Skip to content

[comp] Production Deploy #1975

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Marfuen merged 8 commits into from
Jan 6, 2026
Merged

[comp] Production Deploy #1975

Marfuen merged 8 commits into from
Jan 6, 2026

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Jan 5, 2026

This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.

@github-actions @tofikwest
[dev] [tofikwest] tofik/enable-to-use-mention-notification-for-any-pa…
c4eba59 
…ge (#1974)

* feat(comments): add contextUrl for deep-linking in comment notifications

* fix(comments): ensure entity belongs to organization in comment notifications

* refactor(comments): filter mention users to show only admin and owner roles

---------

Co-authored-by: Tofik Hasanov <[email protected]>
@vercel
Copy link

vercel bot commented Jan 5, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
app (staging) Ready Ready Preview, Comment Jan 6, 2026 3:00pm
1 Skipped Deployment
Project Deployment Review Updated (UTC)
portal (staging) Skipped Skipped Jan 6, 2026 3:00pm

@cursor
Copy link

cursor bot commented Jan 5, 2026
edited
Loading

PR Summary

  • Comments & Mentions (API/UI): Add contextUrl to create/update DTOs and OpenAPI; normalize/validate URLs against allowed origins and org paths; expand notifier to support task, vendor, risk, and policy; skip cross-org entities; use contextUrl or fallback routes in emails/Novu. Frontend passes organizationId to Comments, filters mention suggestions to owner/admin, and client hooks include contextUrl automatically.
  • Real-time data (SWR): Introduce use-risks and use-vendors hooks and client pages (RiskPageClient, VendorPageClient) for live detail views; add polling (1s during onboarding, 5s otherwise) to risks/vendors tables, comments, and task items; mutation actions invalidate related SWR keys (lists, detail, comments).
  • Vendors API: findById includes assignee.user and merges most-recent GlobalVendors risk assessment data into the response.
  • Cloud tests API: Read active new-platform connections, backfill from legacy only when not migrated; include both passed/failed results; merge and sort findings by date.
  • Org/session hygiene: Reuse request headers and proactively sync activeOrganizationId in layout/onboarding/upgrade flows to match URL org context.

Written by Cursor Bugbot for commit 0b6cf11. This will update automatically on new commits. Configure here.

@CLAassistant
Copy link

CLAassistant commented Jan 5, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@graphite-app graphite-app bot requested a review from Marfuen January 5, 2026 16:06
@graphite-app
Copy link

graphite-app bot commented Jan 5, 2026

Graphite Automations

"Auto-assign PRs to Author" took an action on this PR • (01/05/26)

1 reviewer was added to this PR based on Mariano Fuentes's automation.

cursor[bot]
cursor bot reviewed Jan 5, 2026
View reviewed changes
@vercel vercel bot temporarily deployed to staging – app January 5, 2026 16:17 Inactive
@github-actions @tofikwest
[dev] [tofikwest] tofik/fix-active-organization-id (#1977)
412bb92 
* feat(layout): optimize header retrieval and sync active organization ID

* refactor(onboarding, upgrade): verify membership before syncing active organization ID

---------

Co-authored-by: Tofik Hasanov <[email protected]>
@vercel vercel bot temporarily deployed to staging – portal January 5, 2026 17:45 Inactive
@github-actions @tofikwest
[dev] [tofikwest] tofik/swr-vendor-risk-mitigations (#1978)
d3f424e 
* feat(risk, vendor): implement RiskPageClient and VendorPageClient for real-time updates due using SWR

* feat(vendor, risk): enhance real-time updates with SWR and normalize API responses

---------

Co-authored-by: Tofik Hasanov <[email protected]>
@vercel vercel bot temporarily deployed to staging – portal January 5, 2026 19:29 Inactive
cursor[bot]
cursor bot reviewed Jan 5, 2026
View reviewed changes
@vercel vercel bot temporarily deployed to staging – portal January 5, 2026 20:52 Inactive
cursor[bot]
cursor bot reviewed Jan 5, 2026
View reviewed changes
apps/app/src/app/(app)/[orgId]/risk/[riskId]/components/RiskPageClient.tsx
// Use SWR for real-time updates with polling
const { risk: swrRisk, isLoading } = useRisk(riskId, {
organizationId: orgId,
});
Copy link

@cursor cursor bot Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SWR hooks not using available initial data for hydration

The RiskPageClient and VendorPageClient components receive initialRisk/initialVendor props from server-side rendering but don't pass them as initialData to the useRisk/useVendor hooks. The hooks were designed to accept initialData to pre-populate SWR's cache and avoid redundant fetches, as indicated by the JSDoc comment "Initial data from server for hydration - avoids loading state on first render". Without this, every page load triggers an unnecessary API call since SWR immediately fetches data that was already fetched server-side. The fallback logic in useMemo works correctly to display content, but the redundant network request impacts performance.

Additional Locations (1)

Fix in Cursor Fix in Web

@vercel vercel bot temporarily deployed to staging – portal January 5, 2026 22:49 Inactive
cursor[bot]
cursor bot reviewed Jan 5, 2026
View reviewed changes
apps/app/src/app/(app)/[orgId]/risk/[riskId]/components/RiskActions.tsx
(key) => typeof key === 'string' && key.includes(`/v1/comments`) && key.includes(riskId),
undefined,
{ revalidate: true },
);
Copy link

@cursor cursor bot Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comments cache invalidation uses wrong key type check

The comments cache invalidation checks typeof key === 'string', but useApiSWR creates SWR keys as arrays [endpoint, organizationId]. Since comments keys are arrays like ['/v1/comments?entityId=...', 'org_123'], the string type check always fails and the cache is never invalidated. The risks/vendors invalidation correctly uses Array.isArray(key) && key[0] === 'risks', but the comments invalidation needs a similar array check like Array.isArray(key) && key[0]?.includes('/v1/comments').

Additional Locations (1)

Fix in Cursor Fix in Web

@vercel vercel bot temporarily deployed to staging – portal January 5, 2026 23:52 Inactive
cursor[bot]
cursor bot reviewed Jan 6, 2026
View reviewed changes
apps/api/src/vendors/vendors.service.ts
website: {
contains: domain,
},
},
Copy link

@cursor cursor bot Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Substring domain match may return wrong vendor data

The findById method uses a substring contains filter to match vendor domains against GlobalVendors records. Since extractDomain returns just the hostname (e.g., "example.com"), the query website: { contains: domain } can match unrelated domains where the target is a substring. For example, searching for "comp.ai" would incorrectly match "notcomp.ai" or "encomp.ai", potentially displaying the wrong vendor's risk assessment data to users.

Fix in Cursor Fix in Web

@vercel vercel bot temporarily deployed to staging – portal January 6, 2026 14:58 Inactive
@Marfuen Marfuen merged commit 68a600d into release Jan 6, 2026
13 of 14 checks passed
@claudfuen
Copy link
Contributor

claudfuen commented Jan 6, 2026

🎉 This PR is included in version 1.73.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@Marfuen Marfuen Awaiting requested review from Marfuen

Assignees

No one assigned

Labels

automated-pr prod-deploy released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@CLAassistant @claudfuen @Marfuen