Skip to content

fix(trial): address subagent review findings + CTO quality pass#770

Merged
simple-agent-manager[bot] merged 2 commits intosam/trial-onboarding-mvpfrom
sam/trial-review-fixes
Apr 21, 2026
Merged

fix(trial): address subagent review findings + CTO quality pass#770
simple-agent-manager[bot] merged 2 commits intosam/trial-onboarding-mvpfrom
sam/trial-review-fixes

Conversation

@simple-agent-manager
Copy link
Copy Markdown
Contributor

@simple-agent-manager simple-agent-manager Bot commented Apr 21, 2026

Summary

  • Fix CRITICAL cookie domain mismatch across create/claim/oauth-hook (replay prevention)
  • Sanitize AI proxy and admin error responses (no internal URL/config leakage)
  • Persist TrialEventBus closed flag to DO storage (survives eviction)
  • Add per-IP SSE rate limiting with reject-if-unknown-IP
  • Forward ANTHROPIC_API_KEY_TRIAL in deploy pipeline
  • Inject ENVIRONMENT var via sync-wrangler-config
  • Remove hardcoded DEFAULT_GATEWAY_ID; return empty summary for self-hosters without AI Gateway
  • Fix cron collision (rollover moved to 05:00 UTC)
  • Clean up dead _eventName param in formatSse
  • Add cookie domain consistency regression tests
  • Document KV rate limit non-atomicity trade-off
  • Fix .env.example stale cron default

Test plan

  • All 3850 API tests pass
  • All 1906 web tests pass (19/19 turbo tasks green)
  • Cookie domain consistency: 6 new regression tests
  • Staging deployed and verified via Playwright (dashboard, projects, admin, trial 404)
  • Zero console errors across all pages

🤖 Generated with Claude Code

raphaeltm and others added 2 commits April 21, 2026 03:45
@raphaeltm @claude
fix(trial): address review findings from trial onboarding subagents
b0f73e2 
Security and correctness fixes from 7 specialist reviewers:

CRITICAL:
- Fix cookie domain mismatch: claim.ts clearClaimCookie and oauth-hook.ts
  buildClaimCookie now pass domain from BASE_DOMAIN (matching create.ts)

HIGH:
- TrialEventBus DO: persist `closed` flag to storage so it survives eviction
- AI proxy: sanitize error bodies — log raw errors server-side, return generic
  messages to clients (prevents internal URL/config leakage)
- Admin AI usage: sanitize CF API error responses the same way
- SSE events endpoint: add per-IP rate limiting (30 req/5min via KV)
- Deploy pipeline: forward ANTHROPIC_API_KEY_TRIAL as optional Worker secret
- sync-wrangler-config: inject ENVIRONMENT var into generated env sections
- Remove hardcoded DEFAULT_GATEWAY_ID; require AI_GATEWAY_ID from env

MEDIUM:
- Cron collision: move trial counter rollover from 03:00 to 05:00 UTC
  (avoids collision with daily analytics forward job at 03:00)
- Replace magic number in create.ts with DEFAULT_TRIAL_CLAIM_TTL_MS constant
- Add trial secrets to secrets-taxonomy.md and trial-configuration.md
- Add comprehensive trial + AI proxy env vars to .env.example
- Fix test mocks: add ctx.storage to TrialEventBus tests, add KV to SSE tests

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@raphaeltm @claude
fix(trial): address CTO review — 6 quality improvements
2b532a2 
1. Reject unknown IP: SSE rate limit now returns 400 when no client IP
   header is present, instead of sharing a single "unknown" bucket across
   all headerless clients. CF-Connecting-IP is always present on Workers.

2. Document KV rate limit trade-off: added inline comment explaining why
   KV's non-atomic read-modify-write is acceptable here (storm prevention,
   not exact enforcement) vs DO-based counters for credential rotation.

3. Clean up formatSse: removed unused _eventName parameter that gave the
   false impression the event name was being used. Updated all call sites
   and tests.

4. Cookie domain consistency test: new regression test suite asserting
   that buildClaimCookie, clearClaimCookie, and buildFingerprintCookie
   produce matching Domain= attributes. Explicitly demonstrates the bug
   where clearing without a domain fails to delete a domain-scoped cookie.

5. AI_GATEWAY_ID self-hoster safe: returns an empty summary (zero counts)
   when AI_GATEWAY_ID is not configured, instead of throwing. Self-hosters
   who don't use AI Gateway get a clean "no data" admin dashboard.

6. Fix .env.example cron default: TRIAL_CRON_ROLLOVER_CRON now shows
   "0 5 1 * *" matching the actual default after the collision fix.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@simple-agent-manager simple-agent-manager Bot merged commit dc973c7 into sam/trial-onboarding-mvp Apr 21, 2026
3 checks passed
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 21, 2026

Quality Gate Passed Quality Gate passed

Issues
6 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@simple-agent-manager simple-agent-manager Bot mentioned this pull request Apr 21, 2026
Merged
3 tasks
simple-agent-manager Bot added a commit that referenced this pull request Apr 21, 2026
@simple-agent-manager @raphaeltm @claude
docs(blog): SAM daily journal — try before you sign up (#776)
0ff777a 
Covers the trial onboarding MVP (PR #758), AI proxy Anthropic routing,
Codex scope validation backfire (PR #772), and the seven-reviewer
cleanup (PR #770).

Co-authored-by: Raphaël Titsworth-Morin <raphael@raphaeltm.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@raphaeltm