Add Tally onboarding intake workflow#335
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds Tally form webhook ingestion to the existing intake pipeline: HMAC signature verification, form-ID allowlisting, Tally-to-intake payload conversion, and job enqueueing. Introduces durable ChangesTally Intake Webhook System
Sequence Diagram(s)sequenceDiagram
participant TallyForm
participant APIHandler as tally_intake_webhook_handler
participant HMACVerify as HMAC / X-API-Secret auth
participant Allowlist as form_id allowlist
participant Worker as process_intake_form_job
participant Processor as IntakeFormProcessor
participant Postgres as onboarding_intake_submissions
participant CRM
TallyForm->>APIHandler: POST /webhooks/tally/onboarding (raw body + Tally-Signature)
APIHandler->>HMACVerify: verify signature against ONBOARDING_TALLY_WEBHOOK_SIGNING_SECRET
HMACVerify-->>APIHandler: 401 if invalid
APIHandler->>Allowlist: check formId in ONBOARDING_TALLY_ALLOWED_FORM_IDS
Allowlist-->>APIHandler: 403 if unset or unapproved
APIHandler->>APIHandler: convert Tally fields → GoogleFormsIntakePayload
APIHandler->>Worker: enqueue process_intake_form_job (tally: idempotency key)
APIHandler-->>TallyForm: 202 queued
Worker->>Processor: process_intake(payload)
alt last_name_is_placeholder
Processor->>Postgres: _persist_intake_submission (contact_id=None)
Processor-->>Worker: pending_review=True
else normal flow
Processor->>CRM: create or update prospect contact
Processor->>Postgres: _persist_intake_submission (contact_id)
Processor->>Processor: _scan_resume_content (subprocess virus scan)
Processor-->>Worker: success
end
Estimated code review effort🎯 5 (Critical) | ⏱️ ~120 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9666b38a48
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Pull request overview
Adds a Tally-based onboarding intake workflow end-to-end (API webhook → queue job → worker CRM updates + durable submission storage), plus admin-dashboard configuration and onboarding-queue surfacing of the latest application details.
Changes:
- Add Tally onboarding intake webhook handler with signature verification, form allowlisting, and legacy
TALLY_*env aliases. - Persist normalized/raw intake submissions into a new
onboarding_intake_submissionstable and surface the latest submission in the onboarding queue API/UI. - Require a configured malware scan command before parsing downloaded resume files (while still accepting/storing intake data).
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/unit/test_worker_config.py | Adds coverage for Tally allowed-form parsing, legacy env aliases, and virus-scan timeout validation. |
| tests/unit/test_runtime_config.py | Verifies new onboarding Tally settings are dashboard-configurable (secrets + CSV allowlist). |
| tests/unit/test_intake_form_processor.py | Updates resume-processing tests for new scan gate; adds coverage for website/weekly-hours intake fields and scan-failure behavior. |
| tests/unit/test_backend_api.py | Adds unit tests for Tally webhook auth, allowlisting, signature verification, and field normalization/enqueueing. |
| packages/shared/src/five08/runtime_config.py | Introduces runtime-config definitions for onboarding Tally API key, signing secret, and allowed form IDs (with legacy env aliases). |
| docs/configuration.md | Documents new Tally intake settings and resume malware scan settings. |
| apps/worker/src/five08/worker/models.py | Adds Pydantic models for Tally webhooks and expands intake aliasing/fields for onboarding questions. |
| apps/worker/src/five08/worker/migrations/versions/20260613_0200_create_onboarding_intake_submissions.py | Creates onboarding_intake_submissions table, indexes, and updated-at trigger. |
| apps/worker/src/five08/worker/crm/intake_form_processor.py | Adds persistence of intake submissions, website link mapping, and malware scan enforcement before resume parsing. |
| apps/worker/src/five08/worker/config.py | Adds onboarding Tally settings + resume scan settings to worker configuration. |
| apps/api/src/five08/backend/api.py | Adds Tally webhook endpoint(s), signature validation, field mapping to intake payload, and onboarding queue enrichment with latest submission JSON. |
| apps/admin_dashboard/src/main.tsx | Surfaces latest intake submission summary in onboarding queue; adds signing-secret generate/copy/hide UX; adjusts config save to return success boolean. |
| .env.example | Adds example env vars for onboarding Tally intake and resume malware scan configuration. |
Comments suppressed due to low confidence (1)
apps/admin_dashboard/src/main.tsx:7483
onSavenow returns a Promise, but the Save button click handler doesn't await it or mark it as intentionally fire-and-forget. This can trigger lint warnings (and makes it easier to accidentally introduce unhandled rejections ifonSavechanges).
<Button
type="button"
size="sm"
onClick={() => onSave(item.key, draft)}
disabled={
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (1)
tests/unit/test_backend_api.py (1)
8717-8792: ⚡ Quick winAdd signature enforcement tests for the canonical onboarding path.
Line 8738 and Line 8763 validate signatures only on
/webhooks/tally, but Line 8677 uses/webhooks/tally/onboardingfor the canonical flow. A route-specific auth regression on/webhooks/tally/onboardingwould currently slip through.Suggested test hardening
+@pytest.mark.parametrize("path", ["/webhooks/tally", "/webhooks/tally/onboarding"]) +def test_tally_intake_accepts_valid_tally_signature_for_all_routes( + client: TestClient, + monkeypatch: pytest.MonkeyPatch, + path: str, +) -> None: + monkeypatch.setattr(api.settings, "onboarding_tally_webhook_signing_secret", "signing-secret") + monkeypatch.setattr(api.settings, "onboarding_tally_allowed_form_ids", "tally-form-1") + body = json.dumps(_TALLY_INTAKE_PAYLOAD, separators=(",", ":")).encode("utf-8") + signature = base64.b64encode( + hmac.new(b"signing-secret", body, hashlib.sha256).digest() + ).decode("ascii") + + with patch("five08.backend.api.enqueue_job") as mock_enqueue: + mock_enqueue.return_value = Mock(id="job-tally-1") + response = client.post( + path, + content=body, + headers={"Content-Type": "application/json", "Tally-Signature": signature}, + ) + + assert response.status_code == 202 + mock_enqueue.assert_called_once()🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@tests/unit/test_backend_api.py` around lines 8717 - 8792, Add parallel signature-enforcement tests for the canonical onboarding endpoint /webhooks/tally/onboarding: duplicate the logic from test_tally_intake_accepts_valid_tally_signature and test_tally_intake_rejects_invalid_tally_signature but target the route "/webhooks/tally/onboarding" and use the same setup of monkeypatching api.settings.onboarding_tally_webhook_signing_secret and computing/setting the Tally-Signature header (or sending an invalid signature) while asserting the expected status codes (202 for valid, 401 for invalid) and enqueue_job behavior (mock_enqueue.assert_called_once / assert_not_called). Ensure you reuse the same body payload encoding/hmac computation as in the existing tests so the verification covers the onboarding route.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@apps/admin_dashboard/src/main.tsx`:
- Around line 7295-7304: The copyGeneratedSecret function currently calls
navigator.clipboard.writeText(secret) without handling rejections, so failing
writes reject and prevent the fallback; update copyGeneratedSecret to wrap the
writeText call in a try/catch (or handle its Promise rejection) and on error
fall back to locating the input by id `generatedSecret-${key}` and calling
select() (or log/surface an error) so the UX still works when clipboard API
fails; reference the function name copyGeneratedSecret and the DOM id pattern
generatedSecret- to locate where to add the try/catch and fallback logic.
In `@apps/api/src/five08/backend/api.py`:
- Around line 7086-7116: The handler currently enqueues only normalized_payload,
dropping the original Tally webhook body; modify the enqueue call so the
canonical/raw Tally payload is passed through to the worker (e.g., add a
raw_payload argument alongside normalized_payload in the args passed to
enqueue_job), using the original payload/tally_payload dump (preserve
aliases/None handling as needed), and keep the idempotency_key logic unchanged;
update the worker (process_intake_form_job) to expect and persist raw_payload
instead of reconstructing it from normalized_payload.
- Around line 743-752: The current _validate_tally_submission treats an empty
settings.onboarding_tally_allowed_form_ids_set as permissive; change it to fail
closed by returning JSONResponse({"error":"invalid_form_id"}, status_code=403)
when allowed_form_ids is empty or missing. In _validate_tally_submission,
reference settings.onboarding_tally_allowed_form_ids_set and
payload.data.form_id: if the set is falsy or empty, immediately return the error
response; otherwise strip payload.data.form_id and allow only when the stripped
form_id is non-empty and present in the allowed set, returning the same 403
JSONResponse for all other cases.
