Add company search and signup flow improvements#360
Merged
Conversation
- Add /auth/signup endpoint with WorkOS screenHint: 'sign-up' for direct signup UX - Add organization search API endpoint to help users find their company - Add company type selection (Brand, Publisher, Agency, Ad Tech, Other) during onboarding - Add annual revenue tier selection during company onboarding - Improve onboarding card layout to prevent button overlap on search results - Allow users to request to join existing organizations - Show masked admin contact emails for privacy - Support signup flow redirects back to onboarding 🤖 Generated with Claude Code Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Add 'other' to CompanyType validation (was missing from backend) - Change debug logging from info to debug level in auth callback - Remove unused 'source' parameter from renderOrgCard function - Remove dead 'Back to Options' button from join form - Add description to empty changeset file 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The billing response returns company_type and revenue_tier at the root level, but the dashboard was only spreading billingData.subscription into org.billing. Now we include company_type, revenue_tier, and is_personal from the billing response. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Migration 023 dropped this table but it's still used for organization audit logging (settings changes, profile updates, etc.). Added migration 030 to recreate it. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add audit logging for organization_created action - Add audit logging for subscription_created and subscription_cancelled - Add audit logging for join_request_created, approved, and rejected - Add getAuditLogs method to OrganizationDatabase - Add GET /api/admin/audit-logs endpoint with filtering and pagination - Add admin audit log viewer page at /admin/audit - Add Audit Log link to admin navigation Actions now being logged: - organization_created, organization_settings_updated, organization_renamed, organization_deleted - member_invited, member_removed, member_role_updated, invitation_revoked - join_request_created, join_request_approved, join_request_rejected - subscription_created, subscription_cancelled - api_key_created, api_key_revoked, convert_to_team 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add description to empty changeset file - Add in-memory cache (5min TTL) for WorkOS org/user lookups to reduce API calls when enriching audit log entries - Add warning logs for failed WorkOS lookups (instead of silent catch) - Define SYSTEM_USER_ID constant for webhook/automated contexts 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
bokelley
added a commit
that referenced
this pull request
Mar 21, 2026
Includes fixes for comply() signal field names (#359), inline creative creative_id (#360), and getPlatformTypesWithLabels (#361). Adapt to stricter types: derive SpecialCategory from Episode, cast params to Record<string, unknown>, narrow property description. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
bokelley
added a commit
that referenced
this pull request
Mar 22, 2026
* feat: agent quality coaching tools and training agent type safety
Add evaluate_agent_quality and compare_media_kit tools to Addie's member
toolset for agent quality coaching. evaluate_agent_quality runs SDK comply()
and returns structured results for conversational coaching. compare_media_kit
lets publishers compare their stated inventory against what their agent
actually returns via get_products.
Refactor training agent to use SDK request types throughout instead of
Record<string, unknown> with manual casts. Handlers now cast args to typed
SDK requests at entry, eliminating ~50 individual field casts. Derive
extension types structurally (PackageUpdate, Destination, SignalFilters)
for SDK types not re-exported from the main entry point.
Type shared/formats.ts with TrainingFormat interface. Fix compare_media_kit
gap analysis reading non-existent p.channel/p.format fields (now correctly
iterates p.channels array and p.format_ids array). Add input validation
and data delimiters for prompt injection defense on user-provided content.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: basic auth handling and parallel brief execution in agent tools
buildAuthOption now returns proper { type: 'basic', username, password }
for basic auth agents instead of incorrectly wrapping credentials as
bearer tokens. The SDK's comply() and AdCPClient both support basic auth
natively.
compare_media_kit now runs get_products briefs concurrently via
Promise.all instead of sequentially, reducing latency proportionally
to the number of verticals tested.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: invalid CPA event_type caught by quality evaluation smoke test
NovaMind AI publisher used event_type 'agent_session' which is not a
valid EventType in the AdCP schema. The SDK's comply() correctly
rejected this during schema validation, cascading failures across
media buy lifecycle tests.
Fix: change to 'custom' (valid EventType), tighten PricingTemplate.eventType
from string to EventType, and remove the unsafe cast in buildPricingOption.
Also fix smoke test health check to accept standalone agent responses.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* merge main and fix all typecheck errors
Merge main into agent-test-framework branch, resolving conflicts in
training-agent files. Fix all pre-existing typecheck errors across the
codebase:
- testing/index.ts: add `type` keyword to type re-exports (isolatedModules)
- tsconfig.json: add paths for @adcp/client subpath exports
- billing.ts: narrow Stripe Customer|DeletedCustomer union after .deleted guard
- http.ts: same Stripe union narrowing
- stripe-client.ts: fix void truthiness check on Product.deleted
- bolt-app.ts: cast Slack streaming chunks (undocumented API feature)
- Test files: fix mock typing (jest.fn<any>), add missing required fields,
remove unused @ts-expect-error directives
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: training agent compliance fixes from local testing
- Cross-session media buy lookup: get_media_buys and get_media_buy_delivery
now search all sessions when explicit IDs aren't found locally, matching
real seller behavior where media_buy_ids is a global lookup
- SDK field aliases: brief→signal_spec, signal_id→signal_agent_segment_id,
singular destination, plural media_buy_ids on delivery endpoint
- include_snapshot support on get_media_buys response
- Bid price validation: auction pricing now requires bid_price
- activate_signal relaxed required fields for SDK-style calls
- get_adcp_capabilities now reports signals in supported_protocols
- creative_id validation: reject creatives without IDs per spec
(buyer assigns creative_id, not seller)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: update_media_buy cross-session lookup
Add cross-session fallback to handleUpdateMediaBuy, matching the pattern
already applied to get_media_buys and get_media_buy_delivery. The SDK's
compliance test creates and updates media buys in separate MCP requests,
which land in different sessions with the stateless transport.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: upgrade @adcp/client to 4.13.0
Includes fixes for comply() signal field names (#359), inline creative
creative_id (#360), and getPlatformTypesWithLabels (#361).
Adapt to stricter types: derive SpecialCategory from Episode, cast
params to Record<string, unknown>, narrow property description.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: L3 error compliance for training agent
- Use adcpError() from SDK for all error responses, providing L3
transport (structuredContent.adcp_error + JSON text fallback + isError)
- Replace custom validation_error codes with standard AdCP error codes:
PRODUCT_NOT_FOUND, BUDGET_TOO_LOW, INVALID_REQUEST, SERVICE_UNAVAILABLE
- Move budget validation before product lookup so negative budgets
return BUDGET_TOO_LOW instead of PRODUCT_NOT_FOUND
- Add root POST route to standalone server for SDK error transport tests
- Remove tsconfig paths workaround (SDK 4.13.0 typesVersions handles it)
Error Compliance track: 0/3 → 3/3 passing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: buyer-artifact-grounded agent testing tools
Replace compare_media_kit with two tools grounded in real buyer artifacts:
- test_rfp_response: Takes an RFP brief, calls get_products with brief
mode, runs deterministic gap analysis (channels, formats, budget, KPIs).
Supports publisher_response for comparison.
- test_io_execution: Takes IO line items, maps each to agent products via
normalized channel/format/pricing scoring, constructs the exact
create_media_buy JSON a buyer agent would send. Optional execute mode.
Training agent improvements:
- Channel-aware brief matching (+10 per channel match vs keyword)
- Proposal completion in brief mode (pulls missing allocated products)
- Fix viewpoint_multi_screen proposal suffix (premium → video_premium)
- Startup warning when proposals reference missing products
- invalidateCache now clears cachedProposals
Security hardening:
- SSRF protection: validateAgentUrl blocks metadata endpoints, private
IPs, and requires HTTPS in production
- Boundary tags around external agent response data
- Error message truncation (500 char limit)
- Use original agentUrl in error messages (not resolved URL)
Also: upgrade @adcp/client to 4.14.0 (state machine compliance)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: add changeset for buyer artifact testing tools
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: add buyer artifact test scripts and spec
- scripts/test-buyer-artifacts.ts: e2e tests for test_rfp_response and
test_io_execution against the training agent
- scripts/test-comply.ts: comply() test runner
- specs/buyer-artifact-testing.md: design spec for buyer artifact tools
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address code review and security review findings
- Add 30s timeout on all outbound executeTask calls (SSRF mitigation)
- Replace console.warn with structured logger in product-factory
- Fix stale dry_run reference in prompts.ts (renamed to execute)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address expert review feedback
- Add 'audio' → 'streaming_audio' alias to prevent false mismatches
- Remove unused quantity field from test_io_execution schema
- Update spec to use execute instead of dry_run
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Changes
Onboarding Flow:
Audit Logging:
/admin/auditto view audit logs with filteringBug Fixes:
Test plan
🤖 Generated with Claude Code