Skip to content

[comp] Production Deploy#3399

Merged
tofikwest merged 4 commits into
releasefrom
main
Jul 14, 2026
Merged

[comp] Production Deploy#3399
tofikwest merged 4 commits into
releasefrom
main

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.


Summary by cubic

Automatically retries failed penetration-test runs, dedupes duplicate webhook‑triggered retries at the provider, and collapses each lineage into a single, stable run in the UI. Cleans up failure messages and keeps status/progress consistent to hide transient failures.

  • New Features

    • Auto‑retry failed scans up to 2 times; dedupe concurrent retries with a deterministic Idempotency‑Key; never retry cancelled runs and block the whole lineage.
    • Collapse each scan lineage to its root id; APIs/UI show one run while provider calls follow the active attempt.
    • Mask a fresh, non‑final failed attempt as in‑progress for 10 minutes only when retry‑eligible (under the cap and has stored scan params); reveal failed otherwise or once lineage is exhausted/grace elapses.
    • Replace raw provider errors with clear, white‑labeled messages; humanize real runtime caps and fall back to a generic message for malformed or absurd caps.
    • Align progress status with report status so both surfaces are consistent.
    • Preserve an explicit empty checks list on retry; small UI tweak: remove the “Common causes” list and show the refined failure message.
    • Billing: use a unique reservation id for retries so webhook redelivery re‑debits correctly; rely on provider idempotency to dedupe scans.
  • Migration

    • Add columns: attempt_number, root_run_id, retry_of_provider_run_id, retry_triggered_at, retry_blocked_at, scan_params; add index on root_run_id.
    • Backfill root_run_id for existing runs; no manual steps required.

Written for commit 6033674. Summary will update on new commits.

Review in cubic

github-actions Bot and others added 2 commits July 13, 2026 14:37
…d-scans

feat(api): auto-retry failed pentest scans and clean up failure messages
@vercel

vercel Bot commented Jul 14, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
comp-framework-editor (staging) Ready Ready Preview, Comment Jul 14, 2026 2:57am
2 Skipped Deployments
Project Deployment Actions Updated (UTC)
app (staging) Skipped Skipped Jul 14, 2026 2:57am
portal (staging) Skipped Skipped Jul 14, 2026 2:57am

Request Review

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All reported issues were addressed across 11 files

Confidence score: 5/5

  • Safe to merge after the addressed issues were fixed.

Tip: instead of fixing issues one by one fix them all with cubic

Re-trigger cubic

Comment thread apps/api/src/security-penetration-tests/security-penetration-tests.service.ts Outdated
Comment thread apps/api/src/security-penetration-tests/pentest-run-error.util.ts Outdated
* fix(api): pentest retry follow-ups from production review

- Enforce one auto-retry child per parent (unique index on
  retry_of_provider_run_id, dedup-guarded migration) so concurrent duplicate
  failure webhooks can't create two retry scans or a nondeterministic active
  attempt.
- Preserve an explicit empty check selection ([]) on retry instead of dropping
  it (which let the provider fall back to its default check set).
- Only mask a failure as in-progress when the run is actually retry-eligible
  (under the attempt cap and has stored scan params), so pre-feature runs with
  no scan params reveal their failure immediately instead of showing
  provisioning for the grace window.
- Treat a malformed non-positive runtime cap (e.g. "cap 0m") as unrecognized
  and return the generic message instead of "maximum runtime of its time limit".

* fix(api): dedupe pentest retries at the provider via idempotency key

Replaces the DB unique-constraint approach with a Maced idempotency key so
concurrent duplicate failure webhooks dedupe at the provider — the key fix,
since the constraint only prevented duplicate rows AFTER both requests had
already launched a provider scan (orphaning the loser).

- Auto-retries pass a deterministic Idempotency-Key (`retry:<parentRunId>`);
  Maced returns the same run for concurrent duplicates, so only one scan runs
  and only one ownership row is written (via the existing providerRunId upsert).
- Drop the retry_of_provider_run_id unique index + its dedup migration
  (no longer needed, and the migration's row-delete could orphan provider runs).
- Retry-eligibility (for status masking) now reuses fromScanParams validation
  instead of a shallow null check, so malformed stored params reveal the failure
  immediately rather than masking it.
- Runtime-cap message now requires a safe integer cap, so absurd oversized caps
  fall through to the generic message.

* fix(api): make pentest retry billing reservation idempotent

Concurrent duplicate failure webhooks converged on one provider run (via the
idempotency key) but still reserved two subscription allowances — each call
used a random reservation id, so only one landed on the shared ownership row
and the other allowance was orphaned (never refunded), double-charging the
customer. Retries now use a deterministic reservation id
(`pending:retry:<parentRunId>`); billing consumption is idempotent on it, so
duplicates debit exactly once.

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All reported issues were addressed across 6 files (changes from recent commits).

Reply with feedback, questions, or to request a fix.

Fix all with cubic | Re-trigger cubic

Comment thread apps/api/src/security-penetration-tests/security-penetration-tests.service.ts Outdated
…redelivery) (#3401)

The deterministic pending:retry:<parent> reservation id introduced a worse,
realistic bug: billing consume is idempotent on the id AND a refund leaves the
consume event in place, so a failed-create-then-refund followed by the standard
webhook redelivery would reuse the key, skip the debit, and run the scan for
free. Revert to a unique random reservation id so redelivery re-debits
correctly. Concurrent duplicate SCANS are still deduped by the Maced
idempotency key; the residual concurrent-only over-charge requires concurrent
duplicate webhook delivery (unverified) and is not worth the regression risk of
a shared reservation.
@vercel vercel Bot temporarily deployed to staging – portal July 14, 2026 02:56 Inactive
@vercel vercel Bot temporarily deployed to staging – app July 14, 2026 02:56 Inactive
@tofikwest tofikwest merged commit 1f1f803 into release Jul 14, 2026
14 checks passed
@claudfuen

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 3.101.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants