feat(webapp): dashboard parity for mollifier-buffered runs#3757
Draft
d-cs wants to merge 4 commits into
Draft
Conversation
|
Contributor
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
d-cs
commented
May 26, 2026
d-cs
commented
May 26, 2026
d-cs
commented
May 26, 2026
d-cs
force-pushed
the
mollifier-phase-3-mutations
branch
from
b8ead31 to
109fbd7
Compare
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
dd31d60 to
ba09531
Compare
d-cs
force-pushed
the
mollifier-phase-3-mutations
branch
from
109fbd7 to
c7a66bd
Compare
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
ba09531 to
1de95f4
Compare
d-cs
added a commit
that referenced
this pull request
May 26, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
added a commit
that referenced
this pull request
May 26, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
3157546 to
432f81a
Compare
d-cs
force-pushed
the
mollifier-phase-3-mutations
branch
from
c7a66bd to
094d006
Compare
d-cs
added a commit
that referenced
this pull request
May 26, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
432f81a to
8c19830
Compare
d-cs
force-pushed
the
mollifier-phase-3-mutations
branch
from
094d006 to
9914976
Compare
d-cs
added a commit
that referenced
this pull request
May 26, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
8c19830 to
fd7e01d
Compare
d-cs
force-pushed
the
mollifier-phase-3-mutations
branch
from
9914976 to
2ee45a8
Compare
d-cs
added a commit
that referenced
this pull request
May 26, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
fd7e01d to
83880f8
Compare
d-cs
added a commit
that referenced
this pull request
May 26, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
83880f8 to
1a8fbc6
Compare
d-cs
force-pushed
the
mollifier-phase-3-mutations
branch
from
f4b6064 to
0547ba9
Compare
d-cs
added a commit
that referenced
this pull request
May 26, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
1a8fbc6 to
558703b
Compare
d-cs
force-pushed
the
mollifier-phase-3-mutations
branch
from
0547ba9 to
0708ce5
Compare
d-cs
added a commit
that referenced
this pull request
May 26, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
558703b to
372ca71
Compare
d-cs
force-pushed
the
mollifier-phase-3-mutations
branch
from
0708ce5 to
396552e
Compare
d-cs
added a commit
that referenced
this pull request
May 26, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
372ca71 to
1fd59a3
Compare
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
d-cs
force-pushed
the
mollifier-phase-3-mutations
branch
from
396552e to
eb2a777
Compare
d-cs
added a commit
that referenced
this pull request
May 26, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
1fd59a3 to
99ba3a7
Compare
d-cs
added a commit
that referenced
this pull request
May 26, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
99ba3a7 to
d6ea563
Compare
d-cs
force-pushed
the
mollifier-phase-3-mutations
branch
from
e0a57d9 to
b3d188c
Compare
d-cs
added a commit
that referenced
this pull request
May 27, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
b68df93 to
336bd16
Compare
d-cs
force-pushed
the
mollifier-phase-3-mutations
branch
from
b3d188c to
c970692
Compare
d-cs
added a commit
that referenced
this pull request
May 27, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
336bd16 to
d7eb3b6
Compare
d-cs
force-pushed
the
mollifier-phase-3-mutations
branch
from
c970692 to
ba084d8
Compare
d-cs
added a commit
that referenced
this pull request
May 27, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
d7eb3b6 to
79a0885
Compare
d-cs
force-pushed
the
mollifier-phase-3-mutations
branch
from
ba084d8 to
eb520ef
Compare
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
79a0885 to
c2898d3
Compare
d-cs
added a commit
that referenced
this pull request
May 27, 2026
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Dashboard run detail, span detail, streams view, realtime subscription, redirect routes, replay/cancel/idempotency-reset action routes, the logs download route, and the cancel dialog all handle buffered runs by falling back to the mollifier snapshot. Stacked on the mutations PR. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ity envId from realtime counter Three CodeRabbit findings from #3709, re-raised on #3757: - resources.taskruns.$runParam.debug.ts: buffered fallback returned the run's queue / concurrencyKey / queueTimestamp from the snapshot without verifying org membership. Any authenticated user who knew a friendlyId could read those fields across orgs. Now joins through orgMember the same way the PG path does and 404s on miss. - resources.runs.$runParam.logs.download.ts: same shape — the buffered placeholder leaked runId existence to non-members on direct URL access. Same orgMember check now gates the buffered branch. - mollifierTelemetry.server.ts: recordRealtimeBufferedSubscription was attaching envId (a UUID) as an OTEL counter dimension, violating the project's "no high-cardinality IDs in metric attributes" guideline. Dropped the parameter; the call site's logger.info still emits envId. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Three issues:
- spans.\$spanParam/route.tsx loader returned a raw \`Response\` (204
on spanId-mismatch) alongside typedjson, collapsing the
discriminated \`{type: "run"|"span"}\` union in the useTypedFetcher
consumer. Switched to \`throw new Response(null, { status: 204 })\`
so Remix exits cleanly without polluting the return type.
- resources.taskruns.\$runParam.debug.ts loader's buffered branch
returned \`engine: "V2"\` with \`runtimeEnvironment: null\`, widening
the V2 variant in debugRun.tsx and breaking every MarQS / RunQueue
key call site (run.runtimeEnvironment now nullable). Switched to
\`engine: "BUFFERED" as const\` so debugRun.tsx narrows the buffered
case to a dedicated panel — the V1/V2 panels recover their non-null
runtimeEnvironment assumption.
- Devin r3305402673: bare \`catch {}\` was swallowing the intentional
\`throw new Response("Not Found", { status: 404 })\` auth-check
fallthrough. Narrowed the try to only wrap \`buffer.getEntry\` (the
one call that can transient-fail). Authorization and snapshot
parsing now live outside the try, so an intentional 404 throw isn't
masked by the transient-error catch. Keeps \`throw\` rather than
Devin's suggested \`return\` because the consumer is typedjson-typed
and a raw-Response return collapses the discriminated union.
Also adds a dedicated DebugRunDataBuffered panel for buffered runs
that renders the snapshot's queue / concurrencyKey / task identifier
(buffered runs aren't on a PG queue, so the existing MarQS/RunQueue
panels would 404 anyway).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d-cs
force-pushed
the
mollifier-phase-3-dashboard
branch
from
c2898d3 to
0cdfe2c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Dashboard surfaces handle buffered runs by falling back to the mollifier snapshot:
_app.../runs.\$runParam,resources.../spans.\$spanParam,resources.../streams.\$streamKey).@.runs.\$runParam,runs.\$runParam,projects.v3.\$projectRef.runs.\$runParam).resources.taskruns/...andresources.../idempotencyKey.reset.realtime.v1.runs.\$runId,resources.../realtime.v1.*).CancelRunDialoggains anonCancelSubmittedcallback so submit isn't raced by the RadixDialogClosewrapper.Stacked on the mutations PR.
Test plan