feat(api): enhance vendor risk assessment task with status handling and skeleton UI

tofikwest · tofikwest · commit e16542d79ce8 · 2025-12-24T10:03:33.000-05:00
diff --git a/apps/api/src/trigger/vendor/vendor-risk-assessment-task.ts b/apps/api/src/trigger/vendor/vendor-risk-assessment-task.ts
@@ -89,10 +89,11 @@ export const vendorRiskAssessmentTask = schemaTask({
         entityId: payload.vendorId,
         title: VENDOR_RISK_ASSESSMENT_TASK_TITLE,
       },
-      select: { id: true },
+      select: { id: true, status: true, createdById: true, assigneeId: true },
     });
 
-    if (existing) {
+    // If an existing task is already complete (i.e. not "generating"), don't create another one.
+    if (existing && existing.status !== TaskItemStatus.in_progress) {
       logger.info('Risk assessment task already exists for vendor, skipping', {
         vendorId: payload.vendorId,
         taskItemId: existing.id,
@@ -104,6 +105,49 @@ export const vendorRiskAssessmentTask = schemaTask({
       organizationId: payload.organizationId,
       createdByUserId: payload.createdByUserId ?? null,
     });
+    // focused frameworks
+    const organizationFrameworks = getDefaultFrameworks();
+    const frameworkChecklist = buildFrameworkChecklist(organizationFrameworks);
+
+    // Create a placeholder task immediately so UI can show a skeleton while research runs.
+    // If an in-progress placeholder already exists, reuse it.
+    const taskItemId =
+      existing?.id ??
+      (
+        await db.taskItem.create({
+          data: {
+            title: VENDOR_RISK_ASSESSMENT_TASK_TITLE,
+            // Keep a structured marker so frontend can reliably detect this task type,
+            // but keep status=in_progress so it renders as "generating".
+            description: buildRiskAssessmentDescription({
+              vendorName: payload.vendorName,
+              vendorWebsite: payload.vendorWebsite ?? null,
+              research: null,
+              frameworkChecklist,
+              organizationFrameworks,
+            }),
+            status: TaskItemStatus.in_progress,
+            priority: TaskItemPriority.high,
+            entityId: payload.vendorId,
+            entityType: 'vendor',
+            organizationId: payload.organizationId,
+            assigneeId: assigneeMemberId,
+            createdById: creatorMemberId,
+          },
+          select: { id: true },
+        })
+      ).id;
+
+    if (!existing) {
+      await logAutomatedTaskCreation({
+        organizationId: payload.organizationId,
+        taskItemId,
+        taskTitle: VENDOR_RISK_ASSESSMENT_TASK_TITLE,
+        memberId: creatorMemberId,
+        entityType: 'vendor',
+        entityId: payload.vendorId,
+      });
+    }
 
     const research =
       payload.withResearch && payload.vendorWebsite
@@ -113,9 +157,6 @@ export const vendorRiskAssessmentTask = schemaTask({
           })
         : null;
 
-    const organizationFrameworks = getDefaultFrameworks();
-    const frameworkChecklist = buildFrameworkChecklist(organizationFrameworks);
-
     const description = buildRiskAssessmentDescription({
       vendorName: payload.vendorName,
       vendorWebsite: payload.vendorWebsite ?? null,
@@ -124,37 +165,26 @@ export const vendorRiskAssessmentTask = schemaTask({
       organizationFrameworks,
     });
 
-    const taskItem = await db.taskItem.create({
+    // Mark as ready for normal UX: clickable + full renderer
+    await db.taskItem.update({
+      where: { id: taskItemId },
       data: {
-        title: VENDOR_RISK_ASSESSMENT_TASK_TITLE,
         description,
         status: TaskItemStatus.todo,
-        priority: TaskItemPriority.high,
-        entityId: payload.vendorId,
-        entityType: 'vendor',
-        organizationId: payload.organizationId,
-        assigneeId: assigneeMemberId,
-        createdById: creatorMemberId,
+        // Keep stable creator/assignee for reused placeholders
+        assigneeId: existing?.assigneeId ?? assigneeMemberId,
+        updatedById: existing?.createdById ?? creatorMemberId,
       },
       select: { id: true },
     });
 
-    await logAutomatedTaskCreation({
-      organizationId: payload.organizationId,
-      taskItemId: taskItem.id,
-      taskTitle: VENDOR_RISK_ASSESSMENT_TASK_TITLE,
-      memberId: creatorMemberId,
-      entityType: 'vendor',
-      entityId: payload.vendorId,
-    });
-
     logger.info('Created vendor risk assessment task item', {
       vendorId: payload.vendorId,
-      taskItemId: taskItem.id,
+      taskItemId,
       researched: Boolean(research),
     });
 
-    return { success: true, taskItemId: taskItem.id, deduped: false, researched: Boolean(research) };
+    return { success: true, taskItemId, deduped: Boolean(existing), researched: Boolean(research) };
   },
 });
 
diff --git a/apps/app/src/components/task-items/TaskItemItem.tsx b/apps/app/src/components/task-items/TaskItemItem.tsx
@@ -61,6 +61,8 @@ import { useMemo, useState } from 'react';
 import { toast } from 'sonner';
 import { SelectAssignee } from '@/components/SelectAssignee';
 import { format } from 'date-fns';
+import { isVendorRiskAssessmentTaskItem } from './generated-task/vendor-risk-assessment/is-vendor-risk-assessment-task-item';
+import { VendorRiskAssessmentTaskItemSkeletonRow } from './generated-task/vendor-risk-assessment/VendorRiskAssessmentTaskItemSkeletonRow';
 
 const formatShortDate = (date: string | Date): string => {
   try {
@@ -122,6 +124,12 @@ export function TaskItemItem({
   onToggleExpanded,
   onStatusOrPriorityChange,
 }: TaskItemItemProps) {
+  const isGeneratingVendorRiskAssessment =
+    taskItem.status === 'in_progress' && isVendorRiskAssessmentTaskItem(taskItem);
+  if (isGeneratingVendorRiskAssessment) {
+    return <VendorRiskAssessmentTaskItemSkeletonRow />;
+  }
+
   const [isEditDialogOpen, setIsEditDialogOpen] = useState(false);
   const [editedTitle, setEditedTitle] = useState(taskItem.title);
   const [editedDescription, setEditedDescription] = useState(taskItem.description || '');
diff --git a/apps/app/src/components/task-items/TaskItems.tsx b/apps/app/src/components/task-items/TaskItems.tsx
@@ -13,6 +13,7 @@ import { TaskItemsBody } from './TaskItemsBody';
 import { useOrganizationMembers } from '@/hooks/use-organization-members';
 import { filterMembersByOwnerOrAdmin } from '@/utils/filter-members-by-role';
 import { usePathname, useRouter, useSearchParams } from 'next/navigation';
+import { isVendorRiskAssessmentTaskItem } from './generated-task/vendor-risk-assessment/is-vendor-risk-assessment-task-item';
 
 interface TaskItemsProps {
   entityId: string;
@@ -66,6 +67,26 @@ export const TaskItems = ({
     organizationId,
   });
 
+  // Check if any tasks are currently generating (in_progress vendor risk assessments)
+  // If yes, enable polling so skeleton updates automatically when generation completes
+  const hasGeneratingTasks = useMemo(() => {
+    const taskItems = taskItemsResponse?.data?.data ?? [];
+    return taskItems.some(
+      (taskItem) =>
+        taskItem.status === 'in_progress' && isVendorRiskAssessmentTaskItem(taskItem),
+    );
+  }, [taskItemsResponse?.data?.data]);
+
+  // Re-fetch with polling enabled if there are generating tasks
+  useEffect(() => {
+    if (hasGeneratingTasks) {
+      const interval = setInterval(() => {
+        refreshTaskItems();
+      }, 3000); // Poll every 3 seconds
+      return () => clearInterval(interval);
+    }
+  }, [hasGeneratingTasks, refreshTaskItems]);
+
   const {
     data: statsResponse,
     isLoading: statsLoading,
diff --git a/apps/app/src/components/task-items/generated-task/vendor-risk-assessment/VendorRiskAssessmentCertificationsCard.tsx b/apps/app/src/components/task-items/generated-task/vendor-risk-assessment/VendorRiskAssessmentCertificationsCard.tsx
@@ -109,14 +109,14 @@ export function VendorRiskAssessmentCertificationsCard({
         ) : (
           <Collapsible open={open} onOpenChange={setOpen}>
             <div className="space-y-3">
-              {preview.map((cert) => (
-                <CertificationRow key={`${cert.type}-${cert.url ?? ''}`} cert={cert} />
+              {preview.map((cert, index) => (
+                <CertificationRow key={`${cert.type}-${cert.status}-${index}`} cert={cert} />
               ))}
 
               {rest.length > 0 ? (
                 <CollapsibleContent className="space-y-3">
-                  {rest.map((cert) => (
-                    <CertificationRow key={`${cert.type}-${cert.url ?? ''}`} cert={cert} />
+                  {rest.map((cert, index) => (
+                    <CertificationRow key={`${cert.type}-${cert.status}-${previewCount + index}`} cert={cert} />
                   ))}
                 </CollapsibleContent>
               ) : null}
diff --git a/apps/app/src/components/task-items/generated-task/vendor-risk-assessment/VendorRiskAssessmentTaskItemSkeletonRow.tsx b/apps/app/src/components/task-items/generated-task/vendor-risk-assessment/VendorRiskAssessmentTaskItemSkeletonRow.tsx
@@ -0,0 +1,62 @@
+'use client';
+
+import { Skeleton } from '@comp/ui/skeleton';
+import { Loader2, TrendingUp, Circle } from 'lucide-react';
+
+/**
+ * Skeleton row shown while the system is generating the vendor Risk Assessment task.
+ *
+ * Intentionally non-interactive: users shouldn't open or edit the task until the
+ * background job finishes and populates the structured description.
+ *
+ * Layout mirrors the actual TaskItemItem row for visual consistency.
+ */
+export function VendorRiskAssessmentTaskItemSkeletonRow() {
+  return (
+    <div className="flex items-center gap-2 p-4 rounded-lg border border-border bg-card opacity-60">
+      <div className="flex-1 flex items-center gap-3 text-sm w-full">
+        <div className="flex items-center gap-3 flex-1 min-w-0">
+          {/* Priority Icon - Fixed width (matches real row) */}
+          <div className="w-8 shrink-0 flex items-center justify-center">
+            <div className="h-6 px-1.5 rounded-md flex items-center justify-center bg-transparent text-pink-600 dark:text-pink-400">
+              <TrendingUp className="h-4 w-4 stroke-[2]" />
+            </div>
+          </div>
+
+          {/* Task ID - Fixed width (matches real row) */}
+          <div className="w-14 shrink-0">
+            <Skeleton className="h-3 w-12" />
+          </div>
+
+          {/* Status Icon - Fixed width (matches real row) */}
+          <div className="w-8 shrink-0 flex items-center justify-center">
+            <Loader2 className="h-4 w-4 animate-spin text-blue-600 dark:text-blue-400" />
+          </div>
+
+          {/* Title - Flexible with max width (matches real row) */}
+          <div className="flex items-center gap-2 flex-1 min-w-0 max-w-[300px]">
+            <h4 className="text-sm font-medium truncate">Risk Assessment</h4>
+          </div>
+
+          {/* Spacer */}
+          <div className="flex-1" />
+
+          {/* Assignee - Fixed width (matches real row) */}
+          <div className="shrink-0 w-[180px]">
+            <Skeleton className="h-6 w-full" />
+          </div>
+
+          {/* Date - Fixed width (matches real row) */}
+          <div className="w-16 shrink-0 text-right">
+            <Skeleton className="h-4 w-14 ml-auto" />
+          </div>
+
+          {/* Options Menu Placeholder - matches real row */}
+          <div className="h-6 w-6 shrink-0" />
+        </div>
+      </div>
+    </div>
+  );
+}
+
+
diff --git a/apps/app/src/components/task-items/generated-task/vendor-risk-assessment/VendorRiskAssessmentTaskItemView.tsx b/apps/app/src/components/task-items/generated-task/vendor-risk-assessment/VendorRiskAssessmentTaskItemView.tsx
@@ -261,11 +261,11 @@ export function VendorRiskAssessmentTaskItemView({ taskItem }: { taskItem: TaskI
               {links.length === 0 ? (
                 <p className="text-sm text-muted-foreground italic">No links found.</p>
               ) : (
-                links.map((link) => {
+                links.map((link, index) => {
                   const LinkIcon = getLinkIcon(link.label);
                   return (
                   <Button
-                    key={link.url}
+                    key={`${link.url}-${link.label}-${index}`}
                     variant="outline"
                     className="w-full justify-between"
                     onClick={() => window.open(link.url, '_blank', 'noopener,noreferrer')}
diff --git a/apps/app/src/components/task-items/generated-task/vendor-risk-assessment/VendorRiskAssessmentTimelineCard.tsx b/apps/app/src/components/task-items/generated-task/vendor-risk-assessment/VendorRiskAssessmentTimelineCard.tsx
@@ -75,17 +75,17 @@ export function VendorRiskAssessmentTimelineCard({
         ) : (
           <Collapsible open={open} onOpenChange={setOpen}>
             <div className="space-y-5">
-              {preview.map((item) => (
-                <div key={`${item.date}-${item.title}`} className="space-y-2">
+              {preview.map((item, index) => (
+                <div key={`${item.date}-${item.title}-${index}`} className="space-y-2">
                   <NewsRow item={item} />
                   <Separator />
                 </div>
               ))}
 
