[comp] Production Deploy #1949
[comp] Production Deploy #1949
Conversation
* feat: task assignment for vendor and records * refactor(auth): simplify role validation and update entity types * refactor(task): clean and fix bug * feat(task): add GetTaskItemStatsQueryDto for task item stats retrieval * chore: added focus mode for task, improved logic and cleaning up * feat(task): add task item attachment upload and activity logging * feat: add comments to task, notifications in email and in-appm clean code * feat: risk assesstment for vendors, fix some bugs * refactor(notifications): clean up NovuService fetch logic and error handling * feat(api): add INTERNAL_API_TOKEN to environment example * feat(env): add INTERNAL_API_TOKEN to environment configuration * chore(api): fix bugs * fix(api): update default framework ID from iso42001 to iso27001 * fix(api): correct entity route path for risk in comment notifier --------- Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryIntroduces task/evidence management with role-based access, notifications, and vendor automation; increases upload limits and adds trust portal FAQs.
Written by Cursor Bugbot for commit 77b6c21. This will update automatically on new commits. Configure here. |
|
|
Graphite Automations"Auto-assign PRs to Author" took an action on this PR • (12/23/25)1 reviewer was added to this PR based on Mariano Fuentes's automation. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| } else { | ||
| this.logger.log(`[MENTION DEBUG] No mentions found in description`); | ||
| } | ||
| } |
There was a problem hiding this comment.
Task update notifies all mentioned users repeatedly
The updateTaskItem function sends mention notifications to ALL mentioned users on every description update, rather than only newly mentioned users. The comments service correctly compares previous and current mentions using extractMentionedUserIds(existingComment.content) and filters with currentMentioned.filter((id) => !previousMentioned.has(id)). The task management service has access to existingTaskItem.description but doesn't use it for this comparison. This causes users to receive duplicate notifications every time a task description is edited, even for minor typo fixes.
| assigneeId: input.parsedInput.assigneeId, | ||
| organizationId: session.session.activeOrganizationId, | ||
| website: input.parsedInput.website, | ||
| organizationId: input.parsedInput.organizationId, |
There was a problem hiding this comment.
Web UI vendor creation misses risk assessment task
The vendors.service.ts was updated to trigger vendor-risk-assessment-task when creating vendors (which creates a TaskItem), but the web UI's create-vendor-action.ts server action creates vendors directly in the database without triggering this task. The researchVendorAction called by the form only takes a website URL without vendor context, so it cannot create the TaskItem. This means vendors created through the web UI won't receive automatic risk assessment TaskItems, while vendors created through the API will. The existence of backfill-vendor-risk-assessment-tasks.ts confirms the intent is for all vendors to have these tasks.
Additional Locations (1)
…1950) Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
| const parentRoutePath = taskItem?.entityType === 'vendor' ? 'vendors' : 'risk'; | ||
| const commentUrl = taskItem | ||
| ? `${appUrl}/${organizationId}/${parentRoutePath}/${taskItem.entityId}?taskItemId=${entityId}#task-items` | ||
| : ''; |
There was a problem hiding this comment.
Comment mention notifications broken for legacy Task entities
The comment mention notifier only handles CommentEntityType.task comments, but assumes entityId is always a TaskItem ID. However, comments.service.ts explicitly supports both TaskItem and legacy Task entities under this type (with backward compatibility comments). When a comment is made on a legacy Task (not TaskItem), db.taskItem.findUnique returns null, causing entityName to default to "Unknown Task" and commentUrl to be an empty string. The notification email will then display a broken "View Comment" button linking to nothing and show "copy and paste this URL:" with an empty link.
…ons (#1951) Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
| where: { | ||
| id: vendorId, | ||
| organizationId: session.session.activeOrganizationId, | ||
| organizationId, |
There was a problem hiding this comment.
Vendor page removed organization access validation from session
The getVendor and getAssignees functions were changed from validating session.session.activeOrganizationId to accepting organizationId directly from URL params without verifying the authenticated user has access to that organization. Previously the code checked if (!session || !session.session.activeOrganizationId), ensuring the user had an active org context. Now it only checks if (!session?.user?.id) and trusts the orgId URL param. This is inconsistent with the risk page which still uses session-based org validation. An authenticated user could potentially access vendor data from other organizations by manipulating the URL, unless there's middleware protection not visible in this diff.
Additional Locations (1)
…1954) Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
* feat(api): update firecrawl integration and enhance risk assessment task * feat(api): enhance news item processing in firecrawl agent --------- Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
…nd skeleton UI (#1956) Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
…#1957) Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
* feat: faq trust portal logic in trust setting * fix: change field name for faq, update UI * chore: update db package to canory version to check logic in stage * feat(trust): normalize FAQ order on save and update handling * feat(trust): create collision-safe temporary FAQ IDs and optimize dirty state handling * fix(trust): update FAQ prompt text for clarity --------- Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
* chore: update @trycompai/db package version to 1.3.20 * chore: update @trycompai/db package version to 1.3.20 --------- Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
|
🎉 This PR is included in version 1.72.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.