Skip to content

[dev] [Marfuen] mariano/fix-evidence-export-oom-streaming#2943

Open
github-actions[bot] wants to merge 2 commits into
mainfrom
mariano/fix-evidence-export-oom-streaming
Open

[dev] [Marfuen] mariano/fix-evidence-export-oom-streaming#2943
github-actions[bot] wants to merge 2 commits into
mainfrom
mariano/fix-evidence-export-oom-streaming

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented May 28, 2026
edited by cubic-dev-ai Bot
Loading

This is an automated pull request to merge mariano/fix-evidence-export-oom-streaming into dev.
It was created by the [Auto Pull Request] action.

Summary by cubic

Fixes OOM during org-wide evidence export by streaming runs in small batches and moving ZIP generation to a @trigger.dev/sdk background task. The API now returns a runId and publicAccessToken; the app shows live progress and auto-downloads when ready.

  • New Features

    • Stream automation runs with streamAutomationRuns; build PDFs/JSON from streams via generateAutomationPDFFromStream and buildAutomationJsonStream.
    • Add export-organization-evidence Trigger.dev task: generates ZIP, uploads to S3, and returns a presigned download URL with progress metadata.
    • Change auditor endpoint to POST /v1/evidence-export/all to trigger the background job instead of streaming ZIP from the API.
    • Update frontend: replace downloadAllEvidenceZip with triggerBulkEvidenceExport; use @trigger.dev/react-hooks useRealtimeRun for progress and auto-download.

  • Migration

    • Clients must switch from GET to POST /v1/evidence-export/all and handle { runId, publicAccessToken }, then track progress via Trigger.dev to retrieve the presigned URL.
    • Configure S3 env vars: APP_AWS_BUCKET_NAME, APP_AWS_REGION, APP_AWS_ACCESS_KEY_ID, APP_AWS_SECRET_ACCESS_KEY (optional APP_AWS_ENDPOINT).

Written for commit dd5a2f0. Summary will update on new commits.

Review in cubic

Marfuen and others added 2 commits May 27, 2026 13:45
@Marfuen @claude
fix(evidence-export): stream runs through PDF/JSON generation to prev…
15b40aa 
…ent OOM

The previous OOM fix loaded automations one at a time but still accumulated
all runs for a single automation in memory. For orgs with large cloud security
check histories, a single automation's runs could exceed the 6GB heap limit.

Now uses async generators to stream run batches (50 at a time) through PDF
and JSON generation. Peak memory is bounded by one batch of runs + the jsPDF
document, regardless of total automation size.

- evidence-data-loader: add streamAutomationRuns async generator
- evidence-pdf-generator: extract renderRunToPDF, add generateAutomationPDFFromStream
- evidence-json-builder: add buildAutomationJsonStream using Readable.from()
- evidence-export.service: wire streaming into ZIP export path

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Marfuen @claude
feat(evidence-export): offload bulk export to Trigger.dev background …
dd5a2f0 
…task

The auditor bulk evidence export previously ran in the API process,
peaking at ~20% memory per request. Multiple concurrent exports could
OOM the container.

Now the heavy work (DB queries, PDF generation, ZIP creation) runs in
a Trigger.dev background task with its own memory. The API endpoint
triggers the task and returns a runId for progress tracking.

- Add export-organization-evidence Trigger.dev task (S3 upload + presigned URL)
- Change POST /v1/evidence-export/all to trigger background task
- Frontend uses useRealtimeRun for progress + auto-download on completion
- API process memory stays flat regardless of export size

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel Bot commented May 28, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
app Error Error May 28, 2026 3:30pm
comp-framework-editor Ready Ready Preview, Comment May 28, 2026 3:30pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
portal Skipped Skipped May 28, 2026 3:30pm

Request Review

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed May 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 11 files

Confidence score: 4/5

  • This PR is likely safe to merge, with a minor-to-moderate UX risk rather than a functional failure.
  • In apps/app/src/app/(app)/[orgId]/auditor/(overview)/components/ExportEvidenceButton.tsx, the sheet remains non-closable during export even though the UI text says it can be closed, which can confuse users and feel like the app is unresponsive.
  • The reported issue is mid-severity (5/10) but narrowly scoped to export-sheet interaction behavior, so overall merge risk appears limited.
  • Pay close attention to apps/app/src/app/(app)/[orgId]/auditor/(overview)/components/ExportEvidenceButton.tsx - allow onOpenChange during running exports to align behavior with the UI message.
Prompt for AI agents (unresolved issues) 

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/app/src/app/(app)/[orgId]/auditor/(overview)/components/ExportEvidenceButton.tsx">

<violation number="1" location="apps/app/src/app/(app)/[orgId]/auditor/(overview)/components/ExportEvidenceButton.tsx:90">
P2: The sheet cannot be closed while export is running, but the UI says it can be closed. Allow `onOpenChange` to update state during running exports.</violation>
</file>

Reply with feedback, questions, or to request a fix.

Fix all with cubic | Re-trigger cubic

Comment thread apps/app/src/app/(app)/[orgId]/auditor/(overview)/components/ExportEvidenceButton.tsx

<Sheet open={isOpen} onOpenChange={setIsOpen}>
<Sheet open={isOpen} onOpenChange={(open) => {
if (!isRunning) setIsOpen(open);
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot May 28, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: The sheet cannot be closed while export is running, but the UI says it can be closed. Allow onOpenChange to update state during running exports.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At apps/app/src/app/(app)/[orgId]/auditor/(overview)/components/ExportEvidenceButton.tsx, line 90:

<comment>The sheet cannot be closed while export is running, but the UI says it can be closed. Allow `onOpenChange` to update state during running exports.</comment>

<file context>
@@ -14,82 +14,202 @@ import {
 
-      <Sheet open={isOpen} onOpenChange={setIsOpen}>
+      <Sheet open={isOpen} onOpenChange={(open) => {
+        if (!isRunning) setIsOpen(open);
+      }}>
         <SheetContent>
</file context>
Suggested change
if (!isRunning) setIsOpen(open);
setIsOpen(open);
Fix with Cubic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

automated-pr

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Marfuen