In
`@apps/worker/src/five08/worker/migrations/versions/20260613_0200_create_onboarding_intake_submissions.py`:
- Around line 56-61: The current
sa.UniqueConstraint("source","form_id","submission_id",
name="uq_onboarding_intake_submissions_source_form_submission") allows NULLs and
breaks UPSERTs; replace this UniqueConstraint with a database-level unique index
that normalizes NULLs using COALESCE (e.g., index on source plus
COALESCE(form_id, '') and COALESCE(submission_id, '')) in the migration (replace
the UniqueConstraint declaration in the migration creating
onboarding_intake_submissions), and update the processor SQL that uses ON
CONFLICT to match the index expressions (use ON CONFLICT (source,
COALESCE(form_id, ''), COALESCE(submission_id, '')) so conflicts fire when
form_id or submission_id are NULL).
In `@tests/unit/test_worker_config.py`:
- Around line 153-168: The test
test_legacy_tally_env_aliases_still_populate_onboarding_settings is flaky
because existing ONBOARDING_TALLY_* env vars can override the legacy TALLY_*
aliases; before setting TALLY_API_KEY, TALLY_WEBHOOK_SIGNING_SECRET, and
TALLY_ALLOWED_FORM_IDS, ensure you clear any ONBOARDING_TALLY_API_KEY,
ONBOARDING_TALLY_WEBHOOK_SIGNING_SECRET, and ONBOARDING_TALLY_ALLOWED_FORM_IDS
from the environment (use monkeypatch.delenv or equivalent) so WorkerSettings()
will read the legacy aliases and the assertions on onboarding_tally_api_key,
onboarding_tally_webhook_signing_secret, and
onboarding_tally_allowed_form_ids_set reliably validate the compatibility
behavior.
---
Nitpick comments:
In `@tests/unit/test_backend_api.py`:
- Around line 8717-8792: Add parallel signature-enforcement tests for the
canonical onboarding endpoint /webhooks/tally/onboarding: duplicate the logic
from test_tally_intake_accepts_valid_tally_signature and
test_tally_intake_rejects_invalid_tally_signature but target the route
"/webhooks/tally/onboarding" and use the same setup of monkeypatching
api.settings.onboarding_tally_webhook_signing_secret and computing/setting the
Tally-Signature header (or sending an invalid signature) while asserting the
expected status codes (202 for valid, 401 for invalid) and enqueue_job behavior
(mock_enqueue.assert_called_once / assert_not_called). Ensure you reuse the same
body payload encoding/hmac computation as in the existing tests so the
verification covers the onboarding route.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 88109ddd-b953-47eb-9d5a-668528e4f817
📒 Files selected for processing (13)
.env.exampleapps/admin_dashboard/src/main.tsxapps/api/src/five08/backend/api.pyapps/worker/src/five08/worker/config.pyapps/worker/src/five08/worker/crm/intake_form_processor.pyapps/worker/src/five08/worker/migrations/versions/20260613_0200_create_onboarding_intake_submissions.pyapps/worker/src/five08/worker/models.pydocs/configuration.mdpackages/shared/src/five08/runtime_config.pytests/unit/test_backend_api.pytests/unit/test_intake_form_processor.pytests/unit/test_runtime_config.pytests/unit/test_worker_config.py
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e7e048e627
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
…m-crm-onboarding # Conflicts: # apps/api/src/five08/backend/static/dashboard/.vite/manifest.json # apps/api/src/five08/backend/static/dashboard/assets/index-BOSn0NiV.js # apps/api/src/five08/backend/static/dashboard/index.html
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1a4a979235
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 00cf41cd0c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@apps/worker/src/five08/worker/config.py`:
- Around line 110-112: The configuration field
`intake_resume_require_virus_scan` defaults to `False`, and the validation logic
only checks the `intake_resume_virus_scan_command` when scanning is enabled.
