[dev] [Marfuen] mariano/auto-publish-trust-portal#2964
Merged
Conversation
- Shared client-injected ensureTrustForOrganization (@trycompai/db/trust): idempotent, never rewrites an existing friendlyUrl, never republishes a drafted portal, P2002-safe. - Eager creation in both org-creation server actions (non-fatal so creation never breaks). - Integration tests for the helper (create / idempotent / no-rewrite / draft-safe / collision).
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
3 issues found across 5 files
Confidence score: 2/5
- There is a high-confidence runtime packaging risk in
packages/db/package.json: export fields point to./src/trust/ensure-friendly-url.tswhilesrc/is not shipped, which is likely to break consumers at runtime. - Both setup actions (
apps/app/src/app/(app)/setup/actions/create-organization-minimal.tsandapps/app/src/app/(app)/setup/actions/create-organization.ts) perform trust-portal mutations directly, bypassing the API RBAC/PermissionGuard boundary and creating a concrete authorization regression risk. - Given one severe runtime breakage risk (9/10) plus two medium-high security/authorization boundary issues (7/10), this is not yet a safe merge without fixes.
- Pay close attention to
packages/db/package.json,apps/app/src/app/(app)/setup/actions/create-organization-minimal.ts,apps/app/src/app/(app)/setup/actions/create-organization.ts- fix package exports to compiled output and route trust mutations through guarded API paths.
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/app/src/app/(app)/setup/actions/create-organization-minimal.ts">
<violation number="1" location="apps/app/src/app/(app)/setup/actions/create-organization-minimal.ts:101">
P1: This introduces direct trust-portal mutation in the app server action, bypassing API RBAC/PermissionGuard enforcement. Route this through an API endpoint/service guarded by permissions instead of calling DB trust helpers from `apps/app`.
(Based on your team's feedback about using RBAC permission checks through the API instead of app-side role gates.) [FEEDBACK_USED]</violation>
</file>
<file name="apps/app/src/app/(app)/setup/actions/create-organization.ts">
<violation number="1" location="apps/app/src/app/(app)/setup/actions/create-organization.ts:86">
P1: This new trust-portal mutation is performed directly in the app action (`ensureTrustForOrganization`) instead of via an API endpoint with RBAC guards, which bypasses the project’s authorization boundary.
(Based on your team's feedback about using RBAC permission checks instead of non-API authorization paths.) [FEEDBACK_USED]</violation>
</file>
<file name="packages/db/package.json">
<violation number="1" location="packages/db/package.json:35">
P0: Runtime export points to TypeScript source file instead of compiled JS output. The `import` and `default` fields reference `./src/trust/ensure-friendly-url.ts`, but `src/` is not included in the package's `files` array, and all other exports consistently use `./dist/*.js` for runtime resolution. This will break when the package is published to npm and when consumed by standard Node.js or bundler setups that cannot import `.ts` files from `node_modules`. Follow the established pattern: point `import` and `default` to the compiled `./dist/trust/ensure-friendly-url.js`.</violation>
</file>
Reply with feedback, questions, or to request a fix.
Fix all with cubic | Re-trigger cubic
| }, | ||
| "./trust": { | ||
| "types": "./src/trust/ensure-friendly-url.ts", | ||
| "import": "./src/trust/ensure-friendly-url.ts", |
Contributor
There was a problem hiding this comment.
P0: Runtime export points to TypeScript source file instead of compiled JS output. The import and default fields reference ./src/trust/ensure-friendly-url.ts, but src/ is not included in the package's files array, and all other exports consistently use ./dist/*.js for runtime resolution. This will break when the package is published to npm and when consumed by standard Node.js or bundler setups that cannot import .ts files from node_modules. Follow the established pattern: point import and default to the compiled ./dist/trust/ensure-friendly-url.js.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At packages/db/package.json, line 35:
<comment>Runtime export points to TypeScript source file instead of compiled JS output. The `import` and `default` fields reference `./src/trust/ensure-friendly-url.ts`, but `src/` is not included in the package's `files` array, and all other exports consistently use `./dist/*.js` for runtime resolution. This will break when the package is published to npm and when consumed by standard Node.js or bundler setups that cannot import `.ts` files from `node_modules`. Follow the established pattern: point `import` and `default` to the compiled `./dist/trust/ensure-friendly-url.js`.</comment>
<file context>
@@ -29,6 +29,11 @@
+ },
+ "./trust": {
+ "types": "./src/trust/ensure-friendly-url.ts",
+ "import": "./src/trust/ensure-friendly-url.ts",
+ "default": "./src/trust/ensure-friendly-url.ts"
}
</file context>
|
|
||
| // Ensure the trust portal exists for the reused org too (non-fatal). | ||
| try { | ||
| await ensureTrustForOrganization({ |
Contributor
There was a problem hiding this comment.
P1: This introduces direct trust-portal mutation in the app server action, bypassing API RBAC/PermissionGuard enforcement. Route this through an API endpoint/service guarded by permissions instead of calling DB trust helpers from apps/app.
(Based on your team's feedback about using RBAC permission checks through the API instead of app-side role gates.)
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/app/src/app/(app)/setup/actions/create-organization-minimal.ts, line 101:
<comment>This introduces direct trust-portal mutation in the app server action, bypassing API RBAC/PermissionGuard enforcement. Route this through an API endpoint/service guarded by permissions instead of calling DB trust helpers from `apps/app`.
(Based on your team's feedback about using RBAC permission checks through the API instead of app-side role gates.) </comment>
<file context>
@@ -95,6 +96,17 @@ export const createOrganizationMinimal = authActionClientWithoutOrg
+ // Ensure the trust portal exists for the reused org too (non-fatal).
+ try {
+ await ensureTrustForOrganization({
+ db,
+ organizationId: existingOrg.id,
</file context>
| // Auto-publish the trust portal so trust.inc/{slug} is live immediately, | ||
| // even while empty. Non-fatal: onboarding + job triggers must still run. | ||
| try { | ||
| await ensureTrustForOrganization({ |
Contributor
There was a problem hiding this comment.
P1: This new trust-portal mutation is performed directly in the app action (ensureTrustForOrganization) instead of via an API endpoint with RBAC guards, which bypasses the project’s authorization boundary.
(Based on your team's feedback about using RBAC permission checks instead of non-API authorization paths.)
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/app/src/app/(app)/setup/actions/create-organization.ts, line 86:
<comment>This new trust-portal mutation is performed directly in the app action (`ensureTrustForOrganization`) instead of via an API endpoint with RBAC guards, which bypasses the project’s authorization boundary.
(Based on your team's feedback about using RBAC permission checks instead of non-API authorization paths.) </comment>
<file context>
@@ -79,6 +80,18 @@ export const createOrganization = authActionClientWithoutOrg
+ // Auto-publish the trust portal so trust.inc/{slug} is live immediately,
+ // even while empty. Non-fatal: onboarding + job triggers must still run.
+ try {
+ await ensureTrustForOrganization({
+ db,
+ organizationId: orgId,
</file context>
Addresses cubic review on #2964: - Drop the @trycompai/db/trust helper + package export (P0: ran from .ts source). - Org-creation actions now warm GET /v1/trust-portal/settings after setActiveOrganization, which lazily creates a published Trust row (slug) through HybridAuthGuard + trust:read — no direct app-side db mutation (P1).
Contributor
|
@cubic-dev-ai please re-review this |
Contributor
@Marfuen I have started the AI code review. It will take a few minutes to complete. |
Contributor
There was a problem hiding this comment.
2 issues found across 2 files
Confidence score: 3/5
- There is a concrete error-handling gap in
apps/app/src/app/(app)/setup/actions/create-organization.ts:serverApi.getreturns{ error, status }instead of throwing, so non-2xx trust-portal publish failures can slip past thetry/catchwithout being logged or handled. - A similar pattern in
apps/app/src/app/(app)/setup/actions/create-organization-minimal.tsmeans failed publish attempts are also not surfaced, which increases regression risk in setup flows if downstream steps assume success. - Score is 3 because these are medium-severity, high-confidence findings with user-impact potential, but they appear targeted and should be straightforward to fix by checking returned error states explicitly.
- Pay close attention to
apps/app/src/app/(app)/setup/actions/create-organization.tsandapps/app/src/app/(app)/setup/actions/create-organization-minimal.ts- trust-portal publish failures are not currently detected via the existingtry/catchlogic.
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/app/src/app/(app)/setup/actions/create-organization-minimal.ts">
<violation number="1" location="apps/app/src/app/(app)/setup/actions/create-organization-minimal.ts:101">
P1: This introduces direct trust-portal mutation in the app server action, bypassing API RBAC/PermissionGuard enforcement. Route this through an API endpoint/service guarded by permissions instead of calling DB trust helpers from `apps/app`.
(Based on your team's feedback about using RBAC permission checks through the API instead of app-side role gates.) [FEEDBACK_USED]</violation>
</file>
<file name="apps/app/src/app/(app)/setup/actions/create-organization.ts">
<violation number="1" location="apps/app/src/app/(app)/setup/actions/create-organization.ts:86">
P1: This new trust-portal mutation is performed directly in the app action (`ensureTrustForOrganization`) instead of via an API endpoint with RBAC guards, which bypasses the project’s authorization boundary.
(Based on your team's feedback about using RBAC permission checks instead of non-API authorization paths.) [FEEDBACK_USED]</violation>
</file>
<file name="packages/db/package.json">
<violation number="1" location="packages/db/package.json:35">
P0: Runtime export points to TypeScript source file instead of compiled JS output. The `import` and `default` fields reference `./src/trust/ensure-friendly-url.ts`, but `src/` is not included in the package's `files` array, and all other exports consistently use `./dist/*.js` for runtime resolution. This will break when the package is published to npm and when consumed by standard Node.js or bundler setups that cannot import `.ts` files from `node_modules`. Follow the established pattern: point `import` and `default` to the compiled `./dist/trust/ensure-friendly-url.js`.</violation>
</file>
Reply with feedback, questions, or to request a fix.
Fix all with cubic | Re-trigger cubic
… field
Addresses cubic: serverApi.get returns { error } instead of throwing, so the
try/catch swallowed non-2xx failures. Check response.error explicitly (non-fatal).
Contributor
|
@cubic-dev-ai please re-review this |
Contributor
@Marfuen I have started the AI code review. It will take a few minutes to complete. |
Contributor
|
🎉 This PR is included in version 3.66.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to merge mariano/auto-publish-trust-portal into dev.
It was created by the [Auto Pull Request] action.