manager_removal_emails.assert_not_called()
 
     @less_console_noise_decorator
     @override_flag("organization_feature", active=True)
     @override_flag("organization_members", active=True)
     @patch("registrar.views.portfolios.send_portfolio_admin_removal_emails")
     @patch("registrar.views.portfolios.send_portfolio_member_permission_remove_email")
-    def test_portfolio_member_table_delete_member_success(self, send_member_removal, mock_send_removal_emails):
+    @patch("registrar.views.portfolios.send_domain_manager_removal_emails_to_domain_managers")
+    def test_portfolio_member_table_delete_member_success(
+        self, send_domain_manager_removal_emails, send_member_removal, mock_send_removal_emails
+    ):
         """Success state with deleting on Members Table page bc no active request AND not only admin"""
 
         # I'm a user
@@ -1788,6 +1804,9 @@ class TestPortfolioMemberDeleteView(WebTest):
             roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],
         )
 
+        # Set up the member as a domain manager
+        UserDomainRole.objects.get_or_create(user=member, domain=self.domain, role=UserDomainRole.Roles.MANAGER)
+
         # Member removal email sent successfully
         send_member_removal.return_value = True
 
@@ -1815,6 +1834,8 @@ class TestPortfolioMemberDeleteView(WebTest):
             mock_send_removal_emails.assert_not_called()
             # assert that send_portfolio_member_permission_remove_email is called
             send_member_removal.assert_called_once()
+            # assert that send_domain_manager_removal_emails_to_domain_managers
+            send_domain_manager_removal_emails.assert_called_once()
 
             # Get the arguments passed to send_portfolio_member_permission_remove_email
             _, called_kwargs = send_member_removal.call_args
@@ -1824,6 +1845,15 @@ class TestPortfolioMemberDeleteView(WebTest):
             self.assertEqual(called_kwargs["permissions"].user, upp.user)
             self.assertEqual(called_kwargs["permissions"].portfolio, upp.portfolio)
 
+            # Get the arguments passed to send_domain_manager_removal_emails_to_domain_managers
+            _, called_kwargs = send_domain_manager_removal_emails.call_args
+
+            # Assert the email content
+            self.assertEqual(called_kwargs["removed_by_user"], self.user)
+            self.assertEqual(called_kwargs["manager_removed"], upp.user)
+            self.assertEqual(called_kwargs["manager_removed_email"], upp.user.email)
+            self.assertEqual(called_kwargs["domain"], self.domain)
+
     @less_console_noise_decorator
     @override_flag("organization_feature", active=True)
     @override_flag("organization_members", active=True)

From e5f574c5793d1d4ab07629aea8c9f5a1f6d384b7 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Sun, 16 Mar 2025 21:11:37 -0400
Subject: [PATCH 187/285] added emails when removing domains through portfolio
 member domain assignment, and updated tests

---
 src/registrar/tests/test_views_portfolio.py | 24 ++++++++++++++---
 src/registrar/views/portfolios.py           | 29 +++++++++++++++++++++
 2 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 2b29701bc..cf352fcbb 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -2669,7 +2669,8 @@ class TestPortfolioMemberDomainsEditView(TestWithUser, WebTest):
     @override_flag("organization_feature", active=True)
     @override_flag("organization_members", active=True)
     @patch("registrar.views.portfolios.send_domain_invitation_email")
-    def test_post_with_valid_added_domains(self, mock_send_domain_email):
+    @patch("registrar.views.portfolios.send_domain_manager_removal_emails_to_domain_managers")
+    def test_post_with_valid_added_domains(self, send_domain_manager_removal_emails, mock_send_domain_email):
         """Test that domains can be successfully added."""
         self.client.force_login(self.user)
 
@@ -2688,6 +2689,8 @@ class TestPortfolioMemberDomainsEditView(TestWithUser, WebTest):
         self.assertEqual(str(messages[0]), "The domain assignment changes have been saved.")
 
         expected_domains = [self.domain1, self.domain2, self.domain3]
+        # assert that send_domain_manager_removal_emails_to_domain_managers is not called
+        send_domain_manager_removal_emails.assert_not_called()
         # Verify that the invitation email was sent
         mock_send_domain_email.assert_called_once()
         call_args = mock_send_domain_email.call_args.kwargs
@@ -2700,7 +2703,8 @@ class TestPortfolioMemberDomainsEditView(TestWithUser, WebTest):
     @override_flag("organization_feature", active=True)
     @override_flag("organization_members", active=True)
     @patch("registrar.views.portfolios.send_domain_invitation_email")
-    def test_post_with_valid_removed_domains(self, mock_send_domain_email):
+    @patch("registrar.views.portfolios.send_domain_manager_removal_emails_to_domain_managers")
+    def test_post_with_valid_removed_domains(self, send_domain_manager_removal_emails, mock_send_domain_email):
         """Test that domains can be successfully removed."""
         self.client.force_login(self.user)
 
@@ -2708,6 +2712,8 @@ class TestPortfolioMemberDomainsEditView(TestWithUser, WebTest):
         domains = [self.domain1, self.domain2, self.domain3]
         UserDomainRole.objects.bulk_create([UserDomainRole(domain=domain, user=self.user) for domain in domains])
 
+        send_domain_manager_removal_emails.return_value = True
+
         data = {
             "removed_domains": json.dumps([self.domain1.id, self.domain2.id]),
         }
@@ -2724,7 +2730,19 @@ class TestPortfolioMemberDomainsEditView(TestWithUser, WebTest):
         self.assertEqual(str(messages[0]), "The domain assignment changes have been saved.")
         # assert that send_domain_invitation_email is not called
         mock_send_domain_email.assert_not_called()
-
+        # assert that send_domain_manager_removal_emails_to_domain_managers is called twice
+        send_domain_manager_removal_emails.assert_any_call(
+            removed_by_user=self.user,
+            manager_removed=self.portfolio_permission.user,
+            manager_removed_email=self.portfolio_permission.user.email,
+            domain=self.domain1,
+        )
+        send_domain_manager_removal_emails.assert_any_call(
+            removed_by_user=self.user,
+            manager_removed=self.portfolio_permission.user,
+            manager_removed_email=self.portfolio_permission.user.email,
+            domain=self.domain2,
+        )
         UserDomainRole.objects.all().delete()
 
     @less_console_noise_decorator
diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index 12894bd3a..45236aa46 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -458,6 +458,20 @@ class PortfolioMemberDomainsEditView(DetailView, View):
         Processes removed domains by deleting corresponding UserDomainRole instances.
         """
         if removed_domain_ids:
+            # Notify domain managers for domains which the member is being removed from
+            # Fetch Domain objects from removed_domain_ids
+            removed_domains = Domain.objects.filter(id__in=removed_domain_ids)
+            # need to get the domains from removed_domain_ids
+            for domain in removed_domains:
+                if not send_domain_manager_removal_emails_to_domain_managers(
+                    removed_by_user=self.request.user,
+                    manager_removed=member,
+                    manager_removed_email=member.email,
+                    domain=domain,
+                ):
+                    messages.warning(
+                        self.request, "Could not send email notification to existing domain managers for %s", domain
+                    )
             # Delete UserDomainRole instances for removed domains
             UserDomainRole.objects.filter(domain_id__in=removed_domain_ids, user=member).delete()
 
@@ -791,6 +805,21 @@ class PortfolioInvitedMemberDomainsEditView(DetailView, View):
         if not removed_domain_ids:
             return
 
+        # Notify domain managers for domains which the member is being removed from
+        # Fetch Domain objects from removed_domain_ids
+        removed_domains = Domain.objects.filter(id__in=removed_domain_ids)
+        # need to get the domains from removed_domain_ids
+        for domain in removed_domains:
+            if not send_domain_manager_removal_emails_to_domain_managers(
+                removed_by_user=self.request.user,
+                manager_removed=None,
+                manager_removed_email=email,
+                domain=domain,
+            ):
+                messages.warning(
+                    self.request, "Could not send email notification to existing domain managers for %s", domain
+                )
+
         # Update invitations from INVITED to CANCELED
         DomainInvitation.objects.filter(
             domain_id__in=removed_domain_ids,

From e15499e4a60b410de62b7f6d7d981228daa5bfcf Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 17 Mar 2025 13:20:14 -0400
Subject: [PATCH 188/285] aligned logic on federal type across the application

---
 src/registrar/admin.py                     | 18 ++++++++--------
 src/registrar/models/domain_information.py |  4 +++-
 src/registrar/models/domain_request.py     |  4 +++-
 src/registrar/tests/test_reports.py        | 24 +++++++++++-----------
 src/registrar/utility/csv_export.py        |  8 ++++----
 5 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 9bb9efe69..ac069bb38 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -1793,7 +1793,7 @@ class DomainInvitationAdmin(BaseInvitationAdmin):
                     & Q(domain__domain_info__portfolio__federal_agency__isnull=False),
                     then=F("domain__domain_info__portfolio__federal_agency__federal_type"),
                 ),
-                # Otherwise, return the natively assigned value
+                # Otherwise, return the federal agency's federal_type
                 default=F("domain__domain_info__federal_agency__federal_type"),
             ),
         )
@@ -2435,7 +2435,7 @@ class DomainInformationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
                     Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False),
                     then=F("portfolio__federal_agency__federal_type"),
                 ),
-                # Otherwise, return the natively assigned value
+                # Otherwise, return the federal_type from federal agency
                 default=F("federal_agency__federal_type"),
             ),
         )
@@ -2520,7 +2520,7 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
     class FederalTypeFilter(admin.SimpleListFilter):
         """Custom Federal Type filter that accomodates portfolio feature.
         If we have a portfolio, use the portfolio's federal type.  If not, use the
-        organization in the Domain Request object."""
+        organization in the Domain Request object's federal agency."""
 
         title = "federal type"
         parameter_name = "converted_federal_types"
@@ -2561,7 +2561,7 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
             if self.value():
                 return queryset.filter(
                     Q(portfolio__federal_agency__federal_type=self.value())
-                    | Q(portfolio__isnull=True, federal_type=self.value())
+                    | Q(portfolio__isnull=True, federal_agency__federal_type=self.value())
                 )
             return queryset
 
@@ -3474,7 +3474,7 @@ class DomainRequestAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
                     Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False),
                     then=F("portfolio__federal_agency__federal_type"),
                 ),
-                # Otherwise, return the natively assigned value
+                # Otherwise, return federal type from federal agency
                 default=F("federal_agency__federal_type"),
             ),
         )
@@ -3932,7 +3932,7 @@ class DomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
             if self.value():
                 return queryset.filter(
                     Q(domain_info__portfolio__federal_type=self.value())
-                    | Q(domain_info__portfolio__isnull=True, domain_info__federal_type=self.value())
+                    | Q(domain_info__portfolio__isnull=True, domain_info__federal_agency__federal_type=self.value())
                 )
             return queryset
 
@@ -3959,7 +3959,7 @@ class DomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
                     Q(domain_info__portfolio__isnull=False) & Q(domain_info__portfolio__federal_agency__isnull=False),
                     then=F("domain_info__portfolio__federal_agency__federal_type"),
                 ),
-                # Otherwise, return the natively assigned value
+                # Otherwise, return federal type from federal agency
                 default=F("domain_info__federal_agency__federal_type"),
             ),
             converted_organization_name=Case(
@@ -4872,7 +4872,7 @@ class PortfolioAdmin(ListHeaderAdmin):
                     Q(federal_agency__isnull=False),
                     then=F("federal_agency__federal_type"),
                 ),
-                # Otherwise, return the natively assigned value
+                # Otherwise, return empty string
                 default=Value(""),
             ),
         )
@@ -5164,7 +5164,7 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
                     Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False),
                     then=F("portfolio__federal_agency__federal_type"),
                 ),
-                # Otherwise, return the natively assigned value
+                # Otherwise, return empty string
                 default=Value(""),
             ),
         )
diff --git a/src/registrar/models/domain_information.py b/src/registrar/models/domain_information.py
index aa933e282..3839e5290 100644
--- a/src/registrar/models/domain_information.py
+++ b/src/registrar/models/domain_information.py
@@ -449,7 +449,9 @@ class DomainInformation(TimeStampedModel):
     def converted_federal_type(self):
         if self.portfolio:
             return self.portfolio.federal_type
-        return self.federal_type
+        elif self.federal_agency:
+            return self.federal_agency.federal_type
+        return None
 
     @property
     def converted_senior_official(self):
diff --git a/src/registrar/models/domain_request.py b/src/registrar/models/domain_request.py
index 1cca3742f..66519e9f0 100644
--- a/src/registrar/models/domain_request.py
+++ b/src/registrar/models/domain_request.py
@@ -1454,7 +1454,9 @@ class DomainRequest(TimeStampedModel):
     def converted_federal_type(self):
         if self.portfolio:
             return self.portfolio.federal_type
-        return self.federal_type
+        elif self.federal_agency:
+            return self.federal_agency.federal_type
+        return None
 
     @property
     def converted_address_line1(self):
diff --git a/src/registrar/tests/test_reports.py b/src/registrar/tests/test_reports.py
index 9ec3bd0d3..236e810cf 100644
--- a/src/registrar/tests/test_reports.py
+++ b/src/registrar/tests/test_reports.py
@@ -72,7 +72,7 @@ class CsvReportsTest(MockDbForSharedTests):
             fake_open = mock_open()
             expected_file_content = [
                 call("Domain name,Domain type,Agency,Organization name,City,State,Security contact email\r\n"),
-                call("cdomain11.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\r\n"),
+                call("cdomain11.gov,Federal,World War I Centennial Commission,,,,(blank)\r\n"),
                 call("cdomain1.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\r\n"),
                 call("adomain10.gov,Federal,Armed Forces Retirement Home,,,,(blank)\r\n"),
                 call("ddomain3.gov,Federal,Armed Forces Retirement Home,,,,(blank)\r\n"),
@@ -94,7 +94,7 @@ class CsvReportsTest(MockDbForSharedTests):
             fake_open = mock_open()
             expected_file_content = [
                 call("Domain name,Domain type,Agency,Organization name,City,State,Security contact email\r\n"),
-                call("cdomain11.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\r\n"),
+                call("cdomain11.gov,Federal,World War I Centennial Commission,,,,(blank)\r\n"),
                 call("cdomain1.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\r\n"),
                 call("adomain10.gov,Federal,Armed Forces Retirement Home,,,,(blank)\r\n"),
                 call("ddomain3.gov,Federal,Armed Forces Retirement Home,,,,(blank)\r\n"),
@@ -261,9 +261,6 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
             "defaultsecurity.gov,Ready,2023-11-01,(blank),Federal - Executive,"
             "Portfolio 1 Federal Agency,Portfolio 1 Federal Agency,,, ,,(blank),"
             '"big_lebowski@dude.co, info@example.com, meoward@rocks.com",woofwardthethird@rocks.com\n'
-            "cdomain11.gov,Ready,2024-04-02,(blank),Federal - Executive,"
-            "World War I Centennial Commission,,,, ,,(blank),"
-            "meoward@rocks.com,\n"
             "adomain10.gov,Ready,2024-04-03,(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,"
             "squeaker@rocks.com\n"
             "bdomain4.gov,Unknown,(blank),(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,\n"
@@ -274,6 +271,9 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
             "sdomain8.gov,Deleted,(blank),(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,\n"
             "xdomain7.gov,Deleted,(blank),(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,\n"
             "zdomain9.gov,Deleted,(blank),(blank),Federal,Armed Forces Retirement Home,,,, ,,(blank),,\n"
+            "cdomain11.gov,Ready,2024-04-02,(blank),Federal,"
+            "World War I Centennial Commission,,,, ,,(blank),"
+            "meoward@rocks.com,\n"
             "zdomain12.gov,Ready,2024-04-02,(blank),Interstate,,,,, ,,(blank),meoward@rocks.com,\n"
         )
 
@@ -498,7 +498,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
         # sorted alphabetially by domain name
         expected_content = (
             "Domain name,Domain type,Agency,Organization name,City,State,Security contact email\n"
-            "cdomain11.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\n"
+            "cdomain11.gov,Federal,World War I Centennial Commission,,,,(blank)\n"
             "defaultsecurity.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\n"
             "adomain10.gov,Federal,Armed Forces Retirement Home,,,,(blank)\n"
             "ddomain3.gov,Federal,Armed Forces Retirement Home,,,,security@mail.gov\n"
@@ -538,7 +538,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
         # sorted alphabetially by domain name
         expected_content = (
             "Domain name,Domain type,Agency,Organization name,City,State,Security contact email\n"
-            "cdomain11.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\n"
+            "cdomain11.gov,Federal,World War I Centennial Commission,,,,(blank)\n"
             "defaultsecurity.gov,Federal - Executive,World War I Centennial Commission,,,,(blank)\n"
             "adomain10.gov,Federal,Armed Forces Retirement Home,,,,(blank)\n"
             "ddomain3.gov,Federal,Armed Forces Retirement Home,,,,security@mail.gov\n"
@@ -594,7 +594,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
                     "State,Status,Expiration date, Deleted\n"
                     "cdomain1.gov,Federal-Executive,Portfolio1FederalAgency,Portfolio1FederalAgency,Ready,(blank)\n"
                     "adomain10.gov,Federal,ArmedForcesRetirementHome,Ready,(blank)\n"
-                    "cdomain11.gov,Federal-Executive,WorldWarICentennialCommission,Ready,(blank)\n"
+                    "cdomain11.gov,Federal,WorldWarICentennialCommission,Ready,(blank)\n"
                     "zdomain12.gov,Interstate,Ready,(blank)\n"
                     "zdomain9.gov,Federal,ArmedForcesRetirementHome,Deleted,(blank),2024-04-01\n"
                     "sdomain8.gov,Federal,ArmedForcesRetirementHome,Deleted,(blank),2024-04-02\n"
@@ -642,7 +642,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
             "3,2,1,0,0,0,0,0,0,0\n"
             "\n"
             "Domain name,Domain type,Domain managers,Invited domain managers\n"
-            "cdomain11.gov,Federal - Executive,meoward@rocks.com,\n"
+            "cdomain11.gov,Federal,meoward@rocks.com,\n"
             'cdomain1.gov,Federal - Executive,"big_lebowski@dude.co, info@example.com, meoward@rocks.com",'
             "woofwardthethird@rocks.com\n"
             "zdomain12.gov,Interstate,meoward@rocks.com,\n"
@@ -716,7 +716,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
             expected_content = (
                 "Domain request,Domain type,Federal type\n"
                 "city3.gov,Federal,Executive\n"
-                "city4.gov,City,Executive\n"
+                "city4.gov,City,\n"
                 "city6.gov,Federal,Executive\n"
             )
 
@@ -783,7 +783,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
                 "SO last name,SO email,SO title/role,Request purpose,Request additional details,Other contacts,"
                 "CISA regional representative,Current websites,Investigator\n"
                 # Content
-                "city5.gov,Approved,Federal,No,Executive,,Testorg,N/A,,NY,2,requested_suborg,SanFran,CA,,,,,1,0,"
+                "city5.gov,Approved,Federal,No,,,Testorg,N/A,,NY,2,requested_suborg,SanFran,CA,,,,,1,0,"
                 "city1.gov,Testy,Tester,testy@town.com,Chief Tester,Purpose of the site,There is more,"
                 "Testy Tester testy2@town.com,,city.com,\n"
                 "city2.gov,In review,Federal,Yes,Executive,Portfolio 1 Federal Agency,Portfolio 1 Federal Agency,"
@@ -795,7 +795,7 @@ class ExportDataTest(MockDbForIndividualTests, MockEppLib):
                 'There is more,"Meow Tester24 te2@town.com, Testy1232 Tester24 te2@town.com, '
                 'Testy Tester testy2@town.com",'
                 'test@igorville.com,"city.com, https://www.example2.com, https://www.example.com",\n'
-                "city4.gov,Submitted,City,No,Executive,,Testorg,Yes,,NY,2,,,,,,,,0,1,city1.gov,Testy,"
+                "city4.gov,Submitted,City,No,,,Testorg,Yes,,NY,2,,,,,,,,0,1,city1.gov,Testy,"
                 "Tester,testy@town.com,"
                 "Chief Tester,Purpose of the site,CISA-first-name CISA-last-name | There is more,"
                 "Testy Tester testy2@town.com,"
diff --git a/src/registrar/utility/csv_export.py b/src/registrar/utility/csv_export.py
index fad58b2e2..cde91baca 100644
--- a/src/registrar/utility/csv_export.py
+++ b/src/registrar/utility/csv_export.py
@@ -579,8 +579,8 @@ class DomainExport(BaseExport):
                     Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False),
                     then=F("portfolio__federal_agency__federal_type"),
                 ),
-                # Otherwise, return the natively assigned value
-                default=F("federal_type"),
+                # Otherwise, return the federal type from federal agency
+                default=F("federal_agency__federal_type"),
                 output_field=CharField(),
             ),
             "converted_organization_name": Case(
@@ -1654,8 +1654,8 @@ class DomainRequestExport(BaseExport):
                     Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False),
                     then=F("portfolio__federal_agency__federal_type"),
                 ),
-                # Otherwise, return the natively assigned value
-                default=F("federal_type"),
+                # Otherwise, return the federal type from federal agency
+                default=F("federal_agency__federal_type"),
                 output_field=CharField(),
             ),
             "converted_organization_name": Case(

From dcfa9e4804396eeac8f0e8a5fdf087f249b79a92 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 17 Mar 2025 13:42:25 -0400
Subject: [PATCH 189/285] fixed migrations

---
 .../{0142_create_groups_v18.py => 0143_create_groups_v18.py}    | 2 +-
 .../{0143_alter_user_options.py => 0144_alter_user_options.py}  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename src/registrar/migrations/{0142_create_groups_v18.py => 0143_create_groups_v18.py} (93%)
 rename src/registrar/migrations/{0143_alter_user_options.py => 0144_alter_user_options.py} (92%)

diff --git a/src/registrar/migrations/0142_create_groups_v18.py b/src/registrar/migrations/0143_create_groups_v18.py
similarity index 93%
rename from src/registrar/migrations/0142_create_groups_v18.py
rename to src/registrar/migrations/0143_create_groups_v18.py
index 74d4c2f50..d0b7a6dbc 100644
--- a/src/registrar/migrations/0142_create_groups_v18.py
+++ b/src/registrar/migrations/0143_create_groups_v18.py
@@ -26,7 +26,7 @@ def create_groups(apps, schema_editor) -> Any:
 
 class Migration(migrations.Migration):
     dependencies = [
-        ("registrar", "0141_alter_portfolioinvitation_additional_permissions_and_more"),
+        ("registrar", "0142_domainrequest_feb_naming_requirements_and_more"),
     ]
 
     operations = [
diff --git a/src/registrar/migrations/0143_alter_user_options.py b/src/registrar/migrations/0144_alter_user_options.py
similarity index 92%
rename from src/registrar/migrations/0143_alter_user_options.py
rename to src/registrar/migrations/0144_alter_user_options.py
index 58e5cf3d5..88b06afe8 100644
--- a/src/registrar/migrations/0143_alter_user_options.py
+++ b/src/registrar/migrations/0144_alter_user_options.py
@@ -6,7 +6,7 @@ from django.db import migrations
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("registrar", "0142_create_groups_v18"),
+        ("registrar", "0143_create_groups_v18"),
     ]
 
     operations = [

From 9ff8e8e0fbe71675905796e4820dbf6be672ea6b Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 17 Mar 2025 14:56:50 -0400
Subject: [PATCH 190/285] removed save buttons on readonly tables

---
 src/registrar/models/user_group.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/registrar/models/user_group.py b/src/registrar/models/user_group.py
index f2ffa50ed..c70879943 100644
--- a/src/registrar/models/user_group.py
+++ b/src/registrar/models/user_group.py
@@ -171,22 +171,22 @@ class UserGroup(Group):
             {
                 "app_label": "registrar",
                 "model": "federalagency",
-                "permissions": ["change_federalagency"],
+                "permissions": ["view_federalagency"],
             },
             {
                 "app_label": "registrar",
                 "model": "portfolio",
-                "permissions": ["change_portfolio"],
+                "permissions": ["view_portfolio"],
             },
             {
                 "app_label": "registrar",
                 "model": "suborganization",
-                "permissions": ["change_suborganization"],
+                "permissions": ["view_suborganization"],
             },
             {
                 "app_label": "registrar",
                 "model": "seniorofficial",
-                "permissions": ["change_seniorofficial"],
+                "permissions": ["view_seniorofficial"],
             },
         ]
 

From f275245f698dad4922a6ac3b6314b6f819b7bcee Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 17 Mar 2025 15:06:49 -0400
Subject: [PATCH 191/285] removed save buttons on readonly tables

---
 src/registrar/admin.py | 36 ------------------------------------
 1 file changed, 36 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 72bf7beb6..dbf5aa0ae 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -1473,15 +1473,6 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
                 return obj.federal_agency and obj.federal_agency.federal_type == BranchChoices.EXECUTIVE
         return super().has_view_permission(request, obj)
 
-    def has_change_permission(self, request, obj=None):
-        """Restrict update permissions based on group membership and model attributes."""
-        if request.user.has_perm("registrar.full_access_permission"):
-            return True
-        if obj:
-            if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.federal_agency and obj.federal_agency.federal_type == BranchChoices.EXECUTIVE
-        return super().has_change_permission(request, obj)
-
 
 class WebsiteResource(resources.ModelResource):
     """defines how each field in the referenced model should be mapped to the corresponding fields in the
@@ -4898,15 +4889,6 @@ class PortfolioAdmin(ListHeaderAdmin):
                 return obj.federal_type == BranchChoices.EXECUTIVE
         return super().has_view_permission(request, obj)
 
-    def has_change_permission(self, request, obj=None):
-        """Restrict update permissions based on group membership and model attributes."""
-        if request.user.has_perm("registrar.full_access_permission"):
-            return True
-        if obj:
-            if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.federal_type == BranchChoices.EXECUTIVE
-        return super().has_change_permission(request, obj)
-
     def change_view(self, request, object_id, form_url="", extra_context=None):
         """Add related suborganizations and domain groups.
         Add the summary for the portfolio members field (list of members that link to change_forms)."""
@@ -5013,15 +4995,6 @@ class FederalAgencyAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
                 return obj.federal_type == BranchChoices.EXECUTIVE
         return super().has_view_permission(request, obj)
 
-    def has_change_permission(self, request, obj=None):
-        """Restrict update permissions based on group membership and model attributes."""
-        if request.user.has_perm("registrar.full_access_permission"):
-            return True
-        if obj:
-            if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.federal_type == BranchChoices.EXECUTIVE
-        return super().has_change_permission(request, obj)
-
     def get_readonly_fields(self, request, obj=None):
         """Set the read-only state on form elements.
         We have 2 conditions that determine which fields are read-only:
@@ -5193,15 +5166,6 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
                 return obj.portfolio and obj.portfolio.federal_type == BranchChoices.EXECUTIVE
         return super().has_view_permission(request, obj)
 
-    def has_change_permission(self, request, obj=None):
-        """Restrict update permissions based on group membership and model attributes."""
-        if request.user.has_perm("registrar.full_access_permission"):
-            return True
-        if obj:
-            if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.portfolio and obj.portfolio.federal_type == BranchChoices.EXECUTIVE
-        return super().has_change_permission(request, obj)
-
 
 class AllowedEmailAdmin(ListHeaderAdmin):
     class Meta:

From 07b1010dd4b4534fc71f38096df47d2bfc86a4aa Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 17 Mar 2025 15:31:14 -0400
Subject: [PATCH 192/285] updated tests related to updated permissions

---
 src/registrar/admin.py            | 9 +++++----
 src/registrar/tests/test_admin.py | 8 ++++----
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index dbf5aa0ae..1df862255 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -1457,10 +1457,11 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
 
         # Check if user is in OMB analysts group
         if request.user.groups.filter(name="omb_analysts_group").exists():
-            annotated_qs = self.get_annotated_queryset(qs)
-            return annotated_qs.filter(
-                converted_federal_type=BranchChoices.EXECUTIVE,
-            )
+            # annotated_qs = self.get_annotated_queryset(qs)
+            # return annotated_qs.filter(
+            #     converted_federal_type=BranchChoices.EXECUTIVE,
+            # )
+            return qs.filter(federal_agency__federal_type=BranchChoices.EXECUTIVE)
 
         return qs  # Return full queryset if the user doesn't have the restriction
 
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index 7e34c63c7..8fd2744ec 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -3819,8 +3819,8 @@ class TestFederalAgencyAdmin(TestCase):
         self.assertNotContains(response, "id_federal_type")
         self.assertNotContains(response, "id_acronym")
         self.assertNotContains(response, "id_is_fceb")
-        self.assertNotContains(response, "closelink")
-        self.assertContains(response, "Save")
+        self.assertContains(response, "closelink")
+        self.assertNotContains(response, "Save")
         self.assertNotContains(response, "Delete")
 
     @less_console_noise_decorator
@@ -4083,8 +4083,8 @@ class TestPortfolioAdmin(TestCase):
         self.assertNotContains(response, "id_city")
         self.assertNotContains(response, "id_zipcode")
         self.assertNotContains(response, "id_urbanization")
-        self.assertNotContains(response, "closelink")
-        self.assertContains(response, "Save")
+        self.assertContains(response, "closelink")
+        self.assertNotContains(response, "Save")
         self.assertNotContains(response, "Delete")
 
     @less_console_noise_decorator

From f3901bbe7488fe552abcd344994c9df7b0f31083 Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Mon, 17 Mar 2025 12:42:46 -0700
Subject: [PATCH 193/285] Add link to design considerations wiki page to issue
 template

---
 .github/ISSUE_TEMPLATE/issue-default.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/issue-default.yml b/.github/ISSUE_TEMPLATE/issue-default.yml
index 292d0ebec..99ba3e2f9 100644
--- a/.github/ISSUE_TEMPLATE/issue-default.yml
+++ b/.github/ISSUE_TEMPLATE/issue-default.yml
@@ -19,7 +19,7 @@ body:
     id: acceptance-criteria
     attributes:
       label: Acceptance criteria
-      description: "If known, share 1-3 statements that would need to be true for this issue to be considered resolved. Use a [task list](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists#creating-task-lists) if appropriate."
+      description: "If known, share 1-3 statements that would need to be true for this issue to be considered resolved. Use a [task list](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists#creating-task-lists) if appropriate. Designers: [Adiitional considerations](https://github.com/cisagov/manage.get.gov/wiki/Design-work-considerations) are listed in the wiki and can be adapted to ACs here."
       placeholder: "- [ ]"
   - type: textarea
     id: additional-context

From 35a94688e249825d95cae42194da33d07767665a Mon Sep 17 00:00:00 2001
From: Kristina <140533113+witha-k@users.noreply.github.com>
Date: Mon, 17 Mar 2025 13:00:45 -0700
Subject: [PATCH 194/285] Fixed typo

---
 .github/ISSUE_TEMPLATE/issue-default.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/issue-default.yml b/.github/ISSUE_TEMPLATE/issue-default.yml
index 99ba3e2f9..f9a2f6260 100644
--- a/.github/ISSUE_TEMPLATE/issue-default.yml
+++ b/.github/ISSUE_TEMPLATE/issue-default.yml
@@ -19,7 +19,7 @@ body:
     id: acceptance-criteria
     attributes:
       label: Acceptance criteria
-      description: "If known, share 1-3 statements that would need to be true for this issue to be considered resolved. Use a [task list](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists#creating-task-lists) if appropriate. Designers: [Adiitional considerations](https://github.com/cisagov/manage.get.gov/wiki/Design-work-considerations) are listed in the wiki and can be adapted to ACs here."
+      description: "If known, share 1-3 statements that would need to be true for this issue to be considered resolved. Use a [task list](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists#creating-task-lists) if appropriate. Designers: [Additional considerations](https://github.com/cisagov/manage.get.gov/wiki/Design-work-considerations) are listed in the wiki and can be adapted to ACs here."
       placeholder: "- [ ]"
   - type: textarea
     id: additional-context

From d2e1035ffc7f1b0bf0627c3b6ed37ce3aacf56b6 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Mon, 17 Mar 2025 13:31:57 -0700
Subject: [PATCH 195/285] Separate unit tests into email and view tests

---
 src/registrar/tests/test_email_invitations.py | 53 ++++++++++++++++++-
 src/registrar/utility/email_invitations.py    |  2 +-
 2 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/src/registrar/tests/test_email_invitations.py b/src/registrar/tests/test_email_invitations.py
index 2331d35e8..949d06831 100644
--- a/src/registrar/tests/test_email_invitations.py
+++ b/src/registrar/tests/test_email_invitations.py
@@ -1,5 +1,5 @@
 import unittest
-from unittest.mock import patch, MagicMock
+from unittest.mock import patch, MagicMock, ANY
 from datetime import date
 from registrar.models.domain import Domain
 from registrar.models.portfolio import Portfolio
@@ -20,6 +20,7 @@ from registrar.utility.email_invitations import (
     send_portfolio_invitation_remove_email,
     send_portfolio_member_permission_remove_email,
     send_portfolio_member_permission_update_email,
+    send_portfolio_organization_update_email,
 )
 
 from api.tests.common import less_console_noise_decorator
@@ -1112,3 +1113,53 @@ class TestSendPortfolioInvitationRemoveEmail(unittest.TestCase):
 
         # Assertions
         mock_logger.warning.assert_not_called()  # Function should fail before logging email failure
+
+
+class TestSendPortfolioOrganizationUpdateEmail(unittest.TestCase):
+    """Unit tests for send_portfolio_organization_update_email function."""
+    def setUp(self):
+        """Set up test data."""
+        self.email = "removed.admin@example.com"
+        self.requestor_email = "requestor@example.com"
+        self.portfolio = MagicMock(spec=Portfolio, name="Portfolio")
+        self.portfolio.organization_name = "Test Organization"
+
+        # Mock portfolio admin users
+        self.admin_user1 = MagicMock(spec=User)
+        self.admin_user1.email = "admin1@example.com"
+
+        self.admin_user2 = MagicMock(spec=User)
+        self.admin_user2.email = "admin2@example.com"
+
+        self.portfolio_admin1 = MagicMock(spec=UserPortfolioPermission)
+        self.portfolio_admin1.user = self.admin_user1
+        self.portfolio_admin1.roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+
+        self.portfolio_admin2 = MagicMock(spec=UserPortfolioPermission)
+        self.portfolio_admin2.user = self.admin_user2
+        self.portfolio_admin2.roles = [UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+
+    @patch("registrar.utility.email_invitations.send_templated_email")
+    @patch("registrar.utility.email_invitations.UserPortfolioPermission.objects.filter")
+    def test_send_portfolio_organization_update_email(self, mock_filter, mock_send_templated_email):
+        """Test send_portfolio_organization_update_email sends templated email."""
+        # Mock data
+        editor = self.admin_user1
+        updated_page = "Organization"
+
+        mock_filter.return_value.exclude.return_value = [self.portfolio_admin2]
+        mock_send_templated_email.return_value = None  # No exception means success
+
+        # Call function
+        result = send_portfolio_organization_update_email(editor, self.portfolio, updated_page)
+
+        mock_filter.assert_called_once_with(
+            portfolio=self.portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
+        )
+        mock_send_templated_email.assert_any_call(
+            "emails/portfolio_org_update_notification.txt",
+            "emails/portfolio_org_update_notification_subject.txt",
+            to_address=self.admin_user2.email,
+            context=ANY,
+        )
+        self.assertTrue(result)
\ No newline at end of file
diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index f98ef5459..72f6c7391 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -264,7 +264,7 @@ def send_portfolio_organization_update_email(editor, portfolio, updated_page):
                     "editor": editor,
                     "portfolio_admin": user,
                     "date": date.today(),
-                    "updated_info": "Organization",
+                    "updated_info": updated_page,
                 },
             )
         except EmailSendingError:

From 3dac65df79f1db5e1ce423df4a26a3f43526b9df Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Mon, 17 Mar 2025 13:37:58 -0700
Subject: [PATCH 196/285] Refactor portfolio view tests

---
 src/registrar/tests/test_views_portfolio.py | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 8d539e5ad..053c9a566 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -433,8 +433,8 @@ class TestPortfolio(WebTest):
 
     @boto3_mocking.patching
     @less_console_noise_decorator
-    @patch("registrar.utility.email_invitations.send_templated_email")
-    def test_org_update_sends_admin_email(self, mock_send_templated_email):
+    @patch("registrar.views.portfolios.send_portfolio_organization_update_email")
+    def test_org_update_sends_admin_email(self, mock_send_organization_update_email):
         """Updating organization information emails organization admin."""
         with override_flag("organization_feature", active=True):
             self.app.set_user(self.user.username)
@@ -469,12 +469,7 @@ class TestPortfolio(WebTest):
             self.assertEqual(success_result_page.status_code, 302)
 
             # Verify that the notification emails were sent to domain manager
-            mock_send_templated_email.assert_called_once_with(
-                "emails/portfolio_org_update_notification.txt",
-                "emails/portfolio_org_update_notification_subject.txt",
-                to_address=self.admin.email,
-                context=ANY,
-            )
+            mock_send_organization_update_email.assert_called_once()
 
     @less_console_noise_decorator
     def test_portfolio_in_session_when_organization_feature_active(self):

From b2fd131c30f17776c1a9e43c42f3f5c0b62c986a Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Mon, 17 Mar 2025 16:04:24 -0500
Subject: [PATCH 197/285] break eop stakeholder into multiple fields

---
 src/registrar/forms/feb.py                    | 18 ++++------
 ...0143_domainrequest_eop_contact_and_more.py | 30 -----------------
 ...nrequest_eop_stakeholder_email_and_more.py | 33 +++++++++++++++++++
 src/registrar/models/domain_request.py        | 18 +++++++---
 src/registrar/tests/test_admin_request.py     |  4 ++-
 5 files changed, 56 insertions(+), 47 deletions(-)
 delete mode 100644 src/registrar/migrations/0143_domainrequest_eop_contact_and_more.py
 create mode 100644 src/registrar/migrations/0143_domainrequest_eop_stakeholder_email_and_more.py

diff --git a/src/registrar/forms/feb.py b/src/registrar/forms/feb.py
index 05b2acf3f..339151c71 100644
--- a/src/registrar/forms/feb.py
+++ b/src/registrar/forms/feb.py
@@ -147,8 +147,6 @@ class EOPContactForm(BaseDeletableRegistrarForm):
     Executive Branch (FEB) agency is working with.
     """
 
-    field_name = "eop_contact"
-
     first_name = forms.CharField(
         label="First name / given name",
         error_messages={"required": "Enter the first name / given name of this contact."},
@@ -178,12 +176,10 @@ class EOPContactForm(BaseDeletableRegistrarForm):
 
     @classmethod
     def from_database(cls, obj):
-        if not obj.eop_contact:
-            return {}
         return {
-            "first_name": obj.eop_contact.first_name,
-            "last_name": obj.eop_contact.last_name,
-            "email": obj.eop_contact.email,
+            "first_name": obj.eop_stakeholder_first_name,
+            "last_name": obj.eop_stakeholder_last_name,
+            "email": obj.eop_stakeholder_email,
         }
 
     def to_database(self, obj):
@@ -195,11 +191,9 @@ class EOPContactForm(BaseDeletableRegistrarForm):
             return
         if not self.is_valid():
             return
-        obj.eop_contact = Contact.objects.create(
-            first_name=self.cleaned_data["first_name"],
-            last_name=self.cleaned_data["last_name"],
-            email=self.cleaned_data["email"],
-        )
+        obj.eop_stakeholder_first_name = self.cleaned_data["first_name"]
+        obj.eop_stakeholder_last_name = self.cleaned_data["last_name"]
+        obj.eop_stakeholder_email = self.cleaned_data["email"]
         obj.save()
 
 
diff --git a/src/registrar/migrations/0143_domainrequest_eop_contact_and_more.py b/src/registrar/migrations/0143_domainrequest_eop_contact_and_more.py
deleted file mode 100644
index a5c65f26f..000000000
--- a/src/registrar/migrations/0143_domainrequest_eop_contact_and_more.py
+++ /dev/null
@@ -1,30 +0,0 @@
-# Generated by Django 4.2.17 on 2025-03-11 18:10
-
-from django.db import migrations, models
-import django.db.models.deletion
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ("registrar", "0142_domainrequest_feb_naming_requirements_and_more"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="domainrequest",
-            name="eop_contact",
-            field=models.ForeignKey(
-                blank=True,
-                null=True,
-                on_delete=django.db.models.deletion.PROTECT,
-                related_name="eop_contact",
-                to="registrar.contact",
-            ),
-        ),
-        migrations.AddField(
-            model_name="domainrequest",
-            name="working_with_eop",
-            field=models.BooleanField(blank=True, null=True),
-        ),
-    ]
diff --git a/src/registrar/migrations/0143_domainrequest_eop_stakeholder_email_and_more.py b/src/registrar/migrations/0143_domainrequest_eop_stakeholder_email_and_more.py
new file mode 100644
index 000000000..3cf65047c
--- /dev/null
+++ b/src/registrar/migrations/0143_domainrequest_eop_stakeholder_email_and_more.py
@@ -0,0 +1,33 @@
+# Generated by Django 4.2.17 on 2025-03-17 20:44
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("registrar", "0142_domainrequest_feb_naming_requirements_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="domainrequest",
+            name="eop_stakeholder_email",
+            field=models.EmailField(blank=True, max_length=254, null=True, verbose_name="EOP Stakeholder Email"),
+        ),
+        migrations.AddField(
+            model_name="domainrequest",
+            name="eop_stakeholder_first_name",
+            field=models.CharField(blank=True, null=True, verbose_name="EOP Stakeholder First Name"),
+        ),
+        migrations.AddField(
+            model_name="domainrequest",
+            name="eop_stakeholder_last_name",
+            field=models.CharField(blank=True, null=True, verbose_name="EOP Stakeholder Last Name"),
+        ),
+        migrations.AddField(
+            model_name="domainrequest",
+            name="working_with_eop",
+            field=models.BooleanField(blank=True, null=True),
+        ),
+    ]
diff --git a/src/registrar/models/domain_request.py b/src/registrar/models/domain_request.py
index f80ab08d0..1499ec109 100644
--- a/src/registrar/models/domain_request.py
+++ b/src/registrar/models/domain_request.py
@@ -528,12 +528,22 @@ class DomainRequest(TimeStampedModel):
         blank=True,
     )
 
-    eop_contact = models.ForeignKey(
-        "registrar.Contact",
+    eop_stakeholder_first_name = models.CharField(
         null=True,
         blank=True,
-        related_name="eop_contact",
-        on_delete=models.PROTECT,
+        verbose_name="EOP Stakeholder First Name",
+    )
+
+    eop_stakeholder_last_name = models.CharField(
+        null=True,
+        blank=True,
+        verbose_name="EOP Stakeholder Last Name",
+    )
+
+    eop_stakeholder_email = models.EmailField(
+        null=True,
+        blank=True,
+        verbose_name="EOP Stakeholder Email",
     )
 
     # This field is alternately used for generic domain purpose explanations
diff --git a/src/registrar/tests/test_admin_request.py b/src/registrar/tests/test_admin_request.py
index 7bc150326..b7d9b7e81 100644
--- a/src/registrar/tests/test_admin_request.py
+++ b/src/registrar/tests/test_admin_request.py
@@ -1985,7 +1985,9 @@ class TestDomainRequestAdmin(MockEppLib):
             "feb_naming_requirements_details",
             "feb_purpose_choice",
             "working_with_eop",
-            "eop_contact",
+            "eop_stakeholder_first_name",
+            "eop_stakeholder_last_name",
+            "eop_stakeholder_email",
             "purpose",
             "has_timeframe",
             "time_frame_details",

From 0231877cd9af541c14d61b8f4e28144a8072e95a Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Mon, 17 Mar 2025 14:40:57 -0700
Subject: [PATCH 198/285] Rename email methods

---
 src/registrar/tests/test_email_invitations.py | 10 +++++-----
 src/registrar/tests/test_views_portfolio.py   |  2 +-
 src/registrar/utility/email_invitations.py    |  2 +-
 src/registrar/views/portfolios.py             |  6 +++---
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/registrar/tests/test_email_invitations.py b/src/registrar/tests/test_email_invitations.py
index 949d06831..a36c5ab9f 100644
--- a/src/registrar/tests/test_email_invitations.py
+++ b/src/registrar/tests/test_email_invitations.py
@@ -20,7 +20,7 @@ from registrar.utility.email_invitations import (
     send_portfolio_invitation_remove_email,
     send_portfolio_member_permission_remove_email,
     send_portfolio_member_permission_update_email,
-    send_portfolio_organization_update_email,
+    send_portfolio_update_emails_to_portfolio_admins,
 )
 
 from api.tests.common import less_console_noise_decorator
@@ -1116,7 +1116,7 @@ class TestSendPortfolioInvitationRemoveEmail(unittest.TestCase):
 
 
 class TestSendPortfolioOrganizationUpdateEmail(unittest.TestCase):
-    """Unit tests for send_portfolio_organization_update_email function."""
+    """Unit tests for send_portfolio_update_emails_to_portfolio_admins function."""
     def setUp(self):
         """Set up test data."""
         self.email = "removed.admin@example.com"
@@ -1141,8 +1141,8 @@ class TestSendPortfolioOrganizationUpdateEmail(unittest.TestCase):
 
     @patch("registrar.utility.email_invitations.send_templated_email")
     @patch("registrar.utility.email_invitations.UserPortfolioPermission.objects.filter")
-    def test_send_portfolio_organization_update_email(self, mock_filter, mock_send_templated_email):
-        """Test send_portfolio_organization_update_email sends templated email."""
+    def test_send_portfolio_update_emails_to_portfolio_admins(self, mock_filter, mock_send_templated_email):
+        """Test send_portfolio_update_emails_to_portfolio_admins sends templated email."""
         # Mock data
         editor = self.admin_user1
         updated_page = "Organization"
@@ -1151,7 +1151,7 @@ class TestSendPortfolioOrganizationUpdateEmail(unittest.TestCase):
         mock_send_templated_email.return_value = None  # No exception means success
 
         # Call function
-        result = send_portfolio_organization_update_email(editor, self.portfolio, updated_page)
+        result = send_portfolio_update_emails_to_portfolio_admins(editor, self.portfolio, updated_page)
 
         mock_filter.assert_called_once_with(
             portfolio=self.portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 053c9a566..4199b53ea 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -433,7 +433,7 @@ class TestPortfolio(WebTest):
 
     @boto3_mocking.patching
     @less_console_noise_decorator
-    @patch("registrar.views.portfolios.send_portfolio_organization_update_email")
+    @patch("registrar.views.portfolios.send_portfolio_update_emails_to_portfolio_admins")
     def test_org_update_sends_admin_email(self, mock_send_organization_update_email):
         """Updating organization information emails organization admin."""
         with override_flag("organization_feature", active=True):
diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index 72f6c7391..6f3a8151b 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -227,7 +227,7 @@ def send_portfolio_invitation_email(email: str, requestor, portfolio, is_admin_i
     return all_admin_emails_sent
 
 
-def send_portfolio_organization_update_email(editor, portfolio, updated_page):
+def send_portfolio_update_emails_to_portfolio_admins(editor, portfolio, updated_page):
     """
     Sends an email notification to all portfolio admin when portfolio organization is updated.
 
diff --git a/src/registrar/views/portfolios.py b/src/registrar/views/portfolios.py
index e7ae69818..a190f9fb2 100644
--- a/src/registrar/views/portfolios.py
+++ b/src/registrar/views/portfolios.py
@@ -35,7 +35,7 @@ from registrar.utility.email_invitations import (
     send_portfolio_invitation_remove_email,
     send_portfolio_member_permission_remove_email,
     send_portfolio_member_permission_update_email,
-    send_portfolio_organization_update_email,
+    send_portfolio_update_emails_to_portfolio_admins,
 )
 from registrar.utility.errors import MissingEmailError
 from registrar.utility.enums import DefaultUserValues
@@ -853,7 +853,7 @@ class PortfolioOrganizationView(DetailView, FormMixin):
         if form.is_valid():
             user = request.user
             try:
-                if not send_portfolio_organization_update_email(
+                if not send_portfolio_update_emails_to_portfolio_admins(
                     editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Organization"
                 ):
                     messages.warning(self.request, "Could not send email notification to all organization admins.")
@@ -924,7 +924,7 @@ class PortfolioSeniorOfficialView(DetailView, FormMixin):
         if form.is_valid():
             user = request.user
             try:
-                if not send_portfolio_organization_update_email(
+                if not send_portfolio_update_emails_to_portfolio_admins(
                     editor=user, portfolio=self.request.session.get("portfolio"), updated_page="Senior Official"
                 ):
                     messages.warning(self.request, "Could not send email notification to all organization admins.")

From 19fdcc4c915874b0fb2ad2bedc6f245b37c9e467 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Mon, 17 Mar 2025 14:48:09 -0700
Subject: [PATCH 199/285] Fix linting

---
 src/registrar/tests/test_email_invitations.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/registrar/tests/test_email_invitations.py b/src/registrar/tests/test_email_invitations.py
index a36c5ab9f..550ba12cf 100644
--- a/src/registrar/tests/test_email_invitations.py
+++ b/src/registrar/tests/test_email_invitations.py
@@ -1117,6 +1117,7 @@ class TestSendPortfolioInvitationRemoveEmail(unittest.TestCase):
 
 class TestSendPortfolioOrganizationUpdateEmail(unittest.TestCase):
     """Unit tests for send_portfolio_update_emails_to_portfolio_admins function."""
+
     def setUp(self):
         """Set up test data."""
         self.email = "removed.admin@example.com"
@@ -1162,4 +1163,4 @@ class TestSendPortfolioOrganizationUpdateEmail(unittest.TestCase):
             to_address=self.admin_user2.email,
             context=ANY,
         )
-        self.assertTrue(result)
\ No newline at end of file
+        self.assertTrue(result)

From e7234c4ba4cacccc83ec7c59644593591d0aa62c Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Mon, 17 Mar 2025 14:48:22 -0700
Subject: [PATCH 200/285] Email org editor when org updated

---
 src/registrar/tests/test_email_invitations.py | 2 +-
 src/registrar/utility/email_invitations.py    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/tests/test_email_invitations.py b/src/registrar/tests/test_email_invitations.py
index 550ba12cf..df99ae081 100644
--- a/src/registrar/tests/test_email_invitations.py
+++ b/src/registrar/tests/test_email_invitations.py
@@ -1148,7 +1148,7 @@ class TestSendPortfolioOrganizationUpdateEmail(unittest.TestCase):
         editor = self.admin_user1
         updated_page = "Organization"
 
-        mock_filter.return_value.exclude.return_value = [self.portfolio_admin2]
+        mock_filter.return_value = [self.portfolio_admin1, self.portfolio_admin2]
         mock_send_templated_email.return_value = None  # No exception means success
 
         # Call function
diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index 6f3a8151b..8e3d98418 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -249,7 +249,7 @@ def send_portfolio_update_emails_to_portfolio_admins(editor, portfolio, updated_
     # Get each portfolio admin from list
     user_portfolio_permissions = UserPortfolioPermission.objects.filter(
         portfolio=portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
-    ).exclude(user__email=editor_email)
+    )
     for user_portfolio_permission in user_portfolio_permissions:
         # Send email to each portfolio_admin
         user = user_portfolio_permission.user

From 6e50339ffa8728dc0a7643c52191a7302b16579c Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Mon, 17 Mar 2025 14:49:05 -0700
Subject: [PATCH 201/285] Test org editor also emailed when org updated

---
 src/registrar/tests/test_email_invitations.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/registrar/tests/test_email_invitations.py b/src/registrar/tests/test_email_invitations.py
index df99ae081..152530cc7 100644
--- a/src/registrar/tests/test_email_invitations.py
+++ b/src/registrar/tests/test_email_invitations.py
@@ -1157,6 +1157,12 @@ class TestSendPortfolioOrganizationUpdateEmail(unittest.TestCase):
         mock_filter.assert_called_once_with(
             portfolio=self.portfolio, roles__contains=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN]
         )
+        mock_send_templated_email.assert_any_call(
+            "emails/portfolio_org_update_notification.txt",
+            "emails/portfolio_org_update_notification_subject.txt",
+            to_address=self.admin_user1.email,
+            context=ANY,
+        )
         mock_send_templated_email.assert_any_call(
             "emails/portfolio_org_update_notification.txt",
             "emails/portfolio_org_update_notification_subject.txt",

From 66a55ec6e62349ee06c2a25f421774803b96f318 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Mon, 17 Mar 2025 15:05:19 -0700
Subject: [PATCH 202/285] Remove unused import

---
 src/registrar/tests/test_views_portfolio.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/tests/test_views_portfolio.py b/src/registrar/tests/test_views_portfolio.py
index 4199b53ea..d196ce47c 100644
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@@ -2,7 +2,7 @@ from django.urls import reverse
 from api.tests.common import less_console_noise_decorator
 from registrar.config import settings
 from registrar.models import Portfolio, SeniorOfficial
-from unittest.mock import MagicMock, patch, ANY
+from unittest.mock import MagicMock, patch
 from django_webtest import WebTest  # type: ignore
 from django.core.handlers.wsgi import WSGIRequest
 from registrar.models import (

From a32479eddb2c0a94a5e0c39b7cb37e36f7d11844 Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Mon, 17 Mar 2025 15:11:01 -0700
Subject: [PATCH 203/285] Remove unused variable

---
 src/registrar/utility/email_invitations.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/registrar/utility/email_invitations.py b/src/registrar/utility/email_invitations.py
index 8e3d98418..9fa8c39fa 100644
--- a/src/registrar/utility/email_invitations.py
+++ b/src/registrar/utility/email_invitations.py
@@ -244,7 +244,6 @@ def send_portfolio_update_emails_to_portfolio_admins(editor, portfolio, updated_
         MissingEmailError: If the requestor has no email associated with their account.
         EmailSendingError: If there is an error while sending the email.
     """
-    editor_email = editor.email
     all_emails_sent = True
     # Get each portfolio admin from list
     user_portfolio_permissions = UserPortfolioPermission.objects.filter(

From b2fc4e4f42754270f42e1033bf504db81e0d8e1c Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Mon, 17 Mar 2025 19:36:20 -0400
Subject: [PATCH 204/285] Fix typo in docs

---
 docs/developer/README.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/developer/README.md b/docs/developer/README.md
index 442a13634..9fc79dce8 100644
--- a/docs/developer/README.md
+++ b/docs/developer/README.md
@@ -309,11 +309,11 @@ We use the [CSS Block Element Modifier (BEM)](https://getbem.com/naming/) naming
 
 1. Version numbers can be manually controlled in `package.json`. Edit that, if desired.
 2. Now run `npx gulp updateUswds`. Refer to [official docs](https://designsystem.digital.gov/documentation/getting-started/developers/phase-two-compile/) to see what this is doing.
-4. Make note of the dotgov changes in uswds-edited.js (Ctrl-F DOTGOV for modifications to USWDS compiled code).
-5. Copy over the newly compiled code from uswds.js into uswds-edited.js.
-6. Put back the dotgov changes you made note of into uswds-edited.js.
-7. Examine the results in the running application (remember to empty your cache!) and commit `package.json` and `package-lock.json` if all is well.
-8. Read the [release notes](https://github.com/uswds/uswds/releases) for the new versions installed, note 'Breaking' and 'Markup change' and make adjustments to the code base as needed.
+3. Make note of the dotgov changes in uswds-edited.js (Ctrl-F DOTGOV for modifications to USWDS compiled code).
+4. Copy over the newly compiled code from uswds.js into uswds-edited.js.
+5. Put back the dotgov changes you made note of into uswds-edited.js.
+6. Examine the results in the running application (remember to empty your cache!) and commit `package.json` and `package-lock.json` if all is well.
+7. Read the [release notes](https://github.com/uswds/uswds/releases) for the new versions installed, note 'Breaking' and 'Markup change' and make adjustments to the code base as needed.
 
 ## Finite State Machines
 

From 192a7bb8a40989a77f70929b85123ff6b415cac1 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 18 Mar 2025 06:50:49 -0400
Subject: [PATCH 205/285] removed unnecessary code from SeniorOfficialAdmin

---
 src/registrar/admin.py | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index 1df862255..bb729f20e 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -1404,19 +1404,6 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
     # in autocomplete_fields for Senior Official
     ordering = ["first_name", "last_name"]
 
-    def get_annotated_queryset(self, queryset):
-        return queryset.annotate(
-            converted_federal_type=Case(
-                # When portfolio is present, use its value instead
-                When(
-                    Q(federal_agency__isnull=False),
-                    then=F("federal_agency__federal_type"),
-                ),
-                # Otherwise, return the natively assigned value
-                default=Value(""),
-            ),
-        )
-
     readonly_fields = []
 
     # Even though this is empty, I will leave it as a stub for easy changes in the future
@@ -1457,10 +1444,6 @@ class SeniorOfficialAdmin(ListHeaderAdmin):
 
         # Check if user is in OMB analysts group
         if request.user.groups.filter(name="omb_analysts_group").exists():
-            # annotated_qs = self.get_annotated_queryset(qs)
-            # return annotated_qs.filter(
-            #     converted_federal_type=BranchChoices.EXECUTIVE,
-            # )
             return qs.filter(federal_agency__federal_type=BranchChoices.EXECUTIVE)
 
         return qs  # Return full queryset if the user doesn't have the restriction

From 5528390ee9a83332f1097e74feec3384afc04063 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 18 Mar 2025 07:45:42 -0400
Subject: [PATCH 206/285] cleaned up unnecessary code

---
 src/registrar/admin.py | 47 +++++-------------------------------------
 1 file changed, 5 insertions(+), 42 deletions(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index bb729f20e..b2d9e9e97 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -4836,19 +4836,6 @@ class PortfolioAdmin(ListHeaderAdmin):
         readonly_fields.extend([field for field in self.analyst_readonly_fields])
         return readonly_fields
 
-    def get_annotated_queryset(self, queryset):
-        return queryset.annotate(
-            converted_federal_type=Case(
-                # When portfolio is present, use its value instead
-                When(
-                    Q(federal_agency__isnull=False),
-                    then=F("federal_agency__federal_type"),
-                ),
-                # Otherwise, return empty string
-                default=Value(""),
-            ),
-        )
-
     def get_queryset(self, request):
         """Restrict queryset based on user permissions."""
         qs = super().get_queryset(request)
@@ -4856,11 +4843,7 @@ class PortfolioAdmin(ListHeaderAdmin):
         # Check if user is in OMB analysts group
         if request.user.groups.filter(name="omb_analysts_group").exists():
             self.is_omb_analyst = True
-            annotated_qs = self.get_annotated_queryset(qs)
-            return annotated_qs.filter(
-                organization_type=DomainRequest.OrganizationChoices.FEDERAL,
-                converted_federal_type=BranchChoices.EXECUTIVE,
-            )
+            return qs.filter(federal_agency__federal_type=BranchChoices.EXECUTIVE)
 
         return qs  # Return full queryset if the user doesn't have the restriction
 
@@ -5110,34 +5093,14 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         extra_context = {"domain_requests": domain_requests, "domains": domains}
         return super().change_view(request, object_id, form_url, extra_context)
 
-    def get_annotated_queryset(self, queryset):
-        return queryset.annotate(
-            converted_federal_type=Case(
-                # When portfolio is present, use its value instead
-                When(
-                    Q(portfolio__isnull=False) & Q(portfolio__federal_agency__isnull=False),
-                    then=F("portfolio__federal_agency__federal_type"),
-                ),
-                # Otherwise, return empty string
-                default=Value(""),
-            ),
-        )
-
     def get_queryset(self, request):
-        """Custom get_queryset to filter by portfolio if portfolio is in the
-        request params."""
+        """Custom get_queryset to filter for OMB analysts."""
         qs = super().get_queryset(request)
-        # Check if a 'portfolio' parameter is passed in the request
-        portfolio_id = request.GET.get("portfolio")
-        if portfolio_id:
-            # Further filter the queryset by the portfolio
-            qs = qs.filter(portfolio=portfolio_id)
         # Check if user is in OMB analysts group
         if request.user.groups.filter(name="omb_analysts_group").exists():
-            annotated_qs = self.get_annotated_queryset(qs)
-            return annotated_qs.filter(
+            return qs.filter(
                 portfolio__organization_type=DomainRequest.OrganizationChoices.FEDERAL,
-                converted_federal_type=BranchChoices.EXECUTIVE,
+                portfolio__federal_agency__federal_type=BranchChoices.EXECUTIVE,
             )
         return qs
 
@@ -5147,7 +5110,7 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
             return True
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.portfolio and obj.portfolio.federal_type == BranchChoices.EXECUTIVE
+                return obj.portfolio and obj.portfolio.federal_agency and obj.portfolio.federal_agency.federal_type == BranchChoices.EXECUTIVE
         return super().has_view_permission(request, obj)
 
 

From 531d8c7e9411076271dca9879d96fb040059d51f Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 18 Mar 2025 09:02:14 -0400
Subject: [PATCH 207/285] removed unnecessary permission

---
 src/registrar/admin.py                        |  2 +-
 .../js/getgov-admin/domain-request-form.js    | 10 ++++----
 src/registrar/decorators.py                   |  2 +-
 .../migrations/0144_alter_user_options.py     | 23 -------------------
 src/registrar/models/user.py                  |  1 -
 src/registrar/models/user_group.py            |  5 ----
 6 files changed, 8 insertions(+), 35 deletions(-)
 delete mode 100644 src/registrar/migrations/0144_alter_user_options.py

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index b2d9e9e97..c2be81066 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -4361,7 +4361,7 @@ class DomainAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
         if (
             request.user.has_perm("registrar.full_access_permission")
             or request.user.has_perm("registrar.analyst_access_permission")
-            or request.user.has_perm("registrar.omb_analyst_access_permission")
+            or request.user.groups.filter(name="omb_analysts_group").exists()
         ):
             return True
         return super().has_change_permission(request, obj)
diff --git a/src/registrar/assets/src/js/getgov-admin/domain-request-form.js b/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
index e7bf8f00e..16acaf91c 100644
--- a/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
+++ b/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
@@ -465,23 +465,25 @@ class CustomizableEmailBase {
     }
 
     initializeModalConfirm() {
+        // When the modal confirm button is present, add a listener
         if (this.modalConfirm) {
             this.modalConfirm.addEventListener("click", () => {
                 this.textarea.removeAttribute('readonly');
                 this.textarea.focus();
-                    hideElement(this.directEditButton);
-                    hideElement(this.modalTrigger);  
+                hideElement(this.directEditButton);
+                hideElement(this.modalTrigger);  
             });
         }
     }
 
     initializeDirectEditButton() {
+        // When the direct edit button is present, add a listener
         if (this.directEditButton) {
             this.directEditButton.addEventListener("click", () => {
                 this.textarea.removeAttribute('readonly');
                 this.textarea.focus();
-                    hideElement(this.directEditButton);
-                    hideElement(this.modalTrigger);  
+                hideElement(this.directEditButton);
+                hideElement(this.modalTrigger);  
             });
         }
     }
diff --git a/src/registrar/decorators.py b/src/registrar/decorators.py
index fcff02b32..d607935a2 100644
--- a/src/registrar/decorators.py
+++ b/src/registrar/decorators.py
@@ -112,7 +112,7 @@ def _user_has_permission(user, request, rules, **kwargs):
     permission_checks = [
         (IS_STAFF, lambda: user.is_staff),
         (IS_CISA_ANALYST, lambda: user.has_perm("registrar.analyst_access_permission")),
-        (IS_OMB_ANALYST, lambda: user.has_perm("registrar.omb_analyst_access_permission")),
+        (IS_OMB_ANALYST, lambda: user.groups.filter(name="omb_analysts_group").exists()),
         (IS_FULL_ACCESS, lambda: user.has_perm("registrar.full_access_permission")),
         (
             IS_DOMAIN_MANAGER,
diff --git a/src/registrar/migrations/0144_alter_user_options.py b/src/registrar/migrations/0144_alter_user_options.py
deleted file mode 100644
index 88b06afe8..000000000
--- a/src/registrar/migrations/0144_alter_user_options.py
+++ /dev/null
@@ -1,23 +0,0 @@
-# Generated by Django 4.2.17 on 2025-03-06 20:00
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ("registrar", "0143_create_groups_v18"),
-    ]
-
-    operations = [
-        migrations.AlterModelOptions(
-            name="user",
-            options={
-                "permissions": [
-                    ("analyst_access_permission", "Analyst Access Permission"),
-                    ("omb_analyst_access_permission", "OMB Analyst Access Permission"),
-                    ("full_access_permission", "Full Access Permission"),
-                ]
-            },
-        ),
-    ]
diff --git a/src/registrar/models/user.py b/src/registrar/models/user.py
index 7ee4fefdf..d5476ab9a 100644
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@@ -40,7 +40,6 @@ class User(AbstractUser):
 
         permissions = [
             ("analyst_access_permission", "Analyst Access Permission"),
-            ("omb_analyst_access_permission", "OMB Analyst Access Permission"),
             ("full_access_permission", "Full Access Permission"),
         ]
 
diff --git a/src/registrar/models/user_group.py b/src/registrar/models/user_group.py
index c70879943..331e36605 100644
--- a/src/registrar/models/user_group.py
+++ b/src/registrar/models/user_group.py
@@ -158,11 +158,6 @@ class UserGroup(Group):
                 "model": "domain",
                 "permissions": ["view_domain"],
             },
-            {
-                "app_label": "registrar",
-                "model": "user",
-                "permissions": ["omb_analyst_access_permission"],
-            },
             {
                 "app_label": "registrar",
                 "model": "domaininvitation",

From 153d92542b8a198b7ac65980c14e827b503a3ee2 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 18 Mar 2025 09:14:52 -0400
Subject: [PATCH 208/285] linted

---
 src/registrar/admin.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index c2be81066..83c547269 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -5110,7 +5110,11 @@ class SuborganizationAdmin(ListHeaderAdmin, ImportExportRegistrarModelAdmin):
             return True
         if obj:
             if request.user.groups.filter(name="omb_analysts_group").exists():
-                return obj.portfolio and obj.portfolio.federal_agency and obj.portfolio.federal_agency.federal_type == BranchChoices.EXECUTIVE
+                return (
+                    obj.portfolio
+                    and obj.portfolio.federal_agency
+                    and obj.portfolio.federal_agency.federal_type == BranchChoices.EXECUTIVE
+                )
         return super().has_view_permission(request, obj)
 
 

From a37cef619bfb063513fd8f9ed8bffc3ed20f0ba6 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 18 Mar 2025 11:01:09 -0400
Subject: [PATCH 209/285] fixed dynamic javascript on domain change form when
 portfolio readonly

---
 .../helpers-portfolio-dynamic-fields.js       | 44 ++++++++++++++++---
 1 file changed, 37 insertions(+), 7 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov-admin/helpers-portfolio-dynamic-fields.js b/src/registrar/assets/src/js/getgov-admin/helpers-portfolio-dynamic-fields.js
index 54d0e073b..3880e63fa 100644
--- a/src/registrar/assets/src/js/getgov-admin/helpers-portfolio-dynamic-fields.js
+++ b/src/registrar/assets/src/js/getgov-admin/helpers-portfolio-dynamic-fields.js
@@ -12,7 +12,9 @@ export function handlePortfolioSelection(
     suborgDropdownSelector="#id_sub_organization"
 ) {
     // These dropdown are select2 fields so they must be interacted with via jquery
+    // In the event that these fields are readonly, need a variable to reference their row
     const portfolioDropdown = django.jQuery(portfolioDropdownSelector);
+    const portfolioField = document.querySelector(".field-portfolio");
     const suborganizationDropdown = django.jQuery(suborgDropdownSelector);
     const suborganizationField = document.querySelector(".field-sub_organization");
     const requestedSuborganizationField = document.querySelector(".field-requested_suborganization");
@@ -394,14 +396,30 @@ export function handlePortfolioSelection(
      * - Various global field elements (e.g., `suborganizationField`, `seniorOfficialField`, `portfolioOrgTypeFieldSet`) are used.
      */
     function updatePortfolioFieldsDisplay() {
-        // Retrieve the selected portfolio ID
-        let portfolio_id = portfolioDropdown.val();
+        let portfolio_id = null;
+        let portfolio_selected = false;
+        // portfolio will be either readonly or a dropdown, handle both cases
+        if (portfolioDropdown.length) { // need to test length since the query will always be defined, even if not in DOM
+            // Retrieve the selected portfolio ID
+            portfolio_id = portfolioDropdown.val();
+            if (portfolio_id) {
+                portfolio_selected = true;
+            }
+        } else {
+            // get readonly field value
+            let portfolio = portfolioField.querySelector(".readonly").innerText;
+            if (portfolio != "-") {
+                portfolio_selected = true;
+            }
+        }
 
-        if (portfolio_id) {
+        if (portfolio_selected) {
             // A portfolio is selected - update suborganization dropdown and show/hide relevant fields
 
-            // Update suborganization dropdown for the selected portfolio
-            updateSubOrganizationDropdown(portfolio_id);
+            if (portfolio_id) {
+                // Update suborganization dropdown for the selected portfolio
+                updateSubOrganizationDropdown(portfolio_id);
+            }
 
             // Show fields relevant to a selected portfolio
             if (suborganizationField) showElement(suborganizationField);
@@ -468,10 +486,22 @@ export function handlePortfolioSelection(
      * This function ensures the form dynamically reflects whether a specific suborganization is being selected or requested.
      */
     function updateSuborganizationFieldsDisplay() {
-        let portfolio_id = portfolioDropdown.val();
+        let portfolio_selected = false;
+        // portfolio will be either readonly or a dropdown, handle both cases
+        if (portfolioDropdown.length) { // need to test length since the query will always be defined, even if not in DOM
+            // Retrieve the selected portfolio ID
+            if (portfolioDropdown.val()) {
+                portfolio_selected = true;
+            }
+        } else {
+            // get readonly field value
+            if (portfolioField.querySelector(".readonly").innerText != "-") {
+                portfolio_selected = true;
+            }
+        }
         let suborganization_id = suborganizationDropdown.val();
 
-        if (portfolio_id && !suborganization_id) {
+        if (portfolio_selected && !suborganization_id) {
             // Show suborganization request fields
             if (requestedSuborganizationField) showElement(requestedSuborganizationField);
             if (suborganizationCity) showElement(suborganizationCity);

From 4ac2250c084e6b851ceb073776bf9381c64d41ef Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 18 Mar 2025 11:03:51 -0400
Subject: [PATCH 210/285] fixed bug in status check in javascript on domain
 request form

---
 src/registrar/assets/src/js/getgov-admin/domain-request-form.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/assets/src/js/getgov-admin/domain-request-form.js b/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
index 16acaf91c..b9084494a 100644
--- a/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
+++ b/src/registrar/assets/src/js/getgov-admin/domain-request-form.js
@@ -383,7 +383,7 @@ class CustomizableEmailBase {
     initializeFormGroups() {
         let isStatus = false;
         if (this.statusSelect) {
-            this.statusSelect.value == this.statusToCheck;
+            isStatus = this.statusSelect.value == this.statusToCheck;
         } else {
             // statusSelect does not exist, indicating readonly
             if (this.dropdownFormGroup) {

From 4502497037aa36632b0eab735bef93904120a69b Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 18 Mar 2025 11:52:54 -0400
Subject: [PATCH 211/285] fixed javascript on readonly fields on portfolio form

---
 .../assets/src/js/getgov-admin/portfolio-form.js   | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov-admin/portfolio-form.js b/src/registrar/assets/src/js/getgov-admin/portfolio-form.js
index 2e437c520..7777dabdb 100644
--- a/src/registrar/assets/src/js/getgov-admin/portfolio-form.js
+++ b/src/registrar/assets/src/js/getgov-admin/portfolio-form.js
@@ -21,6 +21,8 @@ function handlePortfolioFields(){
     const federalTypeField = document.querySelector(".field-federal_type");
     const urbanizationField = document.querySelector(".field-urbanization");
     const stateTerritoryDropdown = document.getElementById("id_state_territory");
+    const stateTerritoryField = document.querySelector(".field-state_territory");
+    const stateTerritoryReadonly = stateTerritoryField.querySelector(".readonly");
     const seniorOfficialAddUrl = document.getElementById("senior-official-add-url").value;
     const seniorOfficialApi = document.getElementById("senior_official_from_agency_json_url").value;
     const federalPortfolioApi = document.getElementById("federal_and_portfolio_types_from_agency_json_url").value;
@@ -85,9 +87,9 @@ function handlePortfolioFields(){
      * 2. else show org name, hide federal agency, hide federal type if applicable
      */
     function handleOrganizationTypeChange() {
-        if (organizationTypeDropdown && organizationNameField) {
-            let selectedValue = organizationTypeDropdown.value;
-            if (selectedValue === "federal") {
+        if (organizationTypeField && organizationNameField) {
+            let selectedValue = organizationTypeDropdown ? organizationTypeDropdown.value : organizationTypeReadonly.innerText;
+            if (selectedValue === "federal" || selectedValue === "Federal") {
                 hideElement(organizationNameField);
                 showElement(federalAgencyField);
                 if (federalTypeField) {
@@ -207,8 +209,8 @@ function handlePortfolioFields(){
      * Handle urbanization
      */
     function handleStateTerritoryChange() {
-        let selectedValue = stateTerritoryDropdown.value;
-        if (selectedValue === "PR") {
+        let selectedValue = stateTerritoryDropdown ? stateTerritoryDropdown.value : stateTerritoryReadonly.innerText;
+        if (selectedValue === "PR" || selectedValue === "Puerto Rico (PR)") {
             showElement(urbanizationField)
         } else {
             hideElement(urbanizationField)
@@ -265,7 +267,7 @@ function handlePortfolioFields(){
      * Initializes necessary data and display configurations for the portfolio fields.
      */
     function initializePortfolioSettings() {
-        if (urbanizationField && stateTerritoryDropdown) {
+        if (urbanizationField && stateTerritoryField) {
             handleStateTerritoryChange();
         }
         handleOrganizationTypeChange();

From 1c6389be3e6e31ead737fa847be75bb346a4cdbf Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Tue, 18 Mar 2025 14:39:22 -0500
Subject: [PATCH 212/285] remove unused import

---
 src/registrar/forms/feb.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/registrar/forms/feb.py b/src/registrar/forms/feb.py
index 339151c71..160df88f9 100644
--- a/src/registrar/forms/feb.py
+++ b/src/registrar/forms/feb.py
@@ -1,8 +1,6 @@
 from django import forms
 from django.core.validators import MaxLengthValidator
 from registrar.forms.utility.wizard_form_helper import BaseDeletableRegistrarForm, BaseYesNoForm
-from registrar.models.contact import Contact
-
 
 class ExecutiveNamingRequirementsYesNoForm(BaseYesNoForm, BaseDeletableRegistrarForm):
     """

From aba6722e48d929fbfa2ebdddb73fe936f835bf5e Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Tue, 18 Mar 2025 15:01:03 -0500
Subject: [PATCH 213/285] fix migration conflicts

---
 ....py => 0144_domainrequest_eop_stakeholder_email_and_more.py} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename src/registrar/migrations/{0143_domainrequest_eop_stakeholder_email_and_more.py => 0144_domainrequest_eop_stakeholder_email_and_more.py} (93%)

diff --git a/src/registrar/migrations/0143_domainrequest_eop_stakeholder_email_and_more.py b/src/registrar/migrations/0144_domainrequest_eop_stakeholder_email_and_more.py
similarity index 93%
rename from src/registrar/migrations/0143_domainrequest_eop_stakeholder_email_and_more.py
rename to src/registrar/migrations/0144_domainrequest_eop_stakeholder_email_and_more.py
index 3cf65047c..051e9a6bd 100644
--- a/src/registrar/migrations/0143_domainrequest_eop_stakeholder_email_and_more.py
+++ b/src/registrar/migrations/0144_domainrequest_eop_stakeholder_email_and_more.py
@@ -6,7 +6,7 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("registrar", "0142_domainrequest_feb_naming_requirements_and_more"),
+        ("registrar", "142_create_groups_v18"),
     ]
 
     operations = [

From 2a7ff01905a4f309470df37410f5d6568c72179a Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 18 Mar 2025 14:31:33 -0600
Subject: [PATCH 214/285] Invert disclose logic + PR suggestions

---
 src/registrar/models/domain.py            | 23 +++++-----
 src/registrar/tests/common.py             |  7 +--
 src/registrar/tests/test_models_domain.py | 56 ++++++++++++++---------
 src/registrar/utility/enums.py            |  3 ++
 4 files changed, 52 insertions(+), 37 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 149f34907..5d1bc246a 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1681,20 +1681,19 @@ class Domain(TimeStampedModel, DomainHelper):
         """creates a disclose object that can be added to a contact Create using
         .disclose= <this function> on the command before sending.
         if item is security email then make sure email is visible"""
+        # You can find each enum here: 
+        # https://github.com/cisagov/epplib/blob/master/epplib/models/common.py#L32
         DF = epp.DiscloseField
-        disclose_fields = {"fields": {}, "flag": False}
-        if contact.contact_type == contact.ContactTypeChoices.SECURITY:
-            hidden_security_emails = [email for email in DefaultEmail]
-            disclose_fields = {
-                "fields": {DF.EMAIL},
-                "flag": contact.email not in hidden_security_emails,
-            }
+        all_disclose_fields = {field for field in DF if field != DF.NOTIFY_EMAIL}
+        disclose_fields = {"fields": all_disclose_fields, "flag": False}
+        if (
+            contact.contact_type == contact.ContactTypeChoices.SECURITY and 
+            contact.email not in [email for email in DefaultEmail]
+        ):
+            disclose_fields["fields"] -= {DF.EMAIL}
         elif contact.contact_type == contact.ContactTypeChoices.ADMINISTRATIVE:
-            disclose_fields = {
-                "fields": {DF.EMAIL, DF.VOICE, DF.ADDR},
-                "types": {DF.ADDR: "loc"},
-                "flag": True,
-            }
+            disclose_fields["fields"] -= {DF.EMAIL, DF.VOICE, DF.ADDR}
+            disclose_fields["types"] = {DF.ADDR: "loc"}
 
         logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose_fields.get("flag"))
         return epp.Disclose(**disclose_fields)  # type: ignore
diff --git a/src/registrar/tests/common.py b/src/registrar/tests/common.py
index 101be51ef..0271a2460 100644
--- a/src/registrar/tests/common.py
+++ b/src/registrar/tests/common.py
@@ -1942,16 +1942,17 @@ class MockEppLib(TestCase):
     def _convertPublicContactToEpp(
         self,
         contact: PublicContact,
-        disclose_email=False,
+        disclose=False,
         createContact=True,
         disclose_fields=None,
         disclose_types=None,
     ):
         DF = common.DiscloseField
         if disclose_fields is None:
-            disclose_fields = {DF.EMAIL}
+            fields = {DF.NOTIFY_EMAIL, DF.EMAIL}
+            disclose_fields = {field for field in DF} - fields
 
-        di = common.Disclose(flag=disclose_email, fields=disclose_fields, types=disclose_types)
+        di = common.Disclose(flag=disclose, fields=disclose_fields, types=disclose_types)
 
         # check docs here looks like we may have more than one address field but
         addr = common.ContactAddr(
diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index 400924355..018d081c9 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -722,6 +722,8 @@ class TestRegistrantContacts(MockEppLib):
         self.domain, _ = Domain.objects.get_or_create(name="security.gov")
         # Creates a domain with an associated contact
         self.domain_contact, _ = Domain.objects.get_or_create(name="freeman.gov")
+        DF = common.DiscloseField
+        self.all_disclose_fields = {field for field in DF if field != DF.NOTIFY_EMAIL}
 
     def tearDown(self):
         super().tearDown()
@@ -758,7 +760,9 @@ class TestRegistrantContacts(MockEppLib):
                 contact_type=PublicContact.ContactTypeChoices.SECURITY,
             ).registry_id
             expectedSecContact.registry_id = id
-            expectedCreateCommand = self._convertPublicContactToEpp(expectedSecContact, disclose_email=False)
+            expectedCreateCommand = self._convertPublicContactToEpp(
+                expectedSecContact, disclose=False, disclose_fields=self.all_disclose_fields
+            )
             expectedUpdateDomain = commands.UpdateDomain(
                 name=self.domain.name,
                 add=[common.DomainContact(contact=expectedSecContact.registry_id, type="security")],
@@ -788,7 +792,7 @@ class TestRegistrantContacts(MockEppLib):
             #  self.domain.security_contact=expectedSecContact
             expectedSecContact.save()
             # no longer the default email it should be disclosed
-            expectedCreateCommand = self._convertPublicContactToEpp(expectedSecContact, disclose_email=True)
+            expectedCreateCommand = self._convertPublicContactToEpp(expectedSecContact, disclose=False)
             expectedUpdateDomain = commands.UpdateDomain(
                 name=self.domain.name,
                 add=[common.DomainContact(contact=expectedSecContact.registry_id, type="security")],
@@ -813,7 +817,9 @@ class TestRegistrantContacts(MockEppLib):
             security_contact.registry_id = "fail"
             security_contact.save()
             self.domain.security_contact = security_contact
-            expectedCreateCommand = self._convertPublicContactToEpp(security_contact, disclose_email=False)
+            expectedCreateCommand = self._convertPublicContactToEpp(
+                security_contact, disclose=False, disclose_fields=self.all_disclose_fields
+            )
             expectedUpdateDomain = commands.UpdateDomain(
                 name=self.domain.name,
                 add=[common.DomainContact(contact=security_contact.registry_id, type="security")],
@@ -846,7 +852,7 @@ class TestRegistrantContacts(MockEppLib):
             new_contact.registry_id = "fail"
             new_contact.email = ""
             self.domain.security_contact = new_contact
-            firstCreateContactCall = self._convertPublicContactToEpp(old_contact, disclose_email=True)
+            firstCreateContactCall = self._convertPublicContactToEpp(old_contact, disclose=False)
             updateDomainAddCall = commands.UpdateDomain(
                 name=self.domain.name,
                 add=[common.DomainContact(contact=old_contact.registry_id, type="security")],
@@ -856,7 +862,7 @@ class TestRegistrantContacts(MockEppLib):
                 PublicContact.get_default_security().email,
             )
             # this one triggers the fail
-            secondCreateContact = self._convertPublicContactToEpp(new_contact, disclose_email=True)
+            secondCreateContact = self._convertPublicContactToEpp(new_contact, disclose=False)
             updateDomainRemCall = commands.UpdateDomain(
                 name=self.domain.name,
                 rem=[common.DomainContact(contact=old_contact.registry_id, type="security")],
@@ -864,7 +870,9 @@ class TestRegistrantContacts(MockEppLib):
             defaultSecID = PublicContact.objects.filter(domain=self.domain).get().registry_id
             default_security = PublicContact.get_default_security()
             default_security.registry_id = defaultSecID
-            createDefaultContact = self._convertPublicContactToEpp(default_security, disclose_email=False)
+            createDefaultContact = self._convertPublicContactToEpp(
+                default_security, disclose=False, disclose_fields=self.all_disclose_fields
+            )
             updateDomainWDefault = commands.UpdateDomain(
                 name=self.domain.name,
                 add=[common.DomainContact(contact=defaultSecID, type="security")],
@@ -892,15 +900,15 @@ class TestRegistrantContacts(MockEppLib):
             security_contact.email = "originalUserEmail@gmail.com"
             security_contact.registry_id = "fail"
             security_contact.save()
-            expectedCreateCommand = self._convertPublicContactToEpp(security_contact, disclose_email=True)
+            expectedCreateCommand = self._convertPublicContactToEpp(security_contact, disclose=False)
             expectedUpdateDomain = commands.UpdateDomain(
                 name=self.domain.name,
                 add=[common.DomainContact(contact=security_contact.registry_id, type="security")],
             )
             security_contact.email = "changedEmail@email.com"
             security_contact.save()
-            expectedSecondCreateCommand = self._convertPublicContactToEpp(security_contact, disclose_email=True)
-            updateContact = self._convertPublicContactToEpp(security_contact, disclose_email=True, createContact=False)
+            expectedSecondCreateCommand = self._convertPublicContactToEpp(security_contact, disclose=False)
+            updateContact = self._convertPublicContactToEpp(security_contact, disclose=False, createContact=False)
             expected_calls = [
                 call(expectedCreateCommand, cleaned=True),
                 call(expectedUpdateDomain, cleaned=True),
@@ -989,19 +997,21 @@ class TestRegistrantContacts(MockEppLib):
                 expected_contact = contact[0]
                 actual_contact = contact[1]
                 if expected_contact.contact_type == PublicContact.ContactTypeChoices.SECURITY:
+                    disclose_fields = self.all_disclose_fields - {"email"}
                     expectedCreateCommand = self._convertPublicContactToEpp(
-                        expected_contact, disclose_email=True, disclose_fields={"email"}
+                        expected_contact, disclose=False, disclose_fields=disclose_fields
                     )
                 elif expected_contact.contact_type == PublicContact.ContactTypeChoices.ADMINISTRATIVE:
+                    disclose_fields = self.all_disclose_fields - {"email", "voice", "addr"}
                     expectedCreateCommand = self._convertPublicContactToEpp(
                         expected_contact,
-                        disclose_email=True,
-                        disclose_fields={"email", "voice", "addr"},
+                        disclose=False,
+                        disclose_fields=disclose_fields,
                         disclose_types={"addr": "loc"},
                     )
                 else:
                     expectedCreateCommand = self._convertPublicContactToEpp(
-                        expected_contact, disclose_email=False, disclose_fields={}
+                        expected_contact, disclose=False, disclose_fields=self.all_disclose_fields
                     )
                 self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
                 # The emails should match on both items
@@ -1011,14 +1021,14 @@ class TestRegistrantContacts(MockEppLib):
         with less_console_noise():
             domain, _ = Domain.objects.get_or_create(name="freeman.gov")
             dummy_contact = domain.get_default_security_contact()
-            test_disclose = self._convertPublicContactToEpp(dummy_contact, disclose_email=True).__dict__
-            test_not_disclose = self._convertPublicContactToEpp(dummy_contact, disclose_email=False).__dict__
+            test_disclose = self._convertPublicContactToEpp(dummy_contact, disclose=False).__dict__
+            test_not_disclose = self._convertPublicContactToEpp(dummy_contact, disclose=False).__dict__
             # Separated for linter
-            disclose_email_field = {common.DiscloseField.EMAIL}
+            disclose_email_field = self.all_disclose_fields - {common.DiscloseField.EMAIL}
             self.maxDiff = None
             expected_disclose = {
                 "auth_info": common.ContactAuthInfo(pw="2fooBAR123fooBaz"),
-                "disclose": common.Disclose(flag=True, fields=disclose_email_field, types=None),
+                "disclose": common.Disclose(flag=False, fields=disclose_email_field, types=None),
                 "email": "help@get.gov",
                 "extensions": [],
                 "fax": None,
@@ -1081,7 +1091,7 @@ class TestRegistrantContacts(MockEppLib):
         # Create contact with multiple disclosure fields
         result = self._convertPublicContactToEpp(
             dummy_contact,
-            disclose_email=True,
+            disclose=True,
             disclose_fields={DF.EMAIL, DF.VOICE, DF.ADDR},
             disclose_types={DF.ADDR: "loc"},
         )
@@ -1096,7 +1106,7 @@ class TestRegistrantContacts(MockEppLib):
         dummy_contact = domain.get_default_security_contact()
 
         # Create contact with empty fields list
-        result = self._convertPublicContactToEpp(dummy_contact, disclose_email=True, disclose_fields={})
+        result = self._convertPublicContactToEpp(dummy_contact, disclose=True, disclose_fields={})
 
         # Verify disclosure settings
         self.assertEqual(result.disclose.flag, True)
@@ -1116,7 +1126,9 @@ class TestRegistrantContacts(MockEppLib):
             expectedSecContact.domain = domain
             expectedSecContact.registry_id = "defaultSec"
             domain.security_contact = expectedSecContact
-            expectedCreateCommand = self._convertPublicContactToEpp(expectedSecContact, disclose_email=False)
+            expectedCreateCommand = self._convertPublicContactToEpp(
+                expectedSecContact, disclose=False, disclose_fields=self.all_disclose_fields
+            )
             self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
             # Confirm that we are getting a default email
             self.assertEqual(domain.security_contact.email, expectedSecContact.email)
@@ -1135,7 +1147,7 @@ class TestRegistrantContacts(MockEppLib):
             expectedTechContact.registry_id = "defaultTech"
             domain.technical_contact = expectedTechContact
             expectedCreateCommand = self._convertPublicContactToEpp(
-                expectedTechContact, disclose_email=False, disclose_fields={}
+                expectedTechContact, disclose=False, disclose_fields=self.all_disclose_fields
             )
             self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
             # Confirm that we are getting a default email
@@ -1155,7 +1167,7 @@ class TestRegistrantContacts(MockEppLib):
             expectedSecContact.domain = domain
             expectedSecContact.email = "security@mail.gov"
             domain.security_contact = expectedSecContact
-            expectedCreateCommand = self._convertPublicContactToEpp(expectedSecContact, disclose_email=True)
+            expectedCreateCommand = self._convertPublicContactToEpp(expectedSecContact, disclose=False)
             self.mockedSendFunction.assert_any_call(expectedCreateCommand, cleaned=True)
             # Confirm that we are getting the desired email
             self.assertEqual(domain.security_contact.email, expectedSecContact.email)
diff --git a/src/registrar/utility/enums.py b/src/registrar/utility/enums.py
index 8b3aff7ad..b1bce0412 100644
--- a/src/registrar/utility/enums.py
+++ b/src/registrar/utility/enums.py
@@ -39,6 +39,9 @@ class DefaultEmail(StrEnum):
     """
 
     PUBLIC_CONTACT_DEFAULT = "help@get.gov"
+    # We used to use this email for default public contacts.
+    # This is retained for data correctness, but it will be phased out.
+    # help@get.gov is the current email that we use for these now.
     OLD_PUBLIC_CONTACT_DEFAULT = "dotgov@cisa.dhs.gov"
     LEGACY_DEFAULT = "registrar@dotgov.gov"
 

From dce762bc4a13d44019534ee5365c75fbef92c5f3 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 18 Mar 2025 14:47:01 -0600
Subject: [PATCH 215/285] Update domain.py

---
 src/registrar/models/domain.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 5d1bc246a..9b784059a 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1685,7 +1685,7 @@ class Domain(TimeStampedModel, DomainHelper):
         # https://github.com/cisagov/epplib/blob/master/epplib/models/common.py#L32
         DF = epp.DiscloseField
         all_disclose_fields = {field for field in DF if field != DF.NOTIFY_EMAIL}
-        disclose_fields = {"fields": all_disclose_fields, "flag": False}
+        disclose_fields = {"fields": all_disclose_fields, "flag": False, "types": {DF.ADDR: "loc"}}
         if (
             contact.contact_type == contact.ContactTypeChoices.SECURITY and 
             contact.email not in [email for email in DefaultEmail]

From 3b45083fccaeb22df60588e417605cda82ee6a9d Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 18 Mar 2025 15:00:26 -0600
Subject: [PATCH 216/285] Exclude unused disclosefields

---
 src/registrar/models/domain.py            | 3 ++-
 src/registrar/tests/test_models_domain.py | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 9b784059a..ac96c91c6 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1684,7 +1684,8 @@ class Domain(TimeStampedModel, DomainHelper):
         # You can find each enum here: 
         # https://github.com/cisagov/epplib/blob/master/epplib/models/common.py#L32
         DF = epp.DiscloseField
-        all_disclose_fields = {field for field in DF if field != DF.NOTIFY_EMAIL}
+        excluded_disclose_fields = {DF.NOTIFY_EMAIL, DF.VAT, DF.IDENT}
+        all_disclose_fields = {field for field in DF if field not in excluded_disclose_fields}
         disclose_fields = {"fields": all_disclose_fields, "flag": False, "types": {DF.ADDR: "loc"}}
         if (
             contact.contact_type == contact.ContactTypeChoices.SECURITY and 
diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index 018d081c9..1038d2e2d 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -723,7 +723,8 @@ class TestRegistrantContacts(MockEppLib):
         # Creates a domain with an associated contact
         self.domain_contact, _ = Domain.objects.get_or_create(name="freeman.gov")
         DF = common.DiscloseField
-        self.all_disclose_fields = {field for field in DF if field != DF.NOTIFY_EMAIL}
+        excluded_disclose_fields = {DF.NOTIFY_EMAIL, DF.VAT, DF.IDENT}
+        self.all_disclose_fields = {field for field in DF if field not in excluded_disclose_fields}
 
     def tearDown(self):
         super().tearDown()

From ec143ac92c1a1a087d5ec5b80d4452ea1f459ca8 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 18 Mar 2025 15:26:29 -0600
Subject: [PATCH 217/285] lint and fix tests

---
 src/registrar/models/domain.py            | 12 +++++-------
 src/registrar/tests/common.py             |  5 ++++-
 src/registrar/tests/test_models_domain.py | 15 ++++++++-------
 3 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index ac96c91c6..a6a834775 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1681,20 +1681,18 @@ class Domain(TimeStampedModel, DomainHelper):
         """creates a disclose object that can be added to a contact Create using
         .disclose= <this function> on the command before sending.
         if item is security email then make sure email is visible"""
-        # You can find each enum here: 
+        # You can find each enum here:
         # https://github.com/cisagov/epplib/blob/master/epplib/models/common.py#L32
         DF = epp.DiscloseField
         excluded_disclose_fields = {DF.NOTIFY_EMAIL, DF.VAT, DF.IDENT}
-        all_disclose_fields = {field for field in DF if field not in excluded_disclose_fields}
+        all_disclose_fields = {field for field in DF} - excluded_disclose_fields
         disclose_fields = {"fields": all_disclose_fields, "flag": False, "types": {DF.ADDR: "loc"}}
-        if (
-            contact.contact_type == contact.ContactTypeChoices.SECURITY and 
-            contact.email not in [email for email in DefaultEmail]
-        ):
+        if contact.contact_type == contact.ContactTypeChoices.SECURITY and contact.email not in [
+            email for email in DefaultEmail
+        ]:
             disclose_fields["fields"] -= {DF.EMAIL}
         elif contact.contact_type == contact.ContactTypeChoices.ADMINISTRATIVE:
             disclose_fields["fields"] -= {DF.EMAIL, DF.VOICE, DF.ADDR}
-            disclose_fields["types"] = {DF.ADDR: "loc"}
 
         logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose_fields.get("flag"))
         return epp.Disclose(**disclose_fields)  # type: ignore
diff --git a/src/registrar/tests/common.py b/src/registrar/tests/common.py
index 0271a2460..e2fb9097f 100644
--- a/src/registrar/tests/common.py
+++ b/src/registrar/tests/common.py
@@ -1949,9 +1949,12 @@ class MockEppLib(TestCase):
     ):
         DF = common.DiscloseField
         if disclose_fields is None:
-            fields = {DF.NOTIFY_EMAIL, DF.EMAIL}
+            fields = {DF.NOTIFY_EMAIL, DF.VAT, DF.IDENT, DF.EMAIL}
             disclose_fields = {field for field in DF} - fields
 
+        if disclose_types is None:
+            disclose_types = {DF.ADDR: "loc"}
+
         di = common.Disclose(flag=disclose, fields=disclose_fields, types=disclose_types)
 
         # check docs here looks like we may have more than one address field but
diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index 1038d2e2d..5c5b36640 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -724,7 +724,7 @@ class TestRegistrantContacts(MockEppLib):
         self.domain_contact, _ = Domain.objects.get_or_create(name="freeman.gov")
         DF = common.DiscloseField
         excluded_disclose_fields = {DF.NOTIFY_EMAIL, DF.VAT, DF.IDENT}
-        self.all_disclose_fields = {field for field in DF if field not in excluded_disclose_fields}
+        self.all_disclose_fields = {field for field in DF} - excluded_disclose_fields
 
     def tearDown(self):
         super().tearDown()
@@ -1026,10 +1026,10 @@ class TestRegistrantContacts(MockEppLib):
             test_not_disclose = self._convertPublicContactToEpp(dummy_contact, disclose=False).__dict__
             # Separated for linter
             disclose_email_field = self.all_disclose_fields - {common.DiscloseField.EMAIL}
-            self.maxDiff = None
+            DF = common.DiscloseField
             expected_disclose = {
                 "auth_info": common.ContactAuthInfo(pw="2fooBAR123fooBaz"),
-                "disclose": common.Disclose(flag=False, fields=disclose_email_field, types=None),
+                "disclose": common.Disclose(flag=False, fields=disclose_email_field, types={DF.ADDR: "loc"}),
                 "email": "help@get.gov",
                 "extensions": [],
                 "fax": None,
@@ -1054,7 +1054,7 @@ class TestRegistrantContacts(MockEppLib):
             # Separated for linter
             expected_not_disclose = {
                 "auth_info": common.ContactAuthInfo(pw="2fooBAR123fooBaz"),
-                "disclose": common.Disclose(flag=False, fields=disclose_email_field, types=None),
+                "disclose": common.Disclose(flag=False, fields=disclose_email_field, types={DF.ADDR: "loc"}),
                 "email": "help@get.gov",
                 "extensions": [],
                 "fax": None,
@@ -1094,11 +1094,11 @@ class TestRegistrantContacts(MockEppLib):
             dummy_contact,
             disclose=True,
             disclose_fields={DF.EMAIL, DF.VOICE, DF.ADDR},
-            disclose_types={DF.ADDR: "loc"},
+            disclose_types={},
         )
         self.assertEqual(result.disclose.flag, True)
         self.assertEqual(result.disclose.fields, {DF.EMAIL, DF.VOICE, DF.ADDR})
-        self.assertEqual(result.disclose.types, {DF.ADDR: "loc"})
+        self.assertEqual(result.disclose.types, {})
 
     @less_console_noise_decorator
     def test_convert_public_contact_with_empty_fields(self):
@@ -1110,9 +1110,10 @@ class TestRegistrantContacts(MockEppLib):
         result = self._convertPublicContactToEpp(dummy_contact, disclose=True, disclose_fields={})
 
         # Verify disclosure settings
+        DF = common.DiscloseField
         self.assertEqual(result.disclose.flag, True)
         self.assertEqual(result.disclose.fields, {})
-        self.assertIsNone(result.disclose.types)
+        self.assertEqual(result.disclose.types, {DF.ADDR: "loc"})
 
     def test_not_disclosed_on_default_security_contact(self):
         """

From 774333a0efe4eea77b3f0d1419cbcb505d33f87a Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 18 Mar 2025 15:34:40 -0600
Subject: [PATCH 218/285] Update domain.py

---
 src/registrar/models/domain.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index a6a834775..6d700b884 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -880,6 +880,7 @@ class Domain(TimeStampedModel, DomainHelper):
         which inturn call this function)
         Will throw error if contact type is not the same as expectType
         Raises ValueError if expected type doesn't match the contact type"""
+
         if expectedType != contact.contact_type:
             raise ValueError("Cannot set a contact with a different contact type, expected type was %s" % expectedType)
 
@@ -892,7 +893,6 @@ class Domain(TimeStampedModel, DomainHelper):
         duplicate_contacts = PublicContact.objects.exclude(registry_id=contact.registry_id).filter(
             domain=self, contact_type=contact.contact_type
         )
-
         # if no record exists with this contact type
         # make contact in registry, duplicate and errors handled there
         errorCode = self._make_contact_in_registry(contact)
@@ -1690,9 +1690,9 @@ class Domain(TimeStampedModel, DomainHelper):
         if contact.contact_type == contact.ContactTypeChoices.SECURITY and contact.email not in [
             email for email in DefaultEmail
         ]:
-            disclose_fields["fields"] -= {DF.EMAIL}
+            disclose_fields["fields"] -= {DF.EMAIL}  # type: ignore
         elif contact.contact_type == contact.ContactTypeChoices.ADMINISTRATIVE:
-            disclose_fields["fields"] -= {DF.EMAIL, DF.VOICE, DF.ADDR}
+            disclose_fields["fields"] -= {DF.EMAIL, DF.VOICE, DF.ADDR}  # type: ignore
 
         logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose_fields.get("flag"))
         return epp.Disclose(**disclose_fields)  # type: ignore

From 5de32b640732c2811d0aad2ccc541bba15233129 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Tue, 18 Mar 2025 18:54:00 -0400
Subject: [PATCH 219/285] Middleware router logs

---
 src/registrar/config/settings.py              |  2 +
 src/registrar/registrar_middleware.py         | 28 +++++++++++
 .../tests/test_middleware_logging.py          | 49 +++++++++++++++++++
 3 files changed, 79 insertions(+)
 create mode 100644 src/registrar/tests/test_middleware_logging.py

diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py
index acd319ee5..92c2b2d61 100644
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@@ -203,6 +203,8 @@ MIDDLEWARE = [
     "registrar.registrar_middleware.CheckPortfolioMiddleware",
     # Restrict access using Opt-Out approach
     "registrar.registrar_middleware.RestrictAccessMiddleware",
+    # Our own router logs that included user info to speed up log tracing time on stable
+    "registrar.registrar_middleware.RequestLoggingMiddleware",
 ]
 
 # application object used by Django's built-in servers (e.g. `runserver`)
diff --git a/src/registrar/registrar_middleware.py b/src/registrar/registrar_middleware.py
index 8c9c79876..36be3cd39 100644
--- a/src/registrar/registrar_middleware.py
+++ b/src/registrar/registrar_middleware.py
@@ -222,3 +222,31 @@ class RestrictAccessMiddleware:
             raise PermissionDenied  # Deny access if the view lacks explicit permission handling
 
         return self.get_response(request)
+
+
+class RequestLoggingMiddleware:
+    """
+    Middleware to log user email, remote address, and request path.
+    """
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+
+        # Only log in production (stable)
+        if getattr(settings, "IS_PRODUCTION", False):
+            # Get user email (if authenticated), else "Anonymous"
+            user_email = request.user.email if request.user.is_authenticated else "Anonymous"
+
+            # Get remote IP address
+            remote_ip = request.META.get("REMOTE_ADDR", "Unknown IP")
+
+            # Get request path
+            request_path = request.path
+
+            # Log user information
+            logger.info(f"Router log | User: {user_email} | IP: {remote_ip} | Path: {request_path}")
+
+        return response
diff --git a/src/registrar/tests/test_middleware_logging.py b/src/registrar/tests/test_middleware_logging.py
new file mode 100644
index 000000000..deb19a4f0
--- /dev/null
+++ b/src/registrar/tests/test_middleware_logging.py
@@ -0,0 +1,49 @@
+from django.test import TestCase, RequestFactory, override_settings
+from unittest.mock import patch, MagicMock
+from django.conf import settings
+from django.contrib.auth.models import AnonymousUser, User
+
+from registrar.registrar_middleware import RequestLoggingMiddleware
+
+
+class RequestLoggingMiddlewareTest(TestCase):
+    """Test 'our' middleware logging."""
+
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.get_response_mock = MagicMock()
+        self.middleware = RequestLoggingMiddleware(self.get_response_mock)
+
+    @override_settings(IS_PRODUCTION=True)  # Scopes change to this test only
+    @patch("logging.Logger.info")
+    def test_logging_enabled_in_production(self, mock_logger):
+        """Test that logging occurs when IS_PRODUCTION is True"""
+        request = self.factory.get("/test-path", **{"REMOTE_ADDR": "Unknown IP"})  # Override IP
+        request.user = User(username="testuser", email="testuser@example.com")
+
+        self.middleware(request)  # Call middleware
+
+        mock_logger.assert_called_once_with(
+            "Router log | User: testuser@example.com | IP: Unknown IP | Path: /test-path"
+        )
+
+    @patch("logging.Logger.info")
+    def test_logging_disabled_in_non_production(self, mock_logger):
+        """Test that logging does not occur when IS_PRODUCTION is False"""
+        request = self.factory.get("/test-path")
+        request.user = User(username="testuser", email="testuser@example.com")
+
+        self.middleware(request)  # Call middleware
+
+        mock_logger.assert_not_called()  # Ensure no logs are generated
+
+    @override_settings(IS_PRODUCTION=True)  # Scopes change to this test only
+    @patch("logging.Logger.info")
+    def test_logging_anonymous_user(self, mock_logger):
+        """Test logging for an anonymous user"""
+        request = self.factory.get("/anonymous-path", **{"REMOTE_ADDR": "Unknown IP"})  # Override IP
+        request.user = AnonymousUser()  # Simulate an anonymous user
+
+        self.middleware(request)  # Call middleware
+
+        mock_logger.assert_called_once_with("Router log | User: Anonymous | IP: Unknown IP | Path: /anonymous-path")

From ae405c9652a36720324ca4e5d91660e0890fe857 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Tue, 18 Mar 2025 19:03:34 -0400
Subject: [PATCH 220/285] lint

---
 src/registrar/tests/test_middleware_logging.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/registrar/tests/test_middleware_logging.py b/src/registrar/tests/test_middleware_logging.py
index deb19a4f0..d84c25af5 100644
--- a/src/registrar/tests/test_middleware_logging.py
+++ b/src/registrar/tests/test_middleware_logging.py
@@ -1,6 +1,5 @@
 from django.test import TestCase, RequestFactory, override_settings
 from unittest.mock import patch, MagicMock
-from django.conf import settings
 from django.contrib.auth.models import AnonymousUser, User
 
 from registrar.registrar_middleware import RequestLoggingMiddleware

From 443abedd748610d542d71d3f4c77d4fa13e187b3 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Wed, 19 Mar 2025 07:14:55 -0400
Subject: [PATCH 221/285] fixed hatch marks

---
 src/registrar/templates/domain_dsdata.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 468844654..6a4e2cbed 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -48,7 +48,7 @@
 
   <p>In order to enable DNSSEC, you must first configure it with your DNS provider.</p>
 
-  <p>Click "Add DS data" and enter the values given by your DNS provider for DS (Delegation Signer) data.</p>
+  <p>Click “Add DS data” and enter the values given by your DNS provider for DS (Delegation Signer) data.</p>
 
   {% comment %}
   This template supports the rendering of three different DS data forms, conditionally displayed:

From c375656f9d1321c81f7183aa72e2df76a3bf7c1f Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Wed, 19 Mar 2025 07:27:58 -0400
Subject: [PATCH 222/285] move required fields display in ds data and
 nameservers

---
 src/registrar/templates/domain_dsdata.html    | 106 +++++++++---------
 .../templates/domain_nameservers.html         |  91 +++++++--------
 2 files changed, 100 insertions(+), 97 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 6a4e2cbed..5ed48d9d5 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -274,64 +274,66 @@
     DS records defined on the domain.
     {% endcomment %} 
 
-    <section class="add-dsdata-form display-none section-outlined">
+    <div class="add-dsdata-form display-none">
       {% include "includes/required_fields.html" %} 
-      <form class="usa-form usa-form--extra-large" method="post" novalidate>
-        <h2>Add DS record</h2>
-        {% csrf_token %}
-        {{ formset.management_form }}
-        {% for form in formset %}
-        <div class="repeatable-form">
-          <div class="grid-row grid-gap-2 flex-end">
-            <div class="tablet:grid-col-4">
-              {% with sublabel_text="Numbers (0-9) only." %}
-                {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
-                  {% input_with_errors form.key_tag %}
-                {% endwith %}
-              {% endwith %}
-            </div>
-            <div class="tablet:grid-col-4">
-              {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
-                {% input_with_errors form.algorithm %}
-              {% endwith %}
-            </div>
-            <div class="tablet:grid-col-4">
-              {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
-                {% input_with_errors form.digest_type %}
-              {% endwith %}
-            </div>
-          </div>
-    
-          <div class="grid-row">
-            <div class="grid-col">
-              {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
-                {% with hide_character_count=True %}
+      <section class="section-outlined">
+        <form class="usa-form usa-form--extra-large" method="post" novalidate>
+          <h2>Add DS record</h2>
+          {% csrf_token %}
+          {{ formset.management_form }}
+          {% for form in formset %}
+          <div class="repeatable-form">
+            <div class="grid-row grid-gap-2 flex-end">
+              <div class="tablet:grid-col-4">
+                {% with sublabel_text="Numbers (0-9) only." %}
                   {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
-                    {% input_with_errors form.digest %}
+                    {% input_with_errors form.key_tag %}
                   {% endwith %}
                 {% endwith %}
-              {% endwith %}
+              </div>
+              <div class="tablet:grid-col-4">
+                {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                  {% input_with_errors form.algorithm %}
+                {% endwith %}
+              </div>
+              <div class="tablet:grid-col-4">
+                {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                  {% input_with_errors form.digest_type %}
+                {% endwith %}
+              </div>
+            </div>
+    
+            <div class="grid-row">
+              <div class="grid-col">
+                {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
+                  {% with hide_character_count=True %}
+                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error" %}
+                      {% input_with_errors form.digest %}
+                    {% endwith %}
+                  {% endwith %}
+                {% endwith %}
+              </div>
             </div>
           </div>
-        </div>
-        {% endfor %}
-        <div class="margin-top-2">
-          <button
-            type="button"
-            class="usa-button usa-button--outline dsdata-cancel-add-form"
-            name="btn-cancel-click"
-            aria-label="Reset the data in the DS records to the registry state (undo changes)"
-          >Cancel
-          </button>
-          <button
-            id="save-ds-data"
-            type="submit"
-            class="usa-button"
-          >Save
-          </button>
-        </div>
-      </form>
-    </section>
+          {% endfor %}
+          <div class="margin-top-2">
+            <button
+              type="button"
+              class="usa-button usa-button--outline dsdata-cancel-add-form"
+              name="btn-cancel-click"
+              aria-label="Reset the data in the DS records to the registry state (undo changes)"
+            >Cancel
+            </button>
+            <button
+              id="save-ds-data"
+              type="submit"
+              class="usa-button"
+            >Save
+            </button>
+          </div>
+        </form>
+      </section>
+    </div>
   {% endif %}
 
   <a
diff --git a/src/registrar/templates/domain_nameservers.html b/src/registrar/templates/domain_nameservers.html
index b6314ea5f..a94ebbd82 100644
--- a/src/registrar/templates/domain_nameservers.html
+++ b/src/registrar/templates/domain_nameservers.html
@@ -240,57 +240,58 @@
     This section renders Add New Nameservers form which renders when there are no existing
     nameservers defined on the domain.
     {% endcomment %} 
-       
-    <section class="add-nameservers-form display-none section-outlined">
+    <div class="add-nameservers-form display-none">   
       {% include "includes/required_fields.html" %} 
-      <form class="usa-form usa-form--extra-large" method="post" novalidate>
-        <h2>Add name servers</h2>
-        {% csrf_token %}
-        {{ formset.management_form }}
-        {% for form in formset %}
-        {{ form.domain }}
-        <div class="repeatable-form">
-          <div class="grid-row grid-gap-2 flex-end minh-143px">
-            <div class="tablet:grid-col-6">
-              {% with sublabel_text="Example: ns"|concat:forloop.counter|concat:".example.com" add_group_class="usa-form-group--unstyled-error margin-top-2" %}
-                {% if forloop.counter <= 2 %}
-                  {# span_for_text will wrap the copy in s <span>, which we'll use in the JS for this component #}
-                  {% with attr_required=True add_initial_value_attr=True span_for_text=True %}
-                    {% input_with_errors form.server %}
-                  {% endwith %}
-                {% else %}
-                  {% with span_for_text=True add_initial_value_attr=True %}
-                    {% input_with_errors form.server %}
+      <section class="section-outlined">
+        <form class="usa-form usa-form--extra-large" method="post" novalidate>
+          <h2>Add name servers</h2>
+          {% csrf_token %}
+          {{ formset.management_form }}
+          {% for form in formset %}
+          {{ form.domain }}
+          <div class="repeatable-form">
+            <div class="grid-row grid-gap-2 flex-end minh-143px">
+              <div class="tablet:grid-col-6">
+                {% with sublabel_text="Example: ns"|concat:forloop.counter|concat:".example.com" add_group_class="usa-form-group--unstyled-error margin-top-2" %}
+                  {% if forloop.counter <= 2 %}
+                    {# span_for_text will wrap the copy in s <span>, which we'll use in the JS for this component #}
+                    {% with attr_required=True add_initial_value_attr=True span_for_text=True %}
+                      {% input_with_errors form.server %}
                     {% endwith %}
-                {% endif %}
-              {% endwith %}
-            </div>
-            <div class="tablet:grid-col-6">
-              {% with attr_required=True add_initial_value_attr=True label_text=form.ip.label sublabel_text="Example: 86.124.49.54 or 2001:db8::1234:5678" add_aria_label="Name server "|concat:forloop.counter|concat:" "|concat:form.ip.label add_group_class="usa-form-group--unstyled-error margin-top-2" %}
-                {% input_with_errors form.ip %}
-              {% endwith %}
+                  {% else %}
+                    {% with span_for_text=True add_initial_value_attr=True %}
+                      {% input_with_errors form.server %}
+                      {% endwith %}
+                  {% endif %}
+                {% endwith %}
+              </div>
+              <div class="tablet:grid-col-6">
+                {% with attr_required=True add_initial_value_attr=True label_text=form.ip.label sublabel_text="Example: 86.124.49.54 or 2001:db8::1234:5678" add_aria_label="Name server "|concat:forloop.counter|concat:" "|concat:form.ip.label add_group_class="usa-form-group--unstyled-error margin-top-2" %}
+                  {% input_with_errors form.ip %}
+                {% endwith %}
+              </div>
             </div>
           </div>
-        </div>
-        {% endfor %}
+          {% endfor %}
           
-        <div class="margin-top-2">
-          <button
-            type="button"
-            class="usa-button usa-button--outline nameserver-cancel-add-form"
-            name="btn-cancel-click"
-            aria-label="Reset the data in the name server form to the registry state (undo changes)"
-          >Cancel
-          </button>
-          <button
-                type="submit"
-                class="usa-button"
-            >Save
-          </button>
-        </div>
-      </form>
+          <div class="margin-top-2">
+            <button
+              type="button"
+              class="usa-button usa-button--outline nameserver-cancel-add-form"
+              name="btn-cancel-click"
+              aria-label="Reset the data in the name server form to the registry state (undo changes)"
+            >Cancel
+            </button>
+            <button
+                  type="submit"
+                  class="usa-button"
+              >Save
+            </button>
+          </div>
+        </form>
 
-    </section>
+      </section>
+    </div>
 
   {% endif %}
 

From 22dd563d6182b75e727b694cf3fe36526998402e Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Wed, 19 Mar 2025 08:14:34 -0400
Subject: [PATCH 223/285] fixed bug in js removing error class on cancel

---
 src/registrar/assets/src/js/getgov/form-helpers.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/registrar/assets/src/js/getgov/form-helpers.js b/src/registrar/assets/src/js/getgov/form-helpers.js
index 7a9b0c38f..6c1d37d57 100644
--- a/src/registrar/assets/src/js/getgov/form-helpers.js
+++ b/src/registrar/assets/src/js/getgov/form-helpers.js
@@ -43,6 +43,11 @@ export function removeErrorsFromElement(domElement) {
     domElement.querySelectorAll("select.usa-input--error").forEach(select => {
         select.classList.remove("usa-input--error");
     });
+
+    // Remove the 'usa-input--error' class from all textarea elements
+    domElement.querySelectorAll("textarea.usa-input--error").forEach(textarea => {
+        textarea.classList.remove("usa-input--error");
+    });
 }
 
 /**

From a059f13e36984be5bd0a2a564c24d615b389ad97 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 19 Mar 2025 07:48:42 -0600
Subject: [PATCH 224/285] Update src/registrar/models/domain.py

Co-authored-by: Alysia <109625347+allly-b@users.noreply.github.com>
---
 src/registrar/models/domain.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 6d700b884..faa9ec6b6 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1678,7 +1678,7 @@ class Domain(TimeStampedModel, DomainHelper):
         return help_text
 
     def _disclose_fields(self, contact: PublicContact):
-        """creates a disclose object that can be added to a contact Create using
+        """creates a disclose object that can be added to a contact Create or Update using
         .disclose= <this function> on the command before sending.
         if item is security email then make sure email is visible"""
         # You can find each enum here:

From 08b28399e362bed9eb6f2cfdbc278be090cb0a8e Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 19 Mar 2025 08:45:12 -0600
Subject: [PATCH 225/285] Some PR suggestions

Still awaiting on the DF.NAME field
---
 src/registrar/models/domain.py            | 44 +++++++++++++++++------
 src/registrar/models/public_contact.py    |  8 -----
 src/registrar/tests/test_models_domain.py |  4 +--
 src/registrar/utility/csv_export.py       |  2 +-
 src/registrar/utility/enums.py            |  5 +++
 src/registrar/views/domain.py             |  6 ++--
 6 files changed, 44 insertions(+), 25 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index faa9ec6b6..e5afbc0e5 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -971,6 +971,24 @@ class Domain(TimeStampedModel, DomainHelper):
         logger.info("making technical contact")
         self._set_singleton_contact(contact, expectedType=contact.ContactTypeChoices.TECHNICAL)
 
+    def print_contact_info_epp(self, contact: PublicContact):
+        """Prints registry data for this PublicContact for easier debugging"""
+        results = self._request_contact_info(contact, get_result_as_dict=True)
+        logger.info(f"EPP info for {contact.display_contact_type()}:")
+        logger.info("---------------------")
+        for key, value in results.items():
+            logger.info(f"{key}: {value}")
+
+    def print_all_domain_contact_info_epp(self):
+        """Prints registry data for this domains security, registrant, technical, and administrative contacts."""
+        logger.info(f"Contact info for {self}:")
+        logger.info("=====================")
+
+        contacts = [self.security_contact, self.registrant_contact, self.technical_contact, self.administrative_contact]
+        for contact_type, contact in contacts:
+            if contact:
+                self.print_contact_info_epp(contact)
+
     def is_active(self) -> bool:
         """Currently just returns if the state is created,
         because then it should be live, theoretically.
@@ -1684,18 +1702,22 @@ class Domain(TimeStampedModel, DomainHelper):
         # You can find each enum here:
         # https://github.com/cisagov/epplib/blob/master/epplib/models/common.py#L32
         DF = epp.DiscloseField
-        excluded_disclose_fields = {DF.NOTIFY_EMAIL, DF.VAT, DF.IDENT}
-        all_disclose_fields = {field for field in DF} - excluded_disclose_fields
-        disclose_fields = {"fields": all_disclose_fields, "flag": False, "types": {DF.ADDR: "loc"}}
-        if contact.contact_type == contact.ContactTypeChoices.SECURITY and contact.email not in [
-            email for email in DefaultEmail
-        ]:
-            disclose_fields["fields"] -= {DF.EMAIL}  # type: ignore
-        elif contact.contact_type == contact.ContactTypeChoices.ADMINISTRATIVE:
-            disclose_fields["fields"] -= {DF.EMAIL, DF.VOICE, DF.ADDR}  # type: ignore
+        all_disclose_fields = {field for field in DF}
+        disclose_args = {"fields": all_disclose_fields, "flag": False, "types": {DF.ADDR: "loc"}}
 
-        logger.info("Updated domain contact %s to disclose: %s", contact.email, disclose_fields.get("flag"))
-        return epp.Disclose(**disclose_fields)  # type: ignore
+        fields_to_remove = {DF.NOTIFY_EMAIL, DF.VAT, DF.IDENT}
+        if contact.contact_type == contact.ContactTypeChoices.SECURITY:
+            if contact.email not in DefaultEmail.get_all_emails():
+                fields_to_remove.add(DF.EMAIL)
+        elif contact.contact_type == contact.ContactTypeChoices.ADMINISTRATIVE:
+            fields_to_remove.update({DF.EMAIL, DF.VOICE, DF.ADDR})
+
+        disclose_fields = disclose_args["fields"]
+        for field in fields_to_remove:
+            disclose_fields.remove(field)
+
+        logger.debug("Updated domain contact %s to disclose: %s", contact.email, disclose_args.get("flag"))
+        return epp.Disclose(**disclose_args)  # type: ignore
 
     def _make_epp_contact_postal_info(self, contact: PublicContact):  # type: ignore
         return epp.PostalInfo(  # type: ignore
diff --git a/src/registrar/models/public_contact.py b/src/registrar/models/public_contact.py
index d3167960d..58ad5be92 100644
--- a/src/registrar/models/public_contact.py
+++ b/src/registrar/models/public_contact.py
@@ -91,14 +91,6 @@ class PublicContact(TimeStampedModel):
     )
     pw = models.CharField(null=False, help_text="Contact's authorization code. 16 characters minimum.")
 
-    def print_contact_info_epp(self):
-        """Prints registry data for this PublicContact for easier debugging"""
-        results = self.domain._request_contact_info(self, get_result_as_dict=True)
-        logger.info("Contact Info from EPP:")
-        logger.info("=====================")
-        for key, value in results.items():
-            logger.info(f"{key}: {value}")
-
     @classmethod
     def get_default_registrant(cls):
         return cls(
diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index 5c5b36640..22dee5c04 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -1107,12 +1107,12 @@ class TestRegistrantContacts(MockEppLib):
         dummy_contact = domain.get_default_security_contact()
 
         # Create contact with empty fields list
-        result = self._convertPublicContactToEpp(dummy_contact, disclose=True, disclose_fields={})
+        result = self._convertPublicContactToEpp(dummy_contact, disclose=True, disclose_fields={DF.EMAIL})
 
         # Verify disclosure settings
         DF = common.DiscloseField
         self.assertEqual(result.disclose.flag, True)
-        self.assertEqual(result.disclose.fields, {})
+        self.assertEqual(result.disclose.fields, {DF.EMAIL})
         self.assertEqual(result.disclose.types, {DF.ADDR: "loc"})
 
     def test_not_disclosed_on_default_security_contact(self):
diff --git a/src/registrar/utility/csv_export.py b/src/registrar/utility/csv_export.py
index 5660cb41d..7f06a4f44 100644
--- a/src/registrar/utility/csv_export.py
+++ b/src/registrar/utility/csv_export.py
@@ -740,7 +740,7 @@ class DomainExport(BaseExport):
             domain_type = f"{human_readable_domain_org_type} - {human_readable_domain_federal_type}"
 
         security_contact_email = model.get("security_contact_email")
-        invalid_emails = [email for email in DefaultEmail]
+        invalid_emails = DefaultEmail.get_all_emails()
         if (
             not security_contact_email
             or not isinstance(security_contact_email, str)
diff --git a/src/registrar/utility/enums.py b/src/registrar/utility/enums.py
index b1bce0412..fca5202d7 100644
--- a/src/registrar/utility/enums.py
+++ b/src/registrar/utility/enums.py
@@ -45,6 +45,11 @@ class DefaultEmail(StrEnum):
     OLD_PUBLIC_CONTACT_DEFAULT = "dotgov@cisa.dhs.gov"
     LEGACY_DEFAULT = "registrar@dotgov.gov"
 
+    @classmethod
+    def get_all_emails(cls):
+        return [email for email in cls]
+
+
 
 class DefaultUserValues(StrEnum):
     """Stores default values for a default user.
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index 0b13dda69..863d36bf5 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -398,7 +398,7 @@ class DomainView(DomainBaseView):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
 
-        default_emails = [email for email in DefaultEmail]
+        default_emails = DefaultEmail.get_all_emails()
 
         context["hidden_security_emails"] = default_emails
 
@@ -456,7 +456,7 @@ class DomainRenewalView(DomainBaseView):
 
         context = super().get_context_data(**kwargs)
 
-        default_emails = [email for email in DefaultEmail]
+        default_emails = DefaultEmail.get_all_emails()
 
         context["hidden_security_emails"] = default_emails
 
@@ -1166,7 +1166,7 @@ class DomainSecurityEmailView(DomainFormBaseView):
         initial = super().get_initial()
         security_contact = self.object.security_contact
 
-        invalid_emails = [email for email in DefaultEmail]
+        invalid_emails = DefaultEmail.get_all_emails()
         if security_contact is None or security_contact.email in invalid_emails:
             initial["security_email"] = None
             return initial

From 557f8cab5a2ba9d644394d96431996876e44d804 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 19 Mar 2025 10:52:57 -0600
Subject: [PATCH 226/285] Update domain.py

---
 src/registrar/models/domain.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index e5afbc0e5..40ef65199 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -985,7 +985,7 @@ class Domain(TimeStampedModel, DomainHelper):
         logger.info("=====================")
 
         contacts = [self.security_contact, self.registrant_contact, self.technical_contact, self.administrative_contact]
-        for contact_type, contact in contacts:
+        for contact in contacts:
             if contact:
                 self.print_contact_info_epp(contact)
 

From b0bcaff2eee159da86a3688c1d337b2ba218bcb8 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 19 Mar 2025 10:55:04 -0600
Subject: [PATCH 227/285] Update domain.py

---
 src/registrar/models/domain.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 40ef65199..6fa90e862 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -974,7 +974,7 @@ class Domain(TimeStampedModel, DomainHelper):
     def print_contact_info_epp(self, contact: PublicContact):
         """Prints registry data for this PublicContact for easier debugging"""
         results = self._request_contact_info(contact, get_result_as_dict=True)
-        logger.info(f"EPP info for {contact.display_contact_type()}:")
+        logger.info(f"EPP info for {contact.contact_type}:")
         logger.info("---------------------")
         for key, value in results.items():
             logger.info(f"{key}: {value}")

From b48b6fc572548946a162581e9edcb95ce4cb4030 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 19 Mar 2025 11:10:04 -0600
Subject: [PATCH 228/285] Fix unit test

---
 src/registrar/models/domain.py            | 2 +-
 src/registrar/tests/test_models_domain.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 6fa90e862..fbe7fef90 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -974,6 +974,7 @@ class Domain(TimeStampedModel, DomainHelper):
     def print_contact_info_epp(self, contact: PublicContact):
         """Prints registry data for this PublicContact for easier debugging"""
         results = self._request_contact_info(contact, get_result_as_dict=True)
+        logger.info("---------------------")
         logger.info(f"EPP info for {contact.contact_type}:")
         logger.info("---------------------")
         for key, value in results.items():
@@ -983,7 +984,6 @@ class Domain(TimeStampedModel, DomainHelper):
         """Prints registry data for this domains security, registrant, technical, and administrative contacts."""
         logger.info(f"Contact info for {self}:")
         logger.info("=====================")
-
         contacts = [self.security_contact, self.registrant_contact, self.technical_contact, self.administrative_contact]
         for contact in contacts:
             if contact:
diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index 22dee5c04..5ca32140c 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -1106,11 +1106,11 @@ class TestRegistrantContacts(MockEppLib):
         domain, _ = Domain.objects.get_or_create(name="freeman.gov")
         dummy_contact = domain.get_default_security_contact()
 
+        DF = common.DiscloseField
         # Create contact with empty fields list
         result = self._convertPublicContactToEpp(dummy_contact, disclose=True, disclose_fields={DF.EMAIL})
 
         # Verify disclosure settings
-        DF = common.DiscloseField
         self.assertEqual(result.disclose.flag, True)
         self.assertEqual(result.disclose.fields, {DF.EMAIL})
         self.assertEqual(result.disclose.types, {DF.ADDR: "loc"})

From 2739a9b59b663d28d56c791344a801daea9c684c Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 13:12:30 -0400
Subject: [PATCH 229/285] UI tweaks

---
 src/registrar/assets/src/sass/_theme/_base.scss   | 8 ++++++++
 src/registrar/assets/src/sass/_theme/_tables.scss | 2 +-
 src/registrar/templates/domain_dsdata.html        | 8 ++++----
 src/registrar/templates/domain_nameservers.html   | 4 ++--
 4 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/src/registrar/assets/src/sass/_theme/_base.scss b/src/registrar/assets/src/sass/_theme/_base.scss
index 37c429ae9..1541f1c9d 100644
--- a/src/registrar/assets/src/sass/_theme/_base.scss
+++ b/src/registrar/assets/src/sass/_theme/_base.scss
@@ -79,6 +79,10 @@ body {
   }
 }
 
+.section-outlined--extra-padding {
+  padding: units(2) units(3) units(3);
+}
+
 .section-outlined--border-base-light {
   border: 1px solid color('base-light');
 }
@@ -296,6 +300,10 @@ Fit-content itself does not work.
   width: 40%;
 }
 
+.width-100px {
+  width: 100px;
+}
+
 .minh-143px {
   min-height: 143px;
 }
diff --git a/src/registrar/assets/src/sass/_theme/_tables.scss b/src/registrar/assets/src/sass/_theme/_tables.scss
index 7c3dc0513..0bfe792b3 100644
--- a/src/registrar/assets/src/sass/_theme/_tables.scss
+++ b/src/registrar/assets/src/sass/_theme/_tables.scss
@@ -7,7 +7,7 @@ th {
 
 .dotgov-table--stacked {
   td, th {
-    padding: units(1) units(2) units(2px) 0;
+    padding: units(1) units(1) units(2px) 0;
     border: none;
   }
 
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 5ed48d9d5..d76684e82 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -71,7 +71,7 @@
         {% if forloop.last %}
 
           {% comment %}This section renders the Add DS data form.{% endcomment %}
-          <section class="add-dsdata-form display-none section-outlined">
+          <section class="add-dsdata-form display-none section-outlined section-outlined--extra-padding">
             <h2 class="margin-top-0">Add DS record</h2>
             <div class="repeatable-form">
               <div class="grid-row grid-gap-2 flex-end">
@@ -123,13 +123,13 @@
         {% endif %}
       {% endfor %}
 
-      <div class="margin-top-4" tabindex="0" id="domains__table-wrapper">
+      <div class="usa-table-container--scrollable margin-top-4" tabindex="0">
         <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="dsdata-table">
           <thead>
             <tr>
               <th scope="col" role="columnheader">Key tag</th>
               <th scope="col" role="columnheader">Algorithm</th>
-              <th scope="col" role="columnheader">Digest type</th>
+              <th scope="col" role="columnheader" class="width-100px">Digest type</th>
               <th scope="col" role="columnheader">Digest</th>
               <th scope="col" role="columnheader" class="width-0 padding-right-0">Action</th>
             </tr>
@@ -276,7 +276,7 @@
 
     <div class="add-dsdata-form display-none">
       {% include "includes/required_fields.html" %} 
-      <section class="section-outlined">
+      <section class="section-outlined section-outlined--extra-padding">
         <form class="usa-form usa-form--extra-large" method="post" novalidate>
           <h2>Add DS record</h2>
           {% csrf_token %}
diff --git a/src/registrar/templates/domain_nameservers.html b/src/registrar/templates/domain_nameservers.html
index a94ebbd82..3cf88a2b9 100644
--- a/src/registrar/templates/domain_nameservers.html
+++ b/src/registrar/templates/domain_nameservers.html
@@ -82,7 +82,7 @@
           This section does not render if the last form has initial data (this occurs if 13 nameservers already exist)
           {% endcomment %}
 
-          <section class="add-nameservers-form display-none section-outlined">
+          <section class="add-nameservers-form display-none section-outlined section-outlined--extra-padding">
             {{ form.domain }}
             <h2>Add a name server</h2>
             <div class="repeatable-form">
@@ -242,7 +242,7 @@
     {% endcomment %} 
     <div class="add-nameservers-form display-none">   
       {% include "includes/required_fields.html" %} 
-      <section class="section-outlined">
+      <section class="section-outlined section-outlined--extra-padding">
         <form class="usa-form usa-form--extra-large" method="post" novalidate>
           <h2>Add name servers</h2>
           {% csrf_token %}

From ecaa855b8649b153937148fd8439ac6eae514dee Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 19 Mar 2025 11:14:27 -0600
Subject: [PATCH 230/285] lint!

---
 src/registrar/utility/enums.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/registrar/utility/enums.py b/src/registrar/utility/enums.py
index fca5202d7..6c2649eec 100644
--- a/src/registrar/utility/enums.py
+++ b/src/registrar/utility/enums.py
@@ -50,7 +50,6 @@ class DefaultEmail(StrEnum):
         return [email for email in cls]
 
 
-
 class DefaultUserValues(StrEnum):
     """Stores default values for a default user.
 

From 7c690ebc65525616f556b869310b2c22209b7a49 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 19 Mar 2025 11:19:18 -0600
Subject: [PATCH 231/285] use difference update

---
 src/registrar/models/domain.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index fbe7fef90..33c358d24 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1712,9 +1712,7 @@ class Domain(TimeStampedModel, DomainHelper):
         elif contact.contact_type == contact.ContactTypeChoices.ADMINISTRATIVE:
             fields_to_remove.update({DF.EMAIL, DF.VOICE, DF.ADDR})
 
-        disclose_fields = disclose_args["fields"]
-        for field in fields_to_remove:
-            disclose_fields.remove(field)
+        disclose_args["fields"].difference_update(fields_to_remove)
 
         logger.debug("Updated domain contact %s to disclose: %s", contact.email, disclose_args.get("flag"))
         return epp.Disclose(**disclose_args)  # type: ignore

From 117797a4b12bde19b091d3662c8646e0d9d118d5 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 19 Mar 2025 11:20:37 -0600
Subject: [PATCH 232/285] Update domain.py

---
 src/registrar/models/domain.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index 33c358d24..b054afb5b 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1712,7 +1712,7 @@ class Domain(TimeStampedModel, DomainHelper):
         elif contact.contact_type == contact.ContactTypeChoices.ADMINISTRATIVE:
             fields_to_remove.update({DF.EMAIL, DF.VOICE, DF.ADDR})
 
-        disclose_args["fields"].difference_update(fields_to_remove)
+        disclose_args["fields"].difference_update(fields_to_remove)  # type: ignore
 
         logger.debug("Updated domain contact %s to disclose: %s", contact.email, disclose_args.get("flag"))
         return epp.Disclose(**disclose_args)  # type: ignore

From 305f6c4767bbc1c4239c69b3aa9b82aa5d105cef Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Wed, 19 Mar 2025 12:21:10 -0500
Subject: [PATCH 233/285] fix migration typo

---
 .../0144_domainrequest_eop_stakeholder_email_and_more.py        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/migrations/0144_domainrequest_eop_stakeholder_email_and_more.py b/src/registrar/migrations/0144_domainrequest_eop_stakeholder_email_and_more.py
index 051e9a6bd..138ce98ac 100644
--- a/src/registrar/migrations/0144_domainrequest_eop_stakeholder_email_and_more.py
+++ b/src/registrar/migrations/0144_domainrequest_eop_stakeholder_email_and_more.py
@@ -6,7 +6,7 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("registrar", "142_create_groups_v18"),
+        ("registrar", "143_create_groups_v18"),
     ]
 
     operations = [

From f682274cd0234f57004c14fd728b78aa463168ae Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 13:22:10 -0400
Subject: [PATCH 234/285] remove responsive wrapper

---
 src/registrar/templates/domain_dsdata.html | 262 ++++++++++-----------
 1 file changed, 130 insertions(+), 132 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index d76684e82..8e4152033 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -123,148 +123,146 @@
         {% endif %}
       {% endfor %}
 
-      <div class="usa-table-container--scrollable margin-top-4" tabindex="0">
-        <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="dsdata-table">
-          <thead>
-            <tr>
-              <th scope="col" role="columnheader">Key tag</th>
-              <th scope="col" role="columnheader">Algorithm</th>
-              <th scope="col" role="columnheader" class="width-100px">Digest type</th>
-              <th scope="col" role="columnheader">Digest</th>
-              <th scope="col" role="columnheader" class="width-0 padding-right-0">Action</th>
-            </tr>
-          </thead>
-          <tbody>
-            {% for form in formset %}
-              {% if not forloop.last or form.initial %}
+      <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked margin-top-4" id="dsdata-table">
+        <thead>
+          <tr>
+            <th scope="col" role="columnheader">Key tag</th>
+            <th scope="col" role="columnheader">Algorithm</th>
+            <th scope="col" role="columnheader" class="width-100px">Digest type</th>
+            <th scope="col" role="columnheader">Digest</th>
+            <th scope="col" role="columnheader" class="width-0 padding-right-0">Action</th>
+          </tr>
+        </thead>
+        <tbody>
+          {% for form in formset %}
+            {% if not forloop.last or form.initial %}
 
-                {% comment %}
-                This section renders table rows for each existing DS data records. Two rows are rendered, a readonly row
-                and an edit row. Only one of which is displayed at a time.
-                {% endcomment %}
-                
-                <!-- Readonly row -->
-                <tr>
-                  <td>{{ form.key_tag.value }}</td>
-                  <td>
-                    <span class="ellipsis ellipsis--15">
-                      {% for value, label in form.algorithm.field.choices %}
-                        {% if value|stringformat:"s" == form.algorithm.value|stringformat:"s" %}
-                          {{ label }}
-                        {% endif %}
-                      {% endfor %}
-                    </span>
-                  </td>
-                  <td>
-                    {% for value, label in form.digest_type.field.choices %}
-                      {% if value|stringformat:"s" == form.digest_type.value|stringformat:"s" %}
+              {% comment %}
+              This section renders table rows for each existing DS data records. Two rows are rendered, a readonly row
+              and an edit row. Only one of which is displayed at a time.
+              {% endcomment %}
+              
+              <!-- Readonly row -->
+              <tr>
+                <td>{{ form.key_tag.value }}</td>
+                <td>
+                  <span class="ellipsis ellipsis--15">
+                    {% for value, label in form.algorithm.field.choices %}
+                      {% if value|stringformat:"s" == form.algorithm.value|stringformat:"s" %}
                         {{ label }}
                       {% endif %}
                     {% endfor %}
-                  </td>
-                  <td>
-                    <span class="ellipsis ellipsis--23">{{ form.digest.value }}</span>
-                  </td>
-                  <td class="padding-right-0">
-                    <div class="tablet:display-flex tablet:flex-row">
-                      <button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 dsdata-edit'>
-                        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
-                          <use xlink:href="/public/img/sprite.svg#edit"></use>
-                        </svg>
-                        Edit <span class="usa-sr-only">DS record {{forloop.counter}}</span>
-                      </button>
+                  </span>
+                </td>
+                <td>
+                  {% for value, label in form.digest_type.field.choices %}
+                    {% if value|stringformat:"s" == form.digest_type.value|stringformat:"s" %}
+                      {{ label }}
+                    {% endif %}
+                  {% endfor %}
+                </td>
+                <td>
+                  <span class="ellipsis ellipsis--23">{{ form.digest.value }}</span>
+                </td>
+                <td class="padding-right-0">
+                  <div class="tablet:display-flex tablet:flex-row">
+                    <button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 dsdata-edit'>
+                      <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
+                        <use xlink:href="/public/img/sprite.svg#edit"></use>
+                      </svg>
+                      Edit <span class="usa-sr-only">DS record {{forloop.counter}}</span>
+                    </button>
 
-                      <a 
-                        role="button" 
-                        id="button-trigger-delete-dsdata-{{ forloop.counter }}"
-                        class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex dsdata-delete-kebab"
-                      >
-                        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
-                          <use xlink:href="/public/img/sprite.svg#delete"></use>
-                        </svg>
-                        Delete
-                      </a>
+                    <a 
+                      role="button" 
+                      id="button-trigger-delete-dsdata-{{ forloop.counter }}"
+                      class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex dsdata-delete-kebab"
+                    >
+                      <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
+                        <use xlink:href="/public/img/sprite.svg#delete"></use>
+                      </svg>
+                      Delete
+                    </a>
 
-                      <div class="usa-accordion usa-accordion--more-actions margin-right-2 hidden-mobile-flex">
-                        <div class="usa-accordion__heading">
-                          <button
-                            type="button"
-                            class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-0"
-                            aria-expanded="false"
-                            aria-controls="more-actions-dsdata-{{ forloop.counter }}"
-                            aria-label="More Actions for DS record {{ forloop.counter }}"
-                          >
-                            <svg class="usa-icon top-2px" aria-hidden="true" focusable="false" role="img" width="24">
-                              <use xlink:href="/public/img/sprite.svg#more_vert"></use>
-                            </svg>
-                          </button>
-                        </div>
-                        <div id="more-actions-dsdata-{{ forloop.counter }}" class="usa-accordion__content usa-prose shadow-1 left-auto right-neg-1" hidden>
-                          <h2>More options</h2>
-                          <button 
-                            type="button" 
-                            class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary dsdata-delete-kebab"
-                            name="btn-delete-kebab-click"
-                            aria-label="Delete DS record {{ forloop.counter }} from the registry"
-                          >
-                            Delete
-                          </button>
-                        </div>
+                    <div class="usa-accordion usa-accordion--more-actions margin-right-2 hidden-mobile-flex">
+                      <div class="usa-accordion__heading">
+                        <button
+                          type="button"
+                          class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-0"
+                          aria-expanded="false"
+                          aria-controls="more-actions-dsdata-{{ forloop.counter }}"
+                          aria-label="More Actions for DS record {{ forloop.counter }}"
+                        >
+                          <svg class="usa-icon top-2px" aria-hidden="true" focusable="false" role="img" width="24">
+                            <use xlink:href="/public/img/sprite.svg#more_vert"></use>
+                          </svg>
+                        </button>
+                      </div>
+                      <div id="more-actions-dsdata-{{ forloop.counter }}" class="usa-accordion__content usa-prose shadow-1 left-auto right-neg-1" hidden>
+                        <h2>More options</h2>
+                        <button 
+                          type="button" 
+                          class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary dsdata-delete-kebab"
+                          name="btn-delete-kebab-click"
+                          aria-label="Delete DS record {{ forloop.counter }} from the registry"
+                        >
+                          Delete
+                        </button>
                       </div>
                     </div>
-                  </td>
-                </tr>
-                <!-- Edit row -->
-                <tr class="edit-row display-none">
-                  <td class="text-bottom">
-                    {% with sublabel_text="Numbers (0-9) only." %}
-                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
-                        {% input_with_errors form.key_tag %}
-                      {% endwith %}
-                    {% endwith %}
-                  </td>
-                  <td class="text-bottom">
+                  </div>
+                </td>
+              </tr>
+              <!-- Edit row -->
+              <tr class="edit-row display-none">
+                <td class="text-bottom">
+                  {% with sublabel_text="Numbers (0-9) only." %}
                     {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
-                        {% input_with_errors form.algorithm %}
-                      {% endwith %}
-                  </td>
-                  <td class="text-bottom">
-                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
-                        {% input_with_errors form.digest_type %}
-                      {% endwith %}
-                  </td>
-                  <td class="text-bottom">
-                    {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
-                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
-                        {% input_with_errors form.digest %}
-                      {% endwith %}
+                      {% input_with_errors form.key_tag %}
                     {% endwith %}
-                  </td>
-                  <td class="padding-right-0 text-bottom">
-                    <button class="usa-button usa-button--unstyled display-block margin-top-1" type="submit">Save</button>
-                    
-                    <button
-                          type="button"
-                          class="usa-button usa-button--unstyled display-block dsdata-cancel"
-                          name="btn-cancel-click"
-                          aria-label="Reset the data in the DS record form to the registry state (undo changes)"
-                      >Cancel
-                    </button>
-                    <button
-                          type="button"
-                          class="usa-button usa-button--unstyled display-block text-secondary dsdata-delete"
-                          name="btn-delete-click"
-                          aria-label="Delete the DS record from the registry"
-                      >Delete
-                    </button>
-                    <div class="display-none">{{ form.DELETE }}</div>
-                  </td>
-                </tr>
-              {% endif %}
-            {% endfor %}
-          </tbody>
-        </table>
-      </div>
+                  {% endwith %}
+                </td>
+                <td class="text-bottom">
+                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
+                      {% input_with_errors form.algorithm %}
+                    {% endwith %}
+                </td>
+                <td class="text-bottom">
+                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
+                      {% input_with_errors form.digest_type %}
+                    {% endwith %}
+                </td>
+                <td class="text-bottom">
+                  {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
+                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
+                      {% input_with_errors form.digest %}
+                    {% endwith %}
+                  {% endwith %}
+                </td>
+                <td class="padding-right-0 text-bottom">
+                  <button class="usa-button usa-button--unstyled display-block margin-top-1" type="submit">Save</button>
+                  
+                  <button
+                        type="button"
+                        class="usa-button usa-button--unstyled display-block dsdata-cancel"
+                        name="btn-cancel-click"
+                        aria-label="Reset the data in the DS record form to the registry state (undo changes)"
+                    >Cancel
+                  </button>
+                  <button
+                        type="button"
+                        class="usa-button usa-button--unstyled display-block text-secondary dsdata-delete"
+                        name="btn-delete-click"
+                        aria-label="Delete the DS record from the registry"
+                    >Delete
+                  </button>
+                  <div class="display-none">{{ form.DELETE }}</div>
+                </td>
+              </tr>
+            {% endif %}
+          {% endfor %}
+        </tbody>
+      </table>
     </form>
 
   {% else %}

From e4f29788883e5f2ccf59b14d5300d386bb82c1a2 Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Wed, 19 Mar 2025 12:22:45 -0500
Subject: [PATCH 235/285] linter fixes

---
 src/registrar/forms/feb.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/registrar/forms/feb.py b/src/registrar/forms/feb.py
index 160df88f9..2dabbff0d 100644
--- a/src/registrar/forms/feb.py
+++ b/src/registrar/forms/feb.py
@@ -2,6 +2,7 @@ from django import forms
 from django.core.validators import MaxLengthValidator
 from registrar.forms.utility.wizard_form_helper import BaseDeletableRegistrarForm, BaseYesNoForm
 
+
 class ExecutiveNamingRequirementsYesNoForm(BaseYesNoForm, BaseDeletableRegistrarForm):
     """
     Form for verifying if the domain request meets the Federal Executive Branch domain naming requirements.

From 05926a7ac46bc0c29001c50b09056e06cd303327 Mon Sep 17 00:00:00 2001
From: matthewswspence <Matthewswspence@gmail.com>
Date: Wed, 19 Mar 2025 12:26:10 -0500
Subject: [PATCH 236/285] another migration fix

---
 .../0144_domainrequest_eop_stakeholder_email_and_more.py        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/migrations/0144_domainrequest_eop_stakeholder_email_and_more.py b/src/registrar/migrations/0144_domainrequest_eop_stakeholder_email_and_more.py
index 138ce98ac..b23b6c107 100644
--- a/src/registrar/migrations/0144_domainrequest_eop_stakeholder_email_and_more.py
+++ b/src/registrar/migrations/0144_domainrequest_eop_stakeholder_email_and_more.py
@@ -6,7 +6,7 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("registrar", "143_create_groups_v18"),
+        ("registrar", "0143_create_groups_v18"),
     ]
 
     operations = [

From 90b02b7432cd0d2f45dffc9ac303cbce0e881a70 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 14:17:13 -0400
Subject: [PATCH 237/285] Reponsive table

---
 src/registrar/templates/domain_dsdata.html | 260 +++++++++++----------
 1 file changed, 131 insertions(+), 129 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 8e4152033..c154c096c 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -123,146 +123,148 @@
         {% endif %}
       {% endfor %}
 
-      <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked margin-top-4" id="dsdata-table">
-        <thead>
-          <tr>
-            <th scope="col" role="columnheader">Key tag</th>
-            <th scope="col" role="columnheader">Algorithm</th>
-            <th scope="col" role="columnheader" class="width-100px">Digest type</th>
-            <th scope="col" role="columnheader">Digest</th>
-            <th scope="col" role="columnheader" class="width-0 padding-right-0">Action</th>
-          </tr>
-        </thead>
-        <tbody>
-          {% for form in formset %}
-            {% if not forloop.last or form.initial %}
+      <div class="usa-table-container--scrollable usa-table-container--override-overflow margin-top-4" tabindex="0">
+        <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="dsdata-table">
+          <thead>
+            <tr>
+              <th scope="col" role="columnheader">Key tag</th>
+              <th scope="col" role="columnheader">Algorithm</th>
+              <th scope="col" role="columnheader" class="width-100px">Digest type</th>
+              <th scope="col" role="columnheader">Digest</th>
+              <th scope="col" role="columnheader" class="width-0 padding-right-0">Action</th>
+            </tr>
+          </thead>
+          <tbody>
+            {% for form in formset %}
+              {% if not forloop.last or form.initial %}
 
-              {% comment %}
-              This section renders table rows for each existing DS data records. Two rows are rendered, a readonly row
-              and an edit row. Only one of which is displayed at a time.
-              {% endcomment %}
-              
-              <!-- Readonly row -->
-              <tr>
-                <td>{{ form.key_tag.value }}</td>
-                <td>
-                  <span class="ellipsis ellipsis--15">
-                    {% for value, label in form.algorithm.field.choices %}
-                      {% if value|stringformat:"s" == form.algorithm.value|stringformat:"s" %}
+                {% comment %}
+                This section renders table rows for each existing DS data records. Two rows are rendered, a readonly row
+                and an edit row. Only one of which is displayed at a time.
+                {% endcomment %}
+                
+                <!-- Readonly row -->
+                <tr>
+                  <td>{{ form.key_tag.value }}</td>
+                  <td>
+                    <span class="ellipsis ellipsis--15">
+                      {% for value, label in form.algorithm.field.choices %}
+                        {% if value|stringformat:"s" == form.algorithm.value|stringformat:"s" %}
+                          {{ label }}
+                        {% endif %}
+                      {% endfor %}
+                    </span>
+                  </td>
+                  <td>
+                    {% for value, label in form.digest_type.field.choices %}
+                      {% if value|stringformat:"s" == form.digest_type.value|stringformat:"s" %}
                         {{ label }}
                       {% endif %}
                     {% endfor %}
-                  </span>
-                </td>
-                <td>
-                  {% for value, label in form.digest_type.field.choices %}
-                    {% if value|stringformat:"s" == form.digest_type.value|stringformat:"s" %}
-                      {{ label }}
-                    {% endif %}
-                  {% endfor %}
-                </td>
-                <td>
-                  <span class="ellipsis ellipsis--23">{{ form.digest.value }}</span>
-                </td>
-                <td class="padding-right-0">
-                  <div class="tablet:display-flex tablet:flex-row">
-                    <button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 dsdata-edit'>
-                      <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
-                        <use xlink:href="/public/img/sprite.svg#edit"></use>
-                      </svg>
-                      Edit <span class="usa-sr-only">DS record {{forloop.counter}}</span>
-                    </button>
+                  </td>
+                  <td>
+                    <span class="ellipsis ellipsis--23">{{ form.digest.value }}</span>
+                  </td>
+                  <td class="padding-right-0">
+                    <div class="tablet:display-flex tablet:flex-row">
+                      <button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 dsdata-edit'>
+                        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
+                          <use xlink:href="/public/img/sprite.svg#edit"></use>
+                        </svg>
+                        Edit <span class="usa-sr-only">DS record {{forloop.counter}}</span>
+                      </button>
 
-                    <a 
-                      role="button" 
-                      id="button-trigger-delete-dsdata-{{ forloop.counter }}"
-                      class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex dsdata-delete-kebab"
-                    >
-                      <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
-                        <use xlink:href="/public/img/sprite.svg#delete"></use>
-                      </svg>
-                      Delete
-                    </a>
+                      <a 
+                        role="button" 
+                        id="button-trigger-delete-dsdata-{{ forloop.counter }}"
+                        class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex dsdata-delete-kebab"
+                      >
+                        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
+                          <use xlink:href="/public/img/sprite.svg#delete"></use>
+                        </svg>
+                        Delete
+                      </a>
 
-                    <div class="usa-accordion usa-accordion--more-actions margin-right-2 hidden-mobile-flex">
-                      <div class="usa-accordion__heading">
-                        <button
-                          type="button"
-                          class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-0"
-                          aria-expanded="false"
-                          aria-controls="more-actions-dsdata-{{ forloop.counter }}"
-                          aria-label="More Actions for DS record {{ forloop.counter }}"
-                        >
-                          <svg class="usa-icon top-2px" aria-hidden="true" focusable="false" role="img" width="24">
-                            <use xlink:href="/public/img/sprite.svg#more_vert"></use>
-                          </svg>
-                        </button>
-                      </div>
-                      <div id="more-actions-dsdata-{{ forloop.counter }}" class="usa-accordion__content usa-prose shadow-1 left-auto right-neg-1" hidden>
-                        <h2>More options</h2>
-                        <button 
-                          type="button" 
-                          class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary dsdata-delete-kebab"
-                          name="btn-delete-kebab-click"
-                          aria-label="Delete DS record {{ forloop.counter }} from the registry"
-                        >
-                          Delete
-                        </button>
+                      <div class="usa-accordion usa-accordion--more-actions margin-right-2 hidden-mobile-flex">
+                        <div class="usa-accordion__heading">
+                          <button
+                            type="button"
+                            class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-0"
+                            aria-expanded="false"
+                            aria-controls="more-actions-dsdata-{{ forloop.counter }}"
+                            aria-label="More Actions for DS record {{ forloop.counter }}"
+                          >
+                            <svg class="usa-icon top-2px" aria-hidden="true" focusable="false" role="img" width="24">
+                              <use xlink:href="/public/img/sprite.svg#more_vert"></use>
+                            </svg>
+                          </button>
+                        </div>
+                        <div id="more-actions-dsdata-{{ forloop.counter }}" class="usa-accordion__content usa-prose shadow-1 left-auto right-neg-1" hidden>
+                          <h2>More options</h2>
+                          <button 
+                            type="button" 
+                            class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary dsdata-delete-kebab"
+                            name="btn-delete-kebab-click"
+                            aria-label="Delete DS record {{ forloop.counter }} from the registry"
+                          >
+                            Delete
+                          </button>
+                        </div>
                       </div>
                     </div>
-                  </div>
-                </td>
-              </tr>
-              <!-- Edit row -->
-              <tr class="edit-row display-none">
-                <td class="text-bottom">
-                  {% with sublabel_text="Numbers (0-9) only." %}
+                  </td>
+                </tr>
+                <!-- Edit row -->
+                <tr class="edit-row display-none">
+                  <td class="text-bottom">
+                    {% with sublabel_text="Numbers (0-9) only." %}
+                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
+                        {% input_with_errors form.key_tag %}
+                      {% endwith %}
+                    {% endwith %}
+                  </td>
+                  <td class="text-bottom">
                     {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
-                      {% input_with_errors form.key_tag %}
-                    {% endwith %}
-                  {% endwith %}
-                </td>
-                <td class="text-bottom">
-                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
-                      {% input_with_errors form.algorithm %}
-                    {% endwith %}
-                </td>
-                <td class="text-bottom">
-                  {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
-                      {% input_with_errors form.digest_type %}
-                    {% endwith %}
-                </td>
-                <td class="text-bottom">
-                  {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
+                        {% input_with_errors form.algorithm %}
+                      {% endwith %}
+                  </td>
+                  <td class="text-bottom">
                     {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
-                      {% input_with_errors form.digest %}
+                        {% input_with_errors form.digest_type %}
+                      {% endwith %}
+                  </td>
+                  <td class="text-bottom">
+                    {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
+                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
+                        {% input_with_errors form.digest %}
+                      {% endwith %}
                     {% endwith %}
-                  {% endwith %}
-                </td>
-                <td class="padding-right-0 text-bottom">
-                  <button class="usa-button usa-button--unstyled display-block margin-top-1" type="submit">Save</button>
-                  
-                  <button
-                        type="button"
-                        class="usa-button usa-button--unstyled display-block dsdata-cancel"
-                        name="btn-cancel-click"
-                        aria-label="Reset the data in the DS record form to the registry state (undo changes)"
-                    >Cancel
-                  </button>
-                  <button
-                        type="button"
-                        class="usa-button usa-button--unstyled display-block text-secondary dsdata-delete"
-                        name="btn-delete-click"
-                        aria-label="Delete the DS record from the registry"
-                    >Delete
-                  </button>
-                  <div class="display-none">{{ form.DELETE }}</div>
-                </td>
-              </tr>
-            {% endif %}
-          {% endfor %}
-        </tbody>
-      </table>
+                  </td>
+                  <td class="padding-right-0 text-bottom">
+                    <button class="usa-button usa-button--unstyled display-block margin-top-1" type="submit">Save</button>
+                    
+                    <button
+                          type="button"
+                          class="usa-button usa-button--unstyled display-block dsdata-cancel"
+                          name="btn-cancel-click"
+                          aria-label="Reset the data in the DS record form to the registry state (undo changes)"
+                      >Cancel
+                    </button>
+                    <button
+                          type="button"
+                          class="usa-button usa-button--unstyled display-block text-secondary dsdata-delete"
+                          name="btn-delete-click"
+                          aria-label="Delete the DS record from the registry"
+                      >Delete
+                    </button>
+                    <div class="display-none">{{ form.DELETE }}</div>
+                  </td>
+                </tr>
+              {% endif %}
+            {% endfor %}
+          </tbody>
+        </table>
+      </div>
     </form>
 
   {% else %}

From d3abcbc174fc376e4c40adec045dea87695bb727 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 17:27:31 -0400
Subject: [PATCH 238/285] Fix responsive table

---
 src/registrar/assets/src/sass/_theme/_base.scss   |  1 -
 src/registrar/assets/src/sass/_theme/_forms.scss  |  7 +++++++
 src/registrar/assets/src/sass/_theme/_tables.scss | 11 ++++-------
 src/registrar/templates/domain_dsdata.html        |  2 +-
 4 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/registrar/assets/src/sass/_theme/_base.scss b/src/registrar/assets/src/sass/_theme/_base.scss
index 1541f1c9d..69b387926 100644
--- a/src/registrar/assets/src/sass/_theme/_base.scss
+++ b/src/registrar/assets/src/sass/_theme/_base.scss
@@ -307,4 +307,3 @@ Fit-content itself does not work.
 .minh-143px {
   min-height: 143px;
 }
-
diff --git a/src/registrar/assets/src/sass/_theme/_forms.scss b/src/registrar/assets/src/sass/_theme/_forms.scss
index 670a69136..75430d27d 100644
--- a/src/registrar/assets/src/sass/_theme/_forms.scss
+++ b/src/registrar/assets/src/sass/_theme/_forms.scss
@@ -79,3 +79,10 @@ legend.float-left-tablet + button.float-right-tablet {
 .bg-gray-1 .usa-radio {
   background: color('gray-1');
 }
+
+.usa-textarea--digest {
+  max-height: 4rem;
+  min-width: 13rem;
+  resize: none;
+  overflow: hidden;
+}
diff --git a/src/registrar/assets/src/sass/_theme/_tables.scss b/src/registrar/assets/src/sass/_theme/_tables.scss
index 0bfe792b3..816d63887 100644
--- a/src/registrar/assets/src/sass/_theme/_tables.scss
+++ b/src/registrar/assets/src/sass/_theme/_tables.scss
@@ -165,11 +165,8 @@ th {
   .usa-table-container--scrollable.usa-table-container--override-overflow {
       overflow-y: visible;
   }
-}
 
-.usa-textarea--digest {
-  max-height: 4rem;
-  min-width: 13rem;
-  resize: none;
-  overflow: hidden;
-}
\ No newline at end of file
+  .usa-table-container--override-scrollable td {
+    white-space: normal;
+  }
+}
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index c154c096c..d9dde3ac0 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -123,7 +123,7 @@
         {% endif %}
       {% endfor %}
 
-      <div class="usa-table-container--scrollable usa-table-container--override-overflow margin-top-4" tabindex="0">
+      <div class="usa-table-container--scrollable usa-table-container--override-overflow usa-table-container--override-scrollable margin-top-4" tabindex="0">
         <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="dsdata-table">
           <thead>
             <tr>

From b03be4f9c7dd85526835873bcf9cfdaa71728a84 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 17:31:09 -0400
Subject: [PATCH 239/285] vertical align bottom

---
 src/registrar/assets/src/sass/_theme/_base.scss |  4 ----
 src/registrar/templates/domain_dsdata.html      | 10 +++++-----
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/src/registrar/assets/src/sass/_theme/_base.scss b/src/registrar/assets/src/sass/_theme/_base.scss
index 69b387926..4389c5a0d 100644
--- a/src/registrar/assets/src/sass/_theme/_base.scss
+++ b/src/registrar/assets/src/sass/_theme/_base.scss
@@ -300,10 +300,6 @@ Fit-content itself does not work.
   width: 40%;
 }
 
-.width-100px {
-  width: 100px;
-}
-
 .minh-143px {
   min-height: 143px;
 }
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index d9dde3ac0..b04b5e446 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -127,11 +127,11 @@
         <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="dsdata-table">
           <thead>
             <tr>
-              <th scope="col" role="columnheader">Key tag</th>
-              <th scope="col" role="columnheader">Algorithm</th>
-              <th scope="col" role="columnheader" class="width-100px">Digest type</th>
-              <th scope="col" role="columnheader">Digest</th>
-              <th scope="col" role="columnheader" class="width-0 padding-right-0">Action</th>
+              <th scope="col" role="columnheader" class="text-bottom">Key tag</th>
+              <th scope="col" role="columnheader" class="text-bottom">Algorithm</th>
+              <th scope="col" role="columnheader"  class="text-bottom">Digest type</th>
+              <th scope="col" role="columnheader" class="text-bottom">Digest</th>
+              <th scope="col" role="columnheader" class="text-bottom width-0 padding-right-0">Action</th>
             </tr>
           </thead>
           <tbody>

From 8793072a4d91acd51a2404b3a0cfd4cda717ad2a Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 17:37:04 -0400
Subject: [PATCH 240/285] Cleanup css

---
 src/registrar/assets/src/sass/_theme/_containers.scss | 9 +++++----
 src/registrar/assets/src/sass/_theme/_tables.scss     | 8 +++++++-
 src/registrar/templates/domain_dsdata.html            | 2 +-
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/src/registrar/assets/src/sass/_theme/_containers.scss b/src/registrar/assets/src/sass/_theme/_containers.scss
index 213389fc0..928020721 100644
--- a/src/registrar/assets/src/sass/_theme/_containers.scss
+++ b/src/registrar/assets/src/sass/_theme/_containers.scss
@@ -15,6 +15,11 @@
       padding-left: $widescreen-x-padding !important;
       padding-right: $widescreen-x-padding !important;
     }
+
+    // Accomodate sideanv + table layouts
+    .grid-col--sidenav {
+      max-width: 230px;
+    }
 }
 
 // matches max-width to equal the max-width of .grid-container
@@ -24,7 +29,3 @@
 .max-width--grid-container {
   max-width: 1024px;
 }
-
-.grid-col--sidenav {
-  max-width: 230px;
-}
\ No newline at end of file
diff --git a/src/registrar/assets/src/sass/_theme/_tables.scss b/src/registrar/assets/src/sass/_theme/_tables.scss
index 816d63887..ec635b64e 100644
--- a/src/registrar/assets/src/sass/_theme/_tables.scss
+++ b/src/registrar/assets/src/sass/_theme/_tables.scss
@@ -7,7 +7,7 @@ th {
 
 .dotgov-table--stacked {
   td, th {
-    padding: units(1) units(1) units(2px) 0;
+    padding: units(1) units(2) units(2px) 0;
     border: none;
   }
 
@@ -142,6 +142,12 @@ th {
   }
 }
 
+.dotgov-table--cell-padding-1-1-2px-0 {
+  td, th {
+    padding: units(1) units(1) units(2px) 0;
+  }
+}
+
 .usa-table--striped tbody tr:nth-child(odd) th,
 .usa-table--striped tbody tr:nth-child(odd) td {
   background-color: color('primary-lightest');
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index b04b5e446..d754ea6bc 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -124,7 +124,7 @@
       {% endfor %}
 
       <div class="usa-table-container--scrollable usa-table-container--override-overflow usa-table-container--override-scrollable margin-top-4" tabindex="0">
-        <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="dsdata-table">
+        <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked dotgov-table--cell-padding-1-1-2px-0" id="dsdata-table">
           <thead>
             <tr>
               <th scope="col" role="columnheader" class="text-bottom">Key tag</th>

From 32f50cfec432c0a5e84e456ba425cfce2e1b04cd Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 17:47:59 -0400
Subject: [PATCH 241/285] Fix positioning of popup

---
 src/registrar/assets/src/sass/_theme/_accordions.scss | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/assets/src/sass/_theme/_accordions.scss b/src/registrar/assets/src/sass/_theme/_accordions.scss
index a4376337d..ba6f15bfc 100644
--- a/src/registrar/assets/src/sass/_theme/_accordions.scss
+++ b/src/registrar/assets/src/sass/_theme/_accordions.scss
@@ -67,10 +67,10 @@
 // Currently, that's not an issue since that Members table is not wrapped in the
 // reponsive wrapper.
 @include at-media-max("desktop") {
-    tr:last-of-type .usa-accordion--more-actions .usa-accordion__content {
+    tr:not(.edit-row):last-of-type .usa-accordion--more-actions .usa-accordion__content {
         top: auto;
         bottom: -10px;
-        right: 30px;
+        right: 20px;
     }
 }
 

From c6586df46c54c22c99b7f41cc47ffad310e910fe Mon Sep 17 00:00:00 2001
From: Erin Song <121973038+erinysong@users.noreply.github.com>
Date: Wed, 19 Mar 2025 14:49:14 -0700
Subject: [PATCH 242/285] Fix linting

---
 src/registrar/tests/test_email_invitations.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/tests/test_email_invitations.py b/src/registrar/tests/test_email_invitations.py
index 0dd2c29e5..d4ca5cdac 100644
--- a/src/registrar/tests/test_email_invitations.py
+++ b/src/registrar/tests/test_email_invitations.py
@@ -1318,4 +1318,4 @@ class TestSendPortfolioOrganizationUpdateEmail(unittest.TestCase):
             to_address=self.admin_user2.email,
             context=ANY,
         )
-        self.assertTrue(result)
\ No newline at end of file
+        self.assertTrue(result)

From 96883fb678ee77bd31bf83718c9a940630bb7f45 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 17:51:55 -0400
Subject: [PATCH 243/285] UI tweaks

---
 src/registrar/templates/domain_dsdata.html      | 4 ++--
 src/registrar/templates/domain_nameservers.html | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index d754ea6bc..9fee72a40 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -200,10 +200,10 @@
                           </button>
                         </div>
                         <div id="more-actions-dsdata-{{ forloop.counter }}" class="usa-accordion__content usa-prose shadow-1 left-auto right-neg-1" hidden>
-                          <h2>More options</h2>
+                          <h2 class="margin-bottom-2">More options</h2>
                           <button 
                             type="button" 
-                            class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary dsdata-delete-kebab"
+                            class="usa-button usa-button--unstyled text-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary dsdata-delete-kebab"
                             name="btn-delete-kebab-click"
                             aria-label="Delete DS record {{ forloop.counter }} from the registry"
                           >
diff --git a/src/registrar/templates/domain_nameservers.html b/src/registrar/templates/domain_nameservers.html
index 3cf88a2b9..e32268cbf 100644
--- a/src/registrar/templates/domain_nameservers.html
+++ b/src/registrar/templates/domain_nameservers.html
@@ -177,10 +177,10 @@
                         </button>
                       </div>
                       <div id="more-actions-{{ form.server.value }}" class="usa-accordion__content usa-prose shadow-1 left-auto right-neg-1" hidden>
-                        <h2>More options</h2>
+                        <h2 class="margin-bottom-2">More options</h2>
                         <button 
                           type="button" 
-                          class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary nameserver-delete-kebab"
+                          class="usa-button usa-button--unstyled text-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary nameserver-delete-kebab"
                           name="btn-delete-kebab-click"
                           aria-label="Delete the name server from the registry"
                         >

From f6f7e5bf9e2f6ac0f60ccf4d7371447db92c761c Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 18:17:15 -0400
Subject: [PATCH 244/285] target last view only row to position the kebob
 correctly

---
 src/registrar/assets/src/sass/_theme/_accordions.scss | 3 ++-
 src/registrar/templates/domain_dsdata.html            | 2 +-
 src/registrar/templates/domain_nameservers.html       | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/registrar/assets/src/sass/_theme/_accordions.scss b/src/registrar/assets/src/sass/_theme/_accordions.scss
index ba6f15bfc..85548ae62 100644
--- a/src/registrar/assets/src/sass/_theme/_accordions.scss
+++ b/src/registrar/assets/src/sass/_theme/_accordions.scss
@@ -67,7 +67,8 @@
 // Currently, that's not an issue since that Members table is not wrapped in the
 // reponsive wrapper.
 @include at-media-max("desktop") {
-    tr:not(.edit-row):last-of-type .usa-accordion--more-actions .usa-accordion__content {
+    tr:last-of-type .usa-accordion--more-actions .usa-accordion__content,
+    tr.view-only-row:nth-last-of-type(1) .usa-accordion--more-actions .usa-accordion__content {
         top: auto;
         bottom: -10px;
         right: 20px;
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 9fee72a40..83b411419 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -177,7 +177,7 @@
                       <a 
                         role="button" 
                         id="button-trigger-delete-dsdata-{{ forloop.counter }}"
-                        class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex dsdata-delete-kebab"
+                        class="usa-button usa-button--unstyled text-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex dsdata-delete-kebab"
                       >
                         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
                           <use xlink:href="/public/img/sprite.svg#delete"></use>
diff --git a/src/registrar/templates/domain_nameservers.html b/src/registrar/templates/domain_nameservers.html
index e32268cbf..2433c8d73 100644
--- a/src/registrar/templates/domain_nameservers.html
+++ b/src/registrar/templates/domain_nameservers.html
@@ -140,7 +140,7 @@
 
               {{ form.domain }}
               <!-- Readonly row -->
-              <tr>
+              <tr class="view-only-row">
                 <td colspan="2" aria-colspan="2">{{ form.server.value }} {% if form.ip.value %}({{ form.ip.value }}){% endif %}</td>
                 <td class="padding-right-0">
                   <div class="tablet:display-flex tablet:flex-row">
@@ -154,7 +154,7 @@
                     <a 
                       role="button" 
                       id="button-trigger-delete-{{ form.server.value }}"
-                      class="usa-button usa-button--unstyled text-no-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex nameserver-delete-kebab"
+                      class="usa-button usa-button--unstyled text-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary visible-mobile-flex nameserver-delete-kebab"
                     >
                       <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
                         <use xlink:href="/public/img/sprite.svg#delete"></use>

From 8d1f57b1abd4e3dffd22d4b4be7ea698e1650b6a Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 19:03:20 -0400
Subject: [PATCH 245/285] UI tweaks

---
 src/registrar/assets/src/js/getgov/table-base.js | 2 +-
 src/registrar/templates/domain_dsdata.html       | 6 +++---
 src/registrar/templates/domain_nameservers.html  | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov/table-base.js b/src/registrar/assets/src/js/getgov/table-base.js
index bf561fa1f..54b8db3f1 100644
--- a/src/registrar/assets/src/js/getgov/table-base.js
+++ b/src/registrar/assets/src/js/getgov/table-base.js
@@ -103,7 +103,7 @@ export function generateKebabHTML(action, unique_id, modal_button_text, screen_r
       <div class="usa-accordion__heading">
         <button
           type="button"
-          class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions"
+          class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-2px"
           aria-expanded="false"
           aria-controls="more-actions-${unique_id}"
           aria-label="${screen_reader_text}"
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 83b411419..68dbe6da6 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -144,7 +144,7 @@
                 {% endcomment %}
                 
                 <!-- Readonly row -->
-                <tr>
+                <tr class="view-only-row">
                   <td>{{ form.key_tag.value }}</td>
                   <td>
                     <span class="ellipsis ellipsis--15">
@@ -189,12 +189,12 @@
                         <div class="usa-accordion__heading">
                           <button
                             type="button"
-                            class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-0"
+                            class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-2px"
                             aria-expanded="false"
                             aria-controls="more-actions-dsdata-{{ forloop.counter }}"
                             aria-label="More Actions for DS record {{ forloop.counter }}"
                           >
-                            <svg class="usa-icon top-2px" aria-hidden="true" focusable="false" role="img" width="24">
+                            <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
                               <use xlink:href="/public/img/sprite.svg#more_vert"></use>
                             </svg>
                           </button>
diff --git a/src/registrar/templates/domain_nameservers.html b/src/registrar/templates/domain_nameservers.html
index 2433c8d73..65c76691d 100644
--- a/src/registrar/templates/domain_nameservers.html
+++ b/src/registrar/templates/domain_nameservers.html
@@ -140,7 +140,7 @@
 
               {{ form.domain }}
               <!-- Readonly row -->
-              <tr class="view-only-row">
+              <tr>
                 <td colspan="2" aria-colspan="2">{{ form.server.value }} {% if form.ip.value %}({{ form.ip.value }}){% endif %}</td>
                 <td class="padding-right-0">
                   <div class="tablet:display-flex tablet:flex-row">
@@ -166,12 +166,12 @@
                       <div class="usa-accordion__heading">
                         <button
                           type="button"
-                          class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-0"
+                          class="usa-button usa-button--unstyled usa-button--with-icon usa-accordion__button usa-button--more-actions margin-top-2px"
                           aria-expanded="false"
                           aria-controls="more-actions-{{ form.server.value }}"
                           aria-label="More Actions for ({{ form.server.value }})"
                         >
-                          <svg class="usa-icon top-2px" aria-hidden="true" focusable="false" role="img" width="24">
+                          <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
                             <use xlink:href="/public/img/sprite.svg#more_vert"></use>
                           </svg>
                         </button>

From a5cae6aab12965c2c3abeb0137f01ffdae7333aa Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 19:10:47 -0400
Subject: [PATCH 246/285] UI tweaks

---
 src/registrar/assets/src/sass/_theme/_accordions.scss | 3 +++
 src/registrar/templates/domain_dsdata.html            | 2 +-
 src/registrar/templates/domain_nameservers.html       | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/registrar/assets/src/sass/_theme/_accordions.scss b/src/registrar/assets/src/sass/_theme/_accordions.scss
index 85548ae62..a117c064b 100644
--- a/src/registrar/assets/src/sass/_theme/_accordions.scss
+++ b/src/registrar/assets/src/sass/_theme/_accordions.scss
@@ -39,6 +39,9 @@
     .margin-top-0 {
         margin-top: 0 !important;
     }
+    .margin-top-2px {
+        margin-top: 2px !important;
+    }
 }
 
 // This will work in responsive tables if we overwrite the overflow value on the table container
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 68dbe6da6..2a2d70db7 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -200,7 +200,7 @@
                           </button>
                         </div>
                         <div id="more-actions-dsdata-{{ forloop.counter }}" class="usa-accordion__content usa-prose shadow-1 left-auto right-neg-1" hidden>
-                          <h2 class="margin-bottom-2">More options</h2>
+                          <h2>More options</h2>
                           <button 
                             type="button" 
                             class="usa-button usa-button--unstyled text-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary dsdata-delete-kebab"
diff --git a/src/registrar/templates/domain_nameservers.html b/src/registrar/templates/domain_nameservers.html
index 65c76691d..02646ae64 100644
--- a/src/registrar/templates/domain_nameservers.html
+++ b/src/registrar/templates/domain_nameservers.html
@@ -177,7 +177,7 @@
                         </button>
                       </div>
                       <div id="more-actions-{{ form.server.value }}" class="usa-accordion__content usa-prose shadow-1 left-auto right-neg-1" hidden>
-                        <h2 class="margin-bottom-2">More options</h2>
+                        <h2>More options</h2>
                         <button 
                           type="button" 
                           class="usa-button usa-button--unstyled text-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary nameserver-delete-kebab"

From 703d32d03dad330e9bc331d1dbf9ab4a620e0d8d Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 19:22:58 -0400
Subject: [PATCH 247/285] UI tweaks

---
 src/registrar/assets/src/sass/_theme/_accordions.scss | 2 +-
 src/registrar/templates/domain_dsdata.html            | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/registrar/assets/src/sass/_theme/_accordions.scss b/src/registrar/assets/src/sass/_theme/_accordions.scss
index a117c064b..28defc6d7 100644
--- a/src/registrar/assets/src/sass/_theme/_accordions.scss
+++ b/src/registrar/assets/src/sass/_theme/_accordions.scss
@@ -71,7 +71,7 @@
 // reponsive wrapper.
 @include at-media-max("desktop") {
     tr:last-of-type .usa-accordion--more-actions .usa-accordion__content,
-    tr.view-only-row:nth-last-of-type(1) .usa-accordion--more-actions .usa-accordion__content {
+    tr.view-only-row:nth-last-of-type(2) .usa-accordion--more-actions .usa-accordion__content {
         top: auto;
         bottom: -10px;
         right: 20px;
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 2a2d70db7..832a90052 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -203,7 +203,10 @@
                           <h2>More options</h2>
                           <button 
                             type="button" 
-                            class="usa-button usa-button--unstyled text-underline late-loading-modal-trigger margin-top-2 line-height-sans-5 text-secondary dsdata-delete-kebab"
+                            class="
+                              usa-button usa-button--unstyled text-underline late-loading-modal-trigger line-height-sans-5 text-secondary dsdata-delete-kebab
+                              mobile:margin-top-0 desktop:margin-top-2
+                            "
                             name="btn-delete-kebab-click"
                             aria-label="Delete DS record {{ forloop.counter }} from the registry"
                           >

From 7e08db1409801c8d4e03001c29eae29ad47f5f35 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 19:29:25 -0400
Subject: [PATCH 248/285] UI tweaks

---
 src/registrar/templates/domain_dsdata.html              | 2 +-
 src/registrar/templates/includes/input_with_errors.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 832a90052..5abf34930 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -237,7 +237,7 @@
                       {% endwith %}
                   </td>
                   <td class="text-bottom">
-                    {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
+                    {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." inline_error_class="font-body-xs" %}
                       {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
                         {% input_with_errors form.digest %}
                       {% endwith %}
diff --git a/src/registrar/templates/includes/input_with_errors.html b/src/registrar/templates/includes/input_with_errors.html
index 8bcf2b40e..a84b062c0 100644
--- a/src/registrar/templates/includes/input_with_errors.html
+++ b/src/registrar/templates/includes/input_with_errors.html
@@ -54,7 +54,7 @@ error messages, if necessary.
   {% if field.errors %}
     <div id="{{ widget.attrs.id }}__error-message">
     {% for error in field.errors %}
-      <div class="usa-error-message display-flex" role="alert">
+      <div class="usa-error-message display-flex{% if inline_error_class %} inline_error_class{% endif %}" role="alert">
         <svg class="usa-icon usa-icon--large" focusable="true" role="img" aria-label="Error">
           <use xlink:href="{%static 'img/sprite.svg'%}#error"></use>
         </svg>

From ce33a1423d21bbbb68d1899fab61b5bad8a83fb2 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 19:44:41 -0400
Subject: [PATCH 249/285] UI tweaks

---
 src/registrar/templates/includes/input_with_errors.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/includes/input_with_errors.html b/src/registrar/templates/includes/input_with_errors.html
index a84b062c0..6546d64d5 100644
--- a/src/registrar/templates/includes/input_with_errors.html
+++ b/src/registrar/templates/includes/input_with_errors.html
@@ -54,7 +54,7 @@ error messages, if necessary.
   {% if field.errors %}
     <div id="{{ widget.attrs.id }}__error-message">
     {% for error in field.errors %}
-      <div class="usa-error-message display-flex{% if inline_error_class %} inline_error_class{% endif %}" role="alert">
+      <div class="usa-error-message display-flex{% if inline_error_class %} {{ inline_error_class }}{% endif %}" role="alert">
         <svg class="usa-icon usa-icon--large" focusable="true" role="img" aria-label="Error">
           <use xlink:href="{%static 'img/sprite.svg'%}#error"></use>
         </svg>

From 5e93badd88ca01558491b06cae2df49954239876 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 19:50:19 -0400
Subject: [PATCH 250/285] UI tweaks

---
 src/registrar/templates/includes/input_with_errors.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/includes/input_with_errors.html b/src/registrar/templates/includes/input_with_errors.html
index 6546d64d5..b9ce8639e 100644
--- a/src/registrar/templates/includes/input_with_errors.html
+++ b/src/registrar/templates/includes/input_with_errors.html
@@ -58,7 +58,7 @@ error messages, if necessary.
         <svg class="usa-icon usa-icon--large" focusable="true" role="img" aria-label="Error">
           <use xlink:href="{%static 'img/sprite.svg'%}#error"></use>
         </svg>
-        <span class="margin-left-05">{{ error }}</span>
+        <span class="margin-left-05 flex-1">{{ error }}</span>
       </div>
     {% endfor %}
     </div>

From 4b2f7fe7488b4548305055a5417b45e62284aeca Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 19:51:47 -0400
Subject: [PATCH 251/285] UI tweaks

---
 src/registrar/templates/domain_dsdata.html | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 5abf34930..fe48eef5f 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -221,24 +221,24 @@
                 <tr class="edit-row display-none">
                   <td class="text-bottom">
                     {% with sublabel_text="Numbers (0-9) only." %}
-                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
+                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.key_tag %}
                       {% endwith %}
                     {% endwith %}
                   </td>
                   <td class="text-bottom">
-                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
+                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.algorithm %}
                       {% endwith %}
                   </td>
                   <td class="text-bottom">
-                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
+                    {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.digest_type %}
                       {% endwith %}
                   </td>
                   <td class="text-bottom">
-                    {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." inline_error_class="font-body-xs" %}
-                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True %}
+                    {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
+                      {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.digest %}
                       {% endwith %}
                     {% endwith %}

From 7b9eed413da01b5efa4401fe820345ca04d82971 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 19:54:22 -0400
Subject: [PATCH 252/285] UI tweaks

---
 src/registrar/templates/domain_dsdata.html | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index fe48eef5f..44d6b19cd 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -203,10 +203,7 @@
                           <h2>More options</h2>
                           <button 
                             type="button" 
-                            class="
-                              usa-button usa-button--unstyled text-underline late-loading-modal-trigger line-height-sans-5 text-secondary dsdata-delete-kebab
-                              mobile:margin-top-0 desktop:margin-top-2
-                            "
+                            class="usa-button usa-button--unstyled text-underline late-loading-modal-trigger line-height-sans-5 text-secondary dsdata-delete-kebab margin-top-2"
                             name="btn-delete-kebab-click"
                             aria-label="Delete DS record {{ forloop.counter }} from the registry"
                           >

From 3129f5397dab27472df2a1746d6d6b90f3f02fa1 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 20:03:42 -0400
Subject: [PATCH 253/285] UI tweaks

---
 src/registrar/assets/src/sass/_theme/_forms.scss | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/registrar/assets/src/sass/_theme/_forms.scss b/src/registrar/assets/src/sass/_theme/_forms.scss
index 75430d27d..73510a7ea 100644
--- a/src/registrar/assets/src/sass/_theme/_forms.scss
+++ b/src/registrar/assets/src/sass/_theme/_forms.scss
@@ -86,3 +86,7 @@ legend.float-left-tablet + button.float-right-tablet {
   resize: none;
   overflow: hidden;
 }
+
+.usa-form .usa-button.margin-top-2 {
+  margin-top: unites(2) !important;
+}

From 13859afb24703a09829dcaf49e7ee0127c5bbade Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 20:35:40 -0400
Subject: [PATCH 254/285] UI tweaks

---
 src/registrar/assets/src/sass/_theme/_forms.scss | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/assets/src/sass/_theme/_forms.scss b/src/registrar/assets/src/sass/_theme/_forms.scss
index 73510a7ea..e9a06639a 100644
--- a/src/registrar/assets/src/sass/_theme/_forms.scss
+++ b/src/registrar/assets/src/sass/_theme/_forms.scss
@@ -88,5 +88,5 @@ legend.float-left-tablet + button.float-right-tablet {
 }
 
 .usa-form .usa-button.margin-top-2 {
-  margin-top: unites(2) !important;
+  margin-top: units(2) !important;
 }

From d424f314e194f1ebca8140739857f12bd4c5e20f Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Wed, 19 Mar 2025 20:37:20 -0400
Subject: [PATCH 255/285] UI tweaks

---
 src/registrar/templates/domain_dsdata.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 44d6b19cd..f92582f61 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -123,7 +123,7 @@
         {% endif %}
       {% endfor %}
 
-      <div class="usa-table-container--scrollable usa-table-container--override-overflow usa-table-container--override-scrollable margin-top-4" tabindex="0">
+      <div class="usa-table-container--scrollable usa-table-container--override-overflow usa-table-container--override-scrollable padding-top-5 margin-top-0" tabindex="0">
         <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked dotgov-table--cell-padding-1-1-2px-0" id="dsdata-table">
           <thead>
             <tr>

From e097c319d770a8ae366186d434d6b6cb5159d3cf Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 20 Mar 2025 08:17:08 -0600
Subject: [PATCH 256/285] update pipfile

---
 src/Pipfile          |   3 +-
 src/Pipfile.lock     | 795 ++++++++++++++++++++++---------------------
 src/requirements.txt |  45 +--
 3 files changed, 431 insertions(+), 412 deletions(-)

diff --git a/src/Pipfile b/src/Pipfile
index 07b1db715..819481fa7 100644
--- a/src/Pipfile
+++ b/src/Pipfile
@@ -4,7 +4,7 @@ verify_ssl = true
 name = "pypi"
 
 [packages]
-django = "4.2.17"
+django = "4.2.20"
 cfenv = "*"
 django-cors-headers = "*"
 pycryptodomex = "*"
@@ -34,6 +34,7 @@ tblib = "*"
 django-admin-multiple-choice-list-filter = "*"
 django-import-export = "*"
 django-waffle = "*"
+cryptography = "*"
 
 [dev-packages]
 django-debug-toolbar = "*"
diff --git a/src/Pipfile.lock b/src/Pipfile.lock
index 76f2c914d..fe5a51fbb 100644
--- a/src/Pipfile.lock
+++ b/src/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "07f7bc9bda4099f96b18f8f063b487b121b82ae01de06a7f2e9013d56098a421"
+            "sha256": "c854531923af84e93b0b26e64a0bf3b9d9c12870c4795b1afb667569ea740e2b"
         },
         "pipfile-spec": 6,
         "requires": {},
@@ -32,37 +32,37 @@
         },
         "boto3": {
             "hashes": [
-                "sha256:ba391982f6cada136c5bba99e85d7fe1bc4e157c53a22a78e4aca35d1b39152e",
-                "sha256:eecef248f8743ab30036cd9c916808a0892fc9036e1a35434d8222060c08bbd2"
+                "sha256:7ba243b8f9e11ea8856b1875293f1d43f3aa04960d823f2016cb624f47d45048",
+                "sha256:c9e820b5c7363329951ca3429fa5d51137cbd9766e063d15f212ee407fff89e9"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.8'",
-            "version": "==1.35.91"
+            "version": "==1.37.16"
         },
         "botocore": {
             "hashes": [
-                "sha256:7b0b9c5954701fff4d2c516918f45641b04ff4ca92bbd9f5b37c0b80f8c14220",
-                "sha256:93de9d0f52f7e36a2c190d55520d3b2654f32c5a628fdd484bffa00bc7865e1d"
+                "sha256:26bdf95d5448682bdb05ff4b15b007f977d027c0d791482b43e69f098e609978",
+                "sha256:d74d04830ead12933a96dc407175ae98b32a5dd0059d7d2b28fc7aa4ed9d3b48"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==1.35.91"
+            "version": "==1.37.16"
         },
         "cachetools": {
             "hashes": [
-                "sha256:02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292",
-                "sha256:2cc24fb4cbe39633fb7badd9db9ca6295d766d9c2995f245725a46715d050f2a"
+                "sha256:1a661caa9175d26759571b2e19580f9d6393969e5dfca11fdb1f947a23e640d4",
+                "sha256:d26a22bcc62eb95c3beabd9f1ee5e820d3d2704fe2967cbe350e20c8ffcd3f0a"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.7'",
-            "version": "==5.5.0"
+            "version": "==5.5.2"
         },
         "certifi": {
             "hashes": [
-                "sha256:1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56",
-                "sha256:b650d30f370c2b724812bee08008be0c4163b163ddaec3f2546c1caf65f191db"
+                "sha256:3d5da6925056f6f18f119200434a4780a94263f10d1c21d032a6f6b2baa20651",
+                "sha256:ca78db4565a652026a4db2bcdf68f2fb589ea80d0be70e03929ed730746b84fe"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==2024.12.14"
+            "version": "==2025.1.31"
         },
         "cfenv": {
             "hashes": [
@@ -245,36 +245,45 @@
         },
         "cryptography": {
             "hashes": [
-                "sha256:1923cb251c04be85eec9fda837661c67c1049063305d6be5721643c22dd4e2b7",
-                "sha256:37d76e6863da3774cd9db5b409a9ecfd2c71c981c38788d3fcfaf177f447b731",
-                "sha256:3c672a53c0fb4725a29c303be906d3c1fa99c32f58abe008a82705f9ee96f40b",
-                "sha256:404fdc66ee5f83a1388be54300ae978b2efd538018de18556dde92575e05defc",
-                "sha256:4ac4c9f37eba52cb6fbeaf5b59c152ea976726b865bd4cf87883a7e7006cc543",
-                "sha256:62901fb618f74d7d81bf408c8719e9ec14d863086efe4185afd07c352aee1d2c",
-                "sha256:660cb7312a08bc38be15b696462fa7cc7cd85c3ed9c576e81f4dc4d8b2b31591",
-                "sha256:708ee5f1bafe76d041b53a4f95eb28cdeb8d18da17e597d46d7833ee59b97ede",
-                "sha256:761817a3377ef15ac23cd7834715081791d4ec77f9297ee694ca1ee9c2c7e5eb",
-                "sha256:831c3c4d0774e488fdc83a1923b49b9957d33287de923d58ebd3cec47a0ae43f",
-                "sha256:84111ad4ff3f6253820e6d3e58be2cc2a00adb29335d4cacb5ab4d4d34f2a123",
-                "sha256:8b3e6eae66cf54701ee7d9c83c30ac0a1e3fa17be486033000f2a73a12ab507c",
-                "sha256:9e6fc8a08e116fb7c7dd1f040074c9d7b51d74a8ea40d4df2fc7aa08b76b9e6c",
-                "sha256:a01956ddfa0a6790d594f5b34fc1bfa6098aca434696a03cfdbe469b8ed79285",
-                "sha256:abc998e0c0eee3c8a1904221d3f67dcfa76422b23620173e28c11d3e626c21bd",
-                "sha256:b15492a11f9e1b62ba9d73c210e2416724633167de94607ec6069ef724fad092",
-                "sha256:be4ce505894d15d5c5037167ffb7f0ae90b7be6f2a98f9a5c3442395501c32fa",
-                "sha256:c5eb858beed7835e5ad1faba59e865109f3e52b3783b9ac21e7e47dc5554e289",
-                "sha256:cd4e834f340b4293430701e772ec543b0fbe6c2dea510a5286fe0acabe153a02",
-                "sha256:d2436114e46b36d00f8b72ff57e598978b37399d2786fd39793c36c6d5cb1c64",
-                "sha256:eb33480f1bad5b78233b0ad3e1b0be21e8ef1da745d8d2aecbb20671658b9053",
-                "sha256:eca27345e1214d1b9f9490d200f9db5a874479be914199194e746c893788d417",
-                "sha256:ed3534eb1090483c96178fcb0f8893719d96d5274dfde98aa6add34614e97c8e",
-                "sha256:f3f6fdfa89ee2d9d496e2c087cebef9d4fcbb0ad63c40e821b39f74bf48d9c5e",
-                "sha256:f53c2c87e0fb4b0c00fa9571082a057e37690a8f12233306161c8f4b819960b7",
-                "sha256:f5e7cb1e5e56ca0933b4873c0220a78b773b24d40d186b6738080b73d3d0a756",
-                "sha256:f677e1268c4e23420c3acade68fac427fffcb8d19d7df95ed7ad17cdef8404f4"
+                "sha256:04abd71114848aa25edb28e225ab5f268096f44cf0127f3d36975bdf1bdf3390",
+                "sha256:0529b1d5a0105dd3731fa65680b45ce49da4d8115ea76e9da77a875396727b41",
+                "sha256:1bc312dfb7a6e5d66082c87c34c8a62176e684b6fe3d90fcfe1568de675e6688",
+                "sha256:268e4e9b177c76d569e8a145a6939eca9a5fec658c932348598818acf31ae9a5",
+                "sha256:29ecec49f3ba3f3849362854b7253a9f59799e3763b0c9d0826259a88efa02f1",
+                "sha256:2bf7bf75f7df9715f810d1b038870309342bff3069c5bd8c6b96128cb158668d",
+                "sha256:3b721b8b4d948b218c88cb8c45a01793483821e709afe5f622861fc6182b20a7",
+                "sha256:3c00b6b757b32ce0f62c574b78b939afab9eecaf597c4d624caca4f9e71e7843",
+                "sha256:3dc62975e31617badc19a906481deacdeb80b4bb454394b4098e3f2525a488c5",
+                "sha256:4973da6ca3db4405c54cd0b26d328be54c7747e89e284fcff166132eb7bccc9c",
+                "sha256:4e389622b6927d8133f314949a9812972711a111d577a5d1f4bee5e58736b80a",
+                "sha256:51e4de3af4ec3899d6d178a8c005226491c27c4ba84101bfb59c901e10ca9f79",
+                "sha256:5f6f90b72d8ccadb9c6e311c775c8305381db88374c65fa1a68250aa8a9cb3a6",
+                "sha256:6210c05941994290f3f7f175a4a57dbbb2afd9273657614c506d5976db061181",
+                "sha256:6f101b1f780f7fc613d040ca4bdf835c6ef3b00e9bd7125a4255ec574c7916e4",
+                "sha256:7bdcd82189759aba3816d1f729ce42ffded1ac304c151d0a8e89b9996ab863d5",
+                "sha256:7ca25849404be2f8e4b3c59483d9d3c51298a22c1c61a0e84415104dacaf5562",
+                "sha256:81276f0ea79a208d961c433a947029e1a15948966658cf6710bbabb60fcc2639",
+                "sha256:8cadc6e3b5a1f144a039ea08a0bdb03a2a92e19c46be3285123d32029f40a922",
+                "sha256:8e0ddd63e6bf1161800592c71ac794d3fb8001f2caebe0966e77c5234fa9efc3",
+                "sha256:909c97ab43a9c0c0b0ada7a1281430e4e5ec0458e6d9244c0e821bbf152f061d",
+                "sha256:96e7a5e9d6e71f9f4fca8eebfd603f8e86c5225bb18eb621b2c1e50b290a9471",
+                "sha256:9a1e657c0f4ea2a23304ee3f964db058c9e9e635cc7019c4aa21c330755ef6fd",
+                "sha256:9eb9d22b0a5d8fd9925a7764a054dca914000607dff201a24c791ff5c799e1fa",
+                "sha256:af4ff3e388f2fa7bff9f7f2b31b87d5651c45731d3e8cfa0944be43dff5cfbdb",
+                "sha256:b042d2a275c8cee83a4b7ae30c45a15e6a4baa65a179a0ec2d78ebb90e4f6699",
+                "sha256:bc821e161ae88bfe8088d11bb39caf2916562e0a2dc7b6d56714a48b784ef0bb",
+                "sha256:c505d61b6176aaf982c5717ce04e87da5abc9a36a5b39ac03905c4aafe8de7aa",
+                "sha256:c63454aa261a0cf0c5b4718349629793e9e634993538db841165b3df74f37ec0",
+                "sha256:c7362add18b416b69d58c910caa217f980c5ef39b23a38a0880dfd87bdf8cd23",
+                "sha256:d03806036b4f89e3b13b6218fefea8d5312e450935b1a2d55f0524e2ed7c59d9",
+                "sha256:d1b3031093a366ac767b3feb8bcddb596671b3aaff82d4050f984da0c248b615",
+                "sha256:d1c3572526997b36f245a96a2b1713bf79ce99b271bbcf084beb6b9b075f29ea",
+                "sha256:efcfe97d1b3c79e486554efddeb8f6f53a4cdd4cf6086642784fa31fc384e1d7",
+                "sha256:f514ef4cd14bb6fb484b4a60203e912cfcb64f2ab139e88c2274511514bf7308"
             ],
+            "index": "pypi",
             "markers": "python_version >= '3.7' and python_full_version not in '3.9.0, 3.9.1'",
-            "version": "==44.0.0"
+            "version": "==44.0.2"
         },
         "defusedxml": {
             "hashes": [
@@ -308,12 +317,12 @@
         },
         "django": {
             "hashes": [
-                "sha256:3a93350214ba25f178d4045c0786c61573e7dbfa3c509b3551374f1e11ba8de0",
-                "sha256:6b56d834cc94c8b21a8f4e775064896be3b4a4ca387f2612d4406a5927cd2fdc"
+                "sha256:213381b6e4405f5c8703fffc29cd719efdf189dec60c67c04f76272b3dc845b9",
+                "sha256:92bac5b4432a64532abb73b2ac27203f485e40225d2640a7fbef2b62b876e789"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.8'",
-            "version": "==4.2.17"
+            "version": "==4.2.20"
         },
         "django-admin-multiple-choice-list-filter": {
             "hashes": [
@@ -349,12 +358,12 @@
         },
         "django-cors-headers": {
             "hashes": [
-                "sha256:14d76b4b4c8d39375baeddd89e4f08899051eeaf177cb02a29bd6eae8cf63aa8",
-                "sha256:8edbc0497e611c24d5150e0055d3b178c6534b8ed826fb6f53b21c63f5d48ba3"
+                "sha256:6fdf31bf9c6d6448ba09ef57157db2268d515d94fc5c89a0a1028e1fc03ee52b",
+                "sha256:f1c125dcd58479fe7a67fe2499c16ee38b81b397463cf025f0e2c42937421070"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.9'",
-            "version": "==4.6.0"
+            "version": "==4.7.0"
         },
         "django-csp": {
             "hashes": [
@@ -374,12 +383,12 @@
         },
         "django-import-export": {
             "hashes": [
-                "sha256:91b47c9a2701a5b039667df5c46ee682a41bb224ac215a0e66b177a459e35983",
-                "sha256:b261f44aedf572a69f975655afba15bff1e354eddd91d9c1bbd32d3cee44168d"
+                "sha256:5514d09636e84e823a42cd5e79292f70f20d6d2feed117a145f5b64a5b44f168",
+                "sha256:bd3fe0aa15a2bce9de4be1a2f882e2c4539fdbfdfa16f2052c98dd7aec0f085c"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.9'",
-            "version": "==4.3.3"
+            "version": "==4.3.7"
         },
         "django-login-required-middleware": {
             "hashes": [
@@ -422,20 +431,20 @@
                 "django"
             ],
             "hashes": [
-                "sha256:9d2080cf25807a26fc0d4301e2d7b62c64fbf547540f21e3a30cc02bc5fbe948",
-                "sha256:e068ae3174cef52ba4b95ead22e639056a02465f616e62323e04ae08e86a75a4"
+                "sha256:03db7ee2d50ec697b68814cd175a3a05a7c7954804e4e419ca8b570dc5a835cf",
+                "sha256:45bc56f1d53bbc59d8dd69bba97377dd88ec28b8229d81cedbd455b21789445b"
             ],
-            "markers": "python_version >= '3.8'",
-            "version": "==11.2.1"
+            "markers": "python_version >= '3.9'",
+            "version": "==14.1.1"
         },
         "faker": {
             "hashes": [
-                "sha256:1c925fc0e86a51fc46648b504078c88d0cd48da1da2595c4e712841cab43a1e4",
-                "sha256:d30c5f0e2796b8970de68978365247657486eb0311c5abe88d0b895b68dff05d"
+                "sha256:8955706c56c28099585e9e2b6f814eb0a3a227eb36a2ee3eb9ab577c4764eacc",
+                "sha256:948bd27706478d3aa0b6f9f58b9f25207098f6ca79852c7b49c44a8ced2bc59b"
             ],
             "index": "pypi",
-            "markers": "python_version >= '3.8'",
-            "version": "==33.1.0"
+            "markers": "python_version >= '3.9'",
+            "version": "==37.0.2"
         },
         "fred-epplib": {
             "git": "https://github.com/cisagov/epplib.git",
@@ -443,10 +452,10 @@
         },
         "furl": {
             "hashes": [
-                "sha256:5a6188fe2666c484a12159c18be97a1977a71d632ef5bb867ef15f54af39cc4e",
-                "sha256:9ab425062c4217f9802508e45feb4a83e54324273ac4b202f1850363309666c0"
+                "sha256:877657501266c929269739fb5f5980534a41abd6bbabcb367c136d1d3b2a6015",
+                "sha256:da34d0b34e53ffe2d2e6851a7085a05d96922b5b578620a37377ff1dbeeb11c8"
             ],
-            "version": "==2.1.3"
+            "version": "==2.1.4"
         },
         "future": {
             "hashes": [
@@ -608,155 +617,155 @@
         },
         "lxml": {
             "hashes": [
-                "sha256:01220dca0d066d1349bd6a1726856a78f7929f3878f7e2ee83c296c69495309e",
-                "sha256:02ced472497b8362c8e902ade23e3300479f4f43e45f4105c85ef43b8db85229",
-                "sha256:052d99051e77a4f3e8482c65014cf6372e61b0a6f4fe9edb98503bb5364cfee3",
-                "sha256:07da23d7ee08577760f0a71d67a861019103e4812c87e2fab26b039054594cc5",
-                "sha256:094cb601ba9f55296774c2d57ad68730daa0b13dc260e1f941b4d13678239e70",
-                "sha256:0a7056921edbdd7560746f4221dca89bb7a3fe457d3d74267995253f46343f15",
-                "sha256:0c120f43553ec759f8de1fee2f4794452b0946773299d44c36bfe18e83caf002",
-                "sha256:0d7b36afa46c97875303a94e8f3ad932bf78bace9e18e603f2085b652422edcd",
-                "sha256:0fdf3a3059611f7585a78ee10399a15566356116a4288380921a4b598d807a22",
-                "sha256:109fa6fede314cc50eed29e6e56c540075e63d922455346f11e4d7a036d2b8cf",
-                "sha256:146173654d79eb1fc97498b4280c1d3e1e5d58c398fa530905c9ea50ea849b22",
-                "sha256:1473427aff3d66a3fa2199004c3e601e6c4500ab86696edffdbc84954c72d832",
-                "sha256:1483fd3358963cc5c1c9b122c80606a3a79ee0875bcac0204149fa09d6ff2727",
-                "sha256:168f2dfcfdedf611eb285efac1516c8454c8c99caf271dccda8943576b67552e",
-                "sha256:17e8d968d04a37c50ad9c456a286b525d78c4a1c15dd53aa46c1d8e06bf6fa30",
-                "sha256:18feb4b93302091b1541221196a2155aa296c363fd233814fa11e181adebc52f",
-                "sha256:1afe0a8c353746e610bd9031a630a95bcfb1a720684c3f2b36c4710a0a96528f",
-                "sha256:1d04f064bebdfef9240478f7a779e8c5dc32b8b7b0b2fc6a62e39b928d428e51",
-                "sha256:1fdc9fae8dd4c763e8a31e7630afef517eab9f5d5d31a278df087f307bf601f4",
-                "sha256:1ffc23010330c2ab67fac02781df60998ca8fe759e8efde6f8b756a20599c5de",
-                "sha256:20094fc3f21ea0a8669dc4c61ed7fa8263bd37d97d93b90f28fc613371e7a875",
-                "sha256:213261f168c5e1d9b7535a67e68b1f59f92398dd17a56d934550837143f79c42",
-                "sha256:218c1b2e17a710e363855594230f44060e2025b05c80d1f0661258142b2add2e",
-                "sha256:23e0553b8055600b3bf4a00b255ec5c92e1e4aebf8c2c09334f8368e8bd174d6",
-                "sha256:25f1b69d41656b05885aa185f5fdf822cb01a586d1b32739633679699f220391",
-                "sha256:2b3778cb38212f52fac9fe913017deea2fdf4eb1a4f8e4cfc6b009a13a6d3fcc",
-                "sha256:2bc9fd5ca4729af796f9f59cd8ff160fe06a474da40aca03fcc79655ddee1a8b",
-                "sha256:2c226a06ecb8cdef28845ae976da407917542c5e6e75dcac7cc33eb04aaeb237",
-                "sha256:2c3406b63232fc7e9b8783ab0b765d7c59e7c59ff96759d8ef9632fca27c7ee4",
-                "sha256:2c86bf781b12ba417f64f3422cfc302523ac9cd1d8ae8c0f92a1c66e56ef2e86",
-                "sha256:2d9b8d9177afaef80c53c0a9e30fa252ff3036fb1c6494d427c066a4ce6a282f",
-                "sha256:2dec2d1130a9cda5b904696cec33b2cfb451304ba9081eeda7f90f724097300a",
-                "sha256:2dfab5fa6a28a0b60a20638dc48e6343c02ea9933e3279ccb132f555a62323d8",
-                "sha256:2ecdd78ab768f844c7a1d4a03595038c166b609f6395e25af9b0f3f26ae1230f",
-                "sha256:315f9542011b2c4e1d280e4a20ddcca1761993dda3afc7a73b01235f8641e903",
-                "sha256:36aef61a1678cb778097b4a6eeae96a69875d51d1e8f4d4b491ab3cfb54b5a03",
-                "sha256:384aacddf2e5813a36495233b64cb96b1949da72bef933918ba5c84e06af8f0e",
-                "sha256:3879cc6ce938ff4eb4900d901ed63555c778731a96365e53fadb36437a131a99",
-                "sha256:3c174dc350d3ec52deb77f2faf05c439331d6ed5e702fc247ccb4e6b62d884b7",
-                "sha256:3eb44520c4724c2e1a57c0af33a379eee41792595023f367ba3952a2d96c2aab",
-                "sha256:406246b96d552e0503e17a1006fd27edac678b3fcc9f1be71a2f94b4ff61528d",
-                "sha256:41ce1f1e2c7755abfc7e759dc34d7d05fd221723ff822947132dc934d122fe22",
-                "sha256:423b121f7e6fa514ba0c7918e56955a1d4470ed35faa03e3d9f0e3baa4c7e492",
-                "sha256:44264ecae91b30e5633013fb66f6ddd05c006d3e0e884f75ce0b4755b3e3847b",
-                "sha256:482c2f67761868f0108b1743098640fbb2a28a8e15bf3f47ada9fa59d9fe08c3",
-                "sha256:4b0c7a688944891086ba192e21c5229dea54382f4836a209ff8d0a660fac06be",
-                "sha256:4c1fefd7e3d00921c44dc9ca80a775af49698bbfd92ea84498e56acffd4c5469",
-                "sha256:4e109ca30d1edec1ac60cdbe341905dc3b8f55b16855e03a54aaf59e51ec8c6f",
-                "sha256:501d0d7e26b4d261fca8132854d845e4988097611ba2531408ec91cf3fd9d20a",
-                "sha256:516f491c834eb320d6c843156440fe7fc0d50b33e44387fcec5b02f0bc118a4c",
-                "sha256:51806cfe0279e06ed8500ce19479d757db42a30fd509940b1701be9c86a5ff9a",
-                "sha256:562e7494778a69086f0312ec9689f6b6ac1c6b65670ed7d0267e49f57ffa08c4",
-                "sha256:56b9861a71575f5795bde89256e7467ece3d339c9b43141dbdd54544566b3b94",
-                "sha256:5b8f5db71b28b8c404956ddf79575ea77aa8b1538e8b2ef9ec877945b3f46442",
-                "sha256:5c2fb570d7823c2bbaf8b419ba6e5662137f8166e364a8b2b91051a1fb40ab8b",
-                "sha256:5c54afdcbb0182d06836cc3d1be921e540be3ebdf8b8a51ee3ef987537455f84",
-                "sha256:5d6a6972b93c426ace71e0be9a6f4b2cfae9b1baed2eed2006076a746692288c",
-                "sha256:609251a0ca4770e5a8768ff902aa02bf636339c5a93f9349b48eb1f606f7f3e9",
-                "sha256:62d172f358f33a26d6b41b28c170c63886742f5b6772a42b59b4f0fa10526cb1",
-                "sha256:62f7fdb0d1ed2065451f086519865b4c90aa19aed51081979ecd05a21eb4d1be",
-                "sha256:658f2aa69d31e09699705949b5fc4719cbecbd4a97f9656a232e7d6c7be1a367",
-                "sha256:65ab5685d56914b9a2a34d67dd5488b83213d680b0c5d10b47f81da5a16b0b0e",
-                "sha256:68934b242c51eb02907c5b81d138cb977b2129a0a75a8f8b60b01cb8586c7b21",
-                "sha256:68b87753c784d6acb8a25b05cb526c3406913c9d988d51f80adecc2b0775d6aa",
-                "sha256:69959bd3167b993e6e710b99051265654133a98f20cec1d9b493b931942e9c16",
-                "sha256:6a7095eeec6f89111d03dabfe5883a1fd54da319c94e0fb104ee8f23616b572d",
-                "sha256:6b038cc86b285e4f9fea2ba5ee76e89f21ed1ea898e287dc277a25884f3a7dfe",
-                "sha256:6ba0d3dcac281aad8a0e5b14c7ed6f9fa89c8612b47939fc94f80b16e2e9bc83",
-                "sha256:6e91cf736959057f7aac7adfc83481e03615a8e8dd5758aa1d95ea69e8931dba",
-                "sha256:6ee8c39582d2652dcd516d1b879451500f8db3fe3607ce45d7c5957ab2596040",
-                "sha256:6f651ebd0b21ec65dfca93aa629610a0dbc13dbc13554f19b0113da2e61a4763",
-                "sha256:71a8dd38fbd2f2319136d4ae855a7078c69c9a38ae06e0c17c73fd70fc6caad8",
-                "sha256:74068c601baff6ff021c70f0935b0c7bc528baa8ea210c202e03757c68c5a4ff",
-                "sha256:7437237c6a66b7ca341e868cda48be24b8701862757426852c9b3186de1da8a2",
-                "sha256:747a3d3e98e24597981ca0be0fd922aebd471fa99d0043a3842d00cdcad7ad6a",
-                "sha256:74bcb423462233bc5d6066e4e98b0264e7c1bed7541fff2f4e34fe6b21563c8b",
-                "sha256:78d9b952e07aed35fe2e1a7ad26e929595412db48535921c5013edc8aa4a35ce",
-                "sha256:7b1cd427cb0d5f7393c31b7496419da594fe600e6fdc4b105a54f82405e6626c",
-                "sha256:7d3d1ca42870cdb6d0d29939630dbe48fa511c203724820fc0fd507b2fb46577",
-                "sha256:7e2f58095acc211eb9d8b5771bf04df9ff37d6b87618d1cbf85f92399c98dae8",
-                "sha256:7f41026c1d64043a36fda21d64c5026762d53a77043e73e94b71f0521939cc71",
-                "sha256:81b4e48da4c69313192d8c8d4311e5d818b8be1afe68ee20f6385d0e96fc9512",
-                "sha256:86a6b24b19eaebc448dc56b87c4865527855145d851f9fc3891673ff97950540",
-                "sha256:874a216bf6afaf97c263b56371434e47e2c652d215788396f60477540298218f",
-                "sha256:89e043f1d9d341c52bf2af6d02e6adde62e0a46e6755d5eb60dc6e4f0b8aeca2",
-                "sha256:8c72e9563347c7395910de6a3100a4840a75a6f60e05af5e58566868d5eb2d6a",
-                "sha256:8dc2c0395bea8254d8daebc76dcf8eb3a95ec2a46fa6fae5eaccee366bfe02ce",
-                "sha256:8f0de2d390af441fe8b2c12626d103540b5d850d585b18fcada58d972b74a74e",
-                "sha256:92e67a0be1639c251d21e35fe74df6bcc40cba445c2cda7c4a967656733249e2",
-                "sha256:94d6c3782907b5e40e21cadf94b13b0842ac421192f26b84c45f13f3c9d5dc27",
-                "sha256:97acf1e1fd66ab53dacd2c35b319d7e548380c2e9e8c54525c6e76d21b1ae3b1",
-                "sha256:9ada35dd21dc6c039259596b358caab6b13f4db4d4a7f8665764d616daf9cc1d",
-                "sha256:9c52100e2c2dbb0649b90467935c4b0de5528833c76a35ea1a2691ec9f1ee7a1",
-                "sha256:9e41506fec7a7f9405b14aa2d5c8abbb4dbbd09d88f9496958b6d00cb4d45330",
-                "sha256:9e4b47ac0f5e749cfc618efdf4726269441014ae1d5583e047b452a32e221920",
-                "sha256:9fb81d2824dff4f2e297a276297e9031f46d2682cafc484f49de182aa5e5df99",
-                "sha256:a0eabd0a81625049c5df745209dc7fcef6e2aea7793e5f003ba363610aa0a3ff",
-                "sha256:a3d819eb6f9b8677f57f9664265d0a10dd6551d227afb4af2b9cd7bdc2ccbf18",
-                "sha256:a87de7dd873bf9a792bf1e58b1c3887b9264036629a5bf2d2e6579fe8e73edff",
-                "sha256:aa617107a410245b8660028a7483b68e7914304a6d4882b5ff3d2d3eb5948d8c",
-                "sha256:aac0bbd3e8dd2d9c45ceb82249e8bdd3ac99131a32b4d35c8af3cc9db1657179",
-                "sha256:ab6dd83b970dc97c2d10bc71aa925b84788c7c05de30241b9e96f9b6d9ea3080",
-                "sha256:ace2c2326a319a0bb8a8b0e5b570c764962e95818de9f259ce814ee666603f19",
-                "sha256:ae5fe5c4b525aa82b8076c1a59d642c17b6e8739ecf852522c6321852178119d",
-                "sha256:b11a5d918a6216e521c715b02749240fb07ae5a1fefd4b7bf12f833bc8b4fe70",
-                "sha256:b1c8c20847b9f34e98080da785bb2336ea982e7f913eed5809e5a3c872900f32",
-                "sha256:b369d3db3c22ed14c75ccd5af429086f166a19627e84a8fdade3f8f31426e52a",
-                "sha256:b710bc2b8292966b23a6a0121f7a6c51d45d2347edcc75f016ac123b8054d3f2",
-                "sha256:bd96517ef76c8654446fc3db9242d019a1bb5fe8b751ba414765d59f99210b79",
-                "sha256:c00f323cc00576df6165cc9d21a4c21285fa6b9989c5c39830c3903dc4303ef3",
-                "sha256:c162b216070f280fa7da844531169be0baf9ccb17263cf5a8bf876fcd3117fa5",
-                "sha256:c1a69e58a6bb2de65902051d57fde951febad631a20a64572677a1052690482f",
-                "sha256:c1f794c02903c2824fccce5b20c339a1a14b114e83b306ff11b597c5f71a1c8d",
-                "sha256:c24037349665434f375645fa9d1f5304800cec574d0310f618490c871fd902b3",
-                "sha256:c300306673aa0f3ed5ed9372b21867690a17dba38c68c44b287437c362ce486b",
-                "sha256:c56a1d43b2f9ee4786e4658c7903f05da35b923fb53c11025712562d5cc02753",
-                "sha256:c6379f35350b655fd817cd0d6cbeef7f265f3ae5fedb1caae2eb442bbeae9ab9",
-                "sha256:c802e1c2ed9f0c06a65bc4ed0189d000ada8049312cfeab6ca635e39c9608957",
-                "sha256:cb83f8a875b3d9b458cada4f880fa498646874ba4011dc974e071a0a84a1b033",
-                "sha256:cf120cce539453ae086eacc0130a324e7026113510efa83ab42ef3fcfccac7fb",
-                "sha256:dd36439be765e2dde7660212b5275641edbc813e7b24668831a5c8ac91180656",
-                "sha256:dd5350b55f9fecddc51385463a4f67a5da829bc741e38cf689f38ec9023f54ab",
-                "sha256:df5c7333167b9674aa8ae1d4008fa4bc17a313cc490b2cca27838bbdcc6bb15b",
-                "sha256:e63601ad5cd8f860aa99d109889b5ac34de571c7ee902d6812d5d9ddcc77fa7d",
-                "sha256:e92ce66cd919d18d14b3856906a61d3f6b6a8500e0794142338da644260595cd",
-                "sha256:e99f5507401436fdcc85036a2e7dc2e28d962550afe1cbfc07c40e454256a859",
-                "sha256:ea2e2f6f801696ad7de8aec061044d6c8c0dd4037608c7cab38a9a4d316bfb11",
-                "sha256:eafa2c8658f4e560b098fe9fc54539f86528651f61849b22111a9b107d18910c",
-                "sha256:ecd4ad8453ac17bc7ba3868371bffb46f628161ad0eefbd0a855d2c8c32dd81a",
-                "sha256:ee70d08fd60c9565ba8190f41a46a54096afa0eeb8f76bd66f2c25d3b1b83005",
-                "sha256:eec1bb8cdbba2925bedc887bc0609a80e599c75b12d87ae42ac23fd199445654",
-                "sha256:ef0c1fe22171dd7c7c27147f2e9c3e86f8bdf473fed75f16b0c2e84a5030ce80",
-                "sha256:f2901429da1e645ce548bf9171784c0f74f0718c3f6150ce166be39e4dd66c3e",
-                "sha256:f422a209d2455c56849442ae42f25dbaaba1c6c3f501d58761c619c7836642ec",
-                "sha256:f65e5120863c2b266dbcc927b306c5b78e502c71edf3295dfcb9501ec96e5fc7",
-                "sha256:f7d4a670107d75dfe5ad080bed6c341d18c4442f9378c9f58e5851e86eb79965",
-                "sha256:f914c03e6a31deb632e2daa881fe198461f4d06e57ac3d0e05bbcab8eae01945",
-                "sha256:fb66442c2546446944437df74379e9cf9e9db353e61301d1a0e26482f43f0dd8"
+                "sha256:016b96c58e9a4528219bb563acf1aaaa8bc5452e7651004894a973f03b84ba81",
+                "sha256:05123fad495a429f123307ac6d8fd6f977b71e9a0b6d9aeeb8f80c017cb17131",
+                "sha256:057e30d0012439bc54ca427a83d458752ccda725c1c161cc283db07bcad43cf9",
+                "sha256:06a20d607a86fccab2fc15a77aa445f2bdef7b49ec0520a842c5c5afd8381576",
+                "sha256:094b28ed8a8a072b9e9e2113a81fda668d2053f2ca9f2d202c2c8c7c2d6516b1",
+                "sha256:0bcfadea3cdc68e678d2b20cb16a16716887dd00a881e16f7d806c2138b8ff0c",
+                "sha256:0d6b2fa86becfa81f0a0271ccb9eb127ad45fb597733a77b92e8a35e53414914",
+                "sha256:0f2cfae0688fd01f7056a17367e3b84f37c545fb447d7282cf2c242b16262607",
+                "sha256:106b7b5d2977b339f1e97efe2778e2ab20e99994cbb0ec5e55771ed0795920c8",
+                "sha256:133f3493253a00db2c870d3740bc458ebb7d937bd0a6a4f9328373e0db305709",
+                "sha256:136bf638d92848a939fd8f0e06fcf92d9f2e4b57969d94faae27c55f3d85c05b",
+                "sha256:155e1a5693cf4b55af652f5c0f78ef36596c7f680ff3ec6eb4d7d85367259b2c",
+                "sha256:1637fa31ec682cd5760092adfabe86d9b718a75d43e65e211d5931809bc111e7",
+                "sha256:172d65f7c72a35a6879217bcdb4bb11bc88d55fb4879e7569f55616062d387c2",
+                "sha256:17b5d7f8acf809465086d498d62a981fa6a56d2718135bb0e4aa48c502055f5c",
+                "sha256:198bb4b4dd888e8390afa4f170d4fa28467a7eaf857f1952589f16cfbb67af27",
+                "sha256:1b6f92e35e2658a5ed51c6634ceb5ddae32053182851d8cad2a5bc102a359b33",
+                "sha256:1b92fe86e04f680b848fff594a908edfa72b31bfc3499ef7433790c11d4c8cd8",
+                "sha256:1bcc211542f7af6f2dfb705f5f8b74e865592778e6cafdfd19c792c244ccce19",
+                "sha256:1c93ed3c998ea8472be98fb55aed65b5198740bfceaec07b2eba551e55b7b9ae",
+                "sha256:203b1d3eaebd34277be06a3eb880050f18a4e4d60861efba4fb946e31071a295",
+                "sha256:22ec2b3c191f43ed21f9545e9df94c37c6b49a5af0a874008ddc9132d49a2d9c",
+                "sha256:231cf4d140b22a923b1d0a0a4e0b4f972e5893efcdec188934cc65888fd0227b",
+                "sha256:236610b77589faf462337b3305a1be91756c8abc5a45ff7ca8f245a71c5dab70",
+                "sha256:29bfc8d3d88e56ea0a27e7c4897b642706840247f59f4377d81be8f32aa0cfbf",
+                "sha256:2b8969dbc8d09d9cd2ae06362c3bad27d03f433252601ef658a49bd9f2b22d79",
+                "sha256:2dd0b80ac2d8f13ffc906123a6f20b459cb50a99222d0da492360512f3e50f84",
+                "sha256:2df7ed5edeb6bd5590914cd61df76eb6cce9d590ed04ec7c183cf5509f73530d",
+                "sha256:2e4a570f6a99e96c457f7bec5ad459c9c420ee80b99eb04cbfcfe3fc18ec6423",
+                "sha256:2f1be45d4c15f237209bbf123a0e05b5d630c8717c42f59f31ea9eae2ad89394",
+                "sha256:2f23cf50eccb3255b6e913188291af0150d89dab44137a69e14e4dcb7be981f1",
+                "sha256:3031e4c16b59424e8d78522c69b062d301d951dc55ad8685736c3335a97fc270",
+                "sha256:33e06717c00c788ab4e79bc4726ecc50c54b9bfb55355eae21473c145d83c2d2",
+                "sha256:364de8f57d6eda0c16dcfb999af902da31396949efa0e583e12675d09709881b",
+                "sha256:3715cdf0dd31b836433af9ee9197af10e3df41d273c19bb249230043667a5dfd",
+                "sha256:3bb8149840daf2c3f97cebf00e4ed4a65a0baff888bf2605a8d0135ff5cf764e",
+                "sha256:3c3c8b55c7fc7b7e8877b9366568cc73d68b82da7fe33d8b98527b73857a225f",
+                "sha256:3d68eeef7b4d08a25e51897dac29bcb62aba830e9ac6c4e3297ee7c6a0cf6439",
+                "sha256:3dddf0fb832486cc1ea71d189cb92eb887826e8deebe128884e15020bb6e3f61",
+                "sha256:3edbb9c9130bac05d8c3fe150c51c337a471cc7fdb6d2a0a7d3a88e88a829314",
+                "sha256:3effe081b3135237da6e4c4530ff2a868d3f80be0bda027e118a5971285d42d0",
+                "sha256:422c179022ecdedbe58b0e242607198580804253da220e9454ffe848daa1cfd2",
+                "sha256:42978a68d3825eaac55399eb37a4d52012a205c0c6262199b8b44fcc6fd686e8",
+                "sha256:4399b4226c4785575fb20998dc571bc48125dc92c367ce2602d0d70e0c455eb0",
+                "sha256:45fbb70ccbc8683f2fb58bea89498a7274af1d9ec7995e9f4af5604e028233fc",
+                "sha256:4867361c049761a56bd21de507cab2c2a608c55102311d142ade7dab67b34f32",
+                "sha256:48fd46bf7155def2e15287c6f2b133a2f78e2d22cdf55647269977b873c65499",
+                "sha256:4b0d5cdba1b655d5b18042ac9c9ff50bda33568eb80feaaca4fc237b9c4fbfde",
+                "sha256:4df0ec814b50275ad6a99bc82a38b59f90e10e47714ac9871e1b223895825468",
+                "sha256:4e52e1b148867b01c05e21837586ee307a01e793b94072d7c7b91d2c2da02ffe",
+                "sha256:514fe78fc4b87e7a7601c92492210b20a1b0c6ab20e71e81307d9c2e377c64de",
+                "sha256:524ccfded8989a6595dbdda80d779fb977dbc9a7bc458864fc9a0c2fc15dc877",
+                "sha256:528f3a0498a8edc69af0559bdcf8a9f5a8bf7c00051a6ef3141fdcf27017bbf5",
+                "sha256:52d82b0d436edd6a1d22d94a344b9a58abd6c68c357ed44f22d4ba8179b37629",
+                "sha256:5412500e0dc5481b1ee9cf6b38bb3b473f6e411eb62b83dc9b62699c3b7b79f7",
+                "sha256:585c4dc429deebc4307187d2b71ebe914843185ae16a4d582ee030e6cfbb4d8a",
+                "sha256:5865b270b420eda7b68928d70bb517ccbe045e53b1a428129bb44372bf3d7dd5",
+                "sha256:5881aaa4bf3a2d086c5f20371d3a5856199a0d8ac72dd8d0dbd7a2ecfc26ab73",
+                "sha256:5885bc586f1edb48e5d68e7a4b4757b5feb2a496b64f462b4d65950f5af3364f",
+                "sha256:5a11b16a33656ffc43c92a5343a28dc71eefe460bcc2a4923a96f292692709f6",
+                "sha256:5a997b784a639e05b9d4053ef3b20c7e447ea80814a762f25b8ed5a89d261eac",
+                "sha256:5be8f5e4044146a69c96077c7e08f0709c13a314aa5315981185c1f00235fe65",
+                "sha256:63d57fc94eb0bbb4735e45517afc21ef262991d8758a8f2f05dd6e4174944519",
+                "sha256:673b9d8e780f455091200bba8534d5f4f465944cbdd61f31dc832d70e29064a5",
+                "sha256:67d2f8ad9dcc3a9e826bdc7802ed541a44e124c29b7d95a679eeb58c1c14ade8",
+                "sha256:67f5e80adf0aafc7b5454f2c1cb0cde920c9b1f2cbd0485f07cc1d0497c35c5d",
+                "sha256:68018c4c67d7e89951a91fbd371e2e34cd8cfc71f0bb43b5332db38497025d51",
+                "sha256:6c4dd3bfd0c82400060896717dd261137398edb7e524527438c54a8c34f736bf",
+                "sha256:71f31eda4e370f46af42fc9f264fafa1b09f46ba07bdbee98f25689a04b81c20",
+                "sha256:7512b4d0fc5339d5abbb14d1843f70499cab90d0b864f790e73f780f041615d7",
+                "sha256:75fa3d6946d317ffc7016a6fcc44f42db6d514b7fdb8b4b28cbe058303cb6e53",
+                "sha256:779e851fd0e19795ccc8a9bb4d705d6baa0ef475329fe44a13cf1e962f18ff1e",
+                "sha256:796520afa499732191e39fc95b56a3b07f95256f2d22b1c26e217fb69a9db5b5",
+                "sha256:7aae7a3d63b935babfdc6864b31196afd5145878ddd22f5200729006366bc4d5",
+                "sha256:7b82e67c5feb682dbb559c3e6b78355f234943053af61606af126df2183b9ef9",
+                "sha256:7c0536bd9178f754b277a3e53f90f9c9454a3bd108b1531ffff720e082d824f2",
+                "sha256:7eda194dd46e40ec745bf76795a7cccb02a6a41f445ad49d3cf66518b0bd9cff",
+                "sha256:82a4bb10b0beef1434fb23a09f001ab5ca87895596b4581fd53f1e5145a8934a",
+                "sha256:85c4f11be9cf08917ac2a5a8b6e1ef63b2f8e3799cec194417e76826e5f1de9c",
+                "sha256:88b72eb7222d918c967202024812c2bfb4048deeb69ca328363fb8e15254c549",
+                "sha256:89934f9f791566e54c1d92cdc8f8fd0009447a5ecdb1ec6b810d5f8c4955f6be",
+                "sha256:8b1942b3e4ed9ed551ed3083a2e6e0772de1e5e3aca872d955e2e86385fb7ff9",
+                "sha256:8ffb141361108e864ab5f1813f66e4e1164181227f9b1f105b042729b6c15125",
+                "sha256:8fffc08de02071c37865a155e5ea5fce0282e1546fd5bde7f6149fcaa32558ac",
+                "sha256:91fb6a43d72b4f8863d21f347a9163eecbf36e76e2f51068d59cd004c506f332",
+                "sha256:928e75a7200a4c09e6efc7482a1337919cc61fe1ba289f297827a5b76d8969c2",
+                "sha256:96eef5b9f336f623ffc555ab47a775495e7e8846dde88de5f941e2906453a1ce",
+                "sha256:a0611da6b07dd3720f492db1b463a4d1175b096b49438761cc9f35f0d9eaaef5",
+                "sha256:a091026c3bf7519ab1e64655a3f52a59ad4a4e019a6f830c24d6430695b1cf6a",
+                "sha256:a22f66270bd6d0804b02cd49dae2b33d4341015545d17f8426f2c4e22f557a23",
+                "sha256:a243132767150a44e6a93cd1dde41010036e1cbc63cc3e9fe1712b277d926ce3",
+                "sha256:a31fa7536ec1fb7155a0cd3a4e3d956c835ad0a43e3610ca32384d01f079ea1c",
+                "sha256:a364e8e944d92dcbf33b6b494d4e0fb3499dcc3bd9485beb701aa4b4201fa414",
+                "sha256:a4058f16cee694577f7e4dd410263cd0ef75644b43802a689c2b3c2a7e69453b",
+                "sha256:a4b382e0e636ed54cd278791d93fe2c4f370772743f02bcbe431a160089025c9",
+                "sha256:a83d3adea1e0ee36dac34627f78ddd7f093bb9cfc0a8e97f1572a949b695cb98",
+                "sha256:a8ade0363f776f87f982572c2860cc43c65ace208db49c76df0a21dde4ddd16e",
+                "sha256:aa59974880ab5ad8ef3afaa26f9bda148c5f39e06b11a8ada4660ecc9fb2feb3",
+                "sha256:aa826340a609d0c954ba52fd831f0fba2a4165659ab0ee1a15e4aac21f302406",
+                "sha256:aaca5a812f050ab55426c32177091130b1e49329b3f002a32934cd0245571307",
+                "sha256:ae82fce1d964f065c32c9517309f0c7be588772352d2f40b1574a214bd6e6098",
+                "sha256:aed57b541b589fa05ac248f4cb1c46cbb432ab82cbd467d1c4f6a2bdc18aecf9",
+                "sha256:afa578b6524ff85fb365f454cf61683771d0170470c48ad9d170c48075f86725",
+                "sha256:b0884e3f22d87c30694e625b1e62e6f30d39782c806287450d9dc2fdf07692fd",
+                "sha256:b2aca14c235c7a08558fe0a4786a1a05873a01e86b474dfa8f6df49101853a4e",
+                "sha256:b450d7cabcd49aa7ab46a3c6aa3ac7e1593600a1a0605ba536ec0f1b99a04322",
+                "sha256:b725e70d15906d24615201e650d5b0388b08a5187a55f119f25874d0103f90dd",
+                "sha256:bfbbab9316330cf81656fed435311386610f78b6c93cc5db4bebbce8dd146675",
+                "sha256:c093c7088b40d8266f57ed71d93112bd64c6724d31f0794c1e52cc4857c28e0e",
+                "sha256:c2e49dc23a10a1296b04ca9db200c44d3eb32c8d8ec532e8c1fd24792276522a",
+                "sha256:c4393600915c308e546dc7003d74371744234e8444a28622d76fe19b98fa59d1",
+                "sha256:c5ae125276f254b01daa73e2c103363d3e99e3e10505686ac7d9d2442dd4627a",
+                "sha256:c6aacf00d05b38a5069826e50ae72751cb5bc27bdc4d5746203988e429b385bb",
+                "sha256:c76722b5ed4a31ba103e0dc77ab869222ec36efe1a614e42e9bcea88a36186fe",
+                "sha256:c809eef167bf4a57af4b03007004896f5c60bd38dc3852fcd97a26eae3d4c9e6",
+                "sha256:c92ea6d9dd84a750b2bae72ff5e8cf5fdd13e58dda79c33e057862c29a8d5b50",
+                "sha256:cb659702a45136c743bc130760c6f137870d4df3a9e14386478b8a0511abcfca",
+                "sha256:ce0930a963ff593e8bb6fda49a503911accc67dee7e5445eec972668e672a0f0",
+                "sha256:d0751528b97d2b19a388b302be2a0ee05817097bab46ff0ed76feeec24951f78",
+                "sha256:d184f85ad2bb1f261eac55cddfcf62a70dee89982c978e92b9a74a1bfef2e367",
+                "sha256:d2a3e412ce1849be34b45922bfef03df32d1410a06d1cdeb793a343c2f1fd666",
+                "sha256:d61ec60945d694df806a9aec88e8f29a27293c6e424f8ff91c80416e3c617645",
+                "sha256:db0c742aad702fd5d0c6611a73f9602f20aec2007c102630c06d7633d9c8f09a",
+                "sha256:db4743e30d6f5f92b6d2b7c86b3ad250e0bad8dee4b7ad8a0c44bfb276af89a3",
+                "sha256:dbf7bebc2275016cddf3c997bf8a0f7044160714c64a9b83975670a04e6d2252",
+                "sha256:de1fc314c3ad6bc2f6bd5b5a5b9357b8c6896333d27fdbb7049aea8bd5af2d79",
+                "sha256:df7e5edac4778127f2bf452e0721a58a1cfa4d1d9eac63bdd650535eb8543615",
+                "sha256:e220f7b3e8656ab063d2eb0cd536fafef396829cafe04cb314e734f87649058f",
+                "sha256:e3c623923967f3e5961d272718655946e5322b8d058e094764180cdee7bab1af",
+                "sha256:e69add9b6b7b08c60d7ff0152c7c9a6c45b4a71a919be5abde6f98f1ea16421c",
+                "sha256:e8e0d177b1fe251c3b1b914ab64135475c5273c8cfd2857964b2e3bb0fe196a7",
+                "sha256:ef45f31aec9be01379fc6c10f1d9c677f032f2bac9383c827d44f620e8a88407",
+                "sha256:f1208c1c67ec9e151d78aa3435aa9b08a488b53d9cfac9b699f15255a3461ef2",
+                "sha256:f12582b8d3b4c6be1d298c49cb7ae64a3a73efaf4c2ab4e37db182e3545815ac",
+                "sha256:f1de541a9893cf8a1b1db9bf0bf670a2decab42e3e82233d36a74eda7822b4c9",
+                "sha256:f4eac0584cdc3285ef2e74eee1513a6001681fd9753b259e8159421ed28a72e5",
+                "sha256:f7b64fcd670bca8800bc10ced36620c6bbb321e7bc1214b9c0c0df269c1dddc2",
+                "sha256:fb7c61d4be18e930f75948705e9718618862e6fc2ed0d7159b2262be73f167a2"
             ],
             "markers": "python_version >= '3.6'",
-            "version": "==5.3.0"
+            "version": "==5.3.1"
         },
         "mako": {
             "hashes": [
-                "sha256:42f48953c7eb91332040ff567eb7eea69b22e7a4affbc5ba8e845e8f730f6627",
-                "sha256:577b97e414580d3e088d47c2dbbe9594aa7a5146ed2875d4dfa9075af2dd3cc8"
+                "sha256:95920acccb578427a9aa38e37a186b1e43156c87260d7ba18ca63aa4c7cbd3a1",
+                "sha256:b5d65ff3462870feec922dbccf38f6efb44e5714d7b593a656be86663d8600ac"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==1.3.8"
+            "version": "==1.3.9"
         },
         "markupsafe": {
             "hashes": [
@@ -827,11 +836,11 @@
         },
         "marshmallow": {
             "hashes": [
-                "sha256:bcaf2d6fd74fb1459f8450e85d994997ad3e70036452cbfa4ab685acb19479b3",
-                "sha256:c448ac6455ca4d794773f00bae22c2f351d62d739929f761dce5eacb5c468d7f"
+                "sha256:3350409f20a70a7e4e11a27661187b77cdcaeb20abca41c1454fe33636bea09c",
+                "sha256:e6d8affb6cb61d39d26402096dc0aee12d5a26d490a121f118d2e81dc0719dc6"
             ],
             "markers": "python_version >= '3.9'",
-            "version": "==3.23.2"
+            "version": "==3.26.1"
         },
         "oic": {
             "hashes": [
@@ -859,10 +868,10 @@
         },
         "phonenumberslite": {
             "hashes": [
-                "sha256:02da5e78c67b213bae95afd6289f40486c93e302e518769911dfa5e7287ddeee",
-                "sha256:dfa44a4bae2e46d737ae5301cb96b14cdcbf45063236c74c6ddb08f5fd471b0d"
+                "sha256:85e9d75b8de1a5eeb716dc99b3937743cbd5265182dc5c1132204aa491ae0724",
+                "sha256:cda36bc06b5bd7c042d913408f9ca37c5e6c872f851393f15ad1e9a243e5c753"
             ],
-            "version": "==8.13.52"
+            "version": "==9.0.1"
         },
         "psycopg2-binary": {
             "hashes": [
@@ -878,6 +887,7 @@
                 "sha256:245159e7ab20a71d989da00f280ca57da7641fa2cdcf71749c193cea540a74f7",
                 "sha256:26540d4a9a4e2b096f1ff9cce51253d0504dca5a85872c7f7be23be5a53eb18d",
                 "sha256:270934a475a0e4b6925b5f804e3809dd5f90f8613621d062848dd82f9cd62007",
+                "sha256:27422aa5f11fbcd9b18da48373eb67081243662f9b46e6fd07c3eb46e4535142",
                 "sha256:2ad26b467a405c798aaa1458ba09d7e2b6e5f96b1ce0ac15d82fd9f95dc38a92",
                 "sha256:2b3d2491d4d78b6b14f76881905c7a8a8abcf974aad4a8a0b065273a0ed7a2cb",
                 "sha256:2ce3e21dc3437b1d960521eca599d57408a695a0d3c26797ea0f72e834c7ffe5",
@@ -948,50 +958,47 @@
         },
         "pycryptodomex": {
             "hashes": [
-                "sha256:0df2608682db8279a9ebbaf05a72f62a321433522ed0e499bc486a6889b96bf3",
-                "sha256:103c133d6cd832ae7266feb0a65b69e3a5e4dbbd6f3a3ae3211a557fd653f516",
-                "sha256:1233443f19d278c72c4daae749872a4af3787a813e05c3561c73ab0c153c7b0f",
-                "sha256:222d0bd05381dd25c32dd6065c071ebf084212ab79bab4599ba9e6a3e0009e6c",
-                "sha256:27e84eeff24250ffec32722334749ac2a57a5fd60332cd6a0680090e7c42877e",
-                "sha256:34325b84c8b380675fd2320d0649cdcbc9cf1e0d1526edbe8fce43ed858cdc7e",
-                "sha256:365aa5a66d52fd1f9e0530ea97f392c48c409c2f01ff8b9a39c73ed6f527d36c",
-                "sha256:3efddfc50ac0ca143364042324046800c126a1d63816d532f2e19e6f2d8c0c31",
-                "sha256:46eb1f0c8d309da63a2064c28de54e5e614ad17b7e2f88df0faef58ce192fc7b",
-                "sha256:5241bdb53bcf32a9568770a6584774b1b8109342bd033398e4ff2da052123832",
-                "sha256:52e23a0a6e61691134aa8c8beba89de420602541afaae70f66e16060fdcd677e",
-                "sha256:56435c7124dd0ce0c8bdd99c52e5d183a0ca7fdcd06c5d5509423843f487dd0b",
-                "sha256:5823d03e904ea3e53aebd6799d6b8ec63b7675b5d2f4a4bd5e3adcb512d03b37",
-                "sha256:65d275e3f866cf6fe891411be9c1454fb58809ccc5de6d3770654c47197acd65",
-                "sha256:770d630a5c46605ec83393feaa73a9635a60e55b112e1fb0c3cea84c2897aa0a",
-                "sha256:77ac2ea80bcb4b4e1c6a596734c775a1615d23e31794967416afc14852a639d3",
-                "sha256:7a1058e6dfe827f4209c5cae466e67610bcd0d66f2f037465daa2a29d92d952b",
-                "sha256:8a9d8342cf22b74a746e3c6c9453cb0cfbb55943410e3a2619bd9164b48dc9d9",
-                "sha256:8ef436cdeea794015263853311f84c1ff0341b98fc7908e8a70595a68cefd971",
-                "sha256:9aa0cf13a1a1128b3e964dc667e5fe5c6235f7d7cfb0277213f0e2a783837cc2",
-                "sha256:9ba09a5b407cbb3bcb325221e346a140605714b5e880741dc9a1e9ecf1688d42",
-                "sha256:a192fb46c95489beba9c3f002ed7d93979423d1b2a53eab8771dbb1339eb3ddd",
-                "sha256:a3d77919e6ff56d89aada1bd009b727b874d464cb0e2e3f00a49f7d2e709d76e",
-                "sha256:b0e9765f93fe4890f39875e6c90c96cb341767833cfa767f41b490b506fa9ec0",
-                "sha256:bbb07f88e277162b8bfca7134b34f18b400d84eac7375ce73117f865e3c80d4c",
-                "sha256:c07e64867a54f7e93186a55bec08a18b7302e7bee1b02fd84c6089ec215e723a",
-                "sha256:cc7e111e66c274b0df5f4efa679eb31e23c7545d702333dfd2df10ab02c2a2ce",
-                "sha256:da76ebf6650323eae7236b54b1b1f0e57c16483be6e3c1ebf901d4ada47563b6",
-                "sha256:dbeb84a399373df84a69e0919c1d733b89e049752426041deeb30d68e9867822",
-                "sha256:e859e53d983b7fe18cb8f1b0e29d991a5c93be2c8dd25db7db1fe3bd3617f6f9",
-                "sha256:ef046b2e6c425647971b51424f0f88d8a2e0a2a63d3531817968c42078895c00",
-                "sha256:feaecdce4e5c0045e7a287de0c4351284391fe170729aa9182f6bd967631b3a8"
+                "sha256:140b27caa68a36d0501b05eb247bd33afa5f854c1ee04140e38af63c750d4e39",
+                "sha256:1a8b0c5ba061ace4bcd03496d42702c3927003db805b8ec619ea6506080b381d",
+                "sha256:1ab0d89d1761959b608952c7b347b0e76a32d1a5bb278afbaa10a7f3eaef9a0a",
+                "sha256:259664c4803a1fa260d5afb322972813c5fe30ea8b43e54b03b7e3a27b30856b",
+                "sha256:276be1ed006e8fd01bba00d9bd9b60a0151e478033e86ea1cb37447bbc057edc",
+                "sha256:2cac9ed5c343bb3d0075db6e797e6112514764d08d667c74cb89b931aac9dddd",
+                "sha256:41673e5cc39a8524557a0472077635d981172182c9fe39ce0b5f5c19381ffaff",
+                "sha256:5ac608a6dce9418d4f300fab7ba2f7d499a96b462f2b9b5c90d8d994cd36dcad",
+                "sha256:5bf3ce9211d2a9877b00b8e524593e2209e370a287b3d5e61a8c45f5198487e2",
+                "sha256:5e64164f816f5e43fd69f8ed98eb28f98157faf68208cd19c44ed9d8e72d33e8",
+                "sha256:5ebc09b7d8964654aaf8a4f5ac325f2b0cc038af9bea12efff0cd4a5bb19aa42",
+                "sha256:644834b1836bb8e1d304afaf794d5ae98a1d637bd6e140c9be7dd192b5374811",
+                "sha256:684cb57812cd243217c3d1e01a720c5844b30f0b7b64bb1a49679f7e1e8a54ac",
+                "sha256:7127d9de3c7ce20339e06bcd4f16f1a1a77f1471bcf04e3b704306dde101b719",
+                "sha256:72c506aba3318505dbeecf821ed7b9a9f86f422ed085e2d79c4fba0ae669920a",
+                "sha256:7a24f681365ec9757ccd69b85868bbd7216ba451d0f86f6ea0eed75eeb6975db",
+                "sha256:7cd39f7a110c1ab97ce9ee3459b8bc615920344dc00e56d1b709628965fba3f2",
+                "sha256:813e57da5ceb4b549bab96fa548781d9a63f49f1d68fdb148eeac846238056b7",
+                "sha256:a1da61bacc22f93a91cbe690e3eb2022a03ab4123690ab16c46abb693a9df63d",
+                "sha256:aef4590263b9f2f6283469e998574d0bd45c14fb262241c27055b82727426157",
+                "sha256:b3746dedf74787da43e4a2f85bd78f5ec14d2469eb299ddce22518b3891f16ea",
+                "sha256:bfe4fe3233ef3e58028a3ad8f28473653b78c6d56e088ea04fe7550c63d4d16b",
+                "sha256:c8cffb03f5dee1026e3f892f7cffd79926a538c67c34f8b07c90c0bd5c834e27",
+                "sha256:d7beeacb5394765aa8dabed135389a11ee322d3ee16160d178adc7f8ee3e1f65",
+                "sha256:e4eaaf6163ff13788c1f8f615ad60cdc69efac6d3bf7b310b21e8cfe5f46c801",
+                "sha256:eac39e237d65981554c2d4c6668192dc7051ad61ab5fc383ed0ba049e4007ca2",
+                "sha256:ee75067b35c93cc18b38af47b7c0664998d8815174cfc66dd00ea1e244eb27e6",
+                "sha256:f005de31efad6f9acefc417296c641f13b720be7dbfec90edeaca601c0fab048",
+                "sha256:ff46212fda7ee86ec2f4a64016c994e8ad80f11ef748131753adb67e9b722ebd"
             ],
             "index": "pypi",
-            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
-            "version": "==3.21.0"
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6'",
+            "version": "==3.22.0"
         },
         "pydantic": {
             "hashes": [
-                "sha256:597e135ea68be3a37552fb524bc7d0d66dcf93d395acd93a00682f1efcb8ee3d",
-                "sha256:82f12e9723da6de4fe2ba888b5971157b3be7ad914267dea8f05f82b28254f06"
+                "sha256:427d664bf0b8a2b34ff5dd0f5a18df00591adcee7198fbd71981054cef37b584",
+                "sha256:ca5daa827cce33de7a42be142548b0096bf05a7e7b365aebfa5f8eeec7128236"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==2.10.4"
+            "version": "==2.10.6"
         },
         "pydantic-core": {
             "hashes": [
@@ -1101,11 +1108,11 @@
         },
         "pydantic-settings": {
             "hashes": [
-                "sha256:10c9caad35e64bfb3c2fbf70a078c0e25cc92499782e5200747f942a065dec93",
-                "sha256:590be9e6e24d06db33a4262829edef682500ef008565a969c73d39d5f8bfb3fd"
+                "sha256:81942d5ac3d905f7f3ee1a70df5dfb62d5569c12f51a5a647defc1c3d9ee2e9c",
+                "sha256:d5c663dfbe9db9d5e1c646b2e161da12f0d734d422ee56f567d0ea2cee4e8585"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==2.7.1"
+            "version": "==2.8.1"
         },
         "pyjwkest": {
             "hashes": [
@@ -1150,19 +1157,19 @@
         },
         "s3transfer": {
             "hashes": [
-                "sha256:244a76a24355363a68164241438de1b72f8781664920260c48465896b712a41e",
-                "sha256:29edc09801743c21eb5ecbc617a152df41d3c287f67b615f73e5f750583666a7"
+                "sha256:559f161658e1cf0a911f45940552c696735f5c74e64362e515f333ebed87d679",
+                "sha256:ac265fa68318763a03bf2dc4f39d5cbd6a9e178d81cc9483ad27da33637e320d"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==0.10.4"
+            "version": "==0.11.4"
         },
         "setuptools": {
             "hashes": [
-                "sha256:8199222558df7c86216af4f84c30e9b34a61d8ba19366cc914424cdbd28252f6",
-                "sha256:ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d"
+                "sha256:81a234dff81a82bb52e522c8aef145d0dd4de1fd6de4d3b196d0f77dc2fded26",
+                "sha256:a1246a1b4178c66d7cf50c9fc6d530fac3f89bc284cf803c7fa878c41b1a03b2"
             ],
             "markers": "python_version >= '3.9'",
-            "version": "==75.6.0"
+            "version": "==77.0.1"
         },
         "six": {
             "hashes": [
@@ -1182,11 +1189,11 @@
         },
         "tablib": {
             "hashes": [
-                "sha256:9a6930037cfe0f782377963ca3f2b1dae3fd4cdbf0883848f22f1447e7bb718b",
-                "sha256:f9db84ed398df5109bd69c11d46613d16cc572fb9ad3213f10d95e2b5f12c18e"
+                "sha256:35bdb9d4ec7052232f8803908f9c7a9c3c65807188b70618fa7a7d8ccd560b4d",
+                "sha256:94d8bcdc65a715a0024a6d5b701a5f31e45bd159269e62c73731de79f048db2b"
             ],
             "markers": "python_version >= '3.9'",
-            "version": "==3.7.0"
+            "version": "==3.8.0"
         },
         "tblib": {
             "hashes": [
@@ -1206,6 +1213,14 @@
             "markers": "python_version >= '3.8'",
             "version": "==4.12.2"
         },
+        "tzdata": {
+            "hashes": [
+                "sha256:24894909e88cdb28bd1636c6887801df64cb485bd593f2fd83ef29075a81d694",
+                "sha256:7e127113816800496f027041c570f50bcd464a020098a3b6b199517772303639"
+            ],
+            "markers": "python_version >= '2'",
+            "version": "==2025.1"
+        },
         "urllib3": {
             "hashes": [
                 "sha256:1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df",
@@ -1216,12 +1231,12 @@
         },
         "whitenoise": {
             "hashes": [
-                "sha256:486bd7267a375fa9650b136daaec156ac572971acc8bf99add90817a530dd1d4",
-                "sha256:df12dce147a043d1956d81d288c6f0044147c6d2ab9726e5772ac50fb45d2280"
+                "sha256:8c4a7c9d384694990c26f3047e118c691557481d624f069b7f7752a2f735d609",
+                "sha256:c8a489049b7ee9889617bb4c274a153f3d979e8f51d2efd0f5b403caf41c57df"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.9'",
-            "version": "==6.8.2"
+            "version": "==6.9.0"
         },
         "zope.event": {
             "hashes": [
@@ -1286,49 +1301,49 @@
         },
         "bandit": {
             "hashes": [
-                "sha256:b1a61d829c0968aed625381e426aa378904b996529d048f8d908fa28f6b13e38",
-                "sha256:b5bfe55a095abd9fe20099178a7c6c060f844bfd4fe4c76d28e35e4c52b9d31e"
+                "sha256:28f04dc0d258e1dd0f99dee8eefa13d1cb5e3fde1a5ab0c523971f97b289bcd8",
+                "sha256:f5847beb654d309422985c36644649924e0ea4425c76dec2e89110b87506193a"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.9'",
-            "version": "==1.8.0"
+            "version": "==1.8.3"
         },
         "beautifulsoup4": {
             "hashes": [
-                "sha256:74e3d1928edc070d21748185c46e3fb33490f22f52a3addee9aee0f4f7781051",
-                "sha256:b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed"
+                "sha256:1bd32405dacc920b42b83ba01644747ed77456a65760e285fbc47633ceddaf8b",
+                "sha256:99045d7d3f08f91f0d656bc9b7efbae189426cd913d830294a15eefa0ea4df16"
             ],
-            "markers": "python_full_version >= '3.6.0'",
-            "version": "==4.12.3"
+            "markers": "python_full_version >= '3.7.0'",
+            "version": "==4.13.3"
         },
         "black": {
             "hashes": [
-                "sha256:14b3502784f09ce2443830e3133dacf2c0110d45191ed470ecb04d0f5f6fcb0f",
-                "sha256:17374989640fbca88b6a448129cd1745c5eb8d9547b464f281b251dd00155ccd",
-                "sha256:1c536fcf674217e87b8cc3657b81809d3c085d7bf3ef262ead700da345bfa6ea",
-                "sha256:1cbacacb19e922a1d75ef2b6ccaefcd6e93a2c05ede32f06a21386a04cedb981",
-                "sha256:1f93102e0c5bb3907451063e08b9876dbeac810e7da5a8bfb7aeb5a9ef89066b",
-                "sha256:2cd9c95431d94adc56600710f8813ee27eea544dd118d45896bb734e9d7a0dc7",
-                "sha256:30d2c30dc5139211dda799758559d1b049f7f14c580c409d6ad925b74a4208a8",
-                "sha256:394d4ddc64782e51153eadcaaca95144ac4c35e27ef9b0a42e121ae7e57a9175",
-                "sha256:3bb2b7a1f7b685f85b11fed1ef10f8a9148bceb49853e47a294a3dd963c1dd7d",
-                "sha256:4007b1393d902b48b36958a216c20c4482f601569d19ed1df294a496eb366392",
-                "sha256:5a2221696a8224e335c28816a9d331a6c2ae15a2ee34ec857dcf3e45dbfa99ad",
-                "sha256:63f626344343083322233f175aaf372d326de8436f5928c042639a4afbbf1d3f",
-                "sha256:649fff99a20bd06c6f727d2a27f401331dc0cc861fb69cde910fe95b01b5928f",
-                "sha256:680359d932801c76d2e9c9068d05c6b107f2584b2a5b88831c83962eb9984c1b",
-                "sha256:846ea64c97afe3bc677b761787993be4991810ecc7a4a937816dd6bddedc4875",
-                "sha256:b5e39e0fae001df40f95bd8cc36b9165c5e2ea88900167bddf258bacef9bbdc3",
-                "sha256:ccfa1d0cb6200857f1923b602f978386a3a2758a65b52e0950299ea014be6800",
-                "sha256:d37d422772111794b26757c5b55a3eade028aa3fde43121ab7b673d050949d65",
-                "sha256:ddacb691cdcdf77b96f549cf9591701d8db36b2f19519373d60d31746068dbf2",
-                "sha256:e6668650ea4b685440857138e5fe40cde4d652633b1bdffc62933d0db4ed9812",
-                "sha256:f9da3333530dbcecc1be13e69c250ed8dfa67f43c4005fb537bb426e19200d50",
-                "sha256:fe4d6476887de70546212c99ac9bd803d90b42fc4767f058a0baa895013fbb3e"
+                "sha256:030b9759066a4ee5e5aca28c3c77f9c64789cdd4de8ac1df642c40b708be6171",
+                "sha256:055e59b198df7ac0b7efca5ad7ff2516bca343276c466be72eb04a3bcc1f82d7",
+                "sha256:0e519ecf93120f34243e6b0054db49c00a35f84f195d5bce7e9f5cfc578fc2da",
+                "sha256:172b1dbff09f86ce6f4eb8edf9dede08b1fce58ba194c87d7a4f1a5aa2f5b3c2",
+                "sha256:1e2978f6df243b155ef5fa7e558a43037c3079093ed5d10fd84c43900f2d8ecc",
+                "sha256:33496d5cd1222ad73391352b4ae8da15253c5de89b93a80b3e2c8d9a19ec2666",
+                "sha256:3b48735872ec535027d979e8dcb20bf4f70b5ac75a8ea99f127c106a7d7aba9f",
+                "sha256:4b60580e829091e6f9238c848ea6750efed72140b91b048770b64e74fe04908b",
+                "sha256:759e7ec1e050a15f89b770cefbf91ebee8917aac5c20483bc2d80a6c3a04df32",
+                "sha256:8f0b18a02996a836cc9c9c78e5babec10930862827b1b724ddfe98ccf2f2fe4f",
+                "sha256:95e8176dae143ba9097f351d174fdaf0ccd29efb414b362ae3fd72bf0f710717",
+                "sha256:96c1c7cd856bba8e20094e36e0f948718dc688dba4a9d78c3adde52b9e6c2299",
+                "sha256:a1ee0a0c330f7b5130ce0caed9936a904793576ef4d2b98c40835d6a65afa6a0",
+                "sha256:a22f402b410566e2d1c950708c77ebf5ebd5d0d88a6a2e87c86d9fb48afa0d18",
+                "sha256:a39337598244de4bae26475f77dda852ea00a93bd4c728e09eacd827ec929df0",
+                "sha256:afebb7098bfbc70037a053b91ae8437c3857482d3a690fefc03e9ff7aa9a5fd3",
+                "sha256:bacabb307dca5ebaf9c118d2d2f6903da0d62c9faa82bd21a33eecc319559355",
+                "sha256:bce2e264d59c91e52d8000d507eb20a9aca4a778731a08cfff7e5ac4a4bb7096",
+                "sha256:d9e6827d563a2c820772b32ce8a42828dc6790f095f441beef18f96aa6f8294e",
+                "sha256:db8ea9917d6f8fc62abd90d944920d95e73c83a5ee3383493e35d271aca872e9",
+                "sha256:ea0213189960bda9cf99be5b8c8ce66bb054af5e9e861249cd23471bd7b0b3ba",
+                "sha256:f3df5f1bf91d36002b0a75389ca8663510cf0531cca8aa5c1ef695b46d98655f"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.9'",
-            "version": "==24.10.0"
+            "version": "==25.1.0"
         },
         "blinker": {
             "hashes": [
@@ -1340,12 +1355,12 @@
         },
         "boto3": {
             "hashes": [
-                "sha256:ba391982f6cada136c5bba99e85d7fe1bc4e157c53a22a78e4aca35d1b39152e",
-                "sha256:eecef248f8743ab30036cd9c916808a0892fc9036e1a35434d8222060c08bbd2"
+                "sha256:7ba243b8f9e11ea8856b1875293f1d43f3aa04960d823f2016cb624f47d45048",
+                "sha256:c9e820b5c7363329951ca3429fa5d51137cbd9766e063d15f212ee407fff89e9"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.8'",
-            "version": "==1.35.91"
+            "version": "==1.37.16"
         },
         "boto3-mocking": {
             "hashes": [
@@ -1358,28 +1373,28 @@
         },
         "boto3-stubs": {
             "hashes": [
-                "sha256:780f71406147b78f9860d78907b5c015874537d821364588ec837c4cd1eecf91",
-                "sha256:e4301b9d05b31fbfea382d0d1d950c2178f7fca03058b31373fac9a4cdf89438"
+                "sha256:1d6332ab6e27c6b3607e15969945482c05852f4674610a6d078d3cf8aff2d784",
+                "sha256:d720dd12bf0fbd0ab9184ed8d289137f29cd329a7ae33aaa668b4bc7f99da405"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.8'",
-            "version": "==1.35.91"
+            "version": "==1.37.16"
         },
         "botocore": {
             "hashes": [
-                "sha256:7b0b9c5954701fff4d2c516918f45641b04ff4ca92bbd9f5b37c0b80f8c14220",
-                "sha256:93de9d0f52f7e36a2c190d55520d3b2654f32c5a628fdd484bffa00bc7865e1d"
+                "sha256:26bdf95d5448682bdb05ff4b15b007f977d027c0d791482b43e69f098e609978",
+                "sha256:d74d04830ead12933a96dc407175ae98b32a5dd0059d7d2b28fc7aa4ed9d3b48"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==1.35.91"
+            "version": "==1.37.16"
         },
         "botocore-stubs": {
             "hashes": [
-                "sha256:c6b294cae436eaaf87dcb717e4348c250ea1fc170336579da114b693663d8e42",
-                "sha256:f7fd78d84f49d28692662b9bdeb4c92f1bf8a5707d0c28c8544399005b02823b"
+                "sha256:33973ee0e54ad5bf9f8560b2c36fc532b98540af6b9d4a57ffce5ae62a743a2a",
+                "sha256:532376611ae0c49488b7bdac3674da9ac0de9a6c65198432790b11da41502caf"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==1.35.90"
+            "version": "==1.37.16"
         },
         "click": {
             "hashes": [
@@ -1391,21 +1406,21 @@
         },
         "django": {
             "hashes": [
-                "sha256:3a93350214ba25f178d4045c0786c61573e7dbfa3c509b3551374f1e11ba8de0",
-                "sha256:6b56d834cc94c8b21a8f4e775064896be3b4a4ca387f2612d4406a5927cd2fdc"
+                "sha256:213381b6e4405f5c8703fffc29cd719efdf189dec60c67c04f76272b3dc845b9",
+                "sha256:92bac5b4432a64532abb73b2ac27203f485e40225d2640a7fbef2b62b876e789"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.8'",
-            "version": "==4.2.17"
+            "version": "==4.2.20"
         },
         "django-debug-toolbar": {
             "hashes": [
-                "sha256:36e421cb908c2f0675e07f9f41e3d1d8618dc386392ec82d23bcfcd5d29c7044",
-                "sha256:3beb671c9ec44ffb817fad2780667f172bd1c067dbcabad6268ce39a81335f45"
+                "sha256:296f6f18a80710e84fbb8361538ae5ec522a75ebe9ab67db34bcf1026cbeb420",
+                "sha256:7456cc2e951db37dab335686db7803c4a0ecb6736d120705f6668db9548bf49f"
             ],
             "index": "pypi",
-            "markers": "python_version >= '3.8'",
-            "version": "==4.4.6"
+            "markers": "python_version >= '3.9'",
+            "version": "==5.0.1"
         },
         "django-model2puml": {
             "hashes": [
@@ -1416,20 +1431,20 @@
         },
         "django-stubs": {
             "hashes": [
-                "sha256:126d354bbdff4906c4e93e6361197f6fbfb6231c3df6def85a291dae6f9f577b",
-                "sha256:c4dc64260bd72e6d32b9e536e8dd0d9247922f0271f82d1d5132a18f24b388ac"
+                "sha256:716758ced158b439213062e52de6df3cff7c586f9f9ad7ab59210efbea5dfe78",
+                "sha256:8c230bc5bebee6da282ba8a27ad1503c84a0c4cd2f46e63d149e76d2a63e639a"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.8'",
-            "version": "==5.1.1"
+            "version": "==5.1.3"
         },
         "django-stubs-ext": {
             "hashes": [
-                "sha256:3907f99e178c93323e2ce908aef8352adb8c047605161f8d9e5e7b4efb5a6a9c",
-                "sha256:db7364e4f50ae7e5360993dbd58a3a57ea4b2e7e5bab0fbd525ccdb3e7975d1c"
+                "sha256:3e60f82337f0d40a362f349bf15539144b96e4ceb4dbd0239be1cd71f6a74ad0",
+                "sha256:64561fbc53e963cc1eed2c8eb27e18b8e48dcb90771205180fe29fc8a59e55fd"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==5.1.1"
+            "version": "==5.1.3"
         },
         "django-webtest": {
             "hashes": [
@@ -1441,12 +1456,12 @@
         },
         "flake8": {
             "hashes": [
-                "sha256:049d058491e228e03e67b390f311bbf88fce2dbaa8fa673e7aea87b7198b8d38",
-                "sha256:597477df7860daa5aa0fdd84bf5208a043ab96b8e96ab708770ae0364dd03213"
+                "sha256:1cbc62e65536f65e6d754dfe6f1bada7f5cf392d6f5db3c2b85892466c3e7c1a",
+                "sha256:c586ffd0b41540951ae41af572e6790dbd49fc12b3aa2541685d253d9bd504bd"
             ],
             "index": "pypi",
             "markers": "python_full_version >= '3.8.1'",
-            "version": "==7.1.1"
+            "version": "==7.1.2"
         },
         "jmespath": {
             "hashes": [
@@ -1482,48 +1497,42 @@
         },
         "mypy": {
             "hashes": [
-                "sha256:07ba89fdcc9451f2ebb02853deb6aaaa3d2239a236669a63ab3801bbf923ef5c",
-                "sha256:0c911fde686394753fff899c409fd4e16e9b294c24bfd5e1ea4675deae1ac6fd",
-                "sha256:183cf0a45457d28ff9d758730cd0210419ac27d4d3f285beda038c9083363b1f",
-                "sha256:1fb545ca340537d4b45d3eecdb3def05e913299ca72c290326be19b3804b39c0",
-                "sha256:27fc248022907e72abfd8e22ab1f10e903915ff69961174784a3900a8cba9ad9",
-                "sha256:2ae753f5c9fef278bcf12e1a564351764f2a6da579d4a81347e1d5a15819997b",
-                "sha256:30ff5ef8519bbc2e18b3b54521ec319513a26f1bba19a7582e7b1f58a6e69f14",
-                "sha256:3888a1816d69f7ab92092f785a462944b3ca16d7c470d564165fe703b0970c35",
-                "sha256:44bf464499f0e3a2d14d58b54674dee25c031703b2ffc35064bd0df2e0fac319",
-                "sha256:46c756a444117c43ee984bd055db99e498bc613a70bbbc120272bd13ca579fbc",
-                "sha256:499d6a72fb7e5de92218db961f1a66d5f11783f9ae549d214617edab5d4dbdbb",
-                "sha256:52686e37cf13d559f668aa398dd7ddf1f92c5d613e4f8cb262be2fb4fedb0fcb",
-                "sha256:553c293b1fbdebb6c3c4030589dab9fafb6dfa768995a453d8a5d3b23784af2e",
-                "sha256:57961db9795eb566dc1d1b4e9139ebc4c6b0cb6e7254ecde69d1552bf7613f60",
-                "sha256:7084fb8f1128c76cd9cf68fe5971b37072598e7c31b2f9f95586b65c741a9d31",
-                "sha256:7d54bd85b925e501c555a3227f3ec0cfc54ee8b6930bd6141ec872d1c572f81f",
-                "sha256:7ec88144fe9b510e8475ec2f5f251992690fcf89ccb4500b214b4226abcd32d6",
-                "sha256:8b21525cb51671219f5307be85f7e646a153e5acc656e5cebf64bfa076c50107",
-                "sha256:8b4e3413e0bddea671012b063e27591b953d653209e7a4fa5e48759cda77ca11",
-                "sha256:8c6d94b16d62eb3e947281aa7347d78236688e21081f11de976376cf010eb31a",
-                "sha256:8edc07eeade7ebc771ff9cf6b211b9a7d93687ff892150cb5692e4f4272b0837",
-                "sha256:8f845a00b4f420f693f870eaee5f3e2692fa84cc8514496114649cfa8fd5e2c6",
-                "sha256:8fa2220e54d2946e94ab6dbb3ba0a992795bd68b16dc852db33028df2b00191b",
-                "sha256:90716d8b2d1f4cd503309788e51366f07c56635a3309b0f6a32547eaaa36a64d",
-                "sha256:92c3ed5afb06c3a8e188cb5da4984cab9ec9a77ba956ee419c68a388b4595255",
-                "sha256:ad3301ebebec9e8ee7135d8e3109ca76c23752bac1e717bc84cd3836b4bf3eae",
-                "sha256:b66a60cc4073aeb8ae00057f9c1f64d49e90f918fbcef9a977eb121da8b8f1d1",
-                "sha256:ba24549de7b89b6381b91fbc068d798192b1b5201987070319889e93038967a8",
-                "sha256:bce23c7377b43602baa0bd22ea3265c49b9ff0b76eb315d6c34721af4cdf1d9b",
-                "sha256:c99f27732c0b7dc847adb21c9d47ce57eb48fa33a17bc6d7d5c5e9f9e7ae5bac",
-                "sha256:cb9f255c18052343c70234907e2e532bc7e55a62565d64536dbc7706a20b78b9",
-                "sha256:d4b19b03fdf54f3c5b2fa474c56b4c13c9dbfb9a2db4370ede7ec11a2c5927d9",
-                "sha256:d64169ec3b8461311f8ce2fd2eb5d33e2d0f2c7b49116259c51d0d96edee48d1",
-                "sha256:dbec574648b3e25f43d23577309b16534431db4ddc09fda50841f1e34e64ed34",
-                "sha256:e0fe0f5feaafcb04505bcf439e991c6d8f1bf8b15f12b05feeed96e9e7bf1427",
-                "sha256:f2a0ecc86378f45347f586e4163d1769dd81c5a223d577fe351f26b179e148b1",
-                "sha256:f995e511de847791c3b11ed90084a7a0aafdc074ab88c5a9711622fe4751138c",
-                "sha256:fad79bfe3b65fe6a1efaed97b445c3d37f7be9fdc348bdb2d7cac75579607c89"
+                "sha256:1124a18bc11a6a62887e3e137f37f53fbae476dc36c185d549d4f837a2a6a14e",
+                "sha256:171a9ca9a40cd1843abeca0e405bc1940cd9b305eaeea2dda769ba096932bb22",
+                "sha256:1905f494bfd7d85a23a88c5d97840888a7bd516545fc5aaedff0267e0bb54e2f",
+                "sha256:1fbb8da62dc352133d7d7ca90ed2fb0e9d42bb1a32724c287d3c76c58cbaa9c2",
+                "sha256:2922d42e16d6de288022e5ca321cd0618b238cfc5570e0263e5ba0a77dbef56f",
+                "sha256:2e2c2e6d3593f6451b18588848e66260ff62ccca522dd231cd4dd59b0160668b",
+                "sha256:2ee2d57e01a7c35de00f4634ba1bbf015185b219e4dc5909e281016df43f5ee5",
+                "sha256:2f2147ab812b75e5b5499b01ade1f4a81489a147c01585cda36019102538615f",
+                "sha256:404534629d51d3efea5c800ee7c42b72a6554d6c400e6a79eafe15d11341fd43",
+                "sha256:5469affef548bd1895d86d3bf10ce2b44e33d86923c29e4d675b3e323437ea3e",
+                "sha256:5a95fb17c13e29d2d5195869262f8125dfdb5c134dc8d9a9d0aecf7525b10c2c",
+                "sha256:6983aae8b2f653e098edb77f893f7b6aca69f6cffb19b2cc7443f23cce5f4828",
+                "sha256:712e962a6357634fef20412699a3655c610110e01cdaa6180acec7fc9f8513ba",
+                "sha256:8023ff13985661b50a5928fc7a5ca15f3d1affb41e5f0a9952cb68ef090b31ee",
+                "sha256:811aeccadfb730024c5d3e326b2fbe9249bb7413553f15499a4050f7c30e801d",
+                "sha256:8f8722560a14cde92fdb1e31597760dc35f9f5524cce17836c0d22841830fd5b",
+                "sha256:93faf3fdb04768d44bf28693293f3904bbb555d076b781ad2530214ee53e3445",
+                "sha256:973500e0774b85d9689715feeffcc980193086551110fd678ebe1f4342fb7c5e",
+                "sha256:979e4e1a006511dacf628e36fadfecbcc0160a8af6ca7dad2f5025529e082c13",
+                "sha256:98b7b9b9aedb65fe628c62a6dc57f6d5088ef2dfca37903a7d9ee374d03acca5",
+                "sha256:aea39e0583d05124836ea645f412e88a5c7d0fd77a6d694b60d9b6b2d9f184fd",
+                "sha256:b9378e2c00146c44793c98b8d5a61039a048e31f429fb0eb546d93f4b000bedf",
+                "sha256:baefc32840a9f00babd83251560e0ae1573e2f9d1b067719479bfb0e987c6357",
+                "sha256:be68172e9fd9ad8fb876c6389f16d1c1b5f100ffa779f77b1fb2176fcc9ab95b",
+                "sha256:c43a7682e24b4f576d93072216bf56eeff70d9140241f9edec0c104d0c515036",
+                "sha256:c4bb0e1bd29f7d34efcccd71cf733580191e9a264a2202b0239da95984c5b559",
+                "sha256:c7be1e46525adfa0d97681432ee9fcd61a3964c2446795714699a998d193f1a3",
+                "sha256:c9817fa23833ff189db061e6d2eff49b2f3b6ed9856b4a0a73046e41932d744f",
+                "sha256:ce436f4c6d218a070048ed6a44c0bbb10cd2cc5e272b29e7845f6a2f57ee4464",
+                "sha256:d10d994b41fb3497719bbf866f227b3489048ea4bbbb5015357db306249f7980",
+                "sha256:e601a7fa172c2131bff456bb3ee08a88360760d0d2f8cbd7a75a65497e2df078",
+                "sha256:f95579473af29ab73a10bada2f9722856792a36ec5af5399b653aa28360290a5"
             ],
             "index": "pypi",
-            "markers": "python_version >= '3.8'",
-            "version": "==1.14.1"
+            "markers": "python_version >= '3.9'",
+            "version": "==1.15.0"
         },
         "mypy-extensions": {
             "hashes": [
@@ -1559,19 +1568,19 @@
         },
         "pbr": {
             "hashes": [
-                "sha256:788183e382e3d1d7707db08978239965e8b9e4e5ed42669bf4758186734d5f24",
-                "sha256:a776ae228892d8013649c0aeccbb3d5f99ee15e005a4cbb7e61d55a067b28a2a"
+                "sha256:38d4daea5d9fa63b3f626131b9d34947fd0c8be9b05a29276870580050a25a76",
+                "sha256:93ea72ce6989eb2eed99d0f75721474f69ad88128afdef5ac377eb797c4bf76b"
             ],
             "markers": "python_version >= '2.6'",
-            "version": "==6.1.0"
+            "version": "==6.1.1"
         },
         "platformdirs": {
             "hashes": [
-                "sha256:357fb2acbc885b0419afd3ce3ed34564c13c9b95c89360cd9563f73aa5e2b907",
-                "sha256:73e575e1408ab8103900836b97580d5307456908a03e92031bab39e4554cc3fb"
+                "sha256:a03875334331946f13c549dbd8f4bac7a13a50a895a0eb1e8c6a8ace80d40a94",
+                "sha256:eb437d586b6a0986388f0d6f74aa0cde27b48d0e3d66843640bfb6bdcdb6e351"
             ],
-            "markers": "python_version >= '3.8'",
-            "version": "==4.3.6"
+            "markers": "python_version >= '3.9'",
+            "version": "==4.3.7"
         },
         "pycodestyle": {
             "hashes": [
@@ -1591,11 +1600,11 @@
         },
         "pygments": {
             "hashes": [
-                "sha256:786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199",
-                "sha256:b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"
+                "sha256:61c16d2a8576dc0649d9f39e089b5f02bcd27fba10d8fb4dcc28173f7a45151f",
+                "sha256:9ea1544ad55cecf4b8242fab6dd35a93bbce657034b0611ee383099054ab6d8c"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==2.18.0"
+            "version": "==2.19.1"
         },
         "python-dateutil": {
             "hashes": [
@@ -1674,11 +1683,19 @@
         },
         "s3transfer": {
             "hashes": [
-                "sha256:244a76a24355363a68164241438de1b72f8781664920260c48465896b712a41e",
-                "sha256:29edc09801743c21eb5ecbc617a152df41d3c287f67b615f73e5f750583666a7"
+                "sha256:559f161658e1cf0a911f45940552c696735f5c74e64362e515f333ebed87d679",
+                "sha256:ac265fa68318763a03bf2dc4f39d5cbd6a9e178d81cc9483ad27da33637e320d"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==0.10.4"
+            "version": "==0.11.4"
+        },
+        "setuptools": {
+            "hashes": [
+                "sha256:81a234dff81a82bb52e522c8aef145d0dd4de1fd6de4d3b196d0f77dc2fded26",
+                "sha256:a1246a1b4178c66d7cf50c9fc6d530fac3f89bc284cf803c7fa878c41b1a03b2"
+            ],
+            "markers": "python_version >= '3.9'",
+            "version": "==77.0.1"
         },
         "six": {
             "hashes": [
@@ -1706,11 +1723,11 @@
         },
         "stevedore": {
             "hashes": [
-                "sha256:79e92235ecb828fe952b6b8b0c6c87863248631922c8e8e0fa5b17b232c4514d",
-                "sha256:b0be3c4748b3ea7b854b265dcb4caa891015e442416422be16f8b31756107857"
+                "sha256:3135b5ae50fe12816ef291baff420acb727fcd356106e3e9cbfa9e5985cd6f4b",
+                "sha256:d10a31c7b86cba16c1f6e8d15416955fc797052351a56af15e608ad20811fcfe"
             ],
             "markers": "python_version >= '3.9'",
-            "version": "==5.4.0"
+            "version": "==5.4.1"
         },
         "tomli": {
             "hashes": [
@@ -1752,11 +1769,11 @@
         },
         "types-awscrt": {
             "hashes": [
-                "sha256:405bce8c281f9e7c6c92a229225cc0bf10d30729a6a601123213389bd524b8b1",
-                "sha256:fbf9c221af5607b24bf17f8431217ce8b9a27917139edbc984891eb63fd5a593"
+                "sha256:345ab84a4f75b26bfb816b249657855824a4f2d1ce5b58268c549f81fce6eccc",
+                "sha256:5826baf69ad5d29c76be49fc7df00222281fa31b14f99e9fb4492d71ec98fea5"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==0.23.6"
+            "version": "==0.24.2"
         },
         "types-cachetools": {
             "hashes": [
@@ -1777,20 +1794,20 @@
         },
         "types-requests": {
             "hashes": [
-                "sha256:0d9cad2f27515d0e3e3da7134a1b6f28fb97129d86b867f24d9c726452634d95",
-                "sha256:4195d62d6d3e043a4eaaf08ff8a62184584d2e8684e9d2aa178c7915a7da3747"
+                "sha256:0962352694ec5b2f95fda877ee60a159abdf84a0fc6fdace599f20acb41a03d1",
+                "sha256:25f2cbb5c8710b2022f8bbee7b2b66f319ef14aeea2f35d80f18c9dbf3b60a0b"
             ],
             "index": "pypi",
-            "markers": "python_version >= '3.8'",
-            "version": "==2.32.0.20241016"
+            "markers": "python_version >= '3.9'",
+            "version": "==2.32.0.20250306"
         },
         "types-s3transfer": {
             "hashes": [
-                "sha256:03123477e3064c81efe712bf9d372c7c72f2790711431f9baa59cf96ea607267",
-                "sha256:22ac1aabc98f9d7f2928eb3fb4d5c02bf7435687f0913345a97dd3b84d0c217d"
+                "sha256:05fde593c84270f19fd053f0b1e08f5a057d7c5f036b9884e68fb8cd3041ac30",
+                "sha256:2a76d92c07d4a3cb469e5343b2e7560e0b8078b2e03696a65407b8c44c861b61"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==0.10.4"
+            "version": "==0.11.4"
         },
         "typing-extensions": {
             "hashes": [
@@ -1827,11 +1844,11 @@
         },
         "webtest": {
             "hashes": [
-                "sha256:0b2de681c16f57b31da5cce6e94ff03cdc77bd86c37a57ba0ee27fed8e065ceb",
-                "sha256:799846e169d15e0c1233ab4ab00ee4de59a5d964407d6f2945d89249328dbbdb"
+                "sha256:5b3d8c69ac9057f17750ed5b45320a411423c2b4196bec6450961be98b03d8c1",
+                "sha256:94778d19a37e5abd7388dad4d93874410ecced53a1739a8e5ff2dbcba1cfc0c4"
             ],
-            "markers": "python_version >= '3.7'",
-            "version": "==3.0.2"
+            "markers": "python_version >= '3.9'",
+            "version": "==3.0.4"
         }
     }
 }
diff --git a/src/requirements.txt b/src/requirements.txt
index c3ed17604..e3ef63e4e 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -1,68 +1,69 @@
 -i https://pypi.python.org/simple
 annotated-types==0.7.0; python_version >= '3.8'
 asgiref==3.8.1; python_version >= '3.8'
-boto3==1.35.91; python_version >= '3.8'
-botocore==1.35.91; python_version >= '3.8'
-cachetools==5.5.0; python_version >= '3.7'
-certifi==2024.12.14; python_version >= '3.6'
+boto3==1.37.16; python_version >= '3.8'
+botocore==1.37.16; python_version >= '3.8'
+cachetools==5.5.2; python_version >= '3.7'
+certifi==2025.1.31; python_version >= '3.6'
 cfenv==0.5.3
 cffi==1.17.1; python_version >= '3.8'
 charset-normalizer==3.4.1; python_version >= '3.7'
-cryptography==44.0.0; python_version >= '3.7' and python_full_version not in '3.9.0, 3.9.1'
+cryptography==44.0.2; python_version >= '3.7' and python_full_version not in '3.9.0, 3.9.1'
 defusedxml==0.7.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'
 diff-match-patch==20241021; python_version >= '3.7'
 dj-database-url==2.3.0
 dj-email-url==1.0.6
-django==4.2.17; python_version >= '3.8'
+django==4.2.20; python_version >= '3.8'
 django-admin-multiple-choice-list-filter==0.1.1
 django-allow-cidr==0.7.1
 django-auditlog==3.0.0; python_version >= '3.8'
 django-cache-url==3.4.5
-django-cors-headers==4.6.0; python_version >= '3.9'
+django-cors-headers==4.7.0; python_version >= '3.9'
 django-csp==3.8
 django-fsm==2.8.1
-django-import-export==4.3.3; python_version >= '3.9'
+django-import-export==4.3.7; python_version >= '3.9'
 django-login-required-middleware==0.9.0
 django-phonenumber-field[phonenumberslite]==8.0.0; python_version >= '3.8'
 django-waffle==4.2.0; python_version >= '3.8'
 django-widget-tweaks==1.5.0; python_version >= '3.8'
-environs[django]==11.2.1; python_version >= '3.8'
-faker==33.1.0; python_version >= '3.8'
+environs[django]==14.1.1; python_version >= '3.9'
+faker==37.0.2; python_version >= '3.9'
 fred-epplib @ git+https://github.com/cisagov/epplib.git@d56d183f1664f34c40ca9716a3a9a345f0ef561c
-furl==2.1.3
+furl==2.1.4
 future==1.0.0; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'
 gevent==24.11.1; python_version >= '3.9'
 greenlet==3.1.1; python_version >= '3.7'
 gunicorn==23.0.0; python_version >= '3.7'
 idna==3.10; python_version >= '3.6'
 jmespath==1.0.1; python_version >= '3.7'
-lxml==5.3.0; python_version >= '3.6'
-mako==1.3.8; python_version >= '3.8'
+lxml==5.3.1; python_version >= '3.6'
+mako==1.3.9; python_version >= '3.8'
 markupsafe==3.0.2; python_version >= '3.9'
-marshmallow==3.23.2; python_version >= '3.9'
+marshmallow==3.26.1; python_version >= '3.9'
 oic==1.7.0; python_version ~= '3.8'
 orderedmultidict==1.0.1
 packaging==24.2; python_version >= '3.8'
-phonenumberslite==8.13.52
+phonenumberslite==9.0.1
 psycopg2-binary==2.9.10; python_version >= '3.8'
 pycparser==2.22; python_version >= '3.8'
-pycryptodomex==3.21.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'
-pydantic==2.10.4; python_version >= '3.8'
+pycryptodomex==3.22.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6'
+pydantic==2.10.6; python_version >= '3.8'
 pydantic-core==2.27.2; python_version >= '3.8'
-pydantic-settings==2.7.1; python_version >= '3.8'
+pydantic-settings==2.8.1; python_version >= '3.8'
 pyjwkest==1.4.2
 python-dateutil==2.9.0.post0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'
 python-dotenv==1.0.1; python_version >= '3.8'
 pyzipper==0.3.6; python_version >= '3.4'
 requests==2.32.3; python_version >= '3.8'
-s3transfer==0.10.4; python_version >= '3.8'
-setuptools==75.6.0; python_version >= '3.9'
+s3transfer==0.11.4; python_version >= '3.8'
+setuptools==77.0.1; python_version >= '3.9'
 six==1.17.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'
 sqlparse==0.5.3; python_version >= '3.8'
-tablib==3.7.0; python_version >= '3.9'
+tablib==3.8.0; python_version >= '3.9'
 tblib==3.0.0; python_version >= '3.8'
 typing-extensions==4.12.2; python_version >= '3.8'
+tzdata==2025.1; python_version >= '2'
 urllib3==2.3.0; python_version >= '3.9'
-whitenoise==6.8.2; python_version >= '3.9'
+whitenoise==6.9.0; python_version >= '3.9'
 zope.event==5.0; python_version >= '3.7'
 zope.interface==7.2; python_version >= '3.8'

From 203f0cd8a84ddd74de890b8c0028a0969735040c Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 20 Mar 2025 15:46:55 -0400
Subject: [PATCH 257/285] fixed aria-described-by in textarea

---
 src/registrar/templatetags/field_helpers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templatetags/field_helpers.py b/src/registrar/templatetags/field_helpers.py
index c7389d3e3..bb10e0fbd 100644
--- a/src/registrar/templatetags/field_helpers.py
+++ b/src/registrar/templatetags/field_helpers.py
@@ -114,7 +114,7 @@ def input_with_errors(context, field=None):  # noqa: C901
 
     # do some work for various edge cases
 
-    if "maxlength" in attrs:
+    if "maxlength" in attrs and "hide_character_count" not in attrs:
         # associate the field programmatically with its hint text
         described_by.append(f"{attrs['id']}__message")
 

From 7ad42a03eafeba7e8051860ffdea2279cd002d42 Mon Sep 17 00:00:00 2001
From: dave-kennedy-ecs <111779554+dave-kennedy-ecs@users.noreply.github.com>
Date: Thu, 20 Mar 2025 15:56:51 -0400
Subject: [PATCH 258/285] Update
 src/registrar/assets/src/js/getgov/form-dsdata.js

Co-authored-by: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
---
 src/registrar/assets/src/js/getgov/form-dsdata.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/assets/src/js/getgov/form-dsdata.js b/src/registrar/assets/src/js/getgov/form-dsdata.js
index 788bf2df7..797885406 100644
--- a/src/registrar/assets/src/js/getgov/form-dsdata.js
+++ b/src/registrar/assets/src/js/getgov/form-dsdata.js
@@ -27,7 +27,7 @@ export class DSDataForm {
 
 
     /**
-     * Determines the initial display state of the DS dara form,
+     * Determines the initial display state of the DS data form,
      * handling validation errors and setting visibility of elements accordingly.
      */
     initializeDSDataFormDisplay() {

From 20eea6da7389a150c56e3ffeae5922c7b8806bc5 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 20 Mar 2025 16:21:33 -0400
Subject: [PATCH 259/285] updated data-label on tds

---
 src/registrar/templates/domain_dsdata.html | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index f92582f61..1729e8b8d 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -216,31 +216,31 @@
                 </tr>
                 <!-- Edit row -->
                 <tr class="edit-row display-none">
-                  <td class="text-bottom">
+                  <td class="text-bottom" data-label="Key tag">
                     {% with sublabel_text="Numbers (0-9) only." %}
                       {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.key_tag %}
                       {% endwith %}
                     {% endwith %}
                   </td>
-                  <td class="text-bottom">
+                  <td class="text-bottom" data-label="Key tag">
                     {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.algorithm %}
                       {% endwith %}
                   </td>
-                  <td class="text-bottom">
+                  <td class="text-bottom" data-label="Digest type">
                     {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.digest_type %}
                       {% endwith %}
                   </td>
-                  <td class="text-bottom">
+                  <td class="text-bottom" data-label="Digest">
                     {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
                       {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.digest %}
                       {% endwith %}
                     {% endwith %}
                   </td>
-                  <td class="padding-right-0 text-bottom">
+                  <td class="padding-right-0 text-bottom" data-label="Action">
                     <button class="usa-button usa-button--unstyled display-block margin-top-1" type="submit">Save</button>
                     
                     <button

From 5ae613fba38ed2cf9eaeb52a2946b1b5c1b27f6f Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 20 Mar 2025 16:27:17 -0400
Subject: [PATCH 260/285] updated error handling and message for key tag

---
 src/registrar/forms/domain.py   | 2 +-
 src/registrar/utility/errors.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index fd6dafb1f..2a62be15a 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -680,7 +680,7 @@ class DomainDsdataForm(forms.Form):
         key_tag = cleaned_data.get("key_tag", 0)
         try:
             key_tag = int(key_tag)
-            if key_tag < 0 or key_tag > 65535:
+            if key_tag <= 0 or key_tag > 65535:
                 self.add_error(
                     "key_tag",
                     DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE),
diff --git a/src/registrar/utility/errors.py b/src/registrar/utility/errors.py
index eccd118f8..dac730705 100644
--- a/src/registrar/utility/errors.py
+++ b/src/registrar/utility/errors.py
@@ -262,7 +262,7 @@ class DsDataError(Exception):
         DsDataErrorCodes.INVALID_DIGEST_SHA1: ("SHA-1 digest must be exactly 40 characters."),
         DsDataErrorCodes.INVALID_DIGEST_SHA256: ("SHA-256 digest must be exactly 64 characters."),
         DsDataErrorCodes.INVALID_DIGEST_CHARS: ("Digest must contain only alphanumeric characters (0-9, a-f)."),
-        DsDataErrorCodes.INVALID_KEYTAG_SIZE: ("Key tag must be less than 65535."),
+        DsDataErrorCodes.INVALID_KEYTAG_SIZE: ("Key tag must be greater than 0 and less than 65535."),
         DsDataErrorCodes.INVALID_KEYTAG_CHARS: ("Key tag must be numeric (0-9)."),
     }
 

From 5d2ea0949a733e43381723a3a4f90a9006ebc337 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Thu, 20 Mar 2025 16:39:46 -0400
Subject: [PATCH 261/285] Fix table headers on mobile

---
 src/registrar/assets/src/js/getgov/table-domain-requests.js | 4 ++--
 src/registrar/assets/src/js/getgov/table-domains.js         | 4 ++--
 src/registrar/assets/src/js/getgov/table-members.js         | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/registrar/assets/src/js/getgov/table-domain-requests.js b/src/registrar/assets/src/js/getgov/table-domain-requests.js
index 3b87c246f..b3e63149d 100644
--- a/src/registrar/assets/src/js/getgov/table-domain-requests.js
+++ b/src/registrar/assets/src/js/getgov/table-domain-requests.js
@@ -74,7 +74,7 @@ export class DomainRequestsTable extends BaseTable {
 
     if (this.portfolioValue) {
       markupCreatorRow = `
-        <td>
+        <td data-label="Created by">
             <span class="text-wrap break-word">${request.creator ? request.creator : ''}</span>
         </td>
       `
@@ -117,7 +117,7 @@ export class DomainRequestsTable extends BaseTable {
       <td data-label="Status">
         ${request.status}
       </td>
-      <td class="width--action-column">
+      <td data-label="Action" class="width--action-column">
         <div class="tablet:display-flex tablet:flex-row">
           <a href="${actionUrl}" ${customTableOptions.hasAdditionalActions ? "class='margin-right-2'" : ''}>
             <svg class="usa-icon top-1px" aria-hidden="true" focusable="false" role="img" width="24">
diff --git a/src/registrar/assets/src/js/getgov/table-domains.js b/src/registrar/assets/src/js/getgov/table-domains.js
index 1cf1fc2dd..1b62d93c3 100644
--- a/src/registrar/assets/src/js/getgov/table-domains.js
+++ b/src/registrar/assets/src/js/getgov/table-domains.js
@@ -27,7 +27,7 @@ export class DomainsTable extends BaseTable {
 
     if (this.portfolioValue) {
       markupForSuborganizationRow = `
-        <td>
+        <td data-label="Suborganization">
             <span class="text-wrap" aria-label="${domain.suborganization ? suborganization : 'No suborganization'}">${suborganization}</span>
         </td>
       `
@@ -56,7 +56,7 @@ export class DomainsTable extends BaseTable {
         </svg>
       </td>
       ${markupForSuborganizationRow}
-      <td class="width--action-column">
+      <td data-label="Action" class="width--action-column">
         <div class="tablet:display-flex tablet:flex-row flex-align-center margin-right-2">
           <a href="${actionUrl}">
             <svg class="usa-icon top-1px" aria-hidden="true" focusable="false" role="img" width="24">
diff --git a/src/registrar/assets/src/js/getgov/table-members.js b/src/registrar/assets/src/js/getgov/table-members.js
index a13894e95..3a32f648e 100644
--- a/src/registrar/assets/src/js/getgov/table-members.js
+++ b/src/registrar/assets/src/js/getgov/table-members.js
@@ -116,7 +116,7 @@ export class MembersTable extends BaseTable {
       <td class="padding-bottom-0" headers="header-last-active row-header-${unique_id}" data-sort-value="${last_active.sort_value}" data-label="Last active">
         ${last_active.display_value}
       </td>
-      <td class="padding-bottom-0" headers="header-action row-header-${unique_id}" class="width--action-column">
+      <td data-label="Action" class="padding-bottom-0" headers="header-action row-header-${unique_id}" class="width--action-column">
         <div class="tablet:display-flex tablet:flex-row flex-align-center">
           <a href="${member.action_url}" ${customTableOptions.hasAdditionalActions ? "class='margin-right-2'" : ''}>
             <svg class="usa-icon top-1px" aria-hidden="true" focusable="false" role="img" width="24">

From 130aedc58a43e0ce5cab73c72bc1a62580ad7f1f Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Thu, 20 Mar 2025 17:01:44 -0600
Subject: [PATCH 262/285] Remove printers

---
 src/registrar/models/domain.py | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index b054afb5b..b1eed865c 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -971,24 +971,6 @@ class Domain(TimeStampedModel, DomainHelper):
         logger.info("making technical contact")
         self._set_singleton_contact(contact, expectedType=contact.ContactTypeChoices.TECHNICAL)
 
-    def print_contact_info_epp(self, contact: PublicContact):
-        """Prints registry data for this PublicContact for easier debugging"""
-        results = self._request_contact_info(contact, get_result_as_dict=True)
-        logger.info("---------------------")
-        logger.info(f"EPP info for {contact.contact_type}:")
-        logger.info("---------------------")
-        for key, value in results.items():
-            logger.info(f"{key}: {value}")
-
-    def print_all_domain_contact_info_epp(self):
-        """Prints registry data for this domains security, registrant, technical, and administrative contacts."""
-        logger.info(f"Contact info for {self}:")
-        logger.info("=====================")
-        contacts = [self.security_contact, self.registrant_contact, self.technical_contact, self.administrative_contact]
-        for contact in contacts:
-            if contact:
-                self.print_contact_info_epp(contact)
-
     def is_active(self) -> bool:
         """Currently just returns if the state is created,
         because then it should be live, theoretically.

From bd0c462663630f55d28bf93aa67b59844d2cbfad Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 20 Mar 2025 19:14:51 -0400
Subject: [PATCH 263/285] check for duplicates

---
 src/registrar/forms/domain.py | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index 2a62be15a..469e4e96b 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -680,7 +680,7 @@ class DomainDsdataForm(forms.Form):
         key_tag = cleaned_data.get("key_tag", 0)
         try:
             key_tag = int(key_tag)
-            if key_tag <= 0 or key_tag > 65535:
+            if key_tag < 0 or key_tag > 65535:
                 self.add_error(
                     "key_tag",
                     DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE),
@@ -705,8 +705,41 @@ class DomainDsdataForm(forms.Form):
         return cleaned_data
 
 
+class BaseDsdataFormset(forms.BaseFormSet):
+    def clean(self):
+        """Check for duplicate entries in the formset."""
+
+        duplicate_errors = self._check_for_duplicates()
+        if duplicate_errors:
+            raise forms.ValidationError("Duplicate DS records found. Each DS record must be unique.")
+
+    def _check_for_duplicates(self):
+        """Check for duplicate entries in the DS data forms"""
+
+        seen_ds_records = set()
+        duplicate_found = False
+
+        for form in self.forms:
+            if form.cleaned_data.get("key_tag") and not form.cleaned_data.get("DELETE", False):
+                ds_tuple = (
+                    form.cleaned_data["key_tag"],
+                    form.cleaned_data["algorithm"],
+                    form.cleaned_data["digest_type"],
+                    form.cleaned_data["digest"],
+                )
+
+                if ds_tuple in seen_ds_records:
+                    form.add_error("key_tag", "You already entered this DS record. DS records must be unique.")
+                    duplicate_found = True  # Track that we found at least one duplicate
+                
+                seen_ds_records.add(ds_tuple)
+        
+        return duplicate_found  # Returns True if any duplicates were found
+
+
 DomainDsdataFormset = formset_factory(
     DomainDsdataForm,
+    formset=BaseDsdataFormset,
     extra=1,
     can_delete=True,
 )

From 8e218799635cf87b8048ccc43682da45ac72998b Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 20 Mar 2025 19:39:07 -0400
Subject: [PATCH 264/285] fixed duplicate check

---
 src/registrar/forms/domain.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index 469e4e96b..cc73f9e3d 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -708,6 +708,8 @@ class DomainDsdataForm(forms.Form):
 class BaseDsdataFormset(forms.BaseFormSet):
     def clean(self):
         """Check for duplicate entries in the formset."""
+        if any(self.errors):
+            return  # Skip duplicate checking if other errors exist
 
         duplicate_errors = self._check_for_duplicates()
         if duplicate_errors:
@@ -725,15 +727,15 @@ class BaseDsdataFormset(forms.BaseFormSet):
                     form.cleaned_data["key_tag"],
                     form.cleaned_data["algorithm"],
                     form.cleaned_data["digest_type"],
-                    form.cleaned_data["digest"],
+                    form.cleaned_data["digest"].upper(),
                 )
 
                 if ds_tuple in seen_ds_records:
                     form.add_error("key_tag", "You already entered this DS record. DS records must be unique.")
                     duplicate_found = True  # Track that we found at least one duplicate
-                
+
                 seen_ds_records.add(ds_tuple)
-        
+
         return duplicate_found  # Returns True if any duplicates were found
 
 

From 738fac96bc4c0b8afe1f11a9696e087fb719670c Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 20 Mar 2025 20:06:38 -0400
Subject: [PATCH 265/285] added duplicate test for ds data

---
 src/registrar/tests/test_views_domain.py | 28 ++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/src/registrar/tests/test_views_domain.py b/src/registrar/tests/test_views_domain.py
index 62d463627..1bef312d2 100644
--- a/src/registrar/tests/test_views_domain.py
+++ b/src/registrar/tests/test_views_domain.py
@@ -2602,6 +2602,32 @@ class TestDomainDNSSEC(TestDomainOverview):
         self.assertContains(result, "Digest type is required", count=2, status_code=200)
         self.assertContains(result, "Digest is required", count=2, status_code=200)
 
+    @less_console_noise_decorator
+    def test_ds_data_form_duplicate(self):
+        """DS data form errors with invalid data (duplicate DS)
+
+        Uses self.app WebTest because we need to interact with forms.
+        """
+        add_data_page = self.app.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id}))
+        session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
+        self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
+        # all four form fields are required, so will test with each blank
+        add_data_page.forms[0]["form-0-key_tag"] = 1234
+        add_data_page.forms[0]["form-0-algorithm"] = 3
+        add_data_page.forms[0]["form-0-digest_type"] = 1
+        add_data_page.forms[0]["form-0-digest"] = "ec0bdd990b39feead889f0ba613db4adec0bdd99"
+        add_data_page.forms[0]["form-1-key_tag"] = 1234
+        add_data_page.forms[0]["form-1-algorithm"] = 3
+        add_data_page.forms[0]["form-1-digest_type"] = 1
+        add_data_page.forms[0]["form-1-digest"] = "ec0bdd990b39feead889f0ba613db4adec0bdd99"
+        result = add_data_page.forms[0].submit()
+        # form submission was a post with an error, response should be a 200
+        # error text appears twice, once at the top of the page, once around
+        # the field.
+        self.assertContains(
+            result, "You already entered this DS record. DS records must be unique.", count=2, status_code=200
+        )
+
     @less_console_noise_decorator
     def test_ds_data_form_invalid_keytag(self):
         """DS data form errors with invalid data (key tag too large)
@@ -2703,8 +2729,6 @@ class TestDomainDNSSEC(TestDomainOverview):
         add_data_page = self.app.get(reverse("domain-dns-dnssec-dsdata", kwargs={"domain_pk": self.domain_dsdata.id}))
         session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
         self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
-        # first two nameservers are required, so if we empty one out we should
-        # get a form error
         add_data_page.forms[0]["form-0-key_tag"] = "1234"
         add_data_page.forms[0]["form-0-algorithm"] = "3"
         add_data_page.forms[0]["form-0-digest_type"] = "2"  # SHA-256

From 1fa307dd7e05c79aa5b84e61fd308d2536bf2351 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Thu, 20 Mar 2025 20:11:13 -0400
Subject: [PATCH 266/285] Key tag to algorithm in mobile

---
 src/registrar/templates/domain_dsdata.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 1729e8b8d..9abc7945b 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -223,7 +223,7 @@
                       {% endwith %}
                     {% endwith %}
                   </td>
-                  <td class="text-bottom" data-label="Key tag">
+                  <td class="text-bottom" data-label="Algorithm">
                     {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.algorithm %}
                       {% endwith %}

From 0ad4f2b84f4f5182322021c4ec86eea33b030c0c Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 21 Mar 2025 05:42:11 -0400
Subject: [PATCH 267/285] fixed bug with data-initial-value of 0

---
 src/registrar/templatetags/field_helpers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templatetags/field_helpers.py b/src/registrar/templatetags/field_helpers.py
index bb10e0fbd..69d3f228e 100644
--- a/src/registrar/templatetags/field_helpers.py
+++ b/src/registrar/templatetags/field_helpers.py
@@ -175,7 +175,7 @@ def input_with_errors(context, field=None):  # noqa: C901
 
     # Conditionally add the data-initial-value attribute
     if context.get("add_initial_value_attr", False):
-        attrs["data-initial-value"] = field.initial or ""
+        attrs["data-initial-value"] = field.initial if field.initial is not None else ""
 
     # ask Django to give us the widget dict
     # see Widget.get_context() on

From c3d3e49f715a0d8e8510b76346e6c11b91f2efe5 Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 21 Mar 2025 07:40:14 -0600
Subject: [PATCH 268/285] Update domain.py

---
 src/registrar/models/domain.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index b1eed865c..b054afb5b 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -971,6 +971,24 @@ class Domain(TimeStampedModel, DomainHelper):
         logger.info("making technical contact")
         self._set_singleton_contact(contact, expectedType=contact.ContactTypeChoices.TECHNICAL)
 
+    def print_contact_info_epp(self, contact: PublicContact):
+        """Prints registry data for this PublicContact for easier debugging"""
+        results = self._request_contact_info(contact, get_result_as_dict=True)
+        logger.info("---------------------")
+        logger.info(f"EPP info for {contact.contact_type}:")
+        logger.info("---------------------")
+        for key, value in results.items():
+            logger.info(f"{key}: {value}")
+
+    def print_all_domain_contact_info_epp(self):
+        """Prints registry data for this domains security, registrant, technical, and administrative contacts."""
+        logger.info(f"Contact info for {self}:")
+        logger.info("=====================")
+        contacts = [self.security_contact, self.registrant_contact, self.technical_contact, self.administrative_contact]
+        for contact in contacts:
+            if contact:
+                self.print_contact_info_epp(contact)
+
     def is_active(self) -> bool:
         """Currently just returns if the state is created,
         because then it should be live, theoretically.

From 27ca4b626602f1780ad703265eea09eb7a8257f8 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Fri, 21 Mar 2025 14:57:42 -0400
Subject: [PATCH 269/285] added data-labels to readonly rows

---
 src/registrar/templates/domain_dsdata.html | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 9abc7945b..63c335a74 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -145,8 +145,8 @@
                 
                 <!-- Readonly row -->
                 <tr class="view-only-row">
-                  <td>{{ form.key_tag.value }}</td>
-                  <td>
+                  <td data-label="Key tag">{{ form.key_tag.value }}</td>
+                  <td data-label="Algorithm">
                     <span class="ellipsis ellipsis--15">
                       {% for value, label in form.algorithm.field.choices %}
                         {% if value|stringformat:"s" == form.algorithm.value|stringformat:"s" %}
@@ -155,17 +155,17 @@
                       {% endfor %}
                     </span>
                   </td>
-                  <td>
+                  <td data-label="Digest type">
                     {% for value, label in form.digest_type.field.choices %}
                       {% if value|stringformat:"s" == form.digest_type.value|stringformat:"s" %}
                         {{ label }}
                       {% endif %}
                     {% endfor %}
                   </td>
-                  <td>
+                  <td data-label="Digest">
                     <span class="ellipsis ellipsis--23">{{ form.digest.value }}</span>
                   </td>
-                  <td class="padding-right-0">
+                  <td class="padding-right-0" data-label="Action">
                     <div class="tablet:display-flex tablet:flex-row">
                       <button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 dsdata-edit'>
                         <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">

From 54da6431326dc476b077b2c4b6445dae4149861c Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Fri, 21 Mar 2025 15:56:45 -0400
Subject: [PATCH 270/285] table accessibility

---
 src/registrar/templates/domain_nameservers.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/registrar/templates/domain_nameservers.html b/src/registrar/templates/domain_nameservers.html
index 02646ae64..acd73cc3b 100644
--- a/src/registrar/templates/domain_nameservers.html
+++ b/src/registrar/templates/domain_nameservers.html
@@ -121,7 +121,7 @@
 
 
       <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="nameserver-table">
-        <caption class="sr-only">Your registered domains</caption>
+        <caption class="sr-only">Your Name server records</caption>
         <thead>
           <tr>
             <th scope="col" role="columnheader">Name servers</th>
@@ -141,8 +141,8 @@
               {{ form.domain }}
               <!-- Readonly row -->
               <tr>
-                <td colspan="2" aria-colspan="2">{{ form.server.value }} {% if form.ip.value %}({{ form.ip.value }}){% endif %}</td>
-                <td class="padding-right-0">
+                <td colspan="2" aria-colspan="2" data-label="Name server (IP address)">{{ form.server.value }} {% if form.ip.value %}({{ form.ip.value }}){% endif %}</td>
+                <td class="padding-right-0" data-label="Action">
                   <div class="tablet:display-flex tablet:flex-row">
                     <button type="button" class='usa-button usa-button--unstyled margin-right-2 margin-top-0 nameserver-edit'>
                       <svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24">
@@ -206,7 +206,7 @@
                     {% input_with_errors form.ip %}
                   {% endwith %}
                 </td>
-                <td class="padding-right-0 text-bottom">
+                <td class="padding-right-0 text-bottom" data-label="Action">
                     <button class="usa-button usa-button--unstyled display-block margin-top-1" type="submit">Save</button>
                     
                     <button

From 636b6a72156ec4fc97ec384f13e5367d8797a9be Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Fri, 21 Mar 2025 13:57:39 -0600
Subject: [PATCH 271/285] include epplib

---
 src/Pipfile.lock     | 56 ++++++++++++++++++++++----------------------
 src/requirements.txt |  8 +++----
 2 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/src/Pipfile.lock b/src/Pipfile.lock
index fe5a51fbb..914a217d0 100644
--- a/src/Pipfile.lock
+++ b/src/Pipfile.lock
@@ -32,20 +32,20 @@
         },
         "boto3": {
             "hashes": [
-                "sha256:7ba243b8f9e11ea8856b1875293f1d43f3aa04960d823f2016cb624f47d45048",
-                "sha256:c9e820b5c7363329951ca3429fa5d51137cbd9766e063d15f212ee407fff89e9"
+                "sha256:1545c943f36db41853cdfdb6ff09c4eda9220dd95bd2fae76fc73091603525d1",
+                "sha256:9b272268794172b0b8bb9fb1f3c470c3b6c0ffb92fbd4882465cc740e40fbdcd"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.8'",
-            "version": "==1.37.16"
+            "version": "==1.37.18"
         },
         "botocore": {
             "hashes": [
-                "sha256:26bdf95d5448682bdb05ff4b15b007f977d027c0d791482b43e69f098e609978",
-                "sha256:d74d04830ead12933a96dc407175ae98b32a5dd0059d7d2b28fc7aa4ed9d3b48"
+                "sha256:99e8eefd5df6347ead15df07ce55f4e62a51ea7b54de1127522a08597923b726",
+                "sha256:a8b97d217d82b3c4f6bcc906e264df7ebb51e2c6a62b3548a97cd173fb8759a1"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==1.37.16"
+            "version": "==1.37.18"
         },
         "cachetools": {
             "hashes": [
@@ -448,7 +448,7 @@
         },
         "fred-epplib": {
             "git": "https://github.com/cisagov/epplib.git",
-            "ref": "d56d183f1664f34c40ca9716a3a9a345f0ef561c"
+            "ref": "9f0fd0e69665001767f15a034c9c0c919dab5cdd"
         },
         "furl": {
             "hashes": [
@@ -1165,11 +1165,11 @@
         },
         "setuptools": {
             "hashes": [
-                "sha256:81a234dff81a82bb52e522c8aef145d0dd4de1fd6de4d3b196d0f77dc2fded26",
-                "sha256:a1246a1b4178c66d7cf50c9fc6d530fac3f89bc284cf803c7fa878c41b1a03b2"
+                "sha256:583b361c8da8de57403743e756609670de6fb2345920e36dc5c2d914c319c945",
+                "sha256:67122e78221da5cf550ddd04cf8742c8fe12094483749a792d56cd669d6cf58c"
             ],
             "markers": "python_version >= '3.9'",
-            "version": "==77.0.1"
+            "version": "==77.0.3"
         },
         "six": {
             "hashes": [
@@ -1355,12 +1355,12 @@
         },
         "boto3": {
             "hashes": [
-                "sha256:7ba243b8f9e11ea8856b1875293f1d43f3aa04960d823f2016cb624f47d45048",
-                "sha256:c9e820b5c7363329951ca3429fa5d51137cbd9766e063d15f212ee407fff89e9"
+                "sha256:1545c943f36db41853cdfdb6ff09c4eda9220dd95bd2fae76fc73091603525d1",
+                "sha256:9b272268794172b0b8bb9fb1f3c470c3b6c0ffb92fbd4882465cc740e40fbdcd"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.8'",
-            "version": "==1.37.16"
+            "version": "==1.37.18"
         },
         "boto3-mocking": {
             "hashes": [
@@ -1373,28 +1373,28 @@
         },
         "boto3-stubs": {
             "hashes": [
-                "sha256:1d6332ab6e27c6b3607e15969945482c05852f4674610a6d078d3cf8aff2d784",
-                "sha256:d720dd12bf0fbd0ab9184ed8d289137f29cd329a7ae33aaa668b4bc7f99da405"
+                "sha256:30ecf8dfaa848469f55279e41248ff46b1ecf5e2ee7b3b292e3ec39332e2f90e",
+                "sha256:db866104d3b9bea63c4769255759ad5c61bc5e5591cea0b692df4c08082a841e"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.8'",
-            "version": "==1.37.16"
+            "version": "==1.37.18"
         },
         "botocore": {
             "hashes": [
-                "sha256:26bdf95d5448682bdb05ff4b15b007f977d027c0d791482b43e69f098e609978",
-                "sha256:d74d04830ead12933a96dc407175ae98b32a5dd0059d7d2b28fc7aa4ed9d3b48"
+                "sha256:99e8eefd5df6347ead15df07ce55f4e62a51ea7b54de1127522a08597923b726",
+                "sha256:a8b97d217d82b3c4f6bcc906e264df7ebb51e2c6a62b3548a97cd173fb8759a1"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==1.37.16"
+            "version": "==1.37.18"
         },
         "botocore-stubs": {
             "hashes": [
-                "sha256:33973ee0e54ad5bf9f8560b2c36fc532b98540af6b9d4a57ffce5ae62a743a2a",
-                "sha256:532376611ae0c49488b7bdac3674da9ac0de9a6c65198432790b11da41502caf"
+                "sha256:b9c3a1e8fb57fb70b49aa5380cabefab32ec028d8a1d8f5ac83dd836c5b429a8",
+                "sha256:c6cb18979a86db311a365448b67e4a492a530c3f4fb313432d41deaee6268b95"
             ],
             "markers": "python_version >= '3.8'",
-            "version": "==1.37.16"
+            "version": "==1.37.17"
         },
         "click": {
             "hashes": [
@@ -1415,12 +1415,12 @@
         },
         "django-debug-toolbar": {
             "hashes": [
-                "sha256:296f6f18a80710e84fbb8361538ae5ec522a75ebe9ab67db34bcf1026cbeb420",
-                "sha256:7456cc2e951db37dab335686db7803c4a0ecb6736d120705f6668db9548bf49f"
+                "sha256:8a3b9da4aeab8d384a366e20304bd939a451f0242523c5b7b402248ad474eed2",
+                "sha256:c0591e338ee9603bdfce5aebf8d18ca7341fdbb69595e2b0b34869be5857180e"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.9'",
-            "version": "==5.0.1"
+            "version": "==5.1.0"
         },
         "django-model2puml": {
             "hashes": [
@@ -1691,11 +1691,11 @@
         },
         "setuptools": {
             "hashes": [
-                "sha256:81a234dff81a82bb52e522c8aef145d0dd4de1fd6de4d3b196d0f77dc2fded26",
-                "sha256:a1246a1b4178c66d7cf50c9fc6d530fac3f89bc284cf803c7fa878c41b1a03b2"
+                "sha256:583b361c8da8de57403743e756609670de6fb2345920e36dc5c2d914c319c945",
+                "sha256:67122e78221da5cf550ddd04cf8742c8fe12094483749a792d56cd669d6cf58c"
             ],
             "markers": "python_version >= '3.9'",
-            "version": "==77.0.1"
+            "version": "==77.0.3"
         },
         "six": {
             "hashes": [
diff --git a/src/requirements.txt b/src/requirements.txt
index e3ef63e4e..8518f6655 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -1,8 +1,8 @@
 -i https://pypi.python.org/simple
 annotated-types==0.7.0; python_version >= '3.8'
 asgiref==3.8.1; python_version >= '3.8'
-boto3==1.37.16; python_version >= '3.8'
-botocore==1.37.16; python_version >= '3.8'
+boto3==1.37.18; python_version >= '3.8'
+botocore==1.37.18; python_version >= '3.8'
 cachetools==5.5.2; python_version >= '3.7'
 certifi==2025.1.31; python_version >= '3.6'
 cfenv==0.5.3
@@ -28,7 +28,7 @@ django-waffle==4.2.0; python_version >= '3.8'
 django-widget-tweaks==1.5.0; python_version >= '3.8'
 environs[django]==14.1.1; python_version >= '3.9'
 faker==37.0.2; python_version >= '3.9'
-fred-epplib @ git+https://github.com/cisagov/epplib.git@d56d183f1664f34c40ca9716a3a9a345f0ef561c
+fred-epplib @ git+https://github.com/cisagov/epplib.git@9f0fd0e69665001767f15a034c9c0c919dab5cdd
 furl==2.1.4
 future==1.0.0; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'
 gevent==24.11.1; python_version >= '3.9'
@@ -56,7 +56,7 @@ python-dotenv==1.0.1; python_version >= '3.8'
 pyzipper==0.3.6; python_version >= '3.4'
 requests==2.32.3; python_version >= '3.8'
 s3transfer==0.11.4; python_version >= '3.8'
-setuptools==77.0.1; python_version >= '3.9'
+setuptools==77.0.3; python_version >= '3.9'
 six==1.17.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'
 sqlparse==0.5.3; python_version >= '3.8'
 tablib==3.8.0; python_version >= '3.9'

From 4995d28f1c6118f665a8980c3e6b40d1153e70c6 Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Fri, 21 Mar 2025 16:03:01 -0400
Subject: [PATCH 272/285] error messaging for key tags

---
 src/registrar/templates/domain_dsdata.html | 11 ++++++-----
 src/registrar/utility/errors.py            |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 63c335a74..c357a1000 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -125,6 +125,7 @@
 
       <div class="usa-table-container--scrollable usa-table-container--override-overflow usa-table-container--override-scrollable padding-top-5 margin-top-0" tabindex="0">
         <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked dotgov-table--cell-padding-1-1-2px-0" id="dsdata-table">
+          <caption class="sr-only">Your DS data records</caption>
           <thead>
             <tr>
               <th scope="col" role="columnheader" class="text-bottom">Key tag</th>
@@ -216,24 +217,24 @@
                 </tr>
                 <!-- Edit row -->
                 <tr class="edit-row display-none">
-                  <td class="text-bottom" data-label="Key tag">
-                    {% with sublabel_text="Numbers (0-9) only." %}
+                  <td class="text-bottom">
+                    {% with sublabel_text="(1-65534)." %}
                       {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.key_tag %}
                       {% endwith %}
                     {% endwith %}
                   </td>
-                  <td class="text-bottom" data-label="Algorithm">
+                  <td class="text-bottom">
                     {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.algorithm %}
                       {% endwith %}
                   </td>
-                  <td class="text-bottom" data-label="Digest type">
+                  <td class="text-bottom">
                     {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.digest_type %}
                       {% endwith %}
                   </td>
-                  <td class="text-bottom" data-label="Digest">
+                  <td class="text-bottom">
                     {% with sublabel_text="Numbers (0-9) and letters (a-f) only. SHA-1: 40 chars, SHA-256: 64 chars." %}
                       {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.digest %}
diff --git a/src/registrar/utility/errors.py b/src/registrar/utility/errors.py
index dac730705..52fac1785 100644
--- a/src/registrar/utility/errors.py
+++ b/src/registrar/utility/errors.py
@@ -262,7 +262,7 @@ class DsDataError(Exception):
         DsDataErrorCodes.INVALID_DIGEST_SHA1: ("SHA-1 digest must be exactly 40 characters."),
         DsDataErrorCodes.INVALID_DIGEST_SHA256: ("SHA-256 digest must be exactly 64 characters."),
         DsDataErrorCodes.INVALID_DIGEST_CHARS: ("Digest must contain only alphanumeric characters (0-9, a-f)."),
-        DsDataErrorCodes.INVALID_KEYTAG_SIZE: ("Key tag must be greater than 0 and less than 65535."),
+        DsDataErrorCodes.INVALID_KEYTAG_SIZE: ("Enter a number between 1 and 65534."),
         DsDataErrorCodes.INVALID_KEYTAG_CHARS: ("Key tag must be numeric (0-9)."),
     }
 

From ec10d3c74627810ae2b6e2dd76ed222af3ca2de2 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 24 Mar 2025 08:33:45 -0400
Subject: [PATCH 273/285] updated number range for key tag

---
 src/registrar/templates/domain_dsdata.html | 2 +-
 src/registrar/utility/errors.py            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index c357a1000..822f757e5 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -218,7 +218,7 @@
                 <!-- Edit row -->
                 <tr class="edit-row display-none">
                   <td class="text-bottom">
-                    {% with sublabel_text="(1-65534)." %}
+                    {% with sublabel_text="(0-65535)." %}
                       {% with attr_required=True add_initial_value_attr=True add_group_class="usa-form-group--unstyled-error margin-top-0" use_small_sublabel_text=True inline_error_class="font-body-xs" %}
                         {% input_with_errors form.key_tag %}
                       {% endwith %}
diff --git a/src/registrar/utility/errors.py b/src/registrar/utility/errors.py
index 52fac1785..1e5e9562a 100644
--- a/src/registrar/utility/errors.py
+++ b/src/registrar/utility/errors.py
@@ -262,7 +262,7 @@ class DsDataError(Exception):
         DsDataErrorCodes.INVALID_DIGEST_SHA1: ("SHA-1 digest must be exactly 40 characters."),
         DsDataErrorCodes.INVALID_DIGEST_SHA256: ("SHA-256 digest must be exactly 64 characters."),
         DsDataErrorCodes.INVALID_DIGEST_CHARS: ("Digest must contain only alphanumeric characters (0-9, a-f)."),
-        DsDataErrorCodes.INVALID_KEYTAG_SIZE: ("Enter a number between 1 and 65534."),
+        DsDataErrorCodes.INVALID_KEYTAG_SIZE: ("Enter a number between 0 and 65535."),
         DsDataErrorCodes.INVALID_KEYTAG_CHARS: ("Key tag must be numeric (0-9)."),
     }
 

From 94471cc15a0c1270b03af07ab255eef9d929e1c5 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 24 Mar 2025 08:43:47 -0400
Subject: [PATCH 274/285] set a maximum number of ds data records

---
 src/registrar/assets/src/js/getgov/form-dsdata.js | 2 ++
 src/registrar/forms/domain.py                     | 1 +
 2 files changed, 3 insertions(+)

diff --git a/src/registrar/assets/src/js/getgov/form-dsdata.js b/src/registrar/assets/src/js/getgov/form-dsdata.js
index 797885406..6d05dfa9b 100644
--- a/src/registrar/assets/src/js/getgov/form-dsdata.js
+++ b/src/registrar/assets/src/js/getgov/form-dsdata.js
@@ -178,6 +178,8 @@ export class DSDataForm {
                 if (keyTagInput) {
                     keyTagInput.focus();
                 }
+            } else {
+                this.addAlert("error", "You’ve reached the maximum amount of DS Data records (8). To add another record, you’ll need to delete one of your saved records.");
             }
         };
         if (this.formChanged) {
diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
index cc73f9e3d..d4315e005 100644
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@@ -743,6 +743,7 @@ DomainDsdataFormset = formset_factory(
     DomainDsdataForm,
     formset=BaseDsdataFormset,
     extra=1,
+    max_num=8,
     can_delete=True,
 )
 

From 7fdf0798635829464d2654b9eeb9c09b0f6abcae Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 24 Mar 2025 08:54:23 -0400
Subject: [PATCH 275/285] updated template enforcing maximum number of ds data
 records

---
 src/registrar/templates/domain_dsdata.html | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 822f757e5..fd3cf3a9a 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -68,9 +68,13 @@
       {{ formset.management_form }}
 
       {% for form in formset %}
-        {% if forloop.last %}
+        {% if forloop.last and not form.initial %}
 
-          {% comment %}This section renders the Add DS data form.{% endcomment %}
+          {% comment %}
+          This section renders the Add DS data form.
+          This section does not render if the last form has initial data (this occurs if 8 DS data records already exist)
+          {% endcomment %}
+          
           <section class="add-dsdata-form display-none section-outlined section-outlined--extra-padding">
             <h2 class="margin-top-0">Add DS record</h2>
             <div class="repeatable-form">

From 7ad442e7a73448951587686ad07e5eec31216b23 Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Mon, 24 Mar 2025 13:18:47 -0400
Subject: [PATCH 276/285] content update for 8 ds data records

---
 src/registrar/templates/domain_dsdata.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index fd3cf3a9a..af8f96da0 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -48,7 +48,7 @@
 
   <p>In order to enable DNSSEC, you must first configure it with your DNS provider.</p>
 
-  <p>Click “Add DS data” and enter the values given by your DNS provider for DS (Delegation Signer) data.</p>
+  <p>Click “Add DS data” and enter the values given by your DNS provider for DS (Delegation Signer) data. You can add a maximum of 8 DS records.</p>
 
   {% comment %}
   This template supports the rendering of three different DS data forms, conditionally displayed:

From a6a82a7ac630a022efac6818a55f0de2b40f969a Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Mon, 24 Mar 2025 17:26:17 -0400
Subject: [PATCH 277/285] Remove small padding override

---
 src/registrar/assets/src/sass/_theme/_tables.scss | 6 ------
 src/registrar/templates/domain_dsdata.html        | 2 +-
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/src/registrar/assets/src/sass/_theme/_tables.scss b/src/registrar/assets/src/sass/_theme/_tables.scss
index ec635b64e..a5d0dad55 100644
--- a/src/registrar/assets/src/sass/_theme/_tables.scss
+++ b/src/registrar/assets/src/sass/_theme/_tables.scss
@@ -142,12 +142,6 @@ th {
   }
 }
 
-.dotgov-table--cell-padding-1-1-2px-0 {
-  td, th {
-    padding: units(1) units(1) units(2px) 0;
-  }
-}
-
 .usa-table--striped tbody tr:nth-child(odd) th,
 .usa-table--striped tbody tr:nth-child(odd) td {
   background-color: color('primary-lightest');
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index af8f96da0..0b0821034 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -128,7 +128,7 @@
       {% endfor %}
 
       <div class="usa-table-container--scrollable usa-table-container--override-overflow usa-table-container--override-scrollable padding-top-5 margin-top-0" tabindex="0">
-        <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked dotgov-table--cell-padding-1-1-2px-0" id="dsdata-table">
+        <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="dsdata-table">
           <caption class="sr-only">Your DS data records</caption>
           <thead>
             <tr>

From f04b1e382af79baf9e1048d6f185de3b55f849bc Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Mon, 24 Mar 2025 22:21:41 -0400
Subject: [PATCH 278/285] Put back reduced padding

---
 src/registrar/assets/src/sass/_theme/_tables.scss | 6 ++++++
 src/registrar/templates/domain_dsdata.html        | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/registrar/assets/src/sass/_theme/_tables.scss b/src/registrar/assets/src/sass/_theme/_tables.scss
index a5d0dad55..ec635b64e 100644
--- a/src/registrar/assets/src/sass/_theme/_tables.scss
+++ b/src/registrar/assets/src/sass/_theme/_tables.scss
@@ -142,6 +142,12 @@ th {
   }
 }
 
+.dotgov-table--cell-padding-1-1-2px-0 {
+  td, th {
+    padding: units(1) units(1) units(2px) 0;
+  }
+}
+
 .usa-table--striped tbody tr:nth-child(odd) th,
 .usa-table--striped tbody tr:nth-child(odd) td {
   background-color: color('primary-lightest');
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index 0b0821034..af8f96da0 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -128,7 +128,7 @@
       {% endfor %}
 
       <div class="usa-table-container--scrollable usa-table-container--override-overflow usa-table-container--override-scrollable padding-top-5 margin-top-0" tabindex="0">
-        <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked" id="dsdata-table">
+        <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked dotgov-table--cell-padding-1-1-2px-0" id="dsdata-table">
           <caption class="sr-only">Your DS data records</caption>
           <thead>
             <tr>

From f39b390a5c9575922c0f436db7c629860ec60f4c Mon Sep 17 00:00:00 2001
From: Rachid Mrad <rachid.mrad@ecstech.com>
Date: Mon, 24 Mar 2025 22:29:07 -0400
Subject: [PATCH 279/285] Tweak padding

---
 src/registrar/assets/src/sass/_theme/_tables.scss | 8 +++++---
 src/registrar/templates/domain_dsdata.html        | 2 +-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/registrar/assets/src/sass/_theme/_tables.scss b/src/registrar/assets/src/sass/_theme/_tables.scss
index ec635b64e..3a5ad9739 100644
--- a/src/registrar/assets/src/sass/_theme/_tables.scss
+++ b/src/registrar/assets/src/sass/_theme/_tables.scss
@@ -142,9 +142,11 @@ th {
   }
 }
 
-.dotgov-table--cell-padding-1-1-2px-0 {
-  td, th {
-    padding: units(1) units(1) units(2px) 0;
+.dotgov-table--cell-padding-2-2-2-0 {
+  @include at-media(mobile-lg) {
+    td, th {
+      padding: units(2) units(2) units(2) 0;
+    }
   }
 }
 
diff --git a/src/registrar/templates/domain_dsdata.html b/src/registrar/templates/domain_dsdata.html
index af8f96da0..ceab937bc 100644
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@@ -128,7 +128,7 @@
       {% endfor %}
 
       <div class="usa-table-container--scrollable usa-table-container--override-overflow usa-table-container--override-scrollable padding-top-5 margin-top-0" tabindex="0">
-        <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked dotgov-table--cell-padding-1-1-2px-0" id="dsdata-table">
+        <table class="usa-table usa-table--borderless usa-table--stacked dotgov-table dotgov-table--stacked dotgov-table--cell-padding-2-2-2-0" id="dsdata-table">
           <caption class="sr-only">Your DS data records</caption>
           <thead>
             <tr>

From 85fe31c35ac84716ee300b7ad80c2784fca2452f Mon Sep 17 00:00:00 2001
From: David Kennedy <david.kennedy@associates.cisa.dhs.gov>
Date: Tue, 25 Mar 2025 08:16:48 -0400
Subject: [PATCH 280/285] fixed minor bug when updating a ds data record when 8
 records exist

---
 src/registrar/models/domain.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index abad9c9dc..2fecfa353 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -695,15 +695,15 @@ class Domain(TimeStampedModel, DomainHelper):
             added_record = "dsData" in _addDnssecdata and _addDnssecdata["dsData"] is not None
             deleted_record = "dsData" in _remDnssecdata and _remDnssecdata["dsData"] is not None
 
-            if added_record:
-                registry.send(addRequest, cleaned=True)
-                dsdata_change_log = f"{user_email} added a DS data record"
             if deleted_record:
                 registry.send(remRequest, cleaned=True)
+                dsdata_change_log = f"{user_email} deleted a DS data record"
+            if added_record:
+                registry.send(addRequest, cleaned=True)
                 if dsdata_change_log != "":  # if they add and remove a record at same time
                     dsdata_change_log = f"{user_email} added and deleted a DS data record"
                 else:
-                    dsdata_change_log = f"{user_email} deleted a DS data record"
+                    dsdata_change_log = f"{user_email} added a DS data record"
             if dsdata_change_log != "":
                 self.dsdata_last_change = dsdata_change_log
                 self.save()  # audit log will now record this as a change

From fefbf0e7550ab5692d17b3ab3c8cb87b797dc09f Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 25 Mar 2025 08:41:15 -0600
Subject: [PATCH 281/285] add disclose

---
 src/registrar/models/domain.py            |  4 ++--
 src/registrar/tests/test_models_domain.py | 14 ++++++++++----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/registrar/models/domain.py b/src/registrar/models/domain.py
index b054afb5b..39e5ae8f5 100644
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@@ -1703,14 +1703,14 @@ class Domain(TimeStampedModel, DomainHelper):
         # https://github.com/cisagov/epplib/blob/master/epplib/models/common.py#L32
         DF = epp.DiscloseField
         all_disclose_fields = {field for field in DF}
-        disclose_args = {"fields": all_disclose_fields, "flag": False, "types": {DF.ADDR: "loc"}}
+        disclose_args = {"fields": all_disclose_fields, "flag": False, "types": {DF.ADDR: "loc", DF.NAME: "loc"}}
 
         fields_to_remove = {DF.NOTIFY_EMAIL, DF.VAT, DF.IDENT}
         if contact.contact_type == contact.ContactTypeChoices.SECURITY:
             if contact.email not in DefaultEmail.get_all_emails():
                 fields_to_remove.add(DF.EMAIL)
         elif contact.contact_type == contact.ContactTypeChoices.ADMINISTRATIVE:
-            fields_to_remove.update({DF.EMAIL, DF.VOICE, DF.ADDR})
+            fields_to_remove.update({DF.NAME, DF.EMAIL, DF.VOICE, DF.ADDR})
 
         disclose_args["fields"].difference_update(fields_to_remove)  # type: ignore
 
diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index 5ca32140c..1d84c2fe8 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -1003,7 +1003,7 @@ class TestRegistrantContacts(MockEppLib):
                         expected_contact, disclose=False, disclose_fields=disclose_fields
                     )
                 elif expected_contact.contact_type == PublicContact.ContactTypeChoices.ADMINISTRATIVE:
-                    disclose_fields = self.all_disclose_fields - {"email", "voice", "addr"}
+                    disclose_fields = self.all_disclose_fields - {"name", "email", "voice", "addr"}
                     expectedCreateCommand = self._convertPublicContactToEpp(
                         expected_contact,
                         disclose=False,
@@ -1029,7 +1029,9 @@ class TestRegistrantContacts(MockEppLib):
             DF = common.DiscloseField
             expected_disclose = {
                 "auth_info": common.ContactAuthInfo(pw="2fooBAR123fooBaz"),
-                "disclose": common.Disclose(flag=False, fields=disclose_email_field, types={DF.ADDR: "loc"}),
+                "disclose": common.Disclose(
+                    flag=False, fields=disclose_email_field, types={DF.ADDR: "loc", DF.NAME: "loc"}
+                ),
                 "email": "help@get.gov",
                 "extensions": [],
                 "fax": None,
@@ -1054,7 +1056,9 @@ class TestRegistrantContacts(MockEppLib):
             # Separated for linter
             expected_not_disclose = {
                 "auth_info": common.ContactAuthInfo(pw="2fooBAR123fooBaz"),
-                "disclose": common.Disclose(flag=False, fields=disclose_email_field, types={DF.ADDR: "loc"}),
+                "disclose": common.Disclose(
+                    flag=False, fields=disclose_email_field, types={DF.ADDR: "loc", DF.NAME: "loc"}
+                ),
                 "email": "help@get.gov",
                 "extensions": [],
                 "fax": None,
@@ -1108,7 +1112,9 @@ class TestRegistrantContacts(MockEppLib):
 
         DF = common.DiscloseField
         # Create contact with empty fields list
-        result = self._convertPublicContactToEpp(dummy_contact, disclose=True, disclose_fields={DF.EMAIL})
+        result = self._convertPublicContactToEpp(
+            dummy_contact, disclose=True, disclose_fields={DF.ADDR: "loc", DF.NAME: "loc"}
+        )
 
         # Verify disclosure settings
         self.assertEqual(result.disclose.flag, True)

From 07f6cd917844d8a49019c703dec46448a3ca198a Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 25 Mar 2025 08:51:20 -0600
Subject: [PATCH 282/285] add to common

---
 src/registrar/tests/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/tests/common.py b/src/registrar/tests/common.py
index 504b2b46d..220dbb198 100644
--- a/src/registrar/tests/common.py
+++ b/src/registrar/tests/common.py
@@ -1974,7 +1974,7 @@ class MockEppLib(TestCase):
             disclose_fields = {field for field in DF} - fields
 
         if disclose_types is None:
-            disclose_types = {DF.ADDR: "loc"}
+            disclose_types = {DF.ADDR: "loc", DF.NAME: "loc"}
 
         di = common.Disclose(flag=disclose, fields=disclose_fields, types=disclose_types)
 

From 37f3d0f073647a2e41f9c0033fa83e5b5513938e Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 25 Mar 2025 08:59:25 -0600
Subject: [PATCH 283/285] Update test_models_domain.py

---
 src/registrar/tests/test_models_domain.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index 1d84c2fe8..0d3f5cb93 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -1008,7 +1008,7 @@ class TestRegistrantContacts(MockEppLib):
                         expected_contact,
                         disclose=False,
                         disclose_fields=disclose_fields,
-                        disclose_types={"addr": "loc"},
+                        disclose_types={"addr": "loc", "name": "loc"},
                     )
                 else:
                     expectedCreateCommand = self._convertPublicContactToEpp(
@@ -1119,7 +1119,7 @@ class TestRegistrantContacts(MockEppLib):
         # Verify disclosure settings
         self.assertEqual(result.disclose.flag, True)
         self.assertEqual(result.disclose.fields, {DF.EMAIL})
-        self.assertEqual(result.disclose.types, {DF.ADDR: "loc"})
+        self.assertEqual(result.disclose.types, {DF.ADDR: "loc", DF.NAME: "loc"})
 
     def test_not_disclosed_on_default_security_contact(self):
         """

From 0d1ab7ca387c4ddd5d059ce5788939b1fdc96bcf Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 25 Mar 2025 09:13:29 -0600
Subject: [PATCH 284/285] unit test typo

---
 src/registrar/tests/test_models_domain.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index 0d3f5cb93..3b054d206 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -1113,7 +1113,7 @@ class TestRegistrantContacts(MockEppLib):
         DF = common.DiscloseField
         # Create contact with empty fields list
         result = self._convertPublicContactToEpp(
-            dummy_contact, disclose=True, disclose_fields={DF.ADDR: "loc", DF.NAME: "loc"}
+            dummy_contact, disclose=True, disclose_fields={DF.EMAIL}
         )
 
         # Verify disclosure settings

From 687970faeab979772d60711314ea16ca90efc2fe Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Tue, 25 Mar 2025 09:22:32 -0600
Subject: [PATCH 285/285] linter

---
 src/registrar/tests/test_models_domain.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/registrar/tests/test_models_domain.py b/src/registrar/tests/test_models_domain.py
index 3b054d206..d3ec7b24e 100644
--- a/src/registrar/tests/test_models_domain.py
+++ b/src/registrar/tests/test_models_domain.py
@@ -1112,9 +1112,7 @@ class TestRegistrantContacts(MockEppLib):
 
         DF = common.DiscloseField
         # Create contact with empty fields list
-        result = self._convertPublicContactToEpp(
-            dummy_contact, disclose=True, disclose_fields={DF.EMAIL}
-        )
+        result = self._convertPublicContactToEpp(dummy_contact, disclose=True, disclose_fields={DF.EMAIL})
 
         # Verify disclosure settings
         self.assertEqual(result.disclose.flag, True)