Skip to content

fix: resolve recent PR review findings#551

Merged
BigSimmo merged 4 commits into
mainfrom
codex/fix-48h-review-findings-current
Jul 13, 2026
Merged

fix: resolve recent PR review findings#551
BigSimmo merged 4 commits into
mainfrom
codex/fix-48h-review-findings-current

Conversation

@BigSimmo

@BigSimmo BigSimmo commented Jul 13, 2026

Copy link
Copy Markdown
Owner

Summary

  • harden auth-bound browser work against token refreshes, account switches, and stale response commits
  • disable anonymous answer caching/coalescing and prevent duplicate replacement runs after a failed in-flight request
  • fix partial uploads, new-chat reset, routed mockup/search behavior, tools selection, and empty clipboard evidence headings
  • scope SAST advisory behavior to the Semgrep step and make workflow contract checks structurally aware
  • harden scratch drift replay and tsx resolution in sibling worktrees; correct privacy and staging documentation
  • count privacy-redacted answer events in SLO metrics while excluding search-observation rows

Verification

  • Ran npm run verify:pr-local: passed (1,762 tests passed, 1 skipped; production build and client-bundle secret scan passed; offline RAG 60/60)
  • Did not complete npm run verify:ui: the full Chromium runner hung without reporting a failed test. Ran npm run test:e2e:critical: passed (8/8); hosted advisory UI remains enabled.
  • Did not run npm run verify:release: it includes broader provider/governance release gates; required PR checks are running hosted.
  • Did not run npm run eval:retrieval:quality: not applicable because no retrieval ranking, selection, chunking, or scoring behavior changed.
  • Did not run npm run eval:rag -- --limit 15 or npm run eval:quality -- --rag-only: not applicable because no generation prompt or clinical answer post-processing changed.
  • Ran npm run check:production-readiness: passed as READY with the configured Clinical KB Database project.
  • Did not run npm run check:deployment-readiness: not applicable because no deployment startup or hosting behavior changed.

Additional evidence:

  • Ran npm run test -- tests/answer-slo.test.ts tests/production-mockup-boundary.test.ts tests/auth-request-lifecycle.test.ts: passed (10/10).
  • Ran npm run check:github-actions: passed.
  • Ran npm run typecheck: passed.
  • Ran node --env-file=C:\Dev\Apps\Database\.env.local scripts/run-tsx.mjs scripts/check-drift.ts: completed with five expected differences, all explained by the unapplied migrations merged in fix: remediate repository review and reconcile Supabase drift #540; no unexplained drift and no live mutation.
  • Ran git diff --check and pre-commit staged diff checks: passed.

Clinical Governance Preflight

  • Source-backed claims still require linked source verification before clinical use
  • No patient-identifiable document workflow was introduced or expanded without explicit governance approval
  • Supabase target remains Clinical KB Database (sjrfecxgysukkwxsowpy)
  • Service-role keys and private document access remain server-only
  • Demo/synthetic content remains clearly separated from real clinical sources
  • Source metadata, review status, and outdated/unknown-source behavior remain conservative
  • Deployment classification/TGA SaMD impact checked: no decision-support classification expansion

Notes

@supabase

supabase Bot commented Jul 13, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project sjrfecxgysukkwxsowpy because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 4ada0ec2-2a66-4a87-848f-0cbb9b0818f0

📥 Commits

Reviewing files that changed from the base of the PR and between 4b86105 and 881a242.

📒 Files selected for processing (1)
  • tests/answer-slo.test.ts
🚧 Files skipped from review as they are similar to previous changes (1)
  • tests/answer-slo.test.ts

📝 Walkthrough

Summary by CodeRabbit

  • Bug Fixes

    • Prevented anonymous answer data from being cached.
    • Improved protection against stale responses after authentication changes.
    • Fixed upload completion behavior for duplicate and failed files.
    • Improved concurrent answer recovery when a request is cancelled.
    • Updated document-search navigation and tool preview selection.
  • Documentation

    • Clarified privacy safeguards and staging setup instructions.
  • Security

    • Improved scan validation and handling of security findings.

Walkthrough

This PR strengthens workflow validation and readiness checks, hardens authentication and answer caching, updates upload and navigation behavior, improves CLI resolution, and refreshes privacy, review, and staging documentation with corresponding tests.

Changes

Workflow and developer tooling

Layer / File(s) Summary
Structured workflow contracts
.github/workflows/sast.yml, scripts/check-github-action-pins.mjs, scripts/yaml-contract.mjs, tests/yaml-contract.test.ts
Workflow checks now scope validation to named jobs and steps, including Semgrep advisory behavior, scan targets, CLI pins, and cache gates.
TSX CLI resolution fallback
scripts/resolve-tsx-cli.mjs, scripts/run-tsx.mjs, tests/resolve-tsx-cli.test.ts
TSX CLI resolution falls back through repository ancestors and Git worktrees when direct resolution fails.
Sustained database readiness
scripts/generate-drift-manifest.ts
PostgreSQL readiness must succeed across consecutive checks before drift generation proceeds.

Runtime request, cache, and answer handling

Layer / File(s) Summary
Authentication epoch protection
src/lib/auth-request-lifecycle.ts, src/lib/supabase/client.tsx, src/components/ClinicalDashboard.tsx, tests/auth-request-lifecycle.test.ts, tests/answer-lifecycle.test.ts
Dashboard requests discard stale-auth responses, session fingerprints remain stable across token rotation, and answer lifecycle resets are handled.
Owner-gated cache and coalescing
src/lib/rag-cache.ts, src/lib/rag.ts, tests/anonymous-answer-cache-policy.test.ts, tests/rag-answer-fallback.test.ts
Anonymous answer caching and inflight coalescing are disabled, while failed coalesced requests can adopt replacement inflight work.
Storage, rendering, and SLO resilience
src/lib/private-search-scope.ts, src/lib/answer-render-policy.ts, src/lib/observability/answer-slo.ts, tests/private-search-scope.test.ts, tests/answer-render-policy.test.ts, tests/answer-slo.test.ts
Storage failures return null, empty visual evidence is omitted, and SLO queries exclude search observations.

UI navigation and upload flows

Layer / File(s) Summary
Upload completion outcomes
src/components/clinical-dashboard/DocumentManagerPanel.tsx, tests/upload-outcome.test.ts
Upload completion derives refresh, input-clearing, failure, and progress behavior from classified outcomes.
Search and tool preview wiring
src/components/differentials/differentials-home-page.tsx, src/components/tools-page-mockups/tools-page-mockup-page.tsx, tests/production-mockup-boundary.test.ts
Suggested differential searches share routed navigation, and filtered tool results support selection and preview state.
Document-search route behavior
src/proxy.ts, tests/proxy.test.ts
Document-search source routes remain renderable, while the command route redirects to document search.

Review and operational documentation

Layer / File(s) Summary
Documentation updates
docs/branch-review-ledger.md, docs/privacy-impact-assessment.md, docs/staging-setup.md
Review revalidation, anonymous cache policy, owner-scoped cache keys, and staging schema instructions are documented.

Estimated code review effort: 4 (Complex) | ~45 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 10 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 17.24% which is insufficient. The required threshold is 70.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (10 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately summarizes the main change: resolving recent PR review findings.
Description check ✅ Passed The description follows the required template and includes summary, verification, governance preflight, and notes.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Generated And Sensitive Files ✅ Passed No secrets, tokens, private keys, .env files, logs, caches, build outputs, or local artifacts were present; the PR only adds docs/tests/scripts and workflow/code changes.
Verification Claims ✅ Passed Verification notes name exact commands/results (npm run verify:pr-local, npm run verify:ui, npm run check:drift); no vague pass-only claim found.
Risky Git Or Deployment Actions ✅ Passed No risky git or deployment instructions were added; staging actions are gated by explicit confirmations and limited to staging-only resources.
Supabase Project And Schema Safety ✅ Passed HEAD only touches tests/answer-slo.test.ts; no Supabase migrations, schema, env examples, or project refs were changed, and staging docs still target a separate staging project.
Runtime And Package Manager Integrity ✅ Passed No package-manager/runtime weakening found: package.json, lockfile, .npmrc, .nvmrc unchanged; repo still pins npm@11.17.0/Node 24 with engine-strict=true.
Api Route Failure Handling ✅ Passed Touched RAG/search/upload/auth paths already catch provider/RPC/network errors and fall back deterministically; missing env/auth cases are handled explicitly.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/fix-48h-review-findings-current
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch codex/fix-48h-review-findings-current

Comment @coderabbitai help to get the list of available commands.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f33fbc6cc5

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/lib/observability/answer-slo.ts Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
src/components/ClinicalDashboard.tsx (1)

1456-1497: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Missing error handling in loadMoreDocuments for authBoundFetch abort/failure.

Unlike every other authBoundFetch consumer touched in this PR (retryJob, reindexDocument, mutateDocumentLabel, bulkReindexSelected, bulkUpdateMetadata), loadMoreDocuments has no catch block. authBoundFetch now deliberately throws DOMException("Stale authentication epoch", "AbortError") when the epoch goes stale after fetch resolves, and response.json() here has no .catch() fallback either. Since this is invoked as a fire-and-forget UI callback (onLoadMoreDocuments={loadMoreDocuments}), any such throw becomes an unhandled promise rejection instead of being silently discarded like the sibling handlers.

🔧 Proposed fix
   const loadMoreDocuments = useCallback(async () => {
     if (!documentsPagination?.hasMore || loadingMoreDocuments || !canUsePrivateApis) {
       return;
     }

     setLoadingMoreDocuments(true);
     try {
       const protectedHeaders = clientDemoMode ? undefined : authorizationHeader;
       const { response, requestEpoch } = await authBoundFetch(
         `/api/documents?limit=${documentPageSize}&offset=${documentsPagination.nextOffset}`,
         { headers: protectedHeaders },
       );
       if (response.status === 401) {
         markSessionExpired();
         return;
       }
       if (!response.ok) {
         if (!isAuthEpochCurrent(requestEpoch)) return;
         setApiUnavailable(true);
         return;
       }
-      const payload = await response.json();
+      const payload = await response.json().catch(() => null);
+      if (!payload) return;
       if (!isAuthEpochCurrent(requestEpoch)) return;
       const nextDocuments = (payload.documents ?? []) as ClinicalDocument[];
       setDocuments((current) => {
         const seen = new Set(current.map((document) => document.id));
         return [...current, ...nextDocuments.filter((document) => !seen.has(document.id))];
       });
       setDocumentsPagination(payload.pagination ?? null);
+    } catch (error) {
+      if (!isAbortError(error)) setApiUnavailable(true);
     } finally {
       setLoadingMoreDocuments(false);
     }
   }, [...]);
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/components/ClinicalDashboard.tsx` around lines 1456 - 1497, Add catch
handling to loadMoreDocuments for authBoundFetch, response.json(), and other
asynchronous failures so fire-and-forget invocation does not produce unhandled
promise rejections. Silently discard stale-authentication AbortError failures,
matching the behavior of sibling handlers such as retryJob and reindexDocument,
while preserving the existing loadingMoreDocuments cleanup in finally.
🧹 Nitpick comments (2)
scripts/check-github-action-pins.mjs (1)

75-77: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Hardcoded version duplicates expectedSupabaseCliVersion.

Line 75 embeds the literal 2\.108\.0 in the regex instead of building it from expectedSupabaseCliVersion (declared at Line 38). Bumping the constant without updating this regex (or a typo in either place) desynchronizes the pin check from its own source of truth.

♻️ Proposed fix to derive the regex from the constant
-if (!/^  SUPABASE_CLI_VERSION: 2\.108\.0$/m.test(ciWorkflow)) {
+const pinnedVersionPattern = expectedSupabaseCliVersion.replace(/\./g, "\\.");
+if (!new RegExp(`^  SUPABASE_CLI_VERSION: ${pinnedVersionPattern}$`, "m").test(ciWorkflow)) {
   failures.push(`ci.yml: global SUPABASE_CLI_VERSION must remain pinned to ${expectedSupabaseCliVersion}.`);
 }
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/check-github-action-pins.mjs` around lines 75 - 77, Update the
SUPABASE_CLI_VERSION validation in the ci workflow check to derive the regex
from expectedSupabaseCliVersion instead of hardcoding 2.108.0. Escape or
otherwise safely interpolate the constant so version bumps keep the check
synchronized, while preserving the existing failure message and validation
behavior.
src/lib/supabase/client.tsx (1)

289-289: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Optional: tighten authSessionFingerprint's status param type.

authSessionFingerprint(status: string, ...) accepts a bare string; using AuthStatus (imported from this file) instead would let the type checker catch drift if the status union changes.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/supabase/client.tsx` at line 289, Update the authSessionFingerprint
function’s status parameter from string to the imported AuthStatus type, while
preserving its existing behavior and call sites.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@src/components/ClinicalDashboard.tsx`:
- Around line 1456-1497: Add catch handling to loadMoreDocuments for
authBoundFetch, response.json(), and other asynchronous failures so
fire-and-forget invocation does not produce unhandled promise rejections.
Silently discard stale-authentication AbortError failures, matching the behavior
of sibling handlers such as retryJob and reindexDocument, while preserving the
existing loadingMoreDocuments cleanup in finally.

