Skip to content

fix: address outstanding Codex review findings#21

Merged
BenKalsky merged 3 commits into
mainfrom
fix/codex-review-findings
Jul 2, 2026
Merged

fix: address outstanding Codex review findings#21
BenKalsky merged 3 commits into
mainfrom
fix/codex-review-findings

Conversation

@BenKalsky

Copy link
Copy Markdown
Member

Why

A sweep of all Codex review comments across the repo's PR history found four findings that were never addressed (the getpdf/promotion doc findings from #16 were already fixed in #18). Verified each against main before fixing.

Changes

Codex finding Fix
P1 (#1): empty urlencoded key (=x) crashes formToNestedObject with a TypeError Skip keys that yield no segments; hostile form input falls through to normal handling. Regression test with =x in the query string.
P1 (#1): redacting Upay_* erases the token isFailedStatus relies on, downgrading failures to sumit.trigger.unmapped Mask as Upay_[REDACTED] — the sensitive part is the code, not the processor name. The failure signal survives redaction; test covers an Upay-only failure.
P2 (#14): whitespace-only customer.id selects SearchMode: 1 while ID is stripped from the payload Derive SearchMode from the blank-stripped identifiers; test asserts fallback to ExternalIdentifier (mode 2).
P2 (#13): paid document types (Receipt, InvoiceAndReceipt) silently unsupported — builder never sends Payments Documented as out of scope in the README create-document section, pointing at the charge endpoints / SUMIT UI. Type-level Payments?: never[] already enforces it.

Also hardens the publish workflows (main-only ref guard; GitHub Packages installs resolve from npmjs) — Codex flagged these patterns on the sumit-react twins (#4, #7) and this repo shares them.

Verification

pnpm typecheck clean, pnpm test 32/32 (3 new regression tests), pnpm build green. One existing test expectation updated for the new Upay_[REDACTED] mask.

🤖 Generated with Claude Code

BenKalsky and others added 3 commits July 3, 2026 01:49
…Mode

Three fixes flagged by Codex review on earlier PRs (#1, #14):

- formToNestedObject: skip keys that yield no segments (e.g. `=x`) so
  hostile urlencoded input can't make webhook handlers throw.
- redactSensitiveText: mask processor codes as `Upay_[REDACTED]` so
  isFailedStatus still sees the processor failure signal; responses
  whose only failure indicator is an Upay_* code classify as
  payment.failed again instead of sumit.trigger.unmapped.
- buildCreateDocumentPayload: derive SearchMode from blank-stripped
  ids so a whitespace-only `id` can't select search-by-ID while ID is
  omitted from the payload.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The create-document builder never sends Payments rows, so Receipt and
InvoiceAndReceipt would be rejected or issued without the payment they
document (Codex finding on #13). Point those at the charge endpoints
or the SUMIT UI.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Only main may run the publish jobs (workflow_dispatch was
unrestricted), and the GitHub Packages workflow no longer points
installs at npm.pkg.github.com — the publish step configures that
registry and its auth itself. Mirrors Codex findings on the sumit-react
workflows, which share this shape.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@BenKalsky BenKalsky merged commit ee656fa into main Jul 2, 2026
5 checks passed
@BenKalsky BenKalsky deleted the fix/codex-review-findings branch July 2, 2026 22:55
@BenKalsky BenKalsky mentioned this pull request Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant