Conversation
When retries are exhausted, withBrowserbaseRetry threw a generic "Browserbase is temporarily unavailable" that hid the real upstream error. Append the underlying error text to the message so an exhausted retry is diagnosable from the UI/response, not only the server logs. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013zSwXMqVNvWLJBZEot9x12
…ing-tokens-schedule
…ry-cause fix(browserbase): surface the underlying cause on exhausted retries
|
The latest updates on your projects. Learn more about Vercel for GitHub.
2 Skipped Deployments
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
…on resume Staging logs proved the connect blocker after disableAPI shipped: init now fails at the Browserbase session resume — bb.sessions.retrieve(<id>) → "Premature close" on all 3 retries (deterministic, so retry can't help). That retrieve runs on Stagehand's OWN internal Browserbase client, which lacks the accept-encoding:identity header we added to our client in c8ed2e9 to stop exactly this compression-induced premature-close. Our own identity-encoded calls in the same flow (contexts.create, sessions.create, sessions.debug) succeed; only Stagehand's gzip retrieve fails — confirming the header is the difference. Stagehand hardcodes `new Browserbase({apiKey})`, so we can't inject the header into it. Fix: resolve the session's connectUrl ourselves via our identity-encoded client (getSessionConnectUrl), then attach Stagehand with env:'LOCAL' + localBrowserLaunchOptions.cdpUrl. Stagehand then connects straight to the session over CDP (connectOverCDP) and never makes its own bb.sessions.* call, eliminating the premature-close. extract/act/agent run locally against ANTHROPIC_API_KEY (env:'LOCAL' uses no hosted API), and we keep managing the session lifecycle ourselves (keepAlive + closeSession). Follow-up to #3230 (disableAPI); supersedes its BROWSERBASE-mode connect. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013zSwXMqVNvWLJBZEot9x12
…-url fix(browserbase): attach Stagehand over CDP to avoid premature-close on session resume
## Problem Evidence items assigned to users with custom roles (e.g. 'SecDev') appear unassigned on the dashboard and those users don't show up in the assignee filter dropdown, even though they have the necessary evidence management permissions. ## Root cause Two hardcoded role allowlists in the frontend filter out custom roles: 1. `page.tsx` lines 70-76 server-side filters team members to only `['owner', 'admin', 'auditor']` 2. `TaskList.tsx` line 121 filters eligible assignees using the same hardcoded list When a 'SecDev' role is assigned evidence, it gets dropped from both lists. The assignee lookup then finds nothing and displays 'Unassigned', and the filter dropdown never includes them as an option. ## Fix Replaced hardcoded role allowlists with permission-based checks that respect the actual permissions granted to each role. The frontend now queries whether a user has evidence management capabilities rather than checking against a fixed list of role names. This means any role with the right permissions will properly show assignees and appear in filters, regardless of what the role is called. ## Explicitly NOT touched - Permission/role assignment logic - Evidence creation or deletion flows - Audit logging or history - Any backend role definitions ## Verification ✅ Custom role members now appear in assignee filter dropdown ✅ Evidence assigned to custom roles displays with correct assignee name ✅ Admin and auditor roles still work as before ✅ Permission checks validate user can view/manage evidence before showing in lists
## Problem Users with custom roles like SecDev are not visible in the Assignee filter or task overview, even though they can be assigned tasks. This breaks workflows for organizations using custom role types. ## Root cause The client-side filter `filterMembersByOwnerOrAdmin` in `filter-members-by-role.ts` manually parses the comma-split role field and keeps only members with 'owner' or 'admin'. Any user with a custom role like 'SecDev' gets filtered out before the UI even displays them. The backend already returns all active members from /v1/people and allows assignment to any member (only blocking platform-admin users). This is a pure client-side display bug - SecDev members are fetched but hidden from the filter dropdown and task overview selectors. Duplicate filter logic also lives inline in TaskItemItem.tsx and has the same issue. ## Fix Removed the overly restrictive role check. Instead of filtering to only 'owner' or 'admin' roles, we now show all active members. The backend already enforces the actual permission boundaries, so the frontend doesn't need to second-guess role eligibility. Updated both the shared filter util and the inline duplicate logic in TaskItemItem.tsx to match. ## Explicitly NOT touched - RBAC checks or org scoping (backend handles these) - Platform admin role detection (unchanged, still blocks platform-admin user.role) - Task assignment endpoints or permissions - Other role-based filters elsewhere in the codebase ## Verification ✅ SecDev and other custom role members now appear in Assignee filter dropdown ✅ Custom role members visible in task overview selector ✅ Task assignment to custom roles works end-to-end ✅ Existing owner/admin assignment flows unchanged ✅ Platform admin restriction still in place
…0 follow-up) Joe's feedback on the families UI: the boxed per-family sections threw the columns out of alignment and the move control was too subtle. Rework into one unified list (folders + files, like Finder): - Single table with one set of columns. Families (folders) and ungrouped frameworks (files) are intermixed alphabetically at the root; a family's frameworks appear indented (~6 chars) beneath it when expanded. - Version / Status / Requirements / Controls columns are centred, the same whether a row is in a family or not — fixes the misalignment. - Family rows show the "n frameworks" / "Empty" count in the Version column and the status badge in the Status column (per the ticket), not floating by the name. - Move Framework is now a button on the toolbar row (next to Import / Create New Framework Family / Create New Framework); dropped the subtle per-row "→". - Extracted the tree-row builder into a pure, tested helper. Resizable columns (the wasted name↔version space) is FRAME-17, handled separately. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01MGwXoPb6qHxuHy8miVmyxT
…-evidence fix(evidence): include custom roles in assignee visibility and filters
feat(framework-editor): unified Finder-style frameworks list (FRAME-20 follow-up)
…ppearing fix(tasks): show custom roles in assignee filter and task overview
CS-544 [BUG] - refresh OAuth token issue
validateFileContent required the %PDF magic bytes at offset 0
(subarray(0,4).equals('%PDF')). Per ISO 32000 the header is allowed within the
first 1024 bytes, and some exporters/vendors (e.g. GoodHire) prepend a UTF-8 BOM
or whitespace — so a strict offset-0 check rejected otherwise-valid PDFs, surfacing
as "Failed to upload background check" on the attach-report flow.
PDFs are now validated by searching the first 1024 bytes for %PDF (handled
explicitly, like WebP). Image/zip magic-byte checks are unchanged (those formats
require the signature at offset 0).
21 tests pass (new: PDF with leading BOM accepted; non-PDF declared as PDF rejected).
Related: CS-570 (paul.everton attach-report failure).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
fix(attachments): accept PDFs with a leading BOM/whitespace before %PDF
Contributor
|
🎉 This PR is included in version 3.88.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.
Summary by cubic
Attach Stagehand to Browserbase over CDP using a resolved connect URL to eliminate “Premature close” errors and surface the upstream cause when retries are exhausted. Also include custom‑role members in task and evidence assignee filters, ship a unified Finder‑style frameworks list (FRAME‑20), add a daily job to refresh OAuth tokens before they expire, and accept PDFs with a leading BOM/whitespace during upload.
New Features
@trigger.dev/sdk; checks only the latest credential version per connection.Bug Fixes
connectUrlviagetSessionConnectUrl(with retry) and attach usingenv: 'LOCAL'+localBrowserLaunchOptions.cdpUrlto avoid resume errors.ServiceUnavailableExceptionso exhausted retries show the cause.%PDFheader appears within the first 1024 bytes (handles leading BOM/whitespace); still reject files declared as PDF without the header.Written for commit 8e02ddb. Summary will update on new commits.