Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Three pre-existing direct calls to `BackgroundCheckIdentityClient.createBackgroundCheck()` in the spec file were missing the newly required `attempt` field, causing TS2345 type errors after Task 2 made `attempt: number` required in the client signature. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…o bring service under 300 lines; add missing not-found test - Extract `cancelForMember` and `retryForMember` to `background-check-retry.ts` following the existing `background-check-report-snapshot.ts` helper pattern, bringing `background-checks.service.ts` from 376 to 293 lines - Add missing `throws when no check exists` test to the `retryForMember` suite, matching the parallel coverage in `cancelForMember` (NotFoundException at service.ts:304 was previously untested) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Remove inner `{backgroundCheck && ...}` wrapper inside the
`if (backgroundCheck)` branch — the inner condition was always truthy.
- Fix the `onChange` callback type mismatch (void vs Promise<void>).
- Add two tests that pass a non-null `initialBackgroundCheck` and assert
that Retry/Cancel buttons from `BackgroundCheckAdminActions` render.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
Author
|
@cubic-dev-ai ultrareview this |
Contributor
@Marfuen Starting ultrareview - a deeper analysis than a regular review. I'll post findings when complete. |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Ultrareview completed in 11m 18s
4 issues found across 20 files
Confidence score: 3/5
- There is some meaningful regression risk here:
apps/api/src/background-checks/background-checks.service.tsforcing initial requests toattempt: 0can reuse the first idempotency key after delete/re-request, which may block creating a truly fresh vendor check in CS-475 resubmissions. - The most severe backend behavior concern is in
apps/api/src/background-checks/background-check-retry.ts, where retry failure can overwrite cancelled checks to failed, potentially allowing late webhook status resurrection on records that should stay cancelled. apps/api/src/background-checks/background-check-retry.tsalso appears to allow delete across any background-check status instead of limiting to error-recovery states, andapps/app/src/app/(app)/[orgId]/people/[employeeId]/components/BackgroundCheckAdminActions.tsxcan leave delete pre-confirmed after Retry/Cancel, creating avoidable user-action risk.- Pay close attention to
apps/api/src/background-checks/background-checks.service.ts,apps/api/src/background-checks/background-check-retry.ts, andapps/app/src/app/(app)/[orgId]/people/[employeeId]/components/BackgroundCheckAdminActions.tsx- idempotency, cancellation integrity, delete guardrails, and UI confirmation state need validation.
Linked issue analysis
Linked issue: CS-475: [QOL] - Create admin options to allow to cancel/delete background checks
| Status | Acceptance criteria | Notes |
|---|---|---|
| ✅ | Add admin actions (Retry / Cancel / Delete) surfaced in the employee Background Check tab and gated by RBAC | Frontend component added and wired into the employee Background Check UI; it checks permissions before rendering and shows the correct buttons per status. |
| ✅ | Expose API endpoints to retry, cancel, and delete a member background check | Controller routes and HTTP methods were added with permission decorators and appropriate summaries. |
| ✅ | Retry resubmits a failed/cancelled check free of charge, varies idempotency key per attempt, and increments rerunCount | Service logic creates a new Identity check with an attempt-based idempotency key, updates the DB with the new identity id, and increments rerunCount; identity client constructs the idempotency key based on attempt; migration and schema add rerunCount. |
| ✅ | Cancel marks in-flight checks cancelled and prevents late vendor webhooks from resurrecting the record | Cancel service updates status to cancelled; webhook handler early-returns when record.status === cancelled so later webhooks don't change state; tests assert no update occurs for cancelled rows. |
| ✅ | Delete hard-deletes the background check record (cascading webhook events) and frees the organization+member unique slot | Delete service deletes the DB record; service/controller wrappers added and tests confirm deletion behavior and errors when missing. |
| ✅ | Enforce state-machine guards for allowed transitions (e.g., can't retry completed, can't cancel completed) | assertTransitionAllowed enforces allowed statuses for cancel/retry and service tests verify invalid transitions are rejected. |
| ✅ | RBAC: actions require appropriate permissions and auditors cannot update/delete | Controller methods are decorated with RequirePermission; frontend checks usePermissions to gate UI; tests mock permissions and assert rendered buttons and controller delegation. |
Reply with feedback, questions, or to request a fix.
Fix all with cubic | Re-trigger cubic
- Key Identity idempotency on the record id (not memberId) so a delete + re-request creates a fresh vendor check instead of colliding (P1) - Retry failure restores the prior status instead of forcing 'failed', preserving the cancelled webhook terminal-guard (P1) - Clear the pending delete confirmation when Retry/Cancel is clicked (P2) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Contributor
Author
|
@cubic-dev-ai ultrareview this again |
Contributor
@Marfuen Ultrareview monthly budget exhausted (12/12 used). Budget resets at the start of next month. |
Contributor
Author
|
@cubic-dev-ai review this |
Contributor
@Marfuen I have started the AI code review. It will take a few minutes to complete. |
Contributor
Author
|
@cubic-dev-ai review this |
Contributor
@Marfuen I have started the AI code review. It will take a few minutes to complete. |
Contributor
There was a problem hiding this comment.
cubic analysis
No issues found across 20 files
Confidence score: 5/5
- Automated review surfaced no issues in the provided summaries.
- No files require special attention.
Linked issue analysis
Linked issue: CS-475: [QOL] - Create admin options to allow to cancel/delete background checks
| Status | Acceptance criteria | Notes |
|---|---|---|
| ✅ | Add admin Retry action that resubmits a failed/cancelled background check (free), increments a rerun/attempt counter, and uses a per-attempt idempotency key so the vendor creates a fresh check. | retryForMember creates a new Identity request with idempotencyKey `comp-background-check:{existing.id}:{attempt}`, increments rerunCount, and the tests assert no charge and the idempotency key usage. |
| ✅ | Add admin Cancel action to mark an in-flight check (invited / in_progress / in_review) cancelled and ensure late vendor webhooks cannot resurrect it. | cancelForMember enforces allowed statuses and updates status to cancelled; webhook handler short-circuits when record.status === cancelled; tests verify cancelled record is not updated by webhooks. |
| ✅ | Add admin Delete action to hard-delete the background check record (cascading webhook events) and free the organization+member unique slot for a fresh request. | deleteForMember performs a hard delete; controller exposes DELETE endpoint; tests verify delete called and that it frees the slot (delete invoked). |
| ✅ | Expose API endpoints for admin actions: POST /v1/people/:id/background-check/retry, POST .../cancel, and DELETE /v1/people/:id/background-check (RBAC protected). | Controller adds routes with RequirePermission('member','update'/'delete'); controller tests exercise delegation to service methods. |
| ✅ | Enforce state-machine guards so invalid transitions are rejected (e.g., cannot retry a completed or in_progress check when not allowed). | assertTransitionAllowed enumerates allowed states for cancel/retry and is used before state changes; tests assert rejected transitions (e.g., retrying in_progress, cancelling completed). |
| ✅ | Frontend: Add BackgroundCheckAdminActions component in the employee Background Check tab, permission-gated, with two-step delete confirmation and behavior to clear pending delete when Retry/Cancel is clicked. | New component implements Retry/Cancel/Delete flows, uses permission checks, supports two-step delete and clears confirm on retry; integrated into EmployeeBackgroundCheck component; frontend tests verify UI and behaviors. |
| ✅ | DB migration: add rerunCount column to background_check_requests defaulting to 0. | Prisma schema updated and migration SQL added to add rerunCount column with default 0. |
| ✅ | Retries are free (do not create a new charge / reuse original payment) as described. | retry path creates an Identity check and updates the record without invoking paymentService.charge; tests confirm charge is not called during retry. |
| Auditors are excluded automatically (no update/delete) per PR description. | Controller routes are permission-gated and frontend checks permissions, but there is no explicit change in this PR showing a named 'auditor' exclusion rule — this likely relies on existing permission system configuration outside these diffs. |
claudfuen
pushed a commit
that referenced
this pull request
Jun 2, 2026
# [3.67.0](v3.66.2...v3.67.0) (2026-06-02) ### Bug Fixes * **api:** guarantee non-null SoA justification on YES defaults ([7f564df](7f564df)) * **api:** include a default justification on SoA ([732f262](732f262)) * **app:** able to edit the justification ([2939178](2939178)) * **app:** fix empty justification issue on SoA ([43fa889](43fa889)) * **app:** keep SoA justification dialog open when save fails ([a5621cb](a5621cb)) * **app:** return a generic default when no family match on SoA ([6682be1](6682be1)) * **app:** show default justification at all times on SoA ([13f468a](13f468a)) * **background-checks:** move admin actions into the status card footer ([#2998](#2998)) ([dcd4b4d](dcd4b4d)) * **people:** stop tracking background checks for auditor-only members (CS-416) ([#2995](#2995)) ([4e7d57d](4e7d57d)) ### Features * **admin:** add Finding Templates management to admin panel ([c381397](c381397)) * **background-checks:** admin cancel/delete/retry (CS-475) ([#2993](#2993)) ([51c3b3d](51c3b3d)) * **background-checks:** hourly reconciliation for stuck checks (CS-473) ([#2996](#2996)) ([3d6e609](3d6e609))
Contributor
|
🎉 This PR is included in version 3.67.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CS-475 — Admin cancel / delete / retry for background checks
Relates to: https://linear.app/compai/issue/CS-475
Problem
Customers get blocked when a background check errors.
BackgroundCheckRequesthas@@unique([organizationId, memberId])(one row per member), sorequestForMember()silently returns the stuck/errored row — there's currently no way to clear, cancel, or re-run it.What this adds
Three admin actions on a member's background check, surfaced in the employee Background Check tab and gated by RBAC:
member:update) — resubmit afailed/cancelledcheck. Free (reuses the original payment, no new charge), resets the record in place, keeps webhook history. Varies the Identity idempotency key by attempt (comp-background-check:{memberId}:{attempt}) so a genuinely fresh vendor check is created instead of the deduped old one.member:update) — stop aninvited/in_progress/in_reviewcheck Comp-side (writes the existing-but-unusedcancelledstatus).handleWebhooknow ignores events for cancelled rows so a late Identity webhook can't resurrect it.member:delete) — hard-delete the record (cascades webhook events), freeing the unique constraint so a fresh request can be made.A state-machine guard rejects invalid transitions (e.g. retrying a
completedcheck). Auditors are excluded automatically (noupdate/delete).Changes
rerunCountcolumn + migration.POST /v1/people/:id/background-check/retry,…/cancel,DELETE /v1/people/:id/background-check; newcancelForMember/retryForMember/deleteForMemberservice methods; attempt-aware Identity client; webhook terminal-guard for cancelled rows.BackgroundCheckAdminActionscomponent (status + permission gated, two-step delete confirm) wired into the employee Background Check tab.Testing
jest src/background-checks→ 41/41 passing (8 suites), incl. new controller + service tests.BackgroundCheckAdminActions5/5;EmployeeBackgroundCheck17/17.main, untouched here.Decisions / scope
Notes for reviewers
turbo typecheckis not fully green due to pre-existing issues unrelated to this PR (@trycompai/billingdist/not built in fresh worktrees; errors inrisks/training/timelines/offboarding-checklist/etc.). No typecheck errors in any file changed here.docs/superpowers/(gitignored / local only).Draft until manual click-through verification of retry/cancel/delete in the running app.
🤖 Generated with Claude Code
Summary by cubic
Adds admin actions to retry, cancel, or delete a member’s background check so stuck requests can be cleared and resubmitted (CS-475). Ensures fresh vendor checks on both new requests and retries via record-scoped idempotency, and blocks late webhooks from changing cancelled checks.
New Features
failed/cancelled, incrementsrerunCount, uses Identity Idempotency-Keycomp-background-check:{backgroundCheckRequestId}(create) andcomp-background-check:{backgroundCheckRequestId}:{attempt}(retries), resets statuses/report in place, and on retry failure restores the prior status to preserve the cancelled terminal guard.invited/in_progress/in_review→cancelled; webhook records the event but ignores status changes for cancelled rows.POST /v1/people/:id/background-check/retry,POST /v1/people/:id/background-check/cancel,DELETE /v1/people/:id/background-check; retry passes requester email; state guards block invalid transitions.BackgroundCheckAdminActionsin the employee Background Check tab, permission-gated with confirm-before-delete; clears a pending delete confirm on Retry/Cancel.Migration
rerunCounttobackground_check_requests(default 0). Run Prisma migrations.Written for commit a149fa4. Summary will update on new commits.