fix: strip avatar and profile from children payload in managed event type updates#28239
Merged
alishaz-polymath merged 3 commits intomainfrom Mar 2, 2026
Merged
Conversation
…type updates
When assigning users to managed event types with ~85+ users, the request
body exceeds the 1MB server limit. The root cause is that the full
ChildrenEventType objects (including avatar, profile, username, membership)
are sent in the update payload, even though the server schema (childSchema)
only needs owner.{id, name, email, eventTypeSlugs} and hidden.
Avatar data can be particularly large when stored as base64 data URLs.
With 85 users each having ~10KB+ avatars, the payload easily exceeds 1MB.
This fix strips the children array down to only server-required fields
before sending the mutation, while keeping the full data in form state
for UI display purposes.
Co-Authored-By: ali@cal.com <alishahbaz7@gmail.com>
Contributor
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
graphite-app
bot
added
enterprise
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
1 issue found across 2 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/platform/atoms/event-types/hooks/useEventTypeForm.test.ts">
<violation number="1" location="packages/platform/atoms/event-types/hooks/useEventTypeForm.test.ts:11">
P1: Test duplicates production logic instead of importing it</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
packages/platform/atoms/event-types/hooks/useEventTypeForm.test.ts
Outdated
Show resolved
Hide resolved
Contributor
Devin AI is addressing Cubic AI's review feedbackA Devin session has been created to address the issues identified by Cubic AI. |
… of duplicating in test Addresses Cubic AI review feedback: the test file was duplicating the stripping logic instead of importing it from production code. - Extracted stripChildrenForPayload() into childrenEventType.ts - Updated useEventTypeForm.ts to import and use the shared function - Updated test file to import from production code instead of defining its own copy Co-Authored-By: bot_apk <apk@cognition.ai>
alishaz-polymath
added
run-ci
alishaz-polymath
removed
ready-for-e2e
run-ci
Co-Authored-By: bot_apk <apk@cognition.ai>
alishaz-polymath
added
ready-for-e2e
run-ci
keithwillcode
approved these changes
Mar 2, 2026
alishaz-polymath
deleted the
devin/1772450657-strip-avatar-from-children-payload
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
When assigning users to a large managed event type (~85+ users), the update request fails with a "Body exceeded 1mb limit" error. The root cause is that the full
ChildrenEventTypeobjects—includingavatar(potentially large base64 data URLs),profile,username, andmembership—are sent in the mutation payload, even though the server Zod schema (childSchema) only needsowner.{id, name, email, eventTypeSlugs}andhidden.This PR strips the
childrenarray down to only server-required fields inhandleSubmitbefore sending the mutation, while keeping the full data in form state for UI display (e.g., avatar rendering inChildrenEventTypeSelect).The stripping logic is extracted into a shared
stripChildrenForPayloadutility inpackages/features/eventtypes/lib/childrenEventType.ts, which is imported by both the hook and the test file—avoiding code duplication.How should this be tested?
Mandatory Tasks (DO NOT REMOVE)
Human Review Checklist
owner.{id, name, email, eventTypeSlugs},hidden) match exactly what the serverchildSchemainpackages/trpc/server/routers/viewer/eventTypes/types.tsexpectschildrendata (with avatars) is still available in react-hook-form state for UI rendering — note thatchildrenis extracted fromvalueson line 303 (before dirty field filtering), whilestrippedChildrenis only used for the outgoing payloadstripChildrenForPayloadinchildrenEventType.tsis correctly shared between the hook and the test file (no duplicated logic)Updates since last revision
useEventTypeForm.tsinto a shared exportedstripChildrenForPayload()function inpackages/features/eventtypes/lib/childrenEventType.ts. The test file now imports and tests the actual production function instead of maintaining a mirrored copy.