---

Nitpick comments:
In `@scripts/check-github-action-pins.mjs`:
- Around line 75-77: Update the SUPABASE_CLI_VERSION validation in the ci
workflow check to derive the regex from expectedSupabaseCliVersion instead of
hardcoding 2.108.0. Escape or otherwise safely interpolate the constant so
version bumps keep the check synchronized, while preserving the existing failure
message and validation behavior.

In `@src/lib/supabase/client.tsx`:
- Line 289: Update the authSessionFingerprint function’s status parameter from
string to the imported AuthStatus type, while preserving its existing behavior
and call sites.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 026c2f3d-7001-47a8-add9-6c0372f45c79

📥 Commits

Reviewing files that changed from the base of the PR and between 4973566 and f33fbc6.

📒 Files selected for processing (33)
  • .github/workflows/sast.yml
  • docs/branch-review-ledger.md
  • docs/privacy-impact-assessment.md
  • docs/staging-setup.md
  • scripts/check-github-action-pins.mjs
  • scripts/generate-drift-manifest.ts
  • scripts/resolve-tsx-cli.mjs
  • scripts/run-tsx.mjs
  • scripts/yaml-contract.mjs
  • src/components/ClinicalDashboard.tsx
  • src/components/clinical-dashboard/DocumentManagerPanel.tsx
  • src/components/differentials/differentials-home-page.tsx
  • src/components/tools-page-mockups/tools-page-mockup-page.tsx
  • src/lib/answer-render-policy.ts
  • src/lib/auth-request-lifecycle.ts
  • src/lib/observability/answer-slo.ts
  • src/lib/private-search-scope.ts
  • src/lib/rag-cache.ts
  • src/lib/rag.ts
  • src/lib/supabase/client.tsx
  • src/proxy.ts
  • tests/anonymous-answer-cache-policy.test.ts
  • tests/answer-lifecycle.test.ts
  • tests/answer-render-policy.test.ts
  • tests/answer-slo.test.ts
  • tests/auth-request-lifecycle.test.ts
  • tests/private-search-scope.test.ts
  • tests/production-mockup-boundary.test.ts
  • tests/proxy.test.ts
  • tests/rag-answer-fallback.test.ts
  • tests/resolve-tsx-cli.test.ts
  • tests/upload-outcome.test.ts
  • tests/yaml-contract.test.ts
💤 Files with no reviewable changes (1)
  • src/proxy.ts

@BigSimmo

Copy link
Copy Markdown
Owner Author

Addressed the CodeRabbit follow-ups in 4b86105: load-more now absorbs expected auth aborts and surfaces genuine failures, and the Actions policy check derives its version regex from the single pinned Supabase CLI constant. The optional auth status typing suggestion was left unchanged because the helper intentionally stays independent of the provider-local AuthStatus type. Focused tests, Actions policy validation, typecheck, formatting, and lint pass.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/answer-slo.test.ts`:
- Around line 16-18: Update the test double’s is() method in the answer SLO
tests to record both the column and comparison value, then assert { column:
"metadata->>event_type", value: null } for each of the three queries. Apply the
same change to the additional is() occurrence referenced in the comment while
preserving the existing query assertions.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 8dcfe61d-01f4-495b-8676-4154861e25fb

📥 Commits

Reviewing files that changed from the base of the PR and between f33fbc6 and d5d97ad.

📒 Files selected for processing (2)
  • src/lib/observability/answer-slo.ts
  • tests/answer-slo.test.ts

Comment thread tests/answer-slo.test.ts Outdated
@BigSimmo
BigSimmo merged commit 3f739cd into main Jul 13, 2026
16 of 17 checks passed
@BigSimmo
BigSimmo deleted the codex/fix-48h-review-findings-current branch July 13, 2026 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant