fix(cloud-tests): preserve batch finding cancellations

[tofikwest]

Summary

• preserve per-finding cancelled state when batch progress persists full finding snapshots
• persist a finding's fixing state before execution, then recheck cancellation before calling execute
• use the same cancellation-preserving persistence path for final batch completion

Verification

• bunx vitest run src/trigger/tasks/cloud-security
• bunx eslint src/trigger/tasks/cloud-security/remediate-batch.ts src/trigger/tasks/cloud-security/remediate-batch-helpers.ts src/trigger/tasks/cloud-security/remediate-batch-helpers.test.ts
• bunx prettier --check apps/app/src/trigger/tasks/cloud-security/remediate-batch.ts apps/app/src/trigger/tasks/cloud-security/remediate-batch-helpers.ts apps/app/src/trigger/tasks/cloud-security/remediate-batch-helpers.test.ts
• git diff --check

Notes

• bun run typecheck in apps/app still fails on existing baseline issues outside this patch, including stale component test fixtures, AI SDK v2/v3 type mismatches, and better-auth duplicate package types.

---

Summary by cubic

Fixes remediation batches to preserve per-finding cancellations and stop cancelled findings from executing. Adds serializable, retryable progress persistence to keep counts and final status correct.

• Bug Fixes
  • Preserve cancelled findings when saving progress.
  • Persist "fixing", then re-check and skip execution if cancelled.
  • Wrap progress updates in a serializable transaction; retry on Prisma P2034 conflicts and re-read cancellations on retry.
  • Recalculate fixed/failed/skipped; count cancelled as skipped.
  • Use persistProgress for final completion with optional terminal status. Tests added for cancellation and retry.

^{Written for commit 199dfc3. Summary will update on new commits. Review in cubic}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
app	Ready	Preview, Comment	May 22, 2026 1:22am
comp-framework-editor	Ready	Preview, Comment	May 22, 2026 1:22am

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
portal	Skipped		May 22, 2026 1:22am

[cubic-dev-ai]

1 issue found across 3 files

Confidence score: 3/5

• There is a concrete concurrency risk in apps/app/src/trigger/tasks/cloud-security/remediate-batch-helpers.ts: persistProgress does a read-then-write, so a cancellation that occurs between findUnique and update may be overwritten.
• This is a medium-severity (6/10) issue with moderate confidence (6/10), which suggests some user-impacting regression risk rather than a merge-blocking failure.
• The change may still be mergeable, but it carries non-trivial risk around cancellation correctness and task state integrity.
• Pay close attention to apps/app/src/trigger/tasks/cloud-security/remediate-batch-helpers.ts - the read/write window in persistProgress can clobber cancellation updates.

<sub>Reply with feedback, questions, or to request a fix.

Fix all with cubic | Re-trigger cubic</sub>

[claudfuen]

🎉 This PR is included in version 3.62.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