feat: add org-scoped saved vault searches with alert subscriptions (#…#910
Open
OpadijoIdris wants to merge 1 commit into
Open
feat: add org-scoped saved vault searches with alert subscriptions (#…#910OpadijoIdris wants to merge 1 commit into
OpadijoIdris wants to merge 1 commit into
Conversation
|
@OpadijoIdris Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
…isciplr-Org#848) - POST/GET/DELETE /api/orgs/:orgId/vault-searches CRUD endpoints - Query definition validated & sanitized (injection-safe whitelist) - Per-org cap of 20 searches enforced (HTTP 422 on overflow) - Alert subscriptions: SHA-256 hash comparison detects result-set changes - Alert frequency floor of 1 hour; alert_recipient required when enabled - saved-search.evaluate job type with periodic scheduler (default 15 min) - Knex migration: org_vault_searches table with GIN-friendly indexes - Comprehensive test suite: CRUD, cross-org isolation, cap, injection prevention - Docs appended to docs/vaults-api.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
OpadijoIdris
force-pushed
the
feature/org-saved-searches
branch
from
32c62ee to
9a09b4c
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| orgVaultsRouter.post( | ||
| '/:orgId/vault-searches', | ||
| authenticate, |
|
|
||
| orgVaultsRouter.get( | ||
| '/:orgId/vault-searches', | ||
| authenticate, |
|
|
||
| orgVaultsRouter.get( | ||
| '/:orgId/vault-searches/:searchId', | ||
| authenticate, |
|
|
||
| orgVaultsRouter.delete( | ||
| '/:orgId/vault-searches/:searchId', | ||
| authenticate, |
| // POST /:orgId/vault-searches | ||
| app.post( | ||
| '/api/orgs/:orgId/vault-searches', | ||
| mockAuthenticate, |
| // GET /:orgId/vault-searches | ||
| app.get( | ||
| '/api/orgs/:orgId/vault-searches', | ||
| mockAuthenticate, |
| // GET /:orgId/vault-searches/:searchId | ||
| app.get( | ||
| '/api/orgs/:orgId/vault-searches/:searchId', | ||
| mockAuthenticate, |
| // DELETE /:orgId/vault-searches/:searchId | ||
| app.delete( | ||
| '/api/orgs/:orgId/vault-searches/:searchId', | ||
| mockAuthenticate, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #848
What
Adds org-scoped saved vault searches with optional change-alert subscriptions to
src/routes/orgVaults.ts.Why
Operators need a way to persist named queries over their org's vault set and be notified when the result set changes — without re-running the same search manually.
Changes
src/routes/orgVaults.ts—POST/GET/DELETE/api/orgs/:orgId/vault-searchesCRUD endpoints;validateAndSanitizeQueryDefinitionhelper (injection-safe field whitelist);runSavedSearch+hashResultSetevaluation helperssrc/jobs/types.ts—saved-search.evaluatejob type andSavedSearchEvaluateJobPayloadinterfacesrc/jobs/handlers.ts— evaluation handler: queries due alert searches, diffs SHA-256 result hash, dispatches notification only on changesrc/jobs/system.ts— registers handler and schedules recurring evaluation (default 15 min viaSAVED_SEARCH_EVAL_INTERVAL_MS)db/migrations/20260628100000_create_org_vault_searches.cjs—org_vault_searchestable with org-scoped and alert-evaluation indexessrc/tests/orgVaults.savedSearches.test.ts— 30+ tests covering CRUD, validation, cross-org isolation, per-org cap, injection preventiondocs/vaults-api.md— endpoint reference,query_definitionfield table, alert subscription behaviour, env varsBehaviour
alert_frequency_ms≥ 3 600 000 ms (1 hour);alert_recipientrequired whenalerts_enabled: truelast_result_hashsort_byvalidated against a whitelist;qhas injection chars stripped before storage and re-useTest plan
query_definition(status, amounts, dates, sort fields,qinjection, multi-error)hashResultSet— deterministic, order-sensitive, 64-char hexq; non-whitelistedsort_by→ 400