fix: Check for enabled rules in Reply Zero page

[elie222]

User description

Reply Zero page now checks for enabled rules instead of just rule existence, redirecting users to onboarding when rules are disabled.

• Updated page.tsx to filter rules by enabled: true
• Updated onboarding/page.tsx to check for enabled rules consistently
• Users with disabled rules are now properly redirected to onboarding to re-enable

---

Generated description

Below is a concise technical summary of the changes proposed in this PR:
Update the Reply Zero feature to filter rules by their enabled status, ensuring only active rules are considered for display and processing. Redirect users with disabled rules to the onboarding flow, prompting them to re-enable necessary rules.

Latest Contributors(1)

User	Commit	Date
elie222	Clean-up-old-reply-tra...	October 10, 2025

This pull request is reviewed by Baz. Review like a pro on (Baz).

Summary by CodeRabbit

• Bug Fixes
  • Reply automation now correctly filters to apply only enabled rules during the onboarding process and in the main reply interface, ensuring disabled rules are properly excluded from operation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
inbox-zero	Ready	Preview	Jan 4, 2026 8:04am

[coderabbitai]

📝 Walkthrough

Walkthrough

Two reply-zero pages now filter Prisma rule queries to only consider enabled rules by adding enabled: true to the where clause, narrowing the result set to exclude disabled rules.

Changes

Cohort / File(s)	Change Summary
Reply-zero page rule filtering apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx, apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx	Added enabled: true filter to Prisma rule queries to restrict results to enabled rules only; no changes to surrounding logic or component behavior.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• Don't toggle off to reply when disabling drafting #844: Modifies rule lookup and enablement logic for reply-related functionality; complements these changes by coordinating how rules are fetched and toggled.

Poem

🐰 A filter so fine, a rule made refined,
Only enabled rules fill the mind,
No clutter, no disabled delay—
Reply-zero hops brightly today! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding enabled rule checks to the Reply Zero page components.

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0b539df and 9ef0159.

📒 Files selected for processing (2)

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

🧰 Additional context used

📓 Path-based instructions (15)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/data-fetching.mdc)

**/*.{ts,tsx}: For API GET requests to server, use the swr package
Use result?.serverError with toastError from @/components/Toast for error handling in async operations

**/*.{ts,tsx}: Use wrapper functions for Gmail message operations (get, list, batch, etc.) from @/utils/gmail/message.ts instead of direct API calls
Use wrapper functions for Gmail thread operations from @/utils/gmail/thread.ts instead of direct API calls
Use wrapper functions for Gmail label operations from @/utils/gmail/label.ts instead of direct API calls

**/*.{ts,tsx}: For early access feature flags, create hooks using the naming convention use[FeatureName]Enabled that return a boolean from useFeatureFlagEnabled("flag-key")
For A/B test variant flags, create hooks using the naming convention use[FeatureName]Variant that define variant types, use useFeatureFlagVariantKey() with type casting, and provide a default "control" fallback
Use kebab-case for PostHog feature flag keys (e.g., inbox-cleaner, pricing-options-2)
Always define types for A/B test variant flags (e.g., type PricingVariant = "control" | "variant-a" | "variant-b") and provide type safety through type casting

**/*.{ts,tsx}: Don't use primitive type aliases or misleading types
Don't use empty type parameters in type aliases and interfaces
Don't use this and super in static contexts
Don't use any or unknown as type constraints
Don't use the TypeScript directive @ts-ignore
Don't use TypeScript enums
Don't export imported variables
Don't add type annotations to variables, parameters, and class properties that are initialized with literal expressions
Don't use TypeScript namespaces
Don't use non-null assertions with the ! postfix operator
Don't use parameter properties in class constructors
Don't use user-defined types
Use as const instead of literal types and type annotations
Use either T[] or Array<T> consistently
Initialize each enum member value explicitly
Use export type for types
Use `impo...

