Add request education features button and handle upskii-specific services

[VNOsST]

Summary by CodeRabbit

• New Features

  • Introduced workspace approval requests management, including a new approvals page, data table, status filtering, and row actions for approving or rejecting requests.
  • Added an "Approvals" navigation link in workspace settings.
  • Added an education access request banner and button for workspace owners when education features are unavailable.
  • Introduced support for platform services, allowing users and workspaces to be associated with specific services.

• Enhancements

  • User management pages now filter and display users based on their associated platform service (e.g., "NOVA" or "UPSKII").
  • Token verification components now support development mode for improved testing and debugging.

• Bug Fixes

  • Ensured proper normalization of user service data in user management views.

• Database & Types

  • Added new enum for platform services and updated user and workspace records to support service associations.
  • Updated database procedures and type definitions for consistency and new features.

[coderabbitai]

Walkthrough

This update introduces a new platform service enum and user services field across the database and type layers, implements workspace approval request management UI in Upskii, and enhances user filtering by platform service in Nova and Upskii dashboards. It also propagates a devMode prop through token verification components and logic.

Changes

File(s) / Area	Change Summary
apps/calendar/src/app/[locale]/(auth)/verify-token/page.tsx apps/famigo/src/app/[locale]/(auth)/verify-token/page.tsx apps/nova/src/app/[locale]/(auth)/verify-token/page.tsx apps/rewise/src/app/[locale]/(auth)/verify-token/page.tsx apps/upskii/src/app/[locale]/(auth)/verify-token/page.tsx	Passes devMode prop to TokenVerifier component, enabling conditional development mode logic.
packages/auth/src/cross-app/token-verifier.tsx packages/auth/src/cross-app/token-verifier-core.tsx	Adds devMode prop to TokenVerifier and TokenVerifierCore components, forwarding through the component tree.
packages/auth/src/cross-app/index.ts	Updates verifyRouteToken function signature to accept devMode and modifies logic to always verify tokens in development mode.
apps/db/supabase/migrations/20250609135112_add_platform_services.sql packages/types/src/supabase.ts	Adds platform_service enum, services array field to users and workspaces tables/types, and updates function argument orders for consistency.
apps/nova/src/app/[locale]/(dashboard)/(admin)/(role-management)/users/page.tsx apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(admin)/(role-management)/users/page.tsx	Filters and normalizes user data by platform service (NOVA or UPSKII) in user management dashboards.
apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/columns.tsx	Adds column definitions for workspace approval requests data table.
apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/page.tsx	Adds new page to display and filter workspace approval requests, with mock data and UI logic.
apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/row-actions.tsx	Introduces row action component for approving/rejecting workspace approval requests with simulated API calls.
apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/status-filter.tsx	Adds status filter dropdown component for approval requests table.
apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/layout.tsx	Adds "Approvals" navigation link to workspace settings navigation.
apps/upskii/src/app/[locale]/(dashboard)/[wsId]/layout.tsx	Renders EducationBanner for workspace owners when education feature is disabled, based on secret flag.
apps/upskii/src/components/request-access-button.tsx	Adds a button component to request education feature access for a workspace, with dialog and mock API.
apps/upskii/src/components/request-education-banner.tsx	Adds styled banner component for requesting education feature access, including the request button.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant VerifyTokenPage
    participant TokenVerifier
    participant TokenVerifierCore
    participant verifyRouteToken

    User->>VerifyTokenPage: Visit verify-token page
    VerifyTokenPage->>TokenVerifier: Render with devMode
    TokenVerifier->>TokenVerifierCore: Render with devMode
    TokenVerifierCore->>verifyRouteToken: Call with devMode
    verifyRouteToken-->>TokenVerifierCore: Result (token verified)
    TokenVerifierCore-->>TokenVerifier: Render outcome
    TokenVerifier-->>VerifyTokenPage: Render outcome

Loading

sequenceDiagram
    participant Admin
    participant ApprovalsPage
    participant getApprovalRequests
    participant DataTable
    participant ApprovalRowActions

    Admin->>ApprovalsPage: Visit approvals page
    ApprovalsPage->>getApprovalRequests: Fetch filtered approval requests
    getApprovalRequests-->>ApprovalsPage: Return requests data
    ApprovalsPage->>DataTable: Render with requests
    DataTable->>ApprovalRowActions: Render actions per row
    Admin->>ApprovalRowActions: Approve/Reject/View details
    ApprovalRowActions->>ApprovalsPage: (On approve/reject) Reload data

Loading

Possibly related PRs

• Implement cross-app authentication with token generation and validation #2293: Introduced the initial TokenVerifier component and VerifyTokenPage for cross-app token verification, which this PR extends by adding the devMode prop and related logic.

Suggested labels

upskii

Poem

In the warren of code, new features arise,
Approvals and banners, a bunny surprise!
With tokens in tow and services arrayed,
The dashboards now filter where users have played.
A hop and a skip, devMode in the mix—
This rabbit’s delighted with all of these tricks!
🐇✨

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

apps/nova/src/app/[locale]/(auth)/verify-token/page.tsx

Oops! Something went wrong! :(

ESLint: 9.29.0

Error [ERR_MODULE_NOT_FOUND]: Cannot find package '@typescript-eslint/parser' imported from /eslint.config.mjs
at Object.getPackageJSONURL (node:internal/modules/package_json_reader:255:9)
at packageResolve (node:internal/modules/esm/resolve:767:81)
at moduleResolve (node:internal/modules/esm/resolve:853:18)
at defaultResolve (node:internal/modules/esm/resolve:983:11)
at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:801:12)
at #cachedDefaultResolve (node:internal/modules/esm/loader:725:25)
at ModuleLoader.resolve (node:internal/modules/esm/loader:708:38)
at ModuleLoader.getModuleJobForImport (node:internal/modules/esm/loader:309:38)
at #link (node:internal/modules/esm/module_job:201:49)

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(admin)/(role-management)/users/page.tsx

Oops! Something went wrong! :(

ESLint: 9.29.0

Error [ERR_MODULE_NOT_FOUND]: Cannot find package '@typescript-eslint/parser' imported from /eslint.config.mjs
at Object.getPackageJSONURL (node:internal/modules/package_json_reader:255:9)
at packageResolve (node:internal/modules/esm/resolve:767:81)
at moduleResolve (node:internal/modules/esm/resolve:853:18)
at defaultResolve (node:internal/modules/esm/resolve:983:11)
at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:801:12)
at #cachedDefaultResolve (node:internal/modules/esm/loader:725:25)
at ModuleLoader.resolve (node:internal/modules/esm/loader:708:38)
at ModuleLoader.getModuleJobForImport (node:internal/modules/esm/loader:309:38)
at #link (node:internal/modules/esm/module_job:201:49)

apps/calendar/src/app/[locale]/(auth)/verify-token/page.tsx

Oops! Something went wrong! :(

ESLint: 9.29.0

Error [ERR_MODULE_NOT_FOUND]: Cannot find package '@typescript-eslint/parser' imported from /eslint.config.mjs
at Object.getPackageJSONURL (node:internal/modules/package_json_reader:255:9)
at packageResolve (node:internal/modules/esm/resolve:767:81)
at moduleResolve (node:internal/modules/esm/resolve:853:18)
at defaultResolve (node:internal/modules/esm/resolve:983:11)
at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:801:12)
at #cachedDefaultResolve (node:internal/modules/esm/loader:725:25)
at ModuleLoader.resolve (node:internal/modules/esm/loader:708:38)
at ModuleLoader.getModuleJobForImport (node:internal/modules/esm/loader:309:38)
at #link (node:internal/modules/esm/module_job:201:49)

• 16 others

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate Unit Tests

• Create PR with Unit Tests
• Commit Unit Tests in branch feat/add-upskii-permissions
• Post Copyable Unit Tests in Comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai auto-generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[graphite-app]

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• merge-queue - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

[codecov]

Codecov Report

Attention: Patch coverage is 0.25974% with 768 lines in your changes missing coverage. Please review.

Project coverage is 0.82%. Comparing base (0b0172d) to head (e4af605).
Report is 11 commits behind head on main.

Files with missing lines	Patch %	Lines
[...Id]/(workspace-settings)/approvals/row-actions.tsx](https://app.codecov.io/gh/tutur3u/platform/pull/3087?src=pr&el=tree&filepath=apps%2Fupskii%2Fsrc%2Fapp%2F%5Blocale%5D%2F%28dashboard%29%2F%5BwsId%5D%2F%28workspace-settings%29%2Fapprovals%2Frow-actions.tsx&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=tutur3u#diff-YXBwcy91cHNraWkvc3JjL2FwcC9bbG9jYWxlXS8oZGFzaGJvYXJkKS9bd3NJZF0vKHdvcmtzcGFjZS1zZXR0aW5ncykvYXBwcm92YWxzL3Jvdy1hY3Rpb25zLnRzeA==)	0.00%	179 Missing and 1 partial ⚠️
...rd)/[wsId]/(workspace-settings)/approvals/page.tsx	0.00%	174 Missing and 1 partial ⚠️
.../[wsId]/(workspace-settings)/approvals/columns.tsx	0.00%	128 Missing and 1 partial ⚠️
...ps/upskii/src/components/request-access-button.tsx	0.81%	122 Missing ⚠️
[...]/(workspace-settings)/approvals/status-filter.tsx](https://app.codecov.io/gh/tutur3u/platform/pull/3087?src=pr&el=tree&filepath=apps%2Fupskii%2Fsrc%2Fapp%2F%5Blocale%5D%2F%28dashboard%29%2F%5BwsId%5D%2F%28workspace-settings%29%2Fapprovals%2Fstatus-filter.tsx&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=tutur3u#diff-YXBwcy91cHNraWkvc3JjL2FwcC9bbG9jYWxlXS8oZGFzaGJvYXJkKS9bd3NJZF0vKHdvcmtzcGFjZS1zZXR0aW5ncykvYXBwcm92YWxzL3N0YXR1cy1maWx0ZXIudHN4)	0.00%	47 Missing and 1 partial ⚠️
...upskii/src/components/request-education-banner.tsx	2.56%	38 Missing ⚠️
...d)/[wsId]/(admin)/(role-management)/users/page.tsx	0.00%	19 Missing ⚠️
...ashboard)/(admin)/(role-management)/users/page.tsx	0.00%	17 Missing ⚠️
...kii/src/app/[locale]/(dashboard)/[wsId]/layout.tsx	0.00%	17 Missing ⚠️
...(dashboard)/[wsId]/(workspace-settings)/layout.tsx	0.00%	5 Missing ⚠️
... and 9 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3087      +/-   ##
==========================================
- Coverage    0.82%    0.82%   -0.01%     
==========================================
  Files        2506     2512       +6     
  Lines      311208   311962     +754     
  Branches     3008     3014       +6     
==========================================
+ Hits         2583     2585       +2     
- Misses     306485   307233     +748     
- Partials     2140     2144       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 6

🔭 Outside diff range comments (1)

packages/auth/src/cross-app/index.ts (1)

235-253: Avoid reading res.json() twice – second call will throw and skip the happy‐path

Response bodies are single-read streams.
The first read inside the !res.ok branch consumes the stream, so the second read a few lines later will reject with “body used already” and userId will stay undefined, breaking redirection.

-      if (!res.ok) {
-        const data = await res.json();
-        console.error('Error verifying token:', data.error);
-        router.push('/');
-        router.refresh();
-      }
-
-      const data = await res.json();
+      const data = await res.json().catch(() => null);
+
+      if (!res.ok || !data) {
+        console.error('Error verifying token:', data?.error ?? res.statusText);
+        router.push('/');
+        router.refresh();
+        return;
+      }

The single parse also lets you remove the duplicated data declaration.
Consider wrapping the fetch call in a try / catch to surface network failures explicitly.

♻️ Duplicate comments (3)

apps/upskii/src/app/[locale]/(auth)/verify-token/page.tsx (1)

1-5: Same sanity-check as in Nova

Ensure DEV_MODE is actually a boolean before forwarding. See the comment on the Nova file.

apps/rewise/src/app/[locale]/(auth)/verify-token/page.tsx (1)

1-5: Same sanity-check as in Nova

Ensure DEV_MODE is actually a boolean before forwarding. See the comment on the Nova file.

apps/famigo/src/app/[locale]/(auth)/verify-token/page.tsx (1)

1-5: Same sanity-check as in Nova

Ensure DEV_MODE is actually a boolean before forwarding. See the comment on the Nova file.

🧹 Nitpick comments (15)

packages/auth/src/cross-app/token-verifier.tsx (2)

6-6: Make devMode optional with a sane default

TokenVerifier now requires callers to provide devMode. Any remaining consumer that was not updated will fail to compile. 99 % of the time we just want “false” outside of dev builds, so expose a default to keep the API non-breaking:

-export function TokenVerifier({ devMode }: { devMode: boolean }) {
+export function TokenVerifier({ devMode = false }: { devMode?: boolean }) {

This retains type-safety while preventing accidental breakages and reduces noise at call-sites that truly don’t care about the flag.

---

20-27: Factor out duplicated loading UI

The suspense fallback duplicates the exact markup that already exists inside TokenVerifierCore. Consider extracting a <CenteredLoader/> component (or re-using LoadingIndicator directly) to avoid repetition and keep both call-sites visually in sync.

This is cosmetic but improves maintainability.

packages/auth/src/cross-app/token-verifier-core.tsx (1)

8-15: devMode should be optional with a sane default

TokenVerifierCore now mandates devMode: boolean, which forces every call-site to be updated immediately. An optional prop with a default value keeps the public API backward-compatible while still allowing the new behaviour:

-export function TokenVerifierCore({ devMode }: { devMode: boolean }) {
+export function TokenVerifierCore({ devMode = false }: { devMode?: boolean }) {

No functional change, but it prevents breakages in downstream apps that haven’t been migrated yet.

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/status-filter.tsx (2)

20-33: Avoid producing a trailing “?” when no query params remain

If the user selects “All” while on the first page with no other filters, params.toString() resolves to an empty string, resulting in the route /?:

-    router.push(`?${params.toString()}`);
+    const qs = params.toString();
+    router.push(qs ? `?${qs}` : '.');

(This keeps the URL clean and prevents an unnecessary history entry).

---

35-46: Consider router.replace to prevent stack spam

Filtering is a UI concern; using push creates a new history entry every time the user toggles the dropdown. replace keeps the back-button behaviour predictable.

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/layout.tsx (1)

54-61: Remove leftover debug logging

Console output on the server clutters logs:

-  console.log('ENABLE_EDUCATION', ENABLE_EDUCATION);

packages/auth/src/cross-app/index.ts (1)

210-216: devMode is required but undocumented & untyped router

The new devMode flag is handy, but the parameter object still uses any for router, losing IntelliSense and type-safety. Prefer importing AppRouterInstance (next/navigation) here.

import type { AppRouterInstance } from 'next/navigation';
…
router: AppRouterInstance;

Also document the expected behaviour of devMode in the JSDoc above the function.

apps/upskii/src/components/request-access-button.tsx (2)

60-67: Reset textarea when the dialog closes

Cancelling or simply toggling the dialog leaves the previous message in state.
Small UX win: clear the message when the dialog is closed so the next attempt starts with an empty field.

-    <Dialog open={open} onOpenChange={setOpen}>
+    <Dialog
+      open={open}
+      onOpenChange={(o) => {
+        if (!o) setMessage('');
+        setOpen(o);
+      }}
+    >

---

40-46: TODO left in committed code

// TODO: Replace with actual API call will be flagged by the linter (eslint/no-warning-comments).
Either convert it to a proper task tracked elsewhere or suppress via // eslint-disable-next-line eslint/no-warning-comments until the real API is wired up.

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(admin)/(role-management)/users/page.tsx (2)

142-163: Potential count mismatch identical to NOVA implementation

Same pattern: userData is filtered for "UPSKII" after the fact, while countData is returned untouched. Verify the RPC applies the same service filter; if not, pagination will be off.

Additionally, note the select() still pulls nova_team_members. That join is irrelevant here and adds overhead – worth dropping for Upskii.

---

175-176: Null-safe filter on users.services

contains('users.services', ['UPSKII']) excludes rows where services is NULL.
If historical users lack the column, decide whether they should be visible; otherwise you may need coalesce(services, '{}') in the RPC or a migration to default to an empty array.

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/row-actions.tsx (1)

165-180: Move mock logic out of production bundle

mockApprovalAction ships test code to users. Export a real API helper or guard-import the mock behind process.env.NODE_ENV !== 'production' to keep bundles lean.

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/columns.tsx (2)

8-9: Heavy moment dependency

moment adds ~300 KB gzip. Consider dayjs/date-fns or native Intl.DateTimeFormat for a lighter bundle.

---

11-14: Leaky any typing

approvalsColumns receives t as any. Declare a proper i18n type (e.g., TFunction) to retain type-safety across the table.

packages/types/src/supabase.ts (1)

7868-7870: Suspicious enum value "TUTURUUU"

platform_service now contains "TUTURUUU".
Is the triple-U spelling intentional? Typos in enum values silently break look-ups and equality checks across FE/BE, and they are hard to migrate later.

Also applies to: 8021-8024

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0b0172d and e4af605.

📒 Files selected for processing (20)

• apps/calendar/src/app/[locale]/(auth)/verify-token/page.tsx (1 hunks)
• apps/db/supabase/migrations/20250609135112_add_platform_services.sql (1 hunks)
• apps/famigo/src/app/[locale]/(auth)/verify-token/page.tsx (1 hunks)
• apps/nova/src/app/[locale]/(auth)/verify-token/page.tsx (1 hunks)
• apps/nova/src/app/[locale]/(dashboard)/(admin)/(role-management)/users/page.tsx (3 hunks)
• apps/rewise/src/app/[locale]/(auth)/verify-token/page.tsx (1 hunks)
• apps/upskii/src/app/[locale]/(auth)/verify-token/page.tsx (1 hunks)
• apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(admin)/(role-management)/users/page.tsx (3 hunks)
• apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/columns.tsx (1 hunks)
• apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/page.tsx (1 hunks)
• apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/row-actions.tsx (1 hunks)
• apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/status-filter.tsx (1 hunks)
• apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/layout.tsx (1 hunks)
• apps/upskii/src/app/[locale]/(dashboard)/[wsId]/layout.tsx (4 hunks)
• apps/upskii/src/components/request-access-button.tsx (1 hunks)
• apps/upskii/src/components/request-education-banner.tsx (1 hunks)
• packages/auth/src/cross-app/index.ts (2 hunks)
• packages/auth/src/cross-app/token-verifier-core.tsx (1 hunks)
• packages/auth/src/cross-app/token-verifier.tsx (2 hunks)
• packages/types/src/supabase.ts (15 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (5)

packages/auth/src/cross-app/token-verifier.tsx (1)

packages/auth/src/cross-app/token-verifier-core.tsx (1)

• TokenVerifierCore (8-22)

apps/upskii/src/app/[locale]/(auth)/verify-token/page.tsx (1)

packages/auth/src/cross-app/token-verifier.tsx (1)

• TokenVerifier (6-30)

packages/auth/src/cross-app/token-verifier-core.tsx (1)

packages/auth/src/cross-app/index.ts (1)

• verifyRouteToken (206-269)

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/row-actions.tsx (3)

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/page.tsx (1)

• WorkspaceApprovalRequest (164-175)

packages/ui/src/components/ui/sonner.tsx (1)

• toast (29-29)

packages/ui/src/components/ui/dropdown-menu.tsx (5)

• DropdownMenu (241-241)
• DropdownMenuTrigger (255-255)
• DropdownMenuContent (243-243)
• DropdownMenuItem (245-245)
• DropdownMenuSeparator (250-250)

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/layout.tsx (2)

packages/utils/src/user-helper.ts (1)

• getCurrentUser (16-41)

apps/upskii/src/components/request-education-banner.tsx (1)

• EducationBanner (13-56)

🪛 GitHub Check: codecov/patch

apps/nova/src/app/[locale]/(auth)/verify-token/page.tsx

[warning] 5-5: apps/nova/src/app/[locale]/(auth)/verify-token/page.tsx#L5
Added line #L5 was not covered by tests

apps/calendar/src/app/[locale]/(auth)/verify-token/page.tsx

[warning] 5-5: apps/calendar/src/app/[locale]/(auth)/verify-token/page.tsx#L5
Added line #L5 was not covered by tests

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/layout.tsx

[warning] 75-79: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/layout.tsx#L75-L79
Added lines #L75 - L79 were not covered by tests

apps/rewise/src/app/[locale]/(auth)/verify-token/page.tsx

[warning] 5-5: apps/rewise/src/app/[locale]/(auth)/verify-token/page.tsx#L5
Added line #L5 was not covered by tests

apps/upskii/src/app/[locale]/(auth)/verify-token/page.tsx

[warning] 5-5: apps/upskii/src/app/[locale]/(auth)/verify-token/page.tsx#L5
Added line #L5 was not covered by tests

apps/nova/src/app/[locale]/(dashboard)/(admin)/(role-management)/users/page.tsx

[warning] 139-147: apps/nova/src/app/[locale]/(dashboard)/(admin)/(role-management)/users/page.tsx#L139-L147
Added lines #L139 - L147 were not covered by tests

---

[warning] 152-157: apps/nova/src/app/[locale]/(dashboard)/(admin)/(role-management)/users/page.tsx#L152-L157
Added lines #L152 - L157 were not covered by tests

---

[warning] 171-171: apps/nova/src/app/[locale]/(dashboard)/(admin)/(role-management)/users/page.tsx#L171
Added line #L171 was not covered by tests

---

[warning] 220-220: apps/nova/src/app/[locale]/(dashboard)/(admin)/(role-management)/users/page.tsx#L220
Added line #L220 was not covered by tests

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/status-filter.tsx

[warning] 2-48: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/status-filter.tsx#L2-L48
Added lines #L2 - L48 were not covered by tests

apps/upskii/src/components/request-access-button.tsx

[warning] 3-4: apps/upskii/src/components/request-access-button.tsx#L3-L4
Added lines #L3 - L4 were not covered by tests

---

[warning] 13-17: apps/upskii/src/components/request-access-button.tsx#L13-L17
Added lines #L13 - L17 were not covered by tests

---

[warning] 24-30: apps/upskii/src/components/request-access-button.tsx#L24-L30
Added lines #L24 - L30 were not covered by tests

---

[warning] 32-36: apps/upskii/src/components/request-access-button.tsx#L32-L36
Added lines #L32 - L36 were not covered by tests

---

[warning] 38-39: apps/upskii/src/components/request-access-button.tsx#L38-L39
Added lines #L38 - L39 were not covered by tests

---

[warning] 41-46: apps/upskii/src/components/request-access-button.tsx#L41-L46
Added lines #L41 - L46 were not covered by tests

---

[warning] 48-58: apps/upskii/src/components/request-access-button.tsx#L48-L58
Added lines #L48 - L58 were not covered by tests

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/columns.tsx

[warning] 2-129: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/columns.tsx#L2-L129
Added lines #L2 - L129 were not covered by tests

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/row-actions.tsx

[warning] 2-180: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/row-actions.tsx#L2-L180
Added lines #L2 - L180 were not covered by tests

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/page.tsx

[warning] 2-175: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/page.tsx#L2-L175
Added lines #L2 - L175 were not covered by tests

apps/famigo/src/app/[locale]/(auth)/verify-token/page.tsx

[warning] 5-5: apps/famigo/src/app/[locale]/(auth)/verify-token/page.tsx#L5
Added line #L5 was not covered by tests

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/layout.tsx

[warning] 5-5: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/layout.tsx#L5
Added line #L5 was not covered by tests

---

[warning] 54-61: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/layout.tsx#L54-L61
Added lines #L54 - L61 were not covered by tests

---

[warning] 278-278: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/layout.tsx#L278
Added line #L278 was not covered by tests

---

[warning] 281-284: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/layout.tsx#L281-L284
Added lines #L281 - L284 were not covered by tests

---

[warning] 323-325: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/layout.tsx#L323-L325
Added lines #L323 - L325 were not covered by tests

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(admin)/(role-management)/users/page.tsx

[warning] 142-152: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(admin)/(role-management)/users/page.tsx#L142-L152
Added lines #L142 - L152 were not covered by tests

---

[warning] 156-161: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(admin)/(role-management)/users/page.tsx#L156-L161
Added lines #L156 - L161 were not covered by tests

---

[warning] 175-175: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(admin)/(role-management)/users/page.tsx#L175
Added line #L175 was not covered by tests

---

[warning] 224-224: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(admin)/(role-management)/users/page.tsx#L224
Added line #L224 was not covered by tests

🪛 GitHub Check: CodeFactor

apps/upskii/src/components/request-access-button.tsx

[notice] 40-40: apps/upskii/src/components/request-access-button.tsx#L40
Unresolved 'todo' comment. (eslint/no-warning-comments)

---

[notice] 144-144: apps/upskii/src/components/request-access-button.tsx#L144
Unresolved 'todo' comment. (eslint/no-warning-comments)

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/row-actions.tsx

[notice] 45-45: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/row-actions.tsx#L45
Unresolved 'todo' comment. (eslint/no-warning-comments)

---

[notice] 30-30: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/row-actions.tsx#L30
Unresolved 'todo' comment. (eslint/no-warning-comments)

---

[notice] 168-168: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/row-actions.tsx#L168
Unresolved 'todo' comment. (eslint/no-warning-comments)

---

[notice] 58-58: apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/row-actions.tsx#L58
Unresolved 'todo' comment. (eslint/no-warning-comments)

🔇 Additional comments (14)

apps/nova/src/app/[locale]/(auth)/verify-token/page.tsx (1)

1-5: Confirm DEV_MODE is a boolean constant

TokenVerifier expects a boolean, but environment flags sometimes arrive as strings ('true' | 'false'). Double-check the definition in @/constants/common and coerce if necessary, e.g.:

export const DEV_MODE = process.env.NEXT_PUBLIC_DEV_MODE === 'true';

Failing to do so will silently pass a truthy string and change runtime behaviour.

apps/calendar/src/app/[locale]/(auth)/verify-token/page.tsx (1)

1-5: Looks good – constant propagated correctly

DEV_MODE is forwarded without altering existing logic.

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/layout.tsx (3)

5-5: Import is fine

EducationBanner pulled in without side-effects.

---

281-284: Variable naming: favour explicit boolean

isWorkspaceCreator is boolean – good. shouldShowRequestButton combines two flags clearly – LGTM.

---

323-325: Minor: avoid rendering empty banner props

Guard already ensures workspace.name exists, so safe. No action required.

apps/nova/src/app/[locale]/(dashboard)/(admin)/(role-management)/users/page.tsx (1)

152-159: userCount may now be inconsistent with filtered data

count_search_users presumably returns the total number of matches before the new "NOVA" filter is applied. After filtering the array on the client, userData.length can be ≠ userCount, breaking pagination/UI.

Make sure the RPC itself filters on users.services @> ARRAY['NOVA'] (or add a dedicated count on the client).

userCount: (countData || 0) as number // ensure server already filtered

Otherwise compute the count from the filtered list.

apps/upskii/src/components/request-education-banner.tsx (1)

52-54: Looks good – cohesive composition

The banner cleanly delegates submission logic to RequestAccessButton and is themable. No issues spotted.

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/row-actions.tsx (1)

55-58: TODO left unimplemented — provide user flow

handleViewDetails only throws a toast. Either implement a modal/route or remove the menu item until it’s ready. Leaving dead-end actions frustrates users.

apps/upskii/src/app/[locale]/(dashboard)/[wsId]/(workspace-settings)/approvals/page.tsx (1)

21-32: Redundant await statements

Because params / searchParams are synchronous objects, the multiple await usages are no-ops. Removing them simplifies the flow and avoids misleading async semantics.

apps/db/supabase/migrations/20250609135112_add_platform_services.sql (1)

12-74: Potential race on used_at update

UPDATE cross_app_tokens … WHERE token = p_token; lacks a status check. Concurrent requests could mark the same token used multiple times. Add used_at IS NULL to the WHERE clause or use RETURNING to ensure single consumption.

UPDATE public.cross_app_tokens
SET used_at = now()
WHERE token = p_token
  AND used_at IS NULL;

packages/types/src/supabase.ts (4)

4511-4534: New services column requires callers & default-handling updates

The users table now exposes an optional services: platform_service[] | null field.

1. Verify that every read/write path (API, Prisma‐layer, zod schemas, UI forms, etc.) tolerates:
   • undefined (Insert/Update)
   • null (Row)
   • an empty array
2. If a non-null default (e.g. 'NOVA') was set in the migration, keeping the TS type as null | …[] can lead to unnecessary null-checks. Consider aligning the generated type with DB reality by setting default null → null removed, or document the divergence.

---

7780-7788: search_users signature changed → audit all call-sites

page_number & page_size are now mandatory in all union members. Old code passing {search_query} only will no longer type-check and will fail at runtime when calling the RPC.
Run a global grep-for-usage before merging.

---

7848-7854: validate_cross_app_token_with_session type lacks the new devMode arg mentioned in PR description

The PR summary says the function was reordered and extended with a devMode flag, but the generated type still shows only (p_token, p_target_app).
Either the summary is outdated or the type generation missed a DB change—both are dangerous.

Likely an incorrect or invalid review comment.

---

7442-7446: Bulk argument / return-shape tweaks – double-check generated clients

Several stored procedures had subtle shape changes (added fields, reordered args). Auto-generated clients must be regenerated (supabase gen types / openapi-ts, etc.) and committed, otherwise consumers will compile against stale signatures.

Also applies to: 7493-7498, 7513-7520, 7560-7565, 7700-7701, 7722-7725, 7743-7745, 7755-7757

[vhpx]

LGTM! Thanks @VNOsST.