Pull Request Explorer

Summary

Fix integration dropdowns staying open

Ensures users can interact with integration settings without accidental closure, improving usability in legacy modal.

Health Assessment

• • Quick fix with minimal rework, low risk, fast review.

Summary

Fix integration config dropdown anchoring

Ensures dropdowns in integration settings open correctly, remain anchored to their fields, and are clickable within modals, improving user experience and preventing mispositioning bugs.

Health Assessment

• • Quick, single‑commit fix with no rework, minimal scope, and no blockers.

Summary

Fix AWS role assumption via two‑hop chain

Fixes AWS evidence checks by assuming customer roles through a two‑hop chain via our roleAssumer, eliminating "Could not assume AWS role" failures and supporting commercial and GovCloud partitions.

Health Assessment

• • Quick, single‑file change with no rework; fast review and merge cycle; minimal risk to production

Summary

Fix integration modal dropdowns to stay open

Ensures dropdowns in integration configuration modals remain open and selectable, improving user experience across all integrations.

Health Assessment

• • Quick fix with minimal changes, no rework, low risk.

Summary

Fix service card evidence task count mismatch

Aligns service card counts with detail page, reducing user confusion.

Health Assessment

• • Fast cycle time with minimal rework and automated review support indicates a low-risk bug fix.

Summary

Hide evidence tasks not added to org

Removes misleading "Not added" labels from integration views, ensuring only existing tasks are shown and counts match, improving user clarity.

Health Assessment

• • Fast review and merge with minimal changes; no blockers or complex discussion.

Summary

Fix AWS evidence automation region handling

Corrects AWS evidence automation failures by preserving region arrays and aligning credential types, ensuring manual runs match scheduled runs.

Health Assessment

• • Rapid resolution with minimal rework; AI assistance streamlined fix.

Summary

Add cloud services as evidence integrations

Surfaces AWS, GCP, and Azure cloud-posture services as integration-platform integrations whose checks satisfy evidence tasks.

Health Assessment

• • Multiple review rounds and commits indicate significant rework and potential complexity in the changes.

Summary

Add SoA justifications and background checks

Implements always-on SoA justifications and improves background checks with admin retry/cancel/delete and hourly reconciliation

Health Assessment

• • The PR has a large scope with 20 files changed, but the review process was relatively fast with a cycle time of 3.3 hours

Summary

Move admin actions into status card footer

Fixes UI layout by embedding retry/cancel/delete buttons within the status card, improving visual consistency and user experience.

Health Assessment

• • Quick fix with minimal changes, merged within minutes, indicating low complexity and high confidence.

Summary

Add Finding Templates management to admin panel

Enables administrators to create, edit, and delete finding templates directly from the admin panel, streamlining workflow and reducing context switching.

Health Assessment

• • Rapid review and merge with minimal iterations; high line count but straightforward UI addition.

Summary

Add hourly reconciliation for stuck background checks

Adds an hourly task that polls Identity to resolve stuck background checks, improving reliability and reducing manual intervention.

Health Assessment

• • The PR was merged within 0.7 hours, indicating a smooth review process.
• • AI-generated code and minimal changes led to quick approval and low risk.

Summary

Add admin cancel, delete, retry for background checks

Enables administrators to cancel, delete, or retry background checks, reducing customer blockage and improving data hygiene.

Health Assessment

• • Fast 3.6‑hour cycle with a single review and AI‑assisted code generation; high line addition but smooth process and low review friction.

Summary

Stop tracking background checks for auditor-only members

Excludes auditor‑only members from background‑check requirements and hides related UI, reducing confusion for customers.

Health Assessment

• • Quick fix with minimal rework, AI‑assisted code generation, and automated review found no issues.

Summary

Add default justification for all SoA controls

Ensures every SoA control has a default justification, improving data quality and compliance visibility.

Health Assessment

• • Automated AI review flagged multiple issues, requiring several re‑triggers; the PR took over 8 days to merge, indicating significant complexity and potential risk.

Summary

Deploy production release v3.66.1

Deploys the latest production release, ensuring organization setup succeeds by pruning stale editor templates and preventing foreign‑key errors.

Health Assessment

• • The PR was merged within 0.3 hours of opening, with only a single comment and no additional review rounds, indicating a smooth, automated release process. The large code change reflects the full release payload rather than a focused bug fix.

Summary

Fix framework initialization by pruning stale template IDs

Prevents foreign key errors during org creation, unblocking PCI DSS onboarding and hardening initialization for all frameworks.

Health Assessment

• • Fast cycle time and review, with automated review surfacing no issues.

Summary

Health Assessment

Summary

Fix CS-429: Resolve 401 Unauthorized on evidence upload

This PR fixes a bug that caused 401 Unauthorized errors when uploading meeting evidence by adding proper authentication handling and ensuring submissions are attributed to active users, improving reliability and security.

Health Assessment

• • The PR was reviewed quickly by an AI tool, but the overall cycle time was long, likely due to automated PR creation and waiting for merge.

Summary

Fix GWS sync exclusion bug

Users can now re-add previously excluded emails during sync, preventing data loss.

Health Assessment

• • Automated PR with AI review, minimal changes, quick review, but long cycle due to scheduling.

Summary

Warn before invalidating policy acknowledgments

Prevents accidental loss of employee acknowledgments when publishing policies, ensuring compliance and reducing rework for users.

Health Assessment

• • Fast turnaround with minimal rework; AI review helped surface and resolve issues quickly.

Summary

Fix requirements table column layout

Ensures the requirements table displays correctly across all views, preventing layout overflow and improving user experience.

Health Assessment

• • Rapid review and merge with minimal changes indicates low complexity and high confidence.

Summary

Add archived policy support and UI fixes

Adds archived policy support across API and app, and closes several compliance UI tasks: framework families default to collapsed, SOA edit always visible, and auditor‑only users no longer see background‑check tracking.

Health Assessment

• • The PR was reviewed and merged within minutes, with no comments or rework, indicating a smooth, low‑friction process. The change spans 20 files and 333 lines, a sizable scope but handled efficiently.

Summary

Fix framework requirements, integration search, and instrumentation

This PR removes duplicate UI headings, tightens integration search to avoid false positives, and eliminates dead cross-origin routes, improving user experience and security. These fixes reduce clutter, prevent accidental data exposure, and streamline integration discovery.

Health Assessment

• • Rapid resolution with minimal rework; automated review flagged a single issue.

Summary

Prevent duplicate device registration on status flip

Fixes duplicate device records when a device first registers without a serial and later reports one, improving data consistency and agent reliability.

Health Assessment

• • Rapid merge with minimal review indicates high confidence and low complexity.

Summary

Deploy production release of MCP OAuth features

Releases keyless hosted MCP via OAuth with per-user RBAC, multi‑org support, and trust portal prompts, ensuring production stability and new user-facing capabilities.

Health Assessment

• • Rapid deployment with AI-assisted review and automated CI, but large code changes and many commits suggest significant rework; overall process was efficient with minimal review time.

Summary

Reactivate previously deactivated users in GWS sync

Fixes a bug that prevented active Google Workspace users from being reactivated during sync, ensuring accurate user status and reducing manual intervention.

Health Assessment

• • Fast turnaround with automated AI review, minimal code changes, low risk.

Summary

Fix CS-423: Prevent proxy timeouts on large evidence ZIP downloads

Ensures large evidence pack downloads complete reliably by flushing headers and streaming an initial byte, reducing browser failures for large orgs or slow tasks.

Health Assessment

• • Automated PR with AI review completed quickly, no issues found, minimal rework.

Summary

Hide archived policies from employee portal lists

Prevents archived policies from leaking into the employee portal, aligning its view with the app and Trust Center, improving data accuracy and user experience.

Health Assessment

• • Quick AI‑assisted fix with minimal code changes, no rework, aligning portal policy lists with existing filters.

Summary

Auto-publish trust portal for new organizations

Automatically publishes a trust portal when a new organization is created, ensuring consistent onboarding and compliance.

Health Assessment

• • Rapid review and merge with minimal changes; AI review helped surface issues quickly.

Summary

Style trust portal setup nudge copy

Improves clarity of Trust Portal setup messaging, enhancing user experience for prospects and vendors.

Health Assessment

• • Rapid review and merge with minimal changes indicates low complexity and high confidence.

Summary

Record lastSyncAt after Google Workspace sync

Ensures sync status accurately reflects recent activity, improving customer confidence and reducing support tickets.

Health Assessment

• • Quick, single-commit fix with no review friction, minimal scope, and no blockers.

Summary

Update MCP server SDK to 0.0.2

Bumps the MCP server SDK to version 0.0.2, adding hooks and enriching API metadata without breaking changes, improving developer experience.

Health Assessment

• • Fast automated regeneration and merge with minimal manual review; no breaking changes introduced.

