fix(exports): strip data payload from list endpoint + update audit doc

- exports/routes: exclude inline data from GET /exports list response to prevent returning megabytes of serialized export data (perf+security) - Update WORKSPACE_TODO_AUDIT.md: add post-audit review section with 9 bugs found and fixed across 2 commits (73b07c2, 841cdf3), mark all action plan sprints complete - Typecheck clean, 1483/1483 tests pass
2026-03-22 01:23:08 -07:00 · 2026-03-22 01:23:08 -07:00 · dda38aa009
commit dda38aa009
parent 841cdf3a16
2 changed files with 40 additions and 15 deletions
--- a/docs/WORKSPACE_TODO_AUDIT.md
+++ b/docs/WORKSPACE_TODO_AUDIT.md
@ -79,6 +79,22 @@

 ---

+### Post-Audit Review (2026-03-22) — 8 bugs found in P2/P3 implementations
+
+| #   | Location                                         | Bug                                                              | Severity | Status             |
+| --- | ------------------------------------------------ | ---------------------------------------------------------------- | -------- | ------------------ |
+| R1  | `diagnostics/subscribers.ts` — session.cancelled | Used non-existent `'generic'` template ID (throws at runtime)    | **P0**   | ✅ FIXED `73b07c2` |
+| R2  | `diagnostics/subscribers.ts` — session.completed | Used non-existent `'generic'` template ID (throws at runtime)    | **P0**   | ✅ FIXED `73b07c2` |
+| R3  | `delivery/templates.ts`                          | Missing `'broadcast'` template used by broadcast delivery        | **P0**   | ✅ FIXED `73b07c2` |
+| R4  | `broadcasts/routes.ts` — delivery complete       | Dot-path `'metrics.sent'` in updateBroadcast (not Cosmos syntax) | **P1**   | ✅ FIXED `73b07c2` |
+| R5  | `exports/routes.ts` — async processing           | Serialized data computed but never stored — no download endpoint | **P1**   | ✅ FIXED `73b07c2` |
+| R6  | `waitlist/routes.ts` — batch invite              | Stored code string as `invitationCodeId` instead of doc ID       | **P2**   | ✅ FIXED `73b07c2` |
+| R7  | `diagnostics/subscribers.ts` — session.created   | Target user email not sent (just logging) despite template exist | **P2**   | ✅ FIXED `841cdf3` |
+| R8  | `events/types.ts` + `delivery/subscribers.ts`    | `payment.failed` missing `currency` field (inconsistent schema)  | **P2**   | ✅ FIXED `841cdf3` |
+| R9  | `exports/routes.ts` — list endpoint              | Returns full `data` payload in list response (perf/security)     | **P2**   | ✅ FIXED (pending) |
+
+---
+
 ## Items Explicitly NOT TODOs (Excluded)

 These were found in scans but are **not actionable gaps**:
@ -115,24 +131,28 @@ These backends and webs have **no actionable TODOs** — fully implemented:

 ## Recommended Action Plan

-### Sprint A (1–2 days) — Quick Wins
+### Sprint A (1–2 days) — Quick Wins ✅ COMPLETE

-1. Wire telemetry `reportError()` in all 3 dashboard `error.tsx` files (~15 min)
-2. Wire waitlist → invitations module for auto-generated invite codes (~30 min)
+1. ~~Wire telemetry `reportError()` in all 3 dashboard `error.tsx` files~~ ✅
+2. ~~Wire waitlist → invitations module for auto-generated invite codes~~ ✅

-### Sprint B (3–5 days) — User-Facing Gaps
+### Sprint B (3–5 days) — User-Facing Gaps ✅ COMPLETE

-3. Implement user lookup helper for delivery subscribers (payment_failed, trial_expiring, trial_expired)
-4. Wire survey incentive fulfillment to billing/subscriptions module
-5. Wire export job processing through the jobs module
+3. ~~Implement user lookup helper for delivery subscribers~~ ✅
+4. ~~Wire survey incentive fulfillment to billing/subscriptions module~~ ✅
+5. ~~Wire export job processing through the jobs module~~ ✅

-### Sprint C (deferred) — Operational Excellence
+### Sprint C (deferred → resolved) ✅ COMPLETE

-6. Implement real broadcast audience estimation query
-7. Wire broadcast delivery via event bus
-8. Add CAPTCHA validation to waitlist signup
-9. Telemetry bulk upsert optimization
-10. PagerDuty/Slack integration for FATAL diagnostic logs
+6. ~~Implement real broadcast audience estimation query~~ ✅
+7. ~~Wire broadcast delivery via event bus~~ ✅
+8. Add CAPTCHA validation to waitlist signup ⏭️ DEFERRED (requires API keys)
+9. ~~Telemetry bulk upsert optimization~~ ✅
+10. ~~PagerDuty/Slack integration for FATAL diagnostic logs~~ ✅
+
+### Post-Audit Review ✅ COMPLETE
+
+11. ~~8 bugs found and fixed in P2/P3 implementations~~ ✅ (`73b07c2`, `841cdf3`)

 ---

--- a/services/platform-service/src/modules/exports/routes.ts
+++ b/services/platform-service/src/modules/exports/routes.ts
@ -98,13 +98,18 @@ export async function exportRoutes(app: FastifyInstance) {
    return reply.status(201).send(created);
  });

-  // List export jobs
+  // List export jobs (metadata only — excludes data payload)
  app.get('/exports', async req => {
    const access = await requireExportRead(req);
    const query = req.query as Record<string, string>;
    const limit = query.limit ? parseInt(query.limit, 10) : 20;
    const jobs = await repo.listExportJobs(access.productId, Math.min(limit, 100));
-    return { exports: jobs, count: jobs.length };
+    const stripped = jobs.map(j => {
+      const meta = { ...j };
+      delete meta.data;
+      return meta;
+    });
+    return { exports: stripped, count: stripped.length };
  });

  // Get a specific export job (metadata only, no data payload)