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

apps/web/app/(app)/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/page-structure.mdc)

apps/web/app/(app)/**/*.{ts,tsx}: Components for the page are either put in page.tsx, or in the apps/web/app/(app)/PAGE_NAME folder
If we're in a deeply nested component we will use swr to fetch via API
If you need to use onClick in a component, that component is a client component and file must start with use client

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/prisma-enum-imports.mdc)

Always import Prisma enums from @/generated/prisma/enums instead of @/generated/prisma/client to avoid Next.js bundling errors in client components

Import Prisma using the project's centralized utility: import prisma from '@/utils/prisma'

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

apps/web/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)

Import specific lodash functions rather than entire lodash library to minimize bundle size (e.g., import groupBy from 'lodash/groupBy')

apps/web/**/*.{ts,tsx}: Use TypeScript with strict null checks
Do not export types/interfaces that are only used within the same file. Export later if needed

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

**/*.{tsx,ts}

📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)

**/*.{tsx,ts}: Use Shadcn UI and Tailwind for components and styling
Use next/image package for images
For API GET requests to server, use the swr package with hooks like useSWR to fetch data
For text inputs, use the Input component with registerProps for form integration and error handling

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

**/*.{tsx,ts,css}

📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)

Implement responsive design with Tailwind CSS using a mobile-first approach

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)

**/*.tsx: Use the LoadingContent component to handle loading states instead of manual loading state management
For text areas, use the Input component with type='text', autosizeTextarea prop set to true, and registerProps for form integration

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

**/*.{js,jsx,ts,tsx}: Don't use accessKey attribute on any HTML element
Don't set aria-hidden="true" on focusable elements
Don't add ARIA roles, states, and properties to elements that don't support them
Don't use distracting elements like <marquee> or <blink>
Only use the scope prop on <th> elements
Don't assign non-interactive ARIA roles to interactive HTML elements
Make sure label elements have text content and are associated with an input
Don't assign interactive ARIA roles to non-interactive HTML elements
Don't assign tabIndex to non-interactive HTML elements
Don't use positive integers for tabIndex property
Don't include "image", "picture", or "photo" in img alt prop
Don't use explicit role property that's the same as the implicit/default role
Make static elements with click handlers use a valid role attribute
Always include a title element for SVG elements
Give all elements requiring alt text meaningful information for screen readers
Make sure anchors have content that's accessible to screen readers
Assign tabIndex to non-interactive HTML elements with aria-activedescendant
Include all required ARIA attributes for elements with ARIA roles
Make sure ARIA properties are valid for the element's supported roles
Always include a type attribute for button elements
Make elements with interactive roles and handlers focusable
Give heading elements content that's accessible to screen readers (not hidden with aria-hidden)
Always include a lang attribute on the html element
Always include a title attribute for iframe elements
Accompany onClick with at least one of: onKeyUp, onKeyDown, or onKeyPress
Accompany onMouseOver/onMouseOut with onFocus/onBlur
Include caption tracks for audio and video elements
Use semantic elements instead of role attributes in JSX
Make sure all anchors are valid and navigable
Ensure all ARIA properties (aria-*) are valid
Use valid, non-abstract ARIA roles for elements with ARIA roles
Use valid AR...

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

**/*.{jsx,tsx}: Don't use unnecessary fragments
Don't pass children as props
Don't use the return value of React.render
Make sure all dependencies are correctly specified in React hooks
Make sure all React hooks are called from the top level of component functions
Don't forget key props in iterators and collection literals
Don't define React components inside other components
Don't use event handlers on non-interactive elements
Don't assign to React component props
Don't use both children and dangerouslySetInnerHTML props on the same element
Don't use dangerous JSX props
Don't use Array index in keys
Don't insert comments as text nodes
Don't assign JSX properties multiple times
Don't add extra closing tags for components without children
Use <>...</> instead of <Fragment>...</Fragment>
Watch out for possible "wrong" semicolons inside JSX elements
Make sure void (self-closing) elements don't have children
Don't use target="_blank" without rel="noopener"
Don't use <img> elements in Next.js projects
Don't use <head> elements in Next.js projects

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

!(pages/_document).{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

Don't use the next/head module in pages/_document.js on Next.js projects

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/utilities.mdc)

**/*.{js,ts,jsx,tsx}: Use lodash utilities for common operations (arrays, objects, strings)
Import specific lodash functions to minimize bundle size (e.g., import groupBy from 'lodash/groupBy')

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

apps/web/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/**/*.{ts,tsx,js,jsx}: Use @/ path aliases for imports from project root
Prefer self-documenting code over comments; use descriptive variable and function names instead of explaining intent with comments
Add helper functions to the bottom of files, not the top
All imports go at the top of files, no mid-file dynamic imports

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

apps/web/app/**/*.{ts,tsx}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

Follow NextJS app router structure with (app) directory

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

apps/web/**/*.{tsx,jsx}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/**/*.{tsx,jsx}: Follow tailwindcss patterns with prettier-plugin-tailwindcss for class sorting
Prefer functional components with hooks in React
Use shadcn/ui components when available
Ensure responsive design with mobile-first approach in components
Follow consistent naming conventions using PascalCase for components
Use LoadingContent component for async data with loading and error states
Use React Hook Form with Zod validation for form handling
Use result?.serverError with toastError and toastSuccess for error handling in forms

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

apps/web/**/*.{ts,tsx,js,jsx,json,css}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

Format code with Prettier

Files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

🧠 Learnings (12)

📓 Common learnings

Learnt from: rsnodgrass
Repo: elie222/inbox-zero PR: 1154
File: apps/web/app/api/user/setup-progress/route.ts:0-0
Timestamp: 2025-12-31T23:49:09.597Z
Learning: In apps/web/app/api/user/setup-progress/route.ts, Reply Zero enabled status should be determined solely by checking if the TO_REPLY rule is enabled, as it is the critical/canonical rule that Reply Zero is based on. The other conversation status types (FYI, AWAITING_REPLY, ACTIONED) should not be checked for determining Reply Zero setup progress.
<!-- </add_learning>

📚 Learning: 2025-12-31T23:49:09.597Z

Learnt from: rsnodgrass
Repo: elie222/inbox-zero PR: 1154
File: apps/web/app/api/user/setup-progress/route.ts:0-0
Timestamp: 2025-12-31T23:49:09.597Z
Learning: In apps/web/app/api/user/setup-progress/route.ts, Reply Zero enabled status should be determined solely by checking if the TO_REPLY rule is enabled, as it is the critical/canonical rule that Reply Zero is based on. The other conversation status types (FYI, AWAITING_REPLY, ACTIONED) should not be checked for determining Reply Zero setup progress.
<!-- </add_learning>

Applied to files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

📚 Learning: 2025-12-17T02:38:41.499Z

Learnt from: elie222
Repo: elie222/inbox-zero PR: 1103
File: apps/web/utils/actions/rule.ts:447-457
Timestamp: 2025-12-17T02:38:41.499Z
Learning: In apps/web/utils/actions/rule.ts, revalidatePath is not needed for toggleAllRulesAction because rules data is fetched client-side using SWR, not server-side. Server-side cache revalidation is only needed when using Next.js server components or server-side data fetching.

Applied to files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx

📚 Learning: 2025-11-25T14:39:27.909Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security.mdc:0-0
Timestamp: 2025-11-25T14:39:27.909Z
Learning: Applies to **/*.ts : Use Prisma relationships for access control by leveraging nested where clauses (e.g., `emailAccount: { id: emailAccountId }`) to validate ownership

Applied to files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

📚 Learning: 2025-11-25T14:39:08.150Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security-audit.mdc:0-0
Timestamp: 2025-11-25T14:39:08.150Z
Learning: Applies to apps/web/app/api/**/*.{ts,tsx} : All database queries must include user scoping with `emailAccountId` or `userId` filtering in WHERE clauses

Applied to files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx
• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

📚 Learning: 2025-11-25T14:39:27.909Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security.mdc:0-0
Timestamp: 2025-11-25T14:39:27.909Z
Learning: Applies to **/app/api/**/*.ts : Use `withEmailAccount` middleware for operations scoped to a specific email account, including reading/writing emails, rules, schedules, or any operation using `emailAccountId`

Applied to files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

📚 Learning: 2025-11-25T14:39:23.326Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security.mdc:0-0
Timestamp: 2025-11-25T14:39:23.326Z
Learning: Applies to app/api/**/*.ts : Use `withEmailAccount` middleware for operations scoped to a specific email account (reading/writing emails, rules, schedules, etc.) - provides `emailAccountId`, `userId`, and `email` in `request.auth`

