fix(agreements): Signing-tab send accepts non-UUID agreementId/inspectionId#131
Closed
important-new wants to merge 10 commits into
Closed
fix(agreements): Signing-tab send accepts non-UUID agreementId/inspectionId#131important-new wants to merge 10 commits into
important-new wants to merge 10 commits into
Conversation
The DB stores dates as ISO datetimes (e.g. '2026-05-29T09:00:00'). This value was loaded verbatim into the form, causing two problems: 1. <input type='date'> could not parse it (showed empty placeholder) 2. sanitizeSettingsPatch bypassed the date→ISO conversion, so the API received a datetime without a timezone suffix, failing z.string().datetime() Fix: strip the time component on load so the date picker gets 'YYYY-MM-DD', which sanitizeSettingsPatch then correctly converts to a Z-suffixed ISO string. Applied to closingDate too for consistency.
api.team.members returns {data:{members:[...]}} — the loader was reading
body.data (an object) and calling .filter() on it, causing a TypeError crash.
Align with the BFF sheet route which correctly reads data?.members.
…ings BFF pageSize: "200" fails Zod refine (valid: 12/25/50/100); the .catch(() => null) silently swallowed the 400 so the template dropdown was always empty. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…lates & dashboard - TemplateCombobox: new reusable combobox with debounced search, cursor pagination (25/page), keyboard nav, load-more; replaces <select> in InspectionSettingsSheet (also fixes pageSize 200->100 Zod refine bug) - /resources/template-search BFF: token-relay loader for TemplateCombobox - templates.tsx: upgraded from client-side useMemo to URL-based server-side search (?q=) with 350ms debounce; sort remains client-side - server: listTemplates() gains optional q param with LIKE filter; listTemplatesRoute schema extended with q; exactOptionalPropertyTypes fix - /resources/inspection-search BFF: full cross-all-inspections search via GET /api/inspections with search+cursor params - dashboard.tsx: searchQuery now triggers server-side BFF fetch (300ms debounce) instead of client-side bucket filter; load-more for results Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…0 data-integrity batch)
…eadiness + envelope secrets)
…tionId (TEXT ids) The Track I-a SendAgreementSchema gated agreementId + inspectionId with .uuid(), which 400'd legitimate non-UUID rows (Spectora-imported / seeded templates and inspections — agreements.id and inspections.id are TEXT, the handler resolves them by tenant-scoped lookup). Relaxes both to .min(1), matching the hub send fix in inspection.schema.ts. Adds a regression test. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Contributor
Author
|
Closing — wrong direction. Verified production agreements.id / inspections.id are ALWAYS canonical UUIDs (crypto.randomUUID() at every create site; Spectora import preserves external ids only for template-internal items, never PKs). The only non-UUID ids are test seeds. So .uuid() validation is correct and protective; relaxing it is an unnecessary compat shim, against the project's pre-launch-no-compat principle. Instead we'll re-tighten #111's relaxation and canonicalize test seeds (separate PR). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Track I-a's
SendAgreementSchema(Signing-tab / admin send) validatesagreementIdandinspectionIdwith.uuid(). Butagreements.idandinspections.idare TEXT columns and may hold non-UUID values — e.g. Spectora-imported or seeded rows. So a tenant who imported templates/inspections can send via the inspection hub (already fixed ininspection.schema.ts, #111) but gets a 400 from the Signing-tab send. The handler resolves both ids by tenant-scoped lookup, so.uuid()only rejects legitimate rows — it adds no safety.Fix
Relax both to
z.string().min(1), matching the hub-send fix and rationale. Adds a regression test that sends with non-UUIDagreementId/inspectionIdand asserts 200.Surfaced while reconciling the
feat/inspection-hub(#111) branch against the just-merged Track I-a (#130) during post-merge cleanup — #111 had independently fixed the identical class of bug on the hub path.Testing
agreement-send-endpoints12/12 · type-check:api 0 · pre-commit gates (lint/DS/erasure-manifest/bundle) green.🤖 Generated with Claude Code