Enforce portal membership in Convex middleware#436
Enforce portal membership in Convex middleware#436Connorbelez wants to merge 2 commits intoeng-298from
Conversation
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Sorry @Connorbelez, you have reached your weekly rate limit of 500000 diff characters.
Please try again later or upgrade to continue using Sourcery
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
There was a problem hiding this comment.
Pull request overview
This PR enforces broker-portal membership structurally in Convex by introducing portal-aware middleware and fluent-convex builder chains, extracting shared actor-resolution helpers, and adding proof queries + Convex tests to validate same-portal enforcement (with explicit FairLend admin override). It also updates multiple spec/workflow artifacts to clarify that CodeRabbit is human-owned and not part of the agent quality gate.
Changes:
- Add shared actor-resolution helpers (
convex/auth/actorResolution.ts) and refactor resource checks to reuse them. - Introduce portal middleware + portal-aware fluent builders, plus “proof” queries and a dedicated middleware test suite.
- Update specs/docs/workflow checklists to remove CodeRabbit from automated quality gates.
Reviewed changes
Copilot reviewed 61 out of 62 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| specs/ENG-68/tasks.md | Update ENG-68 task list wording around CodeRabbit ownership/quality gate. |
| specs/ENG-68/chunks/chunk-03-tests-and-verification/tasks.md | Same CodeRabbit policy update for chunk tasks. |
| specs/ENG-68/chunks/chunk-03-tests-and-verification/status.md | Reflect CodeRabbit policy in chunk status/quality gate notes. |
| specs/ENG-68/chunks/chunk-03-tests-and-verification/context.md | Update workflow reminder to remove CodeRabbit from agent gate. |
| specs/ENG-67/tasks.md | Update ENG-67 task list wording around CodeRabbit ownership/quality gate. |
| specs/ENG-67/chunks/manifest.md | Update chunk manifest notes to remove CodeRabbit from gate. |
| specs/ENG-67/chunks/chunk-03-accrual-tests/tasks.md | Same CodeRabbit policy update for chunk tasks. |
| specs/ENG-67/chunks/chunk-03-accrual-tests/status.md | Reflect CodeRabbit policy in chunk status/notes. |
| specs/ENG-67/chunks/chunk-03-accrual-tests/context.md | Update workflow reminder to remove CodeRabbit from agent gate. |
| specs/ENG-54/chunks/chunk-06-final-gates/context.md | Update “final gates” workflow note re: CodeRabbit. |
| specs/ENG-299/tasks.md | Add full ENG-299 execution task plan capturing portal middleware/builders/tests/audit. |
| specs/ENG-299/summary.md | Document scope/constraints for portal-membership enforcement slice. |
| specs/ENG-299/status.md | Record execution status + validation evidence for ENG-299. |
| specs/ENG-299/execution-checklist.md | Add ENG-299 requirements/DoD checklist with validation expectations. |
| specs/ENG-299/chunks/manifest.md | Define ENG-299 chunk breakdown across actor resolution/middleware/builders/tests. |
| specs/ENG-299/chunks/chunk-04-tests-validation-audit/tasks.md | Track final tests/validation/audit tasks for ENG-299. |
| specs/ENG-299/chunks/chunk-04-tests-validation-audit/status.md | Record validation pass results for ENG-299 (codegen/check/typecheck/tests). |
| specs/ENG-299/chunks/chunk-04-tests-validation-audit/context.md | Chunk context: test focus + validation/audit checklist. |
| specs/ENG-299/chunks/chunk-03-builders-and-proof/tasks.md | Track portal-aware builder/proof tasks for ENG-299. |
| specs/ENG-299/chunks/chunk-03-builders-and-proof/status.md | Record completion notes for builders/proof chunk. |
| specs/ENG-299/chunks/chunk-03-builders-and-proof/context.md | Builder/proof design constraints and adoption notes. |
| specs/ENG-299/chunks/chunk-02-portal-middleware/tasks.md | Track portal middleware implementation tasks. |
| specs/ENG-299/chunks/chunk-02-portal-middleware/status.md | Record completion notes for portal middleware chunk. |
| specs/ENG-299/chunks/chunk-02-portal-middleware/context.md | Portal middleware goals/constraints (fail-closed, same-portal, admin override). |
| specs/ENG-299/chunks/chunk-01-actor-resolution-and-impact/tasks.md | Track actor-resolution extraction/impact analysis tasks. |
| specs/ENG-299/chunks/chunk-01-actor-resolution-and-impact/status.md | Record completion notes for actor-resolution chunk. |
| specs/ENG-299/chunks/chunk-01-actor-resolution-and-impact/context.md | Actor-resolution extraction rationale and blast-radius notes. |
| specs/ENG-299/audit.md | Persist spec audit verdict/evidence for ENG-299. |
| specs/ENG-297/tasks.md | Update ENG-297 validation task wording to remove CodeRabbit from agent gate. |
| specs/ENG-297/status.md | Update blockers/notes to reflect CodeRabbit policy change. |
| specs/ENG-297/execution-checklist.md | Remove CodeRabbit from required-gates narrative. |
| specs/ENG-297/chunks/chunk-03-validation-audit/tasks.md | Update validation task wording re: CodeRabbit. |
| specs/ENG-297/chunks/chunk-03-validation-audit/status.md | Reflect CodeRabbit policy in validation status. |
| specs/ENG-297/chunks/chunk-03-validation-audit/context.md | Remove CodeRabbit from validation commands list. |
| specs/ENG-297/audit.md | Update audit findings wording to remove CodeRabbit gating. |
| specs/ENG-235/tasks.md | Update validation note re: CodeRabbit ownership. |
| specs/ENG-235/chunks/manifest.md | Remove CodeRabbit from “final validation pending” note. |
| specs/ENG-230/tasks.md | Update ENG-230 gate task wording re: CodeRabbit. |
| specs/ENG-230/chunks/chunk-03-consumers-stories/tasks.md | Same CodeRabbit policy update for chunk tasks. |
| specs/ENG-230/chunks/chunk-03-consumers-stories/context.md | Update workflow reminder to remove CodeRabbit from agent gate. |
| specs/ENG-228/tasks.md | Update validation task wording re: CodeRabbit ownership. |
| specs/ENG-228/chunks/chunk-01-shell-foundation/tasks.md | Same CodeRabbit policy update for chunk tasks. |
| specs/ENG-228/chunks/chunk-01-shell-foundation/status.md | Reflect CodeRabbit policy in chunk status note. |
| specs/ENG-20/tasks.md | Update ENG-20 gate task wording re: CodeRabbit ownership. |
| specs/ENG-20/chunks/chunk-02-governed-seeds-and-orchestration/tasks.md | Same CodeRabbit policy update for chunk tasks. |
| specs/ENG-194/tasks.md | Update ENG-194 gate task wording re: CodeRabbit ownership. |
| specs/ENG-194/chunks/chunk-01-transfer-effect-tests/tasks.md | Same CodeRabbit policy update for chunk tasks. |
| specs/ENG-194/chunks/chunk-01-transfer-effect-tests/status.md | Reflect CodeRabbit policy in chunk status note. |
| docs/superpowers/plans/2026-04-17-phase-6-mortgage-document-blueprints-and-public-private-static-docs.md | Update plan’s validation steps re: CodeRabbit policy. |
| docs/superpowers/plans/2026-04-16-phase-2-canonical-borrower-property-mortgage-activation-without-payments.md | Update plan’s validation steps re: CodeRabbit policy. |
| docs/superpowers/plans/2026-04-16-origination-case-scaffold-ui-skeleton.md | Update plan’s validation steps re: CodeRabbit policy. |
| docs/superpowers/plans/2026-04-11-rbac-permission-reconciliation.md | Update plan snippet to reflect CodeRabbit as human-owned. |
| convex/test/moduleMaps.ts | Register new Convex modules for convex-test (actorResolution, portal middleware/proof). |
| convex/portals/proof.ts | Add proof queries exercising portal-aware builders and typed portal/actor context. |
| convex/portals/middleware.ts | Add portal middleware helpers (portal load, availability, access, borrower/lender attribution). |
| convex/portals/tests/middleware.test.ts | Add Convex integration tests validating portal membership enforcement + failure modes. |
| convex/fluent.ts | Add portal-aware fluent builder chains via a PortalBuilder wrapper + portal args composition. |
| convex/auth/resourceChecks.ts | Refactor to reuse shared actor-resolution helpers (no semantic change intended). |
| convex/auth/actorResolution.ts | Add shared actor-resolution helpers (user/broker/borrower/lender) keyed by authId. |
| convex/_generated/api.d.ts | Codegen updates to include new modules in the generated API typing surface. |
| CLAUDE.md | Update workflow documentation re: CodeRabbit ownership/quality gate. |
| AGENTS.md | Update workflow documentation re: CodeRabbit ownership/quality gate. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| export const getPortalPublicContextProof = portalPublicQuery() | ||
| .handler(async (ctx) => { | ||
| return { portal: ctx.portal }; | ||
| }) | ||
| .public(); |
There was a problem hiding this comment.
