bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(exports): strip data payload from list endpoint + update audit doc

Browse Source 
- exports/routes: exclude inline data from GET /exports list response
  to prevent returning megabytes of serialized export data (perf+security)
- Update WORKSPACE_TODO_AUDIT.md: add post-audit review section with
  9 bugs found and fixed across 2 commits (73b07c2, 841cdf3), mark
  all action plan sprints complete
- Typecheck clean, 1483/1483 tests pass
This commit is contained in:
saravanakumardb1 2026-03-22 01:23:08 -07:00
parent 841cdf3a16
commit dda38aa009
2 changed files with 40 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
docs/WORKSPACE_TODO_AUDIT.md
View File

@ -79,6 +79,22 @@
--- ---
### Post-Audit Review (2026-03-22) — 8 bugs found in P2/P3 implementations
| # | Location | Bug | Severity | Status |
| --- | ------------------------------------------------ | ---------------------------------------------------------------- | -------- | ------------------ |
| R1 | `diagnostics/subscribers.ts` — session.cancelled | Used non-existent `'generic'` template ID (throws at runtime) | **P0** | ✅ FIXED `73b07c2` |
| R2 | `diagnostics/subscribers.ts` — session.completed | Used non-existent `'generic'` template ID (throws at runtime) | **P0** | ✅ FIXED `73b07c2` |
| R3 | `delivery/templates.ts` | Missing `'broadcast'` template used by broadcast delivery | **P0** | ✅ FIXED `73b07c2` |
| R4 | `broadcasts/routes.ts` — delivery complete | Dot-path `'metrics.sent'` in updateBroadcast (not Cosmos syntax) | **P1** | ✅ FIXED `73b07c2` |
| R5 | `exports/routes.ts` — async processing | Serialized data computed but never stored — no download endpoint | **P1** | ✅ FIXED `73b07c2` |
| R6 | `waitlist/routes.ts` — batch invite | Stored code string as `invitationCodeId` instead of doc ID | **P2** | ✅ FIXED `73b07c2` |
| R7 | `diagnostics/subscribers.ts` — session.created | Target user email not sent (just logging) despite template exist | **P2** | ✅ FIXED `841cdf3` |
| R8 | `events/types.ts` + `delivery/subscribers.ts` | `payment.failed` missing `currency` field (inconsistent schema) | **P2** | ✅ FIXED `841cdf3` |
| R9 | `exports/routes.ts` — list endpoint | Returns full `data` payload in list response (perf/security) | **P2** | ✅ FIXED (pending) |
---
## Items Explicitly NOT TODOs (Excluded) ## Items Explicitly NOT TODOs (Excluded)
These were found in scans but are **not actionable gaps**: These were found in scans but are **not actionable gaps**:
@ -115,24 +131,28 @@ These backends and webs have **no actionable TODOs** — fully implemented:
## Recommended Action Plan ## Recommended Action Plan
### Sprint A (12 days) — Quick Wins ### Sprint A (12 days) — Quick Wins ✅ COMPLETE
1. Wire telemetry `reportError()` in all 3 dashboard `error.tsx` files (~15 min) 1. ~~Wire telemetry `reportError()` in all 3 dashboard `error.tsx` files~~
2. Wire waitlist → invitations module for auto-generated invite codes (~30 min) 2. ~~Wire waitlist → invitations module for auto-generated invite codes~~ ✅
### Sprint B (35 days) — User-Facing Gaps ### Sprint B (35 days) — User-Facing Gaps ✅ COMPLETE
3. Implement user lookup helper for delivery subscribers (payment_failed, trial_expiring, trial_expired) 3. ~~Implement user lookup helper for delivery subscribers~~ ✅
4. Wire survey incentive fulfillment to billing/subscriptions module 4. ~~Wire survey incentive fulfillment to billing/subscriptions module~~ ✅
5. Wire export job processing through the jobs module 5. ~~Wire export job processing through the jobs module~~ ✅
### Sprint C (deferred) — Operational Excellence ### Sprint C (deferred → resolved) ✅ COMPLETE
6. Implement real broadcast audience estimation query 6. ~~Implement real broadcast audience estimation query~~
7. Wire broadcast delivery via event bus 7. ~~Wire broadcast delivery via event bus~~
8. Add CAPTCHA validation to waitlist signup 8. Add CAPTCHA validation to waitlist signup ⏭️ DEFERRED (requires API keys)
9. Telemetry bulk upsert optimization 9. ~~Telemetry bulk upsert optimization~~
10. PagerDuty/Slack integration for FATAL diagnostic logs 10. ~~PagerDuty/Slack integration for FATAL diagnostic logs~~
### Post-Audit Review ✅ COMPLETE
11. ~~8 bugs found and fixed in P2/P3 implementations~~ ✅ (`73b07c2`, `841cdf3`)
--- ---

9
services/platform-service/src/modules/exports/routes.ts
View File

@ -98,13 +98,18 @@ export async function exportRoutes(app: FastifyInstance) {
return reply.status(201).send(created); return reply.status(201).send(created);
}); });
// List export jobs // List export jobs (metadata only — excludes data payload)
app.get('/exports', async req => { app.get('/exports', async req => {
const access = await requireExportRead(req); const access = await requireExportRead(req);
const query = req.query as Record<string, string>; const query = req.query as Record<string, string>;
const limit = query.limit ? parseInt(query.limit, 10) : 20; const limit = query.limit ? parseInt(query.limit, 10) : 20;
const jobs = await repo.listExportJobs(access.productId, Math.min(limit, 100)); const jobs = await repo.listExportJobs(access.productId, Math.min(limit, 100));
return { exports: jobs, count: jobs.length }; const stripped = jobs.map(j => {
const meta = { ...j };
delete meta.data;
return meta;
});
return { exports: stripped, count: stripped.length };
}); });
// Get a specific export job (metadata only, no data payload) // Get a specific export job (metadata only, no data payload)