[dev] [Marfuen] mariano/compliance-timeline-feature#2488
[dev] [Marfuen] mariano/compliance-timeline-feature#2488github-actions[bot] wants to merge 110 commits intomainfrom
Conversation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… phase completion Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… lines each Extract lifecycle, phase editing, template management, and template resolution into separate files to comply with the max 300 lines per file rule. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…wagger cleanup - DTOs: activate-timeline, update-phase, create-template, create-phase-template, update-template, update-phase-template with class-validator decorators - Customer controller: GET /timelines, GET /timelines/:id, POST /timelines/:id/phases/:phaseId/ready with Slack webhook notification - Admin template controller: full CRUD for timeline templates and their phases - Admin org timelines controller: activate, pause, resume, phase CRUD, complete - TimelinesModule registered in AppModule with all services and controllers - Added @ApiExcludeController() to all 8 existing admin controllers Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ases on 100% tasks Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a compliance timeline section above the existing dashboard grid, showing stacked timeline cards with phase bars, status badges, and date summaries. Also updates the Timeline hook types to match the actual API response (DRAFT/ACTIVE/PAUSED/COMPLETED statuses). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a new admin page for managing timeline templates with CRUD operations. Includes a template list with phase bar previews and a sheet editor for creating/editing templates and their phases. Added sidebar navigation link. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a Timeline tab to the admin organization detail view showing all timelines for an org. Includes status badges, phase tables, and action buttons for activating (with date picker), pausing, resuming, and editing individual phases via a sheet editor. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…sk completion data Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… date Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…PLETED) in admin components
…aser Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| data: { status: 'IN_PROGRESS', completedAt: null, completedById: null }, | ||
| }); | ||
| needsRefetch = true; | ||
| } |
There was a problem hiding this comment.
Read endpoint mutates phase status causing data corruption
High Severity
The findAllForOrganization method (called by GET /timelines) performs database writes during a read operation. When a completed phase's metric drops below 100%, it reverts the phase to IN_PROGRESS but bypasses TimelinesLifecycleService.completePhase logic — it doesn't check if the timeline itself is COMPLETED, doesn't update the timeline status back from COMPLETED, and doesn't re-advance subsequent phases. This can leave a COMPLETED timeline with an IN_PROGRESS phase, creating an inconsistent state. Every time a customer lists their timelines, phases may flip-flop between completed and in-progress.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 31dbc40. Configure here.
…t for past cycles
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
There are 4 total unresolved issues (including 1 from previous review).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 3aced7e. Configure here.
| } | ||
|
|
||
| return timelines; | ||
| } |
There was a problem hiding this comment.
Read endpoint performs writes causing side effects
Medium Severity
findAllForOrganization is called from a GET endpoint but performs database writes (backfilling timelines via ensureTimelinesExist, completing phases, reverting phases). This violates the principle that read operations are idempotent. Concurrent GET requests can race on phase status updates, and each call triggers getOverviewScores (an expensive multi-query operation) plus potential completePhase calls with Slack notifications — all on every list request.
Reviewed by Cursor Bugbot for commit 3aced7e. Configure here.
| organizationId, | ||
| timelinesService: this.timelinesService, | ||
| }).catch(() => {}); | ||
| } |
There was a problem hiding this comment.
Auto-complete not triggered for not_relevant task status
Medium Severity
checkAutoCompletePhases in frameworks-timeline.helper.ts considers tasks with status done OR not_relevant as completed when evaluating whether all tasks are finished. However, the trigger in tasks.service.ts only calls checkAutoCompletePhases when status === TaskStatus.done, not when tasks are set to not_relevant. If the last remaining incomplete task is marked not_relevant, the auto-completion check never fires and the timeline phase stays IN_PROGRESS indefinitely.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 3aced7e. Configure here.
|
|
||
| const logger = new Logger('TimelinesSlack'); | ||
|
|
||
| const WEBHOOK_URL = process.env.SLACK_CX_WEBHOOK_URL; |
There was a problem hiding this comment.
Slack webhook URL captured at module load time
Low Severity
WEBHOOK_URL is read from process.env.SLACK_CX_WEBHOOK_URL at module load time as a top-level constant. According to main.ts, .env files are loaded manually before NestJS starts, but if the module is imported before env loading completes (or the env var is set dynamically), the value will be permanently undefined and all Slack notifications will silently fail for the lifetime of the process.
Reviewed by Cursor Bugbot for commit 3aced7e. Configure here.
1 participant
This is an automated pull request to merge mariano/compliance-timeline-feature into dev.
It was created by the [Auto Pull Request] action.