Conversation
…emplateId and attach default ai config when creating a challenge
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
prisma/migrations/20260225100000_rename_default_ai_workflow_id/migration.sql
Show resolved
Hide resolved
| { isMachine: true, sub: 'sub', userId: 'testuser' }, | ||
| challengeData, | ||
| config.M2M_FULL_ACCESS_TOKEN | ||
| config.M2M_FULL_ACCESS_TOKEN || 'test-token' |
There was a problem hiding this comment.
[❗❗ security]
Using a default token 'test-token' when config.M2M_FULL_ACCESS_TOKEN is not set could lead to unexpected behavior in production environments. Consider ensuring that this fallback is only used in test environments to prevent security issues.
| const result = await service.createChallenge( | ||
| { isMachine: true, sub: 'sub', userId: 'testuser' }, | ||
| challengeData, | ||
| config.M2M_FULL_ACCESS_TOKEN || 'test-token' |
There was a problem hiding this comment.
[❗❗ security]
Using a default token 'test-token' when config.M2M_FULL_ACCESS_TOKEN is not set could lead to unexpected behavior in production environments. Consider ensuring that this fallback is only used in test environments to prevent security issues.
| const result = await service.createChallenge( | ||
| { isMachine: true, sub: 'sub', userId: 'testuser' }, | ||
| challengeData, | ||
| config.M2M_FULL_ACCESS_TOKEN || 'test-token' |
There was a problem hiding this comment.
[❗❗ security]
Using a default token 'test-token' when config.M2M_FULL_ACCESS_TOKEN is not set could lead to unexpected behavior in production environments. Consider ensuring that this fallback is only used in test environments to prevent security issues.
kkartunov
changed the title
2 participants
This pull request introduces significant improvements to how default reviewers and AI review configurations are handled during challenge creation. It refactors the process to separate member reviewer and AI reviewer logic, introduces new helper methods for applying and creating AI review configs, and replaces the
aiWorkflowIdfield withaiConfigTemplateIdthroughout the codebase and database schema. Additionally, it adds configuration for the reviews API and makes minor test fixture corrections.Refactored challenge creation to use new helper methods:
applyDefaultMemberReviewersForChallengeCreationandapplyDefaultAIConfigForChallengeCreation, which separately handle member and AI reviewers, improving clarity and extensibility. AI review configurations are created via the reviews API only when reviewers are not provided explicitly.Renamed the
aiWorkflowIdfield toaiConfigTemplateIdin theDefaultChallengeReviewermodel and throughout the codebase, including validation schemas, normalization logic, and API payloads. This aligns the naming with the new AI review template-based approach.Added
REVIEWS_API_URLto configuration files and environment variable templates to support dynamic endpoint configuration for the reviews API. (config/default.js,docs/dev.env,docs/prod.env). NOTE we need to make sure this exists in prod.Test and Fixture Corrections:
'DEVELOP'to'DEVELOPMENT'to match expected values. Also included a missing import in a unit test file. (test/testHelper.js,test/unit/ChallengeService.test.js)NOTE: Auth0 scopes need to be updated for
v6 Challenge APIin prod