Conversation
…tive org The GET /v1/frameworks/available endpoint was changed on April 17 to read @organizationId() from the request. That decorator throws when the user has no active organization, producing HTTP 500 for every fresh signup on the first onboarding step — even though @SkipOrgCheck() is specifically meant to allow this case. - Add @OrganizationIdOptional() for @SkipOrgCheck()-decorated endpoints - Harden @organizationId() to throw InternalServerErrorException with a message pointing to the optional variant, so future misuse is visible in monitoring instead of a generic 500 - Swap findAvailable to use @OrganizationIdOptional() - Add regression tests covering both no-org and with-org cases - Surface API errors in FrameworkSelection.tsx so the next server-side failure doesn't produce a silent blank onboarding screen Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
|
🎉 This PR is included in version 3.27.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fresh signups hitting the first onboarding step ("Which compliance frameworks do you need?") have been seeing an empty screen with a disabled Continue button. Customer Daniel Cooke reported a 500 on
https://api.trycomp.ai/v1/frameworks/available, and I reproduced it in incognito with a brand-new email.Root cause
a81af3efb7) — The/v1/frameworks/availableendpoint's signature was changed fromfindAvailable()tofindAvailable(@OrganizationId() organizationId?: string)so custom frameworks could be scoped per-org.@OrganizationId()throws a plainErrorwhenrequest.organizationIdis falsy.@SkipOrgCheck()(already on this endpoint) correctly allows session-auth'd users with no active org through —HybridAuthGuardsetsrequest.organizationId = ''in that case.@OrganizationId()throws → NestJS converts the genericErrorto HTTP 500.?: stringin the signature shows the intent was optional, but the decorator didn't honor it — that contract isn't visible in the decorator's type signature.@SkipOrgCheck()endpoint in the API; this was the only one combining it with@OrganizationId().The failure was invisible for 4 days because
FrameworkSelection.tsxsilently swallowed HTTP errors in its SWR fetcher — a 500 looked identical to "no frameworks available."Changes
@OrganizationIdOptional()inapps/api/src/auth/auth-context.decorator.ts— returnsstring | undefinedinstead of throwing. Explicit, safe companion to@OrganizationId()for@SkipOrgCheck()-decorated endpoints.@OrganizationId()to throwInternalServerErrorException(typed, surfaced by Nest's exception filter, logged by monitoring) instead of a plainError(opaque 500). The message points to@OrganizationIdOptional()so the next misuse is immediately diagnosable.findAvailable. The service already handlesundefinedcorrectly.frameworks.controller.spec.ts— one asserting the endpoint returns data whenorganizationIdisundefined(the fresh-signup case), and one asserting it passes the id through when present.FrameworkSelection.tsx— fetcher now throws on non-OK responses; component renders a visible error + retry button. Prevents the next server-side failure from producing a silent blank screen.Test plan
mainbefore/after)apps/apiunit tests pass (newfindAvailabletests follow the exact pattern of the existingfindAlltests)/v1/frameworks/available(e.g., by breaking the env var temporarily) → onboarding UI shows a visible error + retry button, not a blank screen/setupstill sees frameworks (no regression for the with-org path)🤖 Generated with Claude Code
Summary by cubic
Fixes a 500 that blocked onboarding by making
/v1/frameworks/availablework when the user has no active org. The UI now shows a clear error with a retry instead of a blank screen.@OrganizationIdOptional()for@SkipOrgCheck()endpoints; returnsstring | undefined.@OrganizationId()to throwInternalServerErrorExceptionwith guidance to use the optional decorator when appropriate.findAvailableto use@OrganizationIdOptional().FrameworkSelection.tsx: fetcher now throws on non-OK responses; renders error + retry UI.findAvailablewith and withoutorganizationId.Written for commit 8fee034. Summary will update on new commits.