Matt
4b5f85cb7d
Bundles the prior session's 50-task fix sweep (Documenso v2 + EOI/signing-
progress redesign + env-to-admin migration + dev-mode banner) with the
2026-05-18 audit fix wave (3 CRITICAL, 14 HIGH, 28 MEDIUM, 6 LOW).
CRITICAL (3):
- C-01 interest-berths INNER JOIN -> LEFT JOIN so hard-deleted berths
no longer silently drop interest links
- C-02 /setup added to PUBLIC_PATHS; fresh-deploy bootstrap loop fixed
- C-03 generic PATCH /interests/[id] no longer accepts pipelineStage —
callers must go through /stage with the override-guard chain
HIGH (14/15):
- H-01 explicit ON DELETE on previously-implicit NO ACTION FKs across
interests/documents/reservations/reminders/invoices (migration 0070)
- H-02 login page reads ?redirect= param with same-origin guard
- H-03 CRM invite token moves to URL fragment so it never lands in
nginx access logs / Referer headers
- H-04 Retry-After header on sign-in-by-identifier 429 (RFC 6585 §4)
- H-05 toggleAccount writes an audit row
- H-06 upsertSetting masks any value whose key ends with _encrypted
- H-07 archiveClient cascade fires per-interest audit rows
- H-08 createSalesTransporter applies SMTP_TIMEOUTS
- H-09 AppShell stable children — viewport flip across breakpoint no
longer destroys in-progress form drafts
- H-10 portal documents page swaps Unicode glyph status icons for
Lucide CheckCircle2/XCircle/Circle + aria-labels
- H-12 list components swap alert(...) for toast.warning(...)
- H-13 5 icon-only buttons gain aria-label
- H-14 parseBody treats empty bodies as {}
- H-15 admin layout renders a 403 panel instead of silent bounce
- H-11 not applicable — mobile-search-overlay IS a mobile bottom-sheet
MEDIUM (28+):
- M-MT01-05 defense-in-depth port_id/parent-id filters on UPDATE/DELETE
WHEREs across custom-fields, notes (all 6 entity types x update +
delete), client-contacts, yacht ownerClient lookup, webhook reads
- M-D01 documents-hub realtime event-name typo (file:created -> uploaded)
- M-EM01 portal-auth emails thread through portId
- M-EM02 sendEmail accepts cc/bcc params
- M-EM04 notification_digest catalog key
- M-IN01 portal presigned download URLs use 4h TTL
- M-IN02 OpenAI client lazy-instantiated
- M-IN04 stale pdfme refs updated to pdf-lib AcroForm
- M-IN05 umami.testConnection returns tagged union
- M-L01 reservations tenure_type unified with berths
- M-L02 report-generators canonicalize stage values
- M-AU01 audit log placeholder copy fixed
- M-AU04 outcome_set / outcome_cleared distinct audit verbs
- M-NEW-2 activity feed entity name+type separator
- M-R01 portal allowlist narrowed + portal_session backstop in proxy
- M-SC02 companies archived partial index
- M-SC04 audit_logs.searchText documented as DB-managed
- M-S01 storage_s3_access_key_encrypted admin field
- M-U01 audit log empty state uses <EmptyState>
- M-U09 invoice delete dialog -> <AlertDialog>
- M-U10 toast.success on ClientForm + InterestForm create/edit
- M-U11 settings-form-card logo preview alt text
- M-U14 mobile topbar title on clients/yachts/interests/berths
- M-U15 Invoices in mobile More-sheet
LOW (6/8):
- L-AU01 severity defaults for security-relevant verbs
- L-AU02 +13 missing actions in admin audit filter
- L-AU03 +7 missing entity types in admin audit filter
- L-AU04 dead listAuditLogs stubbed
- L-D02 CLAUDE.md Owner-wins chain tightened
Bonus — Document detail polish (#67 partial, 3/6 deliverables):
- state-aware action button per signer
- watcher Add UI with display-name resolution
- cleanSignerName cleanup
Prior session work bundled in:
- Documenso v2 webhook + envelope-ID normalization + sequential signing
- SigningProgress UI redesign (avatars, per-signer state, timestamps)
- env->admin settings registry + RegistryDrivenForm + encrypted creds
- Embedded-signing card + Test connection + setup help
- Dev-mode EMAIL_REDIRECT_TO banner
- Pipeline rules admin page
- Sales email config card
- Audit log details Sheet
- EOI tab: Finalising badge, absolute timestamps, sequential indicator
- Notes pipeline_stage_at_creation (migration 0069)
- Documenso numeric ID dual-key webhook (migration 0068)
- Dimensions criterion copy (migration 0067)
Tests: 1374/1374 vitest pass. tsc clean. lint clean.
See docs/AUDIT-FIX-WAVE-2026-05-18.md for the full progress report and
the user-input items still pending.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
159 lines
5.4 KiB
TypeScript
159 lines
5.4 KiB
TypeScript
/**
|
|
* Backfill `document_signers` rows for EOI documents that were generated
|
|
* before the per-recipient signer-row insert landed (pre-2026-05-15).
|
|
*
|
|
* Symptom on the affected docs: the EOI tab's "Signing progress" panel
|
|
* reads "No signers loaded" forever because the webhook handler updates
|
|
* existing rows (by token / email) and never inserts new ones.
|
|
*
|
|
* This script walks every documents row that has a documensoId, status
|
|
* in ('sent', 'partially_signed', 'completed'), and zero signer rows.
|
|
* For each, it pulls the envelope from Documenso and recreates the
|
|
* signer rows from the recipients array. Idempotent — safe to re-run.
|
|
*
|
|
* Usage:
|
|
* pnpm tsx scripts/backfill-eoi-signers.ts # dry-run, lists candidates
|
|
* pnpm tsx scripts/backfill-eoi-signers.ts --apply # actually inserts
|
|
*/
|
|
|
|
import 'dotenv/config';
|
|
import { and, inArray, isNotNull, sql } from 'drizzle-orm';
|
|
|
|
import { db, closeDb } from '@/lib/db';
|
|
import { documents, documentSigners } from '@/lib/db/schema/documents';
|
|
import { getDocument as getDocumensoDoc } from '@/lib/services/documenso-client';
|
|
import { logger } from '@/lib/logger';
|
|
|
|
interface BackfillStats {
|
|
scanned: number;
|
|
withZeroSigners: number;
|
|
inserted: number;
|
|
failed: number;
|
|
skipped: number;
|
|
}
|
|
|
|
async function main() {
|
|
const apply = process.argv.includes('--apply');
|
|
|
|
// 1. Find candidate documents: in-flight or completed EOIs with a
|
|
// documensoId and no signer rows.
|
|
const candidates = await db
|
|
.select({
|
|
id: documents.id,
|
|
portId: documents.portId,
|
|
documensoId: documents.documensoId,
|
|
status: documents.status,
|
|
documentType: documents.documentType,
|
|
title: documents.title,
|
|
signerCount: sql<number>`(
|
|
SELECT COUNT(*)::int FROM ${documentSigners}
|
|
WHERE ${documentSigners.documentId} = ${documents.id}
|
|
)`,
|
|
})
|
|
.from(documents)
|
|
.where(
|
|
and(
|
|
inArray(documents.status, ['sent', 'partially_signed', 'completed']),
|
|
isNotNull(documents.documensoId),
|
|
),
|
|
);
|
|
|
|
const stats: BackfillStats = {
|
|
scanned: candidates.length,
|
|
withZeroSigners: 0,
|
|
inserted: 0,
|
|
failed: 0,
|
|
skipped: 0,
|
|
};
|
|
|
|
const needsBackfill = candidates.filter((c) => c.signerCount === 0);
|
|
stats.withZeroSigners = needsBackfill.length;
|
|
|
|
console.log(
|
|
`Scanned ${stats.scanned} document${stats.scanned === 1 ? '' : 's'}; ${stats.withZeroSigners} need backfill.`,
|
|
);
|
|
if (!apply) {
|
|
console.log('\nDRY RUN (pass --apply to insert):');
|
|
for (const doc of needsBackfill) {
|
|
console.log(` - ${doc.id} (${doc.title}) — port=${doc.portId}, status=${doc.status}`);
|
|
}
|
|
await closeDb();
|
|
return;
|
|
}
|
|
|
|
// 2. For each candidate, fetch the envelope from Documenso and insert
|
|
// the signer rows. Failures are logged + counted; processing
|
|
// continues so one broken doc doesn't halt the run.
|
|
for (const doc of needsBackfill) {
|
|
if (!doc.documensoId) {
|
|
stats.skipped++;
|
|
continue;
|
|
}
|
|
try {
|
|
const envelope = await getDocumensoDoc(doc.documensoId, doc.portId);
|
|
if (envelope.recipients.length === 0) {
|
|
logger.warn({ documentId: doc.id }, 'Backfill: envelope has no recipients — skipping');
|
|
stats.skipped++;
|
|
continue;
|
|
}
|
|
|
|
// Use the same role-mapping logic as the create-time flow:
|
|
// - signingOrder=1 + role SIGNER → 'client' (positional)
|
|
// - SIGNER otherwise → 'signer'
|
|
// - APPROVER → 'approver'
|
|
// - CC / VIEWER → pass-through
|
|
const rows = envelope.recipients.map((r) => {
|
|
const cleanName = (r.name || r.email)
|
|
.replace(/\s*\(was:[^)]*\)/i, '')
|
|
.replace(/\s*\(placeholder\)/i, '')
|
|
.trim();
|
|
const upRole = r.role.toUpperCase();
|
|
const role =
|
|
upRole === 'SIGNER' && r.signingOrder === 1
|
|
? 'client'
|
|
: upRole === 'APPROVER'
|
|
? 'approver'
|
|
: upRole === 'CC'
|
|
? 'cc'
|
|
: upRole === 'VIEWER'
|
|
? 'viewer'
|
|
: 'signer';
|
|
return {
|
|
documentId: doc.id,
|
|
signerName: cleanName || r.email,
|
|
signerEmail: r.email,
|
|
signerRole: role,
|
|
signingOrder: r.signingOrder,
|
|
status: (r.status === 'SIGNED' ? 'signed' : 'pending') as 'signed' | 'pending',
|
|
signingUrl: r.signingUrl ?? null,
|
|
embeddedUrl: r.embeddedUrl ?? null,
|
|
signingToken: r.token ?? null,
|
|
// No invitedAt — the backfill can't reconstruct the original
|
|
// dispatch timestamp. Reps see the card as "Not yet invited"
|
|
// for any pending signer; clicking Send invitation re-stamps.
|
|
invitedAt: null,
|
|
};
|
|
});
|
|
|
|
await db.insert(documentSigners).values(rows);
|
|
stats.inserted += rows.length;
|
|
console.log(` ✓ ${doc.id} (${doc.title}) — inserted ${rows.length} signer row(s)`);
|
|
} catch (err) {
|
|
stats.failed++;
|
|
logger.error(
|
|
{ err: err instanceof Error ? err.message : err, documentId: doc.id },
|
|
'Backfill failed for document',
|
|
);
|
|
console.log(` ✗ ${doc.id} — ${err instanceof Error ? err.message : 'unknown error'}`);
|
|
}
|
|
}
|
|
|
|
console.log(`\nDone. inserted=${stats.inserted} failed=${stats.failed} skipped=${stats.skipped}`);
|
|
await closeDb();
|
|
}
|
|
|
|
main().catch((err) => {
|
|
console.error(err);
|
|
process.exit(1);
|
|
});
|