Skip to content

Release June 3, 2026#403

Merged
y4nder merged 5 commits into
masterfrom
release/june-3-2026
Jun 3, 2026
Merged

Release June 3, 2026#403
y4nder merged 5 commits into
masterfrom
release/june-3-2026

Conversation

@y4nder

@y4nder y4nder commented Jun 3, 2026

Copy link
Copy Markdown
Member

Summary

  • fix: remove [name] redaction from qualitative summary quotes
  • feat: added raw label on the response for topic labels
  • feat: error log admin diagnostics + multi-role dean login fix
  • fix: prevent duplicate moodle_token insert when Moodle rotates token
  • feat: add enable/disable toggle for Moodle sync cron job

Test plan

  • Verify qualitative summary quotes no longer redact names
  • Confirm topic label responses include raw labels
  • Test error log admin endpoints and multi-role dean login
  • Validate Moodle token rotation doesn't cause duplicate inserts
  • Test enable/disable toggle for Moodle sync cron job

🤖 Generated with Claude Code

y4nder and others added 5 commits June 3, 2026 10:03
@y4nder
[STAGING] fix: remove [name] redaction from qualitative summary quotes (
fdd6e66 
#394) (#395)
@y4nder
[STAGING] feat: added raw label on the response for topic labels (#396)
5d6488e
@y4nder @claude
feat: error log admin diagnostics + multi-role dean login fix (#397) (#…
13d86ba 
…398)

Two related changes bundled together — the dean login 500 was the
catalyst for the diagnostic page, so both ship in the same PR.

## Error log admin diagnostics

Captures unhandled 5xx exceptions so they're visible on the admin
console instead of vanishing into a generic 500 response.

- new `error_log` table (entity + migration) — never soft-deleted,
  indexed on status_code / path / user_id / error_name /
  acknowledged_at / occurred_at for filter performance
- `SystemErrorsModule` (`src/modules/system-errors/`) mirrors
  `AuditModule` shape: `ErrorLogService.Emit()` async-enqueues via
  BullMQ, `ErrorLogProcessor` persists, `ErrorLogQueryService` handles
  paginated reads + acknowledge flow, `ErrorLogController` exposes
  `/error-logs` endpoints behind a `@UseJwtGuard(SUPER_ADMIN)`
- `ErrorCaptureFilter` global exception filter: catches everything,
  only persists ≥500, redacts sensitive keys
  (`password`/`token`/`refreshToken`/`authorization` etc.) and caps
  payload depth/breadth/string length, then defers to
  `BaseExceptionFilter` so the wire response is byte-identical to today
- `ErrorLogCleanupJob` daily at 04:00 UTC — 90-day retention via
  `nativeDelete` on `occurred_at`
- 12 new unit tests covering sanitizer behaviour and filter capture
  paths (4xx skipped, 5xx captured, non-http hosts skipped, capture
  failures swallowed without re-throwing)

## Multi-role dean login fix (ucmn-t-67092)

Adds defensive guards to `MoodleUserHydrationService.resolveInstitutionalRoles`
so users with both DEAN and CHAIRPERSON institutional roles can log in
when the populated `moodleCategory` relation is null (soft-delete filter
or drift after Moodle restructure). Seven previously-unguarded
`ir.moodleCategory.moodleCategoryId` dereferences now optional-chain
+ filter; orphaned auto rows are now removed instead of crashing.
Regression tests cover both DEAN-orphan and CHAIRPERSON-orphan shapes.

Single-role deans skip the (DEAN ∧ CHAIRPERSON) cleanup branch, which
is why only the intersection user tripped the TypeError.

## Migration scope (verified safe on staging)

This migration also adds `analysis_pipeline_trigger_check` —
`@Enum(() => PipelineTrigger)` is declared on the entity but the CHECK
was missing from the DB. Verified: 0 violating rows, no name collision.

Does NOT include the CLI-suggested
`drop index uq_analysis_pipeline_active_scope`. That's the FAC-132
partial unique index — MikroORM decorators can't represent it (see
new gotcha entry in `src/entities/CLAUDE.md`) and dropping it would
reintroduce the duplicate-active-pipeline bug it fixed.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@y4nder @claude
fix: prevent duplicate moodle_token insert when Moodle rotates token (#…
c97c8db 
…399) (#400)

Surfaced by the new error log page on staging — login for
`ucmn-t-67092` (and `harvie`) was failing with

  duplicate key value violates unique constraint
  "moodle_token_moodle_user_id_unique"
  Key (moodle_user_id)=(5) already exists

The "rotated token" branch in `MoodleTokenRepository.UpsertFromMoodle`
kept the existing row alive (just flipping `isValid = false`) and then
called `this.create(...)` to insert a *second* row carrying the same
`moodleUserId`. The column-level UNIQUE constraint on `moodle_user_id`
rejected the insert at flush time → unhandled 500. Users whose token
had not yet rotated (string-equal to the stored one) hit the second
branch which updated in place and worked, which is why this was
intermittent.

Two compounding factors:

1. The find was keyed by `user.id`. When the local `User` row was
   recreated with a fresh UUID (or the existing token was soft-deleted),
   the find returned `null`, the create-path ran, and the unique
   constraint still saw the orphaned row.

2. The global soft-delete filter hid candidate rows that would have
   matched, so an in-place mutation never happened.

Fix:

- Look up by `moodleUserId` (the unique key) with
  `filters: { softDelete: false }` so the find is resilient to rotated
  tokens, soft-deleted rows, and re-created local users.
- On hit, mutate the row in place: new token string, refreshed
  validation timestamps, rebind `user` to the current local user, clear
  `deletedAt`. Never create a second row — the unique constraint forbids
  it and the semantic intent ("one current token per Moodle user") is
  preserved.
- Defensive precondition: throw if `user.moodleUserId` is missing,
  mirroring `MoodleToken.Create`.

Adds repo-level unit tests covering: first-login, validation refresh
(same token re-presented), rotated token (the failing case), and
soft-deleted row revival.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@y4nder @claude
feat: add enable/disable toggle for Moodle sync cron job (#401) (#402)
e9f178d 
Extend the sync schedule endpoint to support an `enabled` flag persisted
via SystemConfig. The scheduler uses CronJob stop/start to fully disable
the cron while keeping manual sync available.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@y4nder y4nder self-assigned this Jun 3, 2026
@y4nder y4nder merged commit 10754fc into master Jun 3, 2026
3 checks passed
github-code-quality[bot]
github-code-quality Bot found potential problems Jun 3, 2026
View reviewed changes
Comment thread src/modules/system-errors/lib/sanitize-request.spec.ts
let node: unknown = result;
let saw = false;
for (let i = 0; i < 20 && typeof node === 'object' && node !== null; i++) {
if (node === '[TRUNCATED_DEPTH]') {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@github-code-quality github-code-quality[bot] github-code-quality[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@y4nder y4nder

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@y4nder