From d8e550877e42ef2df91eb8551c27d3d77a3c4547 Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 12:34:22 -0400
Subject: [PATCH 01/24] feat(api): add isDueToday scheduler helper

---
 .../src/trigger/shared/is-due-today.test.ts   | 85 +++++++++++++++++++
 apps/api/src/trigger/shared/is-due-today.ts   | 39 +++++++++
 2 files changed, 124 insertions(+)
 create mode 100644 apps/api/src/trigger/shared/is-due-today.test.ts
 create mode 100644 apps/api/src/trigger/shared/is-due-today.ts

diff --git a/apps/api/src/trigger/shared/is-due-today.test.ts b/apps/api/src/trigger/shared/is-due-today.test.ts
new file mode 100644
index 0000000000..274c45e255
--- /dev/null
+++ b/apps/api/src/trigger/shared/is-due-today.test.ts
@@ -0,0 +1,85 @@
+import { TaskFrequency } from '@trycompai/db';
+import { isDueToday } from './is-due-today';
+
+const atUtc = (iso: string) => new Date(`${iso}T00:00:00.000Z`);
+
+describe('isDueToday', () => {
+  const now = atUtc('2026-04-24');
+
+  describe('daily', () => {
+    it('returns true when lastRunAt is null', () => {
+      expect(isDueToday({ scheduleFrequency: TaskFrequency.daily, lastRunAt: null, now })).toBe(true);
+    });
+    it('returns true even when it ran today', () => {
+      expect(
+        isDueToday({ scheduleFrequency: TaskFrequency.daily, lastRunAt: atUtc('2026-04-24'), now }),
+      ).toBe(true);
+    });
+  });
+
+  describe('weekly', () => {
+    it('returns true when lastRunAt is null', () => {
+      expect(isDueToday({ scheduleFrequency: TaskFrequency.weekly, lastRunAt: null, now })).toBe(true);
+    });
+    it('returns false when lastRunAt is 6 days ago', () => {
+      expect(
+        isDueToday({ scheduleFrequency: TaskFrequency.weekly, lastRunAt: atUtc('2026-04-18'), now }),
+      ).toBe(false);
+    });
+    it('returns true when lastRunAt is exactly 7 days ago', () => {
+      expect(
+        isDueToday({ scheduleFrequency: TaskFrequency.weekly, lastRunAt: atUtc('2026-04-17'), now }),
+      ).toBe(true);
+    });
+    it('returns true when lastRunAt is 14 days ago', () => {
+      expect(
+        isDueToday({ scheduleFrequency: TaskFrequency.weekly, lastRunAt: atUtc('2026-04-10'), now }),
+      ).toBe(true);
+    });
+  });
+
+  describe('monthly', () => {
+    it('returns false when lastRunAt is 29 days ago but same calendar month', () => {
+      // 2026-03-26 → 2026-04-24 is 29 days, crosses a month boundary; should be true
+      expect(
+        isDueToday({ scheduleFrequency: TaskFrequency.monthly, lastRunAt: atUtc('2026-03-26'), now }),
+      ).toBe(true);
+    });
+    it('returns false when lastRunAt is same calendar month', () => {
+      expect(
+        isDueToday({ scheduleFrequency: TaskFrequency.monthly, lastRunAt: atUtc('2026-04-01'), now }),
+      ).toBe(false);
+    });
+    it('returns true when lastRunAt is null', () => {
+      expect(
+        isDueToday({ scheduleFrequency: TaskFrequency.monthly, lastRunAt: null, now }),
+      ).toBe(true);
+    });
+  });
+
+  describe('quarterly', () => {
+    it('returns false when lastRunAt is 2 months ago', () => {
+      expect(
+        isDueToday({ scheduleFrequency: TaskFrequency.quarterly, lastRunAt: atUtc('2026-02-24'), now }),
+      ).toBe(false);
+    });
+    it('returns true when lastRunAt is 3 months ago', () => {
+      expect(
+        isDueToday({ scheduleFrequency: TaskFrequency.quarterly, lastRunAt: atUtc('2026-01-24'), now }),
+      ).toBe(true);
+    });
+  });
+
+  describe('yearly', () => {
+    it('returns false when lastRunAt is 11 months ago', () => {
+      expect(
+        isDueToday({ scheduleFrequency: TaskFrequency.yearly, lastRunAt: atUtc('2025-05-24'), now }),
+      ).toBe(false);
+    });
+    it('returns true when lastRunAt is 12 months ago', () => {
+      expect(
+        isDueToday({ scheduleFrequency: TaskFrequency.yearly, lastRunAt: atUtc('2025-04-24'), now }),
+      ).toBe(true);
+    });
+  });
+});
diff --git a/apps/api/src/trigger/shared/is-due-today.ts b/apps/api/src/trigger/shared/is-due-today.ts
new file mode 100644
index 0000000000..07f675b1d9
--- /dev/null
+++ b/apps/api/src/trigger/shared/is-due-today.ts
@@ -0,0 +1,39 @@
+import { TaskFrequency } from '@trycompai/db';
+
+const MS_PER_DAY = 24 * 60 * 60 * 1000;
+
+function calendarMonthsBetween(earlier: Date, later: Date): number {
+  const years = later.getUTCFullYear() - earlier.getUTCFullYear();
+  const months = later.getUTCMonth() - earlier.getUTCMonth();
+  return years * 12 + months;
+}
+
+export function isDueToday({
+  scheduleFrequency,
+  lastRunAt,
+  now,
+}: {
+  scheduleFrequency: TaskFrequency;
+  lastRunAt: Date | null;
+  now: Date;
+}): boolean {
+  if (scheduleFrequency === TaskFrequency.daily) return true;
+  if (lastRunAt === null) return true;
+
+  switch (scheduleFrequency) {
+    case TaskFrequency.weekly: {
+      const days = Math.floor((now.getTime() - lastRunAt.getTime()) / MS_PER_DAY);
+      return days >= 7;
+    }
+    case TaskFrequency.monthly:
+      return calendarMonthsBetween(lastRunAt, now) >= 1;
+    case TaskFrequency.quarterly:
+      return calendarMonthsBetween(lastRunAt, now) >= 3;
+    case TaskFrequency.yearly:
+      return calendarMonthsBetween(lastRunAt, now) >= 12;
+    default: {
+      const _exhaustive: never = scheduleFrequency;
+      return _exhaustive;
+    }
+  }
+}

From 647bbfe6dbf2f47739a0db17745ecaf6b8489349 Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 12:37:42 -0400
Subject: [PATCH 02/24] test(api): use .spec.ts suffix and fix misleading test
 title

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../shared/{is-due-today.test.ts => is-due-today.spec.ts}     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename apps/api/src/trigger/shared/{is-due-today.test.ts => is-due-today.spec.ts} (94%)

diff --git a/apps/api/src/trigger/shared/is-due-today.test.ts b/apps/api/src/trigger/shared/is-due-today.spec.ts
similarity index 94%
rename from apps/api/src/trigger/shared/is-due-today.test.ts
rename to apps/api/src/trigger/shared/is-due-today.spec.ts
index 274c45e255..b919950285 100644
--- a/apps/api/src/trigger/shared/is-due-today.test.ts
+++ b/apps/api/src/trigger/shared/is-due-today.spec.ts
@@ -39,8 +39,8 @@ describe('isDueToday', () => {
   });
 
   describe('monthly', () => {
-    it('returns false when lastRunAt is 29 days ago but same calendar month', () => {
-      // 2026-03-26 → 2026-04-24 is 29 days, crosses a month boundary; should be true
+    it('returns true when lastRunAt crossed a calendar-month boundary', () => {
+      // 2026-03-26 → 2026-04-24: different calendar month → due
       expect(
         isDueToday({ scheduleFrequency: TaskFrequency.monthly, lastRunAt: atUtc('2026-03-26'), now }),
       ).toBe(true);

From 7f77a990617eb2d431fbd15eb073ced90854985d Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 12:44:36 -0400
Subject: [PATCH 03/24] refactor(api): harden isDueToday exhaustive check and
 document UTC contract

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 apps/api/src/trigger/shared/is-due-today.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/apps/api/src/trigger/shared/is-due-today.ts b/apps/api/src/trigger/shared/is-due-today.ts
index 07f675b1d9..3daa85dfd1 100644
--- a/apps/api/src/trigger/shared/is-due-today.ts
+++ b/apps/api/src/trigger/shared/is-due-today.ts
@@ -8,6 +8,16 @@ function calendarMonthsBetween(earlier: Date, later: Date): number {
   return years * 12 + months;
 }
 
+/**
+ * Returns whether an automation with the given schedule is due to run at `now`.
+ *
+ * `now` and `lastRunAt` are treated as UTC instants — weekly math uses fixed
+ * 86_400_000-ms days, monthly/quarterly/yearly use UTC calendar buckets. Callers
+ * should pass real `Date` values (any instant works); do NOT pass "midnight in
+ * local time" expecting DST-aware behavior.
+ *
+ * `null` lastRunAt always returns `true` (first run).
+ */
 export function isDueToday({
   scheduleFrequency,
   lastRunAt,
@@ -33,7 +43,7 @@ export function isDueToday({
       return calendarMonthsBetween(lastRunAt, now) >= 12;
     default: {
       const _exhaustive: never = scheduleFrequency;
-      return _exhaustive;
+      throw new Error(`Unhandled TaskFrequency: ${String(_exhaustive)}`);
     }
   }
 }

From 576aaa622b22694ab0e9aa8916ad9e75817a4078 Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 12:47:37 -0400
Subject: [PATCH 04/24] feat(db): add per-automation scheduleFrequency and
 lastRunAt

---
 .../src/browserbase/browserbase.service.ts    |   2 -
 .../migration.sql                             |  18 +
 packages/db/prisma/schema/auth.prisma         |  28 +-
 packages/db/prisma/schema/automation.prisma   |  12 +-
 .../prisma/schema/browserbase-context.prisma  | 121 ++--
 packages/db/prisma/schema/control.prisma      |  14 +-
 packages/db/prisma/schema/device.prisma       |  14 +-
 .../prisma/schema/dynamic-integration.prisma  | 150 ++---
 .../db/prisma/schema/framework-editor.prisma  |   4 +-
 .../db/prisma/schema/framework-version.prisma |  20 +-
 .../prisma/schema/integration-platform.prisma | 544 +++++++++---------
 .../prisma/schema/integration-sync-log.prisma |   6 +-
 .../prisma/schema/notification-policy.prisma  |   8 +-
 .../prisma/schema/organization-billing.prisma |   2 +-
 packages/db/prisma/schema/organization.prisma |  38 +-
 packages/db/prisma/schema/policy.prisma       |   6 +-
 .../prisma/schema/remediation-action.prisma   |  48 +-
 .../db/prisma/schema/remediation-batch.prisma |  32 +-
 .../security-penetration-test-run.prisma      |  10 +-
 packages/db/prisma/schema/soa.prisma          |   4 +-
 packages/db/prisma/schema/task-item.prisma    |  28 +-
 packages/db/prisma/schema/task.prisma         |  22 +-
 packages/db/prisma/schema/timeline.prisma     | 110 ++--
 23 files changed, 630 insertions(+), 611 deletions(-)
 create mode 100644 packages/db/prisma/migrations/20260424164600_custom_task_schedules/migration.sql

diff --git a/apps/api/src/browserbase/browserbase.service.ts b/apps/api/src/browserbase/browserbase.service.ts
index 8e388fbc13..2cffab3473 100644
--- a/apps/api/src/browserbase/browserbase.service.ts
+++ b/apps/api/src/browserbase/browserbase.service.ts
@@ -353,7 +353,6 @@ export class BrowserbaseService {
     targetUrl: string;
     instruction: string;
     evaluationCriteria?: string;
-    schedule?: string;
   }) {
     return db.browserAutomation.create({
       data: {
@@ -363,7 +362,6 @@ export class BrowserbaseService {
         targetUrl: data.targetUrl,
         instruction: data.instruction,
         evaluationCriteria: normalizeCriteria(data.evaluationCriteria),
-        schedule: data.schedule,
         isEnabled: true, // Enable by default so scheduled runs work
       },
     });
diff --git a/packages/db/prisma/migrations/20260424164600_custom_task_schedules/migration.sql b/packages/db/prisma/migrations/20260424164600_custom_task_schedules/migration.sql
new file mode 100644
index 0000000000..f8cde3c627
--- /dev/null
+++ b/packages/db/prisma/migrations/20260424164600_custom_task_schedules/migration.sql
@@ -0,0 +1,18 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `schedule` on the `BrowserAutomation` table. All the data in the column will be lost.
+
+*/
+-- AlterTable
+ALTER TABLE "BrowserAutomation" DROP COLUMN "schedule",
+ADD COLUMN     "lastRunAt" TIMESTAMP(3),
+ADD COLUMN     "scheduleFrequency" "TaskFrequency" NOT NULL DEFAULT 'daily';
+
+-- AlterTable
+ALTER TABLE "EvidenceAutomation" ADD COLUMN     "lastRunAt" TIMESTAMP(3),
+ADD COLUMN     "scheduleFrequency" "TaskFrequency" NOT NULL DEFAULT 'daily';
+
+-- AlterTable
+ALTER TABLE "Task" ADD COLUMN     "integrationLastRunAt" TIMESTAMP(3),
+ADD COLUMN     "integrationScheduleFrequency" "TaskFrequency" NOT NULL DEFAULT 'daily';
diff --git a/packages/db/prisma/schema/auth.prisma b/packages/db/prisma/schema/auth.prisma
index 05502d9017..e823f31472 100644
--- a/packages/db/prisma/schema/auth.prisma
+++ b/packages/db/prisma/schema/auth.prisma
@@ -15,20 +15,20 @@ model User {
   banExpires                     DateTime?
   isPlatformAdmin                Boolean   @default(false)
 
-  accounts                  Account[]
-  auditLog                  AuditLog[]
-  integrationResults        IntegrationResult[]
-  invitations               Invitation[]
-  members                   Member[]
-  sessions                  Session[]
-  fleetPolicyResults        FleetPolicyResult[]
-  evidenceSubmissions       EvidenceSubmission[] @relation("EvidenceSubmitter")
-  evidenceReviews           EvidenceSubmission[] @relation("EvidenceReviewer")
-  adminFindings             Finding[]            @relation("AdminFindingCreator")
-  timelinePhaseCompletions  TimelinePhase[]
-  lockedTimelineInstances   TimelineInstance[]   @relation("TimelineInstanceLockedBy")
-  unlockedTimelineInstances TimelineInstance[]   @relation("TimelineInstanceUnlockedBy")
-  publishedFrameworkVersions FrameworkVersion[]  @relation("FrameworkVersionPublisher")
+  accounts                   Account[]
+  auditLog                   AuditLog[]
+  integrationResults         IntegrationResult[]
+  invitations                Invitation[]
+  members                    Member[]
+  sessions                   Session[]
+  fleetPolicyResults         FleetPolicyResult[]
+  evidenceSubmissions        EvidenceSubmission[] @relation("EvidenceSubmitter")
+  evidenceReviews            EvidenceSubmission[] @relation("EvidenceReviewer")
+  adminFindings              Finding[]            @relation("AdminFindingCreator")
+  timelinePhaseCompletions   TimelinePhase[]
+  lockedTimelineInstances    TimelineInstance[]   @relation("TimelineInstanceLockedBy")
+  unlockedTimelineInstances  TimelineInstance[]   @relation("TimelineInstanceUnlockedBy")
+  publishedFrameworkVersions FrameworkVersion[]   @relation("FrameworkVersionPublisher")
 
   @@unique([email])
 }
diff --git a/packages/db/prisma/schema/automation.prisma b/packages/db/prisma/schema/automation.prisma
index f9c0501779..8f14424f6d 100644
--- a/packages/db/prisma/schema/automation.prisma
+++ b/packages/db/prisma/schema/automation.prisma
@@ -1,9 +1,11 @@
 model EvidenceAutomation {
-  id          String   @id @default(dbgenerated("generate_prefixed_cuid('aut'::text)"))
-  name        String
-  description String?
-  createdAt   DateTime @default(now())
-  isEnabled   Boolean  @default(false)
+  id                String        @id @default(dbgenerated("generate_prefixed_cuid('aut'::text)"))
+  name              String
+  description       String?
+  createdAt         DateTime      @default(now())
+  isEnabled         Boolean       @default(false)
+  scheduleFrequency TaskFrequency @default(daily)
+  lastRunAt         DateTime?
 
   chatHistory        String?
   evaluationCriteria String?
diff --git a/packages/db/prisma/schema/browserbase-context.prisma b/packages/db/prisma/schema/browserbase-context.prisma
index 5841a1021b..9c29d19778 100644
--- a/packages/db/prisma/schema/browserbase-context.prisma
+++ b/packages/db/prisma/schema/browserbase-context.prisma
@@ -1,101 +1,100 @@
 /// Stores Browserbase context IDs for browser-based automation
 /// One context per organization - shared like a normal browser
 model BrowserbaseContext {
-    id String @id @default(dbgenerated("generate_prefixed_cuid('bbc'::text)"))
+  id String @id @default(dbgenerated("generate_prefixed_cuid('bbc'::text)"))
 
-    /// Organization that owns this browser context
-    organizationId String       @unique
-    organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  /// Organization that owns this browser context
+  organizationId String       @unique
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
 
-    /// Browserbase context ID from their API
-    contextId String
+  /// Browserbase context ID from their API
+  contextId String
 
-    createdAt DateTime @default(now())
-    updatedAt DateTime @updatedAt
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
 
-    @@index([organizationId])
+  @@index([organizationId])
 }
 
 /// Browser automation configuration linked to a task
 model BrowserAutomation {
-    id          String  @id @default(dbgenerated("generate_prefixed_cuid('bau'::text)"))
-    name        String
-    description String?
+  id          String  @id @default(dbgenerated("generate_prefixed_cuid('bau'::text)"))
+  name        String
+  description String?
 
-    /// Task this automation belongs to
-    taskId String
-    task   Task   @relation(fields: [taskId], references: [id], onDelete: Cascade)
+  /// Task this automation belongs to
+  taskId String
+  task   Task   @relation(fields: [taskId], references: [id], onDelete: Cascade)
 
-    /// Starting URL for the automation
-    targetUrl String
+  /// Starting URL for the automation
+  targetUrl String
 
-    /// Natural language instruction for the AI agent
-    instruction String
+  /// Natural language instruction for the AI agent
+  instruction String
 
-    /// Optional natural-language criteria used to evaluate whether the
-    /// automation's outcome satisfies the auditor's requirement.
-    /// When null, runs don't produce a pass/fail verdict — only a screenshot.
-    evaluationCriteria String?
+  /// Optional natural-language criteria used to evaluate whether the
+  /// automation's outcome satisfies the auditor's requirement.
+  /// When null, runs don't produce a pass/fail verdict — only a screenshot.
+  evaluationCriteria String?
 
-    /// Whether automation is enabled for scheduled runs
-    isEnabled Boolean @default(false)
+  /// Whether automation is enabled for scheduled runs
+  isEnabled         Boolean       @default(false)
+  scheduleFrequency TaskFrequency @default(daily)
+  lastRunAt         DateTime?
 
-    /// Cron expression for scheduled runs (null = manual only)
-    schedule String?
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
 
-    createdAt DateTime @default(now())
-    updatedAt DateTime @updatedAt
+  runs BrowserAutomationRun[]
 
-    runs BrowserAutomationRun[]
-
-    @@index([taskId])
+  @@index([taskId])
 }
 
 /// Records of browser automation executions
 model BrowserAutomationRun {
-    id String @id @default(dbgenerated("generate_prefixed_cuid('bar'::text)"))
+  id String @id @default(dbgenerated("generate_prefixed_cuid('bar'::text)"))
 
-    /// Parent automation
-    automationId String
-    automation   BrowserAutomation @relation(fields: [automationId], references: [id], onDelete: Cascade)
+  /// Parent automation
+  automationId String
+  automation   BrowserAutomation @relation(fields: [automationId], references: [id], onDelete: Cascade)
 
-    /// Execution status
-    status BrowserAutomationRunStatus @default(pending)
+  /// Execution status
+  status BrowserAutomationRunStatus @default(pending)
 
-    /// Timestamps
-    startedAt   DateTime?
-    completedAt DateTime?
+  /// Timestamps
+  startedAt   DateTime?
+  completedAt DateTime?
 
-    /// Duration in milliseconds
-    durationMs Int?
+  /// Duration in milliseconds
+  durationMs Int?
 
-    /// Screenshot URL in S3 (if successful)
-    screenshotUrl String?
+  /// Screenshot URL in S3 (if successful)
+  screenshotUrl String?
 
-    /// Evaluation result - whether the automation fulfilled the task requirements
-    evaluationStatus BrowserAutomationEvaluationStatus?
+  /// Evaluation result - whether the automation fulfilled the task requirements
+  evaluationStatus BrowserAutomationEvaluationStatus?
 
-    /// AI explanation of why it passed or failed
-    evaluationReason String?
+  /// AI explanation of why it passed or failed
+  evaluationReason String?
 
-    /// Error message (if failed)
-    error String?
+  /// Error message (if failed)
+  error String?
 
-    createdAt DateTime @default(now())
+  createdAt DateTime @default(now())
 
-    @@index([automationId])
-    @@index([status])
-    @@index([createdAt])
+  @@index([automationId])
+  @@index([status])
+  @@index([createdAt])
 }
 
 enum BrowserAutomationEvaluationStatus {
-    pass
-    fail
+  pass
+  fail
 }
 
 enum BrowserAutomationRunStatus {
-    pending
-    running
-    completed
-    failed
+  pending
+  running
+  completed
+  failed
 }
diff --git a/packages/db/prisma/schema/control.prisma b/packages/db/prisma/schema/control.prisma
index 14672cb972..0a70fc5a9e 100644
--- a/packages/db/prisma/schema/control.prisma
+++ b/packages/db/prisma/schema/control.prisma
@@ -15,13 +15,13 @@ model Control {
   archivedAt DateTime?
 
   // Relationships
-  organization       Organization                    @relation(fields: [organizationId], references: [id], onDelete: Cascade)
-  organizationId     String
-  requirementsMapped RequirementMap[]
-  tasks              Task[]
-  policies           Policy[]
-  controlTemplateId  String?
-  controlTemplate    FrameworkEditorControlTemplate? @relation(fields: [controlTemplateId], references: [id])
+  organization         Organization                    @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  organizationId       String
+  requirementsMapped   RequirementMap[]
+  tasks                Task[]
+  policies             Policy[]
+  controlTemplateId    String?
+  controlTemplate      FrameworkEditorControlTemplate? @relation(fields: [controlTemplateId], references: [id])
   controlDocumentTypes ControlDocumentType[]
 
   @@index([organizationId])
diff --git a/packages/db/prisma/schema/device.prisma b/packages/db/prisma/schema/device.prisma
index 68d5af86f8..3a609c3eb7 100644
--- a/packages/db/prisma/schema/device.prisma
+++ b/packages/db/prisma/schema/device.prisma
@@ -15,17 +15,17 @@ model Device {
   agentSessionId String?
   agentSession   Session? @relation("DeviceAgentSession", fields: [agentSessionId], references: [id], onDelete: SetNull)
 
-  isCompliant           Boolean  @default(false)
-  diskEncryptionEnabled Boolean  @default(false)
-  antivirusEnabled      Boolean  @default(false)
-  passwordPolicySet     Boolean  @default(false)
-  screenLockEnabled     Boolean  @default(false)
+  isCompliant           Boolean @default(false)
+  diskEncryptionEnabled Boolean @default(false)
+  antivirusEnabled      Boolean @default(false)
+  passwordPolicySet     Boolean @default(false)
+  screenLockEnabled     Boolean @default(false)
   checkDetails          Json?
 
   lastCheckIn  DateTime?
   agentVersion String?
-  installedAt  DateTime @default(now())
-  updatedAt    DateTime @updatedAt
+  installedAt  DateTime  @default(now())
+  updatedAt    DateTime  @updatedAt
 
   findings Finding[]
 
diff --git a/packages/db/prisma/schema/dynamic-integration.prisma b/packages/db/prisma/schema/dynamic-integration.prisma
index 7aac3b288a..58163d17de 100644
--- a/packages/db/prisma/schema/dynamic-integration.prisma
+++ b/packages/db/prisma/schema/dynamic-integration.prisma
@@ -4,95 +4,95 @@
 
 /// Stores a full integration manifest as JSON — replaces hand-written TypeScript manifests
 model DynamicIntegration {
-    id          String  @id @default(dbgenerated("generate_prefixed_cuid('din'::text)"))
-    /// Unique slug (e.g., "azure-devops", "office-365")
-    slug        String  @unique
-    /// Display name
-    name        String
-    /// Short description for catalog
-    description String
-    /// Category for grouping
-    category    String
-    /// Logo URL
-    logoUrl     String
-    /// URL to documentation
-    docsUrl     String?
-
-    /// API base URL for ctx.fetch
-    baseUrl     String?
-    /// Default headers (JSON object)
-    defaultHeaders Json?
-
-    /// Auth strategy config (JSON — matches AuthStrategy type: oauth2/api_key/basic/jwt/custom)
-    authConfig  Json
-
-    /// Capabilities JSON array (default ["checks"])
-    capabilities Json @default("[\"checks\"]")
-
-    /// Whether multiple connections per org are allowed
-    supportsMultipleConnections Boolean @default(false)
-
-    /// Declarative sync definition (JSON — DSL steps that produce employee list)
-    /// When present and capabilities includes 'sync', enables employee sync
-    syncDefinition  Json?
-
-    /// Services metadata (JSON array of { id, name, description, enabledByDefault?, implemented? })
-    services    Json?
-
-    /// Whether this dynamic integration is active
-    isActive    Boolean @default(true)
-
-    createdAt   DateTime @default(now())
-    updatedAt   DateTime @updatedAt
-
-    checks      DynamicCheck[]
-
-    @@index([slug])
-    @@index([category])
-    @@index([isActive])
+  id          String  @id @default(dbgenerated("generate_prefixed_cuid('din'::text)"))
+  /// Unique slug (e.g., "azure-devops", "office-365")
+  slug        String  @unique
+  /// Display name
+  name        String
+  /// Short description for catalog
+  description String
+  /// Category for grouping
+  category    String
+  /// Logo URL
+  logoUrl     String
+  /// URL to documentation
+  docsUrl     String?
+
+  /// API base URL for ctx.fetch
+  baseUrl        String?
+  /// Default headers (JSON object)
+  defaultHeaders Json?
+
+  /// Auth strategy config (JSON — matches AuthStrategy type: oauth2/api_key/basic/jwt/custom)
+  authConfig Json
+
+  /// Capabilities JSON array (default ["checks"])
+  capabilities Json @default("[\"checks\"]")
+
+  /// Whether multiple connections per org are allowed
+  supportsMultipleConnections Boolean @default(false)
+
+  /// Declarative sync definition (JSON — DSL steps that produce employee list)
+  /// When present and capabilities includes 'sync', enables employee sync
+  syncDefinition Json?
+
+  /// Services metadata (JSON array of { id, name, description, enabledByDefault?, implemented? })
+  services Json?
+
+  /// Whether this dynamic integration is active
+  isActive Boolean @default(true)
+
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  checks DynamicCheck[]
+
+  @@index([slug])
+  @@index([category])
+  @@index([isActive])
 }
 
 /// Stores a declarative check definition — DSL JSON replaces hand-written run() functions
 model DynamicCheck {
-    id              String  @id @default(dbgenerated("generate_prefixed_cuid('dck'::text)"))
+  id String @id @default(dbgenerated("generate_prefixed_cuid('dck'::text)"))
 
-    /// Parent integration
-    integrationId   String
-    integration     DynamicIntegration @relation(fields: [integrationId], references: [id], onDelete: Cascade)
+  /// Parent integration
+  integrationId String
+  integration   DynamicIntegration @relation(fields: [integrationId], references: [id], onDelete: Cascade)
 
-    /// Unique slug within integration (e.g., "mfa_enabled")
-    checkSlug       String
+  /// Unique slug within integration (e.g., "mfa_enabled")
+  checkSlug String
 
-    /// Human-readable name
-    name            String
-    /// Description of what this check does
-    description     String
+  /// Human-readable name
+  name        String
+  /// Description of what this check does
+  description String
 
-    /// Task template ID for auto-completion (references TASK_TEMPLATES)
-    taskMapping     String?
+  /// Task template ID for auto-completion (references TASK_TEMPLATES)
+  taskMapping String?
 
-    /// Default severity for findings
-    defaultSeverity String  @default("medium")
+  /// Default severity for findings
+  defaultSeverity String @default("medium")
 
-    /// Service ID this check belongs to (groups checks under a service)
-    service         String?
+  /// Service ID this check belongs to (groups checks under a service)
+  service String?
 
-    /// Declarative DSL definition (JSON — the step-by-step instructions)
-    definition      Json
+  /// Declarative DSL definition (JSON — the step-by-step instructions)
+  definition Json
 
-    /// Check-level variables (JSON array of CheckVariable)
-    variables       Json    @default("[]")
+  /// Check-level variables (JSON array of CheckVariable)
+  variables Json @default("[]")
 
-    /// Whether this check is enabled
-    isEnabled       Boolean @default(true)
+  /// Whether this check is enabled
+  isEnabled Boolean @default(true)
 
-    /// Display order
-    sortOrder       Int     @default(0)
+  /// Display order
+  sortOrder Int @default(0)
 
-    createdAt       DateTime @default(now())
-    updatedAt       DateTime @updatedAt
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
 
-    @@unique([integrationId, checkSlug])
-    @@index([integrationId])
-    @@index([isEnabled])
+  @@unique([integrationId, checkSlug])
+  @@index([integrationId])
+  @@index([isEnabled])
 }
diff --git a/packages/db/prisma/schema/framework-editor.prisma b/packages/db/prisma/schema/framework-editor.prisma
index ee06645f89..6bb6e302f5 100644
--- a/packages/db/prisma/schema/framework-editor.prisma
+++ b/packages/db/prisma/schema/framework-editor.prisma
@@ -69,8 +69,8 @@ model FrameworkEditorTaskTemplate {
   id               String               @id @default(dbgenerated("generate_prefixed_cuid('frk_tt'::text)"))
   name             String
   description      String
-  frequency        Frequency            // Using the enum from shared.prisma
-  department       Departments          // Using the enum from shared.prisma
+  frequency        Frequency // Using the enum from shared.prisma
+  department       Departments // Using the enum from shared.prisma
   automationStatus TaskAutomationStatus @default(AUTOMATED)
 
   controlTemplates FrameworkEditorControlTemplate[]
diff --git a/packages/db/prisma/schema/framework-version.prisma b/packages/db/prisma/schema/framework-version.prisma
index 9708c3f40c..40c5ca7709 100644
--- a/packages/db/prisma/schema/framework-version.prisma
+++ b/packages/db/prisma/schema/framework-version.prisma
@@ -1,20 +1,20 @@
 model FrameworkVersion {
-  id               String   @id @default(dbgenerated("generate_prefixed_cuid('fvr'::text)"))
-  frameworkId      String
-  framework        FrameworkEditorFramework @relation(fields: [frameworkId], references: [id], onDelete: Cascade)
+  id          String                   @id @default(dbgenerated("generate_prefixed_cuid('fvr'::text)"))
+  frameworkId String
+  framework   FrameworkEditorFramework @relation(fields: [frameworkId], references: [id], onDelete: Cascade)
 
-  version          String   // semver-ish, e.g., "1.0.0", "2.1.0"
-  publishedAt      DateTime @default(now())
-  publishedById    String?
-  publishedBy      User?    @relation("FrameworkVersionPublisher", fields: [publishedById], references: [id], onDelete: SetNull)
+  version       String // semver-ish, e.g., "1.0.0", "2.1.0"
+  publishedAt   DateTime @default(now())
+  publishedById String?
+  publishedBy   User?    @relation("FrameworkVersionPublisher", fields: [publishedById], references: [id], onDelete: SetNull)
 
-  releaseNotes     String?  // markdown
+  releaseNotes String? // markdown
 
   // Full snapshot of all templates at publish time (see manifest.types.ts).
   // Immutable once published.
-  manifest         Json
+  manifest Json
 
-  frameworkInstances FrameworkInstance[] @relation("FrameworkInstanceCurrentVersion")
+  frameworkInstances FrameworkInstance[]      @relation("FrameworkInstanceCurrentVersion")
   syncOperationsFrom FrameworkSyncOperation[] @relation("FrameworkSyncOperationFromVersion")
   syncOperationsTo   FrameworkSyncOperation[] @relation("FrameworkSyncOperationToVersion")
 
diff --git a/packages/db/prisma/schema/integration-platform.prisma b/packages/db/prisma/schema/integration-platform.prisma
index 8b28153ac7..98cd949e9e 100644
--- a/packages/db/prisma/schema/integration-platform.prisma
+++ b/packages/db/prisma/schema/integration-platform.prisma
@@ -3,424 +3,424 @@
 
 /// Stores metadata about available integration providers (synced from code manifests)
 model IntegrationProvider {
-    id           String  @id @default(dbgenerated("generate_prefixed_cuid('prv'::text)"))
-    /// Unique slug matching manifest ID (e.g., "github", "slack")
-    slug         String  @unique
-    /// Display name
-    name         String
-    /// Category for grouping
-    category     String
-    /// Hash of manifest for detecting changes
-    manifestHash String?
-    /// Capabilities JSON array
-    capabilities Json    @default("[]")
-    /// Whether provider is active
-    isActive     Boolean @default(true)
-
-    createdAt DateTime @default(now())
-    updatedAt DateTime @updatedAt
-
-    connections IntegrationConnection[]
-
-    @@index([slug])
-    @@index([category])
+  id           String  @id @default(dbgenerated("generate_prefixed_cuid('prv'::text)"))
+  /// Unique slug matching manifest ID (e.g., "github", "slack")
+  slug         String  @unique
+  /// Display name
+  name         String
+  /// Category for grouping
+  category     String
+  /// Hash of manifest for detecting changes
+  manifestHash String?
+  /// Capabilities JSON array
+  capabilities Json    @default("[]")
+  /// Whether provider is active
+  isActive     Boolean @default(true)
+
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  connections IntegrationConnection[]
+
+  @@index([slug])
+  @@index([category])
 }
 
 /// Represents an organization's connection to an integration provider
 model IntegrationConnection {
-    id String @id @default(dbgenerated("generate_prefixed_cuid('icn'::text)"))
+  id String @id @default(dbgenerated("generate_prefixed_cuid('icn'::text)"))
 
-    /// Reference to the provider
-    providerId String
-    provider   IntegrationProvider @relation(fields: [providerId], references: [id], onDelete: Cascade)
+  /// Reference to the provider
+  providerId String
+  provider   IntegrationProvider @relation(fields: [providerId], references: [id], onDelete: Cascade)
 
-    /// Organization that owns this connection
-    organizationId String
-    organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  /// Organization that owns this connection
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
 
-    /// Connection status
-    status IntegrationConnectionStatus @default(pending)
+  /// Connection status
+  status IntegrationConnectionStatus @default(pending)
 
-    /// Auth strategy used (oauth2, api_key, basic, jwt, custom)
-    authStrategy String
+  /// Auth strategy used (oauth2, api_key, basic, jwt, custom)
+  authStrategy String
 
-    /// Reference to active credential version
-    activeCredentialVersionId String?
+  /// Reference to active credential version
+  activeCredentialVersionId String?
 
-    /// Last successful sync timestamp
-    lastSyncAt DateTime?
+  /// Last successful sync timestamp
+  lastSyncAt DateTime?
 
-    /// Next scheduled sync timestamp
-    nextSyncAt DateTime?
+  /// Next scheduled sync timestamp
+  nextSyncAt DateTime?
 
-    /// Custom sync cadence (cron expression), null = use default
-    syncCadence String?
+  /// Custom sync cadence (cron expression), null = use default
+  syncCadence String?
 
-    /// Additional metadata (e.g., connected account info)
-    metadata Json?
+  /// Additional metadata (e.g., connected account info)
+  metadata Json?
 
-    /// User-configured variables for checks (collected after OAuth)
-    variables Json?
+  /// User-configured variables for checks (collected after OAuth)
+  variables Json?
 
-    /// Error message if status is error
-    errorMessage String?
+  /// Error message if status is error
+  errorMessage String?
 
-    createdAt DateTime @default(now())
-    updatedAt DateTime @updatedAt
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
 
-    credentialVersions  IntegrationCredentialVersion[]
-    runs                IntegrationRun[]
-    findings            IntegrationPlatformFinding[]
-    checkRuns           IntegrationCheckRun[]
-    syncLogs            IntegrationSyncLog[]
-    remediationActions  RemediationAction[]
-    remediationBatches  RemediationBatch[]
+  credentialVersions IntegrationCredentialVersion[]
+  runs               IntegrationRun[]
+  findings           IntegrationPlatformFinding[]
+  checkRuns          IntegrationCheckRun[]
+  syncLogs           IntegrationSyncLog[]
+  remediationActions RemediationAction[]
+  remediationBatches RemediationBatch[]
 
-    @@index([organizationId])
-    @@index([providerId])
-    @@index([providerId, organizationId])
-    @@index([status])
+  @@index([organizationId])
+  @@index([providerId])
+  @@index([providerId, organizationId])
+  @@index([status])
 }
 
 enum IntegrationConnectionStatus {
-    pending // Awaiting credential setup
-    active // Connected and operational
-    error // Connection has errors
-    paused // Manually paused by user
-    disconnected // User disconnected
+  pending // Awaiting credential setup
+  active // Connected and operational
+  error // Connection has errors
+  paused // Manually paused by user
+  disconnected // User disconnected
 }
 
 /// Stores encrypted credentials with versioning for audit trail
 model IntegrationCredentialVersion {
-    id String @id @default(dbgenerated("generate_prefixed_cuid('icv'::text)"))
+  id String @id @default(dbgenerated("generate_prefixed_cuid('icv'::text)"))
 
-    /// Parent connection
-    connectionId String
-    connection   IntegrationConnection @relation(fields: [connectionId], references: [id], onDelete: Cascade)
+  /// Parent connection
+  connectionId String
+  connection   IntegrationConnection @relation(fields: [connectionId], references: [id], onDelete: Cascade)
 
-    /// Encrypted credential payload (JSON with encrypted fields)
-    encryptedPayload Json
+  /// Encrypted credential payload (JSON with encrypted fields)
+  encryptedPayload Json
 
-    /// Version number (auto-increment per connection)
-    version Int
+  /// Version number (auto-increment per connection)
+  version Int
 
-    /// Token expiration (for OAuth tokens)
-    expiresAt DateTime?
+  /// Token expiration (for OAuth tokens)
+  expiresAt DateTime?
 
-    /// When this version was rotated/replaced
-    rotatedAt DateTime?
+  /// When this version was rotated/replaced
+  rotatedAt DateTime?
 
-    createdAt DateTime @default(now())
+  createdAt DateTime @default(now())
 
-    @@unique([connectionId, version])
-    @@index([connectionId])
+  @@unique([connectionId, version])
+  @@index([connectionId])
 }
 
 /// Records each sync/job execution for audit and debugging
 model IntegrationRun {
-    id String @id @default(dbgenerated("generate_prefixed_cuid('irn'::text)"))
+  id String @id @default(dbgenerated("generate_prefixed_cuid('irn'::text)"))
 
-    /// Parent connection
-    connectionId String
-    connection   IntegrationConnection @relation(fields: [connectionId], references: [id], onDelete: Cascade)
+  /// Parent connection
+  connectionId String
+  connection   IntegrationConnection @relation(fields: [connectionId], references: [id], onDelete: Cascade)
 
-    /// Type of job
-    jobType IntegrationRunJobType
+  /// Type of job
+  jobType IntegrationRunJobType
 
-    /// Execution status
-    status IntegrationRunStatus @default(pending)
+  /// Execution status
+  status IntegrationRunStatus @default(pending)
 
-    /// Timestamps
-    startedAt   DateTime?
-    completedAt DateTime?
+  /// Timestamps
+  startedAt   DateTime?
+  completedAt DateTime?
 
-    /// Duration in milliseconds
-    durationMs Int?
+  /// Duration in milliseconds
+  durationMs Int?
 
-    /// Number of findings from this run
-    findingsCount Int @default(0)
+  /// Number of findings from this run
+  findingsCount Int @default(0)
 
-    /// Error details if failed
-    error Json?
+  /// Error details if failed
+  error Json?
 
-    /// Additional metadata (trigger source, cursor, etc.)
-    metadata Json?
+  /// Additional metadata (trigger source, cursor, etc.)
+  metadata Json?
 
-    createdAt DateTime @default(now())
+  createdAt DateTime @default(now())
 
-    findings IntegrationPlatformFinding[]
+  findings IntegrationPlatformFinding[]
 
-    @@index([connectionId])
-    @@index([status])
-    @@index([createdAt])
+  @@index([connectionId])
+  @@index([status])
+  @@index([createdAt])
 }
 
 enum IntegrationRunJobType {
-    full_sync
-    delta_sync
-    webhook
-    manual
-    test_connection
+  full_sync
+  delta_sync
+  webhook
+  manual
+  test_connection
 }
 
 enum IntegrationRunStatus {
-    pending
-    running
-    success
-    failed
-    cancelled
+  pending
+  running
+  success
+  failed
+  cancelled
 }
 
 /// Stores findings/results from integration syncs
 model IntegrationPlatformFinding {
-    id String @id @default(dbgenerated("generate_prefixed_cuid('ipf'::text)"))
+  id String @id @default(dbgenerated("generate_prefixed_cuid('ipf'::text)"))
 
-    /// Parent run (optional - webhooks may not have runs)
-    runId String?
-    run   IntegrationRun? @relation(fields: [runId], references: [id], onDelete: SetNull)
+  /// Parent run (optional - webhooks may not have runs)
+  runId String?
+  run   IntegrationRun? @relation(fields: [runId], references: [id], onDelete: SetNull)
 
-    /// Parent connection
-    connectionId String
-    connection   IntegrationConnection @relation(fields: [connectionId], references: [id], onDelete: Cascade)
+  /// Parent connection
+  connectionId String
+  connection   IntegrationConnection @relation(fields: [connectionId], references: [id], onDelete: Cascade)
 
-    /// Resource classification
-    resourceType String
-    resourceId   String
+  /// Resource classification
+  resourceType String
+  resourceId   String
 
-    /// Finding details
-    title       String
-    description String?
+  /// Finding details
+  title       String
+  description String?
 
-    /// Severity level
-    severity IntegrationFindingSeverity @default(info)
+  /// Severity level
+  severity IntegrationFindingSeverity @default(info)
 
-    /// Finding status
-    status IntegrationFindingStatus @default(open)
+  /// Finding status
+  status IntegrationFindingStatus @default(open)
 
-    /// Remediation guidance
-    remediation String?
+  /// Remediation guidance
+  remediation String?
 
-    /// Raw payload from provider
-    rawPayload Json?
+  /// Raw payload from provider
+  rawPayload Json?
 
-    createdAt DateTime @default(now())
-    updatedAt DateTime @updatedAt
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
 
-    @@index([connectionId])
-    @@index([runId])
-    @@index([resourceType, resourceId])
-    @@index([severity])
-    @@index([status])
+  @@index([connectionId])
+  @@index([runId])
+  @@index([resourceType, resourceId])
+  @@index([severity])
+  @@index([status])
 }
 
 enum IntegrationFindingSeverity {
-    info
-    low
-    medium
-    high
-    critical
+  info
+  low
+  medium
+  high
+  critical
 }
 
 enum IntegrationFindingStatus {
-    open
-    resolved
-    ignored
+  open
+  resolved
+  ignored
 }
 
 /// Stores OAuth state for CSRF protection during OAuth flow
 model IntegrationOAuthState {
-    id String @id @default(dbgenerated("generate_prefixed_cuid('ios'::text)"))
+  id String @id @default(dbgenerated("generate_prefixed_cuid('ios'::text)"))
 
-    /// Random state parameter
-    state String @unique
+  /// Random state parameter
+  state String @unique
 
-    /// Provider slug
-    providerSlug String
+  /// Provider slug
+  providerSlug String
 
-    /// Organization initiating the OAuth
-    organizationId String
+  /// Organization initiating the OAuth
+  organizationId String
 
-    /// User initiating the OAuth
-    userId String
+  /// User initiating the OAuth
+  userId String
 
-    /// PKCE code verifier (if using PKCE)
-    codeVerifier String?
+  /// PKCE code verifier (if using PKCE)
+  codeVerifier String?
 
-    /// Redirect URL after OAuth completes
-    redirectUrl String?
+  /// Redirect URL after OAuth completes
+  redirectUrl String?
 
-    /// Expiration timestamp
-    expiresAt DateTime
+  /// Expiration timestamp
+  expiresAt DateTime
 
-    createdAt DateTime @default(now())
+  createdAt DateTime @default(now())
 
-    @@index([state])
-    @@index([expiresAt])
+  @@index([state])
+  @@index([expiresAt])
 }
 
 /// Stores organization-level OAuth app credentials
 /// Allows orgs (especially self-hosters) to use their own OAuth apps
 model IntegrationOAuthApp {
-    id String @id @default(dbgenerated("generate_prefixed_cuid('ioa'::text)"))
+  id String @id @default(dbgenerated("generate_prefixed_cuid('ioa'::text)"))
 
-    /// Provider slug (e.g., "github", "slack")
-    providerSlug String
+  /// Provider slug (e.g., "github", "slack")
+  providerSlug String
 
-    /// Organization that owns this OAuth app config
-    organizationId String
-    organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  /// Organization that owns this OAuth app config
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
 
-    /// Encrypted client ID
-    encryptedClientId Json
+  /// Encrypted client ID
+  encryptedClientId Json
 
-    /// Encrypted client secret
-    encryptedClientSecret Json
+  /// Encrypted client secret
+  encryptedClientSecret Json
 
-    /// Optional: custom scopes (overrides manifest defaults)
-    customScopes String[]
+  /// Optional: custom scopes (overrides manifest defaults)
+  customScopes String[]
 
-    /// Provider-specific settings (e.g., Rippling app name for authorize URL)
-    /// Stored as JSON: { "appName": "compai533c" }
-    customSettings Json?
+  /// Provider-specific settings (e.g., Rippling app name for authorize URL)
+  /// Stored as JSON: { "appName": "compai533c" }
+  customSettings Json?
 
-    /// Whether this config is active
-    isActive Boolean @default(true)
+  /// Whether this config is active
+  isActive Boolean @default(true)
 
-    createdAt DateTime @default(now())
-    updatedAt DateTime @updatedAt
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
 
-    @@unique([providerSlug, organizationId])
-    @@index([organizationId])
-    @@index([providerSlug])
+  @@unique([providerSlug, organizationId])
+  @@index([organizationId])
+  @@index([providerSlug])
 }
 
 /// Records check runs linked to tasks for compliance verification
 model IntegrationCheckRun {
-    id String @id @default(dbgenerated("generate_prefixed_cuid('icr'::text)"))
+  id String @id @default(dbgenerated("generate_prefixed_cuid('icr'::text)"))
 
-    /// Parent connection
-    connectionId String
-    connection   IntegrationConnection @relation(fields: [connectionId], references: [id], onDelete: Cascade)
+  /// Parent connection
+  connectionId String
+  connection   IntegrationConnection @relation(fields: [connectionId], references: [id], onDelete: Cascade)
 
-    /// Task being verified (optional - checks can run without a task)
-    taskId String?
-    task   Task?   @relation(fields: [taskId], references: [id], onDelete: SetNull)
+  /// Task being verified (optional - checks can run without a task)
+  taskId String?
+  task   Task?   @relation(fields: [taskId], references: [id], onDelete: SetNull)
 
-    /// Check ID from the manifest
-    checkId String
+  /// Check ID from the manifest
+  checkId String
 
-    /// Check name (denormalized for display)
-    checkName String
+  /// Check name (denormalized for display)
+  checkName String
 
-    /// Execution status
-    status IntegrationRunStatus @default(pending)
+  /// Execution status
+  status IntegrationRunStatus @default(pending)
 
-    /// Timestamps
-    startedAt   DateTime?
-    completedAt DateTime?
+  /// Timestamps
+  startedAt   DateTime?
+  completedAt DateTime?
 
-    /// Duration in milliseconds
-    durationMs Int?
+  /// Duration in milliseconds
+  durationMs Int?
 
-    /// Summary counts
-    totalChecked Int @default(0)
-    passedCount  Int @default(0)
-    failedCount  Int @default(0)
+  /// Summary counts
+  totalChecked Int @default(0)
+  passedCount  Int @default(0)
+  failedCount  Int @default(0)
 
-    /// Error message if failed
-    errorMessage String?
+  /// Error message if failed
+  errorMessage String?
 
-    /// Full execution logs (JSON array)
-    logs Json?
+  /// Full execution logs (JSON array)
+  logs Json?
 
-    createdAt DateTime @default(now())
+  createdAt DateTime @default(now())
 
-    /// Results from this check run
-    results IntegrationCheckResult[]
+  /// Results from this check run
+  results IntegrationCheckResult[]
 
-    @@index([connectionId])
-    @@index([taskId])
-    @@index([checkId])
-    @@index([status])
-    @@index([createdAt])
+  @@index([connectionId])
+  @@index([taskId])
+  @@index([checkId])
+  @@index([status])
+  @@index([createdAt])
 }
 
 /// Stores individual results (pass/fail) from check runs
 model IntegrationCheckResult {
-    id String @id @default(dbgenerated("generate_prefixed_cuid('icx'::text)"))
+  id String @id @default(dbgenerated("generate_prefixed_cuid('icx'::text)"))
 
-    /// Parent check run
-    checkRunId String
-    checkRun   IntegrationCheckRun @relation(fields: [checkRunId], references: [id], onDelete: Cascade)
+  /// Parent check run
+  checkRunId String
+  checkRun   IntegrationCheckRun @relation(fields: [checkRunId], references: [id], onDelete: Cascade)
 
-    /// Whether this result is a pass or fail
-    passed Boolean
+  /// Whether this result is a pass or fail
+  passed Boolean
 
-    /// Resource classification
-    resourceType String
-    resourceId   String
+  /// Resource classification
+  resourceType String
+  resourceId   String
 
-    /// Result details
-    title       String
-    description String?
+  /// Result details
+  title       String
+  description String?
 
-    /// Severity (for failures)
-    severity IntegrationFindingSeverity?
+  /// Severity (for failures)
+  severity IntegrationFindingSeverity?
 
-    /// Remediation guidance (for failures)
-    remediation String?
+  /// Remediation guidance (for failures)
+  remediation String?
 
-    /// Evidence/proof (JSON - API response data)
-    evidence Json?
+  /// Evidence/proof (JSON - API response data)
+  evidence Json?
 
-    /// When this evidence was collected
-    collectedAt DateTime @default(now())
+  /// When this evidence was collected
+  collectedAt DateTime @default(now())
 
-    remediationActions RemediationAction[]
+  remediationActions RemediationAction[]
 
-    @@index([checkRunId])
-    @@index([passed])
-    @@index([resourceType, resourceId])
+  @@index([checkRunId])
+  @@index([passed])
+  @@index([resourceType, resourceId])
 }
 
 /// Stores platform-wide OAuth app credentials
 /// Used by platform operators to provide default OAuth apps for all users
 model IntegrationPlatformCredential {
-    id String @id @default(dbgenerated("generate_prefixed_cuid('ipc'::text)"))
+  id String @id @default(dbgenerated("generate_prefixed_cuid('ipc'::text)"))
 
-    /// Provider slug (e.g., "github", "slack") - unique per platform
-    providerSlug String @unique
+  /// Provider slug (e.g., "github", "slack") - unique per platform
+  providerSlug String @unique
 
-    /// Encrypted client ID
-    encryptedClientId Json
+  /// Encrypted client ID
+  encryptedClientId Json
 
-    /// Encrypted client secret
-    encryptedClientSecret Json
+  /// Encrypted client secret
+  encryptedClientSecret Json
 
-    /// Masked display hint for client ID (computed at write time)
-    clientIdHint String?
+  /// Masked display hint for client ID (computed at write time)
+  clientIdHint String?
 
-    /// Masked display hint for client secret (computed at write time)
-    clientSecretHint String?
+  /// Masked display hint for client secret (computed at write time)
+  clientSecretHint String?
 
-    /// Optional: custom scopes (overrides manifest defaults)
-    customScopes String[]
+  /// Optional: custom scopes (overrides manifest defaults)
+  customScopes String[]
 
-    /// Provider-specific settings (e.g., Rippling app name for authorize URL)
-    /// Stored as JSON: { "appName": "compai533c" }
-    customSettings Json?
+  /// Provider-specific settings (e.g., Rippling app name for authorize URL)
+  /// Stored as JSON: { "appName": "compai533c" }
+  customSettings Json?
 
-    /// Whether this credential is active
-    isActive Boolean @default(true)
+  /// Whether this credential is active
+  isActive Boolean @default(true)
 
-    /// Who created this credential
-    createdById String?
+  /// Who created this credential
+  createdById String?
 
-    /// Who last updated this credential
-    updatedById String?
+  /// Who last updated this credential
+  updatedById String?
 
-    createdAt DateTime @default(now())
-    updatedAt DateTime @updatedAt
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
 
-    @@index([providerSlug])
+  @@index([providerSlug])
 }
diff --git a/packages/db/prisma/schema/integration-sync-log.prisma b/packages/db/prisma/schema/integration-sync-log.prisma
index 5cce4660a4..b57767b7a5 100644
--- a/packages/db/prisma/schema/integration-sync-log.prisma
+++ b/packages/db/prisma/schema/integration-sync-log.prisma
@@ -2,11 +2,11 @@
 // Generic audit trail for integration sync operations (employee sync, role discovery, etc.)
 
 model IntegrationSyncLog {
-  id             String                   @id @default(dbgenerated("generate_prefixed_cuid('isl'::text)"))
+  id             String                @id @default(dbgenerated("generate_prefixed_cuid('isl'::text)"))
   connectionId   String
-  connection     IntegrationConnection    @relation(fields: [connectionId], references: [id], onDelete: Cascade)
+  connection     IntegrationConnection @relation(fields: [connectionId], references: [id], onDelete: Cascade)
   organizationId String
-  organization   Organization             @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  organization   Organization          @relation(fields: [organizationId], references: [id], onDelete: Cascade)
 
   /// Provider slug (e.g., "google-workspace", "rippling", "jumpcloud")
   provider    String
diff --git a/packages/db/prisma/schema/notification-policy.prisma b/packages/db/prisma/schema/notification-policy.prisma
index 2a789aa955..8674ebc741 100644
--- a/packages/db/prisma/schema/notification-policy.prisma
+++ b/packages/db/prisma/schema/notification-policy.prisma
@@ -1,8 +1,8 @@
 model RoleNotificationSetting {
-  id                   String       @id @default(dbgenerated("generate_prefixed_cuid('rns'::text)"))
-  organizationId       String
-  organization         Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
-  role                 String // "owner", "admin", "auditor", "employee", "contractor", or custom role name
+  id             String       @id @default(dbgenerated("generate_prefixed_cuid('rns'::text)"))
+  organizationId String
+  organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  role           String // "owner", "admin", "auditor", "employee", "contractor", or custom role name
 
   policyNotifications  Boolean @default(true)
   taskReminders        Boolean @default(true)
diff --git a/packages/db/prisma/schema/organization-billing.prisma b/packages/db/prisma/schema/organization-billing.prisma
index ba4c522c10..b6c610ae6a 100644
--- a/packages/db/prisma/schema/organization-billing.prisma
+++ b/packages/db/prisma/schema/organization-billing.prisma
@@ -5,7 +5,7 @@ model OrganizationBilling {
   createdAt        DateTime @default(now()) @map("created_at")
   updatedAt        DateTime @updatedAt @map("updated_at")
 
-  organization        Organization        @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  organization        Organization         @relation(fields: [organizationId], references: [id], onDelete: Cascade)
   pentestSubscription PentestSubscription?
 
   @@map("organization_billing")
diff --git a/packages/db/prisma/schema/organization.prisma b/packages/db/prisma/schema/organization.prisma
index f6e9111d03..ceadcd5655 100644
--- a/packages/db/prisma/schema/organization.prisma
+++ b/packages/db/prisma/schema/organization.prisma
@@ -1,20 +1,20 @@
 model Organization {
-  id                  String      @id @default(dbgenerated("generate_prefixed_cuid('org'::text)"))
-  name                String
-  slug                String      @unique @default(dbgenerated("generate_prefixed_cuid('slug'::text)"))
-  logo                String?
-  createdAt           DateTime    @default(now())
-  metadata            String?
-  onboarding          Onboarding?
-  website             String?
-  onboardingCompleted Boolean     @default(false)
-  hasAccess           Boolean     @default(false)
-  advancedModeEnabled             Boolean     @default(false)
-  evidenceApprovalEnabled         Boolean     @default(false)
-  deviceAgentStepEnabled          Boolean     @default(true)
-  securityTrainingStepEnabled     Boolean     @default(true)
-  whistleblowerReportEnabled      Boolean     @default(true)
-  accessRequestFormEnabled        Boolean     @default(true)
+  id                          String      @id @default(dbgenerated("generate_prefixed_cuid('org'::text)"))
+  name                        String
+  slug                        String      @unique @default(dbgenerated("generate_prefixed_cuid('slug'::text)"))
+  logo                        String?
+  createdAt                   DateTime    @default(now())
+  metadata                    String?
+  onboarding                  Onboarding?
+  website                     String?
+  onboardingCompleted         Boolean     @default(false)
+  hasAccess                   Boolean     @default(false)
+  advancedModeEnabled         Boolean     @default(false)
+  evidenceApprovalEnabled     Boolean     @default(false)
+  deviceAgentStepEnabled      Boolean     @default(true)
+  securityTrainingStepEnabled Boolean     @default(true)
+  whistleblowerReportEnabled  Boolean     @default(true)
+  accessRequestFormEnabled    Boolean     @default(true)
 
   // FleetDM
   fleetDmLabelId        Int?
@@ -78,11 +78,11 @@ model Organization {
   organizationChart OrganizationChart?
 
   // RBAC
-  organizationRoles          OrganizationRole[]
-  roleNotificationSettings   RoleNotificationSetting[]
+  organizationRoles        OrganizationRole[]
+  roleNotificationSettings RoleNotificationSetting[]
 
   // Timeline
-  timelineInstances          TimelineInstance[]
+  timelineInstances TimelineInstance[]
 
   // Custom frameworks / requirements authored by this org
   customFrameworks   CustomFramework[]
diff --git a/packages/db/prisma/schema/policy.prisma b/packages/db/prisma/schema/policy.prisma
index 945e203c52..461ec471b6 100644
--- a/packages/db/prisma/schema/policy.prisma
+++ b/packages/db/prisma/schema/policy.prisma
@@ -4,7 +4,7 @@ enum PolicyDisplayFormat {
 }
 
 enum PolicyVisibility {
-  ALL        // Visible to everyone in organization
+  ALL // Visible to everyone in organization
   DEPARTMENT // Only visible to specified departments
 }
 
@@ -66,8 +66,8 @@ model PolicyVersion {
   updatedAt DateTime @updatedAt
 
   // Relations
-  policyId String
-  policy   Policy @relation("PolicyVersions", fields: [policyId], references: [id], onDelete: Cascade)
+  policyId         String
+  policy           Policy  @relation("PolicyVersions", fields: [policyId], references: [id], onDelete: Cascade)
   currentForPolicy Policy? @relation("PolicyCurrentVersion")
 
   // Version details
diff --git a/packages/db/prisma/schema/remediation-action.prisma b/packages/db/prisma/schema/remediation-action.prisma
index c43e6a6795..e84d34aba0 100644
--- a/packages/db/prisma/schema/remediation-action.prisma
+++ b/packages/db/prisma/schema/remediation-action.prisma
@@ -1,28 +1,28 @@
 model RemediationAction {
-    id             String   @id @default(dbgenerated("generate_prefixed_cuid('rma'::text)"))
-    checkResultId  String
-    connectionId   String
-    organizationId String
-    initiatedById  String
-    remediationKey String
-    resourceId     String
-    resourceType   String
-    previousState  Json
-    appliedState   Json
-    status         String   @default("pending")
-    riskLevel      String?
-    acknowledgmentText String?
-    acknowledgedAt DateTime?
-    errorMessage   String?
-    executedAt     DateTime?
-    rolledBackAt   DateTime?
-    createdAt      DateTime @default(now())
-    updatedAt      DateTime @updatedAt
+  id                 String    @id @default(dbgenerated("generate_prefixed_cuid('rma'::text)"))
+  checkResultId      String
+  connectionId       String
+  organizationId     String
+  initiatedById      String
+  remediationKey     String
+  resourceId         String
+  resourceType       String
+  previousState      Json
+  appliedState       Json
+  status             String    @default("pending")
+  riskLevel          String?
+  acknowledgmentText String?
+  acknowledgedAt     DateTime?
+  errorMessage       String?
+  executedAt         DateTime?
+  rolledBackAt       DateTime?
+  createdAt          DateTime  @default(now())
+  updatedAt          DateTime  @updatedAt
 
-    checkResult IntegrationCheckResult @relation(fields: [checkResultId], references: [id], onDelete: Cascade)
-    connection  IntegrationConnection  @relation(fields: [connectionId], references: [id], onDelete: Cascade)
+  checkResult IntegrationCheckResult @relation(fields: [checkResultId], references: [id], onDelete: Cascade)
+  connection  IntegrationConnection  @relation(fields: [connectionId], references: [id], onDelete: Cascade)
 
-    @@index([connectionId])
-    @@index([organizationId])
-    @@index([checkResultId])
+  @@index([connectionId])
+  @@index([organizationId])
+  @@index([checkResultId])
 }
diff --git a/packages/db/prisma/schema/remediation-batch.prisma b/packages/db/prisma/schema/remediation-batch.prisma
index 7ae3f446ea..28eccf2d31 100644
--- a/packages/db/prisma/schema/remediation-batch.prisma
+++ b/packages/db/prisma/schema/remediation-batch.prisma
@@ -1,20 +1,20 @@
 model RemediationBatch {
-    id             String   @id @default(dbgenerated("generate_prefixed_cuid('rmb'::text)"))
-    connectionId   String
-    organizationId String
-    initiatedById  String
-    triggerRunId   String?
-    status         String   @default("pending") // pending, running, done, cancelled
-    findings       Json     @default("[]") // Array of { id, key, title, status, error? }
-    fixed          Int      @default(0)
-    skipped        Int      @default(0)
-    failed         Int      @default(0)
-    createdAt      DateTime @default(now())
-    updatedAt      DateTime @updatedAt
+  id             String   @id @default(dbgenerated("generate_prefixed_cuid('rmb'::text)"))
+  connectionId   String
+  organizationId String
+  initiatedById  String
+  triggerRunId   String?
+  status         String   @default("pending") // pending, running, done, cancelled
+  findings       Json     @default("[]") // Array of { id, key, title, status, error? }
+  fixed          Int      @default(0)
+  skipped        Int      @default(0)
+  failed         Int      @default(0)
+  createdAt      DateTime @default(now())
+  updatedAt      DateTime @updatedAt
 
-    connection IntegrationConnection @relation(fields: [connectionId], references: [id], onDelete: Cascade)
+  connection IntegrationConnection @relation(fields: [connectionId], references: [id], onDelete: Cascade)
 
-    @@index([connectionId])
-    @@index([organizationId])
-    @@index([status])
+  @@index([connectionId])
+  @@index([organizationId])
+  @@index([status])
 }
diff --git a/packages/db/prisma/schema/security-penetration-test-run.prisma b/packages/db/prisma/schema/security-penetration-test-run.prisma
index 033a5f31f4..8a2ee79548 100644
--- a/packages/db/prisma/schema/security-penetration-test-run.prisma
+++ b/packages/db/prisma/schema/security-penetration-test-run.prisma
@@ -1,9 +1,9 @@
 model SecurityPenetrationTestRun {
-  id           String   @id @default(dbgenerated("generate_prefixed_cuid('ptr'::text)"))
-  organizationId String @map("organization_id")
-  providerRunId String  @map("provider_run_id")
-  createdAt    DateTime @default(now()) @map("created_at")
-  updatedAt    DateTime @updatedAt @map("updated_at")
+  id             String   @id @default(dbgenerated("generate_prefixed_cuid('ptr'::text)"))
+  organizationId String   @map("organization_id")
+  providerRunId  String   @map("provider_run_id")
+  createdAt      DateTime @default(now()) @map("created_at")
+  updatedAt      DateTime @updatedAt @map("updated_at")
 
   organization Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
 
diff --git a/packages/db/prisma/schema/soa.prisma b/packages/db/prisma/schema/soa.prisma
index d3f28d386f..d8b1de1554 100644
--- a/packages/db/prisma/schema/soa.prisma
+++ b/packages/db/prisma/schema/soa.prisma
@@ -60,9 +60,9 @@ model SOADocument {
   answeredQuestions Int @default(0) // Number of questions with answers
 
   // Approval tracking
-  preparedBy String  @default("Comp AI") // Always "Comp AI"
+  preparedBy String    @default("Comp AI") // Always "Comp AI"
   approverId String? // Member ID who will approve this document (set when submitted for approval)
-  approver   Member? @relation("SOADocumentApprover", fields: [approverId], references: [id], onDelete: SetNull, onUpdate: Cascade)
+  approver   Member?   @relation("SOADocumentApprover", fields: [approverId], references: [id], onDelete: SetNull, onUpdate: Cascade)
   approvedAt DateTime? // When document was approved
 
   // Dates
diff --git a/packages/db/prisma/schema/task-item.prisma b/packages/db/prisma/schema/task-item.prisma
index f0da7a8331..8141176e82 100644
--- a/packages/db/prisma/schema/task-item.prisma
+++ b/packages/db/prisma/schema/task-item.prisma
@@ -1,32 +1,32 @@
 model TaskItem {
-  id          String            @id @default(dbgenerated("generate_prefixed_cuid('tski'::text)"))
+  id          String           @id @default(dbgenerated("generate_prefixed_cuid('tski'::text)"))
   title       String
   description String?
-  status      TaskItemStatus    @default(todo)
-  priority    TaskItemPriority  @default(medium)
-  
+  status      TaskItemStatus   @default(todo)
+  priority    TaskItemPriority @default(medium)
+
   // Polymorphic relation (like Comment and Attachment)
   entityId   String
   entityType TaskItemEntityType
-  
+
   // Assignment (nullable)
-  assigneeId  String?
-  assignee   Member?           @relation("TaskItemAssignee", fields: [assigneeId], references: [id], onDelete: SetNull)
-  
+  assigneeId String?
+  assignee   Member? @relation("TaskItemAssignee", fields: [assigneeId], references: [id], onDelete: SetNull)
+
   // Creator & Updater
   createdById String
-  createdBy   Member           @relation("TaskItemCreator", fields: [createdById], references: [id])
+  createdBy   Member  @relation("TaskItemCreator", fields: [createdById], references: [id])
   updatedById String?
-  updatedBy   Member?          @relation("TaskItemUpdater", fields: [updatedById], references: [id])
-  
+  updatedBy   Member? @relation("TaskItemUpdater", fields: [updatedById], references: [id])
+
   // Relationships
   organizationId String
   organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
-  
+
   // Dates
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
-  
+
   @@index([entityId, entityType])
   @@index([organizationId])
   @@index([assigneeId])
@@ -52,4 +52,4 @@ enum TaskItemPriority {
 enum TaskItemEntityType {
   vendor
   risk
-}
\ No newline at end of file
+}
diff --git a/packages/db/prisma/schema/task.prisma b/packages/db/prisma/schema/task.prisma
index 1872ea549e..020fc904fd 100644
--- a/packages/db/prisma/schema/task.prisma
+++ b/packages/db/prisma/schema/task.prisma
@@ -1,13 +1,15 @@
 model Task {
   // Metadata
-  id          String         @id @default(dbgenerated("generate_prefixed_cuid('tsk'::text)"))
-  title       String
-  description String
-  status           TaskStatus           @default(todo)
-  automationStatus TaskAutomationStatus @default(AUTOMATED)
-  frequency        TaskFrequency?
-  department  Departments?   @default(none)
-  order       Int            @default(0)
+  id                           String               @id @default(dbgenerated("generate_prefixed_cuid('tsk'::text)"))
+  title                        String
+  description                  String
+  status                       TaskStatus           @default(todo)
+  automationStatus             TaskAutomationStatus @default(AUTOMATED)
+  frequency                    TaskFrequency?
+  integrationScheduleFrequency TaskFrequency        @default(daily)
+  integrationLastRunAt         DateTime?
+  department                   Departments?         @default(none)
+  order                        Int                  @default(0)
 
   // Dates
   createdAt       DateTime  @default(now())
@@ -29,8 +31,8 @@ model Task {
   browserAutomations  BrowserAutomation[]
 
   evidenceAutomationRuns EvidenceAutomationRun[]
-  integrationCheckRuns  IntegrationCheckRun[]
-  findings              Finding[]
+  integrationCheckRuns   IntegrationCheckRun[]
+  findings               Finding[]
 
   // Evidence approval
   approverId     String?
diff --git a/packages/db/prisma/schema/timeline.prisma b/packages/db/prisma/schema/timeline.prisma
index 7f3d63ee30..44f546bbab 100644
--- a/packages/db/prisma/schema/timeline.prisma
+++ b/packages/db/prisma/schema/timeline.prisma
@@ -45,75 +45,75 @@ model TimelineTemplate {
 }
 
 model TimelinePhaseTemplate {
-  id                   String              @id @default(dbgenerated("generate_prefixed_cuid('tpt'::text)"))
-  templateId           String
-  name                 String
-  description          String?
-  groupLabel           String?
-  orderIndex           Int
-  defaultDurationWeeks Int
-  completionType       PhaseCompletionType @default(MANUAL)
-  locksTimelineOnComplete Boolean          @default(false)
-  createdAt            DateTime            @default(now())
-  updatedAt            DateTime            @updatedAt
+  id                      String              @id @default(dbgenerated("generate_prefixed_cuid('tpt'::text)"))
+  templateId              String
+  name                    String
+  description             String?
+  groupLabel              String?
+  orderIndex              Int
+  defaultDurationWeeks    Int
+  completionType          PhaseCompletionType @default(MANUAL)
+  locksTimelineOnComplete Boolean             @default(false)
+  createdAt               DateTime            @default(now())
+  updatedAt               DateTime            @updatedAt
 
   template TimelineTemplate @relation(fields: [templateId], references: [id], onDelete: Cascade)
   phases   TimelinePhase[]
 }
 
 model TimelineInstance {
-  id                 String         @id @default(dbgenerated("generate_prefixed_cuid('tli'::text)"))
-  organizationId     String
+  id                  String         @id @default(dbgenerated("generate_prefixed_cuid('tli'::text)"))
+  organizationId      String
   frameworkInstanceId String
-  templateId         String
-  trackKey           String         @default("primary")
-  cycleNumber        Int
-  status             TimelineStatus @default(DRAFT)
-  startDate          DateTime?
-  pausedAt           DateTime?
-  lockedAt           DateTime?
-  lockedById         String?
-  unlockedAt         DateTime?
-  unlockedById       String?
-  unlockReason       String?
-  completedAt        DateTime?
-  createdAt          DateTime       @default(now())
-  updatedAt          DateTime       @updatedAt
+  templateId          String
+  trackKey            String         @default("primary")
+  cycleNumber         Int
+  status              TimelineStatus @default(DRAFT)
+  startDate           DateTime?
+  pausedAt            DateTime?
+  lockedAt            DateTime?
+  lockedById          String?
+  unlockedAt          DateTime?
+  unlockedById        String?
+  unlockReason        String?
+  completedAt         DateTime?
+  createdAt           DateTime       @default(now())
+  updatedAt           DateTime       @updatedAt
 
-  organization     Organization     @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  organization      Organization      @relation(fields: [organizationId], references: [id], onDelete: Cascade)
   frameworkInstance FrameworkInstance @relation(fields: [frameworkInstanceId], references: [id], onDelete: Cascade)
-  template         TimelineTemplate @relation(fields: [templateId], references: [id])
-  lockedBy         User?            @relation("TimelineInstanceLockedBy", fields: [lockedById], references: [id])
-  unlockedBy       User?            @relation("TimelineInstanceUnlockedBy", fields: [unlockedById], references: [id])
-  phases           TimelinePhase[]
+  template          TimelineTemplate  @relation(fields: [templateId], references: [id])
+  lockedBy          User?             @relation("TimelineInstanceLockedBy", fields: [lockedById], references: [id])
+  unlockedBy        User?             @relation("TimelineInstanceUnlockedBy", fields: [unlockedById], references: [id])
+  phases            TimelinePhase[]
 
   @@unique([frameworkInstanceId, trackKey, cycleNumber])
 }
 
 model TimelinePhase {
-  id               String              @id @default(dbgenerated("generate_prefixed_cuid('tlp'::text)"))
-  instanceId       String
-  phaseTemplateId  String?
-  name             String
-  description      String?
-  groupLabel       String?
-  orderIndex       Int
-  status           TimelinePhaseStatus @default(PENDING)
-  startDate        DateTime?
-  endDate          DateTime?
-  durationWeeks    Int
-  completionType   PhaseCompletionType @default(MANUAL)
-  locksTimelineOnComplete Boolean       @default(false)
-  regressedAt       DateTime?
-  datesPinned      Boolean             @default(false)
-  completedAt      DateTime?
-  completedById    String?
-  readyForReview   Boolean             @default(false)
-  readyForReviewAt DateTime?
-  documentUrl      String?
-  documentName     String?
-  createdAt        DateTime            @default(now())
-  updatedAt        DateTime            @updatedAt
+  id                      String              @id @default(dbgenerated("generate_prefixed_cuid('tlp'::text)"))
+  instanceId              String
+  phaseTemplateId         String?
+  name                    String
+  description             String?
+  groupLabel              String?
+  orderIndex              Int
+  status                  TimelinePhaseStatus @default(PENDING)
+  startDate               DateTime?
+  endDate                 DateTime?
+  durationWeeks           Int
+  completionType          PhaseCompletionType @default(MANUAL)
+  locksTimelineOnComplete Boolean             @default(false)
+  regressedAt             DateTime?
+  datesPinned             Boolean             @default(false)
+  completedAt             DateTime?
+  completedById           String?
+  readyForReview          Boolean             @default(false)
+  readyForReviewAt        DateTime?
+  documentUrl             String?
+  documentName            String?
+  createdAt               DateTime            @default(now())
+  updatedAt               DateTime            @updatedAt
 
   instance      TimelineInstance       @relation(fields: [instanceId], references: [id], onDelete: Cascade)
   phaseTemplate TimelinePhaseTemplate? @relation(fields: [phaseTemplateId], references: [id])

From 250aa8040a457265e9808a579a9dc69a1900a68d Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 12:50:33 -0400
Subject: [PATCH 05/24] refactor(api): remove stale schedule field from
 browserbase DTOs and update service

The BrowserAutomation.schedule column was dropped in the previous commit.
TypeScript did not catch the dangling DTO entries or updateBrowserAutomation
param because object spread does not trigger excess-property checks, but
Prisma would throw "Unknown argument" at runtime if a caller supplied the
field.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 apps/api/src/browserbase/browserbase.service.ts |  1 -
 apps/api/src/browserbase/dto/browserbase.dto.ts | 13 -------------
 2 files changed, 14 deletions(-)

diff --git a/apps/api/src/browserbase/browserbase.service.ts b/apps/api/src/browserbase/browserbase.service.ts
index 2cffab3473..a6568a92cb 100644
--- a/apps/api/src/browserbase/browserbase.service.ts
+++ b/apps/api/src/browserbase/browserbase.service.ts
@@ -400,7 +400,6 @@ export class BrowserbaseService {
       targetUrl?: string;
       instruction?: string;
       evaluationCriteria?: string;
-      schedule?: string;
       isEnabled?: boolean;
     },
   ) {
diff --git a/apps/api/src/browserbase/dto/browserbase.dto.ts b/apps/api/src/browserbase/dto/browserbase.dto.ts
index 00b637cf20..103b8b0433 100644
--- a/apps/api/src/browserbase/dto/browserbase.dto.ts
+++ b/apps/api/src/browserbase/dto/browserbase.dto.ts
@@ -89,11 +89,6 @@ export class CreateBrowserAutomationDto {
   @IsString()
   @IsOptional()
   evaluationCriteria?: string;
-
-  @ApiPropertyOptional({ description: 'Cron schedule expression' })
-  @IsString()
-  @IsOptional()
-  schedule?: string;
 }
 
 export class UpdateBrowserAutomationDto {
@@ -127,11 +122,6 @@ export class UpdateBrowserAutomationDto {
   @IsOptional()
   evaluationCriteria?: string;
 
-  @ApiPropertyOptional({ description: 'Cron schedule expression' })
-  @IsString()
-  @IsOptional()
-  schedule?: string;
-
   @ApiPropertyOptional({ description: 'Whether automation is enabled' })
   @IsBoolean()
   @IsOptional()
@@ -186,9 +176,6 @@ export class BrowserAutomationResponseDto {
   @ApiProperty()
   isEnabled: boolean;
 
-  @ApiPropertyOptional()
-  schedule?: string;
-
   @ApiProperty()
   createdAt: Date;
 

From fcfad8a4cdd586f893a881b36659e8c810f0fcb5 Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 12:54:36 -0400
Subject: [PATCH 06/24] feat(api): respect integrationScheduleFrequency in
 integration orchestrator

---
 .../run-integration-checks-schedule.spec.ts   | 117 ++++++++++++++++++
 .../run-integration-checks-schedule.ts        |  42 ++++++-
 .../run-task-integration-checks.ts            |   9 ++
 3 files changed, 166 insertions(+), 2 deletions(-)
 create mode 100644 apps/api/src/trigger/integration-platform/run-integration-checks-schedule.spec.ts

diff --git a/apps/api/src/trigger/integration-platform/run-integration-checks-schedule.spec.ts b/apps/api/src/trigger/integration-platform/run-integration-checks-schedule.spec.ts
new file mode 100644
index 0000000000..9343a609c9
--- /dev/null
+++ b/apps/api/src/trigger/integration-platform/run-integration-checks-schedule.spec.ts
@@ -0,0 +1,117 @@
+import { TaskFrequency } from '@trycompai/db';
+import { filterDueTasks } from './run-integration-checks-schedule';
+
+// Mock @db at the module boundary so importing the orchestrator does not try
+// to connect to Postgres. We never call the scheduled `run` function itself
+// (it's wrapped in `schedules.task({...})` and not independently invokable),
+// we only exercise the pure helper it uses.
+jest.mock('@db', () => ({
+  db: {
+    integrationConnection: { findMany: jest.fn() },
+    task: { findMany: jest.fn(), update: jest.fn() },
+  },
+  TaskFrequency: {
+    daily: 'daily',
+    weekly: 'weekly',
+    monthly: 'monthly',
+    quarterly: 'quarterly',
+    yearly: 'yearly',
+  },
+}));
+
+jest.mock('@trycompai/integration-platform', () => ({
+  getManifest: jest.fn(),
+}));
+
+jest.mock('@trigger.dev/sdk', () => ({
+  logger: { info: jest.fn(), warn: jest.fn(), error: jest.fn() },
+  schedules: {
+    task: (config: unknown) => config,
+  },
+}));
+
+jest.mock('./run-task-integration-checks', () => ({
+  runTaskIntegrationChecks: { batchTrigger: jest.fn() },
+}));
+
+const atUtc = (iso: string) => new Date(`${iso}T00:00:00.000Z`);
+
+describe('filterDueTasks (integration orchestrator)', () => {
+  const now = atUtc('2026-04-24');
+
+  it('returns only tasks whose schedule says they are due', () => {
+    const candidateTasks = [
+      // Daily → always due
+      {
+        id: 'tsk_daily',
+        title: 'Daily check',
+        taskTemplateId: 'tpl_a',
+        integrationScheduleFrequency: TaskFrequency.daily,
+        integrationLastRunAt: atUtc('2026-04-23'),
+      },
+      // Weekly, ran 2 days ago → NOT due
+      {
+        id: 'tsk_weekly_recent',
+        title: 'Recent weekly',
+        taskTemplateId: 'tpl_b',
+        integrationScheduleFrequency: TaskFrequency.weekly,
+        integrationLastRunAt: atUtc('2026-04-22'),
+      },
+      // Weekly, ran 10 days ago → due
+      {
+        id: 'tsk_weekly_stale',
+        title: 'Stale weekly',
+        taskTemplateId: 'tpl_c',
+        integrationScheduleFrequency: TaskFrequency.weekly,
+        integrationLastRunAt: atUtc('2026-04-14'),
+      },
+    ];
+
+    const dueTasks = filterDueTasks({ tasks: candidateTasks, now });
+
+    expect(dueTasks.map((t) => t.id)).toEqual([
+      'tsk_daily',
+      'tsk_weekly_stale',
+    ]);
+  });
+
+  it('treats a null integrationLastRunAt as due (first run)', () => {
+    const candidateTasks = [
+      {
+        id: 'tsk_never_run',
+        title: 'Never run',
+        taskTemplateId: 'tpl_a',
+        integrationScheduleFrequency: TaskFrequency.yearly,
+        integrationLastRunAt: null as Date | null,
+      },
+    ];
+
+    const dueTasks = filterDueTasks({ tasks: candidateTasks, now });
+
+    expect(dueTasks).toHaveLength(1);
+    expect(dueTasks[0]?.id).toBe('tsk_never_run');
+  });
+
+  it('returns an empty array when nothing is due', () => {
+    const candidateTasks = [
+      {
+        id: 'tsk_monthly_recent',
+        title: 'Recent monthly',
+        taskTemplateId: 'tpl_a',
+        integrationScheduleFrequency: TaskFrequency.monthly,
+        integrationLastRunAt: atUtc('2026-04-10'),
+      },
+      {
+        id: 'tsk_quarterly_recent',
+        title: 'Recent quarterly',
+        taskTemplateId: 'tpl_b',
+        integrationScheduleFrequency: TaskFrequency.quarterly,
+        integrationLastRunAt: atUtc('2026-03-01'),
+      },
+    ];
+
+    const dueTasks = filterDueTasks({ tasks: candidateTasks, now });
+
+    expect(dueTasks).toEqual([]);
+  });
+});
diff --git a/apps/api/src/trigger/integration-platform/run-integration-checks-schedule.ts b/apps/api/src/trigger/integration-platform/run-integration-checks-schedule.ts
index 0a80d22fa6..600e03ef94 100644
--- a/apps/api/src/trigger/integration-platform/run-integration-checks-schedule.ts
+++ b/apps/api/src/trigger/integration-platform/run-integration-checks-schedule.ts
@@ -1,8 +1,31 @@
 import { getManifest } from '@trycompai/integration-platform';
-import { db } from '@db';
+import { db, TaskFrequency } from '@db';
 import { logger, schedules } from '@trigger.dev/sdk';
 import { runTaskIntegrationChecks } from './run-task-integration-checks';
 import { parseDisabledTaskChecks } from '../../integration-platform/utils/disabled-task-checks';
+import { isDueToday } from '../shared/is-due-today';
+
+/**
+ * Pure helper extracted for unit testing. Filters a list of candidate tasks
+ * down to those whose schedule says they are due at `now`.
+ *
+ * Kept in-memory (Shape A from the plan) because the single source of truth
+ * for schedule math is `isDueToday`; duplicating it in SQL would create drift.
+ */
+export function filterDueTasks<
+  T extends {
+    integrationScheduleFrequency: TaskFrequency;
+    integrationLastRunAt: Date | null;
+  },
+>({ tasks, now }: { tasks: T[]; now: Date }): T[] {
+  return tasks.filter((t) =>
+    isDueToday({
+      scheduleFrequency: t.integrationScheduleFrequency,
+      lastRunAt: t.integrationLastRunAt,
+      now,
+    }),
+  );
+}
 
 /**
  * Daily scheduled task (orchestrator) that finds all tasks with integration checks
@@ -18,6 +41,8 @@ export const integrationChecksSchedule = schedules.task({
       lastRun: payload.lastTimestamp,
     });
 
+    const now = new Date();
+
     // Get all active integration connections
     const activeConnections = await db.integrationConnection.findMany({
       where: { status: 'active' },
@@ -63,7 +88,7 @@ export const integrationChecksSchedule = schedules.task({
       }
 
       // Find tasks in this org that match these templates
-      const tasks = await db.task.findMany({
+      const candidateTasks = await db.task.findMany({
         where: {
           organizationId: connection.organizationId,
           taskTemplateId: { in: taskTemplateIds as string[] },
@@ -72,9 +97,22 @@ export const integrationChecksSchedule = schedules.task({
           id: true,
           title: true,
           taskTemplateId: true,
+          integrationScheduleFrequency: true,
+          integrationLastRunAt: true,
         },
       });
 
+      // Filter by the task's integration schedule. `lastRunAt` is only written
+      // on success inside `runTaskIntegrationChecks`, so failures naturally
+      // retry on the next orchestrator tick (the "crude retry" behavior).
+      const tasks = filterDueTasks({ tasks: candidateTasks, now });
+
+      if (tasks.length < candidateTasks.length) {
+        logger.info(
+          `Skipped ${candidateTasks.length - tasks.length} task(s) not due yet for connection ${connection.id}`,
+        );
+      }
+
       // Per-task disabled checks are stored on the connection's metadata so
       // users can disconnect individual checks from individual tasks without
       // tearing down the whole integration. Resolve once per connection.
diff --git a/apps/api/src/trigger/integration-platform/run-task-integration-checks.ts b/apps/api/src/trigger/integration-platform/run-task-integration-checks.ts
index 57aef35305..462a3e4afe 100644
--- a/apps/api/src/trigger/integration-platform/run-task-integration-checks.ts
+++ b/apps/api/src/trigger/integration-platform/run-task-integration-checks.ts
@@ -415,6 +415,15 @@ export const runTaskIntegrationChecks = task({
         data: { lastSyncAt: new Date() },
       });
 
+      // Record successful run on the task so the orchestrator's schedule
+      // filter (`isDueToday`) can skip it on the next tick. Only written on
+      // success — failures leave this untouched so the next orchestrator tick
+      // retries the task.
+      await db.task.update({
+        where: { id: taskId },
+        data: { integrationLastRunAt: new Date() },
+      });
+
       // Update task status based on check results
       // If any findings or check failures, mark as failed
       // If all checks pass with no findings, mark as done (only if not already done)

From b7068d2c67875488e5c749761fcee2600ec0c7d0 Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 12:56:57 -0400
Subject: [PATCH 07/24] fix(api): retry integration task on transient execution
 error

Previously, integrationLastRunAt was written whenever the check loop
completed, even if one or more checks returned status='error' (meaning
the check could not execute). On weekly+ schedules this would push the
retry out a full period. Distinguish 'error' (infra issue, retry) from
'failed' (legitimate finding, ran successfully).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../run-task-integration-checks.ts            | 24 ++++++++++++-------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/apps/api/src/trigger/integration-platform/run-task-integration-checks.ts b/apps/api/src/trigger/integration-platform/run-task-integration-checks.ts
index 462a3e4afe..e2c4b404a5 100644
--- a/apps/api/src/trigger/integration-platform/run-task-integration-checks.ts
+++ b/apps/api/src/trigger/integration-platform/run-task-integration-checks.ts
@@ -319,6 +319,7 @@ export const runTaskIntegrationChecks = task({
     let totalFindings = 0;
     let totalPassing = 0;
     let hasFailedChecks = false;
+    let hasExecutionErrors = false;
 
     // Run only the checks that apply to this task
     try {
@@ -347,6 +348,9 @@ export const runTaskIntegrationChecks = task({
         if (checkResult.status === 'failed' || checkResult.status === 'error') {
           hasFailedChecks = true;
         }
+        if (checkResult.status === 'error') {
+          hasExecutionErrors = true;
+        }
 
         // Store check run
         const checkRun = await db.integrationCheckRun.create({
@@ -415,14 +419,18 @@ export const runTaskIntegrationChecks = task({
         data: { lastSyncAt: new Date() },
       });
 
-      // Record successful run on the task so the orchestrator's schedule
-      // filter (`isDueToday`) can skip it on the next tick. Only written on
-      // success — failures leave this untouched so the next orchestrator tick
-      // retries the task.
-      await db.task.update({
-        where: { id: taskId },
-        data: { integrationLastRunAt: new Date() },
-      });
+      // Record a successful run on the task so the orchestrator's schedule
+      // filter (`isDueToday`) can skip it on the next tick. "Successful" here
+      // means every check executed — including checks that legitimately found
+      // violations (`status: 'failed'`). We skip the write only when a check
+      // couldn't execute (`status: 'error'`, e.g. transient provider error),
+      // so the next orchestrator tick retries instead of waiting a full period.
+      if (!hasExecutionErrors) {
+        await db.task.update({
+          where: { id: taskId },
+          data: { integrationLastRunAt: new Date() },
+        });
+      }
 
       // Update task status based on check results
       // If any findings or check failures, mark as failed

From f161627df9e0c864150d446a6fb4984500ee04ee Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 13:04:06 -0400
Subject: [PATCH 08/24] feat(api): respect scheduleFrequency in browser
 automation orchestrator

---
 .../run-browser-automation.ts                 |  18 +++
 .../run-browser-automations-schedule.spec.ts  | 118 ++++++++++++++++++
 .../run-browser-automations-schedule.ts       |  61 ++++++++-
 3 files changed, 192 insertions(+), 5 deletions(-)
 create mode 100644 apps/api/src/trigger/browser-automation/run-browser-automations-schedule.spec.ts

diff --git a/apps/api/src/trigger/browser-automation/run-browser-automation.ts b/apps/api/src/trigger/browser-automation/run-browser-automation.ts
index 5b9bb5a8c6..26b54945a2 100644
--- a/apps/api/src/trigger/browser-automation/run-browser-automation.ts
+++ b/apps/api/src/trigger/browser-automation/run-browser-automation.ts
@@ -292,6 +292,7 @@ export const runBrowserAutomation = task({
         runId: result.runId,
         error: result.error,
         needsReauth: result.needsReauth,
+        evaluationStatus: result.evaluationStatus,
       });
 
       // Mark task as failed if auth issue
@@ -325,6 +326,23 @@ export const runBrowserAutomation = task({
       }
     }
 
+    // Record a successful run on the automation so the orchestrator's
+    // schedule filter (`isDueToday`) can skip it on the next tick. "Executed"
+    // here means the automation actually ran — including runs whose evaluation
+    // legitimately returned `fail`. We skip the write when the automation
+    // genuinely couldn't execute (e.g. `needsReauth` / missing browser context
+    // / other transient infra errors) so the next orchestrator tick retries
+    // instead of waiting a full schedule period.
+    const executed =
+      result.success === true || result.evaluationStatus === 'fail';
+
+    if (executed) {
+      await db.browserAutomation.update({
+        where: { id: automationId },
+        data: { lastRunAt: new Date() },
+      });
+    }
+
     return {
       success: result.success,
       runId: result.runId,
diff --git a/apps/api/src/trigger/browser-automation/run-browser-automations-schedule.spec.ts b/apps/api/src/trigger/browser-automation/run-browser-automations-schedule.spec.ts
new file mode 100644
index 0000000000..2ae7fb5a7d
--- /dev/null
+++ b/apps/api/src/trigger/browser-automation/run-browser-automations-schedule.spec.ts
@@ -0,0 +1,118 @@
+import { TaskFrequency } from '@trycompai/db';
+import { filterDueAutomations } from './run-browser-automations-schedule';
+
+// Mock @db at the module boundary so importing the orchestrator does not try
+// to connect to Postgres. We never call the scheduled `run` function itself
+// (it's wrapped in `schedules.task({...})` and not independently invokable),
+// we only exercise the pure helper it uses.
+jest.mock('@db', () => ({
+  db: {
+    browserAutomation: { findMany: jest.fn(), update: jest.fn() },
+  },
+  TaskFrequency: {
+    daily: 'daily',
+    weekly: 'weekly',
+    monthly: 'monthly',
+    quarterly: 'quarterly',
+    yearly: 'yearly',
+  },
+}));
+
+jest.mock('@trigger.dev/sdk', () => ({
+  logger: { info: jest.fn(), warn: jest.fn(), error: jest.fn() },
+  schedules: {
+    task: (config: unknown) => config,
+  },
+}));
+
+jest.mock('./run-browser-automation', () => ({
+  runBrowserAutomation: { batchTrigger: jest.fn() },
+}));
+
+const atUtc = (iso: string) => new Date(`${iso}T00:00:00.000Z`);
+
+describe('filterDueAutomations (browser automation orchestrator)', () => {
+  const now = atUtc('2026-04-24');
+
+  it('returns only automations whose schedule says they are due', () => {
+    const candidateAutomations = [
+      // Daily → always due
+      {
+        id: 'ba_daily',
+        name: 'Daily login check',
+        taskId: 'tsk_a',
+        scheduleFrequency: TaskFrequency.daily,
+        lastRunAt: atUtc('2026-04-23'),
+      },
+      // Weekly, ran 3 days ago → NOT due
+      {
+        id: 'ba_weekly_recent',
+        name: 'Recent weekly',
+        taskId: 'tsk_b',
+        scheduleFrequency: TaskFrequency.weekly,
+        lastRunAt: atUtc('2026-04-21'),
+      },
+      // Weekly, ran 10 days ago → due
+      {
+        id: 'ba_weekly_stale',
+        name: 'Stale weekly',
+        taskId: 'tsk_c',
+        scheduleFrequency: TaskFrequency.weekly,
+        lastRunAt: atUtc('2026-04-14'),
+      },
+    ];
+
+    const due = filterDueAutomations({
+      automations: candidateAutomations,
+      now,
+    });
+
+    expect(due.map((a) => a.id)).toEqual(['ba_daily', 'ba_weekly_stale']);
+  });
+
+  it('treats a null lastRunAt as due (first run)', () => {
+    const candidateAutomations = [
+      {
+        id: 'ba_never_run',
+        name: 'Never run',
+        taskId: 'tsk_a',
+        scheduleFrequency: TaskFrequency.weekly,
+        lastRunAt: null as Date | null,
+      },
+    ];
+
+    const due = filterDueAutomations({
+      automations: candidateAutomations,
+      now,
+    });
+
+    expect(due).toHaveLength(1);
+    expect(due[0]?.id).toBe('ba_never_run');
+  });
+
+  it('returns an empty array when nothing is due', () => {
+    const candidateAutomations = [
+      {
+        id: 'ba_monthly_recent',
+        name: 'Recent monthly',
+        taskId: 'tsk_a',
+        scheduleFrequency: TaskFrequency.monthly,
+        lastRunAt: atUtc('2026-04-10'),
+      },
+      {
+        id: 'ba_quarterly_recent',
+        name: 'Recent quarterly',
+        taskId: 'tsk_b',
+        scheduleFrequency: TaskFrequency.quarterly,
+        lastRunAt: atUtc('2026-03-01'),
+      },
+    ];
+
+    const due = filterDueAutomations({
+      automations: candidateAutomations,
+      now,
+    });
+
+    expect(due).toEqual([]);
+  });
+});
diff --git a/apps/api/src/trigger/browser-automation/run-browser-automations-schedule.ts b/apps/api/src/trigger/browser-automation/run-browser-automations-schedule.ts
index 429a6260ab..738bb91451 100644
--- a/apps/api/src/trigger/browser-automation/run-browser-automations-schedule.ts
+++ b/apps/api/src/trigger/browser-automation/run-browser-automations-schedule.ts
@@ -1,6 +1,29 @@
-import { db } from '@db';
+import { db, TaskFrequency } from '@db';
 import { logger, schedules } from '@trigger.dev/sdk';
 import { runBrowserAutomation } from './run-browser-automation';
+import { isDueToday } from '../shared/is-due-today';
+
+/**
+ * Pure helper extracted for unit testing. Filters a list of candidate
+ * automations down to those whose schedule says they are due at `now`.
+ *
+ * Kept in-memory (Shape A from the plan) because the single source of truth
+ * for schedule math is `isDueToday`; duplicating it in SQL would create drift.
+ */
+export function filterDueAutomations<
+  T extends {
+    scheduleFrequency: TaskFrequency;
+    lastRunAt: Date | null;
+  },
+>({ automations, now }: { automations: T[]; now: Date }): T[] {
+  return automations.filter((a) =>
+    isDueToday({
+      scheduleFrequency: a.scheduleFrequency,
+      lastRunAt: a.lastRunAt,
+      now,
+    }),
+  );
+}
 
 /**
  * Daily scheduled task (orchestrator) that finds all enabled browser automations
@@ -16,10 +39,17 @@ export const browserAutomationsSchedule = schedules.task({
       lastRun: payload.lastTimestamp,
     });
 
+    const now = new Date();
+
     // Find all enabled browser automations
-    const automations = await db.browserAutomation.findMany({
+    const candidateAutomations = await db.browserAutomation.findMany({
       where: { isEnabled: true },
-      include: {
+      select: {
+        id: true,
+        name: true,
+        taskId: true,
+        scheduleFrequency: true,
+        lastRunAt: true,
         task: {
           select: {
             id: true,
@@ -30,12 +60,33 @@ export const browserAutomationsSchedule = schedules.task({
       },
     });
 
-    if (automations.length === 0) {
+    if (candidateAutomations.length === 0) {
       logger.info('No enabled browser automations found');
       return { success: true, automationsTriggered: 0 };
     }
 
-    logger.info(`Found ${automations.length} enabled browser automations`);
+    logger.info(
+      `Found ${candidateAutomations.length} enabled browser automations`,
+    );
+
+    // Filter by the automation's schedule. `lastRunAt` is only written on
+    // success inside `runBrowserAutomation`, so failures naturally retry on
+    // the next orchestrator tick (the "crude retry" behavior).
+    const automations = filterDueAutomations({
+      automations: candidateAutomations,
+      now,
+    });
+
+    if (automations.length < candidateAutomations.length) {
+      logger.info(
+        `Skipped ${candidateAutomations.length - automations.length} automation(s) not due yet`,
+      );
+    }
+
+    if (automations.length === 0) {
+      logger.info('No browser automations due today');
+      return { success: true, automationsTriggered: 0 };
+    }
 
     // Build payloads for batch triggering
     const triggerPayloads = automations.map((automation) => ({

From 75231f7308bec4b3d80af6c81292f564dcb00b36 Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 13:08:23 -0400
Subject: [PATCH 09/24] docs(api): clarify browser orchestrator retry comment

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../browser-automation/run-browser-automations-schedule.ts | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/apps/api/src/trigger/browser-automation/run-browser-automations-schedule.ts b/apps/api/src/trigger/browser-automation/run-browser-automations-schedule.ts
index 738bb91451..dedd4b5660 100644
--- a/apps/api/src/trigger/browser-automation/run-browser-automations-schedule.ts
+++ b/apps/api/src/trigger/browser-automation/run-browser-automations-schedule.ts
@@ -69,9 +69,10 @@ export const browserAutomationsSchedule = schedules.task({
       `Found ${candidateAutomations.length} enabled browser automations`,
     );
 
-    // Filter by the automation's schedule. `lastRunAt` is only written on
-    // success inside `runBrowserAutomation`, so failures naturally retry on
-    // the next orchestrator tick (the "crude retry" behavior).
+    // Filter by the automation's schedule. `lastRunAt` is only written when
+    // the automation actually executed (including legitimate 'fail' verdicts)
+    // inside `runBrowserAutomation`, so infra-level failures naturally retry
+    // on the next orchestrator tick (the "crude retry" behavior).
     const automations = filterDueAutomations({
       automations: candidateAutomations,
       now,

From e9f1d576cc1a405a659de9818ec63b8001a319bd Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 13:52:31 -0400
Subject: [PATCH 10/24] feat(api): accept scheduleFrequency in automation and
 task PATCH endpoints

---
 .../browserbase/browserbase.service.spec.ts   | 89 ++++++++++++++++++-
 .../src/browserbase/browserbase.service.ts    | 12 ++-
 .../src/browserbase/dto/browserbase.dto.ts    | 18 ++++
 .../tasks/automations/automations.service.ts  |  7 +-
 .../automations/dto/update-automation.dto.ts  | 13 ++-
 apps/api/src/tasks/dto/swagger.dto.ts         | 16 ++++
 apps/api/src/tasks/schemas/task.schemas.ts    |  1 +
 apps/api/src/tasks/tasks.controller.ts        | 11 +++
 apps/api/src/tasks/tasks.service.ts           |  6 ++
 9 files changed, 167 insertions(+), 6 deletions(-)

diff --git a/apps/api/src/browserbase/browserbase.service.spec.ts b/apps/api/src/browserbase/browserbase.service.spec.ts
index 5a06feaf39..7f8cdba32f 100644
--- a/apps/api/src/browserbase/browserbase.service.spec.ts
+++ b/apps/api/src/browserbase/browserbase.service.spec.ts
@@ -8,6 +8,17 @@ jest.mock('@db', () => ({
     browserAutomationRun: {
       findUnique: jest.fn(),
     },
+    browserAutomation: {
+      create: jest.fn(),
+      update: jest.fn(),
+    },
+  },
+  TaskFrequency: {
+    daily: 'daily',
+    weekly: 'weekly',
+    monthly: 'monthly',
+    quarterly: 'quarterly',
+    yearly: 'yearly',
   },
 }));
 
@@ -17,7 +28,7 @@ jest.mock('@/app/s3', () => ({
   BUCKET_NAME: 'test-bucket',
 }));
 
-import { db } from '@db';
+import { db, TaskFrequency } from '@db';
 import { getSignedUrl } from '@/app/s3';
 
 describe('BrowserbaseService.getScreenshotRedirectUrl', () => {
@@ -126,3 +137,79 @@ describe('BrowserbaseService.getScreenshotRedirectUrl', () => {
     );
   });
 });
+
+describe('BrowserbaseService schedule frequency passthrough', () => {
+  let service: BrowserbaseService;
+
+  beforeEach(async () => {
+    jest.clearAllMocks();
+    const moduleRef = await Test.createTestingModule({
+      providers: [BrowserbaseService],
+    }).compile();
+    service = moduleRef.get(BrowserbaseService);
+  });
+
+  it('forwards scheduleFrequency when creating a browser automation', async () => {
+    (db.browserAutomation.create as jest.Mock).mockResolvedValue({
+      id: 'bau_1',
+    });
+
+    await service.createBrowserAutomation({
+      taskId: 'tsk_1',
+      name: 'name',
+      targetUrl: 'https://example.com',
+      instruction: 'click',
+      scheduleFrequency: TaskFrequency.weekly,
+    });
+
+    expect(db.browserAutomation.create).toHaveBeenCalledWith(
+      expect.objectContaining({
+        data: expect.objectContaining({ scheduleFrequency: 'weekly' }),
+      }),
+    );
+  });
+
+  it('omits scheduleFrequency when creating without the field', async () => {
+    (db.browserAutomation.create as jest.Mock).mockResolvedValue({
+      id: 'bau_1',
+    });
+
+    await service.createBrowserAutomation({
+      taskId: 'tsk_1',
+      name: 'name',
+      targetUrl: 'https://example.com',
+      instruction: 'click',
+    });
+
+    const call = (db.browserAutomation.create as jest.Mock).mock.calls[0][0];
+    expect(call.data).not.toHaveProperty('scheduleFrequency');
+  });
+
+  it('forwards scheduleFrequency when updating a browser automation', async () => {
+    (db.browserAutomation.update as jest.Mock).mockResolvedValue({
+      id: 'bau_1',
+    });
+
+    await service.updateBrowserAutomation('bau_1', {
+      scheduleFrequency: TaskFrequency.monthly,
+    });
+
+    expect(db.browserAutomation.update).toHaveBeenCalledWith(
+      expect.objectContaining({
+        where: { id: 'bau_1' },
+        data: expect.objectContaining({ scheduleFrequency: 'monthly' }),
+      }),
+    );
+  });
+
+  it('omits scheduleFrequency when updating without the field', async () => {
+    (db.browserAutomation.update as jest.Mock).mockResolvedValue({
+      id: 'bau_1',
+    });
+
+    await service.updateBrowserAutomation('bau_1', { name: 'renamed' });
+
+    const call = (db.browserAutomation.update as jest.Mock).mock.calls[0][0];
+    expect(call.data).not.toHaveProperty('scheduleFrequency');
+  });
+});
diff --git a/apps/api/src/browserbase/browserbase.service.ts b/apps/api/src/browserbase/browserbase.service.ts
index a6568a92cb..fca5edc8f2 100644
--- a/apps/api/src/browserbase/browserbase.service.ts
+++ b/apps/api/src/browserbase/browserbase.service.ts
@@ -3,7 +3,7 @@ import Browserbase from '@browserbasehq/sdk';
 // Lazy-imported in createStagehand() to avoid Node v25 crash
 // (SlowBuffer.prototype was removed — @browserbasehq/stagehand bundles buffer-equal-constant-time which uses it)
 type Stagehand = import('@browserbasehq/stagehand').Stagehand;
-import { db } from '@db';
+import { db, TaskFrequency } from '@db';
 import { z } from 'zod';
 import { GetObjectCommand, PutObjectCommand, S3Client } from '@aws-sdk/client-s3';
 import { BUCKET_NAME, getSignedUrl, s3Client } from '@/app/s3';
@@ -353,6 +353,7 @@ export class BrowserbaseService {
     targetUrl: string;
     instruction: string;
     evaluationCriteria?: string;
+    scheduleFrequency?: TaskFrequency;
   }) {
     return db.browserAutomation.create({
       data: {
@@ -363,6 +364,9 @@ export class BrowserbaseService {
         instruction: data.instruction,
         evaluationCriteria: normalizeCriteria(data.evaluationCriteria),
         isEnabled: true, // Enable by default so scheduled runs work
+        ...(data.scheduleFrequency !== undefined
+          ? { scheduleFrequency: data.scheduleFrequency }
+          : {}),
       },
     });
   }
@@ -401,9 +405,10 @@ export class BrowserbaseService {
       instruction?: string;
       evaluationCriteria?: string;
       isEnabled?: boolean;
+      scheduleFrequency?: TaskFrequency;
     },
   ) {
-    const { evaluationCriteria, ...rest } = data;
+    const { evaluationCriteria, scheduleFrequency, ...rest } = data;
     return db.browserAutomation.update({
       where: { id: automationId },
       data: {
@@ -411,6 +416,9 @@ export class BrowserbaseService {
         ...(evaluationCriteria !== undefined
           ? { evaluationCriteria: normalizeCriteria(evaluationCriteria) }
           : {}),
+        ...(scheduleFrequency !== undefined
+          ? { scheduleFrequency }
+          : {}),
       },
     });
   }
diff --git a/apps/api/src/browserbase/dto/browserbase.dto.ts b/apps/api/src/browserbase/dto/browserbase.dto.ts
index 103b8b0433..2a7334a782 100644
--- a/apps/api/src/browserbase/dto/browserbase.dto.ts
+++ b/apps/api/src/browserbase/dto/browserbase.dto.ts
@@ -1,11 +1,13 @@
 import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
 import {
+  IsEnum,
   IsNotEmpty,
   IsOptional,
   IsString,
   IsBoolean,
   IsUrl,
 } from 'class-validator';
+import { TaskFrequency } from '@db';
 import { IsSafeUrl } from '../validators/url-safety.validator';
 
 // ===== Session DTOs =====
@@ -89,6 +91,14 @@ export class CreateBrowserAutomationDto {
   @IsString()
   @IsOptional()
   evaluationCriteria?: string;
+
+  @ApiPropertyOptional({
+    enum: TaskFrequency,
+    description: 'Automation schedule cadence',
+  })
+  @IsEnum(TaskFrequency)
+  @IsOptional()
+  scheduleFrequency?: TaskFrequency;
 }
 
 export class UpdateBrowserAutomationDto {
@@ -126,6 +136,14 @@ export class UpdateBrowserAutomationDto {
   @IsBoolean()
   @IsOptional()
   isEnabled?: boolean;
+
+  @ApiPropertyOptional({
+    enum: TaskFrequency,
+    description: 'Automation schedule cadence',
+  })
+  @IsEnum(TaskFrequency)
+  @IsOptional()
+  scheduleFrequency?: TaskFrequency;
 }
 
 // ===== Response DTOs =====
diff --git a/apps/api/src/tasks/automations/automations.service.ts b/apps/api/src/tasks/automations/automations.service.ts
index 3afedd380f..86a6fd8ee9 100644
--- a/apps/api/src/tasks/automations/automations.service.ts
+++ b/apps/api/src/tasks/automations/automations.service.ts
@@ -87,12 +87,17 @@ export class AutomationsService {
       throw new NotFoundException('Automation not found');
     }
 
+    const { scheduleFrequency, ...rest } = updateAutomationDto;
+
     // Update the automation
     const automation = await db.evidenceAutomation.update({
       where: {
         id: automationId,
       },
-      data: updateAutomationDto,
+      data: {
+        ...rest,
+        ...(scheduleFrequency !== undefined ? { scheduleFrequency } : {}),
+      },
     });
 
     return {
diff --git a/apps/api/src/tasks/automations/dto/update-automation.dto.ts b/apps/api/src/tasks/automations/dto/update-automation.dto.ts
index 6c5e87ef47..96ce844067 100644
--- a/apps/api/src/tasks/automations/dto/update-automation.dto.ts
+++ b/apps/api/src/tasks/automations/dto/update-automation.dto.ts
@@ -1,5 +1,6 @@
-import { ApiProperty } from '@nestjs/swagger';
-import { IsString, IsOptional, IsBoolean } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+import { IsString, IsOptional, IsBoolean, IsEnum } from 'class-validator';
+import { TaskFrequency } from '@db';
 
 export class UpdateAutomationDto {
   @ApiProperty({
@@ -35,4 +36,12 @@ export class UpdateAutomationDto {
   @IsString()
   @IsOptional()
   evaluationCriteria?: string;
+
+  @ApiPropertyOptional({
+    enum: TaskFrequency,
+    description: 'Automation schedule cadence',
+  })
+  @IsEnum(TaskFrequency)
+  @IsOptional()
+  scheduleFrequency?: TaskFrequency;
 }
diff --git a/apps/api/src/tasks/dto/swagger.dto.ts b/apps/api/src/tasks/dto/swagger.dto.ts
index 19c73df0a5..d2a986ab11 100644
--- a/apps/api/src/tasks/dto/swagger.dto.ts
+++ b/apps/api/src/tasks/dto/swagger.dto.ts
@@ -29,6 +29,14 @@ export class CreateTaskDto {
   })
   frequency?: string;
 
+  @ApiProperty({
+    description:
+      'Cadence for running the integration check attached to this task',
+    enum: ['daily', 'weekly', 'monthly', 'quarterly', 'yearly'],
+    required: false,
+  })
+  integrationScheduleFrequency?: string;
+
   @ApiProperty({
     description: 'Department assignment',
     enum: ['none', 'admin', 'gov', 'hr', 'it', 'itsm', 'qms'],
@@ -80,6 +88,14 @@ export class UpdateTaskDto {
   })
   frequency?: string;
 
+  @ApiProperty({
+    description:
+      'Cadence for running the integration check attached to this task',
+    enum: ['daily', 'weekly', 'monthly', 'quarterly', 'yearly'],
+    required: false,
+  })
+  integrationScheduleFrequency?: string;
+
   @ApiProperty({
     description: 'Department assignment',
     enum: ['none', 'admin', 'gov', 'hr', 'it', 'itsm', 'qms'],
diff --git a/apps/api/src/tasks/schemas/task.schemas.ts b/apps/api/src/tasks/schemas/task.schemas.ts
index 5380d90987..907a29ef45 100644
--- a/apps/api/src/tasks/schemas/task.schemas.ts
+++ b/apps/api/src/tasks/schemas/task.schemas.ts
@@ -30,6 +30,7 @@ export const CreateTaskSchema = z.object({
   description: z.string().min(1, 'Description is required'),
   status: TaskStatusSchema.optional().default('todo'),
   frequency: TaskFrequencySchema.optional(),
+  integrationScheduleFrequency: TaskFrequencySchema.optional(),
   department: DepartmentsSchema.optional().default('none'),
   order: z.number().int().min(0).optional().default(0),
   assigneeId: z.string().optional(),
diff --git a/apps/api/src/tasks/tasks.controller.ts b/apps/api/src/tasks/tasks.controller.ts
index 47984b0a99..61a4ae8e3b 100644
--- a/apps/api/src/tasks/tasks.controller.ts
+++ b/apps/api/src/tasks/tasks.controller.ts
@@ -712,6 +712,13 @@ export class TasksController {
           enum: ['daily', 'weekly', 'monthly', 'quarterly', 'yearly'],
           example: 'monthly',
         },
+        integrationScheduleFrequency: {
+          type: 'string',
+          enum: ['daily', 'weekly', 'monthly', 'quarterly', 'yearly'],
+          example: 'daily',
+          description:
+            'Cadence for running the integration check attached to this task',
+        },
         department: {
           type: 'string',
           enum: ['none', 'admin', 'gov', 'hr', 'it', 'itsm', 'qms'],
@@ -754,6 +761,7 @@ export class TasksController {
       assigneeId?: string | null;
       approverId?: string | null;
       frequency?: string;
+      integrationScheduleFrequency?: string;
       department?: string;
       reviewDate?: string;
     },
@@ -789,6 +797,9 @@ export class TasksController {
         assigneeId: body.assigneeId,
         approverId: body.approverId,
         frequency: body.frequency as TaskFrequency | undefined,
+        integrationScheduleFrequency: body.integrationScheduleFrequency as
+          | TaskFrequency
+          | undefined,
         department: body.department,
         reviewDate: parsedReviewDate,
       },
diff --git a/apps/api/src/tasks/tasks.service.ts b/apps/api/src/tasks/tasks.service.ts
index cc4fda1350..2d574146c4 100644
--- a/apps/api/src/tasks/tasks.service.ts
+++ b/apps/api/src/tasks/tasks.service.ts
@@ -558,6 +558,7 @@ export class TasksService {
       assigneeId?: string | null;
       approverId?: string | null;
       frequency?: TaskFrequency;
+      integrationScheduleFrequency?: TaskFrequency;
       department?: string;
       reviewDate?: Date | null;
     },
@@ -592,6 +593,7 @@ export class TasksService {
         assigneeId?: string | null;
         approverId?: string | null;
         frequency?: TaskFrequency;
+        integrationScheduleFrequency?: TaskFrequency;
         department?: string;
         reviewDate?: Date | null;
       } = {};
@@ -651,6 +653,10 @@ export class TasksService {
           updateData.frequency,
         );
       }
+      if (updateData.integrationScheduleFrequency !== undefined) {
+        dataToUpdate.integrationScheduleFrequency =
+          updateData.integrationScheduleFrequency;
+      }
       if (updateData.department !== undefined) {
         dataToUpdate.department = updateData.department;
       }

From 535565388504cc3a54c705633d158b1c0dc5dbbf Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 13:58:10 -0400
Subject: [PATCH 11/24] feat(app): add SchedulePicker component

---
 .../src/components/schedule-picker.test.tsx   | 81 +++++++++++++++++++
 apps/app/src/components/schedule-picker.tsx   | 51 ++++++++++++
 2 files changed, 132 insertions(+)
 create mode 100644 apps/app/src/components/schedule-picker.test.tsx
 create mode 100644 apps/app/src/components/schedule-picker.tsx

diff --git a/apps/app/src/components/schedule-picker.test.tsx b/apps/app/src/components/schedule-picker.test.tsx
new file mode 100644
index 0000000000..6914e28ec5
--- /dev/null
+++ b/apps/app/src/components/schedule-picker.test.tsx
@@ -0,0 +1,81 @@
+import { fireEvent, render, screen } from '@testing-library/react';
+import { createContext, useContext, type ReactNode } from 'react';
+import { describe, expect, it, vi } from 'vitest';
+
+interface SelectContextValue {
+  value: string;
+  onValueChange: (next: string) => void;
+  disabled?: boolean;
+}
+
+const MockSelectContext = createContext<SelectContextValue | null>(null);
+
+function useMockSelect(): SelectContextValue {
+  const ctx = useContext(MockSelectContext);
+  if (!ctx) {
+    throw new Error('Select components must be used within Select');
+  }
+  return ctx;
+}
+
+vi.mock('@trycompai/design-system', () => ({
+  Select: ({
+    value,
+    onValueChange,
+    disabled,
+    children,
+  }: {
+    value: string;
+    onValueChange: (next: string) => void;
+    disabled?: boolean;
+    children: ReactNode;
+  }) => (
+    <MockSelectContext.Provider value={{ value, onValueChange, disabled }}>
+      <div>{children}</div>
+    </MockSelectContext.Provider>
+  ),
+  SelectTrigger: ({ children }: { children: ReactNode }) => {
+    const { disabled } = useMockSelect();
+    return (
+      <button type="button" role="combobox" disabled={disabled}>
+        {children}
+      </button>
+    );
+  },
+  SelectContent: ({ children }: { children: ReactNode }) => <div>{children}</div>,
+  SelectValue: ({ placeholder }: { placeholder?: string }) => {
+    const { value } = useMockSelect();
+    return <span>{value || placeholder}</span>;
+  },
+  SelectItem: ({ value, children }: { value: string; children: ReactNode }) => {
+    const { onValueChange } = useMockSelect();
+    return (
+      <div role="option" onClick={() => onValueChange(value)}>
+        {children}
+      </div>
+    );
+  },
+}));
+
+// Import AFTER mock is declared so the component uses mocked DS components.
+import { SchedulePicker } from './schedule-picker';
+
+describe('SchedulePicker', () => {
+  it('renders the current value', () => {
+    render(<SchedulePicker value="weekly" onChange={() => {}} />);
+    expect(screen.getByText('Weekly')).toBeInTheDocument();
+  });
+
+  it('calls onChange when a new option is picked', () => {
+    const onChange = vi.fn();
+    render(<SchedulePicker value="daily" onChange={onChange} />);
+    fireEvent.click(screen.getByRole('combobox'));
+    fireEvent.click(screen.getByText('Monthly'));
+    expect(onChange).toHaveBeenCalledWith('monthly');
+  });
+
+  it('is disabled when disabled prop is true', () => {
+    render(<SchedulePicker value="daily" onChange={() => {}} disabled />);
+    expect(screen.getByRole('combobox')).toBeDisabled();
+  });
+});
diff --git a/apps/app/src/components/schedule-picker.tsx b/apps/app/src/components/schedule-picker.tsx
new file mode 100644
index 0000000000..574441e3b3
--- /dev/null
+++ b/apps/app/src/components/schedule-picker.tsx
@@ -0,0 +1,51 @@
+'use client';
+
+import { TaskFrequency } from '@db';
+import {
+  Select,
+  SelectContent,
+  SelectItem,
+  SelectTrigger,
+  SelectValue,
+} from '@trycompai/design-system';
+
+const LABELS: Record<TaskFrequency, string> = {
+  daily: 'Daily',
+  weekly: 'Weekly',
+  monthly: 'Monthly',
+  quarterly: 'Quarterly',
+  yearly: 'Yearly',
+};
+
+const FREQUENCIES = Object.keys(LABELS) as TaskFrequency[];
+
+export function SchedulePicker({
+  value,
+  onChange,
+  disabled,
+}: {
+  value: TaskFrequency;
+  onChange: (value: TaskFrequency) => void;
+  disabled?: boolean;
+}) {
+  const handleValueChange = (next: TaskFrequency | null) => {
+    if (next !== null) {
+      onChange(next);
+    }
+  };
+
+  return (
+    <Select value={value} onValueChange={handleValueChange} disabled={disabled}>
+      <SelectTrigger>
+        <SelectValue placeholder="Select a frequency" />
+      </SelectTrigger>
+      <SelectContent>
+        {FREQUENCIES.map((freq) => (
+          <SelectItem key={freq} value={freq}>
+            {LABELS[freq]}
+          </SelectItem>
+        ))}
+      </SelectContent>
+    </Select>
+  );
+}

From d869d3ea41dac3c24e4b73c7bd67bd0c3a6aa50b Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 14:01:51 -0400
Subject: [PATCH 12/24] feat(app): add schedule picker to browser automation
 config

---
 .../BrowserAutomationConfigDialog.tsx         | 42 +++++++++++++++++--
 .../[orgId]/tasks/[taskId]/hooks/types.ts     |  3 ++
 .../[taskId]/hooks/useBrowserAutomations.ts   |  3 ++
 3 files changed, 44 insertions(+), 4 deletions(-)

diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/browser-automations/BrowserAutomationConfigDialog.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/browser-automations/BrowserAutomationConfigDialog.tsx
index 07dc6ee42e..29c0bb65fe 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/browser-automations/BrowserAutomationConfigDialog.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/browser-automations/BrowserAutomationConfigDialog.tsx
@@ -1,5 +1,6 @@
 'use client';
 
+import { SchedulePicker } from '@/components/schedule-picker';
 import { Button } from '@trycompai/ui/button';
 import {
   Dialog,
@@ -15,7 +16,7 @@ import { Textarea } from '@trycompai/ui/textarea';
 import { zodResolver } from '@hookform/resolvers/zod';
 import { Loader2 } from 'lucide-react';
 import { useEffect } from 'react';
-import { useForm } from 'react-hook-form';
+import { Controller, useForm } from 'react-hook-form';
 import { z } from 'zod';
 import type { BrowserAutomation } from '../../hooks/types';
 
@@ -24,6 +25,7 @@ const automationConfigSchema = z.object({
   targetUrl: z.string().trim().url({ message: 'Starting URL must be a valid URL' }),
   instruction: z.string().trim().min(1, { message: 'Instruction is required' }),
   evaluationCriteria: z.string().trim().optional(),
+  scheduleFrequency: z.enum(['daily', 'weekly', 'monthly', 'quarterly', 'yearly']),
 });
 
 type AutomationConfigFormData = z.infer<typeof automationConfigSchema>;
@@ -33,7 +35,7 @@ interface BrowserAutomationConfigDialogProps {
   mode: 'create' | 'edit';
   initialValues?: Pick<
     BrowserAutomation,
-    'id' | 'name' | 'targetUrl' | 'instruction' | 'evaluationCriteria'
+    'id' | 'name' | 'targetUrl' | 'instruction' | 'evaluationCriteria' | 'scheduleFrequency'
   >;
   isSaving: boolean;
   onClose: () => void;
@@ -51,6 +53,7 @@ export function BrowserAutomationConfigDialog({
   onUpdate,
 }: BrowserAutomationConfigDialogProps) {
   const {
+    control,
     register,
     handleSubmit,
     reset,
@@ -62,6 +65,7 @@ export function BrowserAutomationConfigDialog({
       targetUrl: '',
       instruction: '',
       evaluationCriteria: '',
+      scheduleFrequency: 'daily',
     },
   });
 
@@ -74,15 +78,28 @@ export function BrowserAutomationConfigDialog({
         targetUrl: initialValues.targetUrl ?? '',
         instruction: initialValues.instruction ?? '',
         evaluationCriteria: initialValues.evaluationCriteria ?? '',
+        scheduleFrequency: initialValues.scheduleFrequency ?? 'daily',
       });
       return;
     }
 
-    reset({ name: '', targetUrl: '', instruction: '', evaluationCriteria: '' });
+    reset({
+      name: '',
+      targetUrl: '',
+      instruction: '',
+      evaluationCriteria: '',
+      scheduleFrequency: 'daily',
+    });
   }, [isOpen, mode, initialValues, reset]);
 
   const handleClose = () => {
-    reset({ name: '', targetUrl: '', instruction: '', evaluationCriteria: '' });
+    reset({
+      name: '',
+      targetUrl: '',
+      instruction: '',
+      evaluationCriteria: '',
+      scheduleFrequency: 'daily',
+    });
     onClose();
   };
 
@@ -180,6 +197,23 @@ export function BrowserAutomationConfigDialog({
             </p>
           </div>
 
+          <div className="flex flex-col gap-2">
+            <Label htmlFor="automation-schedule-frequency">Schedule</Label>
+            <Controller
+              control={control}
+              name="scheduleFrequency"
+              render={({ field }) => (
+                <SchedulePicker value={field.value} onChange={field.onChange} />
+              )}
+            />
+            {errors.scheduleFrequency?.message && (
+              <p className="text-sm text-destructive">{errors.scheduleFrequency.message}</p>
+            )}
+            <p className="text-xs text-muted-foreground">
+              How often this automation should run automatically.
+            </p>
+          </div>
+
           <DialogFooter>
             <Button type="button" variant="outline" onClick={handleClose} disabled={isSaving}>
               Cancel
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/types.ts b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/types.ts
index bde9703734..ffd11291d0 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/types.ts
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/types.ts
@@ -1,3 +1,5 @@
+import type { TaskFrequency } from '@db';
+
 export interface BrowserAutomationRun {
   id: string;
   status: string;
@@ -18,6 +20,7 @@ export interface BrowserAutomation {
   evaluationCriteria?: string | null;
   isEnabled: boolean;
   schedule?: string;
+  scheduleFrequency?: TaskFrequency;
   createdAt: string;
   runs?: BrowserAutomationRun[];
 }
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/useBrowserAutomations.ts b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/useBrowserAutomations.ts
index ab73c86ab1..a089fcfb97 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/useBrowserAutomations.ts
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/useBrowserAutomations.ts
@@ -1,6 +1,7 @@
 'use client';
 
 import { apiClient } from '@/lib/api-client';
+import type { TaskFrequency } from '@db';
 import { useCallback, useState } from 'react';
 import { toast } from 'sonner';
 import type { BrowserAutomation } from './types';
@@ -13,6 +14,8 @@ interface AutomationConfigInput {
   name: string;
   targetUrl: string;
   instruction: string;
+  evaluationCriteria?: string;
+  scheduleFrequency?: TaskFrequency;
 }
 
 export function useBrowserAutomations({ taskId }: UseBrowserAutomationsOptions) {

From 7da3cf029b86ed8530584ae57019130d9c1a058e Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 14:05:30 -0400
Subject: [PATCH 13/24] feat(app): add schedule edit dialog for evidence
 automations

---
 .../components/AutomationSettingsDialogs.tsx  | 68 +++++++++++++++++++
 .../hooks/use-task-automation.ts              | 12 ++--
 .../components/AutomationOverview.tsx         | 46 ++++++++++++-
 3 files changed, 120 insertions(+), 6 deletions(-)

diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/components/AutomationSettingsDialogs.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/components/AutomationSettingsDialogs.tsx
index dd7a575a51..78fd3c7b3e 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/components/AutomationSettingsDialogs.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/components/AutomationSettingsDialogs.tsx
@@ -1,5 +1,7 @@
 'use client';
 
+import { SchedulePicker } from '@/components/schedule-picker';
+import type { TaskFrequency } from '@db';
 import { Button } from '@trycompai/ui/button';
 import {
   Dialog,
@@ -29,6 +31,12 @@ interface EditDescriptionDialogProps {
   onSuccess?: () => void;
 }
 
+interface EditScheduleDialogProps {
+  open: boolean;
+  onOpenChange: (open: boolean) => void;
+  onSuccess?: () => void;
+}
+
 interface DeleteDialogProps {
   open: boolean;
   onOpenChange: (open: boolean) => void;
@@ -164,6 +172,66 @@ export function EditDescriptionDialog({
   );
 }
 
+export function EditScheduleDialog({
+  open,
+  onOpenChange,
+  onSuccess,
+}: EditScheduleDialogProps) {
+  const { automation, updateAutomation } = useTaskAutomation();
+  const [value, setValue] = useState<TaskFrequency>(
+    automation?.scheduleFrequency ?? 'daily',
+  );
+  const [isSaving, setIsSaving] = useState(false);
+
+  // Keep local state in sync with freshly fetched automation data
+  useEffect(() => {
+    setValue(automation?.scheduleFrequency ?? 'daily');
+  }, [automation?.scheduleFrequency]);
+
+  const handleSave = async () => {
+    setIsSaving(true);
+    try {
+      await updateAutomation({ scheduleFrequency: value });
+      await onSuccess?.();
+      onOpenChange(false);
+      toast.success('Schedule updated');
+    } catch {
+      toast.error('Failed to update schedule');
+    } finally {
+      setIsSaving(false);
+    }
+  };
+
+  return (
+    <Dialog open={open} onOpenChange={onOpenChange}>
+      <DialogContent>
+        <DialogHeader>
+          <DialogTitle>Edit Schedule</DialogTitle>
+          <DialogDescription>
+            Choose how often this automation should run. Changes apply to the next scheduled run.
+          </DialogDescription>
+        </DialogHeader>
+
+        <div className="space-y-4 py-4">
+          <div className="space-y-2">
+            <Label htmlFor="automation-schedule">Frequency</Label>
+            <SchedulePicker value={value} onChange={setValue} disabled={isSaving} />
+          </div>
+        </div>
+
+        <DialogFooter>
+          <Button variant="outline" onClick={() => onOpenChange(false)} disabled={isSaving}>
+            Cancel
+          </Button>
+          <Button onClick={handleSave} disabled={isSaving}>
+            {isSaving ? 'Saving...' : 'Save Changes'}
+          </Button>
+        </DialogFooter>
+      </DialogContent>
+    </Dialog>
+  );
+}
+
 export function DeleteAutomationDialog({ open, onOpenChange, onSuccess }: DeleteDialogProps) {
   const { automation, deleteAutomation } = useTaskAutomation();
   const { orgId, taskId } = useParams<{
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/hooks/use-task-automation.ts b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/hooks/use-task-automation.ts
index bf4bf7b43e..a256b11d9f 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/hooks/use-task-automation.ts
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/hooks/use-task-automation.ts
@@ -1,4 +1,5 @@
 import { api } from '@/lib/api-client';
+import type { TaskFrequency } from '@db';
 import { useParams } from 'next/navigation';
 import useSWR from 'swr';
 
@@ -13,15 +14,20 @@ interface TaskAutomationData {
   updatedAt: string;
   evaluationCriteria?: string;
   isEnabled: boolean;
+  scheduleFrequency?: TaskFrequency;
 }
 
+type UpdateAutomationPayload = Partial<
+  Pick<TaskAutomationData, 'name' | 'description' | 'scheduleFrequency'>
+>;
+
 interface UseTaskAutomationReturn {
   automation: TaskAutomationData | undefined;
   isLoading: boolean;
   isError: boolean;
   error: Error | undefined;
   mutate: () => Promise<unknown>;
-  updateAutomation: (body: Partial<Pick<TaskAutomationData, 'name' | 'description'>>) => Promise<void>;
+  updateAutomation: (body: UpdateAutomationPayload) => Promise<void>;
   deleteAutomation: () => Promise<void>;
 }
 
@@ -71,9 +77,7 @@ export function useTaskAutomation(overrideAutomationId?: string): UseTaskAutomat
     },
   );
 
-  const updateAutomation = async (
-    body: Partial<Pick<TaskAutomationData, 'name' | 'description'>>,
-  ) => {
+  const updateAutomation = async (body: UpdateAutomationPayload) => {
     const realId = data?.id || automationId;
     const response = await api.patch(
       `/v1/tasks/${taskId}/automations/${realId}`,
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx
index 7802a16024..9a613817a5 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx
@@ -3,7 +3,13 @@
 import { RecentAuditLogs } from '@/components/RecentAuditLogs';
 import { useAuditLogs } from '@/hooks/use-audit-logs';
 import { Button } from '@trycompai/ui/button';
-import type { EvidenceAutomation, EvidenceAutomationRun, EvidenceAutomationVersion, Task } from '@db';
+import type {
+  EvidenceAutomation,
+  EvidenceAutomationRun,
+  EvidenceAutomationVersion,
+  Task,
+  TaskFrequency,
+} from '@db';
 import {
   Breadcrumb,
   Button as DSButton,
@@ -27,7 +33,10 @@ import {
   executeAutomationScript,
   toggleAutomationEnabled,
 } from '../../../../automation/[automationId]/actions/task-automation-actions';
-import { DeleteAutomationDialog } from '../../../../automation/[automationId]/components/AutomationSettingsDialogs';
+import {
+  DeleteAutomationDialog,
+  EditScheduleDialog,
+} from '../../../../automation/[automationId]/components/AutomationSettingsDialogs';
 import { useTaskAutomation } from '../../../../automation/[automationId]/hooks/use-task-automation';
 import { AutomationRunsCard } from '../../../../components/AutomationRunsCard';
 import { useAutomationRuns } from '../hooks/use-automation-runs';
@@ -37,6 +46,14 @@ type RunWithAutomationName = EvidenceAutomationRun & {
   evidenceAutomation: { name: string };
 };
 
+const FREQUENCY_LABELS: Record<TaskFrequency, string> = {
+  daily: 'Daily',
+  weekly: 'Weekly',
+  monthly: 'Monthly',
+  quarterly: 'Quarterly',
+  yearly: 'Yearly',
+};
+
 interface AutomationOverviewProps {
   task: Task;
   automation: EvidenceAutomation;
@@ -57,6 +74,7 @@ export function AutomationOverview({
   }>();
 
   const [deleteDialogOpen, setDeleteDialogOpen] = useState(false);
+  const [scheduleDialogOpen, setScheduleDialogOpen] = useState(false);
   const [isTogglingEnabled, setIsTogglingEnabled] = useState(false);
   const [isEditingName, setIsEditingName] = useState(false);
   const [nameValue, setNameValue] = useState('');
@@ -372,6 +390,24 @@ export function AutomationOverview({
 
                 <div className="border-t" />
 
+                <HStack justify="between" align="center">
+                  <Stack gap="none">
+                    <Text size="sm" weight="medium">Schedule</Text>
+                    <Text size="xs" variant="muted">
+                      Current: {FREQUENCY_LABELS[automation.scheduleFrequency] ?? 'Daily'}
+                    </Text>
+                  </Stack>
+                  <Button
+                    variant="outline"
+                    size="sm"
+                    onClick={() => setScheduleDialogOpen(true)}
+                  >
+                    Edit
+                  </Button>
+                </HStack>
+
+                <div className="border-t" />
+
                 <HStack justify="between" align="center">
                   <Stack gap="none">
                     <Text size="sm" weight="medium">Delete Automation</Text>
@@ -400,6 +436,12 @@ export function AutomationOverview({
         onOpenChange={setDeleteDialogOpen}
         onSuccess={mutateAutomation}
       />
+
+      <EditScheduleDialog
+        open={scheduleDialogOpen}
+        onOpenChange={setScheduleDialogOpen}
+        onSuccess={mutateAutomation}
+      />
     </PageLayout>
   );
 }

From 1774371d3e50efd63bc1f6a3ee96117e1692204e Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 14:09:33 -0400
Subject: [PATCH 14/24] feat(app): add integration schedule picker on task
 detail

---
 .../tasks/[taskId]/components/SingleTask.tsx  | 15 +++++++
 .../components/TaskIntegrationChecks.tsx      | 45 +++++++++++++++----
 .../[orgId]/tasks/[taskId]/hooks/use-task.ts  |  3 +-
 3 files changed, 53 insertions(+), 10 deletions(-)

diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/SingleTask.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/SingleTask.tsx
index 6085775f24..da560f5361 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/SingleTask.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/SingleTask.tsx
@@ -24,6 +24,7 @@ import {
   type Control,
   type Member,
   type Task,
+  type TaskFrequency,
   type TaskStatus,
   type User,
 } from '@db';
@@ -163,6 +164,16 @@ export function SingleTask({
     }
   };
 
+  const handleUpdateIntegrationSchedule = async (value: TaskFrequency) => {
+    try {
+      await updateTask({ integrationScheduleFrequency: value });
+      toast.success('Schedule updated');
+      mutateActivity();
+    } catch (error) {
+      toast.error(error instanceof Error ? error.message : 'Failed to update schedule');
+    }
+  };
+
   const handleUpdateTask = async (
     updates: Partial<Pick<Task, 'status' | 'assigneeId' | 'approverId' | 'frequency' | 'department' | 'reviewDate'>>,
   ) => {
@@ -344,6 +355,10 @@ export function SingleTask({
                 taskId={task.id}
                 onTaskUpdated={() => mutateTask()}
                 isManualTask={task.automationStatus === 'MANUAL'}
+                scheduleFrequency={task.integrationScheduleFrequency ?? undefined}
+                onScheduleChange={
+                  canUpdateTask ? handleUpdateIntegrationSchedule : undefined
+                }
               />
               <TaskAutomations
                 automations={automations || []}
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskIntegrationChecks.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskIntegrationChecks.tsx
index 73b7572673..1f1e4aa21d 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskIntegrationChecks.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskIntegrationChecks.tsx
@@ -2,7 +2,9 @@
 
 import { ConnectIntegrationDialog } from '@/components/integrations/ConnectIntegrationDialog';
 import { ManageIntegrationDialog } from '@/components/integrations/ManageIntegrationDialog';
+import { SchedulePicker } from '@/components/schedule-picker';
 import { downloadAutomationPDF } from '@/lib/evidence-download';
+import type { TaskFrequency } from '@db';
 import type { TaskIntegrationCheck, StoredCheckRun } from '../hooks/useIntegrationChecks';
 import { useIntegrationChecks } from '../hooks/useIntegrationChecks';
 import { cn } from '@/lib/utils';
@@ -50,12 +52,18 @@ interface TaskIntegrationChecksProps {
   onTaskUpdated?: () => void;
   /** When true, disables creating new automations (shows existing ones read-only) */
   isManualTask?: boolean;
+  /** Current schedule for integration checks on this task. When provided with
+   * `onScheduleChange`, renders a schedule picker in the card header. */
+  scheduleFrequency?: TaskFrequency;
+  onScheduleChange?: (value: TaskFrequency) => void | Promise<void>;
 }
 
 export function TaskIntegrationChecks({
   taskId,
   onTaskUpdated,
   isManualTask = false,
+  scheduleFrequency,
+  onScheduleChange,
 }: TaskIntegrationChecksProps) {
   const params = useParams();
   const searchParams = useSearchParams();
@@ -274,12 +282,16 @@ export function TaskIntegrationChecks({
   };
 
   const nextRun = connectedChecks.length > 0 ? getNextScheduledRun() : null;
+  const hasConfiguredChecks =
+    connectedChecks.length > 0 || disabledForTaskChecks.length > 0;
+  const showSchedulePicker =
+    hasConfiguredChecks && !!scheduleFrequency && !!onScheduleChange;
 
   return (
     <div className="rounded-lg border border-border bg-card overflow-hidden">
       {/* Card Header */}
       <div className="px-5 py-4 border-b border-border">
-        <div className="flex items-center justify-between">
+        <div className="flex items-center justify-between gap-4">
           <div className="flex items-center gap-2.5">
             <div className="p-1.5 rounded-md bg-muted">
               <PlugZap className="h-4 w-4 text-primary" />
@@ -291,16 +303,31 @@ export function TaskIntegrationChecks({
               </p>
             </div>
           </div>
-          {connectedChecks.length > 0 && nextRun && (
-            <div className="text-right">
-              <div className="text-[10px] text-muted-foreground uppercase tracking-wide">
-                Next run
+          <div className="flex items-center gap-4">
+            {showSchedulePicker && scheduleFrequency && onScheduleChange && (
+              <div className="flex items-center gap-2">
+                <span className="text-xs text-muted-foreground uppercase tracking-wide">
+                  Schedule
+                </span>
+                <SchedulePicker
+                  value={scheduleFrequency}
+                  onChange={(value) => {
+                    void onScheduleChange(value);
+                  }}
+                />
               </div>
-              <div className="text-sm font-medium text-foreground">
-                {formatDistanceToNow(nextRun, { addSuffix: true })}
+            )}
+            {connectedChecks.length > 0 && nextRun && (
+              <div className="text-right">
+                <div className="text-[10px] text-muted-foreground uppercase tracking-wide">
+                  Next run
+                </div>
+                <div className="text-sm font-medium text-foreground">
+                  {formatDistanceToNow(nextRun, { addSuffix: true })}
+                </div>
               </div>
-            </div>
-          )}
+            )}
+          </div>
         </div>
       </div>
 
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/use-task.ts b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/use-task.ts
index fa8f3d363f..982f76e65e 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/use-task.ts
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/use-task.ts
@@ -1,5 +1,5 @@
 import { apiClient } from '@/lib/api-client';
-import type { Control, Task, TaskStatus } from '@db';
+import type { Control, Task, TaskFrequency, TaskStatus } from '@db';
 import { useParams } from 'next/navigation';
 import useSWR from 'swr';
 
@@ -17,6 +17,7 @@ interface UpdateTaskPayload {
   reviewDate?: string | null;
   title?: string;
   description?: string;
+  integrationScheduleFrequency?: TaskFrequency;
 }
 
 interface UseTaskReturn {

From a447e348e1f909e74ccd258501f7e7eca64db113 Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 14:13:45 -0400
Subject: [PATCH 15/24] feat(app): show schedule summary on automation cards

---
 .../[taskId]/components/TaskAutomations.tsx   |  5 +++
 .../browser-automations/AutomationItem.tsx    |  9 ++++
 .../[orgId]/tasks/[taskId]/hooks/types.ts     |  1 +
 .../src/components/schedule-summary.test.tsx  | 20 +++++++++
 apps/app/src/components/schedule-summary.tsx  | 42 +++++++++++++++++++
 5 files changed, 77 insertions(+)
 create mode 100644 apps/app/src/components/schedule-summary.test.tsx
 create mode 100644 apps/app/src/components/schedule-summary.tsx

diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskAutomations.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskAutomations.tsx
index dca7ecb076..ddc5f57ae8 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskAutomations.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskAutomations.tsx
@@ -14,6 +14,7 @@ import { useParams, useRouter } from 'next/navigation';
 import { useState } from 'react';
 import { toast } from 'sonner';
 import { Button, HStack, Section, Stack, Text } from '@trycompai/design-system';
+import { ScheduleSummary } from '@/components/schedule-summary';
 import { useTaskAutomations } from '../hooks/use-task-automations';
 
 type AutomationWithLatestRun = EvidenceAutomation & {
@@ -89,6 +90,10 @@ export const TaskAutomations = ({ automations, isManualTask = false }: TaskAutom
                     ? `Last ran ${lastRan} • v${latestVersionRun.version}`
                     : 'No published runs yet'}
                 </Text>
+                <ScheduleSummary
+                  scheduleFrequency={automation.scheduleFrequency}
+                  lastRunAt={automation.lastRunAt}
+                />
               </Stack>
 
               {latestVersionRun && (
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/browser-automations/AutomationItem.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/browser-automations/AutomationItem.tsx
index 951851db10..1bc4b61eb4 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/browser-automations/AutomationItem.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/browser-automations/AutomationItem.tsx
@@ -13,6 +13,7 @@ import {
 } from 'lucide-react';
 import { formatDistanceToNow } from 'date-fns';
 import { useState } from 'react';
+import { ScheduleSummary } from '@/components/schedule-summary';
 import type { BrowserAutomation, BrowserAutomationRun } from '../../hooks/types';
 import { RunHistory } from './RunHistory';
 
@@ -86,6 +87,14 @@ export function AutomationItem({
           ) : (
             <p className="text-xs text-muted-foreground mt-0.5">Never run</p>
           )}
+          {automation.scheduleFrequency && (
+            <div className="mt-0.5">
+              <ScheduleSummary
+                scheduleFrequency={automation.scheduleFrequency}
+                lastRunAt={automation.lastRunAt ?? null}
+              />
+            </div>
+          )}
         </div>
 
         <div className="flex items-center gap-1.5">
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/types.ts b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/types.ts
index ffd11291d0..7675f22086 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/types.ts
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/hooks/types.ts
@@ -21,6 +21,7 @@ export interface BrowserAutomation {
   isEnabled: boolean;
   schedule?: string;
   scheduleFrequency?: TaskFrequency;
+  lastRunAt?: string | null;
   createdAt: string;
   runs?: BrowserAutomationRun[];
 }
diff --git a/apps/app/src/components/schedule-summary.test.tsx b/apps/app/src/components/schedule-summary.test.tsx
new file mode 100644
index 0000000000..08238a2a88
--- /dev/null
+++ b/apps/app/src/components/schedule-summary.test.tsx
@@ -0,0 +1,20 @@
+import { render, screen } from '@testing-library/react';
+import { describe, expect, it } from 'vitest';
+import { ScheduleSummary } from './schedule-summary';
+
+describe('ScheduleSummary', () => {
+  it('renders frequency label', () => {
+    render(<ScheduleSummary scheduleFrequency="weekly" lastRunAt={null} />);
+    expect(screen.getByText(/Weekly/)).toBeInTheDocument();
+  });
+
+  it('renders a next-run date', () => {
+    render(
+      <ScheduleSummary
+        scheduleFrequency="weekly"
+        lastRunAt={new Date('2026-04-17').toISOString()}
+      />,
+    );
+    expect(screen.getByText(/next:/)).toBeInTheDocument();
+  });
+});
diff --git a/apps/app/src/components/schedule-summary.tsx b/apps/app/src/components/schedule-summary.tsx
new file mode 100644
index 0000000000..511c282e8c
--- /dev/null
+++ b/apps/app/src/components/schedule-summary.tsx
@@ -0,0 +1,42 @@
+'use client';
+
+import { TaskFrequency } from '@db';
+
+const LABELS: Record<TaskFrequency, string> = {
+  daily: 'Daily',
+  weekly: 'Weekly',
+  monthly: 'Monthly',
+  quarterly: 'Quarterly',
+  yearly: 'Yearly',
+};
+
+const PERIOD_DAYS: Record<TaskFrequency, number> = {
+  daily: 1,
+  weekly: 7,
+  monthly: 30,
+  quarterly: 91,
+  yearly: 365,
+};
+
+// Approximate next-run (months ≈ 30 days). The server's isDueToday helper is the
+// real authority; this is only a UX hint shown on automation cards.
+function computeNextRun(frequency: TaskFrequency, lastRunAt: Date | null): Date {
+  const base = lastRunAt ?? new Date();
+  return new Date(base.getTime() + PERIOD_DAYS[frequency] * 24 * 60 * 60 * 1000);
+}
+
+export function ScheduleSummary({
+  scheduleFrequency,
+  lastRunAt,
+}: {
+  scheduleFrequency: TaskFrequency;
+  lastRunAt: string | Date | null;
+}) {
+  const last = lastRunAt ? new Date(lastRunAt) : null;
+  const next = computeNextRun(scheduleFrequency, last);
+  return (
+    <span className="text-xs text-muted-foreground">
+      Runs {LABELS[scheduleFrequency]} · next: {next.toLocaleDateString()}
+    </span>
+  );
+}

From 5a445184ae885e4e440d5628c52948967251e4b4 Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 14:20:16 -0400
Subject: [PATCH 16/24] fix(app,api): repair test fixtures and guard missing
 schedule frequency

Updates test fixtures for Task schema additions (integrationScheduleFrequency,
integrationLastRunAt, previousStatus, archivedAt, lastCompletedAt),
adds TaskFrequency to the @db mock in browserbase.controller.spec so
the new @IsEnum(TaskFrequency) DTO decorator resolves at module load,
and fixes an undefined-index access in AutomationOverview when the
scheduleFrequency field is missing on stale client types.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../browserbase.controller.spec.ts            |  7 ++++
 .../components/AutomationOverview.tsx         |  2 +-
 .../ModernSingleStatusTaskList.test.tsx       | 34 +++++++++++++++++--
 .../tasks/components/TaskList.test.tsx        |  5 +++
 4 files changed, 45 insertions(+), 3 deletions(-)

diff --git a/apps/api/src/browserbase/browserbase.controller.spec.ts b/apps/api/src/browserbase/browserbase.controller.spec.ts
index 1713edeffa..d3f8ee5292 100644
--- a/apps/api/src/browserbase/browserbase.controller.spec.ts
+++ b/apps/api/src/browserbase/browserbase.controller.spec.ts
@@ -10,6 +10,13 @@ jest.mock('@db', () => ({
       }
     },
   },
+  TaskFrequency: {
+    daily: 'daily',
+    weekly: 'weekly',
+    monthly: 'monthly',
+    quarterly: 'quarterly',
+    yearly: 'yearly',
+  },
 }));
 
 jest.mock('../auth/auth.server', () => ({
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx
index 9a613817a5..63bfbb1511 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx
@@ -394,7 +394,7 @@ export function AutomationOverview({
                   <Stack gap="none">
                     <Text size="sm" weight="medium">Schedule</Text>
                     <Text size="xs" variant="muted">
-                      Current: {FREQUENCY_LABELS[automation.scheduleFrequency] ?? 'Daily'}
+                      Current: {FREQUENCY_LABELS[automation.scheduleFrequency ?? 'daily']}
                     </Text>
                   </Stack>
                   <Button
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/components/ModernSingleStatusTaskList.test.tsx b/apps/app/src/app/(app)/[orgId]/tasks/components/ModernSingleStatusTaskList.test.tsx
index 0500aeb1d3..037bf8306b 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/components/ModernSingleStatusTaskList.test.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/components/ModernSingleStatusTaskList.test.tsx
@@ -122,10 +122,25 @@ const mockTasks = [
     id: 'task-1',
     title: 'Test Task 1',
     description: 'A test task',
-    status: 'todo',
+    status: 'todo' as const,
+    previousStatus: null,
+    automationStatus: 'AUTOMATED' as const,
+    frequency: null,
+    integrationScheduleFrequency: 'daily' as const,
+    integrationLastRunAt: null,
+    department: null,
     assigneeId: null,
     createdAt: new Date(),
     updatedAt: new Date(),
+    archivedAt: null,
+    lastCompletedAt: null,
+    reviewDate: null,
+    order: 0,
+    taskTemplateId: null,
+    approvalStatus: null,
+    approverId: null,
+    approvedAt: null,
+    approvalComment: null,
     organizationId: 'org_1',
     controls: [],
   },
@@ -133,10 +148,25 @@ const mockTasks = [
     id: 'task-2',
     title: 'Test Task 2',
     description: 'Another test task',
-    status: 'todo',
+    status: 'todo' as const,
+    previousStatus: null,
+    automationStatus: 'AUTOMATED' as const,
+    frequency: null,
+    integrationScheduleFrequency: 'daily' as const,
+    integrationLastRunAt: null,
+    department: null,
     assigneeId: null,
     createdAt: new Date(),
     updatedAt: new Date(),
+    archivedAt: null,
+    lastCompletedAt: null,
+    reviewDate: null,
+    order: 0,
+    taskTemplateId: null,
+    approvalStatus: null,
+    approverId: null,
+    approvedAt: null,
+    approvalComment: null,
     organizationId: 'org_1',
     controls: [],
   },
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/components/TaskList.test.tsx b/apps/app/src/app/(app)/[orgId]/tasks/components/TaskList.test.tsx
index e061d10903..459f1714c7 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/components/TaskList.test.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/components/TaskList.test.tsx
@@ -132,12 +132,17 @@ import { TaskList } from './TaskList';
 const baseMockTask = {
   description: 'Test',
   status: 'todo' as const,
+  previousStatus: null,
   frequency: null,
+  integrationScheduleFrequency: 'daily' as const,
+  integrationLastRunAt: null,
   department: null,
   assigneeId: null,
   organizationId: 'org_123',
   createdAt: new Date(),
   updatedAt: new Date(),
+  archivedAt: null,
+  lastCompletedAt: null,
   order: 0,
   taskTemplateId: null,
   reviewDate: null,

From e7a1a9034ffa7afeee15a1be677db526b4aba994 Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 14:31:20 -0400
Subject: [PATCH 17/24] style(api): apply prettier to SALE-49 files

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../browserbase.controller.spec.ts            |  9 +-
 .../src/browserbase/browserbase.service.ts    | 23 ++++--
 apps/api/src/tasks/tasks.service.ts           |  4 +-
 .../src/trigger/shared/is-due-today.spec.ts   | 82 ++++++++++++++++---
 apps/api/src/trigger/shared/is-due-today.ts   |  4 +-
 5 files changed, 96 insertions(+), 26 deletions(-)

diff --git a/apps/api/src/browserbase/browserbase.controller.spec.ts b/apps/api/src/browserbase/browserbase.controller.spec.ts
index d3f8ee5292..6e8cbe75e0 100644
--- a/apps/api/src/browserbase/browserbase.controller.spec.ts
+++ b/apps/api/src/browserbase/browserbase.controller.spec.ts
@@ -42,7 +42,9 @@ import { PermissionGuard } from '../auth/permission.guard';
 
 describe('BrowserbaseController.redirectToScreenshot', () => {
   let controller: BrowserbaseController;
-  let service: jest.Mocked<Pick<BrowserbaseService, 'getScreenshotRedirectUrl'>>;
+  let service: jest.Mocked<
+    Pick<BrowserbaseService, 'getScreenshotRedirectUrl'>
+  >;
 
   beforeEach(async () => {
     service = {
@@ -80,7 +82,10 @@ describe('BrowserbaseController.redirectToScreenshot', () => {
       organizationId: 'org_1',
       download: false,
     });
-    expect(res.redirect).toHaveBeenCalledWith(302, 'https://s3.example.com/fresh-signed');
+    expect(res.redirect).toHaveBeenCalledWith(
+      302,
+      'https://s3.example.com/fresh-signed',
+    );
   });
 
   it('passes download=true to the service when the query param is "true"', async () => {
diff --git a/apps/api/src/browserbase/browserbase.service.ts b/apps/api/src/browserbase/browserbase.service.ts
index fca5edc8f2..da81adadea 100644
--- a/apps/api/src/browserbase/browserbase.service.ts
+++ b/apps/api/src/browserbase/browserbase.service.ts
@@ -5,7 +5,11 @@ import Browserbase from '@browserbasehq/sdk';
 type Stagehand = import('@browserbasehq/stagehand').Stagehand;
 import { db, TaskFrequency } from '@db';
 import { z } from 'zod';
-import { GetObjectCommand, PutObjectCommand, S3Client } from '@aws-sdk/client-s3';
+import {
+  GetObjectCommand,
+  PutObjectCommand,
+  S3Client,
+} from '@aws-sdk/client-s3';
 import { BUCKET_NAME, getSignedUrl, s3Client } from '@/app/s3';
 import { renderOverlay } from './screenshot-overlay';
 import { isNoPageError, toRunErrorMessage } from './run-error-formatter';
@@ -416,9 +420,7 @@ export class BrowserbaseService {
         ...(evaluationCriteria !== undefined
           ? { evaluationCriteria: normalizeCriteria(evaluationCriteria) }
           : {}),
-        ...(scheduleFrequency !== undefined
-          ? { scheduleFrequency }
-          : {}),
+        ...(scheduleFrequency !== undefined ? { scheduleFrequency } : {}),
       },
     });
   }
@@ -853,10 +855,15 @@ export class BrowserbaseService {
           capturedAt: new Date(),
         });
       } catch (overlayErr) {
-        this.logger.warn('Screenshot overlay render failed; uploading raw image', {
-          error:
-            overlayErr instanceof Error ? overlayErr.message : String(overlayErr),
-        });
+        this.logger.warn(
+          'Screenshot overlay render failed; uploading raw image',
+          {
+            error:
+              overlayErr instanceof Error
+                ? overlayErr.message
+                : String(overlayErr),
+          },
+        );
       }
 
       // Optional evaluation: if the automation was configured with
diff --git a/apps/api/src/tasks/tasks.service.ts b/apps/api/src/tasks/tasks.service.ts
index 2d574146c4..89132aea2f 100644
--- a/apps/api/src/tasks/tasks.service.ts
+++ b/apps/api/src/tasks/tasks.service.ts
@@ -532,8 +532,8 @@ export class TasksService {
         organizationId,
         timelinesService: this.timelinesService,
       }).catch((err) => {
-      this.logger.warn('timeline auto-complete check failed', err);
-    });
+        this.logger.warn('timeline auto-complete check failed', err);
+      });
 
       return { deletedCount: result.count };
     } catch (error) {
diff --git a/apps/api/src/trigger/shared/is-due-today.spec.ts b/apps/api/src/trigger/shared/is-due-today.spec.ts
index b919950285..3920031e2c 100644
--- a/apps/api/src/trigger/shared/is-due-today.spec.ts
+++ b/apps/api/src/trigger/shared/is-due-today.spec.ts
@@ -8,32 +8,60 @@ describe('isDueToday', () => {
 
   describe('daily', () => {
     it('returns true when lastRunAt is null', () => {
-      expect(isDueToday({ scheduleFrequency: TaskFrequency.daily, lastRunAt: null, now })).toBe(true);
+      expect(
+        isDueToday({
+          scheduleFrequency: TaskFrequency.daily,
+          lastRunAt: null,
+          now,
+        }),
+      ).toBe(true);
     });
     it('returns true even when it ran today', () => {
       expect(
-        isDueToday({ scheduleFrequency: TaskFrequency.daily, lastRunAt: atUtc('2026-04-24'), now }),
+        isDueToday({
+          scheduleFrequency: TaskFrequency.daily,
+          lastRunAt: atUtc('2026-04-24'),
+          now,
+        }),
       ).toBe(true);
     });
   });
 
   describe('weekly', () => {
     it('returns true when lastRunAt is null', () => {
-      expect(isDueToday({ scheduleFrequency: TaskFrequency.weekly, lastRunAt: null, now })).toBe(true);
+      expect(
+        isDueToday({
+          scheduleFrequency: TaskFrequency.weekly,
+          lastRunAt: null,
+          now,
+        }),
+      ).toBe(true);
     });
     it('returns false when lastRunAt is 6 days ago', () => {
       expect(
-        isDueToday({ scheduleFrequency: TaskFrequency.weekly, lastRunAt: atUtc('2026-04-18'), now }),
+        isDueToday({
+          scheduleFrequency: TaskFrequency.weekly,
+          lastRunAt: atUtc('2026-04-18'),
+          now,
+        }),
       ).toBe(false);
     });
     it('returns true when lastRunAt is exactly 7 days ago', () => {
       expect(
-        isDueToday({ scheduleFrequency: TaskFrequency.weekly, lastRunAt: atUtc('2026-04-17'), now }),
+        isDueToday({
+          scheduleFrequency: TaskFrequency.weekly,
+          lastRunAt: atUtc('2026-04-17'),
+          now,
+        }),
       ).toBe(true);
     });
     it('returns true when lastRunAt is 14 days ago', () => {
       expect(
-        isDueToday({ scheduleFrequency: TaskFrequency.weekly, lastRunAt: atUtc('2026-04-10'), now }),
+        isDueToday({
+          scheduleFrequency: TaskFrequency.weekly,
+          lastRunAt: atUtc('2026-04-10'),
+          now,
+        }),
       ).toBe(true);
     });
   });
@@ -42,17 +70,29 @@ describe('isDueToday', () => {
     it('returns true when lastRunAt crossed a calendar-month boundary', () => {
       // 2026-03-26 → 2026-04-24: different calendar month → due
       expect(
-        isDueToday({ scheduleFrequency: TaskFrequency.monthly, lastRunAt: atUtc('2026-03-26'), now }),
+        isDueToday({
+          scheduleFrequency: TaskFrequency.monthly,
+          lastRunAt: atUtc('2026-03-26'),
+          now,
+        }),
       ).toBe(true);
     });
     it('returns false when lastRunAt is same calendar month', () => {
       expect(
-        isDueToday({ scheduleFrequency: TaskFrequency.monthly, lastRunAt: atUtc('2026-04-01'), now }),
+        isDueToday({
+          scheduleFrequency: TaskFrequency.monthly,
+          lastRunAt: atUtc('2026-04-01'),
+          now,
+        }),
       ).toBe(false);
     });
     it('returns true when lastRunAt is null', () => {
       expect(
-        isDueToday({ scheduleFrequency: TaskFrequency.monthly, lastRunAt: null, now }),
+        isDueToday({
+          scheduleFrequency: TaskFrequency.monthly,
+          lastRunAt: null,
+          now,
+        }),
       ).toBe(true);
     });
   });
@@ -60,12 +100,20 @@ describe('isDueToday', () => {
   describe('quarterly', () => {
     it('returns false when lastRunAt is 2 months ago', () => {
       expect(
-        isDueToday({ scheduleFrequency: TaskFrequency.quarterly, lastRunAt: atUtc('2026-02-24'), now }),
+        isDueToday({
+          scheduleFrequency: TaskFrequency.quarterly,
+          lastRunAt: atUtc('2026-02-24'),
+          now,
+        }),
       ).toBe(false);
     });
     it('returns true when lastRunAt is 3 months ago', () => {
       expect(
-        isDueToday({ scheduleFrequency: TaskFrequency.quarterly, lastRunAt: atUtc('2026-01-24'), now }),
+        isDueToday({
+          scheduleFrequency: TaskFrequency.quarterly,
+          lastRunAt: atUtc('2026-01-24'),
+          now,
+        }),
       ).toBe(true);
     });
   });
@@ -73,12 +121,20 @@ describe('isDueToday', () => {
   describe('yearly', () => {
     it('returns false when lastRunAt is 11 months ago', () => {
       expect(
-        isDueToday({ scheduleFrequency: TaskFrequency.yearly, lastRunAt: atUtc('2025-05-24'), now }),
+        isDueToday({
+          scheduleFrequency: TaskFrequency.yearly,
+          lastRunAt: atUtc('2025-05-24'),
+          now,
+        }),
       ).toBe(false);
     });
     it('returns true when lastRunAt is 12 months ago', () => {
       expect(
-        isDueToday({ scheduleFrequency: TaskFrequency.yearly, lastRunAt: atUtc('2025-04-24'), now }),
+        isDueToday({
+          scheduleFrequency: TaskFrequency.yearly,
+          lastRunAt: atUtc('2025-04-24'),
+          now,
+        }),
       ).toBe(true);
     });
   });
diff --git a/apps/api/src/trigger/shared/is-due-today.ts b/apps/api/src/trigger/shared/is-due-today.ts
index 3daa85dfd1..c38008311d 100644
--- a/apps/api/src/trigger/shared/is-due-today.ts
+++ b/apps/api/src/trigger/shared/is-due-today.ts
@@ -32,7 +32,9 @@ export function isDueToday({
 
   switch (scheduleFrequency) {
     case TaskFrequency.weekly: {
-      const days = Math.floor((now.getTime() - lastRunAt.getTime()) / MS_PER_DAY);
+      const days = Math.floor(
+        (now.getTime() - lastRunAt.getTime()) / MS_PER_DAY,
+      );
       return days >= 7;
     }
     case TaskFrequency.monthly:

From fe921a89bdcec6d1a9e3eac90e16b70320f6edb1 Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 15:20:00 -0400
Subject: [PATCH 18/24] fix: address cubic review findings on schedule UI and
 DTOs

- TaskIntegrationChecks: compute "Next run" from scheduleFrequency +
  lastRunAt rather than hardcoding daily 6 AM UTC (was misleading for
  non-daily schedules).
- Task response DTOs (swagger.dto.ts + task-responses.dto.ts): expose
  integrationScheduleFrequency and integrationLastRunAt so API
  consumers see them in generated documentation.
- ScheduleSummary: render locale-agnostic YYYY-MM-DD and anchor "now"
  to UTC midnight to prevent server/client hydration mismatches.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 apps/api/src/tasks/dto/swagger.dto.ts         | 12 ++++++++
 apps/api/src/tasks/dto/task-responses.dto.ts  | 14 ++++++++++
 .../tasks/[taskId]/components/SingleTask.tsx  |  1 +
 .../components/TaskIntegrationChecks.tsx      | 28 +++++++++++++++----
 .../src/components/schedule-summary.test.tsx  |  8 ++++--
 apps/app/src/components/schedule-summary.tsx  | 22 ++++++++++++---
 6 files changed, 72 insertions(+), 13 deletions(-)

diff --git a/apps/api/src/tasks/dto/swagger.dto.ts b/apps/api/src/tasks/dto/swagger.dto.ts
index d2a986ab11..76b21023ea 100644
--- a/apps/api/src/tasks/dto/swagger.dto.ts
+++ b/apps/api/src/tasks/dto/swagger.dto.ts
@@ -188,6 +188,18 @@ export class TaskResponseDto {
   })
   frequency: string | null;
 
+  @ApiProperty({
+    description: 'Cadence for running the integration check attached to this task',
+    enum: ['daily', 'weekly', 'monthly', 'quarterly', 'yearly'],
+  })
+  integrationScheduleFrequency: string;
+
+  @ApiProperty({
+    description: 'Last successful integration check run timestamp',
+    nullable: true,
+  })
+  integrationLastRunAt: Date | null;
+
   @ApiProperty({
     description: 'Department assignment',
     enum: ['none', 'admin', 'gov', 'hr', 'it', 'itsm', 'qms'],
diff --git a/apps/api/src/tasks/dto/task-responses.dto.ts b/apps/api/src/tasks/dto/task-responses.dto.ts
index 3870fe3075..d80661ccf5 100644
--- a/apps/api/src/tasks/dto/task-responses.dto.ts
+++ b/apps/api/src/tasks/dto/task-responses.dto.ts
@@ -85,4 +85,18 @@ export class TaskResponseDto {
     required: false,
   })
   taskTemplateId?: string | null;
+
+  @ApiProperty({
+    description: 'Cadence for running the integration check attached to this task',
+    enum: ['daily', 'weekly', 'monthly', 'quarterly', 'yearly'],
+    example: 'daily',
+  })
+  integrationScheduleFrequency: string;
+
+  @ApiProperty({
+    description: 'Last successful integration check run timestamp',
+    nullable: true,
+    required: false,
+  })
+  integrationLastRunAt?: Date | null;
 }
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/SingleTask.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/SingleTask.tsx
index da560f5361..76a0e39b3f 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/SingleTask.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/SingleTask.tsx
@@ -356,6 +356,7 @@ export function SingleTask({
                 onTaskUpdated={() => mutateTask()}
                 isManualTask={task.automationStatus === 'MANUAL'}
                 scheduleFrequency={task.integrationScheduleFrequency ?? undefined}
+                lastRunAt={task.integrationLastRunAt ?? null}
                 onScheduleChange={
                   canUpdateTask ? handleUpdateIntegrationSchedule : undefined
                 }
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskIntegrationChecks.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskIntegrationChecks.tsx
index 1f1e4aa21d..b8e1034c64 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskIntegrationChecks.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskIntegrationChecks.tsx
@@ -55,6 +55,8 @@ interface TaskIntegrationChecksProps {
   /** Current schedule for integration checks on this task. When provided with
    * `onScheduleChange`, renders a schedule picker in the card header. */
   scheduleFrequency?: TaskFrequency;
+  /** Last successful run timestamp, used to compute the "next run" display. */
+  lastRunAt?: Date | string | null;
   onScheduleChange?: (value: TaskFrequency) => void | Promise<void>;
 }
 
@@ -63,6 +65,7 @@ export function TaskIntegrationChecks({
   onTaskUpdated,
   isManualTask = false,
   scheduleFrequency,
+  lastRunAt,
   onScheduleChange,
 }: TaskIntegrationChecksProps) {
   const params = useParams();
@@ -268,16 +271,29 @@ export function TaskIntegrationChecks({
   const failedRuns = storedRuns.filter((r) => r.status === 'failed' || r.failedCount > 0).length;
   const successRate = totalRuns > 0 ? Math.round((successfulRuns / totalRuns) * 100) : 0;
 
-  // Calculate next scheduled run (daily at 6 AM UTC)
+  // Calculate next scheduled run. Orchestrator fires daily at 6 AM UTC; the
+  // actual task only runs on a tick when `isDueToday(scheduleFrequency,
+  // lastRunAt)` returns true (server-side). We approximate the next qualifying
+  // 6 AM UTC tick here — exact enough for a UI hint, not authoritative.
   const getNextScheduledRun = () => {
     const now = new Date();
-    let nextRun = setMinutes(setHours(new Date(), 6), 0); // 6:00 AM UTC today
-
-    // If we're past 6 AM UTC today, schedule for tomorrow
+    const PERIOD_DAYS: Record<TaskFrequency, number> = {
+      daily: 0,
+      weekly: 7,
+      monthly: 30,
+      quarterly: 91,
+      yearly: 365,
+    };
+    const last = lastRunAt ? new Date(lastRunAt) : null;
+    const periodDays = PERIOD_DAYS[scheduleFrequency ?? 'daily'];
+    const earliestDueFromLast = last
+      ? addDays(last, periodDays)
+      : now;
+    // Snap to next 6 AM UTC at or after the earliest-due date
+    let nextRun = setMinutes(setHours(earliestDueFromLast, 6), 0);
     if (isBefore(nextRun, now)) {
-      nextRun = addDays(nextRun, 1);
+      nextRun = setMinutes(setHours(addDays(now, 1), 6), 0);
     }
-
     return nextRun;
   };
 
diff --git a/apps/app/src/components/schedule-summary.test.tsx b/apps/app/src/components/schedule-summary.test.tsx
index 08238a2a88..88906fa592 100644
--- a/apps/app/src/components/schedule-summary.test.tsx
+++ b/apps/app/src/components/schedule-summary.test.tsx
@@ -8,13 +8,15 @@ describe('ScheduleSummary', () => {
     expect(screen.getByText(/Weekly/)).toBeInTheDocument();
   });
 
-  it('renders a next-run date', () => {
+  it('renders a deterministic YYYY-MM-DD next-run date', () => {
     render(
       <ScheduleSummary
         scheduleFrequency="weekly"
-        lastRunAt={new Date('2026-04-17').toISOString()}
+        lastRunAt={new Date('2026-04-17T00:00:00.000Z').toISOString()}
       />,
     );
-    expect(screen.getByText(/next:/)).toBeInTheDocument();
+    // lastRunAt 2026-04-17 + 7 days = 2026-04-24. Tests render the literal
+    // locale-agnostic YYYY-MM-DD, not a toLocaleDateString() output.
+    expect(screen.getByText(/next: 2026-04-24/)).toBeInTheDocument();
   });
 });
diff --git a/apps/app/src/components/schedule-summary.tsx b/apps/app/src/components/schedule-summary.tsx
index 511c282e8c..120965e45b 100644
--- a/apps/app/src/components/schedule-summary.tsx
+++ b/apps/app/src/components/schedule-summary.tsx
@@ -20,11 +20,21 @@ const PERIOD_DAYS: Record<TaskFrequency, number> = {
 
 // Approximate next-run (months ≈ 30 days). The server's isDueToday helper is the
 // real authority; this is only a UX hint shown on automation cards.
-function computeNextRun(frequency: TaskFrequency, lastRunAt: Date | null): Date {
-  const base = lastRunAt ?? new Date();
+function computeNextRun(frequency: TaskFrequency, lastRunAt: Date | null, now: Date): Date {
+  const base = lastRunAt ?? now;
   return new Date(base.getTime() + PERIOD_DAYS[frequency] * 24 * 60 * 60 * 1000);
 }
 
+// Locale-agnostic YYYY-MM-DD so the rendered string is byte-identical on
+// server vs. client, avoiding React hydration mismatches that
+// `toLocaleDateString()` would introduce under different user locales.
+function formatYmdUtc(d: Date): string {
+  const y = d.getUTCFullYear();
+  const m = String(d.getUTCMonth() + 1).padStart(2, '0');
+  const day = String(d.getUTCDate()).padStart(2, '0');
+  return `${y}-${m}-${day}`;
+}
+
 export function ScheduleSummary({
   scheduleFrequency,
   lastRunAt,
@@ -33,10 +43,14 @@ export function ScheduleSummary({
   lastRunAt: string | Date | null;
 }) {
   const last = lastRunAt ? new Date(lastRunAt) : null;
-  const next = computeNextRun(scheduleFrequency, last);
+  // Anchor "now" to UTC midnight so a render that spans a day boundary
+  // doesn't produce a different next-run date between server and client.
+  const nowUtc = new Date();
+  nowUtc.setUTCHours(0, 0, 0, 0);
+  const next = computeNextRun(scheduleFrequency, last, nowUtc);
   return (
     <span className="text-xs text-muted-foreground">
-      Runs {LABELS[scheduleFrequency]} · next: {next.toLocaleDateString()}
+      Runs {LABELS[scheduleFrequency]} · next: {formatYmdUtc(next)}
     </span>
   );
 }

From 6afa8adea1793d7f728e70bc73e98aef0e8524ba Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Fri, 24 Apr 2026 15:30:58 -0400
Subject: [PATCH 19/24] fix(app): daily period is 1 day in
 TaskIntegrationChecks next-run calc

daily: 0 caused the "next run" display to always skip to tomorrow even
when the task was due today. Align with ScheduleSummary's PERIOD_DAYS map.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../[orgId]/tasks/[taskId]/components/TaskIntegrationChecks.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskIntegrationChecks.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskIntegrationChecks.tsx
index b8e1034c64..43b3d41d52 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskIntegrationChecks.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/components/TaskIntegrationChecks.tsx
@@ -278,7 +278,7 @@ export function TaskIntegrationChecks({
   const getNextScheduledRun = () => {
     const now = new Date();
     const PERIOD_DAYS: Record<TaskFrequency, number> = {
-      daily: 0,
+      daily: 1,
       weekly: 7,
       monthly: 30,
       quarterly: 91,

From f67583646ecfca1c6303c1357589dc74207c38eb Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Sat, 25 Apr 2026 12:12:23 -0400
Subject: [PATCH 20/24] fix(api): include integrationScheduleFrequency in
 createTask response

The TaskResponseDto now declares integrationScheduleFrequency as a
required field; the createTask service method must populate it from
the persisted row to satisfy the contract.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 apps/api/src/tasks/tasks.service.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/apps/api/src/tasks/tasks.service.ts b/apps/api/src/tasks/tasks.service.ts
index 89132aea2f..5a3e57d00c 100644
--- a/apps/api/src/tasks/tasks.service.ts
+++ b/apps/api/src/tasks/tasks.service.ts
@@ -885,6 +885,8 @@ export class TasksService {
         createdAt: task.createdAt,
         updatedAt: task.updatedAt,
         taskTemplateId: task.taskTemplateId,
+        integrationScheduleFrequency: task.integrationScheduleFrequency,
+        integrationLastRunAt: task.integrationLastRunAt,
       };
     } catch (error) {
       console.error('Error creating task:', error);

From 9e4d513ba839e5d8616f613385f41414b6466b88 Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Sat, 25 Apr 2026 12:23:08 -0400
Subject: [PATCH 21/24] fix(app): inline schedule picker on automation
 overview, render label not enum
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replaces EditScheduleDialog with an inline SchedulePicker on the
automation Settings tab — fewer clicks, no Dialog focus-trap quirks
when interacting with the DS Select. Also forces SelectValue to
render the human label (e.g. "Daily") rather than falling back to
the raw enum string when re-opened.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../components/AutomationSettingsDialogs.tsx  | 68 -------------------
 .../components/AutomationOverview.tsx         | 50 +++++++-------
 apps/app/src/components/schedule-picker.tsx   |  2 +-
 3 files changed, 25 insertions(+), 95 deletions(-)

diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/components/AutomationSettingsDialogs.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/components/AutomationSettingsDialogs.tsx
index 78fd3c7b3e..dd7a575a51 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/components/AutomationSettingsDialogs.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/components/AutomationSettingsDialogs.tsx
@@ -1,7 +1,5 @@
 'use client';
 
-import { SchedulePicker } from '@/components/schedule-picker';
-import type { TaskFrequency } from '@db';
 import { Button } from '@trycompai/ui/button';
 import {
   Dialog,
@@ -31,12 +29,6 @@ interface EditDescriptionDialogProps {
   onSuccess?: () => void;
 }
 
-interface EditScheduleDialogProps {
-  open: boolean;
-  onOpenChange: (open: boolean) => void;
-  onSuccess?: () => void;
-}
-
 interface DeleteDialogProps {
   open: boolean;
   onOpenChange: (open: boolean) => void;
@@ -172,66 +164,6 @@ export function EditDescriptionDialog({
   );
 }
 
-export function EditScheduleDialog({
-  open,
-  onOpenChange,
-  onSuccess,
-}: EditScheduleDialogProps) {
-  const { automation, updateAutomation } = useTaskAutomation();
-  const [value, setValue] = useState<TaskFrequency>(
-    automation?.scheduleFrequency ?? 'daily',
-  );
-  const [isSaving, setIsSaving] = useState(false);
-
-  // Keep local state in sync with freshly fetched automation data
-  useEffect(() => {
-    setValue(automation?.scheduleFrequency ?? 'daily');
-  }, [automation?.scheduleFrequency]);
-
-  const handleSave = async () => {
-    setIsSaving(true);
-    try {
-      await updateAutomation({ scheduleFrequency: value });
-      await onSuccess?.();
-      onOpenChange(false);
-      toast.success('Schedule updated');
-    } catch {
-      toast.error('Failed to update schedule');
-    } finally {
-      setIsSaving(false);
-    }
-  };
-
-  return (
-    <Dialog open={open} onOpenChange={onOpenChange}>
-      <DialogContent>
-        <DialogHeader>
-          <DialogTitle>Edit Schedule</DialogTitle>
-          <DialogDescription>
-            Choose how often this automation should run. Changes apply to the next scheduled run.
-          </DialogDescription>
-        </DialogHeader>
-
-        <div className="space-y-4 py-4">
-          <div className="space-y-2">
-            <Label htmlFor="automation-schedule">Frequency</Label>
-            <SchedulePicker value={value} onChange={setValue} disabled={isSaving} />
-          </div>
-        </div>
-
-        <DialogFooter>
-          <Button variant="outline" onClick={() => onOpenChange(false)} disabled={isSaving}>
-            Cancel
-          </Button>
-          <Button onClick={handleSave} disabled={isSaving}>
-            {isSaving ? 'Saving...' : 'Save Changes'}
-          </Button>
-        </DialogFooter>
-      </DialogContent>
-    </Dialog>
-  );
-}
-
 export function DeleteAutomationDialog({ open, onOpenChange, onSuccess }: DeleteDialogProps) {
   const { automation, deleteAutomation } = useTaskAutomation();
   const { orgId, taskId } = useParams<{
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx
index 63bfbb1511..2008a6d6e3 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx
@@ -33,10 +33,8 @@ import {
   executeAutomationScript,
   toggleAutomationEnabled,
 } from '../../../../automation/[automationId]/actions/task-automation-actions';
-import {
-  DeleteAutomationDialog,
-  EditScheduleDialog,
-} from '../../../../automation/[automationId]/components/AutomationSettingsDialogs';
+import { DeleteAutomationDialog } from '../../../../automation/[automationId]/components/AutomationSettingsDialogs';
+import { SchedulePicker } from '@/components/schedule-picker';
 import { useTaskAutomation } from '../../../../automation/[automationId]/hooks/use-task-automation';
 import { AutomationRunsCard } from '../../../../components/AutomationRunsCard';
 import { useAutomationRuns } from '../hooks/use-automation-runs';
@@ -46,14 +44,6 @@ type RunWithAutomationName = EvidenceAutomationRun & {
   evidenceAutomation: { name: string };
 };
 
-const FREQUENCY_LABELS: Record<TaskFrequency, string> = {
-  daily: 'Daily',
-  weekly: 'Weekly',
-  monthly: 'Monthly',
-  quarterly: 'Quarterly',
-  yearly: 'Yearly',
-};
-
 interface AutomationOverviewProps {
   task: Task;
   automation: EvidenceAutomation;
@@ -74,7 +64,7 @@ export function AutomationOverview({
   }>();
 
   const [deleteDialogOpen, setDeleteDialogOpen] = useState(false);
-  const [scheduleDialogOpen, setScheduleDialogOpen] = useState(false);
+  const [isUpdatingSchedule, setIsUpdatingSchedule] = useState(false);
   const [isTogglingEnabled, setIsTogglingEnabled] = useState(false);
   const [isEditingName, setIsEditingName] = useState(false);
   const [nameValue, setNameValue] = useState('');
@@ -154,6 +144,19 @@ export function AutomationOverview({
     }
   };
 
+  const handleScheduleChange = async (value: TaskFrequency) => {
+    setIsUpdatingSchedule(true);
+    try {
+      await updateAutomation({ scheduleFrequency: value });
+      toast.success('Schedule updated');
+      await mutateAutomation();
+    } catch {
+      toast.error('Failed to update schedule');
+    } finally {
+      setIsUpdatingSchedule(false);
+    }
+  };
+
   const handleTestVersion = async () => {
     if (!selectedVersion) return;
     setIsTestingVersion(true);
@@ -394,16 +397,16 @@ export function AutomationOverview({
                   <Stack gap="none">
                     <Text size="sm" weight="medium">Schedule</Text>
                     <Text size="xs" variant="muted">
-                      Current: {FREQUENCY_LABELS[automation.scheduleFrequency ?? 'daily']}
+                      How often this automation runs
                     </Text>
                   </Stack>
-                  <Button
-                    variant="outline"
-                    size="sm"
-                    onClick={() => setScheduleDialogOpen(true)}
-                  >
-                    Edit
-                  </Button>
+                  <div className="w-40">
+                    <SchedulePicker
+                      value={automation.scheduleFrequency ?? 'daily'}
+                      onChange={handleScheduleChange}
+                      disabled={isUpdatingSchedule}
+                    />
+                  </div>
                 </HStack>
 
                 <div className="border-t" />
@@ -437,11 +440,6 @@ export function AutomationOverview({
         onSuccess={mutateAutomation}
       />
 
-      <EditScheduleDialog
-        open={scheduleDialogOpen}
-        onOpenChange={setScheduleDialogOpen}
-        onSuccess={mutateAutomation}
-      />
     </PageLayout>
   );
 }
diff --git a/apps/app/src/components/schedule-picker.tsx b/apps/app/src/components/schedule-picker.tsx
index 574441e3b3..1140f72fde 100644
--- a/apps/app/src/components/schedule-picker.tsx
+++ b/apps/app/src/components/schedule-picker.tsx
@@ -37,7 +37,7 @@ export function SchedulePicker({
   return (
     <Select value={value} onValueChange={handleValueChange} disabled={disabled}>
       <SelectTrigger>
-        <SelectValue placeholder="Select a frequency" />
+        <SelectValue placeholder="Select a frequency">{LABELS[value]}</SelectValue>
       </SelectTrigger>
       <SelectContent>
         {FREQUENCIES.map((freq) => (

From b09f55d0637716ebb8719008af26853f3ae72cb2 Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Sat, 25 Apr 2026 12:26:50 -0400
Subject: [PATCH 22/24] feat(app): metrics schedule + next-run reflect
 frequency in user's TZ
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- MetricsSection now takes scheduleFrequency + lastRunAt and re-derives
  the Schedule and Next Run labels per change.
- "Every day at 9:00 AM UTC" → "Every day at 4:00 AM EST" (or whatever
  the user's locale resolves), and the same TZ is shown on Next Run for
  consistency.
- Both labels are computed client-only to avoid SSR/CSR drift across
  timezones; placeholder em-dash during SSR.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../hooks/use-task-automation.ts              |   1 +
 .../components/AutomationOverview.tsx         |   2 +
 .../components/MetricsSection.test.tsx        | 152 ++++++++++--------
 .../overview/components/MetricsSection.tsx    | 141 +++++++++++-----
 4 files changed, 189 insertions(+), 107 deletions(-)

diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/hooks/use-task-automation.ts b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/hooks/use-task-automation.ts
index a256b11d9f..45bb3d6958 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/hooks/use-task-automation.ts
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automation/[automationId]/hooks/use-task-automation.ts
@@ -15,6 +15,7 @@ interface TaskAutomationData {
   evaluationCriteria?: string;
   isEnabled: boolean;
   scheduleFrequency?: TaskFrequency;
+  lastRunAt?: string | null;
 }
 
 type UpdateAutomationPayload = Partial<
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx
index 2008a6d6e3..329135a712 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/AutomationOverview.tsx
@@ -293,6 +293,8 @@ export function AutomationOverview({
       <MetricsSection
         initialVersions={initialVersions}
         initialRuns={runs}
+        scheduleFrequency={automation.scheduleFrequency ?? 'daily'}
+        lastRunAt={automation.lastRunAt ?? null}
       />
 
       <Tabs defaultValue="history">
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.test.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.test.tsx
index 805db6a275..4c38c2f861 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.test.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.test.tsx
@@ -2,7 +2,7 @@ import { render, screen } from '@testing-library/react';
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
 import { MetricsSection } from './MetricsSection';
 
-describe('MetricsSection (CS-97)', () => {
+describe('MetricsSection (SALE-49)', () => {
   beforeEach(() => {
     // shouldAdvanceTime lets React effects flush on their normal tick
     // while still letting us pin `new Date()` with vi.setSystemTime.
@@ -13,88 +13,114 @@ describe('MetricsSection (CS-97)', () => {
     vi.useRealTimers();
   });
 
-  it('labels the schedule as 9:00 AM UTC (no ambiguous local time)', () => {
-    vi.setSystemTime(new Date('2026-04-16T07:00:00Z'));
-    render(<MetricsSection initialVersions={[]} initialRuns={[]} />);
-    expect(screen.getByText('Every day at 9:00 AM UTC')).toBeInTheDocument();
-  });
-
-  it('uses an SSR-safe placeholder for the next run (defers date formatting to post-mount)', () => {
-    // Verify the initial JSX does NOT synchronously format a Date — that's
-    // the property that keeps SSR and hydration outputs identical. We
-    // simulate "server-side" rendering with renderToString and assert the
-    // Next Run cell specifically contains the em-dash placeholder rather
-    // than a formatted weekday/time. We scope the assertion to the Next Run
-    // card because Success Rate also renders `—` when there are no runs.
+  it('uses an SSR-safe placeholder for schedule + next run (defers date formatting to post-mount)', () => {
     const { renderToString } = require('react-dom/server') as typeof import('react-dom/server');
     vi.setSystemTime(new Date('2026-04-16T07:00:00Z'));
     const html = renderToString(
-      <MetricsSection initialVersions={[]} initialRuns={[]} />,
+      <MetricsSection
+        initialVersions={[]}
+        initialRuns={[]}
+        scheduleFrequency="daily"
+        lastRunAt={null}
+      />,
     );
 
-    // No weekday should appear anywhere in SSR output.
+    // No weekday and no UTC literal in SSR output — defers locale-dependent
+    // formatting to the client-only effect.
     expect(html).not.toMatch(/Mon|Tue|Wed|Thu|Fri|Sat|Sun/);
+    expect(html).not.toMatch(/UTC/);
 
-    // Locate the Next Run cell and assert its value paragraph contains `—`.
-    // Matches: <p ...>Next Run</p><p class="...">—</p>
-    const nextRunCellMatch = html.match(
-      /Next Run[^<]*<\/p>\s*<p[^>]*>([^<]*)<\/p>/,
-    );
-    expect(nextRunCellMatch).not.toBeNull();
-    expect(nextRunCellMatch?.[1]).toBe('—');
+    // Both Schedule and Next Run cells should show the em-dash placeholder.
+    const scheduleCell = html.match(/Schedule[^<]*<\/p>\s*<p[^>]*>([^<]*)<\/p>/);
+    const nextRunCell = html.match(/Next Run[^<]*<\/p>\s*<p[^>]*>([^<]*)<\/p>/);
+    expect(scheduleCell?.[1]).toBe('—');
+    expect(nextRunCell?.[1]).toBe('—');
   });
 
-  it('fills in the next-run label after mount with a concrete weekday, time, and timezone', async () => {
+  it('labels the daily schedule with the user\'s timezone (not UTC)', async () => {
     vi.setSystemTime(new Date('2026-04-16T07:00:00Z'));
-    render(<MetricsSection initialVersions={[]} initialRuns={[]} />);
+    render(
+      <MetricsSection
+        initialVersions={[]}
+        initialRuns={[]}
+        scheduleFrequency="daily"
+        lastRunAt={null}
+      />,
+    );
 
-    // Old hardcoded literals must never appear.
-    expect(screen.queryByText('Every Day 9:00 AM')).not.toBeInTheDocument();
-    expect(screen.queryByText('Tomorrow 9:00 AM')).not.toBeInTheDocument();
+    // After mount: "Every day at <time> <TZ>". Time is locale-formatted, so
+    // we assert the recurring prefix and a timezone abbreviation; we don't
+    // pin the literal time because it depends on the test runner's TZ.
+    const label = await screen.findByText(/^Every day at \d{1,2}:\d{2}\s(AM|PM)\s\S+/);
+    expect(label).toBeInTheDocument();
+    expect(label.textContent).not.toContain('UTC at');
+  });
 
-    // After mount the effect runs and the real label shows up. It must
-    // include an explicit timezone so it's not confused with the UTC
-    // Schedule card next to it — e.g. "Thu 9:00 AM UTC" or "Thu, 12:00 PM EST".
-    // Node/browser locales may insert a comma after the weekday; allow both.
-    const nextRunLabels = await screen.findAllByText(
-      /^(Mon|Tue|Wed|Thu|Fri|Sat|Sun),?\s\d{1,2}:\d{2}\s(AM|PM)\s.+/,
+  it('updates the schedule label when the frequency changes', async () => {
+    vi.setSystemTime(new Date('2026-04-16T07:00:00Z'));
+    const { rerender } = render(
+      <MetricsSection
+        initialVersions={[]}
+        initialRuns={[]}
+        scheduleFrequency="daily"
+        lastRunAt={null}
+      />,
     );
-    expect(nextRunLabels.length).toBeGreaterThan(0);
+    expect(await screen.findByText(/^Every day at /)).toBeInTheDocument();
+
+    rerender(
+      <MetricsSection
+        initialVersions={[]}
+        initialRuns={[]}
+        scheduleFrequency="weekly"
+        lastRunAt={null}
+      />,
+    );
+    expect(await screen.findByText(/^Every week at /)).toBeInTheDocument();
+    expect(screen.queryByText(/^Every day at /)).not.toBeInTheDocument();
   });
 
-  it('picks today (UTC) when the current time is before 09:00 UTC', async () => {
-    // 2026-04-16 07:00 UTC → next run is 2026-04-16 09:00 UTC (same day).
+  it('renders concrete weekday + date + timezone for next run after mount', async () => {
     vi.setSystemTime(new Date('2026-04-16T07:00:00Z'));
-    render(<MetricsSection initialVersions={[]} initialRuns={[]} />);
+    render(
+      <MetricsSection
+        initialVersions={[]}
+        initialRuns={[]}
+        scheduleFrequency="daily"
+        lastRunAt={null}
+      />,
+    );
 
-    const expected = new Date('2026-04-16T09:00:00Z').toLocaleString(
-      undefined,
-      {
-        weekday: 'short',
-        hour: 'numeric',
-        minute: '2-digit',
-        hour12: true,
-        timeZoneName: 'short',
-      },
+    // Format: "Thu, Apr 16, 9:00 AM <TZ>" — must include a timezone short name
+    // so the user isn't left guessing the offset.
+    const nextRunLabels = await screen.findAllByText(
+      /^(Mon|Tue|Wed|Thu|Fri|Sat|Sun),?\s\w+\s\d{1,2},?\s\d{1,2}:\d{2}\s(AM|PM)\s\S+/,
     );
-    expect(await screen.findByText(expected)).toBeInTheDocument();
+    expect(nextRunLabels.length).toBeGreaterThan(0);
   });
 
-  it('picks the next day (UTC) when the current time is past 09:00 UTC', async () => {
-    // 2026-04-16 10:00 UTC → today's run already happened, next is 2026-04-17 09:00 UTC.
-    vi.setSystemTime(new Date('2026-04-16T10:00:00Z'));
-    render(<MetricsSection initialVersions={[]} initialRuns={[]} />);
-
-    const expected = new Date('2026-04-17T09:00:00Z').toLocaleString(
-      undefined,
-      {
-        weekday: 'short',
-        hour: 'numeric',
-        minute: '2-digit',
-        hour12: true,
-        timeZoneName: 'short',
-      },
+  it('pushes the next run forward by 7 days when frequency is weekly with a recent lastRunAt', async () => {
+    // 2026-04-16 07:00 UTC. lastRunAt was today. Weekly → next run ~7 days later.
+    vi.setSystemTime(new Date('2026-04-16T07:00:00Z'));
+    render(
+      <MetricsSection
+        initialVersions={[]}
+        initialRuns={[]}
+        scheduleFrequency="weekly"
+        lastRunAt={new Date('2026-04-16T09:00:00Z')}
+      />,
     );
-    expect(await screen.findByText(expected)).toBeInTheDocument();
+
+    // 2026-04-23 (Thursday)
+    const expectedDate = new Date('2026-04-23T09:00:00Z').toLocaleString(undefined, {
+      weekday: 'short',
+      month: 'short',
+      day: 'numeric',
+      hour: 'numeric',
+      minute: '2-digit',
+      hour12: true,
+      timeZoneName: 'short',
+    });
+    expect(await screen.findByText(expectedDate)).toBeInTheDocument();
   });
 });
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.tsx
index 2d85e4871d..d26210e348 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.tsx
@@ -1,16 +1,64 @@
 'use client';
 
-import type { EvidenceAutomationRun, EvidenceAutomationVersion } from '@db';
+import type { EvidenceAutomationRun, EvidenceAutomationVersion, TaskFrequency } from '@db';
 import { useEffect, useMemo, useState } from 'react';
 
 interface MetricsSectionProps {
   initialVersions: EvidenceAutomationVersion[];
   initialRuns: EvidenceAutomationRun[];
+  scheduleFrequency: TaskFrequency;
+  lastRunAt: Date | string | null;
+}
+
+const FREQUENCY_DESCRIPTIONS: Record<TaskFrequency, string> = {
+  daily: 'Every day',
+  weekly: 'Every week',
+  monthly: 'Every month',
+  quarterly: 'Every quarter',
+  yearly: 'Every year',
+};
+
+const PERIOD_DAYS: Record<TaskFrequency, number> = {
+  daily: 1,
+  weekly: 7,
+  monthly: 30,
+  quarterly: 91,
+  yearly: 365,
+};
+
+// The orchestrator fires daily at 09:00 UTC and decides per-automation whether
+// the schedule says to run today (see apps/api/src/trigger/shared/is-due-today.ts).
+// We approximate the next qualifying tick by adding the frequency's period to
+// `lastRunAt` (or `now` if never run) and snapping to the next 09:00 UTC.
+const ORCHESTRATOR_HOUR_UTC = 9;
+
+function computeNextRunUtc(
+  scheduleFrequency: TaskFrequency,
+  lastRunAt: Date | null,
+  now: Date,
+): Date {
+  const base = lastRunAt ?? now;
+  const candidate = new Date(base.getTime());
+  candidate.setUTCDate(candidate.getUTCDate() + PERIOD_DAYS[scheduleFrequency]);
+  candidate.setUTCHours(ORCHESTRATOR_HOUR_UTC, 0, 0, 0);
+  if (candidate.getTime() <= now.getTime()) {
+    // We're already past the candidate; jump to the next 09:00 UTC tick.
+    const next = new Date(
+      Date.UTC(now.getUTCFullYear(), now.getUTCMonth(), now.getUTCDate(), ORCHESTRATOR_HOUR_UTC),
+    );
+    if (next.getTime() <= now.getTime()) {
+      next.setUTCDate(next.getUTCDate() + 1);
+    }
+    return next;
+  }
+  return candidate;
 }
 
 export function MetricsSection({
   initialVersions,
   initialRuns,
+  scheduleFrequency,
+  lastRunAt,
 }: MetricsSectionProps) {
   const thisWeekRuns = useMemo(() => {
     const now = new Date();
@@ -26,50 +74,57 @@ export function MetricsSection({
     (run) => run.status === 'completed' && run.success && run.evaluationStatus !== 'fail',
   ).length;
   const successRate = totalRuns > 0 ? Math.round((successfulRuns / totalRuns) * 100) : 0;
-  const successRateColor = successRate >= 90 ? 'text-primary' : successRate >= 60 ? 'text-warning' : 'text-destructive';
+  const successRateColor =
+    successRate >= 90 ? 'text-primary' : successRate >= 60 ? 'text-warning' : 'text-destructive';
   const latestRun = initialRuns[0];
 
-  // Automations run daily at 09:00 UTC (see
-  // comp-private/apps/enterprise-api/src/trigger/automation/run-automations-schedule.ts).
-  // Render the schedule explicitly in UTC and the next run in the user's
-  // local timezone so the label matches when it actually fires.
-  //
-  // The next-run label is computed on the client only (useState + useEffect
-  // instead of useMemo) to avoid a hydration mismatch: Node.js renders in
-  // the server's timezone + locale (typically UTC) while the browser renders
-  // in the user's, and `new Date()` can also tick across 09:00 UTC between
-  // the two renders and produce a different weekday. We render `—` during
-  // SSR and fill it in once mounted.
+  // Render schedule + next-run labels client-side only to avoid a hydration
+  // mismatch (Node renders in the server's locale + timezone, the browser in
+  // the user's). We show "—" during SSR and fill in after mount.
+  const [scheduleLabel, setScheduleLabel] = useState<string | null>(null);
   const [nextRunLabel, setNextRunLabel] = useState<string | null>(null);
+  const [lastRunLabel, setLastRunLabel] = useState<string | null>(null);
 
   useEffect(() => {
     const now = new Date();
-    const next = new Date(
-      Date.UTC(
-        now.getUTCFullYear(),
-        now.getUTCMonth(),
-        now.getUTCDate(),
-        9,
-        0,
-        0,
-        0,
-      ),
-    );
-    if (next.getTime() <= now.getTime()) {
-      next.setUTCDate(next.getUTCDate() + 1);
-    }
-    // Include timeZoneName so the label is unambiguous alongside the UTC
-    // Schedule card — otherwise "Fri 12:00 PM" could be mistaken for UTC.
+    const last = lastRunAt ? new Date(lastRunAt) : null;
+    const next = computeNextRunUtc(scheduleFrequency, last, now);
+
+    // Format the recurring time in the user's timezone (e.g., "Every day at
+    // 4:00 AM EST"). Pulling time-of-day from the next-run instant guarantees
+    // the schedule and next-run labels agree about clock time.
+    const timeOfDay = next.toLocaleTimeString(undefined, {
+      hour: 'numeric',
+      minute: '2-digit',
+      hour12: true,
+      timeZoneName: 'short',
+    });
+    setScheduleLabel(`${FREQUENCY_DESCRIPTIONS[scheduleFrequency]} at ${timeOfDay}`);
+
     setNextRunLabel(
       next.toLocaleString(undefined, {
         weekday: 'short',
+        month: 'short',
+        day: 'numeric',
         hour: 'numeric',
         minute: '2-digit',
         hour12: true,
         timeZoneName: 'short',
       }),
     );
-  }, []);
+
+    if (latestRun) {
+      setLastRunLabel(
+        new Date(latestRun.createdAt).toLocaleTimeString(undefined, {
+          hour: 'numeric',
+          minute: '2-digit',
+          hour12: true,
+        }),
+      );
+    } else {
+      setLastRunLabel(null);
+    }
+  }, [scheduleFrequency, lastRunAt, latestRun]);
 
   return (
     <div className="grid grid-cols-2 md:grid-cols-4 divide-x border-y py-4">
@@ -83,7 +138,7 @@ export function MetricsSection({
 
       <div className="px-4">
         <p className="text-xs text-muted-foreground mb-1">Schedule</p>
-        <p className="text-sm font-medium">Every day at 9:00 AM UTC</p>
+        <p className="text-sm font-medium">{scheduleLabel ?? '—'}</p>
       </div>
 
       <div className="px-4">
@@ -95,19 +150,17 @@ export function MetricsSection({
         <p className="text-xs text-muted-foreground mb-1">Last Run</p>
         {latestRun ? (
           <>
-            <p className="text-sm font-medium">
-              {new Date(latestRun.createdAt).toLocaleTimeString(undefined, {
-                hour: 'numeric',
-                minute: '2-digit',
-                hour12: true,
-              })}
-            </p>
-            <p className={`text-xs font-medium ${
-              latestRun.status === 'completed' && latestRun.evaluationStatus !== 'fail'
-                ? 'text-primary'
-                : 'text-destructive'
-            }`}>
-              {latestRun.status === 'completed' && latestRun.evaluationStatus !== 'fail' ? 'Complete' : 'Failed'}
+            <p className="text-sm font-medium">{lastRunLabel ?? '—'}</p>
+            <p
+              className={`text-xs font-medium ${
+                latestRun.status === 'completed' && latestRun.evaluationStatus !== 'fail'
+                  ? 'text-primary'
+                  : 'text-destructive'
+              }`}
+            >
+              {latestRun.status === 'completed' && latestRun.evaluationStatus !== 'fail'
+                ? 'Complete'
+                : 'Failed'}
             </p>
           </>
         ) : (

From 089ad4a6aee26481d60c3d30349a79c9a38f5a7c Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Sat, 25 Apr 2026 12:30:03 -0400
Subject: [PATCH 23/24] fix(app): use @trycompai/ui Select in SchedulePicker

The DS Select uses base-ui internals whose portaled popover fights with
the Radix-based Dialog focus trap (closes immediately on click in
BrowserAutomationConfigDialog). @trycompai/ui Select is Radix-based
like the Dialog, so the two co-operate. Same API shape so callers
don't change. Test mock updated accordingly.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../src/components/schedule-picker.test.tsx   | 22 ++++++++++++++-----
 apps/app/src/components/schedule-picker.tsx   | 14 +++++-------
 2 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/apps/app/src/components/schedule-picker.test.tsx b/apps/app/src/components/schedule-picker.test.tsx
index 6914e28ec5..b77b7127b7 100644
--- a/apps/app/src/components/schedule-picker.test.tsx
+++ b/apps/app/src/components/schedule-picker.test.tsx
@@ -18,7 +18,7 @@ function useMockSelect(): SelectContextValue {
   return ctx;
 }
 
-vi.mock('@trycompai/design-system', () => ({
+vi.mock('@trycompai/ui/select', () => ({
   Select: ({
     value,
     onValueChange,
@@ -43,9 +43,17 @@ vi.mock('@trycompai/design-system', () => ({
     );
   },
   SelectContent: ({ children }: { children: ReactNode }) => <div>{children}</div>,
-  SelectValue: ({ placeholder }: { placeholder?: string }) => {
+  SelectValue: ({
+    placeholder,
+    children,
+  }: {
+    placeholder?: string;
+    children?: ReactNode;
+  }) => {
     const { value } = useMockSelect();
-    return <span>{value || placeholder}</span>;
+    // Mirror the real Radix behavior: render `children` (the label) when
+    // `value` is set, otherwise the placeholder.
+    return <span>{value ? (children ?? value) : placeholder}</span>;
   },
   SelectItem: ({ value, children }: { value: string; children: ReactNode }) => {
     const { onValueChange } = useMockSelect();
@@ -57,13 +65,15 @@ vi.mock('@trycompai/design-system', () => ({
   },
 }));
 
-// Import AFTER mock is declared so the component uses mocked DS components.
+// Import AFTER mock is declared so the component uses the mocked Select.
 import { SchedulePicker } from './schedule-picker';
 
 describe('SchedulePicker', () => {
-  it('renders the current value', () => {
+  it('renders the current value as a capitalized label', () => {
     render(<SchedulePicker value="weekly" onChange={() => {}} />);
-    expect(screen.getByText('Weekly')).toBeInTheDocument();
+    // The trigger displays the human label (via SelectValue children),
+    // not the raw enum.
+    expect(screen.getByRole('combobox')).toHaveTextContent('Weekly');
   });
 
   it('calls onChange when a new option is picked', () => {
diff --git a/apps/app/src/components/schedule-picker.tsx b/apps/app/src/components/schedule-picker.tsx
index 1140f72fde..a7c404d9f1 100644
--- a/apps/app/src/components/schedule-picker.tsx
+++ b/apps/app/src/components/schedule-picker.tsx
@@ -7,7 +7,7 @@ import {
   SelectItem,
   SelectTrigger,
   SelectValue,
-} from '@trycompai/design-system';
+} from '@trycompai/ui/select';
 
 const LABELS: Record<TaskFrequency, string> = {
   daily: 'Daily',
@@ -28,14 +28,12 @@ export function SchedulePicker({
   onChange: (value: TaskFrequency) => void;
   disabled?: boolean;
 }) {
-  const handleValueChange = (next: TaskFrequency | null) => {
-    if (next !== null) {
-      onChange(next);
-    }
-  };
-
   return (
-    <Select value={value} onValueChange={handleValueChange} disabled={disabled}>
+    <Select
+      value={value}
+      onValueChange={(next) => onChange(next as TaskFrequency)}
+      disabled={disabled}
+    >
       <SelectTrigger>
         <SelectValue placeholder="Select a frequency">{LABELS[value]}</SelectValue>
       </SelectTrigger>

From b8f0081140da3029bb2807a561c5543c4d2298fb Mon Sep 17 00:00:00 2001
From: Mariano <marfuen98@gmail.com>
Date: Sat, 25 Apr 2026 12:36:36 -0400
Subject: [PATCH 24/24] fix(app): show next-run as next tick (not now + period)
 when never run

For null lastRunAt the orchestrator's isDueToday short-circuits to true,
so the automation runs on the very next 09:00 UTC tick. The previous
math added a full period to "now", over-projecting a never-run weekly
automation a full week into the future.

Apply the same fix to ScheduleSummary on automation cards.

Also tighten the MetricsSection test's UTC-absence assertion to use a
word-boundary regex so it can't pass on a label that legitimately
contains "UTC".

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../components/MetricsSection.test.tsx        |  2 +-
 .../overview/components/MetricsSection.tsx    | 32 +++++++++++--------
 apps/app/src/components/schedule-summary.tsx  |  8 +++--
 3 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.test.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.test.tsx
index 4c38c2f861..578927f1b3 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.test.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.test.tsx
@@ -53,7 +53,7 @@ describe('MetricsSection (SALE-49)', () => {
     // pin the literal time because it depends on the test runner's TZ.
     const label = await screen.findByText(/^Every day at \d{1,2}:\d{2}\s(AM|PM)\s\S+/);
     expect(label).toBeInTheDocument();
-    expect(label.textContent).not.toContain('UTC at');
+    expect(label.textContent).not.toMatch(/\bUTC\b/);
   });
 
   it('updates the schedule label when the frequency changes', async () => {
diff --git a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.tsx b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.tsx
index d26210e348..442bb73945 100644
--- a/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.tsx
+++ b/apps/app/src/app/(app)/[orgId]/tasks/[taskId]/automations/[automationId]/overview/components/MetricsSection.tsx
@@ -37,21 +37,27 @@ function computeNextRunUtc(
   lastRunAt: Date | null,
   now: Date,
 ): Date {
-  const base = lastRunAt ?? now;
-  const candidate = new Date(base.getTime());
-  candidate.setUTCDate(candidate.getUTCDate() + PERIOD_DAYS[scheduleFrequency]);
-  candidate.setUTCHours(ORCHESTRATOR_HOUR_UTC, 0, 0, 0);
-  if (candidate.getTime() <= now.getTime()) {
-    // We're already past the candidate; jump to the next 09:00 UTC tick.
-    const next = new Date(
-      Date.UTC(now.getUTCFullYear(), now.getUTCMonth(), now.getUTCDate(), ORCHESTRATOR_HOUR_UTC),
-    );
-    if (next.getTime() <= now.getTime()) {
-      next.setUTCDate(next.getUTCDate() + 1);
+  // Never-run automations: the orchestrator's `isDueToday` short-circuits to
+  // true on a null lastRunAt, so the next run is the next 09:00 UTC tick. Do
+  // NOT add the period — that would push the displayed next-run a full week/
+  // month into the future and contradict the actual scheduler behavior.
+  if (lastRunAt !== null) {
+    const candidate = new Date(lastRunAt.getTime());
+    candidate.setUTCDate(candidate.getUTCDate() + PERIOD_DAYS[scheduleFrequency]);
+    candidate.setUTCHours(ORCHESTRATOR_HOUR_UTC, 0, 0, 0);
+    if (candidate.getTime() > now.getTime()) {
+      return candidate;
     }
-    return next;
   }
-  return candidate;
+  // Either never run, or the period-aligned candidate is already in the past;
+  // both fall through to "next 09:00 UTC tick from now".
+  const next = new Date(
+    Date.UTC(now.getUTCFullYear(), now.getUTCMonth(), now.getUTCDate(), ORCHESTRATOR_HOUR_UTC),
+  );
+  if (next.getTime() <= now.getTime()) {
+    next.setUTCDate(next.getUTCDate() + 1);
+  }
+  return next;
 }
 
 export function MetricsSection({
diff --git a/apps/app/src/components/schedule-summary.tsx b/apps/app/src/components/schedule-summary.tsx
index 120965e45b..725dca0b36 100644
--- a/apps/app/src/components/schedule-summary.tsx
+++ b/apps/app/src/components/schedule-summary.tsx
@@ -20,9 +20,13 @@ const PERIOD_DAYS: Record<TaskFrequency, number> = {
 
 // Approximate next-run (months ≈ 30 days). The server's isDueToday helper is the
 // real authority; this is only a UX hint shown on automation cards.
+//
+// When `lastRunAt` is null the orchestrator picks the automation up on its
+// next tick, so we show "now" rather than now + period (which would over-
+// project a full period into the future).
 function computeNextRun(frequency: TaskFrequency, lastRunAt: Date | null, now: Date): Date {
-  const base = lastRunAt ?? now;
-  return new Date(base.getTime() + PERIOD_DAYS[frequency] * 24 * 60 * 60 * 1000);
+  if (lastRunAt === null) return now;
+  return new Date(lastRunAt.getTime() + PERIOD_DAYS[frequency] * 24 * 60 * 60 * 1000);
 }
 
 // Locale-agnostic YYYY-MM-DD so the rendered string is byte-identical on