Conversation
…hecks too, not just sync
fix(google-workspace): clarify email filter variable labels apply to sync and checks
PR SummaryMedium Risk Overview Fixes a multi-org portal access edge case. Adds an org-scoped layout that ensures the session’s Includes a few targeted product/runtime tweaks. Evidence upload/validation now allows spreadsheet formats ( Reviewed by Cursor Bugbot for commit 4650bd9. Bugbot is set up for automated code reviews on this repo. Configure here. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Customers could only upload PDFs and images when submitting evidence. Added CSV, XLSX, and XLS support to the file type mapper and evidence form definitions (whistleblower-report, tabletop-exercise). Also added an optional spreadsheet upload field to the RBAC matrix form so users can upload their matrix as a file instead of entering rows manually. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…apper - Add matrixFile to rbacMatrixDataSchema with .refine() so the uploaded file isn't silently stripped by Zod - Make matrixRows optional when a companion file is uploaded (both in the Zod schema and the validateRequiredMatrixCells guard) - Add CSV/XLSX/XLS MIME mappings to the step 3 file uploader (four-step forms like tabletop-exercise) which was missed in the prior commit Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
[dev] [Marfuen] mariano/fix-task-reminder-role-notifications
…2468) Multi-org users hitting the portal would get 403s on training completion and other API calls because HybridAuthGuard resolves memberId from the session's activeOrganizationId — which was never updated when the user navigated to a different org in the portal. Adds setActiveOrganization to the portal auth module and a [orgId] layout that syncs the session before any child page renders, matching the pattern already used in the main app. Co-authored-by: Mariano Fuentes <marfuen98@gmail.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…lidation The default empty matrix row blocked Zod parsing before the refine could check for a file upload. Switch to superRefine with a lenient base schema that accepts empty strings, then validate non-empty rows strictly only when no file is present. Also fix description text that incorrectly referenced "rows above" when the file field renders first. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Iterate over the original matrixRows array instead of a filtered copy so error paths reference the correct row index in the form UI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…slack packages * chore(deps): update tiptap, lucide-react, electron and remove unused slack packages - @tiptap/*: 3.16.0 → 3.22.1 (all 18 packages aligned across ui, app, framework-editor) - lucide-react: 0.518-0.577 → 1.7.0 (no icon removals affect our usage) - electron: 35.7.5 → 39.8.4 (device-agent) - Remove @slack/bolt and @slack/web-api from integrations (zero imports in codebase) - Fix packages/db prisma.config.ts to load .env via dotenv/config (matches app/portal pattern) All apps build and typecheck successfully. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(deps): upgrade streamdown to v2 for lucide-react v1 compatibility streamdown v1 depends on lucide-react ^0.542.0 which conflicts with our upgrade to lucide-react 1.7.0. streamdown v2 dropped the lucide-react dependency entirely. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(ai-elements): fix Streamdown v2 dir prop type incompatibility Stop spreading CollapsibleContent HTML props onto Streamdown which expects dir: "auto" | "ltr" | "rtl" but receives dir: string from the HTML element props. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Mariano Fuentes <marfuen98@gmail.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| headers: requestHeaders, | ||
| body: { organizationId: orgId }, | ||
| }); | ||
| } |
There was a problem hiding this comment.
Silent failure of org switch renders children with wrong context
Medium Severity
The setActiveOrganization function silently swallows all errors in production, including network failures and non-OK API responses. This allows [orgId]/layout.tsx to render with a stale activeOrganizationId, leading to 403s or incorrect data from API calls, and making these issues undiagnosable without production logging.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit da7d2d0. Configure here.
…csv-xlsx fix(documents): allow CSV and Excel file uploads for evidence forms
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 68195a3. Configure here.
| ]; | ||
| } | ||
| if (trimmed === '.xls') | ||
| return ['application/vnd.ms-excel', []]; |
There was a problem hiding this comment.
Duplicated file-type MIME mapping logic across two locations
Low Severity
The new .csv, .xlsx, and .xls extension-to-MIME-type mapping blocks are copy-pasted identically at two separate locations within the same component. This extends an already-duplicated pattern (the existing PDF/PNG/JPG/TXT/SVG/VSDX mappings were also duplicated). Extracting this mapping into a shared helper function would reduce the risk of the two blocks drifting out of sync if future file types are added to only one location.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 68195a3. Configure here.
* feat(trigger): add org tags to all trigger job runs
Add `await tags.add([`org:${organizationId}`])` to all 25 trigger tasks
that receive an organizationId, making it easy to filter and identify
which organization a job was run for in the trigger.dev dashboard.
Scheduled/bulk tasks that iterate over all orgs are excluded since they
don't have a single organizationId.
Also updates the vendor extraction prompt to prefer company names over
product names (e.g. "Anthropic" not "Claude", "OpenAI" not "ChatGPT").
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(onboarding): prevent duplicate vendors when AI renames product to company
The AI now returns an original_name field alongside vendor_name so we
can track both "Claude" (user input) and "Anthropic" (canonical name)
in the dedup set. Without this, the fallback loop would re-add the
product name as a separate vendor.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…#2478) The lockfile was generated with bun 1.3.6 on Vercel but CI was running an older bun via unpinned setup-bun@v2, causing --frozen-lockfile to fail. Pin all trigger workflows to bun 1.3.4 and regenerate the lockfile locally to match. Co-authored-by: Mariano Fuentes <marfuen98@gmail.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(ci): pin bun version in trigger workflows and regenerate lockfile The lockfile was generated with bun 1.3.6 on Vercel but CI was running an older bun via unpinned setup-bun@v2, causing --frozen-lockfile to fail. Pin all trigger workflows to bun 1.3.4 and regenerate the lockfile locally to match. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(ci): update packageManager to bun 1.3.4 Aligns the pinned bun version with what CI and developers use, preventing lockfile format mismatches. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(deps): pin @browserbasehq/sdk to 2.6.0 The ^2.5.0/^2.6.0 range resolved to 2.10.0 on Vercel/Docker which has breaking API changes (fingerprint and projectId moved). Pin to 2.6.0 to prevent unexpected upgrades. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Mariano Fuentes <marfuen98@gmail.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
🎉 This PR is included in version 3.17.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
3 participants
This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.