This allows non-local deployments to parse unscanned resumes if the flag is
omitted. Add a validator method (likely a `@field_validator` or similar) that
checks the environment context and enforces that
`intake_resume_require_virus_scan` must be `True` in non-local environments,
while also ensuring the `intake_resume_virus_scan_command` is populated when
scanning is required. This guard should apply wherever environment validation
occurs in the configuration class.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: cea5d9f6-fd30-42e4-bba3-1ae7eb86e455
📒 Files selected for processing (13)
.env.exampleapps/admin_dashboard/src/main.tsxapps/api/src/five08/backend/api.pyapps/api/src/five08/backend/static/dashboard/.vite/manifest.jsonapps/api/src/five08/backend/static/dashboard/assets/index-MEvq0Meo.jsapps/api/src/five08/backend/static/dashboard/index.htmlapps/worker/src/five08/worker/config.pyapps/worker/src/five08/worker/crm/intake_form_processor.pyapps/worker/src/five08/worker/models.pydocs/configuration.mdtests/unit/test_backend_api.pytests/unit/test_intake_form_processor.pytests/unit/test_worker_config.py
✅ Files skipped from review due to trivial changes (3)
- docs/configuration.md
- apps/api/src/five08/backend/static/dashboard/index.html
- apps/api/src/five08/backend/static/dashboard/.vite/manifest.json
🚧 Files skipped from review as they are similar to previous changes (3)
- apps/worker/src/five08/worker/models.py
- apps/api/src/five08/backend/api.py
- apps/admin_dashboard/src/main.tsx
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7b8a82f0e1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
…m-crm-onboarding # Conflicts: # apps/api/src/five08/backend/static/dashboard/.vite/manifest.json # apps/api/src/five08/backend/static/dashboard/assets/index-B-BtbFCt.css # apps/api/src/five08/backend/static/dashboard/assets/index-BoK8s4aw.css # apps/api/src/five08/backend/static/dashboard/assets/index-C6NyLxSa.css # apps/api/src/five08/backend/static/dashboard/index.html
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a0f881fd74
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
apps/admin_dashboard/src/main.tsx (1)
5968-5975:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winPrefer the stable
person.idbefore optional application/display fields.
OnboardingRowowns draft/onboarder state, but application-only rows lackcrm_contact_id; ifsubmission_idis absent or duplicated, the key falls through to non-uniquenamevalues and can reuse row state for the wrong applicant.Proposed fix
- {props.people.map((person) => ( + {props.people.map((person, index) => ( <OnboardingRow key={ person.crm_contact_id || + person.id || person.latest_intake_submission?.submission_id || person.email || - person.name + person.name || + `onboarding-row-${index}` }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@apps/admin_dashboard/src/main.tsx` around lines 5968 - 5975, The key prop for the OnboardingRow component in the map function should prioritize the stable person.id field before falling back to optional application or display fields. Change the key logic to check person.id first, followed by crm_contact_id, submission_id, email, and name in that order. This ensures each row maintains a stable, unique identifier and prevents row state from being reused for the wrong applicant when crm_contact_id or submission_id are missing or duplicated.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In `@apps/admin_dashboard/src/main.tsx`:
- Around line 5968-5975: The key prop for the OnboardingRow component in the map
function should prioritize the stable person.id field before falling back to
optional application or display fields. Change the key logic to check person.id
first, followed by crm_contact_id, submission_id, email, and name in that order.
This ensures each row maintains a stable, unique identifier and prevents row
state from being reused for the wrong applicant when crm_contact_id or
submission_id are missing or duplicated.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: a5faca3d-0101-437c-84f0-4eabad5fe47f
📒 Files selected for processing (7)
apps/admin_dashboard/src/main.tsxapps/api/src/five08/backend/api.pyapps/api/src/five08/backend/static/dashboard/.vite/manifest.jsonapps/api/src/five08/backend/static/dashboard/assets/index-B94wT6z-.cssapps/api/src/five08/backend/static/dashboard/assets/index-juzZ-WBH.jsapps/api/src/five08/backend/static/dashboard/index.htmltests/unit/test_backend_api.py
✅ Files skipped from review due to trivial changes (1)
- apps/api/src/five08/backend/static/dashboard/.vite/manifest.json
🚧 Files skipped from review as they are similar to previous changes (2)
- tests/unit/test_backend_api.py
- apps/api/src/five08/backend/api.py
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 543d16b0c9
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cae126378d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
🧹 Nitpick comments (1)
apps/api/src/five08/backend/static/dashboard/assets/index-B5Jst3Rt.css (1)
1-3: ⚡ Quick winThis is compiled/generated CSS output; stylelint issues should be addressed in the build configuration.
