biome linting

[Connorbelez]

biome linting

Fix remaining regression failures

Summary by Sourcery

Align authorization, cron scheduling, and CRM view behavior with current policy while fixing test harness regressions and documenting outstanding test failures.

New Features:

• Add an idempotent replay accounting path and test for the disbursement bridge trigger action.
• Introduce a shared WorkOS test environment setup file for Vitest runs.
• Document the current set of failing tests and their root causes in a dated test failure manifest.

Bug Fixes:

• Ensure cron-driven obligation transition tests fully drain scheduled work with microtask flushing and always restore timers to avoid stray scheduled writes.
• Fix CRM saved view column visibility so an applied saved view can override default-visible columns and hide fields as expected.
• Correct cash ledger query auth tests to model external org admins without FairLend staff context and assert the updated forbidden behavior.
• Update workout collection plan tests and collection-attempt reconciliation tests to reflect the FairLend admin boundary required by payment handlers.
• Adjust EFT/Vopay webhook tests and other payment tests to import shared cash-ledger helpers from their new location.
• Allow disbursement bridge eligibility queries to consider entries that already have a transfer request while enforcing idempotency at the trigger level.

Enhancements:

• Simplify the canonical admin role so it only carries the admin:access permission and treat feature permissions as explicit grants, tightening the RBAC model.
• Expand permission metadata sync tests with a curated list of known orphan permissions and add a truth-table assertion for the trimmed admin role.
• Refine auth chain tests to assert that cash-ledger mutations are restricted to FairLend admins.
• Clarify cash ledger query auth tests by renaming fixtures to distinguish external org admins from FairLend staff and updating expectation wording.
• Improve the CRM saved-views test suite to assert both visible and hidden columns under a saved view.
• Wrap long-running Rotessa lifecycle tests with an explicit timeout to better accommodate their full 12‑month settlement loop.
• Register audit, workflow, and workpool components in the disbursement bridge test harness and seed lender bank accounts so dispersal flows run against realistic dependencies.

CI:

• Configure Vitest to load a shared WorkOS environment setup file before running tests so environment-dependent auth and webhook code has defaults available.

Tests:

• Enhance the shared Convex test runtime helper to more robustly drain scheduled work, including repeated microtask flushing and stabilization checks.
• Update numerous Convex test suites to use the new scheduled-work drain helper and to clean up fake timers reliably.
• Strengthen disbursement bridge tests with coverage for idempotent skips on replayed batches and corresponding transfer lookup assertions.
• Align permission matrix, role-chain, and permission metadata sync tests with the updated admin role and known-orphan permissions.
• Refine CRM user saved view tests to validate both visible and hidden columns when a saved view is applied.
• Adjust cash-ledger, workout, and collection reconciliation tests to use identities and expectations consistent with the FairLend staff admin boundary.
• Update webhook and payout-related tests to use the relocated cash-ledger test utilities and corrected import paths.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8ffafba3-d360-4b30-a8a7-8b40bf6aa1ef

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch investigate-failing-tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Connorbelez]

• biome linting #409 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[sourcery-ai]

Reviewer's Guide

Aligns tests and infrastructure with Biome linting and updated auth/runtime policies: normalizes timer handling and scheduled-work drainage, tightens FairLend admin boundaries, updates CRM view-column visibility logic, fixes test harness imports and WorkOS env setup, simplifies admin role permissions, and adds idempotency coverage for the disbursement bridge.

Sequence diagram for resolving CRM view state with saved view–aware column visibility

sequenceDiagram
    actor User
    participant CRM_UI
    participant ViewStateResolver
    participant EffectiveColumnBuilder

    User->>CRM_UI: selectView(viewId)
    CRM_UI->>ViewStateResolver: resolveViewState(viewId)
    ViewStateResolver->>ViewStateResolver: loadEffectiveState()
    ViewStateResolver->>ViewStateResolver: determine savedViewApplied
    ViewStateResolver->>EffectiveColumnBuilder: buildEffectiveColumns(adapterContract, effectiveView, fieldDefsById, savedViewApplied, viewFields, viewIsDefault)

    loop for each fieldId
        EffectiveColumnBuilder->>EffectiveColumnBuilder: lookup baseColumn
        alt no baseColumn
            EffectiveColumnBuilder-->>ViewStateResolver: []
        else baseColumn found
            EffectiveColumnBuilder->>EffectiveColumnBuilder: isPersistedColumn = persistedColumnsById.has(fieldId)
            alt savedViewApplied and isPersistedColumn
                EffectiveColumnBuilder->>EffectiveColumnBuilder: isVisible = visibleFieldIds.has(fieldId)
            else not both savedViewApplied and isPersistedColumn
                EffectiveColumnBuilder->>EffectiveColumnBuilder: isVisible = visibleFieldIds.has(fieldId) or baseColumn.isVisibleByDefault
            end
            EffectiveColumnBuilder-->>ViewStateResolver: ViewColumnDefinition(isVisible)
        end
    end

    ViewStateResolver-->>CRM_UI: resolvedViewState(columns)
    CRM_UI-->>User: renderGrid(columns)

Loading

Flow diagram for disbursement bridge eligibility without transferRequestId filter

flowchart TD
    A[start entry]
    B{entry.lenderId matches args.lenderId?
       or args.lenderId undefined?}
    C[exclude entry]
    D{payoutType == scheduled_with_timestamp?}
    E{entry.payoutEligibleAfter defined and not empty?}
    F{payoutType == scheduled_without_timestamp?}
    G{entry.payoutEligibleAfter is undefined or empty?}
    H[include entry as eligible]
    I[exclude entry]

    A --> B
    B -->|no| C
    B -->|yes| D
    D -->|yes| E
    E -->|yes| H
    E -->|no| I
    D -->|no| F
    F -->|yes| G
    G -->|yes| H
    G -->|no| I
    F -->|no| I

Loading

File-Level Changes

Change	Details	Files
Stabilized cron/async tests by consistently draining scheduled work and cleaning up fake timers.	Wrapped several payments cron tests in vi.useFakeTimers/vi.useRealTimers try/finally blocks with vi.clearAllTimers to guarantee timer cleanup. Replaced direct t.finishAllScheduledFunctions(vi.runAllTimers) usage with drainScheduledWork(t, { flushMicrotasks: true }) to fully flush scheduled work and microtasks. Enhanced drainScheduledWork in the shared test runtime to flush microtasks multiple times around vi.runAllTimers and finishInProgressScheduledFunctions, and to re-check the scheduled job queue after stabilization.	convex/payments/__tests__/crons.test.ts src/test/convex/runtime.ts
Adjusted Rotessa recurring lifecycle test to be more robust and match current Vitest config.	Wrapped the long-running 12-month Rotessa lifecycle test body in a function passed to it with an explicit timeout to avoid default-timeout flakes. Reformatted the test to use the harness helpers without changing behavioral assertions.	src/test/convex/payments/rotessaManagedRecurringLifecycle.test.ts
Expanded the dispersal disbursementBridge test harness and added idempotent replay coverage.	Registered auditTrail, workflow, and workpool components in the disbursement bridge convexTest harness so tests reflect the production runtime composition. Seeded a lender bank account record in the full scenario fixture to satisfy new bank account requirements. Added a triggerDisbursementBridge idempotent replay test that asserts the second run skips creation and reports skipped_idempotent while enforcing a single transferRequest per idempotency key. Relaxed findEligibleEntriesInternal filters so eligibility no longer depends on transferRequestId being null, letting idempotency be handled downstream.	convex/dispersal/__tests__/disbursementBridge.test.ts convex/dispersal/disbursementBridge.ts
Aligned permission catalog and tests with the canonical RBAC policy and clarified known orphan permissions.	Collapsed ROLE_PERMISSIONS.admin to only carry "admin:access" and moved the rest of admin behavior to the runtime admin:access super-permission logic. Extended the permission metadata sync test with an explicit KNOWN_ORPHANS mapping for permission slugs that are intentionally unassigned to roles but retained in the catalog. Added a truth-table test asserting that ROLE_PERMISSIONS.admin is exactly ["admin:access"].	convex/auth/permissionCatalog.ts src/test/auth/permissions/permission-metadata-sync.test.ts src/test/auth/permissions/role-permission-matrix.test.ts
Tightened FairLend admin boundaries and updated auth tests to reflect staff-only cash ledger and workout behaviors.	Renamed and repurposed the cash ledger auth test identity to represent an external org admin with ledger:view but no FairLend staff boundary, and updated test names and expectations accordingly. Updated workout collection plan tests to assert that public write handlers fail with the FairLend admin boundary error before resource-level checks and updated the expected error messages. Restricted the cashLedgerMutation role-chain test so only FAIRLEND_ADMIN is allowed, dropping EXTERNAL_ORG_ADMIN from the allowed set. Ensured the transfer reconciliation PAYMENT_HANDLER_IDENTITY includes the FairLend staff org id and name so it passes the admin boundary.	convex/payments/cashLedger/__tests__/queries.test.ts convex/payments/collectionPlan/__tests__/workout.test.ts src/test/auth/chains/role-chains.test.ts convex/payments/transfers/__tests__/collectionAttemptReconciliation.integration.test.ts
Fixed CRM saved view column visibility so saved views can hide default-visible fields.	Updated buildEffectiveColumns to accept a savedViewApplied flag and compute isVisible differently when a saved view is applied: persisted columns use saved visibility, while default-visible behavior only applies when no saved view exists. Threaded savedViewApplied into the resolveViewState call so buildEffectiveColumns can distinguish between default and saved-view contexts. Extended the CRM user saved views test to assert both visible and hidden columns for the personal default view, confirming that non-visible default columns remain present but hidden.	convex/crm/viewState.ts convex/crm/__tests__/userSavedViews.test.ts
Standardized cash-ledger webhook and obligation tests on the shared test helpers and removed stale imports.	Switched EFT VoPay webhook tests to import createWebhookTestHarness and cash-ledger helpers from src/test/convex/payments/... rather than convex/payments/... paths. Removed unused SYSTEM_SOURCE/seedMinimalEntities imports from the corrective obligation tests to satisfy linting and avoid dead code references.	convex/payments/webhooks/__tests__/eftVopayWebhook.test.ts convex/payments/obligations/__tests__/correctiveObligation.test.ts
Added WorkOS test env bootstrapping and wired it into Vitest setup to satisfy Biome and runtime expectations.	Introduced a test setup module that populates WORKOS_API_KEY, WORKOS_CLIENT_ID, and WORKOS_WEBHOOK_SECRET with test values if they are not already set. Registered the new setup file in vite.config.ts test.setupFiles so all Vitest runs see consistent WorkOS env defaults.	src/test/setup/workosEnv.ts vite.config.ts
Documented the current test failure landscape and triage decisions in a dedicated manifest.	Added docs/test-failure-manifest-2026-04-16.md summarizing failing suites/tests, categorizing them by root cause (implementation regression vs stale harness), and providing per-group fix plans and evidence. Captured per-item verdicts and linked tests to root-cause groups for future cleanup work.	docs/test-failure-manifest-2026-04-16.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.