Skip to content

Add company search and signup flow improvements#360

Merged
bokelley merged 9 commits into
mainfrom
bokelley/onboarding-individual-company
Dec 24, 2025
Merged

Add company search and signup flow improvements#360
bokelley merged 9 commits into
mainfrom
bokelley/onboarding-individual-company

Conversation

@bokelley

Copy link
Copy Markdown
Contributor

Summary

  • Add company type and revenue tier collection during onboarding flow
  • Support for "other" company type option
  • Fix dashboard to properly display company_type and revenue_tier
  • Add comprehensive audit logging for organization lifecycle events
  • Create admin audit log viewer page with filtering and pagination
  • Recreate registry_audit_log table (dropped in earlier migration)

Changes

Onboarding Flow:

  • Collect company type (brand, publisher, agency, adtech, other) and revenue tier during signup
  • Improved form validation and user experience
  • Removed unused code (dead "Back to Options" button, unused renderOrgCard parameter)

Audit Logging:

  • Log organization_created events
  • Log Stripe webhook events (subscription_created, subscription_cancelled)
  • Log join request lifecycle (created, approved, rejected)
  • New admin page at /admin/audit to view audit logs with filtering

Bug Fixes:

  • Fixed dashboard not displaying company_type and revenue_tier values
  • Changed verbose auth callback logging from info to debug level

Test plan

  • Create a new organization and verify company type/revenue tier are saved
  • Verify values display correctly on dashboard
  • Check audit log captures organization creation
  • Test Stripe webhook flows appear in audit log
  • Verify join request actions are logged
  • Test admin audit log page filtering and pagination

🤖 Generated with Claude Code

bokelley and others added 9 commits December 24, 2025 09:34
- Add /auth/signup endpoint with WorkOS screenHint: 'sign-up' for direct signup UX
- Add organization search API endpoint to help users find their company
- Add company type selection (Brand, Publisher, Agency, Ad Tech, Other) during onboarding
- Add annual revenue tier selection during company onboarding
- Improve onboarding card layout to prevent button overlap on search results
- Allow users to request to join existing organizations
- Show masked admin contact emails for privacy
- Support signup flow redirects back to onboarding

🤖 Generated with Claude Code

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Add 'other' to CompanyType validation (was missing from backend)
- Change debug logging from info to debug level in auth callback
- Remove unused 'source' parameter from renderOrgCard function
- Remove dead 'Back to Options' button from join form
- Add description to empty changeset file

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The billing response returns company_type and revenue_tier at the root
level, but the dashboard was only spreading billingData.subscription
into org.billing. Now we include company_type, revenue_tier, and
is_personal from the billing response.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Migration 023 dropped this table but it's still used for organization
audit logging (settings changes, profile updates, etc.). Added migration
030 to recreate it.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add audit logging for organization_created action
- Add audit logging for subscription_created and subscription_cancelled
- Add audit logging for join_request_created, approved, and rejected
- Add getAuditLogs method to OrganizationDatabase
- Add GET /api/admin/audit-logs endpoint with filtering and pagination
- Add admin audit log viewer page at /admin/audit
- Add Audit Log link to admin navigation

Actions now being logged:
- organization_created, organization_settings_updated, organization_renamed, organization_deleted
- member_invited, member_removed, member_role_updated, invitation_revoked
- join_request_created, join_request_approved, join_request_rejected
- subscription_created, subscription_cancelled
- api_key_created, api_key_revoked, convert_to_team

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add description to empty changeset file
- Add in-memory cache (5min TTL) for WorkOS org/user lookups to reduce
  API calls when enriching audit log entries
- Add warning logs for failed WorkOS lookups (instead of silent catch)
- Define SYSTEM_USER_ID constant for webhook/automated contexts

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@bokelley bokelley merged commit ce80235 into main Dec 24, 2025
6 checks passed
bokelley added a commit that referenced this pull request Mar 21, 2026
Includes fixes for comply() signal field names (#359), inline creative
creative_id (#360), and getPlatformTypesWithLabels (#361).

Adapt to stricter types: derive SpecialCategory from Episode, cast
params to Record<string, unknown>, narrow property description.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
bokelley added a commit that referenced this pull request Mar 22, 2026
* feat: agent quality coaching tools and training agent type safety

Add evaluate_agent_quality and compare_media_kit tools to Addie's member
toolset for agent quality coaching. evaluate_agent_quality runs SDK comply()
and returns structured results for conversational coaching. compare_media_kit
lets publishers compare their stated inventory against what their agent
actually returns via get_products.

Refactor training agent to use SDK request types throughout instead of
Record<string, unknown> with manual casts. Handlers now cast args to typed
SDK requests at entry, eliminating ~50 individual field casts. Derive
extension types structurally (PackageUpdate, Destination, SignalFilters)
for SDK types not re-exported from the main entry point.

Type shared/formats.ts with TrainingFormat interface. Fix compare_media_kit
gap analysis reading non-existent p.channel/p.format fields (now correctly
iterates p.channels array and p.format_ids array). Add input validation
and data delimiters for prompt injection defense on user-provided content.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: basic auth handling and parallel brief execution in agent tools

buildAuthOption now returns proper { type: 'basic', username, password }
for basic auth agents instead of incorrectly wrapping credentials as
bearer tokens. The SDK's comply() and AdCPClient both support basic auth
natively.

compare_media_kit now runs get_products briefs concurrently via
Promise.all instead of sequentially, reducing latency proportionally
to the number of verticals tested.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: invalid CPA event_type caught by quality evaluation smoke test

NovaMind AI publisher used event_type 'agent_session' which is not a
valid EventType in the AdCP schema. The SDK's comply() correctly
rejected this during schema validation, cascading failures across
media buy lifecycle tests.

Fix: change to 'custom' (valid EventType), tighten PricingTemplate.eventType
from string to EventType, and remove the unsafe cast in buildPricingOption.
Also fix smoke test health check to accept standalone agent responses.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* merge main and fix all typecheck errors

Merge main into agent-test-framework branch, resolving conflicts in
training-agent files. Fix all pre-existing typecheck errors across the
codebase:

- testing/index.ts: add `type` keyword to type re-exports (isolatedModules)
- tsconfig.json: add paths for @adcp/client subpath exports
- billing.ts: narrow Stripe Customer|DeletedCustomer union after .deleted guard
- http.ts: same Stripe union narrowing
- stripe-client.ts: fix void truthiness check on Product.deleted
- bolt-app.ts: cast Slack streaming chunks (undocumented API feature)
- Test files: fix mock typing (jest.fn<any>), add missing required fields,
  remove unused @ts-expect-error directives

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: training agent compliance fixes from local testing

- Cross-session media buy lookup: get_media_buys and get_media_buy_delivery
  now search all sessions when explicit IDs aren't found locally, matching
  real seller behavior where media_buy_ids is a global lookup
- SDK field aliases: brief→signal_spec, signal_id→signal_agent_segment_id,
  singular destination, plural media_buy_ids on delivery endpoint
- include_snapshot support on get_media_buys response
- Bid price validation: auction pricing now requires bid_price
- activate_signal relaxed required fields for SDK-style calls
- get_adcp_capabilities now reports signals in supported_protocols
- creative_id validation: reject creatives without IDs per spec
  (buyer assigns creative_id, not seller)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: update_media_buy cross-session lookup

Add cross-session fallback to handleUpdateMediaBuy, matching the pattern
already applied to get_media_buys and get_media_buy_delivery. The SDK's
compliance test creates and updates media buys in separate MCP requests,
which land in different sessions with the stateless transport.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* chore: upgrade @adcp/client to 4.13.0

Includes fixes for comply() signal field names (#359), inline creative
creative_id (#360), and getPlatformTypesWithLabels (#361).

Adapt to stricter types: derive SpecialCategory from Episode, cast
params to Record<string, unknown>, narrow property description.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: L3 error compliance for training agent

- Use adcpError() from SDK for all error responses, providing L3
  transport (structuredContent.adcp_error + JSON text fallback + isError)
- Replace custom validation_error codes with standard AdCP error codes:
  PRODUCT_NOT_FOUND, BUDGET_TOO_LOW, INVALID_REQUEST, SERVICE_UNAVAILABLE
- Move budget validation before product lookup so negative budgets
  return BUDGET_TOO_LOW instead of PRODUCT_NOT_FOUND
- Add root POST route to standalone server for SDK error transport tests
- Remove tsconfig paths workaround (SDK 4.13.0 typesVersions handles it)

Error Compliance track: 0/3 → 3/3 passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: buyer-artifact-grounded agent testing tools

Replace compare_media_kit with two tools grounded in real buyer artifacts:

- test_rfp_response: Takes an RFP brief, calls get_products with brief
  mode, runs deterministic gap analysis (channels, formats, budget, KPIs).
  Supports publisher_response for comparison.

- test_io_execution: Takes IO line items, maps each to agent products via
  normalized channel/format/pricing scoring, constructs the exact
  create_media_buy JSON a buyer agent would send. Optional execute mode.

Training agent improvements:
- Channel-aware brief matching (+10 per channel match vs keyword)
- Proposal completion in brief mode (pulls missing allocated products)
- Fix viewpoint_multi_screen proposal suffix (premium → video_premium)
- Startup warning when proposals reference missing products
- invalidateCache now clears cachedProposals

Security hardening:
- SSRF protection: validateAgentUrl blocks metadata endpoints, private
  IPs, and requires HTTPS in production
- Boundary tags around external agent response data
- Error message truncation (500 char limit)
- Use original agentUrl in error messages (not resolved URL)

Also: upgrade @adcp/client to 4.14.0 (state machine compliance)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* chore: add changeset for buyer artifact testing tools

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* chore: add buyer artifact test scripts and spec

- scripts/test-buyer-artifacts.ts: e2e tests for test_rfp_response and
  test_io_execution against the training agent
- scripts/test-comply.ts: comply() test runner
- specs/buyer-artifact-testing.md: design spec for buyer artifact tools

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address code review and security review findings

- Add 30s timeout on all outbound executeTask calls (SSRF mitigation)
- Replace console.warn with structured logger in product-factory
- Fix stale dry_run reference in prompts.ts (renamed to execute)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address expert review feedback

- Add 'audio' → 'streaming_audio' alias to prevent false mismatches
- Remove unused quantity field from test_io_execution schema
- Update spec to use execute instead of dry_run

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant