ENG-200: cw cert runner fixes #4403
Conversation
Part of ENG-200 Signed-off-by: RamilGaripov <ramil@metriport.com>
WalkthroughRefactors initiator-only org flow to create an org, fetch it by returned ID, and perform a single update, with streamlined logging and error handling. Adjusts Organization model schemas: broadens securityTokenKeyType to string/nullish and includes securityTokenKeyType and gateways in OrganizationWithoutNetworkInfo. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor User
participant Flow as InitiatorOnlyOrgFlow
participant OrgAPI as Org Service
User->>Flow: Start initiator-only org flow
Flow->>OrgAPI: createOrg(payload: gateways=[], securityTokenKeyType="")
OrgAPI-->>Flow: organizationId
Flow->>OrgAPI: getOneOrg(organizationId)
OrgAPI-->>Flow: organization
Note over Flow: Prepare update: ensure securityTokenKeyType=""<br/>delete authorizationInformation
Flow->>OrgAPI: updateOrg(organization)
OrgAPI-->>Flow: update result
Flow-->>User: Log success or errors
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Tip 🔌 Remote MCP (Model Context Protocol) integration is now available!Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats. ✨ Finishing Touches
🧪 Generate unit tests
🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
Part of ENG-200 Signed-off-by: RamilGaripov <ramil@metriport.com>
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (4)
packages/commonwell-sdk/src/models/organization.ts (1)
60-60: ConstrainsecurityTokenKeyTypeand normalize empty-string inputsBroadening to
z.string().nullish()weakens validation and allows arbitrary/empty values. If the CW API occasionally sends/accepts empty strings, preprocess them toundefinedand keep a constrained enum otherwise. This preserves schema safety while still supporting the runner’s current behavior.Apply this diff:
- securityTokenKeyType: z.string().nullish(), + securityTokenKeyType: z.preprocess( + val => (val === "" ? undefined : val), + z.union([ + z.literal("JWT"), + z.literal("BEARER"), + z.literal("HOLDER-OF-KEY"), + ]).optional() + ),packages/commonwell-cert-runner/src/flows/org-management-initiator-only.ts (3)
30-33: Prefer omitting fields over sending empty/sentinel values
- gateways: setting to [] is fine if CW accepts an empty list; otherwise prefer leaving it undefined.
- securityTokenKeyType: sending an empty string is a weak sentinel. Prefer omitting the field instead.
This reduces payload ambiguity and aligns better with API semantics.
Apply this diff:
- initiatorOnlyOrgCreate.gateways = []; - initiatorOnlyOrgCreate.securityTokenKeyType = ""; - delete initiatorOnlyOrgCreate.authorizationInformation; + initiatorOnlyOrgCreate.gateways = []; + delete initiatorOnlyOrgCreate.securityTokenKeyType; + delete initiatorOnlyOrgCreate.authorizationInformation;Please confirm whether CommonWell requires the property to be present (even if empty). If so, we can keep the property but normalize empty strings to undefined at the schema layer (see suggested preprocess in the SDK).
40-43: Nit: add a space after the colon; also consider redacting secrets in logs
- Minor formatting: add a space after "Transaction ID:" for consistency.
- Response logs may include authorizationInformation.clientSecret. Consider redacting before logging to avoid accidental secret exposure even in tooling.
Apply this diff for spacing:
- console.log(">>> Transaction ID:" + commonWellMember.lastTransactionId); + console.log(">>> Transaction ID: " + commonWellMember.lastTransactionId);Optionally, add a small helper to sanitize logs (example):
function safeStringifyOrg(org: unknown): string { try { const clone = JSON.parse(JSON.stringify(org)); if (clone && typeof clone === "object" && "authorizationInformation" in clone) { // @ts-expect-error runtime guard const ai = clone.authorizationInformation; if (ai && typeof ai === "object" && "clientSecret" in ai) { ai.clientSecret = "***redacted***"; } } return JSON.stringify(clone, null, 2); } catch { return String(org); } }Then use:
- console.log(">>> Response: " + safeStringifyOrg(respCreateInitiatorOnly));
- console.log(">>> Response: " + safeStringifyOrg(respGetInitiatorOnly));
- console.log(">>> Response: " + safeStringifyOrg(respUpdateInitiatorOnly));
51-53: Avoid empty-string sentinels and prefer truthy checks overin
- Prefer omitting
securityTokenKeyTyperather than setting it to an empty string.- Align with our guideline to use truthy syntax instead of
in.Apply this diff:
- initiatorOnlyOrg.securityTokenKeyType = ""; - if ("authorizationInformation" in initiatorOnlyOrg) { - delete initiatorOnlyOrg.authorizationInformation; - } + delete initiatorOnlyOrg.securityTokenKeyType; + if (initiatorOnlyOrg.authorizationInformation) { + delete initiatorOnlyOrg.authorizationInformation; + }
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled
- Linear integration is disabled
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (2)
packages/commonwell-cert-runner/src/flows/org-management-initiator-only.ts(2 hunks)packages/commonwell-sdk/src/models/organization.ts(1 hunks)
🧰 Additional context used
📓 Path-based instructions (3)
**/*.{js,jsx,ts,tsx}
📄 CodeRabbit Inference Engine (.cursorrules)
**/*.{js,jsx,ts,tsx}: Don’t use null inside the app, only on code interacting with external interfaces/services, like DB and HTTP; convert to undefined before sending inwards into the code
Useconstwhenever possible
Useasync/awaitinstead of.then()
Naming: classes, enums: PascalCase
Naming: constants, variables, functions: camelCase
Naming: file names: kebab-case
Naming: Don’t use negative names, likenotEnabled, preferisDisabled
If possible, use decomposing objects for function parameters
Prefer Nullish Coalesce (??) than the OR operator (||) when you want to provide a default value
Avoid creating arrow functions
Use truthy syntax instead ofin- i.e.,if (data.link)notif ('link' in data)
While handling errors, keep the stack trace around: if you create a new Error (e.g., MetriportError), make sure to pass the original error as the new one’s cause so the stack trace is available upstream.
max column length is 100 chars
multi-line comments use/** */
top-level comments go after the import (save pre-import to basic file header, like license)
move literals to constants declared after imports when possible
Files:
packages/commonwell-sdk/src/models/organization.tspackages/commonwell-cert-runner/src/flows/org-management-initiator-only.ts
**/*.{ts,tsx}
📄 CodeRabbit Inference Engine (.cursorrules)
Use types whenever possible
Files:
packages/commonwell-sdk/src/models/organization.tspackages/commonwell-cert-runner/src/flows/org-management-initiator-only.ts
**/*.ts
⚙️ CodeRabbit Configuration File
**/*.ts: - Use the Onion Pattern to organize a package's code in layers
- Try to use immutable code and avoid sharing state across different functions, objects, and systems
- Try to build code that's idempotent whenever possible
- Prefer functional programming style functions: small, deterministic, 1 input, 1 output
- Minimize coupling / dependencies
- Avoid modifying objects received as parameter
- Only add comments to code to explain why something was done, not how it works
- Naming
- classes, enums:
PascalCase- constants, variables, functions:
camelCase- file names:
kebab-case- table and column names:
snake_case- Use meaningful names, so whoever is reading the code understands what it means
- Don’t use negative names, like
notEnabled, preferisDisabled- For numeric values, if the type doesn’t convey the unit, add the unit to the name
- Typescript
- Use types
- Prefer
constinstead oflet- Avoid
anyand casting fromanyto other types- Type predicates: only applicable to narrow down the type, not to force a complete type conversion
- Prefer deconstructing parameters for functions instead of multiple parameters that might be of
the same type- Don’t use
nullinside the app, only on code interacting with external interfaces/services,
like DB and HTTP; convert toundefinedbefore sending inwards into the code- Use
async/awaitinstead of.then()- Use the strict equality operator
===, don’t use abstract equality operator==- When calling a Promise-returning function asynchronously (i.e., not awaiting), use
.catch()to
handle errors (seeprocessAsyncErrorandemptyFunctiondepending on the case)- Date and Time
- Always use
buildDayjs()to createdayjsinstances- Prefer
dayjs.duration(...)to create duration consts and keep them asduration- Prefer Nullish Coalesce (??) than the OR operator (||) to provide a default value
- Avoid creating arrow functions
- U...
Files:
packages/commonwell-sdk/src/models/organization.tspackages/commonwell-cert-runner/src/flows/org-management-initiator-only.ts
🧠 Learnings (2)
📓 Common learnings
Learnt from: RamilGaripov
PR: metriport/metriport#4176
File: packages/fhir-converter/src/lib/handlebars-converter/handlebars-helpers.js:296-320
Timestamp: 2025-07-17T21:24:37.077Z
Learning: RamilGaripov prefers to maintain consistency with existing patterns in a file rather than making isolated fixes to coding guideline violations like var vs const declarations, when the pattern is already established throughout the codebase.
📚 Learning: 2025-07-16T19:02:26.395Z
Learnt from: leite08
PR: metriport/metriport#4095
File: packages/commonwell-cert-runner/src/flows/org-management.ts:79-85
Timestamp: 2025-07-16T19:02:26.395Z
Learning: In packages/commonwell-cert-runner/src/flows/org-management.ts, the silent error handling in the certificate retrieval catch block is intentional to allow the certification flow to continue processing even when certificate operations fail, as this is a testing tool rather than production code.
Applied to files:
packages/commonwell-cert-runner/src/flows/org-management-initiator-only.ts
🔇 Additional comments (4)
packages/commonwell-sdk/src/models/organization.ts (1)
60-60: Verify downstream assumptions after broadeningsecurityTokenKeyTypeand addinggatewaysPlease manually confirm that no downstream code breaks due to:
• Call sites comparing
securityTokenKeyTypeagainst specific literals (e.g."JWT","BEARER","HOLDER-OF-KEY"), empty string,null, orundefined.
• Any logic assumingOrganizationWithoutNetworkInfolacks agatewaysproperty now that it’s included.packages/commonwell-cert-runner/src/flows/org-management-initiator-only.ts (3)
4-4: Import changes LGTMRemoving reliance on a static OID and keeping only member creds is a good simplification for the initiator-only flow.
34-34: Good call commenting out verbose request payload logsThis avoids multi-line logs and reduces risk of leaking sensitive request details during local runs.
49-49: Good to keep the updated payload log commentedStays consistent with avoiding verbose/multi-line logs while still handy for quick toggling during local debugging.
Part of ENG-200
Issues:
Dependencies
Description
[]for the initiator-only flow to workTesting
Release Plan
Summary by CodeRabbit
Refactor
Bug Fixes
Chores
New Features