This file is minified Tailwind CSS v4.3.0 output. Stylelint flagged several issues (duplicate
-webkit-text-decoration, deprecatedappearance: button, font-family quoting, casing). These occur in the compiled artifact, not source code, and should be remedied by adjusting the build configuration, Tailwind version, or post-processing rather than manual edits to this file (which would be overwritten on rebuild).If this is checked into the repository as a fingerprinted asset, verify that the build process generates it reproducibly and that the CI/build pipeline is expected to commit built assets.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@apps/api/src/five08/backend/static/dashboard/assets/index-B5Jst3Rt.css` around lines 1 - 3, Do not manually edit this compiled CSS file as it is automatically generated by the Tailwind CSS build process and will be overwritten on rebuild. Instead, investigate the root cause of the stylelint issues (duplicate -webkit-text-decoration, deprecated appearance values, font-family quoting inconsistencies) by examining your Tailwind configuration file, the build pipeline, and post-processing steps. Consider updating Tailwind CSS to the latest version, adjusting your build configuration to handle the compilation more cleanly, or configuring stylelint to ignore known issues in generated artifacts. If this file is committed as a fingerprinted asset, verify the build process generates it reproducibly and document that the CI pipeline is expected to update this generated file rather than manually editing it.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@apps/api/src/five08/backend/static/dashboard/assets/index-B5Jst3Rt.css`:
- Around line 1-3: Do not manually edit this compiled CSS file as it is
automatically generated by the Tailwind CSS build process and will be
overwritten on rebuild. Instead, investigate the root cause of the stylelint
issues (duplicate -webkit-text-decoration, deprecated appearance values,
font-family quoting inconsistencies) by examining your Tailwind configuration
file, the build pipeline, and post-processing steps. Consider updating Tailwind
CSS to the latest version, adjusting your build configuration to handle the
compilation more cleanly, or configuring stylelint to ignore known issues in
generated artifacts. If this file is committed as a fingerprinted asset, verify
the build process generates it reproducibly and document that the CI pipeline is
expected to update this generated file rather than manually editing it.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: c3a998eb-70ca-4e88-a2d5-10f56bcfeece
📒 Files selected for processing (13)
apps/admin_dashboard/src/main.tsxapps/api/src/five08/backend/api.pyapps/api/src/five08/backend/static/dashboard/.vite/manifest.jsonapps/api/src/five08/backend/static/dashboard/assets/index-B5Jst3Rt.cssapps/api/src/five08/backend/static/dashboard/assets/index-S82ik8An.jsapps/api/src/five08/backend/static/dashboard/index.htmlapps/worker/src/five08/worker/config.pyapps/worker/src/five08/worker/crm/intake_form_processor.pyapps/worker/src/five08/worker/migrations/versions/20260613_0300_create_onboarding_intake_submissions.pydocs/configuration.mdtests/unit/test_backend_api.pytests/unit/test_intake_form_processor.pytests/unit/test_worker_config.py
✅ Files skipped from review due to trivial changes (2)
- apps/api/src/five08/backend/static/dashboard/.vite/manifest.json
- docs/configuration.md
🚧 Files skipped from review as they are similar to previous changes (6)
- apps/api/src/five08/backend/static/dashboard/index.html
- apps/worker/src/five08/worker/config.py
- tests/unit/test_worker_config.py
- tests/unit/test_backend_api.py
- apps/admin_dashboard/src/main.tsx
- apps/worker/src/five08/worker/crm/intake_form_processor.py
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4cac54336c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| AND coalesce( | ||
| nullif(btrim(resume_intake.normalized_payload->>'resume_file_name'), ''), | ||
| nullif(btrim(resume_intake.normalized_payload->>'resume_url'), '') | ||
| ) IS NOT NULL |
There was a problem hiding this comment.
When a contact has multiple intake submissions where an older one has resume_url/resume_file_name and a newer one does not, this EXISTS still makes resume=present include the contact, but the lateral latest_intake_submission selected later is ordered only by submission date. _shape_dashboard_people_rows() then sees the newer no-resume payload and renders the row as missing a resume with no link even though it matched the present filter; select the resume-bearing intake for this case or carry the EXISTS result into the shaped status/link data.
Useful? React with 👍 / 👎.
Summary
/webhooks/tally/onboardingwith signature verification, form allowlisting, and compatibility aliases for existingTALLY_*env varsonboarding_intake_submissionstable and surface latest application details in the onboarding queueNotes
Tests
./scripts/test.sh./scripts/lint.shgit diff --checkSummary by CodeRabbit
Release Notes
New Features
Documentation