Conversation
[dev] [Marfuen] mariano/cs-261-review-policy-approval
|
The latest updates on your projects. Learn more about Vercel for GitHub.
2 Skipped Deployments
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
1 issue found across 7 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/api/src/policies/policies.service.ts">
<violation number="1" location="apps/api/src/policies/policies.service.ts:1032">
P2: The stale-state cleanup clears `approverId` without verifying the caller is the assigned approver. Any org member with policy permissions can clear someone else's approval assignment by calling this endpoint when the policy is in a stale state. Add a check that `dto.approverId === policy.approverId` before clearing.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.
* feat(vercel): add project filter variables and parser helper * feat(vercel): honour project filter in App Availability check * fix(vercel): skip filter pass when project list is empty * feat(vercel): honour project filter in Monitoring & Alerting check * fix(vercel): use scoped project count in monitoring evidence * fix(vercel): paginate project list + guard against empty filter scope Addresses cubic PR feedback: - /v9/projects is paginated; fetchOptions now loops using pagination.next - checks now fail with actionable remediation when the configured filter resolves to zero projects (stale ids, exclude-all) --------- Co-authored-by: Mariano Fuentes <marfuen98@gmail.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> Signed-off-by: Mariano Fuentes <marfuen98@gmail.com>
Contributor
|
🎉 This PR is included in version 3.26.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Contributor
There was a problem hiding this comment.
0 issues found across 1 file (changes from recent commits).
Requires human review: This PR contains significant changes to core business logic (policy approval flow) and security-sensitive validation (approver matching/impersonation), requiring human review.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.
Summary by cubic
Hardens the policy approval flow by clearing stale approvals, enforcing correct approver matching, and suppressing false “Pending approval” UI. Adds Vercel project scoping to App Availability and Monitoring checks with filter variables, evidence, empty-scope failure, and paginated project selection.
Bug Fixes
acceptChanges/denyChangesclear staleapproverIdwhenpendingVersionIdis missing;acceptChangeserrors with “Only the assigned approver…” on mismatched approver; approval setspublishedById(supports impersonation); denial restoresdraftorpublishedbased on history; version-delete helper also clearsapproverId.isPendingApprovalis true only when bothapproverIdandpendingVersionIdare set;PolicyAlertshides the notice for stale states.approverId, and Vercel project filter/check behavior.New Features
project_filter_modeandfiltered_projects; both App Availability and Monitoring checks honor include/exclude/all, emit a “Project filter applied” pass with evidence, and fail with remediation when the filter scopes to zero projects; skip the pass when no projects are returned.filtered_projectsnow paginates/v9/projectsto list all projects.Written for commit 91c6deb. Summary will update on new commits.