Skip to content

[comp] Production Deploy#2673

Merged
Marfuen merged 55 commits intoreleasefrom
main
Apr 28, 2026
Merged

[comp] Production Deploy#2673
Marfuen merged 55 commits intoreleasefrom
main

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Apr 24, 2026
edited by cubic-dev-ai Bot
Loading

This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.

Summary by cubic

Moves Statement of Applicability into Documents with an overview card, approval/decline tracking, and PDF export, and strengthens scheduling across automations and integration checks with a shared “due today” helper and tests. Also supports selecting specific policies in “Download All,” splits the GitHub sanitized inputs check, updates docs/build scripts, and fixes GWS 2FA filter parsing.

  • New Features

    • SOA (CS-277): Added export-to-PDF endpoint and jsPDF generator; moved SOA UI to Documents with overview card, section, and export button; tracks approvedAt and declinedAt; added controller/service tests and non-empty DTO validation; included SOA in documents score and ISO 27001 framework detection.
    • Scheduling: Introduced isDueToday with unit tests; orchestrators now filter via filterDueAutomations/filterDueTasks and only write last-run when execution happened (retry on infra errors); browser automation records evaluationStatus; DTOs use TaskFrequency and PATCH endpoints accept scheduleFrequency; Swagger/response DTOs expose integrationScheduleFrequency and integrationLastRunAt.
    • Policies: Download picker supports search/status groups and selecting visible/all; API accepts policyIds via CSV or repeated keys and dedupes.
    • Integrations: Split GitHub sanitized inputs into separate Input Validation and Code Scanning checks; runner aggregates results; IDs remain compatible.
    • Docs/Infra: Added AGENTS.md and skills; standardized bun/bunx usage; @trycompai/db publishes flattened dist/schema.prisma.

  • Bug Fixes

    • SOA: Correct approval/decline status handling, export classification for declined cases, pagination in PDF, and error handling to avoid infinite loading.
    • Google Workspace: Coerce target_org_units to array in 2FA user filter to prevent crashes.

Written for commit e56a698. Summary will update on new commits. Review in cubic

chasprowebdev and others added 26 commits April 23, 2026 11:40
@chasprowebdev
fix(app): move 'Statement of Applicability' from Questionnaire to Doc…
5fa4861 
…uments
@chasprowebdev
fix(app): update approval status after approving of 'Statement of App…
d8a9a8d 
…licability'
@chasprowebdev
fix(app): show approval status on Statement of Applicability card in …
4d6e854 
…documents
@chasprowebdev
fix(api): include soa to documents score
10c67f7
@chasprowebdev
fix(api): create endpoint to export soa into pdf
7364c58
@chasprowebdev
fix(app): export Statement of Applicability as pdf
e6731b2
@chasprowebdev
fix(api): add metrics to SOA pdf document
1d3f903
@chasprowebdev
Merge branch 'main' of https://github.com/trycompai/comp into chas/mo…
74fac2d 
…ve-statement-of-applicability
@chasprowebdev
fix(app): add organizationId to frameworks SWR cache
fd5ba8b
@chasprowebdev
fix(app): remove use of hasISO27001Framework on CompanyOverviewCards
49c1673
@chasprowebdev
fix(app): remove use of ai-vendor-questionnaire FF for SOA page
993e89b
@chasprowebdev
fix(api): fix pagination overflow for long question blocks in soa pdf
589f285
@tofikwest
Merge branch 'main' into chas/move-statement-of-applicability
37e7d15
@chasprowebdev
fix(api): correct SOA export classification for declined cases
ada6b5e
@chasprowebdev
fix(app): use exact role checks instead of substring matching
760c304
@chasprowebdev
fix(api): add coverage for SOA export endpoint
24f9791
@chasprowebdev
Merge branch 'chas/move-statement-of-applicability' of https://github…
3ab3698 
….com/trycompai/comp into chas/move-statement-of-applicability
@chasprowebdev
Merge branch 'main' of https://github.com/trycompai/comp into chas/mo…
94ad0ab 
…ve-statement-of-applicability
@chasprowebdev
fix(framework-editor): add SOA document to ISO 27001 framework
a5e8988
@chasprowebdev
Merge branch 'main' of https://github.com/trycompai/comp into chas/mo…
10fbfb1 
…ve-statement-of-applicability
@github-actions
chore: merge release v3.33.1 back to main [skip ci]
56f5ae2
@chasprowebdev
fix(app): handle serverApi.post errors to prevent infinite loading on…
2f12556 
… SOA page
@chasprowebdev
fix(api): correct SOA completion logic based on approvedAt for SOA
38642ba
@chasprowebdev
fix(app): avoid defaulting to 'Not approved' before SOA status loads
140db39
@chasprowebdev
Merge branch 'main' of https://github.com/trycompai/comp into chas/mo…
fbd4b09 
…ve-statement-of-applicability
@github-actions @Marfuen
feat: allow selecting which policies to download when clicking downlo…
46b9575 
…ad all

* feat(policies): allow filtering download-all by policyIds

* feat(policies): parse policyIds query param on download-all endpoint

* fix(policies): use typed mockAuthContext in controller spec

* feat(policies): add policy download picker sheet

* feat(policies): open download picker sheet from Download All button

* chore(policies): import icons from design-system re-export

* fix(policies): reset picker selection on reopen and accept array policyIds

Addresses cubic review on PR #2672:
- PolicyDownloadSheet: reset selection to current policy IDs whenever the
  sheet opens or the policies prop changes, so reopens and upstream data
  refreshes don't leave stale or deleted IDs selected.
- Controller: accept repeated-key array form (?policyIds=a&policyIds=b)
  in addition to comma-separated, and flatten both into a single deduped
  string[].

---------

Co-authored-by: Mariano <marfuen98@gmail.com>
@carhartlewis
Merge pull request #2679 from trycompai/lewis/comp-skills-fix
144876e 
[dev] [carhartlewis] lewis/comp-skills-fix
tofikwest and others added 2 commits April 27, 2026 10:21
@tofikwest
fix(gws): coerce target_org_units to array in check-user-filter
65e60cc 
The target_org_units variable (multi-select) can be stored as a string
when a single value is saved. The code assumed it was always an array,
causing .join() and .some() to crash with 'join is not a function'.

Coerce string values to a single-element array in parseGoogleWorkspaceCheckUserFilter.

Fixes: Snoonu customer GWS 2FA check failing with 'userFilterConfig.targetOrgUnits.join is not a function'
@tofikwest
Merge pull request #2680 from trycompai/fix/gws-target-org-units-arra…
98290b6 
…y-coercion

fix(gws): coerce target_org_units to array in check-user-filter
@vercel vercel Bot temporarily deployed to staging – portal April 27, 2026 14:27 Inactive
tofikwest and others added 3 commits April 27, 2026 11:49
@tofikwest @claude
feat(integrations): split GitHub sanitized inputs check into two auto…
9463c5a 
…mations

Splits the combined "Sanitized Inputs & Code Scanning" GitHub check into
two separate IntegrationChecks so each renders as its own card in the
integrations UI:

- input_validation - "Input Validation" - scans for validation libraries
  in package.json / requirements.txt / pyproject.toml / composer.json
- code_scanning - "Code Scanning" - detects CodeQL default setup,
  custom CodeQL workflows, or third-party SARIF uploaders

Both checks remain mapped to the existing sanitizedInputs task template;
the runner aggregates pass/fail across checks per task, so auto-completion
behavior is preserved (task only completes when both pass for every repo).

Detection logic is unchanged - the JS/PY/PHP package catalogs and the
CodeQL detection flow (default-setup API + workflow file fallback) move
verbatim into the new files. Shared catalogs are extracted to
validation-libraries.ts; CodeQL detection helpers are extracted to
code-scanning-detector.ts to keep each file under the 300-line limit.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@tofikwest @claude
refactor(integrations): keep sanitized-inputs.ts in place, only add c…
07739f8 
…ode-scanning

Reverts the previous split structure to a more conservative approach:
keep sanitized-inputs.ts (and its check id 'sanitized_inputs') and just
strip the code-scanning logic out of it. Code scanning becomes a single
new self-contained file (code-scanning.ts).

This preserves continuity for existing customers:
- IntegrationCheckRun records under 'sanitized_inputs' continue to be
  the same automation
- IntegrationConnection.metadata.disabledTaskChecks entries that
  reference 'sanitized_inputs' remain valid

Removes the helper modules (input-validation.ts, validation-libraries.ts,
code-scanning-detector.ts) introduced in the previous commit.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@tofikwest
Merge pull request #2683 from trycompai/feat/split-sanitized-inputs-c…
413088b 
…heck

feat(integrations): split GitHub sanitized inputs check into two automations
@vercel vercel Bot temporarily deployed to staging – portal April 27, 2026 16:32 Inactive
@Marfuen Marfuen merged commit 5ba93a0 into release Apr 28, 2026
14 checks passed
@claudfuen
Copy link
Copy Markdown
Contributor

claudfuen commented Apr 28, 2026

🎉 This PR is included in version 3.34.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

automated-pr prod-deploy released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@claudfuen @Marfuen @chasprowebdev @tofikwest @carhartlewis