Merge Test to Main

[arpitgupta1214]

Summary by CodeRabbit

• New Features
  • Implemented user authentication to protect scheduled task access
  • All task data now requires login to retrieve
  • Enhanced security with authenticated access tokens for task requests

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
recoup-chat	Ready	Preview	Mar 27, 2026 7:35pm

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 43d0cc13-bf37-4800-a7d0-de2cdd9d641f

📥 Commits

Reviewing files that changed from the base of the PR and between c39460a and 6c01058.

📒 Files selected for processing (2)

• hooks/useScheduledActions.ts
• lib/tasks/getTasks.ts

---

📝 Walkthrough

Walkthrough

The PR integrates Privy authentication into the task management system by modifying the getTasks API function to require an access token parameter and adding an authorization header to requests. The useScheduledActions hook is updated to retrieve the token from Privy and gate query execution until user authentication is complete.

Changes

Cohort / File(s)	Summary
Authentication Integration hooks/useScheduledActions.ts, lib/tasks/getTasks.ts	Integrated Privy authentication throughout task fetching. The getTasks function signature now requires an accessToken parameter and includes it in request authorization headers. The hook retrieves the access token via Privy and gates query execution with the enabled: authenticated condition.

Sequence Diagram

sequenceDiagram
    actor User
    participant Hook as useScheduledActions
    participant Privy as Privy Auth
    participant Fetch as getTasks
    participant API as Backend API

    User->>Hook: Trigger query (e.g., render)
    rect rgba(100, 150, 200, 0.5)
    Hook->>Privy: Check authenticated state
    Privy-->>Hook: authenticated status
    end
    
    alt authenticated = true
        rect rgba(150, 200, 100, 0.5)
        Hook->>Privy: getAccessToken()
        Privy-->>Hook: accessToken
        end
        
        Hook->>Fetch: getTasks(accessToken, filters)
        rect rgba(200, 150, 100, 0.5)
        Fetch->>API: POST /api/tasks<br/>(Authorization: Bearer {token})
        API-->>Fetch: Task[] response
        end
        Fetch-->>Hook: Task[]
        Hook-->>User: Render tasks
    else authenticated = false
        Hook-->>User: Skip query (disabled)
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🔐 A token flows from Privy's vault,
Through gates that guard with sacred salt,
Authentication chains now bind,
Each query to its rightful mind,
Where headers sing of access gained,
And secure paths are now maintained. ✨

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch test

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6c010589c0

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Scope scheduled-actions cache by authenticated user

This query now returns token-scoped data (getTasks(accessToken, ...)) but the cache key still excludes user identity, so a logout/login in the same tab can reuse the previous account’s cached tasks until the refetch completes. Because QueryClient is process-wide (providers/Providers.tsx) and signOut does not clear React Query cache (hooks/useUser.tsx), the next authenticated user can briefly see another user’s scheduled actions. Include a user discriminator in the query key (or clear this query on logout) to prevent cross-user cache bleed.

Useful? React with 👍 / 👎.