fix(cloud-tests): cubic follow-ups from production deploy review#2864
Merged
Conversation
Four real issues caught by cubic on the main→release deploy review. The two Jest-hoisting findings (exception/reconciliation specs) were skipped — that rule is babel-jest only, project uses ts-jest, all tests pass in CI. P1 — "Fix All" could target passing findings Service groups store the merged failed+passed set, and `canFixFinding` returns a key for any finding with a `findingKey` regardless of status. The batch dialog was happily including already-passing checks in the remediation target list. Now filter by `status === 'failed'` before consulting canFixFinding. P2 — exception-expiry accepted timezone-less timestamps ISO 8601 regex made the timezone offset optional, so `2026-08-13T23:59:59` passed validation but `new Date()` parsed it in server-local time — same input, different expiry on UTC vs Pacific hosts. Made the offset required; updated the spec to assert both acceptance (with offset) and rejection (without offset). P2 — dead `!prior.passed === false` in reconciliation The line evaluated identically to the very next `if (prior.passed) continue`. Removed; behavior unchanged, clarity restored. P2 — ISO control-number regex was case-sensitive `/\bA\.\d+\.\d+(\.\d+)?\b/` had no /i flag, so lowercase variants like "a.5.1.2" would slip past the forbidden-content guard. Added /i and a regression test. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
|
🎉 This PR is included in version 3.56.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Cubic flagged 5 issues on PR #2862 (the auto-generated
main → releaseproduction deploy PR). 4 were real and are fixed here; 1 was a false positive (jest hoisting with ts-jest).Real bugs fixed
CloudTestsSection.tsxcanFixFindingdoesn't gate on status — so a passing check could be queued for remediation. Now filtered explicitly.exception-expiry.utils.tsZ/+00:00got parsed in server-local time, giving inconsistent expiries on UTC vs Pacific hosts. Offset now required.reconciliation.service.ts!prior.passed === falseline — identical to the nextif (prior.passed) continue. Removed for clarity.ai-description.prompt.ts\bA\.\d+\.\d+(\.\d+)?\b/lacked/i, so lowercase ISO 27001 control citations (a.5.1.2) slipped past the forbidden-content guard. Added/iand a regression test.False positive skipped
exception.service.spec.ts/reconciliation.service.spec.ts: that rule is enforced bybabel-plugin-jest-hoist(default in babel-jest). This project uses ts-jest, which doesn't enforce the strictmock*naming convention. CI is green and all 145 tests pass. Renaming would be cosmetic insurance against a future babel-jest migration; not blocking.Test plan
npx jest src/cloud-security/exception-expiry src/cloud-security/ai-description src/cloud-security/reconciliation— 32 tests passnpx tsc --noEmiton both apps/api and apps/app — clean for changed filesgroup.failed > 1guard already gates the button, so this fix is belt-and-suspenders for any future code path that opens the batch dialog directly)expiresAt = "2026-08-13T23:59:59"(no TZ) and confirm the API rejects with a clear message🤖 Generated with Claude Code
Summary by cubic
Fixes four issues flagged by Cubic in the production deploy review to prevent incorrect batch remediation and ensure consistent validation. One Jest hoisting warning was a false positive and skipped.
canFixFinding.!prior.passed === falsecheck for clarity; behavior unchanged.a.5.1.2).Written for commit 33042e7. Summary will update on new commits. Review in cubic