Skip to content

[comp] Production Deploy #2650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Marfuen merged 4 commits into from
Apr 23, 2026
Merged

[comp] Production Deploy #2650

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
11d6c3b
chore: merge release v3.30.0 back to main [skip ci]
github-actions[bot] Apr 23, 2026
7518075
feat: enabled framework versioning and updating existing frameworks w…
github-actions[bot] Apr 23, 2026
4d340ad
fix(db): exclude *.spec.ts from tsc build (#2651)
Marfuen Apr 23, 2026
3ae8f5e
chore: fix rollback bug
github-actions[bot] Apr 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions apps/api/src/app.module.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ import { OrgChartModule } from './org-chart/org-chart.module';
import { TrainingModule } from './training/training.module';
import { EvidenceFormsModule } from './evidence-forms/evidence-forms.module';
import { FrameworksModule } from './frameworks/frameworks.module';
import { FrameworkVersionsModule } from './framework-editor-versions/framework-versions.module';
import { AuditModule } from './audit/audit.module';
import { ControlsModule } from './controls/controls.module';
import { RolesModule } from './roles/roles.module';
Expand Down Expand Up @@ -104,6 +105,7 @@ import { TimelinesModule } from './timelines/timelines.module';
OrgChartModule,
EvidenceFormsModule,
FrameworksModule,
FrameworkVersionsModule,
RolesModule,
AuditModule,
ControlsModule,
Expand Down
2 changes: 1 addition & 1 deletion apps/api/src/assistant-chat/assistant-chat-tools.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ export function buildTools(ctx: ToolContext) {
}),
execute: async ({ status }: { status?: 'draft' | 'published' }) => {
const policies = await db.policy.findMany({
where: { organizationId: ctx.organizationId, status },
where: { organizationId: ctx.organizationId, isArchived: false, archivedAt: null, status },
select: { id: true, name: true, description: true, department: true },
});
return policies.length === 0
Expand Down
24 changes: 16 additions & 8 deletions apps/api/src/controls/controls.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,15 @@ import { CreateControlDto } from './dto/create-control.dto';

const controlInclude = {
policies: {
where: { archivedAt: null },
select: { status: true, id: true, name: true },
},
tasks: {
where: { archivedAt: null },
select: { id: true, title: true, status: true },
},
requirementsMapped: {
where: { archivedAt: null },
include: {
frameworkInstance: {
include: { framework: true, customFramework: true },
Expand Down Expand Up @@ -42,6 +45,7 @@ export class ControlsService {
) {
const where: Prisma.ControlWhereInput = {
organizationId,
archivedAt: null,
...(options.name && {
name: { contains: options.name, mode: Prisma.QueryMode.insensitive },
}),
Expand Down Expand Up @@ -72,10 +76,11 @@ export class ControlsService {
const control = await db.control.findUnique({
where: { id: controlId, organizationId },
include: {
policies: true,
tasks: true,
policies: { where: { archivedAt: null } },
tasks: { where: { archivedAt: null } },
controlDocumentTypes: true,
requirementsMapped: {
where: { archivedAt: null },
include: {
frameworkInstance: {
include: { framework: true, customFramework: true },
Expand Down Expand Up @@ -145,12 +150,12 @@ export class ControlsService {
async getOptions(organizationId: string) {
const [policies, tasks, frameworkInstances] = await Promise.all([
db.policy.findMany({
where: { organizationId },
where: { organizationId, isArchived: false, archivedAt: null },
select: { id: true, name: true },
orderBy: { name: 'asc' },
}),
db.task.findMany({
where: { organizationId },
where: { organizationId, archivedAt: null },
select: { id: true, title: true },
orderBy: { title: 'asc' },
}),
Expand Down Expand Up @@ -300,8 +305,11 @@ export class ControlsService {
): Promise<string[]> {
if (!policyIds || policyIds.length === 0) return [];
const uniqueIds = Array.from(new Set(policyIds));
// Exclude both user-archived (isArchived) and sync-archived (archivedAt)
// policies. Checking only archivedAt would let user-archived policies
// get re-linked to a control and surface back through the UI.
const policies = await db.policy.findMany({
where: { id: { in: uniqueIds }, organizationId },
where: { id: { in: uniqueIds }, organizationId, archivedAt: null, isArchived: false },
select: { id: true },
});
if (policies.length !== uniqueIds.length) {
Expand All @@ -317,7 +325,7 @@ export class ControlsService {
if (!taskIds || taskIds.length === 0) return [];
const uniqueIds = Array.from(new Set(taskIds));
const tasks = await db.task.findMany({
where: { id: { in: uniqueIds }, organizationId },
where: { id: { in: uniqueIds }, organizationId, archivedAt: null },
select: { id: true },
});
if (tasks.length !== uniqueIds.length) {
Expand Down Expand Up @@ -426,7 +434,7 @@ export class ControlsService {
await this.ensureControl(controlId, organizationId);

const policies = await db.policy.findMany({
where: { id: { in: policyIds }, organizationId },
where: { id: { in: policyIds }, organizationId, archivedAt: null },
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot Apr 23, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: Policy queries still omit isArchived: false in modified paths, so user-archived policies can be linked or returned despite the new archival rule.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At apps/api/src/controls/controls.service.ts, line 437:

<comment>Policy queries still omit `isArchived: false` in modified paths, so user-archived policies can be linked or returned despite the new archival rule.</comment>

<file context>
@@ -426,7 +434,7 @@ export class ControlsService {
 
     const policies = await db.policy.findMany({
-      where: { id: { in: policyIds }, organizationId },
+      where: { id: { in: policyIds }, organizationId, archivedAt: null },
       select: { id: true },
     });
</file context>
Fix with Cubic

select: { id: true },
});
if (policies.length === 0) {
Expand All @@ -449,7 +457,7 @@ export class ControlsService {
await this.ensureControl(controlId, organizationId);

const tasks = await db.task.findMany({
where: { id: { in: taskIds }, organizationId },
where: { id: { in: taskIds }, organizationId, archivedAt: null },
select: { id: true },
});
if (tasks.length === 0) {
Expand Down
13 changes: 13 additions & 0 deletions apps/api/src/framework-editor-versions/dto/publish-version.dto.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
import { IsOptional, IsString, Matches, MaxLength } from 'class-validator';

export class PublishVersionDto {
// Semver major.minor.patch. Accepts things like "1.0.0", "2.3.11".
@IsString()
@Matches(/^\d+\.\d+\.\d+$/, { message: 'version must be MAJOR.MINOR.PATCH' })
version!: string;

@IsOptional()
@IsString()
@MaxLength(10_000)
releaseNotes?: string;
}
106 changes: 106 additions & 0 deletions apps/api/src/framework-editor-versions/framework-manifest-builder.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
import { buildManifestForFramework } from './framework-manifest-builder';

jest.mock('@db', () => ({
db: {
frameworkEditorFramework: { findUnique: jest.fn() },
},
}));
import { db } from '@db';

describe('buildManifestForFramework', () => {
beforeEach(() => jest.clearAllMocks());

it('produces a manifest with framework, requirements, controls, policies, tasks', async () => {
// Shape of the mocked result reflects the REAL schema: requirements -> controlTemplates -> policyTemplates/taskTemplates.
(db.frameworkEditorFramework.findUnique as jest.Mock).mockResolvedValue({
id: 'frk_soc2',
name: 'SOC 2',
version: 'TSC 2017 (rev 2022)',
description: null,
requirements: [
{
id: 'frk_rq_cc61',
identifier: 'CC6.1',
name: 'Logical Access',
description: 'x',
controlTemplates: [
{
id: 'frk_ct_logical_access',
name: 'Logical Access Controls',
description: 'desc',
requirements: [{ id: 'frk_rq_cc61' }],
policyTemplates: [
{ id: 'frk_pt_acc', name: 'Access Policy', description: null, content: [{}], frequency: 'yearly', department: 'it' },
],
taskTemplates: [
{ id: 'frk_tt_rev', name: 'Review Access', description: 'Review quarterly', frequency: 'quarterly', department: 'it' },
],
documentTypes: ['rbac_matrix'],
},
],
},
],
});

const manifest = await buildManifestForFramework('frk_soc2');

expect(manifest.framework.id).toBe('frk_soc2');
expect(manifest.framework.catalogVersion).toBe('TSC 2017 (rev 2022)');
expect(manifest.requirements).toHaveLength(1);
expect(manifest.requirements[0].identifier).toBe('CC6.1');
expect(manifest.controls).toHaveLength(1);
expect(manifest.controls[0].id).toBe('frk_ct_logical_access');
expect(manifest.controls[0].requirementIds).toEqual(['frk_rq_cc61']);
expect(manifest.controls[0].policyIds).toEqual(['frk_pt_acc']);
expect(manifest.controls[0].taskIds).toEqual(['frk_tt_rev']);
expect(manifest.policies).toHaveLength(1);
expect(manifest.tasks).toHaveLength(1);
});

it('dedupes controls/policies/tasks that appear under multiple requirements', async () => {
(db.frameworkEditorFramework.findUnique as jest.Mock).mockResolvedValue({
id: 'frk_iso',
name: 'ISO 27001',
version: '2022',
description: null,
requirements: [
{
id: 'rq_a', identifier: 'A', name: 'A', description: null,
controlTemplates: [
{
id: 'ct_shared', name: 'Shared', description: 'd',
requirements: [{ id: 'rq_a' }, { id: 'rq_b' }],
policyTemplates: [{ id: 'pt_shared', name: 'P', description: null, content: [], frequency: null, department: null }],
taskTemplates: [{ id: 'tt_shared', name: 'T', description: '', frequency: null, department: null }],
documentTypes: [],
},
],
},
{
id: 'rq_b', identifier: 'B', name: 'B', description: null,
controlTemplates: [
{
id: 'ct_shared', name: 'Shared', description: 'd',
requirements: [{ id: 'rq_a' }, { id: 'rq_b' }],
policyTemplates: [{ id: 'pt_shared', name: 'P', description: null, content: [], frequency: null, department: null }],
taskTemplates: [{ id: 'tt_shared', name: 'T', description: '', frequency: null, department: null }],
documentTypes: [],
},
],
},
],
});

const manifest = await buildManifestForFramework('frk_iso');

expect(manifest.controls).toHaveLength(1);
expect(manifest.controls[0].requirementIds.sort()).toEqual(['rq_a', 'rq_b']);
expect(manifest.policies).toHaveLength(1);
expect(manifest.tasks).toHaveLength(1);
});

it('throws when framework not found', async () => {
(db.frameworkEditorFramework.findUnique as jest.Mock).mockResolvedValue(null);
await expect(buildManifestForFramework('missing')).rejects.toThrow('Framework not found');
});
});
98 changes: 98 additions & 0 deletions apps/api/src/framework-editor-versions/framework-manifest-builder.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
import { NotFoundException } from '@nestjs/common';
import { db } from '@db';
import type {
FrameworkManifest,
ManifestControl,
ManifestPolicy,
ManifestTask,
} from '../frameworks/framework-versioning/manifest.types';

export async function buildManifestForFramework(frameworkId: string): Promise<FrameworkManifest> {
const framework = await db.frameworkEditorFramework.findUnique({
where: { id: frameworkId },
include: {
requirements: {
include: {
controlTemplates: {
include: {
requirements: { select: { id: true } },
policyTemplates: true,
taskTemplates: true,
},
},
},
},
},
});

if (!framework) throw new NotFoundException('Framework not found');

// Collect all unique control templates across all requirements, deduped by id.
const controlsMap = new Map<string, ManifestControl>();
const policiesMap = new Map<string, ManifestPolicy>();
const tasksMap = new Map<string, ManifestTask>();

// A control template's `requirements` relation spans every framework that
// has mapped it — filter down to requirements belonging to THIS framework
// so the manifest doesn't reference IDs that aren't in its own `requirements`.
const ownRequirementIds = new Set(framework.requirements.map((r) => r.id));

for (const req of framework.requirements) {
for (const ct of req.controlTemplates) {
if (!controlsMap.has(ct.id)) {
controlsMap.set(ct.id, {
id: ct.id,
name: ct.name,
description: ct.description,
requirementIds: ct.requirements
.map((r) => r.id)
.filter((id) => ownRequirementIds.has(id)),
policyIds: ct.policyTemplates.map((p) => p.id),
taskIds: ct.taskTemplates.map((t) => t.id),
documentTypes: [...ct.documentTypes],
});
}
for (const pt of ct.policyTemplates) {
if (!policiesMap.has(pt.id)) {
policiesMap.set(pt.id, {
id: pt.id,
name: pt.name,
description: pt.description,
content: pt.content,
frequency: pt.frequency,
department: pt.department,
});
}
}
for (const tt of ct.taskTemplates) {
if (!tasksMap.has(tt.id)) {
tasksMap.set(tt.id, {
id: tt.id,
name: tt.name,
description: tt.description,
frequency: tt.frequency,
department: tt.department,
});
}
}
}
}

return {
framework: {
id: framework.id,
name: framework.name,
catalogVersion: framework.version,
description: framework.description,
},
requirements: framework.requirements.map((r) => ({
id: r.id,
identifier: r.identifier,
name: r.name,
description: r.description,
})),
controls: [...controlsMap.values()],
policies: [...policiesMap.values()],
tasks: [...tasksMap.values()],
};
}
Loading
Loading