Applied to files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

📚 Learning: 2025-11-25T14:39:23.326Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security.mdc:0-0
Timestamp: 2025-11-25T14:39:23.326Z
Learning: Applies to **/*.ts : ALL database queries MUST be scoped to the authenticated user/account - include user/account filtering in `where` clauses (e.g., `emailAccountId`, `userId`) to ensure users only access their own resources

Applied to files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

📚 Learning: 2025-11-25T14:39:04.892Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security-audit.mdc:0-0
Timestamp: 2025-11-25T14:39:04.892Z
Learning: Applies to apps/web/app/api/**/route.ts : All database queries must include user/account filtering with `emailAccountId` or `userId` in WHERE clauses to prevent IDOR vulnerabilities

Applied to files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

📚 Learning: 2025-11-25T14:39:27.909Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security.mdc:0-0
Timestamp: 2025-11-25T14:39:27.909Z
Learning: Applies to **/*.ts : Only return necessary fields in API responses using Prisma's `select` option. Never expose sensitive data such as password hashes, private keys, or system flags

Applied to files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

📚 Learning: 2025-07-08T13:14:07.449Z

Learnt from: elie222
Repo: elie222/inbox-zero PR: 537
File: apps/web/app/(app)/[emailAccountId]/clean/onboarding/page.tsx:30-34
Timestamp: 2025-07-08T13:14:07.449Z
Learning: The clean onboarding page in apps/web/app/(app)/[emailAccountId]/clean/onboarding/page.tsx is intentionally Gmail-specific and should show an error for non-Google email accounts rather than attempting to support multiple providers.

Applied to files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

📚 Learning: 2025-11-25T14:39:23.326Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security.mdc:0-0
Timestamp: 2025-11-25T14:39:23.326Z
Learning: Applies to **/*.ts : Prevent Insecure Direct Object References (IDOR) by validating resource ownership in all queries - always include ownership filters (e.g., `emailAccount: { id: emailAccountId }`) when accessing user-specific resources

Applied to files:

• apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Baz Reviewer
• GitHub Check: test
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (2)

apps/web/app/(app)/[emailAccountId]/reply-zero/onboarding/page.tsx (1)

12-19: Verify the rule scope against Reply Zero's canonical rule.

The addition of enabled: true correctly filters for enabled rules. However, this query checks for ANY enabled rule within CONVERSATION_STATUS_TYPES (which includes TO_REPLY, FYI, AWAITING_REPLY, ACTIONED).

Based on learnings, Reply Zero should determine enabled status solely by checking if the TO_REPLY rule is enabled, as it is the critical/canonical rule. The other conversation status types should not factor into determining Reply Zero setup status.

Should this query specifically check for TO_REPLY with systemType: "TO_REPLY" instead of checking all CONVERSATION_STATUS_TYPES?

Based on learnings, Reply Zero is centered on the TO_REPLY rule specifically. Please verify whether the onboarding page should check only TO_REPLY or intentionally checks all conversation status types.

apps/web/app/(app)/[emailAccountId]/reply-zero/page.tsx (1)

45-55: Verify the rule scope for consistency with Reply Zero's canonical rule.

The enabled: true filter correctly ensures only enabled rules are considered. However, similar to the onboarding page, this query checks for ANY enabled rule in CONVERSATION_STATUS_TYPES.

Based on learnings, Reply Zero's enabled status should be determined solely by the TO_REPLY rule, as it is the critical/canonical rule that Reply Zero is based on.

Should this query use systemType: "TO_REPLY" instead of systemType: { in: CONVERSATION_STATUS_TYPES } to align with Reply Zero's core functionality?

Based on learnings, please verify whether checking all conversation status types (vs. only TO_REPLY) is intentional for the main Reply Zero page, and ensure consistency between this page and the onboarding page.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Gate Reply Zero onboarding and page flows on enabled rules by adding enabled: true filters to Prisma queries in page.tsx and page.tsx

Add enabled: true to rule queries and nested filters so only enabled rules with systemType in CONVERSATION_STATUS_TYPES drive trackerRule and redirect logic.

📍Where to Start

Start with the Prisma query in page.tsx to see the enabled: true filter applied to nested rules, then review the corresponding findFirst in page.tsx.

---

Macroscope summarized 9ef0159.

[cubic-dev-ai]

No issues found across 2 files