Skip to content

[comp] Production Deploy#3263

Merged
tofikwest merged 7 commits into
releasefrom
main
Jun 23, 2026
Merged

[comp] Production Deploy#3263
tofikwest merged 7 commits into
releasefrom
main

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.


Summary by cubic

Fixes the 404 error when saving context or remediation notes on pentest findings. We now send the page’s pentest run id to the API instead of the provider per-issue runId.

  • Bug Fixes
    • In FindingContextSection, save against the page runId (pentest run) rather than issue.runId to satisfy ownership checks.
    • Added a test to confirm saveContext is called with the page run id.

Written for commit 4aa79bd. Summary will update on new commits.

Review in cubic

tofikwest and others added 7 commits June 23, 2026 15:10
## Problem

Users see a bare HTTP 404 error when submitting context or remediation notes on a penetration test finding.

## Root cause

FindingContextSection.tsx computes the runId with wrong precedence: `resolvedRunId = issue.runId ?? runId`. Since Issue.runId is non-nullable in the generated types, it always wins. This causes the save endpoint to send the provider's per-issue runId instead of the actual pentest run.id.

The ownership check in assertRunOwnership looks for an ownership marker keyed on providerRunId (which equals run.id), so it finds nothing and throws a NotFoundException with no message field. This surfaces to the user as a bare "HTTP 404:" error.

Viewing a finding uses run.id and works fine. Saving uses issue.runId and 404s. Code-path asymmetry.

## Fix

Flip the precedence to `runId ?? issue.runId`. This ensures we use the pentest run id first, falling back to the issue's run id only if needed.

## Explicitly NOT touched

- No changes to assertRunOwnership logic or error handling
- No database migrations or schema changes
- No changes to the ownership marker creation

## Verification

✅ Tested context submission on a pentest finding in org_69840a18d99f827ad3de64c8
✅ Ownership check now finds the correct marker
✅ Save endpoint returns 200 instead of 404
✅ Finding view still works as before
fix(pentest): use run id instead of issue run id for context submission
@vercel

vercel Bot commented Jun 23, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
app (staging) Ready Ready Preview, Comment Jun 23, 2026 9:04pm
comp-framework-editor (staging) Ready Ready Preview, Comment Jun 23, 2026 9:04pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
portal (staging) Skipped Skipped Jun 23, 2026 9:04pm

Request Review

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

Re-trigger cubic

@tofikwest tofikwest merged commit fbd00c4 into release Jun 23, 2026
14 checks passed
@claudfuen

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 3.90.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants