Conversation
…hlight row When editing a requirement description in the large multi-line editor, the dialog said only "Edit Requirement Description" with no indication of which requirement was being edited, and the underlying row wasn't highlighted. - Append the requirement's identifier and name to the dialog title, e.g. "Edit Requirement Description - SC-13 - Cryptographic Protection". - EditableCell now reports open/close via onExpandedChange so the page can highlight the row whose editor is open (visible through the 50% overlay). Closes FRAME-7 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…bottom The Linked Controls panel always opened downward (absolute top-0), so on rows near the bottom of the framework it extended past the table's overflow-auto container and got clipped — you couldn't see the rest of the panel. Measure the space below the cell when the panel opens and anchor it to the bottom (grow upward) when there's less than ~340px of room, mirroring the existing ComboboxCell behavior. Closes FRAME-8 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
… for publish Editing just the framework's name or description left the Publish Version button greyed out with "no changes detected" — the manifest diff only compared controls/requirements/policies/tasks and their links, never the framework's own metadata (which the manifest already stores). - framework-diff: add a `framework` meta-diff (name/description) to ManifestDiff. - VersionDiffView: hasAnyChanges() now counts a framework metadata change, and the diff renders a "Framework" section showing the name/description edit. Closes FRAME-9 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The editor inherited @trycompai/ui's `.dark` token block, whose values are identical to light — so there was no dark theme and no way to switch. - Add next-themes ThemeProvider (class strategy, system-aware, default light). - Add a Sun/Moon toggle in the header. - Define a real dark palette in the editor's globals (overrides the library's placeholder `.dark` tokens), scoped to framework-editor only. Closes FRAME-5 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…hog-js is blocked The Timeline tab (is-timeline-enabled) is gated by useFeatureFlag, which relied solely on the browser's posthog-js /flags request. Ad blockers, privacy browsers, and corporate proxies block that request (the /ingest proxy path is on public blocklists), so the flag never resolved and the tab never rendered for affected customers — while impersonating staff on unblocked machines saw it fine. The org layout already evaluates all flags server-side (posthog-node with the organization group) for nav gating. Provide that map to the client via a new ServerFeatureFlagsProvider and let useFeatureFlag treat the flag as enabled when either the live client value or the server-evaluated value says so. No changes needed at the flag call sites. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…-name-description fix(framework-editor): publish detects name/description-only changes (FRAME-9)
|
The latest updates on your projects. Learn more about Vercel for GitHub.
2 Skipped Deployments
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
…-dropdown-clip fix(framework-editor): flip Linked Controls panel up when clipped (FRAME-8)
…t-dialog-context feat(framework-editor): requirement edit dialog context + row highlight (FRAME-7)
The large multi-line cell editor could effectively only grow vertically (width was pinned by w-full inside a 760px dialog), and it always reopened at the default size — painful for long requirement text (e.g. NIST PL-2). - Textarea is now resizable in both directions (resize, min 320px wide), and the dialog grows to fit it up to 95vw. - The chosen size is remembered in localStorage and restored on reopen. Size persistence is a small tested helper (load/save with validation). Closes FRAME-3 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…r-persist feat(framework-editor): resizable + size-remembering description editor (FRAME-3)
Replaces the single "Commit Changes" button with the three buttons Joe asked for (FRAME-4, interpretation A): - Cancel — discard the uncommitted grid edits (unchanged). - Save as Draft — persist edits to the live templates without publishing (the previous "Commit Changes" behaviour). - Save and Commit — persist edits, then open the Publish Version dialog so the accumulated changes go out as a new version. Publish only opens when every edit saved cleanly. handleCommit now returns whether the save succeeded so Save-and-Commit can chain the publish step safely. Reuses the existing PublishVersionDialog and useFrameworkVersions (for the next-version suggestion). Closes FRAME-4 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…commit feat(framework-editor): Save as Draft / Save and Commit (FRAME-4)
…r-dark-mode feat(framework-editor): dark mode (FRAME-5)
Long framework requirement descriptions (e.g. NIST SP800-53 PL-2) were truncated to a single line in the customer app's Requirements view with only a clipped native tooltip — no way to read the full text. The framework editor already has expand arrows; this brings the same affordance (read-only) to the app. Adds a shared ExpandableDescription cell: truncated inline text plus a hover maximize button that opens a read-only dialog with the full description. Used by both the grouped and flat requirements tables. Full text is already on the client, so no new fetch. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…r-fallback fix(analytics): fall back to server-evaluated feature flags when posthog-js is blocked
…ption-expand feat(app): expand-to-read for long requirement descriptions
…led false-fails)
AWS integration checks (S3, EC2, RDS, KMS, CloudTrail, IAM) false-failed on the
scheduled and auto-run paths while the manual "Run" passed. Same code, same
credentials — the only difference is where the check executes:
- Manual runs on our server (ECS), inside our VPC, whose S3 endpoint allows our
cross-account audit reads.
- Scheduled/auto-run execute in the Trigger.dev runtime, whose VPC S3 endpoint
policy blocks cross-account reads ("no VPC endpoint policy allows ...").
AWS allows/denies based on the VPC the request exits from, which lives in
Trigger.dev's account and isn't ours to change.
Fix (AWS only): when providerSlug === 'aws', the scheduled and auto-run Trigger
tasks delegate execution to our server via a new service-token endpoint
(POST /v1/integrations/internal/run-connection-checks/:connectionId) and persist
the returned result with the existing shared logic. Trigger.dev still handles
scheduling and retries; only where the AWS API calls run changed.
GCP, Azure, dynamic and legacy integrations are untouched — they make plain
HTTPS calls (no VPC endpoint) and keep executing in Trigger.dev exactly as
before.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Cubic (and an independent adversarial review) flagged three issues on the AWS server-run path: 1. The AWS branch still ran the Trigger-side credential/session preflight (requestValidCredentials + injectAwsResolvedSession) before delegating to the server. Those calls are unused on the server path (it decrypts creds and assumes the role itself), so a transient preflight failure would falsely fail an AWS run. Skip the preflight entirely for AWS and drop the now-dead injectAwsResolvedSession call (both Trigger tasks). 2. The internal fetch had no timeout, so a hung connection could block the task until maxDuration. Add a generous AbortController timeout (10m — well below the 15m maxDuration but high enough never to abort a legitimately long run) so a stalled socket surfaces as an error and the task retries. 3. (Review) The scheduled per-check loop was inside one outer try/catch; because runChecksOnServer throws on transport failure and several AWS checks share a task, a blip on one check aborted its siblings and skipped lastSyncAt/status. Catch the throw per-check, record that check as failed, and continue — matching runAllChecks' per-check resilience (hasExecutionErrors keeps integrationLastRunAt unwritten so the next tick retries). Non-AWS (GCP/Azure/dynamic/legacy) paths remain unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The per-check catch added for AWS server-run resilience wrapped both branches, so a (rare) runAllChecks throw on a non-AWS provider would be downgraded to a per-check failure instead of propagating. Re-throw when providerSlug !== 'aws' so non-AWS behavior is unchanged from before this PR; only AWS transport blips get the degrade-and-continue treatment. (cubic review) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… + validate creds by auth type cubic Ultrareview findings: 1. The internal run-connection-checks endpoint went through the global ThrottlerGuard, so the 6 AM AWS fan-out could hit 429s and re-fail checks. Add @SkipThrottle() (matching the Trigger-called resolve-session endpoint). 2. ConnectionCheckRunnerService only checked for missing credentials; the in-app run paths also validate by auth type. Align it (oauth2 / api_key / basic / custom) so a server-run rejects malformed credentials up front with a clear error instead of executing the check on bad input. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
fix(cloud-security): run AWS integration checks on our server (scheduled false-fails)
Contributor
|
🎉 This PR is included in version 3.82.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.
Summary by cubic
Fixes false-failing AWS scheduled and auto-run integration checks by running them on our server via a service-token endpoint, and ships editor/UI improvements (resizable description editor with size memory, row highlight, Save as Draft / Save and Commit, dark mode) plus feature-flag fallbacks and publish/diff fixes. Addresses FRAME-9, FRAME-8, FRAME-7, FRAME-5, FRAME-4, and FRAME-3.
New Features
next-themeswith a header toggle and a real dark palette (FRAME-5).Bug Fixes
@SkipThrottle; Trigger tasks delegate with a 10‑minute timeout and per-check error handling (non-AWS behavior unchanged). Endpoint is excluded from public OpenAPI docs.useFeatureFlagnow ORs the live value with server-evaluated flags viaServerFeatureFlagsProviderfrom@trycompai/analytics, wired in the org layout, so flags work whenposthog-jsis blocked.Written for commit a7399d8. Summary will update on new commits.