chore: merge main into release for new releases

Author: Marfuen

apps/api/package.json

@@ -82,6 +82,7 @@
         "prettier": "^3.5.3",
         "source-map-support": "^0.5.21",
         "supertest": "^7.0.0",
+        "trigger.dev": "4.0.6",
         "ts-jest": "^29.2.5",
         "ts-loader": "^9.5.2",
         "ts-node": "^10.9.2",
@@ -111,9 +112,9 @@
         "db:getschema": "node ../../packages/db/scripts/combine-schemas.js && cp ../../packages/db/dist/schema.prisma prisma/schema.prisma",
         "db:migrate": "cd ../../packages/db && bunx prisma migrate dev && cd ../../apps/api",
         "deploy:trigger-prod": "npx trigger.dev@4.0.6 deploy",
-        "dev": "bunx concurrently --kill-others --names \"nest,trigger\" --prefix-colors \"green,blue\" \"nest start --watch\" \"bunx trigger.dev@4.0.6 dev\"",
+        "dev": "bunx concurrently --kill-others --names \"nest,trigger\" --prefix-colors \"green,blue\" \"nest start --watch\" \"trigger dev\"",
         "dev:nest": "nest start --watch",
-        "dev:trigger": "bunx trigger.dev@4.0.6 dev",
+        "dev:trigger": "trigger dev",
         "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
         "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
         "prebuild": "bun run db:generate",

apps/api/src/cloud-security/cloud-security.controller.ts

@@ -1,13 +1,21 @@
 import {
   Controller,
   Post,
+  Get,
   Param,
+  Query,
   Headers,
   Logger,
   HttpException,
   HttpStatus,
+  UseGuards,
 } from '@nestjs/common';
-import { CloudSecurityService } from './cloud-security.service';
+import { HybridAuthGuard } from '../auth/hybrid-auth.guard';
+import { OrganizationId } from '../auth/auth-context.decorator';
+import {
+  CloudSecurityService,
+  ConnectionNotFoundError,
+} from './cloud-security.service';
 
 @Controller({ path: 'cloud-security', version: '1' })
 export class CloudSecurityController {
@@ -53,4 +61,57 @@ export class CloudSecurityController {
       scannedAt: result.scannedAt,
     };
   }
+
+  @Post('trigger/:connectionId')
+  @UseGuards(HybridAuthGuard)
+  async triggerScan(
+    @Param('connectionId') connectionId: string,
+    @OrganizationId() organizationId: string,
+  ) {
+    this.logger.log(
+      `Cloud security scan trigger requested for connection ${connectionId}`,
+    );
+
+    try {
+      const result = await this.cloudSecurityService.triggerScan(
+        connectionId,
+        organizationId,
+      );
+      return result;
+    } catch (error) {
+      const message =
+        error instanceof Error ? error.message : 'Failed to trigger scan';
+      throw new HttpException(message, HttpStatus.BAD_REQUEST);
+    }
+  }
+
+  @Get('runs/:runId')
+  @UseGuards(HybridAuthGuard)
+  async getRunStatus(
+    @Param('runId') runId: string,
+    @Query('connectionId') connectionId: string,
+    @OrganizationId() organizationId: string,
+  ) {
+    if (!connectionId) {
+      throw new HttpException(
+        'connectionId query parameter is required',
+        HttpStatus.BAD_REQUEST,
+      );
+    }
+
+    try {
+      return await this.cloudSecurityService.getRunStatus(
+        runId,
+        connectionId,
+        organizationId,
+      );
+    } catch (error) {
+      if (error instanceof ConnectionNotFoundError) {
+        throw new HttpException('Connection not found', HttpStatus.NOT_FOUND);
+      }
+      const message =
+        error instanceof Error ? error.message : 'Failed to get run status';
+      throw new HttpException(message, HttpStatus.INTERNAL_SERVER_ERROR);
+    }
+  }
 }

apps/api/src/cloud-security/cloud-security.module.ts

@@ -5,9 +5,10 @@ import { GCPSecurityService } from './providers/gcp-security.service';
 import { AWSSecurityService } from './providers/aws-security.service';
 import { AzureSecurityService } from './providers/azure-security.service';
 import { IntegrationPlatformModule } from '../integration-platform/integration-platform.module';
+import { AuthModule } from '../auth/auth.module';
 
 @Module({
-  imports: [IntegrationPlatformModule],
+  imports: [IntegrationPlatformModule, AuthModule],
   controllers: [CloudSecurityController],
   providers: [
     CloudSecurityService,

apps/api/src/cloud-security/cloud-security.service.ts

@@ -1,6 +1,7 @@
 import { Injectable, Logger } from '@nestjs/common';
 import { db } from '@db';
 import { getManifest } from '@comp/integration-platform';
+import { runs, tasks } from '@trigger.dev/sdk';
 import { CredentialVaultService } from '../integration-platform/services/credential-vault.service';
 import { OAuthCredentialsService } from '../integration-platform/services/oauth-credentials.service';
 import { GCPSecurityService } from './providers/gcp-security.service';
@@ -28,6 +29,12 @@ export interface ScanResult {
   error?: string;
 }
 
+export class ConnectionNotFoundError extends Error {
+  constructor() {
+    super('Connection not found');
+  }
+}
+
 @Injectable()
 export class CloudSecurityService {
   private readonly logger = new Logger(CloudSecurityService.name);
@@ -220,6 +227,65 @@ export class CloudSecurityService {
     }
   }
 
+  async triggerScan(
+    connectionId: string,
+    organizationId: string,
+  ): Promise<{ runId: string }> {
+    // Validate connection exists and is active
+    const connection = await db.integrationConnection.findFirst({
+      where: {
+        id: connectionId,
+        organizationId,
+        status: 'active',
+      },
+    });
+
+    if (!connection) {
+      throw new Error('Connection not found or inactive');
+    }
+
+    const handle = await tasks.trigger('run-cloud-security-scan', {
+      connectionId,
+      organizationId,
+      providerSlug: 'platform',
+      connectionName: connectionId,
+    });
+
+    this.logger.log(`Triggered cloud security scan task`, {
+      connectionId,
+      runId: handle.id,
+    });
+
+    return { runId: handle.id };
+  }
+
+  async getRunStatus(
+    runId: string,
+    connectionId: string,
+    organizationId: string,
+  ): Promise<{ completed: boolean; success: boolean; output: unknown }> {
+    // Verify the connection belongs to the caller's organization
+    const connection = await db.integrationConnection.findFirst({
+      where: {
+        id: connectionId,
+        organizationId,
+      },
+      select: { id: true },
+    });
+
+    if (!connection) {
+      throw new ConnectionNotFoundError();
+    }
+
+    const run = await runs.retrieve(runId);
+
+    return {
+      completed: run.isCompleted,
+      success: run.isCompleted ? run.isSuccess : false,
+      output: run.isCompleted ? run.output : null,
+    };
+  }
+
   private async storeFindings(
     connectionId: string,
     provider: string,

apps/api/src/evidence-forms/evidence-form-type-map.ts

@@ -1,6 +1,10 @@
 import { AttachmentsService } from '@/attachments/attachments.service';
 import type { AuthContext } from '@/auth/types';
-import { db, type EvidenceFormType as DbEvidenceFormType } from '@trycompai/db';
+import { db, EvidenceFormType as DbEvidenceFormType } from '@trycompai/db';
+import {
+  toDbEvidenceFormType,
+  toExternalEvidenceFormType,
+} from '@comp/company';
 import {
   BadRequestException,
   Injectable,
@@ -16,10 +20,6 @@ import {
   type EvidenceFormFieldDefinition,
   type EvidenceFormType,
 } from './evidence-forms.definitions';
-import {
-  toDbEvidenceFormType,
-  toExternalEvidenceFormType,
-} from './evidence-form-type-map';
 
 const listQuerySchema = z.object({
   search: z.string().trim().optional(),

apps/api/src/evidence-forms/evidence-forms.service.ts

@@ -7,19 +7,19 @@ import {
 } from '@nestjs/common';
 import {
   db,
-  type EvidenceFormType as DbEvidenceFormType,
+  EvidenceFormType as DbEvidenceFormType,
   FindingStatus,
   FindingType,
 } from '@trycompai/db';
+import {
+  toDbEvidenceFormType,
+  toExternalEvidenceFormType,
+} from '@comp/company';
 import { CreateFindingDto } from './dto/create-finding.dto';
 import { UpdateFindingDto } from './dto/update-finding.dto';
 import { FindingAuditService } from './finding-audit.service';
 import { FindingNotifierService } from './finding-notifier.service';
 import { type EvidenceFormType } from '@/evidence-forms/evidence-forms.definitions';
-import {
-  toDbEvidenceFormType,
-  toExternalEvidenceFormType,
-} from '@/evidence-forms/evidence-form-type-map';
 
 @Injectable()
 export class FindingsService {

apps/api/src/findings/findings.service.ts

@@ -145,6 +145,7 @@
         "postcss": "^8.5.4",
         "raw-loader": "^4.0.2",
         "tailwindcss": "^4.1.8",
+        "trigger.dev": "4.0.6",
         "typescript": "^5.8.3",
         "vite-tsconfig-paths": "^5.1.4",
         "vitest": "^3.2.4"
@@ -170,7 +171,7 @@
         "db:getschema": "node ../../packages/db/scripts/combine-schemas.js && cp ../../packages/db/dist/schema.prisma prisma/schema.prisma",
         "db:migrate": "cd ../../packages/db && bunx prisma migrate dev && cd ../../apps/app",
         "deploy:trigger-prod": "npx trigger.dev@4.0.6 deploy",
-        "dev": "bun i && bunx concurrently --kill-others --names \"next,trigger\" --prefix-colors \"yellow,blue\" \"next dev --turbo -p 3000\" \"bunx trigger.dev@4.0.6 dev\"",
+        "dev": "bun i && bunx concurrently --kill-others --names \"next,trigger\" --prefix-colors \"yellow,blue\" \"next dev --turbo -p 3000\" \"trigger dev\"",
         "lint": "eslint . && prettier --check .",
         "prebuild": "bun run db:generate",
         "postinstall": "prisma generate --schema=./prisma/schema.prisma || exit 0",