Skip to content

[comp] Production Deploy#2332

Merged
Marfuen merged 7 commits intoreleasefrom
main
Mar 19, 2026
Merged

[comp] Production Deploy#2332
Marfuen merged 7 commits intoreleasefrom
main

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Mar 18, 2026

This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.

github-actions bot and others added 2 commits March 18, 2026 16:11
@github-actions
chore: merge release v3.9.0 back to main [skip ci]
2670554
@github-actions @Marfuen @claude
feat(people): add Agent Installed column and hide deactivated users b…
67041ab 
…y default (#2331)

Add a color-coded "Agent" column to the People table showing device agent
installation status (green dot for installed, red for not installed).
Platform admins and deactivated members show a dash. Deactivated users are
now hidden by default unless explicitly filtered. Migrates Laptop icon from
lucide-react to @trycompai/design-system/icons.

Co-authored-by: Mariano Fuentes <marfuen98@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@cursor
Copy link

cursor bot commented Mar 18, 2026
edited
Loading

PR Summary

Medium Risk
Changes employee sync semantics for Google Workspace by optionally restricting the user set via OU filtering, which can affect imports/deactivations. Vendor risk assessment extraction now enforces domain-scoped URLs and seeds crawl targets, which may reduce returned links but is low security risk.

Overview
Google Workspace employee sync can now be scoped to configured Organizational Units. The sync controller applies a new filterUsersByOrgUnits step (with tests) using target_org_units, and uses the OU-filtered population for subsequent include/exclude email filtering and deactivation domain calculations; the Google Workspace manifest exposes this variable for sync as well as checks.

Vendor risk assessment Firecrawl outputs are now constrained to the vendor’s domain. Added shared url-validation utilities (with tests) to extract the registrable domain, validate/normalize returned URLs, and filter out off-domain links; the agent prompt is tightened and crawling is anchored with seed URLs.

People UI tweaks. Adds a DEVICE column showing device agent installed status for members (and for invites/admins/inactive), changes the default status filter to hide deactivated users unless explicitly selected, and refactors the employee tasks list rendering for the all-complete state.

Minor: stops exporting the Trigger updatePolicyQueue symbol.

Written by Cursor Bugbot for commit e3a9867. This will update automatically on new commits. Configure here.

@vercel
Copy link

vercel bot commented Mar 18, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
app (staging) Ready Ready Preview, Comment Mar 18, 2026 6:33pm
comp-api-test Ready Ready Preview, Comment Mar 18, 2026 6:33pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
portal (staging) Skipped Skipped Mar 18, 2026 6:33pm

Request Review

@github-actions @Marfuen @claude
refactor(people): rename Agent column to Device (#2333)
4bbd2f0 
Co-authored-by: Mariano Fuentes <marfuen98@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel vercel bot temporarily deployed to staging – portal March 18, 2026 17:18 Inactive
@Marfuen @claude
fix(portal): show Company Forms section even when all tasks are compl…
5661cd6 
…eted (#2334)

The early return when allCompleted was true prevented Whistleblower Reports
and Access Requests from rendering. Changed to conditional render so
Company Forms always appears when enabled.

Closes CS-183

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel vercel bot temporarily deployed to staging – app March 18, 2026 17:28 Inactive
@github-actions @Marfuen @claude
fix(vendors): validate vendor research URLs belong to correct domain (#…
37a9813 
…2335)

Firecrawl agent was returning URLs from wrong domains (e.g., x.com
instead of wix.com). Added domain validation, seed URLs for common
legal/security paths, and prompt hardening to keep research on the
vendor's actual domain. Also fixes pre-existing TS2742 error in
update-policy.ts.

Co-authored-by: Mariano Fuentes <marfuen98@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel vercel bot temporarily deployed to staging – portal March 18, 2026 18:05 Inactive
@vercel vercel bot temporarily deployed to staging – app March 18, 2026 18:05 Inactive
Marfuen
Marfuen previously approved these changes Mar 18, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Mar 18, 2026
View reviewed changes
@github-actions @Marfuen @claude
fix(vendors): extract root domain from subdomain vendor websites (#2337)
8c6865b 
extractVendorDomain only stripped the www. prefix, so a vendor website
like https://app.slack.com yielded app.slack.com as the domain. This
caused validateVendorUrl to reject valid URLs on the parent domain
(slack.com/privacy) or sibling subdomains (trust.slack.com). Now uses
tldts to extract the root registrable domain correctly.

Co-authored-by: Mariano Fuentes <marfuen98@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@github-actions @Marfuen @claude
fix(integrations): filter GWS employee sync by organizational units (#…
e3a9867 
…2336)

Users in unselected OUs were being synced and reactivated because the
employee sync ignored the target_org_units setting. Now the same OU
filter used for security checks also applies to employee sync.

Co-authored-by: Mariano Fuentes <marfuen98@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel vercel bot temporarily deployed to staging – portal March 18, 2026 18:31 Inactive
cursor[bot]
cursor bot reviewed Mar 18, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

@Marfuen Marfuen merged commit 88d76ed into release Mar 19, 2026
14 checks passed
@claudfuen
Copy link
Contributor

claudfuen commented Mar 19, 2026

🎉 This PR is included in version 3.10.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@Marfuen Marfuen Marfuen approved these changes

Assignees

No one assigned

Labels

automated-pr prod-deploy released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@claudfuen @Marfuen