Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
1 Skipped Deployment
|
…oyee-access check (#3352) * feat(integrations): emit per-user rows from the Google Workspace employee-access check One row per person (resourceType 'user', resourceId = lowercased email) instead of a single org-level row with the roster buried in evidence — person-scoped features join check results to org members by email. Role resolution, filtering, and pagination unchanged; a zero-user run still emits one org-level summary row. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013WLGUUjG6uLd6xvNhUpge1 * docs(skills): document the person-scoped check shape contract in check-results-service Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013WLGUUjG6uLd6xvNhUpge1 * docs(skills): make the person-scoped shape contract self-contained The section referenced a skill file that lives outside the repo; inline the normative definition instead so the cross-reference isn't broken for repo readers. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013WLGUUjG6uLd6xvNhUpge1 --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
…#3349) * feat(people): access tab on member details, per connected integration New tab on the member page aggregating the latest Employee Access check results from every connected integration bound to the Employee Access evidence task (CheckResultsService consumer #2). Rows show logo, name, access summary, and an honest match state (found / no match for this member / check not run); expanding reveals curated fields plus the raw record. Extractor tolerates both check shapes: per-user rows and org-level rosters embedded in evidence. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(integration-platform): universal ai fallback for person-in-evidence extraction Shared EvidenceExtractionService: deterministic shape matching, then an email pre-gate (absent email = confident not-found, no AI call), then a claude-haiku-4-5 structured-output fallback for unknown evidence shapes. Access tab consumes it; AI-extracted entries are labeled in the UI and unreadable shapes surface as 'Needs manual review' instead of a blank. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * refactor(people): access tab reads the per-person check standard directly — drop AI extraction Person-scoped checks now emit one row per person (resourceType 'user', resourceId = lowercased email), so matching a member's access is a plain filter. Removes EvidenceExtractionService (deterministic ladder + AI fallback), its spec, module wiring, and the AI badge / unparsed state in the UI. New 'no-person-data' state distinguishes sources whose vendor API has no roster. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013WLGUUjG6uLd6xvNhUpge1 * fix(people): harden access rows against API contract drift Fallback badge for unknown matchType values (the union is compile-time only; deserialized JSON can carry states this build doesn't know), and content-derived entry keys so uncontrolled <details> elements follow their entry through reorders instead of the array index. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013WLGUUjG6uLd6xvNhUpge1 * fix(people): key access entries by a stable API-provided id Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013WLGUUjG6uLd6xvNhUpge1 * fix(people): key access entries by the result row's database id Expose the IntegrationCheckResult id through the CheckResultRow envelope and use it as the entry id — unique and stable by construction, no positional derivation. Also order a run's result rows deterministically in the repository (Postgres guarantees no order without one). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013WLGUUjG6uLd6xvNhUpge1 --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Contributor
|
🎉 This PR is included in version 3.97.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.
Summary by cubic
Gate 2FA provider selection to identity-provider integrations and add a new Access tab on each member’s page that shows what they can access across connected tools. Google Workspace employee-access now emits one row per user to power this view; zero-user runs still return an org-level summary.
categoryon bound sources from@trycompai/integration-platformand limit 2FA providers to IdPs; non-IdP selections are rejected./v1/people/:id/accessAPI and UI tab aggregating latest Employee Access results per connected source; matches by lowercased email on'user'rows (resourceId= email), shows curated fields + raw evidence, uses stableresultIdkeys with deterministic row ordering; supports matched / not-matched / no-person-data / no-data states.Written for commit 83f188c. Summary will update on new commits.