Summary

Add trust portal detection and onboarding nudges

Enables users to detect trust portal configuration and provides UI nudges for onboarding and offboarding, improving compliance visibility.

Health Assessment

• • Rapid merge with AI assistance and automated review, minimal friction, high confidence in quality.

Summary

Declare OAuth2 security scheme for MCP per-user auth

Adds per-user OAuth support to hosted MCP by declaring an OAuth2 authorization‑code scheme in the OpenAPI spec, enabling the Gram OAuth wizard while preserving existing API‑key integrations.

Health Assessment

• • Merged in 0.1h with a single review comment, indicating a smooth, low‑friction process.

Summary

Auto-sync OpenAPI spec to Gram via CI

Automates pushing the clean OpenAPI spec to Gram, eliminating manual uploads and keeping the hosted MCP up‑to‑date.

Health Assessment

• • Fast merge cycle, minimal rework, automated review found no issues, low risk.

Summary

Disable declaration emit to unblock staging build

Fixes a build error by disabling TypeScript declaration emission for the API, preventing internal plugin types from leaking and allowing successful staging Docker builds.

Health Assessment

Summary

Add OAuth support for hosted MCP

Enables users to authenticate with hosted MCP via OAuth, eliminating API key usage and adding multi‑org support.

Health Assessment

• • Rapid AI‑assisted development with multiple automated reviews led to a quick 2.2‑hour cycle, but the large code churn and many review rounds suggest moderate to high risk for integration complexity.

Summary

Promote MCP Server release to production

Deploys the latest MCP Server release to production, adding multipart policy PDF upload, built‑in role obligations APIs, and updated documentation. This ensures the newest features are live for customers.

Health Assessment

• • Rapid deployment with minimal review; automated generation of SDK and OpenAPI docs; high line count indicates large code regeneration; low review friction but high scope suggests potential risk.

Summary

Health Assessment

Summary

Deploy latest release to production

Automated release of v3.65.0 to production, fixing monorepo workspace configuration to unblock npm publish and Docker builds.

Health Assessment

• • Fast cycle time and minimal review comments indicate a smooth, low-risk deployment process.

Summary

Fix Docker build by adjusting workspaces glob

Ensures Docker builds succeed by using glob+negation for workspaces, preventing workspace not found errors.

Health Assessment

• • Quick fix with minimal changes, no rework, low risk.

Summary

Exclude mcp-server from Bun workspaces

Fixes CI publish failures by removing mcp-server from the workspace, enabling npm install to succeed and allowing the package to be published correctly.

Health Assessment

• • Fast turnaround with minimal review, quickly resolving CI issues and enabling successful publish of the mcp-server package.

Summary

Deploy MCP Server to Production

Releases the MCP server with presigned upload flow and new API endpoints, enabling production use and improving developer experience.

Health Assessment

• • Rapid automated deployment with minimal review indicates a streamlined release process, though the large documentation changes increase overall scope.

Summary

Add MCP server guide documentation

Provides a customer‑facing guide for the @trycompai/mcp-server package, enabling teams to install and use the MCP server across multiple AI assistants with a single API key.

Health Assessment

• • The PR was merged within 18 minutes of opening, with a single review comment and no rework, indicating a smooth, low‑friction process. The documentation addition is sizable but isolated to docs, posing minimal risk.

Summary

Automated PR for tofik/mcp-release

Merges tofik/mcp-release into dev with new features and refactors for MCP server and API endpoint contract

Health Assessment

• • Automated PR with multiple reviews and a short cycle time
• • Large scope with many files changed, but low risk due to automated review

Summary

Deploy Policy PDF Upload Fix to Production

Deploys the latest policy PDF upload and delete functionality to production, ensuring versioned uploads and safe deletions.

Health Assessment

Summary

Add multipart PDF upload support and version guard

Enables direct PDF uploads via multipart/form-data, validates base64, and enforces version rules to ensure PDFs are stored correctly and displayed in the UI. This improves reliability and user experience for policy document handling.

Health Assessment

• • Rapid merge with minimal changes indicates low complexity and high confidence in the update.

Summary

Production Deploy

Deploys the latest release to production, fixing PDF upload failures and improving client compatibility.

Health Assessment

• • Rapid deployment with minimal review and automated AI review indicates high confidence and low risk.

Summary

Add multipart PDF upload support to policies endpoint

Enables customers to upload PDFs via multipart/form-data, improving reliability and user experience.

Health Assessment

• • Fast review and merge with minimal changes, indicating low complexity and risk.