Skip to content

Skip review for known and trusted senders for Payables Agent tasks#9088

Open
mynjj wants to merge 6 commits into
mainfrom
features/pa-skip-review-trusted
Open

Skip review for known and trusted senders for Payables Agent tasks#9088
mynjj wants to merge 6 commits into
mainfrom
features/pa-skip-review-trusted

Conversation

@mynjj

@mynjj mynjj commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Fixes AB#625413

Joshua Martínez Pineda added 5 commits July 3, 2026 14:28
Replace the all-or-nothing 'Review Incoming Invoice' boolean with an 'Email Review Policy' (Unset/Only if untrusted/Never/Always), secure-by-default with a forced decision at activation. In 'Only if untrusted', emails skip review when they arrive in a configured subfolder, or when compauth=pass and the sender is an Approved known sender. Per-sender policy (Ask/Approve/Reject) added to known senders; Reject skips task creation. Enable Load Headers in the Microsoft365 connector so compauth is available. Confirms/notifications surface when the known-senders list is inert (folder or policy). Upgrade maps true->Always, false->Only if untrusted. Same-tenant/VerifiedDomains check deferred.
- IsSenderAuthenticated: fall back to X-MS-Exchange-Organization-AuthAs=Internal so intra-tenant (onmicrosoft) mail without compauth is still trusted.- Folder tooltip now references the 'Only if untrusted' review policy.- Rename known-senders 'inert' wording to 'unused'; rename ClassifySetupChangeImpact -> ClassifyKnownSendersUnusedByChange and *InertReason -> *UnusedReason.- Confirm() takes format args directly (drop StrSubstNo); remove the unnecessary monitoring-off confirmation.- Replace PA Known Sender.GetPolicy with GetForEDocument returning the record, used by both ShouldRequestReview and IsSenderRejected.
…-only line

ShouldRequestReview now trusts authenticated, unknown senders when the source email is stamped X-MS-Exchange-Organization-AuthAs=Internal, covering intra-tenant (onmicrosoft) mail without a Graph/VerifiedDomains call. Explicit per-sender policy still takes precedence. Factored source-email header reads into TryGetSourceEmailHeader and split IsSenderInternal from IsSenderAuthenticated. Restored EDocPOMatching.ConfigureDefaultPOMatchingSettings() (dev-only edit).
Move the security audit into PA Known Sender OnInsert/OnModify triggers so any write path (agent auto-add, manual page add, manual policy edit) is logged when a record is or becomes Approve. InsertIfNew now inserts with triggers; the page-level OnValidate audit is removed as redundant.
@mynjj mynjj requested review from a team July 3, 2026 15:15
@github-actions github-actions Bot added the AL: Apps (W1) Add-on apps for W1 label Jul 3, 2026
@github-actions github-actions Bot added this to the Version 29.0 milestone Jul 3, 2026
Comment thread src/Apps/W1/PayablesAgent/app/Integration/PAKnownSenders.Page.al
Comment thread src/Apps/W1/PayablesAgent/app/Setup/PayablesAgentSetup.Page.al
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Copilot PR Review

Iteration 2 · Outcome: completed

Knowledge source: https://github.com/microsoft/BCQuality@822cae1b2771ac25f665f73369f69093bd4fd630

Orchestrator pre-filter (13 file(s) excluded)

  • layer-disabled (knowledge) : 13 file(s)

Findings produced by the Copilot CLI agent against BCQuality at 822cae1b2771ac25f665f73369f69093bd4fd630. Reply 👎 on any inline comment to flag false positives.

- Activation guard message now explains that Email review sets when incoming emails need supervisor approval.- Dropdown option 'Only if untrusted' -> 'Only untrusted senders'.- Known-senders hint describes adding regular senders and auto-approving trusted ones.
@mynjj mynjj enabled auto-merge July 4, 2026 20:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

AL: Apps (W1) Add-on apps for W1

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants