feat(security-questionnaire): enhance knowledge base UI and document management features

Author: tofikwest

apps/app/src/actions/safe-action.ts

@@ -107,60 +107,51 @@ export const authActionClient = actionClientWithMeta
     });
   })
   .use(async ({ next, metadata, ctx }) => {
-    const session = await auth.api.getSession({
-      headers: await headers(),
-    });
-
-    if (!session) {
+    // Use user and session from previous middleware instead of re-fetching
+    // This ensures consistency and avoids potential security issues from stale data
+    if (!ctx.user || !ctx.session) {
       throw new Error('Unauthorized');
     }
 
     if (metadata.track) {
-      track(session.user.id, metadata.track.event, {
+      track(ctx.user.id, metadata.track.event, {
         channel: metadata.track.channel,
-        email: session.user.email,
-        name: session.user.name,
-        organizationId: session.session.activeOrganizationId,
+        email: ctx.user.email,
+        name: ctx.user.name,
+        organizationId: ctx.session.activeOrganizationId,
       });
     }
 
-    return next({
-      ctx: {
-        ...ctx,
-        user: session.user,
-        session: session.session,
-      },
-    });
+    return next({ ctx });
   })
   .use(async ({ next, metadata, clientInput, ctx }) => {
     const headersList = await headers();
-    const session = await auth.api.getSession({
-      headers: headersList,
-    });
-
-    const member = await auth.api.getActiveMember({
-      headers: headersList,
-    });
-
-    if (!session) {
+    
+    // Use user and session from previous middleware for consistency
+    // Only fetch activeMember as it may require fresh data
+    if (!ctx.user || !ctx.session) {
       throw new Error('Unauthorized');
     }
 
-    if (!session.session.activeOrganizationId) {
+    if (!ctx.session.activeOrganizationId) {
       throw new Error('Organization not found');
     }
 
+    const member = await auth.api.getActiveMember({
+      headers: headersList,
+    });
+
     if (!member) {
       throw new Error('Member not found');
     }
 
     const { fileData: _, ...inputForAuditLog } = (clientInput || {}) as any;
 
     const data = {
-      userId: session.user.id,
-      email: session.user.email,
-      name: session.user.name,
-      organizationId: session.session.activeOrganizationId,
+      userId: ctx.user.id,
+      email: ctx.user.email,
+      name: ctx.user.name,
+      organizationId: ctx.session.activeOrganizationId,
       action: metadata.name,
       input: inputForAuditLog,
       ipAddress: headersList.get('x-forwarded-for') || null,
@@ -206,9 +197,9 @@ export const authActionClient = actionClientWithMeta
         data: {
           data: JSON.stringify(data),
           memberId: member.id,
-          userId: session.user.id,
+          userId: ctx.user.id,
           description: metadata.track?.description || null,
-          organizationId: session.session.activeOrganizationId,
+          organizationId: ctx.session.activeOrganizationId,
           entityId,
           entityType,
         },

apps/app/src/app/(app)/[orgId]/knowledge-base/components/KnowledgeBaseHeader.tsx

@@ -1,4 +1,4 @@
-import PageCore from '@/components/pages/PageCore.tsx';
+import PageWithBreadcrumb from '@/components/pages/PageWithBreadcrumb';
 import { auth } from '@/utils/auth';
 import { headers } from 'next/headers';
 import { notFound } from 'next/navigation';
@@ -7,7 +7,6 @@ import { ContextSection } from './context/components';
 import { ManualAnswersSection } from './manual-answers/components';
 import { PublishedPoliciesSection } from './published-policies/components';
 import { KnowledgeBaseHeader } from './components/KnowledgeBaseHeader';
-import { KnowledgeBaseBreadcrumb } from './components/KnowledgeBaseBreadcrumb';
 import {
   getContextEntries,
   getKnowledgeBaseDocuments,
@@ -35,28 +34,30 @@ export default async function KnowledgeBasePage() {
   ]);
 
   return (
-    <div className="mx-auto w-full max-w-[1200px] px-6 py-8">
-      <PageCore>
-        <KnowledgeBaseBreadcrumb />
-        <KnowledgeBaseHeader organizationId={organizationId} />
-
-        <div className="flex flex-col gap-6">
-          {/* Published Policies and Context Sections - Side by Side */}
-          <div className="grid grid-cols-1 gap-6 lg:grid-cols-2">
-            <PublishedPoliciesSection policies={policies} />
-            <ContextSection contextEntries={contextEntries} />
-          </div>
-
-          {/* Manual Answers Section */}
-          <ManualAnswersSection manualAnswers={manualAnswers} />
-
-          {/* Additional Documents Section */}
-          <AdditionalDocumentsSection
-            organizationId={organizationId}
-            documents={documents}
-          />
+    <PageWithBreadcrumb
+      breadcrumbs={[
+        { label: 'Overview', current: true },
+      ]}
+      className="px-6"
+    >
+      <KnowledgeBaseHeader organizationId={organizationId} />
+
+      <div className="flex flex-col gap-6">
+        {/* Published Policies and Context Sections - Side by Side */}
+        <div className="grid grid-cols-1 gap-6 lg:grid-cols-2">
+          <PublishedPoliciesSection policies={policies} />
+          <ContextSection contextEntries={contextEntries} />
         </div>
-      </PageCore>
-    </div>
+
+        {/* Manual Answers Section */}
+        <ManualAnswersSection manualAnswers={manualAnswers} />
+
+        {/* Additional Documents Section */}
+        <AdditionalDocumentsSection
+          organizationId={organizationId}
+          documents={documents}
+        />
+      </div>
+    </PageWithBreadcrumb>
   );
 }

apps/app/src/app/(app)/[orgId]/knowledge-base/page.tsx

@@ -71,13 +71,15 @@ export function QuestionnaireDetailClient({
           answer: r.answer,
           sources: r.sources,
           failedToGenerate: (r as any).failedToGenerate ?? false, // Preserve failedToGenerate from result
+          status: (r as any).status ?? 'untouched', // Preserve status field for UI behavior
           _originalIndex: (r as any).originalIndex ?? index, // Preserve originalIndex for reference, fallback to map index
         }))}
         filteredResults={filteredResults?.map((r, index) => ({
           question: r.question,
           answer: r.answer,
           sources: r.sources,
           failedToGenerate: (r as any).failedToGenerate ?? false, // Preserve failedToGenerate from result
+          status: (r as any).status ?? 'untouched', // Preserve status field for UI behavior
           _originalIndex: (r as any).originalIndex ?? index, // Preserve originalIndex for reference, fallback to map index
         }))}
         searchQuery={searchQuery}

apps/app/src/app/(app)/[orgId]/security-questionnaire/[questionnaireId]/components/QuestionnaireDetailClient.tsx

@@ -1,12 +1,11 @@
+import PageWithBreadcrumb from '@/components/pages/PageWithBreadcrumb';
 import { auth } from '@/utils/auth';
 import { headers } from 'next/headers';
 import { notFound } from 'next/navigation';
-import PageCore from '@/components/pages/PageCore.tsx';
 import { QuestionnaireResults } from '../components/QuestionnaireResults';
 import { useQuestionnaireDetail } from '../hooks/useQuestionnaireDetail';
 import { getQuestionnaireById } from './data/queries';
 import { QuestionnaireDetailClient } from './components/QuestionnaireDetailClient';
-import { QuestionnaireBreadcrumb } from './components/QuestionnaireBreadcrumb';
 
 export default async function QuestionnaireDetailPage({
   params,
@@ -36,15 +35,19 @@ export default async function QuestionnaireDetailPage({
   }
 
   return (
-    <PageCore className="mt-10">
-      <QuestionnaireBreadcrumb filename={questionnaire.filename} organizationId={organizationId} />
+    <PageWithBreadcrumb
+      breadcrumbs={[
+        { label: 'Overview', href: `/${organizationId}/security-questionnaire` },
+        { label: questionnaire.filename, current: true },
+      ]}
+    >
       <QuestionnaireDetailClient
         questionnaireId={questionnaireId}
         organizationId={organizationId}
         initialQuestions={questionnaire.questions}
         filename={questionnaire.filename}
       />
-    </PageCore>
+    </PageWithBreadcrumb>
   );
 }
 

apps/app/src/app/(app)/[orgId]/security-questionnaire/[questionnaireId]/page.tsx

@@ -2,7 +2,7 @@
 
 import { LinkIcon, Loader2 } from 'lucide-react';
 import { useState } from 'react';
-import { getKnowledgeBaseDocumentViewUrlAction } from '../../knowledge-base/additional-documents/actions/get-document-view-url';
+import { getKnowledgeBaseDocumentViewUrlAction } from '../knowledge-base/additional-documents/actions/get-document-view-url';
 
 interface KnowledgeBaseDocumentLinkProps {
   documentId: string;
@@ -37,14 +37,14 @@ export function KnowledgeBaseDocumentLink({
           window.open(signedUrl, '_blank', 'noopener,noreferrer');
         } else {
           // File cannot be viewed in browser - navigate to knowledge base page
-          const knowledgeBaseUrl = `/${orgId}/knowledge-base`;
+          const knowledgeBaseUrl = `/${orgId}/security-questionnaire/knowledge-base`;
           window.open(knowledgeBaseUrl, '_blank', 'noopener,noreferrer');
         }
       }
     } catch (error) {
       console.error('Error opening knowledge base document:', error);
       // Fallback: navigate to knowledge base page
-      const knowledgeBaseUrl = `/${orgId}/knowledge-base`;
+      const knowledgeBaseUrl = `/${orgId}/security-questionnaire/knowledge-base`;
       window.open(knowledgeBaseUrl, '_blank', 'noopener,noreferrer');
     } finally {
       setIsLoading(false);

apps/app/src/app/(app)/[orgId]/security-questionnaire/components/KnowledgeBaseDocumentLink.tsx

@@ -10,5 +10,6 @@ export interface QuestionAnswer {
     score: number;
   }>;
   failedToGenerate?: boolean; // Track if auto-generation was attempted but failed
+  status?: 'untouched' | 'generated' | 'manual'; // Track answer source: untouched, AI-generated, or manually edited
 }
 

apps/app/src/app/(app)/[orgId]/security-questionnaire/components/types.ts

@@ -3,6 +3,7 @@
 import type { parseQuestionnaireTask } from '@/jobs/tasks/vendors/parse-questionnaire';
 import { useRealtimeRun } from '@trigger.dev/react-hooks';
 import { useAction } from 'next-safe-action/hooks';
+import { useRouter } from 'next/navigation';
 import { useEffect } from 'react';
 import { toast } from 'sonner';
 import { createRunReadToken, createTriggerToken } from '../actions/create-trigger-token';
@@ -27,6 +28,7 @@ interface UseQuestionnaireParseProps {
   >;
   setHasClickedAutoAnswer: (clicked: boolean) => void;
   setQuestionnaireId: (id: string | null) => void;
+  orgId: string;
 }
 
 export function useQuestionnaireParse({
@@ -44,7 +46,9 @@ export function useQuestionnaireParse({
   setQuestionStatuses,
   setHasClickedAutoAnswer,
   setQuestionnaireId,
+  orgId,
 }: UseQuestionnaireParseProps) {
+  const router = useRouter();
   // Get trigger token for auto-answer (can trigger and read)
   useEffect(() => {
     async function getAutoAnswerToken() {
@@ -101,6 +105,10 @@ export function useQuestionnaireParse({
             setHasClickedAutoAnswer(false);
             if (questionnaireId) {
               setQuestionnaireId(questionnaireId);
+              // Redirect to questionnaire detail page after successful parse
+              setTimeout(() => {
+                router.push(`/${orgId}/security-questionnaire/${questionnaireId}`);
+              }, 500); // Small delay to show success toast
             }
             toast.success(
               `Successfully parsed ${questionsAndAnswers.length} question-answer pairs`,

apps/app/src/app/(app)/[orgId]/security-questionnaire/hooks/useQuestionnaireParse.ts

@@ -25,6 +25,7 @@ export function useQuestionnaireParser() {
     setQuestionStatuses: state.setQuestionStatuses,
     setHasClickedAutoAnswer: state.setHasClickedAutoAnswer,
     setQuestionnaireId: state.setQuestionnaireId,
+    orgId: state.orgId,
   });
 
   const autoAnswer = useQuestionnaireAutoAnswer({

apps/app/src/app/(app)/[orgId]/security-questionnaire/hooks/useQuestionnaireParser.ts

@@ -99,7 +99,7 @@ export const deleteKnowledgeBaseDocumentAction = authActionClient
         },
       });
 
-      revalidatePath(`/${activeOrganizationId}/knowledge-base`);
+      revalidatePath(`/${activeOrganizationId}/security-questionnaire/knowledge-base`);
 
       return {
         success: true,