Skip to content

[codex] Fix dispatch cluster issue filters and sync#449

Merged
joryirving merged 2 commits into
mainfrom
codex/fix-dispatch-cluster-issues
Jun 19, 2026
Merged

[codex] Fix dispatch cluster issue filters and sync#449
joryirving merged 2 commits into
mainfrom
codex/fix-dispatch-cluster-issues

Conversation

@joryirving

@joryirving joryirving commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Summary

Fixes the in-cluster Dispatch failures affecting Board refreshes, Automation sync status, mobile navigation into failing pages, and Renovate issue visibility.

Root Cause

  • Board refreshes failed in the cluster because Prisma 7 rejects labels: { hasNone: [...] } on scalar-list fields. With DISPATCH_EXCLUDED_LABELS=renovate, every /api/issues refresh hit that invalid query shape.
  • Automation sync stored a.slice is not a function because the shared GitHub pagination helper assumed every successful endpoint returned a JSON array. GitHub Actions run endpoints return wrapped objects like { workflow_runs: [...] }.
  • Renovate filtering lived mostly in queue-side logic, so UI surfaces and summaries could still count or show those issues.

Changes

  • Replaced invalid scalar-list exclusion queries with Prisma-supported AND + NOT labels.hasSome clauses.
  • Centralized Renovate issue detection/exclusion and applied it across Board, Overview, Projects, Agents, grooming intake, work summaries, and issue API refreshes.
  • Updated GitHub pagination to support wrapped Actions responses via an item extractor.
  • Hardened the Automation page so unexpected API responses render a clear error instead of crashing the tab.
  • Updated worker contract docs to match the new Renovate exclusion behavior.

Validation

  • npm test
  • npm run typecheck
  • npm run lint

@joryirving joryirving marked this pull request as ready for review June 19, 2026 15:22
its-saffron[bot]

This comment was marked as outdated.

Sign in to view

its-saffron[bot]
its-saffron Bot approved these changes Jun 19, 2026
View reviewed changes

@its-saffron its-saffron Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI Automated Review (incremental)

Incremental review: reviewed the changes since the last managed review; unresolved findings from that review are carried forward.

Analysis engine: MiniMax-M2.7@https://litellm.jory.dev/v1 (anthropic) — routed smart (risk match: public_route_changes)

PR Review: PR 449 Fix dispatch cluster issue filters and sync

Summary

This PR fixes in-cluster Dispatch failures affecting Board refreshes, Automation sync status, and Renovate issue visibility. The primary focus is on fixing Prisma 7 incompatible queries and GitHub pagination issues, while also centralizing Renovate exclusion logic.

Recommended: Approve

The changes improve the codebase by fixing bugs and adding proper access controls.

Must-Check Verification

✅ verify route access controls are in place

/api/issues/untriaged route (src/app/api/issues/untriaged/route.ts):

  • Added authorizeRequest check that returns 401 if unauthorized
  • This is a security improvement — the route was previously intentionally unauthenticated (documented as "intake view for grooming") and is now properly protected
  • The route test explicitly validates this: it("returns 401 without authentication", ...)

/api/issues route (src/app/api/issues/route.ts):

  • Already had authorizeRequest check in place (existing code, unchanged)
  • Returns 401 if unauthorized

/api/agents/[agentName]/next-task route (src/app/api/agents/[agentName]/next-task/route.ts):

  • Already had authorizeRequest check in place (existing code, unchanged)
  • Returns 401 if unauthorized

✅ check for unintended public endpoints

No unintended public endpoints were introduced. The PR actually removes a public endpoint:

  • /api/issues/untriaged was documented as intentionally unauthenticated and is now protected
  • The test comment explicitly notes the change: "returns untriaged issues with authentication" (previously "returns untriaged issues without authentication")

All API routes in scope of this change require authentication via bearer token (DISPATCH_AGENT_TOKEN).

Standards Compliance

Auth handling: All modified/new API routes use the shared authorizeRequest function from @/lib/auth
Error responses: Routes return proper JSON error responses with 401 status codes
Test coverage: Added auth test cases for the untriaged route
Code patterns: Consistent with existing route patterns in the codebase

Linked Issue Fit

No linked issues were provided in the corpus. The PR body describes:

  • Root cause analysis (Prisma 7 incompatible queries, GitHub pagination helper assumptions, Renovate filtering gaps)
  • Changes include centralized Renovate exclusion, fixed pagination, and hardened auth

The auth addition to /api/issues/untriaged is an intentional security improvement, not an unintended breaking change.

Unknowns / Needs Verification

None — the delta diff and test files provide sufficient evidence for the auth changes.

@joryirving joryirving merged commit eccbc3a into main Jun 19, 2026
3 checks passed
@joryirving joryirving deleted the codex/fix-dispatch-cluster-issues branch June 19, 2026 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@its-saffron its-saffron[bot] its-saffron[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@joryirving