Skip to content

Promote staging to main#534

Merged
izadoesdev merged 88 commits into
mainfrom
staging
Jul 2, 2026
Merged

Promote staging to main#534
izadoesdev merged 88 commits into
mainfrom
staging

Conversation

@izadoesdev

@izadoesdev izadoesdev commented Jul 1, 2026

Copy link
Copy Markdown
Member

Summary

Promotes the current staging branch to main.

This includes the latest basket Redis alert hardening:

  • retry transient Redis dedup writes before failing open
  • keep single-event ingest work inside the request lifecycle
  • include Redis in basket /health/status

It also includes all changes already accumulated on staging since main.

Validation

  • bun run test src/lib/security.test.ts in apps/basket
  • bun run test src/routes/integration.test.ts in apps/basket
  • bun run check-types in apps/basket
  • commit hooks ran full dotenv -- turbo run check-types
  • push hook ran full dotenv -- turbo run test

Summary by cubic

Promotes staging to main with reliability/logging hardening across ingestion, analytics, and workers; per‑destination alarm fanout; and UI/docs upgrades (react-day-picker@10, recharts@3) plus OpenAI Ads signup conversion tracking with a deployed‑host allowlist. Also keeps background Insights read‑only, tightens memory scoping and website/domain resolution, tolerates partial memory search failures, preserves profile aggregate filter alignment, ensures agent streams always mark done, and formats the public ads config.

  • Reliability & Logging

    • Ingestion: Redis dedup SET NX retries once and fails open on ambiguous retry; await ingest handlers; include Redis in /health/status; Kafka producer marks disconnected on send failure and cleanly disconnects on shutdown (tests added).
    • ClickHouse/API: validate timezones via Intl (fallback to UTC); retry transient CH connection drops once; warn on recovered batch-union fallback; silence AbortError in RPC interceptors; set correct HTTP status for custom ORPC errors.
    • Agent streams: warn on Redis side‑effect failures with a consistent payload; always mark streams done.
    • Workers: Insights/Uptime downgrade stalled‑job and transient Redis errors to WARN; tracking-health timeouts now WARN; stalled‑job telemetry infers job names.
    • Query/Redis: skip unsupported batch filters and keep profile aggregate filter alignment; cacheable adds queryTimeoutMs (applied to website lookup) with tests.
  • Product & Platform

    • Notifications: fan out alarm deliveries per destination/channel; sanitize webhook headers; uptime RPC/alerts send per‑target and preserve “fired alarms” count semantics.
    • Tools/memory: website‑scoped Supermemory containers; thread websiteId through MCP tools; resolve annotation domains to IDs (case‑insensitive); stable non‑constant OAuth token ordering; warn (not error) on SQL tool query failures; tolerate partial memory search failures; background Insights investigations are read‑only; focused tests added.
    • UI/Docs/Deps: migrate charts to recharts@3 and calendars to react-day-picker@10; add OpenAI Ads pixel gated by NEXT_PUBLIC_OPENAI_ADS_PIXEL_ID and a deployed‑host allowlist with CSP allowances; track signup conversions on register/onboarding and harden the flow; expose window.__databuddyFlags types; safer tracker config parsing (tests); symbol sentinel in links cache; docs map htmlUrl, rawHtml, slug for @usenotra/sdk@1.2.2; dependency and workflow bumps including @opentelemetry/sdk-node, @slack/web-api, @json-render/react, cnfast, @tanstack/react-pacer; format/trim public ads config.

Written for commit 148136e. Summary will update on new commits.

Review in cubic

superlog-app Bot and others added 30 commits June 30, 2026 17:42
…ress false-positive ERRORs (#509)

Co-authored-by: Superlog app <bot@superlog.sh>
Co-authored-by: Superlog app <bot@superlog.sh>
Resolve annotation tool website domains to UUIDs before calling annotations RPC.
Downgrade recoverable BullMQ stalled-job events in the uptime worker from error capture to warn logs.
Downgrade request-scoped AI tool errors to warnings so recoverable tool failures do not escalate successful jobs to ERROR.
Validate query timezone names against Intl before passing them to ClickHouse, falling back to UTC for invalid values.
Add optional queryTimeoutMs to cacheable and apply it to basket website lookup to avoid indefinite DB stalls.
Use the shared filter allow-list helper in batch WHERE generation so unsupported fields are skipped consistently instead of throwing or failing type/lint checks.
Mark Kafka send failures as disconnected for cooldown fallback, while tracking initialized producers separately so shutdown still disconnects. Add regression coverage for send failure fallback and shutdown disconnect behavior.
Store analytics summaries in website-scoped Supermemory containers and read/search those containers alongside primary user or API-key memory. Thread websiteId through MCP memory paths and add coverage for container tag consistency.
Log SQL tool query failures at warn level while still rethrowing to callers, reducing false ERROR incidents for recoverable tool failures.
Downgrade expected Redis worker connection/failover errors to WARN, keep unknown worker errors at ERROR, and add focused coverage for the classifier.
Retry single-query analytics executions once on transient ClickHouse connection drops, skip AbortError retries, and add focused coverage for retry/no-retry behavior.
Clean staging replacement for #502. Logs recovered batch_union fallback as WARN with request metadata while preserving ERROR for unrecovered failures. Verified with package tests, root lint, root typecheck, and root tests.
Clean staging replacement for #499. Downgrades best-effort Redis side effects in agent stream persistence to WARN while preserving ERROR for storage reader/background failures. Verified with targeted API tests, root lint, root typecheck, root tests, and GitHub CI/health checks.
Clean staging replacement for #501. Downgrades stalled insights worker jobs to WARN, adds deterministic job-name inference for stalled-job telemetry, and keeps transient Redis worker errors covered by the earlier helper. Verified locally with targeted insights tests, root lint, root typecheck, root tests, and GitHub CI/health checks.
Clean staging replacement for #468. Downgrades only canonical ClickHouse tracking-health timeouts to WARN while keeping unexpected tracking event and blocked-traffic failures at ERROR. Verified with targeted RPC tests, package typecheck/tests, root lint, root typecheck, root tests, and GitHub CI/health checks.
Remove forced tokenlens SourceModel casts and replace the links null cache cast with an honest symbol sentinel.
Remove dashboard and SDK double-casts by using real ref initialization, ORPC result typing, and a shared SDK window flag-manager type.
## Summary
- remove forced `any` writes from tracker config parsing
- keep empty `data-*` attributes as boolean true while preserving empty URL query params as empty strings
- add a unit regression for query-param precedence and empty values

## Verification
- `bunx ultracite check packages/tracker/src/core/utils.ts packages/tracker/tests/unit/utils.test.ts`
- `cd packages/tracker && bun run check-types`
- `cd packages/tracker && bun run test`
- `bun run check-types`
- `bun run lint`
- `bun run test`
- GitHub checks green on PR #519

## Review notes
- Subagent review found the empty query-param coercion regression before merge; fixed and noted in the PR comments.
* fix(notifications): fan out alarm destinations

* fix(notifications): address alarm fanout review
* fix(dashboard): align goals with funnels layout

* fix(dashboard): show public website link immediately

* feat(insights): improve slack digest markdown

* chore(insights): tighten investigation copy guidance

* fix(insights): address slack digest review feedback

* fix(ai): avoid constant oauth token ordering
Updates the pinned changesets/action SHA to the v1.8.0 commit. Verified tag target and fresh staging CI before merge.
Updates the pinned aquasecurity/trivy-action SHA to the v0.36.0 commit. Verified tag target and fresh staging CI before merge.
Bumps the minor-and-patch group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [@earendil-works/pi-agent-core](https://github.com/earendil-works/pi/tree/HEAD/packages/agent) | `0.75.5` | `0.80.2` |
| [@earendil-works/pi-ai](https://github.com/earendil-works/pi/tree/HEAD/packages/ai) | `0.75.5` | `0.80.2` |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.13` | `2.5.1` |
| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.217.0` | `0.219.0` |
| [@json-render/react](https://github.com/vercel-labs/json-render/tree/HEAD/packages/react) | `0.18.0` | `0.19.0` |
| [@tanstack/react-pacer](https://github.com/TanStack/pacer/tree/HEAD/packages/react-pacer) | `0.22.0` | `0.22.1` |
| [cnfast](https://github.com/aidenybai/cnfast/tree/HEAD/packages/cnfast) | `0.0.6` | `0.0.8` |
| [@slack/web-api](https://github.com/slackapi/node-slack-sdk) | `7.16.0` | `7.17.0` |


Updates `@earendil-works/pi-agent-core` from 0.75.5 to 0.80.2
- [Release notes](https://github.com/earendil-works/pi/releases)
- [Changelog](https://github.com/earendil-works/pi/blob/main/packages/agent/CHANGELOG.md)
- [Commits](https://github.com/earendil-works/pi/commits/v0.80.2/packages/agent)

Updates `@earendil-works/pi-ai` from 0.75.5 to 0.80.2
- [Release notes](https://github.com/earendil-works/pi/releases)
- [Changelog](https://github.com/earendil-works/pi/blob/main/packages/ai/CHANGELOG.md)
- [Commits](https://github.com/earendil-works/pi/commits/v0.80.2/packages/ai)

Updates `@biomejs/biome` from 2.4.13 to 2.5.1
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.5.1/packages/@biomejs/biome)

Updates `@opentelemetry/sdk-node` from 0.217.0 to 0.219.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.217.0...experimental/v0.219.0)

Updates `@json-render/react` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/vercel-labs/json-render/releases)
- [Changelog](https://github.com/vercel-labs/json-render/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vercel-labs/json-render/commits/v0.19.0/packages/react)

Updates `@tanstack/react-pacer` from 0.22.0 to 0.22.1
- [Release notes](https://github.com/TanStack/pacer/releases)
- [Changelog](https://github.com/TanStack/pacer/blob/main/packages/react-pacer/CHANGELOG.md)
- [Commits](https://github.com/TanStack/pacer/commits/@tanstack/react-pacer@0.22.1/packages/react-pacer)

Updates `cnfast` from 0.0.6 to 0.0.8
- [Changelog](https://github.com/aidenybai/cnfast/blob/main/packages/cnfast/CHANGELOG.md)
- [Commits](https://github.com/aidenybai/cnfast/commits/HEAD/packages/cnfast)

Updates `@slack/web-api` from 7.16.0 to 7.17.0
- [Release notes](https://github.com/slackapi/node-slack-sdk/releases)
- [Commits](https://github.com/slackapi/node-slack-sdk/compare/@slack/web-api@7.16.0...@slack/web-api@7.17.0)

---
updated-dependencies:
- dependency-name: "@earendil-works/pi-agent-core"
  dependency-version: 0.80.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@earendil-works/pi-ai"
  dependency-version: 0.80.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@biomejs/biome"
  dependency-version: 2.5.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@opentelemetry/sdk-node"
  dependency-version: 0.219.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@json-render/react"
  dependency-version: 0.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@tanstack/react-pacer"
  dependency-version: 0.22.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: cnfast
  dependency-version: 0.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@slack/web-api"
  dependency-version: 7.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@faker-js/faker](https://github.com/faker-js/faker) from 9.9.0 to 10.5.0.
- [Release notes](https://github.com/faker-js/faker/releases)
- [Changelog](https://github.com/faker-js/faker/blob/next/CHANGELOG.md)
- [Commits](faker-js/faker@v9.9.0...v10.5.0)

---
updated-dependencies:
- dependency-name: "@faker-js/faker"
  dependency-version: 10.5.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [react-day-picker](https://github.com/gpbl/react-day-picker/tree/HEAD/packages/react-day-picker) from 9.14.0 to 10.0.1.
- [Release notes](https://github.com/gpbl/react-day-picker/releases)
- [Changelog](https://github.com/gpbl/react-day-picker/blob/main/packages/react-day-picker/CHANGELOG.md)
- [Commits](https://github.com/gpbl/react-day-picker/commits/v10.0.1/packages/react-day-picker)

---
updated-dependencies:
- dependency-name: react-day-picker
  dependency-version: 10.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) from 5.88.1 to 6.22.0.
- [Release notes](https://github.com/webpro-nl/knip/releases)
- [Commits](https://github.com/webpro-nl/knip/commits/knip@6.22.0/packages/knip)

---
updated-dependencies:
- dependency-name: knip
  dependency-version: 6.22.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0 issues found across 4 files (changes from recent commits).

Shadow auto-approve: would not auto-approve. Auto-approval blocked by 5 unresolved issues from previous reviews.

Re-trigger cubic

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0 issues found across 11 files (changes from recent commits).

Shadow auto-approve: would require human review. Promotes staging to main with diverse changes including dependency upgrades, Redis hardening, Kafka producer fixes, and UI library migrations; requires human review for safe deployment.

Re-trigger cubic

@izadoesdev
izadoesdev marked this pull request as ready for review July 1, 2026 17:13
@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Too many files changed for review. (105 files found, 100 file limit)

Bypass the limit by tagging @greptile-apps to review.

@izadoesdev

Copy link
Copy Markdown
Member Author

Reviewed current head d83b9e8 after the follow-up fixes.

Fixed and tracked:

  • Insights background generation is now read-only/dry-run; service auth is limited to read:data.
  • Supermemory no longer uses the global anonymous container for website-scoped memory, and reads/searches still include legacy tags.
  • Tool website domain fallback now compares normalized domains.
  • Basket dedup treats ambiguous Redis retry nulls as non-duplicate/fail-open.
  • Agent streaming always attempts markStreamDone, even after append failures.
  • Earlier uptime alarm-count semantics and agent stream severity cleanup are already fixed in 43f99df and 15c0dd5.

Verification:

  • Local: bun run lint, bun run check-types, bun run test.
  • GitHub: all checks green on d83b9e8, including Lint, Check Types, Test, Dashboard Playwright, CodeQL, health checks, Socket, Cubic, Vercel, and Railway.
  • Cubic latest review: 0 issues found across 11 files; only human review required because this is a broad staging-to-main promotion.
  • Socket warning is a transitive @emnapi/runtime alert via knip/OXC tooling, not a direct runtime dependency change here.

No remaining blocking findings from my review. GitHub would not let me submit an approval because it treats this as my own PR, so recording the approval-equivalent review here.

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 issues found across 8 files (changes from recent commits).

Shadow auto-approve: would not auto-approve because issues were found.
Tip: Review your code locally with the cubic CLI to iterate faster.

Re-trigger cubic

Comment thread apps/dashboard/app/layout.tsx Outdated
Comment thread apps/dashboard/.env.example

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0 issues found across 4 files (changes from recent commits).

Shadow auto-approve: would require human review. Large staging promotion with high-impact changes: major dependency bumps (effect@4 beta, opentelemetry), CI/CD action version upgrades, core refactors in basket producer and API error handling. Human review needed to validate each change.

Re-trigger cubic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant