Claude/prisma notification migration h qw rf

[don4of4]

Add LLM-driven email expiration with per-account settings, Prisma models and cleanup jobs, integrate server-side bulk rule processing with concurrency and date filters, and increase AI queue concurrency to 30

Introduce expiration analysis and cleanup paths, including new Prisma models and API/UI for settings; refactor bulk processing to paginated, concurrent server-side execution with expiration updates; add Azure AI Foundry provider support; adjust OAuth prompts and queues; and update EmailProvider.getInboxMessages to accept { maxResults, after, before }.

📍Where to Start

Start with analyzeAndSetExpiration in apps/web/utils/expiration/analyze-expiration.ts, then review cleanupExpiredEmails in apps/web/utils/expiration/process-expired.ts and bulkProcessInboxEmails in apps/web/utils/ai/choose-rule/bulk-process-emails.ts.

---

📊 Macroscope summarized acb083f. 41 files reviewed, 41 issues evaluated, 21 issues filtered, 0 comments posted

🗂️ Filtered Issues

.github/workflows/build_and_publish_docker.yml — 0 comments posted, 3 evaluated, 1 filtered

• line 68: Hardcoded NEXT_PUBLIC_BYPASS_PREMIUM_CHECKS=true in build-args permanently disables premium checks in all built images. This may cause unintended access to premium features or break licensing enforcement at runtime. [ Low confidence ]

apps/web/app/(app)/[emailAccountId]/assistant/BulkRunRules.tsx — 0 comments posted, 4 evaluated, 3 filtered

• line 102: The onRun function is now called with a new fourth callback parameter (threadId) => dispatch({ type: "THREAD_COMPLETED", threadId }) to track completed threads. If the onRun function implementation was not updated to invoke this callback when threads complete, state.completedThreadIds will remain empty. This would cause the progress message to always show 0 completed emails, and handleStop would always report completedCount: 0 since it relies on state.completedThreadIds.size. [ Low confidence ]
• line 130: The handleStop function captures state.completedThreadIds.size synchronously at the moment of invocation. If multiple THREAD_COMPLETED actions are dispatched in quick succession (e.g., from async queue callbacks) but haven't been processed by React's state batching when the user clicks Stop, the captured count may be slightly stale and not reflect threads that completed in the same event loop tick. [ Low confidence ]
• line 369: The sleep time reduction from 5000ms/2000ms to 500ms/200ms combined with the concurrency increase to 30 in aiQueue may trigger Gmail API rate limits. The original comment explicitly stated the delay was to "avoid gmail api rate limits". Removing this protection while increasing parallelism could cause fetch failures on subsequent batches. [ Low confidence ]

apps/web/app/(app)/[emailAccountId]/assistant/BulkRunRulesServerSide.tsx — 0 comments posted, 3 evaluated, 1 filtered

• line 187: On line 187, Number(e.target.value) || 10 will reset concurrency to 10 if the user tries to enter 0, since 0 is falsy. While the min attribute is 1, a user could still type 0 and be surprised when it becomes 10. Consider using Number(e.target.value) with explicit validation or Number.isNaN() check instead. [ Low confidence ]

apps/web/app/(app)/[emailAccountId]/settings/ExpirationSection.tsx — 0 comments posted, 4 evaluated, 1 filtered

• line 104: The toggleCategory callback has enabledCategories in its dependency array but captures a potentially stale value. If toggleCategory is called multiple times in quick succession before React re-renders, the current array on line 106 will use a stale enabledCategories value, causing toggle operations to be lost. [ Low confidence ]

apps/web/app/(app)/[emailAccountId]/settings/page.tsx — 0 comments posted, 2 evaluated, 2 filtered

• line 62: The formSchema constant is referenced in zodResolver(formSchema) within ExpirationSection.tsx but is never defined or imported in the visible code. This will cause a ReferenceError at runtime when the component renders. [ Low confidence ]
• line 62: The ExpirationSettingsResponse type declares settings can be null, but when prisma.emailExpirationSettings.findUnique returns null, the response { settings } will have settings: null. However, in ExpirationSection.tsx, the form uses data?.settings?.enabled ?? false which handles null correctly, BUT the CATEGORIES constant referenced in the form is never defined in the provided code. The form iterates over CATEGORIES.map((category) => ...) but CATEGORIES is not imported or defined, causing a runtime ReferenceError. [ Low confidence ]

apps/web/app/api/google/calendar/auth-url/route.ts — 0 comments posted, 1 evaluated, 1 filtered

• line 25: Changing prompt from "consent" to "select_account" will cause Google to NOT issue a new refresh token for users who have previously authorized this application. With access_type: "offline", Google only issues a refresh token on initial consent or when consent is forced. If the user previously authorized the app, the callback will not receive a refresh token, causing the calendar integration to fail when the short-lived access token expires and the application attempts to refresh it. [ Low confidence ]

apps/web/app/api/google/webhook/route.ts — 0 comments posted, 1 evaluated, 1 filtered

• line 18: The webhook now returns a 500 error when GOOGLE_PUBSUB_VERIFICATION_TOKEN is not configured, but existing deployments that worked without this token configured will now fail. This is a breaking change that could cause all Google webhooks to fail after deployment if the environment variable wasn't previously required. [ Low confidence ]

apps/web/app/api/user/expiration-settings/route.ts — 0 comments posted, 1 evaluated, 1 filtered

• line 43: The POST handler in expiration-settings uses updateSettingsSchema.parse(body) which will throw a Zod error if validation fails. This error is not caught, so invalid requests will result in an unhandled exception rather than a proper 400 response with validation details. [ Low confidence ]

apps/web/utils/actions/ai-rule.ts — 0 comments posted, 1 evaluated, 1 filtered

• line 651: The bulkProcessRulesAction always returns { success: true } regardless of whether bulkProcessInboxEmails succeeded or failed. Looking at bulkProcessInboxEmails, it wraps all processing in a try-catch that logs errors but doesn't re-throw them, causing the function to return undefined on failure. The action then proceeds to return { success: true }, misleading callers into thinking the bulk processing completed successfully when it may have failed entirely. [ Exceeded comment limit ]

apps/web/utils/actions/ai-rule.validation.ts — 0 comments posted, 3 evaluated, 1 filtered

• line 19: No validation for conflicting options: when both daysBack and startDate/endDate are provided, the intended behavior is ambiguous. Downstream code must handle this priority, but the schema doesn't enforce mutual exclusivity which could lead to user confusion or inconsistent behavior depending on implementation. [ Low confidence ]

apps/web/utils/ai/choose-rule/ai-choose-rule.ts — 0 comments posted, 4 evaluated, 1 filtered

• line 284: Logging modelOptions.model object instead of modelOptions.modelName string in the multi-rule start log. [ Low confidence ]

apps/web/utils/ai/choose-rule/bulk-process-emails.ts — 0 comments posted, 2 evaluated, 2 filtered

• line 88: The logging statements in run-rules.ts reference a MODULE constant (e.g., module: MODULE) but the constant is not shown as defined or imported in the provided code. If MODULE is not defined elsewhere in the file, this will cause a ReferenceError at runtime when the logging code executes. [ Low confidence ]
• line 99: The code calls emailProvider.getMessagesWithPagination() but the diff shows the previous implementation used emailProvider.getInboxMessages(maxEmails). If OutlookProvider (or GmailProvider) does not implement the new getMessagesWithPagination method with the expected signature returning { messages, nextPageToken }, this will throw a runtime error when attempting to process emails for accounts using that provider. [ Low confidence ]

apps/web/utils/auth.ts — 0 comments posted, 1 evaluated, 1 filtered

• line 105: Changing prompt from "select_account consent" to "select_account" removes the explicit consent prompt during Google OAuth. This may cause issues where users who previously granted consent don't get prompted to re-consent when scopes change, potentially resulting in missing permissions if the app's required scopes have been updated since the user last authenticated. [ Low confidence ]

apps/web/utils/expiration/analyze-expiration.ts — 0 comments posted, 5 evaluated, 3 filtered

• line 161: On line 161, settings.enabledCategories.includes(category) assumes enabledCategories is always a defined array. If this field is null, undefined, or not initialized in the database record, this will throw TypeError: Cannot read properties of undefined (reading 'includes'). [ Low confidence ]
• line 167: On line 167, getDefaultExpirationDays(category, settings) is called with the Prisma settings object, but getDefaultExpirationDays expects an object with specific property names like notificationDays, newsletterDays, etc. If the Prisma model uses different column names (e.g., notification_days or camelCase variations), the function will ignore user settings and always fall back to category defaults. [ Low confidence ]
• line 227: On line 227, the regex /@([^>]+)/ in extractDomain captures everything after @ until a > character, but doesn't account for email addresses with multiple @ symbols in display names (e.g., "user@display" <real@example.com>), which could extract the wrong domain. Also, addresses without @ will return an empty string, which may cause downstream issues if domain is required. [ Low confidence ]

apps/web/utils/gmail/message.ts — 0 comments posted, 1 evaluated, 1 filtered

• line 317: When maxResults is undefined, queryBatchMessagesPages will loop indefinitely until all pages are exhausted (lines 317-320). For users with large inboxes, this could fetch millions of messages, causing memory exhaustion, rate limit errors, or extremely long execution times. The function lacks any safeguard like a maximum page count or total message limit. [ Low confidence ]

Summary by CodeRabbit

• New Features

  • Email expiration and automatic cleanup with category-based rules and cleanup integration
  • Server-side bulk rule processing for improved scalability
  • Email expiration settings UI for users to configure retention policies by category
  • Azure AI Foundry LLM provider support

• Improvements

  • Enhanced inbox filtering with date range support
  • Increased concurrency for AI and email processing queues
  • Simplified landing page navigation and layout
  • Improved Docker workflow with registry-based configuration and GHCR support
  • Enhanced logging and performance instrumentation across AI processing

• Tests

  • Improved test infrastructure with logger injection for email provider initialization

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

@claude is attempting to deploy a commit to the Inbox Zero OSS Program Team on Vercel.

A member of the Team first needs to authorize it.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
0 out of 2 committers have signed the CLA.

❌ don4of4
❌ claude
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

This PR introduces an email expiration feature with LLM-powered analysis, refactors email provider APIs to support date-range filtering, simplifies landing pages by removing sections, adds Azure Foundry LLM support, increases queue concurrency, updates Docker CI for GHCR, and instruments logging throughout AI processing pipelines.

Changes

Cohort / File(s)	Summary
Email Expiration Feature — Database & Migrations prisma/migrations/20251229030000_add_email_expiration/migration.sql, prisma/schema.prisma	Adds EmailExpirationSettings and ExpiredEmailLog models; extends EmailMessage with expiresAt, expiredAt, expirationReason; adds foreign keys and indexes for expiration queries.
Email Expiration Feature — API Endpoints app/api/user/expiration-settings/route.ts, app/api/watch/all/route.ts	New GET/POST handlers for expiration settings management; integrates cleanupExpiredEmails into watch flow with result aggregation.
Email Expiration Feature — Expiration Analysis & Cleanup utils/expiration/categories.ts, utils/expiration/analyze-expiration.ts, utils/expiration/process-expired.ts	Detects email categories (notifications, newsletters, marketing, social, calendar), analyzes expiration via LLM, persists expiresAt/expirationReason, batch-cleans expired emails with archiving and logging.
Email Expiration Feature — UI & Integration app/(app)/[emailAccountId]/settings/ExpirationSection.tsx, app/(app)/[emailAccountId]/settings/page.tsx, webhook/process-history-item.ts	New settings form for expiration configuration with per-category day inputs; hooks expiration analysis into webhook message processing via background task.
Bulk Processing Enhancements app/(app)/[emailAccountId]/assistant/bulk-run-rules-reducer.ts, app/(app)/[emailAccountId]/assistant/bulk-run-rules-reducer.test.ts, app/(app)/[emailAccountId]/assistant/BulkRunRules.tsx	Tracks completed threads via Set instead of derived counts; adds THREAD_COMPLETED action; adjusts progress reporting to use state.completedThreadIds; reduces batch delay from 5s to 500ms.
Bulk Processing — Server-Side Component app/(app)/[emailAccountId]/assistant/BulkRunRulesServerSide.tsx, app/(app)/[emailAccountId]/assistant/ProcessRules.tsx	New server-side bulk processing UI with modal dialog for time range/concurrency/skip options; calls bulkProcessRulesAction; integrated alongside existing BulkRunRules.
Bulk Processing — Enhanced Algorithm utils/ai/choose-rule/bulk-process-emails.ts, utils/actions/ai-rule.ts, utils/actions/ai-rule.validation.ts	Refactors bulkProcessInboxEmails to support pagination, date filtering (after/before), concurrency control, skip-already-processed, and oldest-first sorting; integrates expiration analysis per-message; new bulkProcessRulesAction server action.
Email Provider API Refactoring utils/email/types.ts, utils/email/google.ts, utils/email/microsoft.ts, utils/gmail/message.ts	getInboxMessages signature changed from primitive maxResults to options object with maxResults, after, before; implementations updated with date-filtered queries and paginated fetches.
E2E Tests — Logger Injection __tests__/e2e/helpers.ts, __tests__/e2e/cold-email/*.test.ts, __tests__/e2e/labeling/*.test.ts, __tests__/e2e/outlook-*.test.ts, __tests__/e2e/gmail-operations.test.ts, __tests__/e2e/drafting/microsoft-drafting.test.ts	New createTestLogger() helper; logger instance injected into all createEmailProvider calls; getInboxMessages calls updated to use options object.
Logging & Instrumentation utils/ai/choose-rule/ai-choose-rule.ts, utils/ai/choose-rule/run-rules.ts, utils/reply-tracker/handle-conversation-status.ts	Adds timing instrumentation (start time, duration in ms/sec) around AI calls and conversation status determination; logs rule counts and model names.
Queue & Concurrency utils/queue/ai-queue.ts, utils/queue/email-action-queue.ts, utils/queue/email-actions.ts	Increases AI queue from 3 to 30 concurrency; email action queue from 1 to 5; adds clearAiQueue and isAiQueuePaused exports; runAiRules now accepts optional onThreadCompleted callback with guaranteed cleanup.
LLM Provider — Azure Foundry env.ts, utils/llms/config.ts, utils/llms/model.ts	Adds azure-foundry to llmProviderEnum; new env vars (AZURE_FOUNDRY_RESOURCE_NAME, AZURE_FOUNDRY_API_KEY, AZURE_FOUNDRY_API_VERSION); selectModel handles Azure Foundry via Anthropic-compatible baseURL.
Auth & OAuth utils/auth.ts, app/api/google/calendar/auth-url/route.ts, app/api/google/linking/auth-url/route.ts, app/api/google/webhook/route.ts	OAuth prompt changed from "consent" to "select_account"; webhook verification token now validated with explicit guard and early rejection on misconfiguration.
Landing Page Simplification app/(landing)/page.tsx, app/(landing)/home/CTAButtons.tsx, app/(landing)/home/Footer.tsx, components/new-landing/sections/Footer.tsx	Removes Testimonials, Pricing, Awards, FinalCTA, BrandScroller components; CTA simplified to single Sign In button; footer restructured to dynamic link generation without separate section headers.
Configuration & Build .github/workflows/build_and_publish_docker.yml, next.config.ts, utils/actions/clean.ts, utils/label.ts, utils/ai/report/fetch.ts	Docker CI updated to GHCR with registry variables, multi-step Buildx setup, dropped Depot; Next.js config ignores build-time type errors; cleanInbox gated by NEXT_PUBLIC_BYPASS_PREMIUM_CHECKS; new "Expired" label added; inbox fetch updated to options API.
Test Data & Validation utils/group/find-matching-group.test.ts	Test objects updated to include explicit exclude: false flag on group items.

Sequence Diagram(s)

sequenceDiagram
    participant W as Webhook<br/>(history item)
    participant MP as Message<br/>Processor
    participant EA as Expiration<br/>Analysis
    participant LLM as LLM
    participant DB as Database
    participant L as Logger

    W->>MP: process history item
    Note over MP: Check hasAiAccess & inbox
    alt inbox message
        MP->>EA: analyzeAndSetExpiration()<br/>(background)
        Note over EA: Fetch expiration settings
        alt settings enabled
            EA->>EA: Detect category
            alt category detected & enabled
                EA->>LLM: Analyze expiration<br/>(with system/message prompts)
                LLM-->>EA: { shouldExpire, expiresAt, reason }
                EA->>DB: Upsert EmailMessage<br/>(expiresAt, expirationReason)
                EA->>L: Log success
            else no expirable category
                EA->>L: Log skip (no category)
            end
        else settings disabled
            EA->>L: Log skip (disabled)
        end
    end
    MP-->>W: return (non-blocking)

Loading

sequenceDiagram
    participant UI as BulkRunRulesServerSide<br/>(UI)
    participant Action as bulkProcessRulesAction<br/>(Server Action)
    participant Bulk as bulkProcessInboxEmails
    participant Gmail as Gmail API
    participant Rules as Rule Matching
    participant Exp as Expiration Analysis
    participant DB as Database

    UI->>Action: Call with { daysBack, maxEmails, concurrency, ... }
    Action->>Bulk: Invoke with computed date filters
    loop Pages (paginated fetch)
        Bulk->>Gmail: queryBatchMessagesPages(after, before)
        Gmail-->>Bulk: Messages (paginated)
        Note over Bulk: Deduplicate by thread<br/>(cross-page)
        alt skipAlreadyProcessed
            Bulk->>DB: Filter out ExecutedRule matches
        end
        Note over Bulk: Sort by date (processOldestFirst)
        loop Batches (concurrency)
            Bulk->>Rules: Run rules per message
            Rules-->>Bulk: Action result
            alt hasAiAccess
                Bulk->>Exp: analyzeAndSetExpiration()
                Exp-->>DB: Persist expiresAt
            end
        end
    end
    Action-->>UI: { success: true }

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

• Fix expiration type #634: Overlaps on expiresAt/expiredAt timestamp plumbing and how expiration timestamps are converted and passed through client helpers; related infrastructure changes for the same expiration feature.
• Outlook support #537: Directly related—both expand the EmailProvider abstraction and refactor getInboxMessages signatures and provider-based call sites across email implementations.
• Onboarding process emails #1023: Related—both modify bulkProcessInboxEmails and add/extend skip and filter parameters for bulk email processing; overlapping rule-running APIs.

Poem

🐰 Whiskers twitch with glee,
Emails fade like morning dew,
Azure skies now gleam,
Bulk rules race at speed,
Inbox zero's fleeting dream! ✨

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d139179 and acb083f.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (60)

• .github/workflows/build_and_publish_docker.yml
• apps/web/__tests__/e2e/cold-email/google-cold-email.test.ts
• apps/web/__tests__/e2e/cold-email/microsoft-cold-email.test.ts
• apps/web/__tests__/e2e/drafting/microsoft-drafting.test.ts
• apps/web/__tests__/e2e/gmail-operations.test.ts
• apps/web/__tests__/e2e/helpers.ts
• apps/web/__tests__/e2e/labeling/gmail-thread-label-removal.test.ts
• apps/web/__tests__/e2e/labeling/google-labeling.test.ts
• apps/web/__tests__/e2e/labeling/helpers.ts
• apps/web/__tests__/e2e/labeling/microsoft-labeling.test.ts
• apps/web/__tests__/e2e/labeling/microsoft-thread-category-removal.test.ts
• apps/web/__tests__/e2e/outlook-draft-read-status.test.ts
• apps/web/__tests__/e2e/outlook-operations.test.ts
• apps/web/__tests__/e2e/outlook-query-parsing.test.ts
• apps/web/__tests__/e2e/outlook-search.test.ts
• apps/web/app/(app)/[emailAccountId]/assistant/BulkRunRules.tsx
• apps/web/app/(app)/[emailAccountId]/assistant/BulkRunRulesServerSide.tsx
• apps/web/app/(app)/[emailAccountId]/assistant/ProcessRules.tsx
• apps/web/app/(app)/[emailAccountId]/assistant/bulk-run-rules-reducer.test.ts
• apps/web/app/(app)/[emailAccountId]/assistant/bulk-run-rules-reducer.ts
• apps/web/app/(app)/[emailAccountId]/settings/ExpirationSection.tsx
• apps/web/app/(app)/[emailAccountId]/settings/page.tsx
• apps/web/app/(landing)/home/CTAButtons.tsx
• apps/web/app/(landing)/home/Footer.tsx
• apps/web/app/(landing)/page.tsx
• apps/web/app/api/google/calendar/auth-url/route.ts
• apps/web/app/api/google/linking/auth-url/route.ts
• apps/web/app/api/google/webhook/route.ts
• apps/web/app/api/user/expiration-settings/route.ts
• apps/web/app/api/watch/all/route.ts
• apps/web/components/new-landing/sections/Footer.tsx
• apps/web/env.ts
• apps/web/next.config.ts
• apps/web/prisma/migrations/20251229030000_add_email_expiration/migration.sql
• apps/web/prisma/schema.prisma
• apps/web/utils/actions/ai-rule.ts
• apps/web/utils/actions/ai-rule.validation.ts
• apps/web/utils/actions/clean.ts
• apps/web/utils/ai/choose-rule/ai-choose-rule.ts
• apps/web/utils/ai/choose-rule/bulk-process-emails.ts
• apps/web/utils/ai/choose-rule/run-rules.ts
• apps/web/utils/ai/report/fetch.ts
• apps/web/utils/auth.ts
• apps/web/utils/email/google.ts
• apps/web/utils/email/microsoft.ts
• apps/web/utils/email/types.ts
• apps/web/utils/expiration/analyze-expiration.ts
• apps/web/utils/expiration/categories.ts
• apps/web/utils/expiration/process-expired.ts
• apps/web/utils/gmail/message.ts
• apps/web/utils/group/find-matching-group.test.ts
• apps/web/utils/label.ts
• apps/web/utils/llms/config.ts
• apps/web/utils/llms/model.ts
• apps/web/utils/queue/ai-queue.ts
• apps/web/utils/queue/email-action-queue.ts
• apps/web/utils/queue/email-actions.ts
• apps/web/utils/reply-tracker/handle-conversation-status.ts
• apps/web/utils/webhook/process-history-item.ts
• docs/plans/email-expiration-cleanup.md

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[don4of4]

Disregard -- unintentional PR.

[cubic-dev-ai]

12 issues found across 61 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="docs/plans/email-expiration-cleanup.md">

<violation number="1" location="docs/plans/email-expiration-cleanup.md:1037">
P1: The `updateConfig` function is called but never defined in the component. This code example would cause a runtime error if used as-is.</violation>
</file>

<file name="apps/web/app/api/google/calendar/auth-url/route.ts">

<violation number="1" location="apps/web/app/api/google/calendar/auth-url/route.ts:25">
P2: Changing `prompt` from `&quot;consent&quot;` to `&quot;select_account&quot;` may prevent refresh tokens from being returned on re-authorization. Since `access_type: &quot;offline&quot;` is set, the application needs refresh tokens for long-term access. Google only issues refresh tokens on the initial consent grant; subsequent auth flows with `&quot;select_account&quot;` won&#39;t return one. If this is intentional (e.g., for better UX when users already have valid tokens), consider adding a comment explaining this. Otherwise, consider using `&quot;consent select_account&quot;` to get both behaviors.</violation>
</file>

<file name="apps/web/utils/ai/choose-rule/ai-choose-rule.ts">

<violation number="1" location="apps/web/utils/ai/choose-rule/ai-choose-rule.ts:10">
P2: Per codebase logging conventions, helper functions should receive the logger as a parameter from the route/action rather than using `createScopedLogger`. This loses request context (requestId, userId, emailAccountId) that would be available from middleware. Consider adding a `logger: Logger` parameter to these functions and passing it from the caller.</violation>
</file>

<file name="apps/web/next.config.ts">

<violation number="1" location="apps/web/next.config.ts:18">
P1: Disabling TypeScript build errors (`ignoreBuildErrors: true`) allows type errors to reach production, which can cause runtime failures. Instead of bypassing type checking, the underlying AI SDK version mismatch should be resolved by aligning dependency versions or adding proper type declarations. This is a workaround that masks technical debt.</violation>
</file>

<file name="apps/web/utils/auth.ts">

<violation number="1" location="apps/web/utils/auth.ts:105">
P1: Removing `consent` from the prompt will prevent Google from returning refresh tokens for returning users. When `accessType: &quot;offline&quot;` is set, Google only returns a refresh token on the first authorization or when the user re-consents. Without `consent` in the prompt, if a user&#39;s existing refresh token becomes invalid and they need to re-authenticate, they won&#39;t receive a new refresh token, breaking the app&#39;s ability to maintain long-term access.</violation>
</file>

<file name="apps/web/app/(app)/[emailAccountId]/assistant/BulkRunRulesServerSide.tsx">

<violation number="1" location="apps/web/app/(app)/[emailAccountId]/assistant/BulkRunRulesServerSide.tsx:49">
P2: The `data` from `useThreads` is fetched but never used beyond a truthy check. This causes an unnecessary API call to fetch inbox threads. Consider removing this hook if only premium/loading state is needed, or use the data if it&#39;s intended to show thread counts.</violation>
</file>

<file name="apps/web/app/(landing)/home/Footer.tsx">

<violation number="1" location="apps/web/app/(landing)/home/Footer.tsx:67">
P2: Social links are missing `target={item.target}`. The social items define `target: &quot;_blank&quot;` but it&#39;s not applied to the Link component, unlike the main navigation items above. This will cause social links to open in the same tab instead of a new tab.</violation>
</file>

<file name="apps/web/app/api/google/linking/auth-url/route.ts">

<violation number="1" location="apps/web/app/api/google/linking/auth-url/route.ts:21">
P2: Changing `prompt` from `&quot;consent&quot;` to `&quot;select_account&quot;` may prevent refresh tokens from being returned. With `access_type: &quot;offline&quot;`, Google only provides a refresh token on the first authorization or when consent is explicitly forced. Returning users selecting an already-authorized account won&#39;t receive a new refresh token, which could cause authentication failures when the access token expires.

Consider using `prompt: &quot;consent select_account&quot;` to allow account selection while still forcing consent, or ensure your token handling logic accounts for cases where no refresh token is returned.</violation>
</file>

<file name="apps/web/utils/actions/ai-rule.ts">

<violation number="1" location="apps/web/utils/actions/ai-rule.ts:651">
P2: The action always returns `{ success: true }` even if `bulkProcessInboxEmails` fails, since that function catches and swallows errors internally. Consider wrapping the call in try-catch to return appropriate error status, or returning processing statistics to give callers meaningful feedback.</violation>
</file>

<file name="apps/web/utils/expiration/analyze-expiration.ts">

<violation number="1" location="apps/web/utils/expiration/analyze-expiration.ts:116">
P2: LLM-returned `expiresAt` string is converted to Date without validation. If the LLM returns a malformed date string, `new Date()` creates an Invalid Date that propagates to the database. Consider validating the parsed date before returning it.</violation>
</file>

<file name="apps/web/app/(app)/[emailAccountId]/settings/ExpirationSection.tsx">

<violation number="1" location="apps/web/app/(app)/[emailAccountId]/settings/ExpirationSection.tsx:71">
P1: The SWR fetch doesn&#39;t include the `EMAIL_ACCOUNT_HEADER` that is used in the POST request. If the API requires this header for account-specific data, the GET will return incorrect results. Consider using a custom fetcher or including the header.</violation>

<violation number="2" location="apps/web/app/(app)/[emailAccountId]/settings/ExpirationSection.tsx:226">
P2: Input is missing the `error` prop. Validation errors from the zod schema (min 1, max 365/30) won&#39;t be displayed to users.</violation>
</file>

---

Since this is your first cubic review, here's how it works:

• cubic automatically reviews your code and comments on bugs and improvements
• Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
• Ask questions if you need clarification on any suggestion

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: The updateConfig function is called but never defined in the component. This code example would cause a runtime error if used as-is.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At docs/plans/email-expiration-cleanup.md, line 1037:

<comment>The `updateConfig` function is called but never defined in the component. This code example would cause a runtime error if used as-is.</comment>

<file context>
@@ -0,0 +1,1237 @@
+                key={category.id}
+                category={category}
+                config={configs.find(c =&gt; c.category === category.id)}
+                onUpdate={(config) =&gt; updateConfig(category.id, config)}
+              /&gt;
+            ))}
</file context>

[cubic-dev-ai]

P2: Changing prompt from "consent" to "select_account" may prevent refresh tokens from being returned on re-authorization. Since access_type: "offline" is set, the application needs refresh tokens for long-term access. Google only issues refresh tokens on the initial consent grant; subsequent auth flows with "select_account" won't return one. If this is intentional (e.g., for better UX when users already have valid tokens), consider adding a comment explaining this. Otherwise, consider using "consent select_account" to get both behaviors.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/web/app/api/google/calendar/auth-url/route.ts, line 25:

<comment>Changing `prompt` from `&quot;consent&quot;` to `&quot;select_account&quot;` may prevent refresh tokens from being returned on re-authorization. Since `access_type: &quot;offline&quot;` is set, the application needs refresh tokens for long-term access. Google only issues refresh tokens on the initial consent grant; subsequent auth flows with `&quot;select_account&quot;` won&#39;t return one. If this is intentional (e.g., for better UX when users already have valid tokens), consider adding a comment explaining this. Otherwise, consider using `&quot;consent select_account&quot;` to get both behaviors.</comment>

<file context>
@@ -22,7 +22,7 @@ const getAuthUrl = ({ emailAccountId }: { emailAccountId: string }) =&gt; {
     scope: CALENDAR_SCOPES,
     state,
-    prompt: &quot;consent&quot;,
+    prompt: &quot;select_account&quot;,
   });
 
</file context>

[cubic-dev-ai]

P2: Per codebase logging conventions, helper functions should receive the logger as a parameter from the route/action rather than using createScopedLogger. This loses request context (requestId, userId, emailAccountId) that would be available from middleware. Consider adding a logger: Logger parameter to these functions and passing it from the caller.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/web/utils/ai/choose-rule/ai-choose-rule.ts, line 10:

<comment>Per codebase logging conventions, helper functions should receive the logger as a parameter from the route/action rather than using `createScopedLogger`. This loses request context (requestId, userId, emailAccountId) that would be available from middleware. Consider adding a `logger: Logger` parameter to these functions and passing it from the caller.</comment>

<file context>
@@ -5,6 +5,9 @@ import { isDefined, type EmailForLLM } from &quot;@/utils/types&quot;;
 import { getUserInfoPrompt, getUserRulesPrompt } from &quot;@/utils/ai/helpers&quot;;
+import { createScopedLogger } from &quot;@/utils/logger&quot;;
+
+const logger = createScopedLogger(&quot;ai-choose-rule&quot;);
 
 type GetAiResponseOptions = {
</file context>

[cubic-dev-ai]

P1: Disabling TypeScript build errors (ignoreBuildErrors: true) allows type errors to reach production, which can cause runtime failures. Instead of bypassing type checking, the underlying AI SDK version mismatch should be resolved by aligning dependency versions or adding proper type declarations. This is a workaround that masks technical debt.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/web/next.config.ts, line 18:

<comment>Disabling TypeScript build errors (`ignoreBuildErrors: true`) allows type errors to reach production, which can cause runtime failures. Instead of bypassing type checking, the underlying AI SDK version mismatch should be resolved by aligning dependency versions or adding proper type declarations. This is a workaround that masks technical debt.</comment>

<file context>
@@ -13,6 +13,10 @@ const withMDX = nextMdx({
   reactStrictMode: true,
+  typescript: {
+    // Skip type checking during build (type errors in AI SDK version mismatches)
+    ignoreBuildErrors: true,
+  },
   output: process.env.DOCKER_BUILD === &quot;true&quot; ? &quot;standalone&quot; : undefined,
</file context>

[cubic-dev-ai]

P1: Removing consent from the prompt will prevent Google from returning refresh tokens for returning users. When accessType: "offline" is set, Google only returns a refresh token on the first authorization or when the user re-consents. Without consent in the prompt, if a user's existing refresh token becomes invalid and they need to re-authenticate, they won't receive a new refresh token, breaking the app's ability to maintain long-term access.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/web/utils/auth.ts, line 105:

<comment>Removing `consent` from the prompt will prevent Google from returning refresh tokens for returning users. When `accessType: &quot;offline&quot;` is set, Google only returns a refresh token on the first authorization or when the user re-consents. Without `consent` in the prompt, if a user&#39;s existing refresh token becomes invalid and they need to re-authenticate, they won&#39;t receive a new refresh token, breaking the app&#39;s ability to maintain long-term access.</comment>

<file context>
@@ -102,7 +102,7 @@ export const betterAuthConfig = betterAuth({
       scope: [...GMAIL_SCOPES],
       accessType: &quot;offline&quot;,
-      prompt: &quot;select_account consent&quot;,
+      prompt: &quot;select_account&quot;,
       disableIdTokenSignIn: true,
     },
</file context>

[cubic-dev-ai]

P2: Changing prompt from "consent" to "select_account" may prevent refresh tokens from being returned. With access_type: "offline", Google only provides a refresh token on the first authorization or when consent is explicitly forced. Returning users selecting an already-authorized account won't receive a new refresh token, which could cause authentication failures when the access token expires.

Consider using prompt: "consent select_account" to allow account selection while still forcing consent, or ensure your token handling logic accounts for cases where no refresh token is returned.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/web/app/api/google/linking/auth-url/route.ts, line 21:

<comment>Changing `prompt` from `&quot;consent&quot;` to `&quot;select_account&quot;` may prevent refresh tokens from being returned. With `access_type: &quot;offline&quot;`, Google only provides a refresh token on the first authorization or when consent is explicitly forced. Returning users selecting an already-authorized account won&#39;t receive a new refresh token, which could cause authentication failures when the access token expires.

Consider using `prompt: &quot;consent select_account&quot;` to allow account selection while still forcing consent, or ensure your token handling logic accounts for cases where no refresh token is returned.</comment>

<file context>
@@ -18,7 +18,7 @@ const getAuthUrl = ({ userId }: { userId: string }) =&gt; {
     access_type: &quot;offline&quot;,
     scope: [...new Set([...SCOPES, &quot;openid&quot;, &quot;email&quot;])].join(&quot; &quot;),
-    prompt: &quot;consent&quot;,
+    prompt: &quot;select_account&quot;,
     state,
   });
</file context>

[cubic-dev-ai]

P2: The action always returns { success: true } even if bulkProcessInboxEmails fails, since that function catches and swallows errors internally. Consider wrapping the call in try-catch to return appropriate error status, or returning processing statistics to give callers meaningful feedback.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/web/utils/actions/ai-rule.ts, line 651:

<comment>The action always returns `{ success: true }` even if `bulkProcessInboxEmails` fails, since that function catches and swallows errors internally. Consider wrapping the call in try-catch to return appropriate error status, or returning processing statistics to give callers meaningful feedback.</comment>

<file context>
@@ -579,3 +581,73 @@ export const generateRulesPromptAction = actionClient
+        processOldestFirst,
+      });
+
+      return { success: true };
+    },
+  );
</file context>

[cubic-dev-ai]

P2: LLM-returned expiresAt string is converted to Date without validation. If the LLM returns a malformed date string, new Date() creates an Invalid Date that propagates to the database. Consider validating the parsed date before returning it.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/web/utils/expiration/analyze-expiration.ts, line 116:

<comment>LLM-returned `expiresAt` string is converted to Date without validation. If the LLM returns a malformed date string, `new Date()` creates an Invalid Date that propagates to the database. Consider validating the parsed date before returning it.</comment>

<file context>
@@ -0,0 +1,229 @@
+
+    return {
+      shouldExpire,
+      expiresAt: expiresAt ? new Date(expiresAt) : null,
+      reason,
+    };
</file context>

[cubic-dev-ai]

P2: Input is missing the error prop. Validation errors from the zod schema (min 1, max 365/30) won't be displayed to users.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/web/app/(app)/[emailAccountId]/settings/ExpirationSection.tsx, line 226:

<comment>Input is missing the `error` prop. Validation errors from the zod schema (min 1, max 365/30) won&#39;t be displayed to users.</comment>

<file context>
@@ -0,0 +1,257 @@
+                          &lt;/div&gt;
+
+                          &lt;div className=&quot;flex items-center gap-2&quot;&gt;
+                            &lt;Input
+                              type=&quot;number&quot;
+                              name={category.field}
</file context>

[cubic-dev-ai]

P1: The SWR fetch doesn't include the EMAIL_ACCOUNT_HEADER that is used in the POST request. If the API requires this header for account-specific data, the GET will return incorrect results. Consider using a custom fetcher or including the header.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/web/app/(app)/[emailAccountId]/settings/ExpirationSection.tsx, line 71:

<comment>The SWR fetch doesn&#39;t include the `EMAIL_ACCOUNT_HEADER` that is used in the POST request. If the API requires this header for account-specific data, the GET will return incorrect results. Consider using a custom fetcher or including the header.</comment>

<file context>
@@ -0,0 +1,257 @@
+
+export function ExpirationSection() {
+  const { emailAccountId } = useAccount();
+  const { data, isLoading, mutate } = useSWR&lt;ExpirationSettingsResponse&gt;(
+    &quot;/api/user/expiration-settings&quot;,
+  );
</file context>