New Components - salespype

[michelle0927]

Resolves #11038.

Summary by CodeRabbit

• New Features

  • Introduced new actions that let users add contacts to campaigns, create contacts, and schedule tasks.
  • Added dynamic event sources to notify users when contacts are updated or when new campaigns and contacts are created.
  • Expanded functionality for streamlined API interactions, including enhanced data retrieval and pagination.

• Chores

  • Updated the application version and refined dependency management for better performance and stability.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

3 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
docs-v2	⬜️ Ignored (Inspect)	Visit Preview		Feb 7, 2025 7:28pm
pipedream-docs	⬜️ Ignored (Inspect)			Feb 7, 2025 7:28pm
pipedream-docs-redirect-do-not-edit	⬜️ Ignored (Inspect)			Feb 7, 2025 7:28pm

[coderabbitai]

Walkthrough

This set of changes introduces several new modules and updates in the Salespype application. New action modules have been added to create contacts, add contacts to campaigns, and create tasks. The Salespype app has been enhanced with additional properties and methods for API interactions, and the package metadata has been updated. Furthermore, new event source modules have been implemented for handling new contact creation, contact updates, and new campaign creation, along with a common base module to handle event processing.

Changes

File	Summary
components/salespype/actions/…	Added new action modules for adding a contact to a campaign, creating a contact, and creating a task; each module defines unique keys, properties, and asynchronous run methods to interact with Salespype APIs.
components/salespype/package.json, salespype.app.mjs	Updated package version and dependencies in package.json; enhanced salespype.app with new properties (contactId, campaignId, taskTypeId) and methods (_baseUrl, _makeRequest, list*, create*, paginate, etc.)
components/salespype/sources/…	Introduced a common base module for event processing and new source modules for contact-updated, new-campaign-created, and new-contact-created; each module defines methods for resource handling and metadata.

Sequence Diagram(s)

sequenceDiagram
  participant U as User
  participant A as Action Module
  participant S as Salespype App
  participant API as Salespype API

  U->>A: Trigger action (e.g., create contact)
  A->>S: Call createContact/addContactToCampaign/createTask
  S->>API: Execute _makeRequest for API call
  API-->>S: Return API Response
  S-->>A: Return processed result
  A-->>U: Respond with success summary

Loading

sequenceDiagram
  participant Poller as Polling Mechanism
  participant Source as Event Source Module
  participant Base as Common Base
  participant S as Salespype API

  Poller->>Source: Trigger event check
  Source->>Base: Invoke processEvent method
  Base->>S: Call listContacts/listCampaigns based on event type
  S-->>Base: Return resource data
  Base->>Base: Filter data, update state, generate metadata
  Base-->>Source: Emit event with metadata

Loading

Assessment against linked issues

Objective	Addressed	Explanation
Emit events for new contact created, contact updated, and new campaign created (Polling Sources: new-contact-created, contact-updated, new-campaign-created)	✅
Create contact action with required props (firstName, lastName, email) [create-contact]	✅
Add contact to a campaign action with required props (campaignId and contactId) [add-contact-to-campaign]	✅
Create task action with required props (contactId, task, taskTypeId) [create-task]	✅

Possibly related PRs

• New Components - openphone #14505: The changes in the main PR for adding a contact to a campaign are related to the retrieved PR's new action for creating a contact, as both involve the creation and management of contact entities within their respective applications.
• [Components] liveswitch #13859 #14427: The changes in the main PR for adding a contact to a campaign are related to the changes in the retrieved PR for creating a contact, as both involve the contactId property and utilize similar methods for handling contact-related actions within their respective modules.
• New Components - smstools #14378: The changes in the main PR for adding a contact to a campaign are related to the modifications in the retrieved PR, which includes an action for adding a contact, as both involve similar functionalities for managing contacts within their respective applications.

Suggested labels

action, trigger / source

Suggested reviewers

• jcortes

Poem

I'm a rabbit with joyful hops,
Celebrating code that never stops.
Actions and sources now dance in line,
With each new function, everything's divine.
Carrots and code—a delightful blend,
Hopping in rhythm as these changes ascend!

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 7

🧹 Nitpick comments (7)

components/salespype/salespype.app.mjs (3)

6-24: Ensure robust error handling for contact options.
The asynchronous options function directly calls “listContacts”, but there's no explicit error handling if the request fails. Consider handling exceptions, logging errors, or providing fallbacks for better user feedback.

---

25-42: Campaign dropdown approach is consistent but lacks error handling.
Similar to contact options, consider gracefully handling errors or empty responses to avoid runtime issues if “listCampaigns” fails.

---

62-74: Add error handling in _makeRequest to manage failed calls.
Currently, any API error is surfaced directly from axios. Consider catching request failures and throwing custom errors, improving debug information.

components/salespype/sources/new-campaign-created/new-campaign-created.mjs (1)

11-29: Minor improvement: show campaign title in the summary.
Right now, “summary” uses campaign.id. Including the campaign’s title or name might provide more informative event data.

- summary: `New Campaign: ${campaign.id}`,
+ summary: `New Campaign: ${campaign.title || campaign.id}`,

components/salespype/sources/common/base.mjs (1)

16-21: Add validation to database operations.

The _getLast and _setLast methods should validate their inputs/outputs.

Apply this diff to add validation:

 _getLast() {
-  return this.db.get("last") || 0;
+  const last = this.db.get("last");
+  return typeof last === "number" ? last : 0;
 },
 _setLast(last) {
+  if (typeof last !== "number" || isNaN(last)) {
+    throw new Error("Last value must be a valid number");
+  }
   this.db.set("last", last);
 },

components/salespype/actions/create-contact/create-contact.mjs (2)

21-25: Add email validation.

Consider adding email validation to ensure valid email addresses are provided.

   email: {
     type: "string",
     label: "Email",
     description: "The email address of the contact",
+    pattern: "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$",
   },

---

62-67: Specify date format.

Add format specification for the birthDate field to ensure consistent date inputs.

   birthDate: {
     type: "string",
     label: "Birthdate",
-    description: "The birthdate of the contact",
+    description: "The birthdate of the contact in YYYY-MM-DD format",
+    pattern: "^\\d{4}-\\d{2}-\\d{2}$",
     optional: true,
   },

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a57dd3d and 1752978.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (9)

• components/salespype/actions/add-contact-to-campaign/add-contact-to-campaign.mjs (1 hunks)
• components/salespype/actions/create-contact/create-contact.mjs (1 hunks)
• components/salespype/actions/create-task/create-task.mjs (1 hunks)
• components/salespype/package.json (2 hunks)
• components/salespype/salespype.app.mjs (1 hunks)
• components/salespype/sources/common/base.mjs (1 hunks)
• components/salespype/sources/contact-updated/contact-updated.mjs (1 hunks)
• components/salespype/sources/new-campaign-created/new-campaign-created.mjs (1 hunks)
• components/salespype/sources/new-contact-created/new-contact-created.mjs (1 hunks)

🧰 Additional context used

🪛 GitHub Check: Lint Code Base

components/salespype/sources/contact-updated/contact-updated.mjs

[warning] 7-7:
Source names should start with "New". See https://pipedream.com/docs/components/guidelines/#source-name

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: Verify TypeScript components
• GitHub Check: pnpm publish
• GitHub Check: Publish TypeScript components

🔇 Additional comments (18)

components/salespype/salespype.app.mjs (9)

1-2: Import usage looks good.
No issues spotted with importing "axios" from "@pipedream/platform".

---

43-56: Task type options retrieval looks fine.
Implementation seems consistent, but additional checks for an empty “taskTypes” array or network failures could strengthen reliability.

---

59-61: _baseUrl() usage is straightforward.
Defining the base URL in a method is clear and maintainable. No issues noted.

---

75-80: listContacts() approach is correct.
Method neatly defaults to GET requests through axios. Looks fine as is.

---

81-86: listCampaigns() approach is consistent.
No issues noted. The method reuses _makeRequest effectively.

---

87-92: listTaskTypes() approach is consistent.
Similarly consistent with the other list methods.

---

93-99: createContact() POST usage is correct.
Straightforward creation method with a POST call. Consider capturing any request errors.

---

100-108: addContactToCampaign() is logically sound.
Uses POST to add an existing contact to a specific campaign. Implementation looks fine.

---

109-117: createTask() aligns with standard POST flow.
No immediate concerns. Matches the pattern for creating resources.

components/salespype/sources/new-campaign-created/new-campaign-created.mjs (2)

1-2: Common source import is correct.
No issues noted with importing ‘base.mjs’.

---

3-10: Metadata for the new campaign source is straightforward.
Key, name, and other fields are well-labeled.

components/salespype/sources/new-contact-created/new-contact-created.mjs (2)

1-2: Common source import is correct.
Implementation is consistent.

---

3-10: Source metadata well-defined.
Clear naming and purpose for the new-contact-created event.

components/salespype/sources/contact-updated/contact-updated.mjs (2)

6-8: Update source name to follow naming convention.

According to Pipedream's source naming guidelines, source names should start with "New". Consider renaming to "New Contact Updated" for consistency.

✅ Verification successful

🌐 Web query:

What is Pipedream's naming convention for source names?

💡 Result:

Pipedream's naming convention for source names follows specific guidelines to ensure clarity and consistency[1]:

1. **Format**:  
   - Source names must be **singular** and **title-cased** (e.g., *New Mention* instead of *New Mentions* or *new mention*).  
   - They should start with the word **"New"** unless the source emits events that aren’t limited to new items (e.g., periodic updates).  

2. **Exclusions**:  
   - Avoid including the app name in the source name (e.g., use *New File* instead of *New Google Drive File*).  
   - Names should **not** be slugified or use kebab-case (e.g., *new-file* is invalid).  

3. **Real-time identification**:  
   - For webhook-based sources that emit events in real time, append **(Instant)** to the name (e.g., *New Calendar Event (Instant)*)[1]. This helps users distinguish them from polling-based sources.

For example:  
- A Twitter source emitting new mentions would be named **New Mention** (not *Twitter New Mention* or *new-mention*)[1].  
- A real-time Calendly event source would be named **New Invitee Created (Instant)**[1].  

These rules apply specifically to registry components published in Pipedream’s official repository[1].

Citations:

- 1: https://pipedream.com/docs/components/guidelines
- 2: https://pipedream.com/docs/workflows/domains
- 3: https://learn.microsoft.com/en-us/windows/win32/ipc/pipe-names?redirectedfrom=MSDN
- 4: https://pipedream.com/docs/components/api
- 5: https://www.globalphasing.com/buster/manual/pipedream/manual/index.html
- 6: https://community.pipedrive.com/discussion/12091/document-file-name-conventions
- 7: https://github.com/PipedreamHQ/pipedream/blob/master/docs-v2/pages/glossary.mdx
- 8: https://pipedream.com/docs/quickstart
- 9: https://github.com/angular/angular/issues/31787
- 10: https://pipedream.com/docs/sources

---

New Source Naming Convention: Add "New" Prefix

• The Pipedream guidelines require that source names are singular, title-cased, and must start with "New" for new events.
• In the file components/salespype/sources/contact-updated/contact-updated.mjs, update the source name from "Contact Updated" to "New Contact Updated" for consistency with the guidelines.

🧰 Tools

🪛 GitHub Check: Lint Code Base

[warning] 7-7:
Source names should start with "New". See https://pipedream.com/docs/components/guidelines/#source-name

---

23-33: Consider using a more secure hash function.

MD5 is cryptographically broken and not recommended for generating unique identifiers. Consider using a more secure hash function like SHA-256.

Apply this diff to use a more secure hash function:

-import md5 from "md5";
+import { createHash } from "crypto";

 generateMeta(contact) {
+  const hash = createHash("sha256");
   return {
-    id: md5(JSON.stringify({
+    id: hash.update(JSON.stringify({
       ...contact,
       createdAt: undefined,
       updatedAt: undefined,
-    })),
+    })).digest("hex"),
     summary: `Contact Updated: ${contact.id}`,
     ts: Date.parse(contact.updatedAt),
   };
 },

✅ Verification successful

🌐 Web query:

Is MD5 still secure for generating unique identifiers?

💡 Result:

MD5 is **not secure** for generating unique identifiers in security-sensitive contexts due to well-documented collision vulnerabilities[1][2]. While it can still serve as a checksum for basic data integrity checks against accidental corruption[1][2], its ability to produce unique outputs has been fundamentally compromised:

## Collision Vulnerabilities
- **Collisions can be generated in seconds** using modern hardware[2], with practical attacks demonstrated as early as 2004[1]
- Malicious actors can intentionally create different inputs with identical MD5 hashes[1], enabling:
  - Fake digital certificates (as seen in 2008 CA compromises)[1]
  - Counterfeit software updates (Flame malware 2012)[1][2]
  - Database ID conflicts in partitioned systems[2]

## Current Usage Risks
While still used in some legacy systems for:
- Non-critical checksums
- Basic file verification
- Temporary identifiers

...the algorithm fails catastrophically in scenarios requiring guaranteed uniqueness against intentional manipulation[1][2]. A 2019 study found 25% of CMS platforms still used MD5 for password hashing despite warnings[2].

## Secure Alternatives
| Algorithm | Security Status | Hash Length |
|-----------|-----------------|-------------|
| SHA3-256 | NIST-approved   | 256-bit     |
| SHA2-512 | NIST-approved   | 512-bit     |
| BLAKE3   | Modern standard | Variable    |

For identifier generation where uniqueness matters (database keys, session tokens, etc.), use SHA-256 or SHA3-256 instead[1][2]. These provide stronger collision resistance with minimal performance impact on modern systems.

Citations:

- 1: https://www.okta.com/identity-101/md5/
- 2: https://en.wikipedia.org/wiki/Md5_Hash
- 3: https://katelynsills.com/law/the-curious-case-of-md5/

---

Security Improvement: Replace MD5 with SHA-256

The web query confirms that MD5 is not secure for generating unique identifiers due to its collision vulnerabilities. The provided diff using SHA-256 is a secure alternative.

• Update the hashing logic to use Node.js's crypto module's createHash with "sha256" as shown.

components/salespype/actions/create-contact/create-contact.mjs (1)

3-8: Verify the documentation link is accessible.

The description includes a link to the API documentation. Let's verify it's accessible and up-to-date.

components/salespype/package.json (2)

3-3: Version bump looks appropriate.

The version bump from 0.0.1 to 0.1.0 follows semantic versioning, indicating new features were added.

---

15-18: Verify dependency versions.

Let's check if these are the latest compatible versions of the dependencies.

✅ Verification successful

🌐 Web query:

What is the latest version of @pipedream/platform?

💡 Result:

The latest version of `@pipedream/platform` is **3.0.3**, as documented in the npm registry entry last updated 4 months ago (as of February 2025)[8]. This package provides typing and runtime type checking for Pipedream's platform globals, with usage examples available in [Pipedream's Axios documentation](https://pipedream.com/docs/pipedream-axios/)[8].

Citations:

- 1: https://pipedream.com/docs/migrate-from-v1
- 2: https://github.com/boltops-tools/pipedream/blob/master/CHANGELOG.md
- 3: https://asana.com/ja/apps/pipedream
- 4: https://pipedream.com/community/t/how-to-update-a-custom-action-to-use-the-latest-version/9951
- 5: https://pipedream.com/community/t/how-to-inspect-the-version-history-for-a-given-step/8561
- 6: https://pipedream.com
- 7: https://pipedream.com/docs
- 8: https://www.npmjs.com/package/@pipedream/platform
- 9: https://www.npmjs.com/package/pipedream?activeTab=versions
- 10: https://github.com/PipedreamHQ/pipedream?via=cagri&tab=readme-ov-file

---

🌐 Web query:

What is the latest version of md5?

💡 Result:

The MD5 algorithm itself does not have version numbers as it's a standardized cryptographic hash function published in 1992 (RFC 1321)[6]. However, software implementations and tools using MD5 do have versions:

**Latest implementations/tools using MD5:**
- **js-md5** npm package: v0.8.3 (last updated October 2023)[5]
- **MD5 & SHA Checksum Utility** for Windows: Last updated November 2024[7]
- **md5** npm package: v2.3.0 (last updated August 2020)[8]

While MD5 remains widely used for non-security purposes like basic file integrity checks[3][6], many systems are deprecating it due to cryptographic vulnerabilities[2][4][6]. For example:
- PostgreSQL Flexible Server disabled MD5 in v15.8 for FIPS compliance[4]
- NixOS deprecated MD5 support in fetchurl operations[2]

For new projects requiring cryptographic security, modern alternatives like SHA-256 are recommended[3][6].

Citations:

- 1: https://forums.sketchup.com/t/2024-md5-check-error/295694
- 2: https://discourse.nixos.org/t/md5-deprecated/6447
- 3: https://en.wikipedia.org/wiki/Md5sum
- 4: https://learn.microsoft.com/en-us/answers/questions/2105015/postgres-flexible-server-15-8-no-longer-supports-a
- 5: https://www.npmjs.com/package/js-md5
- 6: https://en.wikipedia.org/wiki/Md5_Hash
- 7: https://download.cnet.com/md5-sha-checksum-utility/3000-2092_4-10911445.html
- 8: https://www.npmjs.com/package/md5

---

Dependency versions verified.

• @pipedream/platform: Latest version is 3.0.3.
• md5: Latest version is 2.3.0.

These match the versions specified in components/salespype/package.json. No changes are necessary.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

components/salespype/salespype.app.mjs (1)

118-140: 🛠️ Refactor suggestion

Improve pagination robustness.

The pagination implementation needs several improvements for better reliability:

1. Double semicolon on line 125.

2. Missing validation for totalPages and empty results.

 async *paginate({
   fn, params, resourceKey, max,
 }) {
   params = {
     ...params,
     page: 0,
   };
   let totalPages, count = 0;
   do {
     params.page++;
     const results = await fn({
       params,
     });
+    if (!results || typeof results !== 'object') {
+      throw new Error('Invalid response format from API');
+    }
     const items = results[resourceKey];
+    if (!Array.isArray(items)) {
+      throw new Error(`Expected array for ${resourceKey}, got ${typeof items}`);
+    }
     for (const item of items) {
       yield item;
       if (max && ++count >= max) {
         return;
       }
     }
     totalPages = results.totalPages;
+    if (typeof totalPages !== 'number' || totalPages < 0) {
+      throw new Error('Invalid totalPages value from API');
+    }
   } while (params.page < totalPages);
 }

🧹 Nitpick comments (1)

components/salespype/salespype.app.mjs (1)

11-16: Consider zero-based pagination for consistency.

The page parameter is incremented before making the API call (page + 1). While this works, it might be clearer to handle the zero-based to one-based conversion in the API methods instead of the options functions. This would make the pagination logic more centralized and easier to maintain.

async options({ page }) {
  const { contacts } = await this.listContacts({
    params: {
-     page: page + 1,
+     page,
    },
  });

Also applies to: 29-34

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1752978 and 0f2db18.

📒 Files selected for processing (1)

• components/salespype/salespype.app.mjs (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: Verify TypeScript components
• GitHub Check: pnpm publish
• GitHub Check: Publish TypeScript components
• GitHub Check: Lint Code Base

[GTFalcao]

LGTM!