- Optimized N+1 query in get-permissioned-datasets.ts using inArray for batch lookup
- Removed unused bulkRemoveAssetPermissions import
- Fixed import organization in find-user-by-email.ts
- Updated CLAUDE.md to reflect tests are written and fixed API example
- Clarified TODO comment in lookup.ts to prevent potential infinite recursion
These are style and performance improvements that don't affect functionality.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed permission hierarchy: full_access (5) now correctly ranks higher than viewer (3)
- Removed 'querier' role from admin permission check as it was too permissive
- Added organizationId parameter to dashboard access checks to prevent unauthorized access
- Fixed public dashboard expiry date check to verify dates are in the future
- Added cycle detection for collection permissions to prevent infinite recursion
- Fixed bulk remove permissions to correctly filter by identityIds array
- Updated date comparison to use ISO string format for PostgreSQL timestamp columns
These fixes address critical security and logic issues identified in the PR review.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed AssetTypeSchema to include all active asset types (excluding deprecated 'metric' and 'dashboard')
- Added missing 'restricted_querier' role to UserOrganizationRole type
- Fixed dataset access caching to store full result object including accessPath and userRole
- Updated count query to use SQL COUNT for better performance
- Fixed IdentityType consistency across dataset permissions
- Removed unused 'ne' import from list-asset-permissions.ts
- Updated comments to correctly reference 6 access paths instead of 5
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
This PR migrates the Rust and libraries to TypeScript in the new package.
## Changes
### New Access Controls Package
- Implemented complete asset permissions system with CRUD operations
- Added dataset permissions with all 5 access paths (admin, direct user, user→group, team→direct, team→group, org→default)
- Implemented cascading permissions (metrics inherit from dashboards/chats/collections)
- Added LRU caching to replace Redis (30-second TTL)
- Comprehensive test coverage (148 tests passing, 3 skipped pending createUser)
### Database Package Updates
- Fixed AssetType enum to include all 14 asset types
- Added missing database queries for permissions
- Fixed timestamp fields to use ISO strings
- Added getUserOrganizationsByUserId function
- Created organized query structure by table
### AI Package Updates
- Updated getPermissionedDatasets API calls to new format
- Changed property references from ymlFile to ymlContent
- Fixed all test mocks to match new API structure
### Trigger App Updates
- Updated to use new access controls API
- Fixed test mocks to match DatasetListResult structure
- Added proper type imports
### Server Shared Updates
- Added request/response types for access control endpoints
- Exported types for API consistency
## Testing
- All packages build successfully with turbo build:dry-run
- All tests pass with turbo test:unit
- Full type safety maintained throughout
## Migration Notes
- Drop-in replacement for Rust libraries
- Same permission model and roles
- Cache invalidation strategies implemented
- Soft delete pattern maintained
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add server-shared types for GetTitleRequest and GetTitleResponse with Zod validation
- Create database query functions for each asset type (chat, metric, collection, dashboard)
- Implement GET endpoint with zValidator middleware and exhaustive switch statement
- Add proper permission checks (publiclyAccessible OR organizationId match)
- Export new functions from database query index files
- Add title route to v2 API index
- Follow existing Hono API patterns with standardErrorHandler
Co-Authored-By: nate@buster.so <nate@buster.so>
- Introduced a new function `checkForDuplicateMessages` in the database queries to verify if a message already exists in the same chat.
- Integrated the duplicate check in the `slackAgentTask` to prevent processing of duplicate messages, enhancing task efficiency and logging warnings for duplicates detected.
dal
Nate Kelley
Devin AI