Skip to content

fix: address cubic review findings on onboarding PR#2783

Merged
Marfuen merged 3 commits intomainfrom
mariano/cubic-fixes
May 7, 2026
Merged

fix: address cubic review findings on onboarding PR#2783
Marfuen merged 3 commits intomainfrom
mariano/cubic-fixes

Conversation

@Marfuen
Copy link
Copy Markdown
Contributor

@Marfuen Marfuen commented May 7, 2026
edited by cubic-dev-ai Bot
Loading

Summary

Fixes 4 issues from the Cubic review on #2778.

P1: Missing metadata.set('policies', true) (onboard-organization.ts)
The boolean was initialized to false but never flipped after policy fan-out.

P1: Log batchTriggerAndWait failures (generate-vendor-mitigation.ts, generate-risk-mitigation.ts)
Both fan-out tasks now capture batch results and log failed run IDs. No throw — individual tasks already retry 5 times.

P2: Strip {{#if}}/{{/if}} markers from mixed-content nodes (process-policy-template.ts)
Added stripMarkerText helper. When a node contains {{#if var}} alongside real text and the condition is true, the marker is now stripped before processing.

P2: Stale onboardingTriggerJobId locking publish button (frameworks-scores.helper.ts)
The API now returns null for onboardingTriggerJobId when triggerJobCompleted is true, preventing stale/completed job IDs from reaching ToDoOverview.

Issue #4 (gate polling by shouldSubscribeToRun) was already addressed in #2780.

Test plan

  • Typecheck passes
  • Policy metadata flag set correctly after fan-out
  • Failed mitigations logged with run IDs
  • Template markers stripped from mixed-content nodes
  • Completed onboarding jobs don't lock publish button

🤖 Generated with Claude Code

Summary by cubic

Fixes four onboarding issues from the Cubic review and adds comprehensive tests for the policy template processor. Sets the correct policy metadata, logs fan-out failures, cleans template artifacts without breaking nested conditionals, and avoids a stale job ID blocking publish.

  • Bug Fixes
    • Set metadata.set('policies', true) after policy fan-out.
    • Log failed run IDs from batchTriggerAndWait in risk/vendor mitigation tasks (no throw; retries already in place).
    • Strip {{#if}}/{{/if}} markers from mixed-content nodes in policy templates; remove only the first matching marker so nested conditionals remain intact.
    • Return null for onboardingTriggerJobId when triggerJobCompleted is true to prevent the publish button from staying locked.

Written for commit da742c9. Summary will update on new commits.

@Marfuen @claude
fix: address cubic review findings on onboarding PR
6e239b9 
P1: Add metadata.set('policies', true) after policy fan-out so the
    tracker boolean flag is set.
P1: Log batchTriggerAndWait failures in vendor/risk mitigation fan-outs
    instead of silently ignoring them.
P2: Strip {{#if}}/{{/if}} markers from mixed-content nodes so template
    syntax doesn't leak into rendered policies.
P2: Fix stale onboardingTriggerJobId locking publish button in
    ToDoOverview.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel Bot commented May 7, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
app Ready Ready Preview, Comment May 7, 2026 1:17pm
comp-framework-editor Ready Ready Preview, Comment May 7, 2026 1:17pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
portal Skipped Skipped May 7, 2026 1:17pm

Request Review

@vercel vercel Bot temporarily deployed to Preview – portal May 7, 2026 13:04 Inactive
cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 5 files

Confidence score: 3/5

  • There is a concrete regression risk in apps/app/src/trigger/tasks/onboarding/process-policy-template.ts: marker stripping currently removes all matching condition markers in a subtree, which can corrupt nested conditional block boundaries.
  • Given the issue severity (7/10) and confidence (7/10), this is more than a minor edge case and could produce user-visible template processing errors, so this carries some merge risk.
  • Pay close attention to apps/app/src/trigger/tasks/onboarding/process-policy-template.ts - nested conditional marker handling may be over-stripping and breaking block structure.
Prompt for AI agents (unresolved issues) 

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/app/src/trigger/tasks/onboarding/process-policy-template.ts">

<violation number="1" location="apps/app/src/trigger/tasks/onboarding/process-policy-template.ts:78">
P1: Marker stripping removes all matching condition markers in the subtree, which can corrupt nested conditional block boundaries.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.

Comment thread apps/app/src/trigger/tasks/onboarding/process-policy-template.ts
@Marfuen @claude
fix: strip only first marker occurrence to preserve nested conditionals
cf6115f 
The global regex flag in stripMarkerText would remove ALL matching
{{#if}}/{{/if}} markers in a subtree, corrupting boundaries of nested
conditional blocks. Removed the g flag so only the first occurrence
(the one that triggered the match) is stripped.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@vercel vercel Bot temporarily deployed to Preview – portal May 7, 2026 13:08 Inactive
@Marfuen @claude
test(onboarding): add comprehensive tests for policy template processor
da742c9 
Covers placeholder replacement, inline/multi-node/nested conditionals,
mixed content nodes, edge cases, buildVariables, buildFlags, processTemplate.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Marfuen Marfuen merged commit bd43e8a into main May 7, 2026
1 of 2 checks passed
@vercel vercel Bot temporarily deployed to Preview – portal May 7, 2026 13:14 Inactive
@Marfuen Marfuen deleted the mariano/cubic-fixes branch May 7, 2026 13:14
claudfuen pushed a commit that referenced this pull request May 7, 2026
@semantic-release-bot
chore(release): 3.45.0 [skip ci]
ad69bb2 
# [3.45.0](v3.44.2...v3.45.0) (2026-05-07)

### Bug Fixes

* address cubic review findings on onboarding PR ([#2783](#2783)) ([bd43e8a](bd43e8a))
* **onboarding:** handle zero-item steps in tracker ([#2785](#2785)) ([a196339](a196339))
* revert page-level hooks to useRealtimeRun to fix missing auth context ([#2780](#2780)) ([5a406f9](5a406f9))

### Features

* **frameworks:** remove is-framework-versioning-enabled feature flag ([#2781](#2781)) ([016f379](016f379))

### Performance Improvements

* **build:** skip TS in next build, reduce sentry upload, add CI typecheck ([#2782](#2782)) ([26e1667](26e1667))
* **onboarding:** optimize onboarding pipeline from ~5min to ~2min ([b14db0b](b14db0b))
@claudfuen
Copy link
Copy Markdown
Contributor

claudfuen commented May 7, 2026

🎉 This PR is included in version 3.45.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Marfuen @claudfuen