Conversation
The execution digest panel renders for owners and admins, but its Upgrade button pushed to /billing which is owner-only (and 404s when billing is disabled). Admins were silently redirected home, so the button appeared to do nothing. Pass canManageBilling into ExecutionDigestSection and branch the CTA: hide the button when billing is disabled, show a disabled button with an explanatory tooltip for non-owners, and a live button for owners.
…er-gate fix(notifications): gate digest upgrade button to owners
…cution-error-metrics feat: add per-workflow execution error counter for alert dedup (TECH-42)
The sign-in email-code dialog is the uncontrolled AuthDialog owned by UserMenu. When the tab regains focus, Better Auth refetches the session; for a visitor with no session that refetch flips isPending to true, and UserMenu swapped the dialog for a loading skeleton, unmounting it and dropping the in-progress code entry. Track when the dialog is on a verification step (email OTP, TOTP, or signup email verify) via a module flag and keep UserMenu from unmounting the dialog while that flag is set, mirroring the existing single-provider sign-in guard.
…-tab-switch fix: keep email-code modal mounted across tab switch
The execution-digest CronJob runs deploy/scripts/digest-cron.sh in the app (runner) image to call /api/internal/execution-digest with an HMAC signature. The script shells out to openssl to compute the body digest and signature, but the runner stage only installed curl. node:24-alpine ships libssl but not the openssl CLI, so both calls failed with openssl: not found, the signature came out empty, and the endpoint rejected every run with 401 Missing HMAC headers. No digests were ever delivered. Install openssl alongside curl so the signing computes a valid signature. Verified end-to-end in node:24-alpine: the real script with openssl present produces a signature that the server verification algorithm in lib/internal-service-auth.ts accepts.
Add an owner/admin-gated endpoint returning per-member two-factor enrollment and surface it as a badge in the members list. Better Auth's listMembers does not expose two_factor_enabled, so a dedicated route joins users to report it. Statuses load only when the viewer can manage the org.
…status feat(org): show member 2FA status to owners and admins
fix: add openssl to runner image so digest cron can sign HMAC requests
joelorzet
requested review from
a team,
OleksandrUA,
eskp and
suisuss
and removed request for
a team
joelorzet
added
the
metrics-db-reviewed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.