feat(meta-status): store metaBusinessId for reliable business verification

Add optional `metaBusinessId` field to Organization (schema + shared-types).
fetchMetaStatus now queries /{businessId}?fields=verification_status directly
when metaBusinessId is stored — bypasses WABA edge permission restrictions
that block test WABAs and certain system user token scopes.

Direct setup form gains a "Business ID Meta" input that saves via PUT /organizations/:id.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

apps/admin/src/pages/ClientsManagementView.tsx

@@ -57,7 +57,7 @@ export default function ClientsManagementView() {
     const [billingOrg, setBillingOrg] = useState<Organization | null>(null);
     const [metaStatuses, setMetaStatuses] = useState<Record<string, MetaStatus>>({});
     const [setupOrg, setSetupOrg] = useState<Organization | null>(null);
-    const [directSetup, setDirectSetup] = useState({ wabaId: '', accessToken: '', phoneNumberId: '' });
+    const [directSetup, setDirectSetup] = useState({ wabaId: '', metaBusinessId: '', accessToken: '', phoneNumberId: '' });
     const [isDirectSetupSaving, setIsDirectSetupSaving] = useState(false);
 
     const fetchMetaStatus = async (orgId: string, force = false) => {
@@ -99,9 +99,12 @@ export default function ClientsManagementView() {
                 ...(directSetup.accessToken && { accessToken: directSetup.accessToken }),
                 ...(directSetup.phoneNumberId && { phoneNumberId: directSetup.phoneNumberId }),
             }, token!);
+            if (directSetup.metaBusinessId) {
+                await api.put(`/v1/organizations/${setupOrg.id}`, { metaBusinessId: directSetup.metaBusinessId }, token!);
+            }
             toast.success('Configuration WhatsApp mise à jour !');
             setSetupOrg(null);
-            setDirectSetup({ wabaId: '', accessToken: '', phoneNumberId: '' });
+            setDirectSetup({ wabaId: '', metaBusinessId: '', accessToken: '', phoneNumberId: '' });
             await fetchClients();
             setTimeout(() => fetchMetaStatus(setupOrg.id, true), 1000);
         } catch (err: any) {
@@ -204,7 +207,7 @@ export default function ClientsManagementView() {
                                         <div className="h-10 w-px bg-slate-100"></div>
                                         {metaStatuses[client.id] && !metaStatuses[client.id].loading && !metaStatuses[client.id].configured ? (
                                             <button
-                                                onClick={() => { setSetupOrg(client); setDirectSetup({ wabaId: '', accessToken: '', phoneNumberId: client.phoneNumbers?.[0]?.id || '' }); }}
+                                                onClick={() => { setSetupOrg(client); setDirectSetup({ wabaId: '', metaBusinessId: '', accessToken: '', phoneNumberId: client.phoneNumbers?.[0]?.id || '' }); }}
                                                 className="flex items-center gap-2 bg-amber-500 text-white px-4 py-2 rounded-xl font-semibold hover:bg-amber-600 transition text-xs"
                                             >
                                                 <AlertTriangle className="w-3.5 h-3.5" /> Reconfigurer WhatsApp
@@ -484,6 +487,19 @@ export default function ClientsManagementView() {
                                         Trouvez-le sur <a href="https://business.facebook.com/wa/manage/home" target="_blank" rel="noreferrer" className="text-indigo-500 underline">business.facebook.com → WhatsApp Manager</a>
                                     </p>
                                 </div>
+                                <div>
+                                    <label className="block text-xs font-bold text-slate-500 mb-1">Business ID Meta <span className="text-slate-300">(optionnel — pour afficher la vérification)</span></label>
+                                    <input
+                                        type="text"
+                                        placeholder="ex: 25855038707486178"
+                                        value={directSetup.metaBusinessId}
+                                        onChange={e => setDirectSetup(s => ({ ...s, metaBusinessId: e.target.value }))}
+                                        className="w-full border border-slate-200 rounded-xl px-3 py-2.5 text-sm font-mono outline-none focus:ring-2 focus:ring-indigo-500/20 focus:border-indigo-400"
+                                    />
+                                    <p className="text-[10px] text-slate-400 mt-1">
+                                        Visible sur <a href="https://business.facebook.com/settings/info" target="_blank" rel="noreferrer" className="text-indigo-500 underline">business.facebook.com → Paramètres → Informations</a>
+                                    </p>
+                                </div>
                                 <div>
                                     <label className="block text-xs font-bold text-slate-500 mb-1">Token système <span className="text-slate-300">(optionnel — utilise le token env par défaut)</span></label>
                                     <input

apps/api/src/services/organization.ts

@@ -133,26 +133,44 @@ export async function fetchMetaStatus(organizationId: string, forceRefresh = fal
         logger.error({ err, organizationId }, '[META-STATUS] WABA fetch failed');
     }
 
-    // Call 2 — Business verification (optional, two attempts with different field paths)
+    // Call 2 — Business verification (optional, three attempts in priority order)
     let businessId: string | undefined;
     let businessName: string | undefined;
     let businessVerified: boolean | undefined;
 
-    // Attempt A: business edge (works on production WABAs with business_management scope)
-    try {
-        const bizRes = await fetch(
-            `https://graph.facebook.com/v19.0/${org.wabaId}?fields=business{id,name,verification_status}`,
-            { headers }
-        );
-        const bizData = await bizRes.json() as any;
-        if (!bizData.error && bizData.business) {
-            businessId = bizData.business.id;
-            businessName = bizData.business.name;
-            businessVerified = bizData.business.verification_status === 'verified';
-        }
-    } catch { /* non-fatal */ }
+    // Attempt A: stored metaBusinessId — most reliable, bypasses WABA edge permissions
+    if ((org as any).metaBusinessId) {
+        try {
+            const vRes = await fetch(
+                `https://graph.facebook.com/v19.0/${(org as any).metaBusinessId}?fields=name,verification_status`,
+                { headers }
+            );
+            const vData = await vRes.json() as any;
+            if (!vData.error) {
+                businessId = (org as any).metaBusinessId;
+                businessName = vData.name;
+                businessVerified = vData.verification_status === 'verified';
+            }
+        } catch { /* non-fatal */ }
+    }
+
+    // Attempt B: business edge on WABA (works on production WABAs with business_management scope)
+    if (businessId === undefined) {
+        try {
+            const bizRes = await fetch(
+                `https://graph.facebook.com/v19.0/${org.wabaId}?fields=business{id,name,verification_status}`,
+                { headers }
+            );
+            const bizData = await bizRes.json() as any;
+            if (!bizData.error && bizData.business) {
+                businessId = bizData.business.id;
+                businessName = bizData.business.name;
+                businessVerified = bizData.business.verification_status === 'verified';
+            }
+        } catch { /* non-fatal */ }
+    }
 
-    // Attempt B: on_behalf_of_business_info fallback (broader token compatibility)
+    // Attempt C: on_behalf_of_business_info fallback (broader token compatibility)
     if (businessId === undefined) {
         try {
             const obRes = await fetch(
@@ -163,7 +181,6 @@ export async function fetchMetaStatus(organizationId: string, forceRefresh = fal
             if (!obData.error && obData.on_behalf_of_business_info?.id) {
                 businessId = obData.on_behalf_of_business_info.id;
                 businessName = obData.on_behalf_of_business_info.name;
-                // Fetch verification status directly from the business node
                 const vRes = await fetch(
                     `https://graph.facebook.com/v19.0/${businessId}?fields=name,verification_status`,
                     { headers }

packages/database/prisma/schema.prisma

@@ -11,6 +11,7 @@ model Organization {
   id                 String                @id @default(uuid())
   name               String
   wabaId             String?               @unique
+  metaBusinessId     String?
   systemUserToken    String?
   createdAt          DateTime              @default(now())
   updatedAt          DateTime              @updatedAt

packages/shared-types/src/organization.ts

@@ -38,6 +38,7 @@ export const OrganizationSchema = z.object({
     webhookSecret: z.string().optional(),
     knowledgeBaseUrl: z.string().url().optional().or(z.literal('')),
     systemUserToken: z.string().optional(),
+    metaBusinessId: z.string().optional(),
     brandingData: z.any().optional(),
 });