Skip to content

Bind answer feedback to generated responses#631

Merged
BigSimmo merged 2 commits into
mainfrom
codex/answer-feedback-binding
Jul 13, 2026
Merged

Bind answer feedback to generated responses#631
BigSimmo merged 2 commits into
mainfrom
codex/answer-feedback-binding

Conversation

@BigSimmo

@BigSimmo BigSimmo commented Jul 13, 2026

Copy link
Copy Markdown
Owner

Summary

  • issue a 24-hour server-signed feedback token for each non-demo answer response
  • bind feedback acceptance to the signed interaction ID and exact answer hash before database insertion
  • keep demo and unsigned/expired answers fail-closed and add tamper, expiry, route, JSON, SSE, and demo coverage

Why

PR #611 recovered privacy-minimised answer feedback but accepted arbitrary UUID interaction IDs. This follow-up implements the deferred recommendation without adding a live schema migration or persisting answer text.

Areas touched

  • answer JSON and SSE response metadata
  • answer feedback request validation
  • dashboard feedback submission contract
  • focused token, route, and private-access tests

Verification

  • npm run verify:pr-local -- --files src/lib/answer-feedback-token.ts,src/app/api/answer-feedback/route.ts,src/app/api/answer/route.ts,src/app/api/answer/stream/route.ts,src/components/ClinicalDashboard.tsx,src/lib/types.ts,tests/answer-feedback-route.test.ts,tests/answer-feedback-token.test.ts,tests/private-access-routes.test.ts — passed
    • format, lint, type-check, 2,209 tests, production build, client-secret scan, and 277 offline RAG tests passed
  • npm test -- tests/answer-feedback-token.test.ts tests/answer-feedback-route.test.ts tests/private-access-routes.test.ts — 118 passed after refreshing from main
  • npm run check:production-readiness with OpenAI/Supabase credentials removed — local runtime and query-secret guards passed; expected live-configuration checks failed because provider credentials were deliberately unavailable
  • npm run ensure && npm run verify:ui — timed out after 15 minutes without a final Playwright result; all task-owned server/browser processes were stopped

Production readiness / governance

  • no retrieval, ranking, answer wording, clinical thresholds, source governance, or model-routing behavior changes
  • no database migration, live Supabase mutation, OpenAI request, or other provider-backed validation was run
  • token signing reuses the production-required server-only query-hash secret with a distinct HMAC context; tokens expire after 24 hours and are never issued for demo answers

Risk / limitations

  • answers produced before deployment or after signing-secret rotation cannot submit feedback and prompt the user to rerun the question
  • hosted required checks remain the clean-environment acceptance gate, particularly for UI coverage

Summary by CodeRabbit

  • New Features

    • Added secure feedback tokens to answer responses.
    • Feedback submissions now validate the token before recording feedback.
    • Added feedback metadata to standard and streaming answer responses.
  • Bug Fixes

    • Invalid, expired, or tampered feedback tokens are rejected without saving feedback.
    • Users are prompted to rerun older answers that lack traceable feedback data.

BigSimmo added 2 commits July 14, 2026 05:06
Issue short-lived server-signed tokens for non-demo answers and require a matching interaction ID and answer hash before feedback is stored. Verified with the PR-local gate and focused feedback/access tests.
@supabase

supabase Bot commented Jul 13, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project sjrfecxgysukkwxsowpy because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 88483f77-b292-46f7-b1e8-5342da2e5582

📥 Commits

Reviewing files that changed from the base of the PR and between 3737598 and 9c1e917.

📒 Files selected for processing (9)
  • src/app/api/answer-feedback/route.ts
  • src/app/api/answer/route.ts
  • src/app/api/answer/stream/route.ts
  • src/components/ClinicalDashboard.tsx
  • src/lib/answer-feedback-token.ts
  • src/lib/types.ts
  • tests/answer-feedback-route.test.ts
  • tests/answer-feedback-token.test.ts
  • tests/private-access-routes.test.ts

📝 Walkthrough

Walkthrough

Answer responses now include signed feedback metadata when configured. The feedback endpoint requires and verifies the token before inserting feedback. Token generation, expiration, tamper detection, missing-secret behavior, response propagation, client submission, and route validation are covered by tests.

Changes

Answer feedback token security

Layer / File(s) Summary
Token claims and cryptographic verification
src/lib/answer-feedback-token.ts, src/lib/types.ts, tests/answer-feedback-token.test.ts
Defines signed claims, answer hashing, HMAC verification, token expiration checks, optional metadata generation, and RagAnswer.feedbackToken.
Answer response metadata propagation
src/app/api/answer/route.ts, src/app/api/answer/stream/route.ts, tests/private-access-routes.test.ts
Adds feedback metadata to JSON and SSE answer outcomes, while preserving demo-mode behavior.
Feedback submission verification gate
src/app/api/answer-feedback/route.ts, src/components/ClinicalDashboard.tsx
Requires feedback tokens, verifies them before database insertion, and sends them from the dashboard feedback request.
Feedback route validation coverage
tests/answer-feedback-route.test.ts
Covers valid tokens, required request fields, invalid-token responses, verification arguments, and prevention of inserts after failed verification.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant AnswerAPI
  participant TokenModule
  participant FeedbackAPI
  participant Database
  Client->>AnswerAPI: Request answer
  AnswerAPI->>TokenModule: Create feedback metadata
  TokenModule-->>AnswerAPI: interactionId and feedbackToken
  AnswerAPI-->>Client: Answer response
  Client->>FeedbackAPI: Submit feedback and token
  FeedbackAPI->>TokenModule: Verify token
  TokenModule-->>FeedbackAPI: Verification result
  FeedbackAPI->>Database: Insert verified feedback
Loading

Possibly related PRs

Suggested reviewers: cursoragent, claude, copilot

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: binding answer feedback to generated responses.
Description check ✅ Passed It includes summary, areas touched, verification, governance, and risks; only the template's exact checkbox preflight/notes formatting is missing.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/answer-feedback-binding

Comment @coderabbitai help to get the list of available commands.

@BigSimmo
BigSimmo merged commit e6d89f1 into main Jul 13, 2026
16 checks passed
@BigSimmo
BigSimmo deleted the codex/answer-feedback-binding branch July 13, 2026 21:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant