feat(cloud-security): implement transaction for scan run and results creation (#2101)

github-actions[bot] · tofikwest · web-flow · commit 0cfbce682050 · 2026-02-03T14:38:14.000-05:00
Co-authored-by: Tofik Hasanov &lt;annexcies@gmail.com&gt;
diff --git a/apps/api/src/cloud-security/cloud-security.service.ts b/apps/api/src/cloud-security/cloud-security.service.ts
@@ -228,37 +228,40 @@ export class CloudSecurityService {
     const passedCount = findings.filter((f) => f.passed).length;
     const failedCount = findings.filter((f) => !f.passed).length;
 
-    // Create a scan run record
-    const scanRun = await db.integrationCheckRun.create({
-      data: {
-        connectionId,
-        checkId: `${provider}-security-scan`,
-        checkName: `${provider.toUpperCase()} Security Scan`,
-        status: 'success',
-        startedAt: new Date(),
-        completedAt: new Date(),
-        totalChecked: findings.length,
-        passedCount,
-        failedCount,
-      },
-    });
-
-    // Store each finding as a check result
-    if (findings.length > 0) {
-      await db.integrationCheckResult.createMany({
-        data: findings.map((finding) => ({
-          checkRunId: scanRun.id,
-          passed: finding.passed ?? false,
-          resourceType: finding.resourceType,
-          resourceId: finding.resourceId,
-          title: finding.title,
-          description: finding.description,
-          severity: finding.passed ? 'info' : finding.severity, // Passed checks are info level
-          remediation: finding.remediation,
-          evidence: (finding.evidence || {}) as object,
-          collectedAt: new Date(finding.createdAt),
-        })),
+    // Use a transaction to ensure atomicity - both run and results are created together
+    await db.$transaction(async (tx) => {
+      // Create a scan run record
+      const scanRun = await tx.integrationCheckRun.create({
+        data: {
+          connectionId,
+          checkId: `${provider}-security-scan`,
+          checkName: `${provider.toUpperCase()} Security Scan`,
+          status: 'success',
+          startedAt: new Date(),
+          completedAt: new Date(),
+          totalChecked: findings.length,
+          passedCount,
+          failedCount,
+        },
       });
-    }
+
+      // Store each finding as a check result
+      if (findings.length > 0) {
+        await tx.integrationCheckResult.createMany({
+          data: findings.map((finding) => ({
+            checkRunId: scanRun.id,
+            passed: finding.passed ?? false,
+            resourceType: finding.resourceType,
+            resourceId: finding.resourceId,
+            title: finding.title,
+            description: finding.description ?? '',
+            severity: finding.passed ? 'info' : finding.severity,
+            remediation: finding.remediation ?? null,
+            evidence: (finding.evidence || {}) as object,
+            collectedAt: new Date(finding.createdAt),
+          })),
+        });
+      }
+    });
   }
 }
diff --git a/apps/app/src/app/(app)/[orgId]/cloud-tests/actions/run-platform-scan.ts b/apps/app/src/app/(app)/[orgId]/cloud-tests/actions/run-platform-scan.ts
@@ -0,0 +1,86 @@
+'use server';
+
+import { auth } from '@/utils/auth';
+import { revalidatePath } from 'next/cache';
+import { headers } from 'next/headers';
+
+/**
+ * Run cloud security scan for a new platform connection.
+ * This server action calls the API and properly revalidates the cache,
+ * ensuring consistent behavior with the legacy runTests action.
+ *
+ * @param connectionId - The IntegrationConnection ID (icn_...) to scan
+ */
+export const runPlatformScan = async (connectionId: string) => {
+  const session = await auth.api.getSession({
+    headers: await headers(),
+  });
+
+  if (!session) {
+    return {
+      success: false,
+      error: 'Unauthorized',
+    };
+  }
+
+  const orgId = session.session?.activeOrganizationId;
+  if (!orgId) {
+    return {
+      success: false,
+      error: 'No active organization',
+    };
+  }
+
+  try {
+    // Call the cloud security scan API
+    const apiUrl = process.env.NEXT_PUBLIC_API_URL || process.env.API_URL;
+    if (!apiUrl) {
+      return {
+        success: false,
+        error: 'API URL not configured',
+      };
+    }
+
+    const response = await fetch(`${apiUrl}/v1/cloud-security/scan/${connectionId}`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'x-organization-id': orgId,
+      },
+    });
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      return {
+        success: false,
+        error: errorData.message || `Scan failed with status ${response.status}`,
+      };
+    }
+
+    const result = await response.json();
+
+    // Revalidate the cloud-tests page to refresh data
+    const headersList = await headers();
+    let path = headersList.get('x-pathname') || headersList.get('referer') || '';
+    path = path.replace(/\/[a-z]{2}\//, '/');
+    if (path) {
+      revalidatePath(path);
+    }
+    // Also revalidate the org's cloud-tests path specifically
+    revalidatePath(`/${orgId}/cloud-tests`);
+
+    return {
+      success: true,
+      findingsCount: result.findingsCount,
+      provider: result.provider,
+      scannedAt: result.scannedAt,
+    };
+  } catch (error) {
+    console.error('Error running platform scan:', error);
+
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : 'Failed to run scan',
+    };
+  }
+};
diff --git a/apps/app/src/app/(app)/[orgId]/cloud-tests/components/TestsLayout.tsx b/apps/app/src/app/(app)/[orgId]/cloud-tests/components/TestsLayout.tsx
@@ -2,7 +2,6 @@
 
 import { ConnectIntegrationDialog } from '@/components/integrations/ConnectIntegrationDialog';
 import { ManageIntegrationDialog } from '@/components/integrations/ManageIntegrationDialog';
-import { api } from '@/lib/api-client';
 import { Button, PageHeader, PageHeaderDescription, PageLayout } from '@trycompai/design-system';
 import { Add, Settings } from '@trycompai/design-system/icons';
 import { useMemo, useState } from 'react';
@@ -65,8 +64,8 @@ export function TestsLayout({ initialFindings, initialProviders, orgId }: TestsL
     },
     {
       fallbackData: initialFindings,
-      refreshInterval: 5000,
       revalidateOnFocus: true,
+      // No automatic polling - we manually refresh after scans via mutateFindings()
     },
   );
 
@@ -83,9 +82,8 @@ export function TestsLayout({ initialFindings, initialProviders, orgId }: TestsL
     },
     {
       fallbackData: initialProviders,
-      refreshInterval: 10000, // Refresh providers every 10 seconds
       revalidateOnFocus: true,
-      revalidateOnMount: true, // Always revalidate on mount to get fresh data
+      // No automatic polling - we manually refresh after scans via mutateProviders()
     },
   );
 
@@ -137,7 +135,7 @@ export function TestsLayout({ initialFindings, initialProviders, orgId }: TestsL
 
     setIsScanning(true);
     const startTime = Date.now();
-    toast.message(`Starting ${targetProvider.name} security scan...`);
+    toast.message(`Starting ${targetProvider.displayName || targetProvider.name} security scan...`);
 
     try {
       if (targetProvider.isLegacy) {
@@ -154,16 +152,19 @@ export function TestsLayout({ initialFindings, initialProviders, orgId }: TestsL
           return null;
         }
       } else {
-        // Use dedicated cloud security endpoint
-        const response = await api.post(`/v1/cloud-security/scan/${targetProvider.id}`, {}, orgId);
-        if (response.error) {
-          console.error(`Error scanning ${targetProvider.name}:`, response.error);
-          toast.error(`Failed to scan ${targetProvider.name}`);
+        // Use server action for new platform connections (same pattern as legacy)
+        // This ensures proper cache revalidation and consistent behavior
+        const { runPlatformScan } = await import('../actions/run-platform-scan');
+        const result = await runPlatformScan(targetProvider.id);
+
+        if (!result.success) {
+          console.error('Platform scan error:', result.error);
+          toast.error(`Scan failed: ${result.error || 'Unknown error'}`);
           return null;
         }
       }
 
-      // Refresh data to get updated results
+      // Refresh data to get updated results (SWR cache + server cache already revalidated)
       await Promise.all([mutateProviders(), mutateFindings()]);
 
       const elapsed = Math.round((Date.now() - startTime) / 1000);
