fix(digest): inline compliance filter to avoid trigger.dev bundle fai…

[Marfuen]

…lure

The Trigger.dev deploy pipeline cannot resolve @trycompai/auth because its dist is not built during the CI deploy step. Remove the transitive dependency by inlining the compliance-obligation filter directly in the helpers file, keeping identical behaviour.

What does this PR do?

• Fixes #XXXX (GitHub issue number)
• Fixes COMP-XXXX (Linear issue number - should be visible at the bottom of the GitHub issue description)

Visual Demo (For contributors especially)

A visual demonstration is strongly recommended, for both the original and new change (video / image - any one).

Video Demo (if applicable):

• Show screen recordings of the issue or feature.
• Demonstrate how to reproduce the issue, the behavior before and after the change.

Image Demo (if applicable):

• Add side-by-side screenshots of the original and updated change.
• Highlight any significant change(s).

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected).
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
• I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

• Are there environment variables that should be set?
• What are the minimal test data to have?
• What is expected (happy path) to have (input and output)?
• Any other important info that could help to test that PR

Checklist

• I haven't read the contributing guide
• My code doesn't follow the style guidelines of this project
• I haven't commented my code, particularly in hard-to-understand areas
• I haven't checked if my changes generate no new warnings

---

Summary by cubic

Inlined the compliance-role filter in the digest helpers to remove the transitive dependency on @trycompai/auth that broke Trigger.dev bundling. Behavior is unchanged and deploys succeed again.

• Bug Fixes
  • Replaced filterComplianceMembers with local filterDigestMembersByCompliance.
  • Inlined built-in role obligations and resolved custom roles via organizationRole lookup.
  • Excludes platform admins as before; output set remains the same.
  • Updated task to use the local filter and added focused unit tests for filtering logic.

^{Written for commit b1ac2a8. Summary will update on new commits.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
app	Ready	Preview, Comment	Apr 17, 2026 8:09pm
comp-framework-editor	Ready	Preview, Comment	Apr 17, 2026 8:09pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
portal	Skipped		Apr 17, 2026 8:09pm

[cubic-dev-ai]

1 issue found across 4 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/app/src/trigger/tasks/task/policy-acknowledgment-digest-helpers.ts">

<violation number="1" location="apps/app/src/trigger/tasks/task/policy-acknowledgment-digest-helpers.ts:8">
P2: Duplicating the canonical compliance-role filter and obligation map creates drift risk for digest recipient selection; this should be shared with the existing source of truth instead of manually synchronized.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.}

[cubic-dev-ai]

P2: Duplicating the canonical compliance-role filter and obligation map creates drift risk for digest recipient selection; this should be shared with the existing source of truth instead of manually synchronized.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/app/src/trigger/tasks/task/policy-acknowledgment-digest-helpers.ts, line 8:

<comment>Duplicating the canonical compliance-role filter and obligation map creates drift risk for digest recipient selection; this should be shared with the existing source of truth instead of manually synchronized.</comment>

<file context>
@@ -4,6 +4,83 @@
 import type { Departments, PolicyVisibility } from '@db';
 
+// Inlined from @trycompai/auth to avoid pulling that package into the Trigger.dev bundle.
+// Keep in sync with packages/auth/src/permissions.ts BUILT_IN_ROLE_OBLIGATIONS.
+const BUILT_IN_ROLE_OBLIGATIONS: Record<string, { compliance?: boolean }> = {
+  owner: { compliance: true },
</file context>

[claudfuen]

🎉 This PR is included in version 3.23.5 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