               {rest.length > 0 ? (
                 <CollapsibleContent className="space-y-5">
-                  {rest.map((item) => (
-                    <div key={`${item.date}-${item.title}`} className="space-y-2">
+                  {rest.map((item, index) => (
+                    <div key={`${item.date}-${item.title}-${previewCount + index}`} className="space-y-2">
                       <NewsRow item={item} />
                       <Separator />
                     </div>
diff --git a/apps/app/src/trigger/tasks/onboarding/onboard-organization-helpers.ts b/apps/app/src/trigger/tasks/onboarding/onboard-organization-helpers.ts
@@ -386,6 +386,27 @@ async function triggerVendorRiskAssessmentsViaApi(params: {
     process.env.NEXT_PUBLIC_API_URL || process.env.API_BASE_URL || 'http://localhost:3333';
   const token = process.env.INTERNAL_API_TOKEN;
 
+  // Sanitize vendor websites - only send valid URLs or null
+  const sanitizeWebsite = (
+    website: string | null | undefined,
+    vendorName: string,
+  ): string | null => {
+    if (!website || website.trim() === '') return null;
+
+    const trimmed = website.trim();
+    // If it doesn't have a protocol, try adding https://
+    const withProtocol = /^https?:\/\//i.test(trimmed) ? trimmed : `https://${trimmed}`;
+
+    try {
+      const url = new URL(withProtocol);
+      return url.toString();
+    } catch {
+      // Invalid URL, return null
+      logger.warn('Invalid vendor website, will skip research', { website, vendorName });
+      return null;
+    }
+  };
+
   logger.info('Calling vendor risk assessment API endpoint', {
     organizationId,
     vendorCount: vendors.length,
@@ -400,11 +421,15 @@ async function triggerVendorRiskAssessmentsViaApi(params: {
       {
         organizationId,
         withResearch,
-        vendors: vendors.map((v) => ({
-          vendorId: v.id,
-          vendorName: v.name,
-          vendorWebsite: v.website,
-        })),
+        vendors: vendors.map((v) => {
+          const sanitized = sanitizeWebsite(v.website, v.name);
+          return {
+            vendorId: v.id,
+            vendorName: v.name,
+            // Only include vendorWebsite if it's a valid URL (undefined triggers @IsOptional)
+            ...(sanitized && { vendorWebsite: sanitized }),
+          };
+        }),
       },
       {
         headers: token ? { 'X-Internal-Token': token } : undefined,
