chore: sync dev payload into homolog#699
Conversation
Replacement for PR #698 using a clean commit history. PR #698 includes an older dev commit body that violates commitlint body-max-line-length. This branch keeps the current origin/dev tree but places it as one compliant sync commit on top of origin/homolog. Evidence before creating this branch: - PR #698 became mergeable after syncing homolog workflow changes into dev. - Local frozen install passed. - Local version verification passed. - Local packages/api typecheck passed. - Local focused API tests passed: 81 pass, 0 fail. - Dev pre-push full monorepo typecheck and test passed: 3972 pass, 0 fail. - GitHub PR #698 Quality Gate and Smoke Test passed. Scope: - Contains the current origin/dev tree as of 351c678. - Excludes unrelated local Gupshup multiline checkout changes.
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request bumps the project version to 2.260602.2 and introduces several key updates, including OpenTelemetry-based human lifecycle observability tracing with PII redaction in the agent dispatcher, improved reaction target resolution mapping Omni UUIDs to native external IDs, forwarding of WhatsApp voice notes as audio buffers, and an enhanced database search for sparse contacts across platform identities and chat participants. Reviewers suggested expanding the list of sensitive key patterns for redaction, adding a defensive check for undefined targets during reaction resolution, and defensively handling driver-specific query results when executing raw SQL in the person search service.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| const DM_HISTORY_LIMIT = 20; | ||
|
|
||
| const LIFECYCLE_PREVIEW_MAX_CHARS = 160; | ||
| const LIFECYCLE_SENSITIVE_KEY_PARTS = ['authorization', 'bearer', 'password', 'secret', 'token', 'api_key', 'apikey']; |
There was a problem hiding this comment.
Expand the list of sensitive key patterns to include common abbreviations like pass, pwd, auth, and credential. This helps prevent accidental exposure of sensitive credentials or tokens in the trace attributes if they are passed under abbreviated keys in the extra metadata object.
| const LIFECYCLE_SENSITIVE_KEY_PARTS = ['authorization', 'bearer', 'password', 'secret', 'token', 'api_key', 'apikey']; | |
| const LIFECYCLE_SENSITIVE_KEY_PARTS = ['authorization', 'bearer', 'password', 'pass', 'pwd', 'secret', 'token', 'api_key', 'apikey', 'auth', 'credential']; |
| if (target.chatId !== chatId) { | ||
| throw reactionTargetNotFound(instanceId, chatId, messageId); | ||
| } |
There was a problem hiding this comment.
Add a defensive check to ensure target is defined before accessing target.chatId. If services.messages.getById returns null or undefined instead of throwing a NotFoundError under certain conditions, accessing target.chatId directly will cause a runtime TypeError.
| if (target.chatId !== chatId) { | |
| throw reactionTargetNotFound(instanceId, chatId, messageId); | |
| } | |
| if (!target || target.chatId !== chatId) { | |
| throw reactionTargetNotFound(instanceId, chatId, messageId); | |
| } |
| LIMIT ${limit} | ||
| `); | ||
|
|
||
| return result as unknown as Person[]; |
There was a problem hiding this comment.
Depending on the underlying database driver configured with Drizzle (e.g., pg vs postgres), db.execute() may return a driver-specific query result object (where rows are nested under .rows) rather than a raw array of rows. To ensure driver-agnostic safety and prevent potential runtime crashes, defensively check if the result is an array or extract .rows.
const rows = Array.isArray(result) ? result : (result as any).rows ?? [];
return rows as Person[];
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4ad7c2cdea
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| function buildSendMediaMetadata(data: z.infer<typeof sendMediaSchema>): Record<string, unknown> { | ||
| if (data.type === 'audio' && data.voiceNote === true && data.base64) { | ||
| return { audioBuffer: Buffer.from(data.base64, 'base64'), ptt: true }; |
There was a problem hiding this comment.
For POST /messages/send/media requests with type: "audio", voiceNote: true, and a base64 MP3/WAV/etc., this branch replaces metadata.base64 with audioBuffer. The WhatsApp plugin's processAudioForVoiceNote() only looks at message.content.mediaUrl and message.metadata.base64 before converting to OGG/Opus, so these local uploads now skip conversion and are sent as PTT with the original mime type/buffer, which can make voice notes fail or arrive as invalid/non-voice audio. Please either keep base64 here or teach the converter to consume audioBuffer.
Useful? React with 👍 / 👎.
2 participants
Summary
Replacement for #698 (
dev→homolog) using a clean commit history.Why this exists:
origin/homologworkflow changes intoorigin/devat351c678f.31aecaf3) that predates this sync and violatesbody-max-line-length.devhistory would be riskier than creating this clean sync PR.What this branch does:
origin/homolog.origin/devtree as one compliant sync commit.HEADtree matchesorigin/devexactly./home/genie/workspace/omni-khortex-repair.PR #698 comment review
Reviewed comments/reviews before creating this replacement:
SendMediaSchemaOpenAPI schema lacksmimeTypeeven though route handling now accepts it. This is real follow-up API/SDK debt, but not a sync blocker; changing it here would make this replacement no longer be a pure dev→homolog tree sync.Validation
Local replacement branch:
git diff --quiet HEAD origin/dev→ PASS, tree matches current devbun install --frozen-lockfile→ PASSbun run verify:versions→ PASS, 21/21 files match2.260602.2(cd packages/api && bun run typecheck)→ PASSPrior #698 after dev sync:
Follow-up after merge
After this PR merges, #698 should be closed as superseded by this clean sync PR. Then continue with the separate canonical trash-reset fix PR to
dev, followed by a normal promotion PR tohomolog.