These proof endpoints are exported as .public(), which makes them callable from the client. Since they appear intended as a thin proof/test consumer, consider switching them to .internal() (and updating tests to use internal.*) or gating/removing them to avoid shipping non-product endpoints + extra portal context surface in the public API.
| export interface PortalResolvedContext { | ||
| portal: PortalSummary; | ||
| } | ||
|
|
||
| export interface PortalAccessContext extends PortalResolvedContext { | ||
| portalAccess: { | ||
| mode: "admin-override" | "same-portal"; | ||
| viewerUser: Doc<"users"> | null; | ||
| }; | ||
| } |
There was a problem hiding this comment.
PortalResolvedContext uses PortalSummary, which includes internal fields like brokerId, orgId, landingPageId, and pricingPolicyId. If this context is reachable from public endpoints (e.g. via portalPublicQuery()), it expands the public portal surface beyond the existing PublicPortalSummary contract used by host resolution. Consider splitting the portal context types (public vs authed) or returning PublicPortalSummary for the public builder to avoid leaking internal portal ownership/config fields.
| function withPortalArgs<TInput extends PropertyValidators>(input?: TInput) { | ||
| return { | ||
| ...portalArgsValidator, | ||
| ...(input ?? {}), | ||
| } as typeof portalArgsValidator & TInput; |
There was a problem hiding this comment.
withPortalArgs spreads portalArgsValidator and then spreads input, so a caller can accidentally override the required portalId validator (and even make it optional) without any type or runtime protection. Consider preventing portalId from being provided in input (e.g., via Omit<TInput, "portalId">/overloads) or asserting at runtime that input does not contain portalId to keep the portal middleware invariant intact.
| function withPortalArgs<TInput extends PropertyValidators>(input?: TInput) { | |
| return { | |
| ...portalArgsValidator, | |
| ...(input ?? {}), | |
| } as typeof portalArgsValidator & TInput; | |
| type PortalArgExtension<TInput extends PropertyValidators> = Omit< | |
| TInput, | |
| "portalId" | |
| > & { | |
| portalId?: never; | |
| }; | |
| function withPortalArgs(): typeof portalArgsValidator; | |
| function withPortalArgs<TInput extends PropertyValidators>( | |
| input: PortalArgExtension<TInput>, | |
| ): typeof portalArgsValidator & Omit<TInput, "portalId">; | |
| function withPortalArgs<TInput extends PropertyValidators>( | |
| input?: PortalArgExtension<TInput>, | |
| ) { | |
| if ( | |
| input !== undefined && | |
| Object.prototype.hasOwnProperty.call(input, "portalId") | |
| ) { | |
| throw new ConvexError("withPortalArgs does not allow overriding portalId"); | |
| } | |
| return { | |
| ...portalArgsValidator, | |
| ...(input ?? {}), | |
| } as typeof portalArgsValidator & Omit<TInput, "portalId">; |
Connorbelez
force-pushed
the
graphite-base/436
branch
from
e1c7882 to
be0208d
Compare
- add shared actor resolution helpers - introduce portal middleware and proof queries - wire portal-aware fluent builders and tests
Enforce portal membership in Convex middleware
responding to feedback