✨️ server: add activity and push notification on card decline#622
✨️ server: add activity and push notification on card decline#622
Conversation
🦋 Changeset detectedLatest commit: 645b403 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. WalkthroughAdds server-side decline handling: classifies decline reasons, routes frozen/error flows through new decline handlers, persists declined transaction bodies, triggers push notifications for specific declines, expands activity schema to include "requested" and "declined", and adds tests for decline and notification flows. Changes
Sequence Diagram(s)sequenceDiagram
participant Client
participant CardSystem as Card System
participant PandaHook as Panda Hook
participant DB as Database
participant Notif as Notification Service
Client->>CardSystem: submit transaction
CardSystem->>PandaHook: webhook / payload
PandaHook->>DB: fetch card & transaction
alt card FROZEN or not ACTIVE
DB-->>PandaHook: status != ACTIVE
PandaHook->>PandaHook: getDeclineReason()
PandaHook->>PandaHook: handleRejectedTransactionSync()
PandaHook-->>CardSystem: decline response
else error or decline during processing
PandaHook->>PandaHook: getDeclineReason()
PandaHook->>DB: updateTransactionRecord(...) with declined body
DB-->>PandaHook: OK
PandaHook->>PandaHook: handleDeclinedTransaction()
PandaHook->>Notif: sendDeclinedNotification()
Notif-->>Client: push notification
else success
PandaHook-->>CardSystem: success response
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello @aguxez, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the server's transaction handling by introducing a mechanism to process declined card transactions. The immediate user-facing change is the implementation of push notifications, which will inform users instantly about rejected purchases. Although the foundational code for recording these declined transactions as user activity has been added, this specific database logging functionality is temporarily disabled, pending the development of corresponding user interface elements. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds push notifications for declined card transactions. The implementation in server/hooks/panda.ts introduces a handleDeclinedTransaction function to send these notifications. The logic for adding declined transactions to the user's activity feed is included but commented out, pending UI designs, which is a good approach. Corresponding tests have been added as it.todo.
My review includes a couple of suggestions for improvement:
- Improving type safety in the new
handleDeclinedTransactionfunction. - Pointing out a discrepancy between a new test case and the commented-out implementation logic, which should be resolved before the feature is fully enabled.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In @server/hooks/panda.ts:
- Around line 955-998: Remove the large commented-out DB logic inside
handleDeclinedTransaction and track the work in your issue tracker: create an
issue describing the pending UI changes needed to handle declined transactions
and include its ID; then replace the commented block with a single-line comment
in handleDeclinedTransaction referencing that issue (e.g., "See ISSUE-1234:
enable declined-transaction persistence once UI supports it"). Ensure the rest
of the function (push notification and error capture) remains unchanged.
- Line 965: Replace the existing comment "// TODO: Enable once UI has proper
designs to handle declined transactions in activity" with the coding-guideline
compliant format: use uppercase tag, a single space, and a fully lowercase
comment body (e.g. "// TODO enable once ui has proper designs to handle declined
transactions in activity"); update the line containing that TODO comment in the
server/hooks/panda.ts hook to remove the colon and capitalize only the TODO tag.
📜 Review details
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (3)
.changeset/honest-peas-stand.mdserver/hooks/panda.tsserver/test/hooks/panda.test.ts
🧰 Additional context used
📓 Path-based instructions (7)
**/.changeset/*.md
📄 CodeRabbit inference engine (.cursor/rules/style.mdc)
Use a lowercase sentence in the imperative present tense for changeset summaries
Files:
.changeset/honest-peas-stand.md
server/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/server.mdc)
server/**/*.ts: Usec.varobject to pass strongly-typed data between Hono middleware and route handlers; do not usec.set
All request validation (headers, body, params) must be handled by@hono/valibot-validatormiddleware; do not perform manual validation inside route handlers
Use Hono's built-in error handling by throwingnew HTTPException()for expected errors; unhandled errors will be caught and logged automatically
Enforce Node.js best practices using ESLintplugin:n/recommendedconfiguration
Enforce Drizzle ORM best practices using ESLintplugin:drizzle/allconfiguration, including requiringwhereclauses forupdateanddeleteoperations
Use Drizzle ORM query builder for all database interactions; do not write raw SQL queries unless absolutely unavoidable
All authentication and authorization logic must be implemented in Hono middleware
Do not accessprocess.envdirectly in application code; load all configuration and secrets once at startup and pass them through dependency injection or context
Avoid long-running, synchronous operations; useasync/awaitcorrectly and be mindful of CPU-intensive tasks to prevent blocking the event loop
Files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
**/*.{js,ts,tsx,jsx,sol}
📄 CodeRabbit inference engine (AGENTS.md)
Follow linter/formatter (eslint, prettier, solhint) strictly with high strictness level. No
anytype.
Files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Omit redundant type names in variable declarations - let the type system explain itself
**/*.{ts,tsx}: Use PascalCase for TypeScript types and interfaces
Use valibot for all runtime validation of API inputs, environment variables, and other data; define schemas once and reuse them
Infer TypeScript types from valibot schemas usingtype User = v.Input<typeof UserSchema>instead of manually defining interfaces
Files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx,js,jsx}: Omit contextual names - don't repeat class/module names in members
Omit meaningless words like 'data', 'state', 'manager', 'engine', 'value' from variable and function names unless they add disambiguation
**/*.{ts,tsx,js,jsx}: Prefer function declarations for all multi-line functions; use function expressions or arrow functions only for single-line implementations
Preferconstfor all variable declarations by default; only useletif the variable's value will be reassigned
Declare each variable on its own line with its ownconstorletkeyword, not multiple declarations on one line
Use camelCase for TypeScript variables and functions
Always useimport type { ... }for type imports
Use relative paths for all imports within the project; avoid tsconfig path aliases
Follow eslint-plugin-import order: react, external libraries, then relative paths
Use object and array destructuring to access and use properties
Use object method shorthand syntax when a function is a property of an object
Prefer optional chaining (?.), nullish coalescing (??), object and array spreading (...), andfor...ofloops over traditional syntax
Do not use abbreviations or cryptic names; write out full words likeerror,parameters,requestinstead oferr,params,req
UseNumber.parseInt()instead of the globalparseInt()function when parsing numbers
All classes called withnewmust use PascalCase
UseBuffer.from(),Buffer.alloc(), orBuffer.allocUnsafe()instead of the deprecatednew Buffer()
Use@ts-expect-errorinstead of@ts-ignore; follow it immediately with a single-line lowercase comment explaining why the error is expected, without separators like-or:
Do not include the type in a variable's name; let the static type system do its job (e.g., useconst user: Usernotconst userObject: User)
Do not repeat the name of a class or module within its members; omit contextual names (e.g., use `class User { getProfil...
Files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
server/**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
server/**/*.{ts,tsx}: Server API: implement schema-first approach using OpenAPI via hono with validation via valibot middleware
Server database: drizzle schema is source of truth. Migrations required. No direct database access in handlers - usec.var.db
Files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/style.mdc)
For files with a single
defaultexport, name the file identically to the export; for files with multiple exports, use camelCase with a strong preference for a single word
Files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
🧠 Learnings (2)
📚 Learning: 2025-12-31T00:23:55.034Z
Learnt from: cruzdanilo
Repo: exactly/exa PR: 610
File: .changeset/ready-experts-fly.md:1-2
Timestamp: 2025-12-31T00:23:55.034Z
Learning: In the exactly/exa repository, allow and require empty changeset files (containing only --- separators) when changes are not user-facing and do not warrant a version bump. This is needed because CI runs changeset status --since origin/main and requires a changeset file to exist. Ensure such empty changesets are used only for non-user-facing changes and document the rationale in the commit or changelog notes.
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:58:16.574Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T19:58:16.574Z
Learning: Zero config local dev environment: no `.env` files, mock all external services
Applied to files:
server/test/hooks/panda.test.ts
🧬 Code graph analysis (2)
server/hooks/panda.ts (1)
server/utils/onesignal.ts (1)
sendPushNotification(7-25)
server/test/hooks/panda.test.ts (1)
server/database/schema.ts (1)
transactions(36-43)
🔇 Additional comments (5)
server/test/hooks/panda.test.ts (2)
2-2: LGTM!Import adjustments for mocks are clean and improve organization.
Also applies to: 7-7
1352-1439: Test stubs properly scaffolded for future implementation.The two test cases for declined transaction handling are well-structured and align with the commented-out database logic in
server/hooks/panda.ts. Usingit.todois appropriate while waiting for UI designs.server/hooks/panda.ts (2)
533-533: LGTM!The call to
handleDeclinedTransactionis correctly placed after the mutex is released, and the type cast is necessary due to TypeScript's union type handling.
988-998: LGTM!Push notification implementation properly formats the transaction details and includes error handling consistent with the rest of the codebase.
.changeset/honest-peas-stand.md (1)
1-5: LGTM!Changeset properly documents the feature addition with appropriate version bump and clear description.
aguxez
force-pushed
the
card-declined-events
branch
from
118a340 to
dc0ac8a
Compare
❌ 1 Tests Failed:
View the top 1 failed test(s) by shortest run time
To view more test analytics, go to the Prevent Tests Dashboard |
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Fix all issues with AI agents
In @server/hooks/panda.ts:
- Line 955: The function handleDeclinedTransaction currently types its first
parameter as string but should use the Address type for consistency and type
safety; change the parameter signature from account: string to account: Address
so it matches the Address value passed in callers (e.g., the call site that
supplies an Address) and update any internal uses if needed to reflect Address
methods/properties.
- Line 965: The TODO comment "// TODO: Enable once UI has proper designs to
handle declined transactions in activity" violates the guideline (no colon,
lowercase after tag); replace it with a formatted comment like "// TODO enable
once ui has proper designs to handle declined transactions in activity" — remove
the colon and make the text lowercase after the TODO tag.
In @server/test/hooks/panda.test.ts:
- Line 1390: Update the TODO comment to match the coding guideline: remove the
colon and make the text lowercase after the tag; replace the existing "// TODO:
Enable once UI has proper designs to handle declined transactions in activity"
comment with "// TODO enable once ui has proper designs to handle declined
transactions in activity" in the panda.test.ts test hook.
- Line 1352: The TODO comment currently uses a colon and mixed case; update the
comment so the tag is uppercase "TODO" followed by a single space and the rest
of the comment is lowercase with no colon or dashes (e.g., replace "// TODO:
Enable once UI has proper designs to handle declined transactions in activity"
with "// TODO enable once ui has proper designs to handle declined transactions
in activity"), leaving the comment text content otherwise intact.
📜 Review details
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (3)
.changeset/honest-peas-stand.mdserver/hooks/panda.tsserver/test/hooks/panda.test.ts
🧰 Additional context used
📓 Path-based instructions (7)
server/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/server.mdc)
server/**/*.ts: Usec.varobject to pass strongly-typed data between Hono middleware and route handlers; do not usec.set
All request validation (headers, body, params) must be handled by@hono/valibot-validatormiddleware; do not perform manual validation inside route handlers
Use Hono's built-in error handling by throwingnew HTTPException()for expected errors; unhandled errors will be caught and logged automatically
Enforce Node.js best practices using ESLintplugin:n/recommendedconfiguration
Enforce Drizzle ORM best practices using ESLintplugin:drizzle/allconfiguration, including requiringwhereclauses forupdateanddeleteoperations
Use Drizzle ORM query builder for all database interactions; do not write raw SQL queries unless absolutely unavoidable
All authentication and authorization logic must be implemented in Hono middleware
Do not accessprocess.envdirectly in application code; load all configuration and secrets once at startup and pass them through dependency injection or context
Avoid long-running, synchronous operations; useasync/awaitcorrectly and be mindful of CPU-intensive tasks to prevent blocking the event loop
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.{js,ts,tsx,jsx,sol}
📄 CodeRabbit inference engine (AGENTS.md)
Follow linter/formatter (eslint, prettier, solhint) strictly with high strictness level. No
anytype.
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Omit redundant type names in variable declarations - let the type system explain itself
**/*.{ts,tsx}: Use PascalCase for TypeScript types and interfaces
Use valibot for all runtime validation of API inputs, environment variables, and other data; define schemas once and reuse them
Infer TypeScript types from valibot schemas usingtype User = v.Input<typeof UserSchema>instead of manually defining interfaces
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx,js,jsx}: Omit contextual names - don't repeat class/module names in members
Omit meaningless words like 'data', 'state', 'manager', 'engine', 'value' from variable and function names unless they add disambiguation
**/*.{ts,tsx,js,jsx}: Prefer function declarations for all multi-line functions; use function expressions or arrow functions only for single-line implementations
Preferconstfor all variable declarations by default; only useletif the variable's value will be reassigned
Declare each variable on its own line with its ownconstorletkeyword, not multiple declarations on one line
Use camelCase for TypeScript variables and functions
Always useimport type { ... }for type imports
Use relative paths for all imports within the project; avoid tsconfig path aliases
Follow eslint-plugin-import order: react, external libraries, then relative paths
Use object and array destructuring to access and use properties
Use object method shorthand syntax when a function is a property of an object
Prefer optional chaining (?.), nullish coalescing (??), object and array spreading (...), andfor...ofloops over traditional syntax
Do not use abbreviations or cryptic names; write out full words likeerror,parameters,requestinstead oferr,params,req
UseNumber.parseInt()instead of the globalparseInt()function when parsing numbers
All classes called withnewmust use PascalCase
UseBuffer.from(),Buffer.alloc(), orBuffer.allocUnsafe()instead of the deprecatednew Buffer()
Use@ts-expect-errorinstead of@ts-ignore; follow it immediately with a single-line lowercase comment explaining why the error is expected, without separators like-or:
Do not include the type in a variable's name; let the static type system do its job (e.g., useconst user: Usernotconst userObject: User)
Do not repeat the name of a class or module within its members; omit contextual names (e.g., use `class User { getProfil...
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
server/**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
server/**/*.{ts,tsx}: Server API: implement schema-first approach using OpenAPI via hono with validation via valibot middleware
Server database: drizzle schema is source of truth. Migrations required. No direct database access in handlers - usec.var.db
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/style.mdc)
For files with a single
defaultexport, name the file identically to the export; for files with multiple exports, use camelCase with a strong preference for a single word
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/.changeset/*.md
📄 CodeRabbit inference engine (.cursor/rules/style.mdc)
Use a lowercase sentence in the imperative present tense for changeset summaries
Files:
.changeset/honest-peas-stand.md
🧠 Learnings (5)
📚 Learning: 2025-12-23T19:58:16.574Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T19:58:16.574Z
Learning: Zero config local dev environment: no `.env` files, mock all external services
Applied to files:
server/test/hooks/panda.test.ts
📚 Learning: 2025-12-31T00:23:55.034Z
Learnt from: cruzdanilo
Repo: exactly/exa PR: 610
File: .changeset/ready-experts-fly.md:1-2
Timestamp: 2025-12-31T00:23:55.034Z
Learning: In the exactly/exa repository, allow and require empty changeset files (containing only --- separators) when changes are not user-facing and do not warrant a version bump. This is needed because CI runs changeset status --since origin/main and requires a changeset file to exist. Ensure such empty changesets are used only for non-user-facing changes and document the rationale in the commit or changelog notes.
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : All code comments must be lowercase; special tags (TODO, FIXME) are uppercase followed by a single space and lowercase comment, without colons or dashes, and should include a ticket/issue reference when available
Applied to files:
server/hooks/panda.ts
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `ts-expect-error` instead of `ts-ignore`; follow it immediately with a single-line lowercase comment explaining why the error is expected, without separators like `-` or `:`
Applied to files:
server/hooks/panda.ts
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Prefer self-documenting code; avoid comments explaining 'what' the code does; comments should explain 'why' code is written a certain way
Applied to files:
server/hooks/panda.ts
🧬 Code graph analysis (2)
server/test/hooks/panda.test.ts (1)
server/database/schema.ts (1)
transactions(36-43)
server/hooks/panda.ts (1)
server/utils/onesignal.ts (1)
sendPushNotification(7-25)
🔇 Additional comments (4)
.changeset/honest-peas-stand.md (1)
1-5: LGTM!The changeset format and description follow the coding guidelines correctly. The description is lowercase, uses imperative present tense, and accurately reflects the changes.
server/hooks/panda.ts (2)
533-533: LGTM!The fire-and-forget invocation of
handleDeclinedTransactionis appropriate here and consistent with the async notification pattern used elsewhere in the codebase.
988-997: LGTM!The push notification implementation follows the fire-and-forget pattern used consistently throughout the codebase. Error handling, message formatting, and use of
localAmount/localCurrencyfor user-facing content are all correct.server/test/hooks/panda.test.ts (1)
2-2: LGTM!The import reordering is a clean organizational improvement with no functional impact.
Also applies to: 7-7
aguxez
force-pushed
the
card-declined-events
branch
3 times, most recently
from
2b6c4a8 to
64325f3
Compare
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🤖 Fix all issues with AI agents
In @.changeset/honest-peas-stand.md:
- Line 5: The changeset summary line currently includes a scope prefix
("server:") and should instead begin with a gitmoji and the message only; edit
.changeset/honest-peas-stand.md to remove the "server:" prefix and rewrite the
first line to follow the repo convention like "💥 add activity and push
notification on card decline" (use the appropriate gitmoji for the change).
In @server/hooks/panda.ts:
- Around line 955-958: The function handleDeclinedTransaction currently declares
a jsonBody parameter that is unused (only referenced in commented-out code);
remove jsonBody from the function signature to keep the signature clean and
update any call sites that pass a third argument to call
handleDeclinedTransaction(account, payload) instead; re-add the parameter later
when DB logic requires it.
- Around line 960-986: Replace the non-conforming TODO comment in
server/hooks/panda.ts (the line starting with "// TODO: Enable once UI has
proper designs to handle declined transactions in activity") with the
project-guideline format: start with uppercase "TODO", a single space, a
ticket/issue reference (e.g., "ABC-123"), then a lowercase description without
colons or dashes (for example "enable once ui has proper designs to handle
declined transactions in activity"); ensure the comment is a single line and
follows this pattern so tooling and reviewers can parse the ticket reference.
In @server/test/hooks/panda.test.ts:
- Around line 1352-1353: The TODO in the test suite (the it.todo call labeled
"inserts declined transaction with empty hashes" in
server/test/hooks/panda.test.ts) lacks a ticket/issue reference; update the TODO
comment to append a concise ticket id or issue URL (e.g., "TODO: <TICKET-1234>"
or "TODO: see ISSUE-1234") so it follows the coding guidelines and points
reviewers to the tracking item that explains when/why this test will be enabled.
- Around line 1390-1391: The test uses it.todo which is inconsistent with our
TODO format; replace the it.todo("appends body to existing transaction when
declined", async () => { ... }) with a skipped test using it.skip or add a
proper TODO comment above the test—e.g., convert the declaration to
it.skip("appends body to existing transaction when declined", async () => { /*
test body or placeholder */ }) so the test remains visible but skipped, or add a
preceding // TODO: ... comment and leave the test fully implemented/removed
accordingly; locate the occurrence by the test description string "appends body
to existing transaction when declined".
📜 Review details
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (3)
.changeset/honest-peas-stand.mdserver/hooks/panda.tsserver/test/hooks/panda.test.ts
🧰 Additional context used
📓 Path-based instructions (7)
server/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/server.mdc)
server/**/*.ts: Usec.varobject to pass strongly-typed data between Hono middleware and route handlers; do not usec.set
All request validation (headers, body, params) must be handled by@hono/valibot-validatormiddleware; do not perform manual validation inside route handlers
Use Hono's built-in error handling by throwingnew HTTPException()for expected errors; unhandled errors will be caught and logged automatically
Enforce Node.js best practices using ESLintplugin:n/recommendedconfiguration
Enforce Drizzle ORM best practices using ESLintplugin:drizzle/allconfiguration, including requiringwhereclauses forupdateanddeleteoperations
Use Drizzle ORM query builder for all database interactions; do not write raw SQL queries unless absolutely unavoidable
All authentication and authorization logic must be implemented in Hono middleware
Do not accessprocess.envdirectly in application code; load all configuration and secrets once at startup and pass them through dependency injection or context
Avoid long-running, synchronous operations; useasync/awaitcorrectly and be mindful of CPU-intensive tasks to prevent blocking the event loop
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.{js,ts,tsx,jsx,sol}
📄 CodeRabbit inference engine (AGENTS.md)
Follow linter/formatter (eslint, prettier, solhint) strictly with high strictness level. No
anytype.
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Omit redundant type names in variable declarations - let the type system explain itself
**/*.{ts,tsx}: Use PascalCase for TypeScript types and interfaces
Use valibot for all runtime validation of API inputs, environment variables, and other data; define schemas once and reuse them
Infer TypeScript types from valibot schemas usingtype User = v.Input<typeof UserSchema>instead of manually defining interfaces
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx,js,jsx}: Omit contextual names - don't repeat class/module names in members
Omit meaningless words like 'data', 'state', 'manager', 'engine', 'value' from variable and function names unless they add disambiguation
**/*.{ts,tsx,js,jsx}: Prefer function declarations for all multi-line functions; use function expressions or arrow functions only for single-line implementations
Preferconstfor all variable declarations by default; only useletif the variable's value will be reassigned
Declare each variable on its own line with its ownconstorletkeyword, not multiple declarations on one line
Use camelCase for TypeScript variables and functions
Always useimport type { ... }for type imports
Use relative paths for all imports within the project; avoid tsconfig path aliases
Follow eslint-plugin-import order: react, external libraries, then relative paths
Use object and array destructuring to access and use properties
Use object method shorthand syntax when a function is a property of an object
Prefer optional chaining (?.), nullish coalescing (??), object and array spreading (...), andfor...ofloops over traditional syntax
Do not use abbreviations or cryptic names; write out full words likeerror,parameters,requestinstead oferr,params,req
UseNumber.parseInt()instead of the globalparseInt()function when parsing numbers
All classes called withnewmust use PascalCase
UseBuffer.from(),Buffer.alloc(), orBuffer.allocUnsafe()instead of the deprecatednew Buffer()
Use@ts-expect-errorinstead of@ts-ignore; follow it immediately with a single-line lowercase comment explaining why the error is expected, without separators like-or:
Do not include the type in a variable's name; let the static type system do its job (e.g., useconst user: Usernotconst userObject: User)
Do not repeat the name of a class or module within its members; omit contextual names (e.g., use `class User { getProfil...
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
server/**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
server/**/*.{ts,tsx}: Server API: implement schema-first approach using OpenAPI via hono with validation via valibot middleware
Server database: drizzle schema is source of truth. Migrations required. No direct database access in handlers - usec.var.db
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/style.mdc)
For files with a single
defaultexport, name the file identically to the export; for files with multiple exports, use camelCase with a strong preference for a single word
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/.changeset/*.md
📄 CodeRabbit inference engine (.cursor/rules/style.mdc)
Use a lowercase sentence in the imperative present tense for changeset summaries
Files:
.changeset/honest-peas-stand.md
🧠 Learnings (5)
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : All code comments must be lowercase; special tags (TODO, FIXME) are uppercase followed by a single space and lowercase comment, without colons or dashes, and should include a ticket/issue reference when available
Applied to files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `ts-expect-error` instead of `ts-ignore`; follow it immediately with a single-line lowercase comment explaining why the error is expected, without separators like `-` or `:`
Applied to files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
📚 Learning: 2025-12-23T19:58:16.574Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T19:58:16.574Z
Learning: Zero config local dev environment: no `.env` files, mock all external services
Applied to files:
server/test/hooks/panda.test.ts
📚 Learning: 2025-12-31T00:23:55.034Z
Learnt from: cruzdanilo
Repo: exactly/exa PR: 610
File: .changeset/ready-experts-fly.md:1-2
Timestamp: 2025-12-31T00:23:55.034Z
Learning: In the exactly/exa repository, allow and require empty changeset files (containing only --- separators) when changes are not user-facing and do not warrant a version bump. This is needed because CI runs changeset status --since origin/main and requires a changeset file to exist. Ensure such empty changesets are used only for non-user-facing changes and document the rationale in the commit or changelog notes.
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2026-01-09T16:24:11.460Z
Learnt from: cruzdanilo
Repo: exactly/exa PR: 627
File: .changeset/breezy-planes-repeat.md:5-5
Timestamp: 2026-01-09T16:24:11.460Z
Learning: In the exactly/exa repository, changeset summaries in .changeset/*.md must start with a gitmoji and follow the format '<emoji> <message>' (no scope). This should mirror the commit message format '<emoji> <scope>: <message>' but omit the '<scope>:' portion. Ensure the message is clear and describes the change.
Applied to files:
.changeset/honest-peas-stand.md
🧬 Code graph analysis (2)
server/test/hooks/panda.test.ts (1)
server/database/schema.ts (1)
transactions(49-56)
server/hooks/panda.ts (2)
server/utils/onesignal.ts (1)
sendPushNotification(7-25)server/test/e2e.ts (1)
captureException(56-59)
🔇 Additional comments (5)
server/test/hooks/panda.test.ts (3)
1-7: LGTM!The mock import reordering is a reasonable organizational change.
1353-1388: Test stub implementation looks correct.The test logic properly validates that a declined transaction is inserted with empty hashes and the expected payload structure.
1391-1439: Test stub implementation looks correct.The test properly validates appending a declined status to an existing transaction.
server/hooks/panda.ts (2)
532-534: LGTM!The call to
handleDeclinedTransactionis correctly placed after mutex release in the declined status branch, and uses appropriate parameters.
988-998: Push notification implementation looks good.The notification correctly formats the declined transaction amount using locale formatting and includes the merchant name. Error handling via
.catch()withcaptureExceptionis appropriate.
aguxez
force-pushed
the
card-declined-events
branch
from
64325f3 to
b3814d0
Compare
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In @.changeset/honest-peas-stand.md:
- Line 5: Update the changeset summary line so it starts with a gitmoji and
omits the scope: remove the leading "server:" prefix from the summary and
prepend an appropriate emoji (e.g., 🔔, ✨, or 🛠️) so the line becomes "<emoji>
add activity and push notification on card decline".
In @server/hooks/panda.ts:
- Around line 955-998: The function handleDeclinedTransaction currently has an
unused jsonBody parameter (leftover from commented DB logic); either remove
jsonBody from handleDeclinedTransaction's signature and strip it from all call
sites that pass it, or if you want to preserve it for the pending feature, keep
the parameter but add a clear TODO comment inside handleDeclinedTransaction
referencing the disabled DB block and that jsonBody will be used when
re-enabling it (and mark it as intentionally unused to avoid linter warnings);
update usages accordingly referencing the handleDeclinedTransaction symbol.
📜 Review details
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (3)
.changeset/honest-peas-stand.mdserver/hooks/panda.tsserver/test/hooks/panda.test.ts
🧰 Additional context used
📓 Path-based instructions (7)
server/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/server.mdc)
server/**/*.ts: Usec.varobject to pass strongly-typed data between Hono middleware and route handlers; do not usec.set
All request validation (headers, body, params) must be handled by@hono/valibot-validatormiddleware; do not perform manual validation inside route handlers
Use Hono's built-in error handling by throwingnew HTTPException()for expected errors; unhandled errors will be caught and logged automatically
Enforce Node.js best practices using ESLintplugin:n/recommendedconfiguration
Enforce Drizzle ORM best practices using ESLintplugin:drizzle/allconfiguration, including requiringwhereclauses forupdateanddeleteoperations
Use Drizzle ORM query builder for all database interactions; do not write raw SQL queries unless absolutely unavoidable
All authentication and authorization logic must be implemented in Hono middleware
Do not accessprocess.envdirectly in application code; load all configuration and secrets once at startup and pass them through dependency injection or context
Avoid long-running, synchronous operations; useasync/awaitcorrectly and be mindful of CPU-intensive tasks to prevent blocking the event loop
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.{js,ts,tsx,jsx,sol}
📄 CodeRabbit inference engine (AGENTS.md)
Follow linter/formatter (eslint, prettier, solhint) strictly with high strictness level. No
anytype.
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Omit redundant type names in variable declarations - let the type system explain itself
**/*.{ts,tsx}: Use PascalCase for TypeScript types and interfaces
Use valibot for all runtime validation of API inputs, environment variables, and other data; define schemas once and reuse them
Infer TypeScript types from valibot schemas usingtype User = v.Input<typeof UserSchema>instead of manually defining interfaces
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx,js,jsx}: Omit contextual names - don't repeat class/module names in members
Omit meaningless words like 'data', 'state', 'manager', 'engine', 'value' from variable and function names unless they add disambiguation
**/*.{ts,tsx,js,jsx}: Prefer function declarations for all multi-line functions; use function expressions or arrow functions only for single-line implementations
Preferconstfor all variable declarations by default; only useletif the variable's value will be reassigned
Declare each variable on its own line with its ownconstorletkeyword, not multiple declarations on one line
Use camelCase for TypeScript variables and functions
Always useimport type { ... }for type imports
Use relative paths for all imports within the project; avoid tsconfig path aliases
Follow eslint-plugin-import order: react, external libraries, then relative paths
Use object and array destructuring to access and use properties
Use object method shorthand syntax when a function is a property of an object
Prefer optional chaining (?.), nullish coalescing (??), object and array spreading (...), andfor...ofloops over traditional syntax
Do not use abbreviations or cryptic names; write out full words likeerror,parameters,requestinstead oferr,params,req
UseNumber.parseInt()instead of the globalparseInt()function when parsing numbers
All classes called withnewmust use PascalCase
UseBuffer.from(),Buffer.alloc(), orBuffer.allocUnsafe()instead of the deprecatednew Buffer()
Use@ts-expect-errorinstead of@ts-ignore; follow it immediately with a single-line lowercase comment explaining why the error is expected, without separators like-or:
Do not include the type in a variable's name; let the static type system do its job (e.g., useconst user: Usernotconst userObject: User)
Do not repeat the name of a class or module within its members; omit contextual names (e.g., use `class User { getProfil...
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
server/**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
server/**/*.{ts,tsx}: Server API: implement schema-first approach using OpenAPI via hono with validation via valibot middleware
Server database: drizzle schema is source of truth. Migrations required. No direct database access in handlers - usec.var.db
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/style.mdc)
For files with a single
defaultexport, name the file identically to the export; for files with multiple exports, use camelCase with a strong preference for a single word
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/.changeset/*.md
📄 CodeRabbit inference engine (.cursor/rules/style.mdc)
Use a lowercase sentence in the imperative present tense for changeset summaries
Files:
.changeset/honest-peas-stand.md
🧠 Learnings (11)
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : All code comments must be lowercase; special tags (TODO, FIXME) are uppercase followed by a single space and lowercase comment, without colons or dashes, and should include a ticket/issue reference when available
Applied to files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `ts-expect-error` instead of `ts-ignore`; follow it immediately with a single-line lowercase comment explaining why the error is expected, without separators like `-` or `:`
Applied to files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Prefer self-documenting code; avoid comments explaining 'what' the code does; comments should explain 'why' code is written a certain way
Applied to files:
server/test/hooks/panda.test.ts
📚 Learning: 2025-12-23T19:58:16.574Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T19:58:16.574Z
Learning: Zero config local dev environment: no `.env` files, mock all external services
Applied to files:
server/test/hooks/panda.test.ts
📚 Learning: 2025-12-31T00:23:55.034Z
Learnt from: cruzdanilo
Repo: exactly/exa PR: 610
File: .changeset/ready-experts-fly.md:1-2
Timestamp: 2025-12-31T00:23:55.034Z
Learning: In the exactly/exa repository, allow and require empty changeset files (containing only --- separators) when changes are not user-facing and do not warrant a version bump. This is needed because CI runs changeset status --since origin/main and requires a changeset file to exist. Ensure such empty changesets are used only for non-user-facing changes and document the rationale in the commit or changelog notes.
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2026-01-09T16:24:11.460Z
Learnt from: cruzdanilo
Repo: exactly/exa PR: 627
File: .changeset/breezy-planes-repeat.md:5-5
Timestamp: 2026-01-09T16:24:11.460Z
Learning: In the exactly/exa repository, changeset summaries in .changeset/*.md must start with a gitmoji and follow the format '<emoji> <message>' (no scope). This should mirror the commit message format '<emoji> <scope>: <message>' but omit the '<scope>:' portion. Ensure the message is clear and describes the change.
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/.changeset/*.md : Use a lowercase sentence in the imperative present tense for changeset summaries
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:58:16.574Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T19:58:16.574Z
Learning: Use gitmoji format for commits: `<emoji> <scope>: <message>` with scopes: `app`, `server`, `contracts`, `common`, `docs`
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:57:14.465Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-12-23T19:57:14.465Z
Learning: Select the most precise gitmoji that best communicates the intent of the change (e.g., ✨ for new feature, 🐛 for bug fix, ♻️ for refactoring, ⚡️ for performance improvement, 📝 for documentation, 🚀 for deployment)
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:57:14.465Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-12-23T19:57:14.465Z
Learning: All commit messages must strictly adhere to the format: `<emoji> <scope>: <message>` where emoji is a gitmoji unicode character, scope is a mandatory short name (app, server, contracts, docs, common, dependencies, github, config, or repo), and message is a short lowercase description
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:57:14.465Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-12-23T19:57:14.465Z
Learning: All commits must start with a single gitmoji from the official gitmoji list; this is not optional and the emoji visually communicates the intent of the change
Applied to files:
.changeset/honest-peas-stand.md
🧬 Code graph analysis (2)
server/test/hooks/panda.test.ts (1)
server/database/schema.ts (1)
transactions(49-56)
server/hooks/panda.ts (2)
server/utils/onesignal.ts (1)
sendPushNotification(7-25)server/test/e2e.ts (1)
captureException(57-60)
🔇 Additional comments (6)
server/test/hooks/panda.test.ts (3)
1352-1388: Test expectation may not align with commented-out implementation.The test expects
hashes: [](line 1382), but the commented-out implementation inserver/hooks/panda.ts(line 980) useshashes: [zeroHash]. When the feature is enabled, ensure the test expectation matches the actual implementation.
2-7: LGTM!Import ordering is correct with mocks properly initialized before other imports.
1390-1439: LGTM!The test stub for appending declined status to existing transactions is well-structured and follows the established patterns in the file.
server/hooks/panda.ts (3)
960-986: TODO comment properly formatted.The TODO comment follows the coding guidelines (uppercase TODO followed by lowercase message). Consider adding a ticket/issue reference to track when this will be enabled.
988-997: LGTM!The push notification implementation follows the established pattern in the codebase, with proper error handling via
.catch()andcaptureException. The notification content is user-friendly and includes relevant transaction details.
532-534: LGTM!The call to
handleDeclinedTransactionis correctly placed after the mutex is released, ensuring the notification is sent for declined transactions.
aguxez
force-pushed
the
card-declined-events
branch
from
b3814d0 to
8c11c8c
Compare
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Fix all issues with AI agents
In @.changeset/honest-peas-stand.md:
- Line 5: Edit the changeset summary line in .changeset/honest-peas-stand.md to
remove the "server:" scope prefix and prepend a gitmoji, e.g., change "server:
add activity and push notification on card decline" to start with an emoji
followed by the message without scope (for example "🔔 add activity and push
notification on card decline").
In @server/hooks/panda.ts:
- Around line 960-986: Remove the large commented-out transaction handling block
(the dead code referencing transactions, txId, spend, getCreatedAt,
TransactionPayload, and zeroHash) and either delete it entirely or move it into
a separate reference file or design doc (e.g., a new file under docs/ or a gist)
so the main codebase remains clean; also update the inline TODO comment to
follow the project's TODO convention (change "TODO: Enable once UI..." to "TODO
Enable once UI has proper designs to handle declined transactions in activity")
so the intent is preserved without leaving commented implementation in
server/hooks/panda.ts.
- Around line 955-958: Update handleDeclinedTransaction to use consistent types
and either remove or rename the unused third parameter: change the type of the
first parameter from string to Address to match callers (i.e., account:
Address), and either drop the unused third parameter entirely or rename it to
_jsonBody (and add a comment) if it’s intentionally reserved for future use;
keep the existing early-return logic and references to txId/spend intact.
In @server/test/hooks/panda.test.ts:
- Around line 1390-1439: In the it.todo test "appends body to existing
transaction when declined" the two inline comments ("First create a pending
transaction" and "Then update it as declined") start with capital letters;
change them to lowercase (e.g., "first create a pending transaction" and "then
update it as declined") so all code comments follow the lowercase guideline
inside the test block for the function/test named "appends body to existing
transaction when declined".
📜 Review details
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (3)
.changeset/honest-peas-stand.mdserver/hooks/panda.tsserver/test/hooks/panda.test.ts
🧰 Additional context used
📓 Path-based instructions (7)
server/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/server.mdc)
server/**/*.ts: Usec.varobject to pass strongly-typed data between Hono middleware and route handlers; do not usec.set
All request validation (headers, body, params) must be handled by@hono/valibot-validatormiddleware; do not perform manual validation inside route handlers
Use Hono's built-in error handling by throwingnew HTTPException()for expected errors; unhandled errors will be caught and logged automatically
Enforce Node.js best practices using ESLintplugin:n/recommendedconfiguration
Enforce Drizzle ORM best practices using ESLintplugin:drizzle/allconfiguration, including requiringwhereclauses forupdateanddeleteoperations
Use Drizzle ORM query builder for all database interactions; do not write raw SQL queries unless absolutely unavoidable
All authentication and authorization logic must be implemented in Hono middleware
Do not accessprocess.envdirectly in application code; load all configuration and secrets once at startup and pass them through dependency injection or context
Avoid long-running, synchronous operations; useasync/awaitcorrectly and be mindful of CPU-intensive tasks to prevent blocking the event loop
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.{js,ts,tsx,jsx,sol}
📄 CodeRabbit inference engine (AGENTS.md)
Follow linter/formatter (eslint, prettier, solhint) strictly with high strictness level. No
anytype.
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Omit redundant type names in variable declarations - let the type system explain itself
**/*.{ts,tsx}: Use PascalCase for TypeScript types and interfaces
Use valibot for all runtime validation of API inputs, environment variables, and other data; define schemas once and reuse them
Infer TypeScript types from valibot schemas usingtype User = v.Input<typeof UserSchema>instead of manually defining interfaces
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx,js,jsx}: Omit contextual names - don't repeat class/module names in members
Omit meaningless words like 'data', 'state', 'manager', 'engine', 'value' from variable and function names unless they add disambiguation
**/*.{ts,tsx,js,jsx}: Prefer function declarations for all multi-line functions; use function expressions or arrow functions only for single-line implementations
Preferconstfor all variable declarations by default; only useletif the variable's value will be reassigned
Declare each variable on its own line with its ownconstorletkeyword, not multiple declarations on one line
Use camelCase for TypeScript variables and functions
Always useimport type { ... }for type imports
Use relative paths for all imports within the project; avoid tsconfig path aliases
Follow eslint-plugin-import order: react, external libraries, then relative paths
Use object and array destructuring to access and use properties
Use object method shorthand syntax when a function is a property of an object
Prefer optional chaining (?.), nullish coalescing (??), object and array spreading (...), andfor...ofloops over traditional syntax
Do not use abbreviations or cryptic names; write out full words likeerror,parameters,requestinstead oferr,params,req
UseNumber.parseInt()instead of the globalparseInt()function when parsing numbers
All classes called withnewmust use PascalCase
UseBuffer.from(),Buffer.alloc(), orBuffer.allocUnsafe()instead of the deprecatednew Buffer()
Use@ts-expect-errorinstead of@ts-ignore; follow it immediately with a single-line lowercase comment explaining why the error is expected, without separators like-or:
Do not include the type in a variable's name; let the static type system do its job (e.g., useconst user: Usernotconst userObject: User)
Do not repeat the name of a class or module within its members; omit contextual names (e.g., use `class User { getProfil...
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
server/**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
server/**/*.{ts,tsx}: Server API: implement schema-first approach using OpenAPI via hono with validation via valibot middleware
Server database: drizzle schema is source of truth. Migrations required. No direct database access in handlers - usec.var.db
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/style.mdc)
For files with a single
defaultexport, name the file identically to the export; for files with multiple exports, use camelCase with a strong preference for a single word
Files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
**/.changeset/*.md
📄 CodeRabbit inference engine (.cursor/rules/style.mdc)
Use a lowercase sentence in the imperative present tense for changeset summaries
Files:
.changeset/honest-peas-stand.md
🧠 Learnings (12)
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : All code comments must be lowercase; special tags (TODO, FIXME) are uppercase followed by a single space and lowercase comment, without colons or dashes, and should include a ticket/issue reference when available
Applied to files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `ts-expect-error` instead of `ts-ignore`; follow it immediately with a single-line lowercase comment explaining why the error is expected, without separators like `-` or `:`
Applied to files:
server/test/hooks/panda.test.tsserver/hooks/panda.ts
📚 Learning: 2025-12-23T19:58:16.574Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T19:58:16.574Z
Learning: Zero config local dev environment: no `.env` files, mock all external services
Applied to files:
server/test/hooks/panda.test.ts
📚 Learning: 2025-12-31T00:23:55.034Z
Learnt from: cruzdanilo
Repo: exactly/exa PR: 610
File: .changeset/ready-experts-fly.md:1-2
Timestamp: 2025-12-31T00:23:55.034Z
Learning: In the exactly/exa repository, allow and require empty changeset files (containing only --- separators) when changes are not user-facing and do not warrant a version bump. This is needed because CI runs changeset status --since origin/main and requires a changeset file to exist. Ensure such empty changesets are used only for non-user-facing changes and document the rationale in the commit or changelog notes.
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2026-01-09T16:24:11.460Z
Learnt from: cruzdanilo
Repo: exactly/exa PR: 627
File: .changeset/breezy-planes-repeat.md:5-5
Timestamp: 2026-01-09T16:24:11.460Z
Learning: In the exactly/exa repository, changeset summaries in .changeset/*.md must start with a gitmoji and follow the format '<emoji> <message>' (no scope). This should mirror the commit message format '<emoji> <scope>: <message>' but omit the '<scope>:' portion. Ensure the message is clear and describes the change.
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:58:16.574Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T19:58:16.574Z
Learning: Use gitmoji format for commits: `<emoji> <scope>: <message>` with scopes: `app`, `server`, `contracts`, `common`, `docs`
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:57:14.465Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-12-23T19:57:14.465Z
Learning: All commit messages must strictly adhere to the format: `<emoji> <scope>: <message>` where emoji is a gitmoji unicode character, scope is a mandatory short name (app, server, contracts, docs, common, dependencies, github, config, or repo), and message is a short lowercase description
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:57:14.465Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-12-23T19:57:14.465Z
Learning: Select the most precise gitmoji that best communicates the intent of the change (e.g., ✨ for new feature, 🐛 for bug fix, ♻️ for refactoring, ⚡️ for performance improvement, 📝 for documentation, 🚀 for deployment)
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/.changeset/*.md : Use a lowercase sentence in the imperative present tense for changeset summaries
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:57:14.465Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-12-23T19:57:14.465Z
Learning: All commits must start with a single gitmoji from the official gitmoji list; this is not optional and the emoji visually communicates the intent of the change
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:57:14.465Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-12-23T19:57:14.465Z
Learning: Do not use conventional commit prefixes like `feat:`, `fix:`, or `docs(...)`; do not use title case or sentence case in the commit subject line; do not create commits without a scope
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:57:14.465Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-12-23T19:57:14.465Z
Learning: Every commit must have a scope; scope must be in lowercase and must be one of: app, server, contracts, docs, common, dependencies, github, config, or repo
Applied to files:
.changeset/honest-peas-stand.md
🧬 Code graph analysis (2)
server/test/hooks/panda.test.ts (1)
server/database/schema.ts (1)
transactions(49-56)
server/hooks/panda.ts (2)
server/utils/onesignal.ts (1)
sendPushNotification(7-25)server/test/e2e.ts (1)
captureException(57-60)
🔇 Additional comments (4)
server/test/hooks/panda.test.ts (2)
1-7: LGTM!The import additions and reordering for mocks are appropriate for the new test coverage being scaffolded.
1352-1388: LGTM!The
it.todo()test stub for inserting declined transactions with empty hashes is well-structured. The TODO comment correctly follows the format with uppercaseTODOfollowed by a lowercase explanation.server/hooks/panda.ts (2)
532-534: LGTM!The placement of
handleDeclinedTransactionafter mutex release is correct, ensuring the mutex is freed before processing the declined notification flow.
988-997: Push notification implementation looks correct.The fire-and-forget pattern with
.catch()for error handling is consistent with othersendPushNotificationcalls in this file. The notification content appropriately formats the declined transaction details.
aguxez
force-pushed
the
card-declined-events
branch
from
8c11c8c to
77c26c2
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@server/hooks/panda.ts`:
- Around line 532-534: Make the "fire-and-forget" intent explicit by prefixing
the call with void — change the invocation to void
handleDeclinedTransaction(account, payload as v.InferOutput<typeof Transaction>,
jsonBody); and ensure handleDeclinedTransaction itself cannot throw
synchronously or propagate rejections by wrapping its internal logic in a
try/catch (or returning Promise.resolve().then(() => { ... }).catch(() => {/*
swallow/log error */})), so any errors are handled internally and the caller
remains non-blocking and non-throwing.
♻️ Duplicate comments (5)
server/test/hooks/panda.test.ts (2)
1350-1386: Fix TODO comment format + align “hashes” expectation with intended implementation.
- TODO comment violates repo guidelines (colon + mixed case + no ticket ref). Based on learnings, TODO should be
TODO <ticket> <lowercase message>(no colon).- This test expects
hashes: [], but the (currently commented) intended insert path inserver/hooks/panda.tsuseshashes: [zeroHash]. Either change the test expectation or change the intended DB write behavior.Proposed fix
- // TODO: Enable once UI has proper designs to handle declined transactions in activity + // TODO EXA-XXXX enable once ui has proper designs to handle declined transactions in activity @@ - expect(transaction).toMatchObject({ + expect(transaction).toMatchObject({ id: txId, cardId, - hashes: [], + hashes: [zeroHash], payload: { type: "panda", bodies: [{ action: "created", body: { spend: { status: "declined" } } }], }, });
1388-1437: Fix TODO/comment casing; considerit.skip(...)instead ofit.todo(...)once behavior is defined.
- Same TODO format issue as above (colon + mixed case + no ticket ref). Based on learnings, keep it lowercase after
TODOand add a tracking reference.- Inline comments should be lowercase per guidelines.
Proposed fix
- // TODO: Enable once UI has proper designs to handle declined transactions in activity + // TODO EXA-XXXX enable once ui has proper designs to handle declined transactions in activity @@ - // First create a pending transaction + // first create a pending transaction @@ - // Then update it as declined + // then update it as declinedserver/hooks/panda.ts (2)
955-998: Prevent webhook crashes:toLocaleString(..., { currency })can throw for invalid currency codes.
(spend.localAmount / 100).toLocaleString(... { style: "currency", currency: spend.localCurrency })may throw a synchronousRangeErrorfor unsupported/invalid currency codes; because it happens before the promise exists, your.catch(...)won’t run and the handler can fail mid-flight.Proposed fix
function handleDeclinedTransaction(account: string, payload: v.InferOutput<typeof Transaction>, _: unknown) { if (payload.action === "requested" || payload.action === "completed") return; const { id: txId, spend } = payload.body; if (!txId) return; + let formattedAmount = `${spend.localAmount / 100} ${spend.localCurrency}`; + try { + formattedAmount = (spend.localAmount / 100).toLocaleString(undefined, { + style: "currency", + currency: spend.localCurrency.toUpperCase(), + }); + } catch (error: unknown) { + captureException(error, { level: "warning" }); + } + sendPushNotification({ userId: account, headings: { en: "Exa Card purchase rejected" }, contents: { - en: `Transaction declined: ${(spend.localAmount / 100).toLocaleString(undefined, { - style: "currency", - currency: spend.localCurrency, - })} at ${spend.merchantName.trim()}`, + en: `Transaction declined: ${formattedAmount} at ${spend.merchantName.trim()}`, }, }).catch((error: unknown) => captureException(error, { level: "error" })); }
955-987: Fix type mismatch + remove/comment-in the disabled DB “activity” block (and fix TODO format).
handleDeclinedTransaction(account: string, ...): call site passesAddress— useAddressfor consistency.- The large commented-out DB write block is dead code (and the TODO format violates guidelines: colon + mixed case). Prefer deleting it and tracking in an issue, or re-enabling behind a real flag.
- As-is, the PR/changeset claims “activity”, but this block means activity is not actually shipped yet.
Proposed fix
-function handleDeclinedTransaction(account: string, payload: v.InferOutput<typeof Transaction>, _: unknown) { +function handleDeclinedTransaction(account: Address, payload: v.InferOutput<typeof Transaction>) { if (payload.action === "requested" || payload.action === "completed") return; const { id: txId, spend } = payload.body; if (!txId) return; - // const tx = await database.query.transactions.findFirst({ - // where: and(eq(transactions.id, txId), eq(transactions.cardId, spend.cardId)), - // }); - // const createdAt = getCreatedAt(payload) ?? new Date().toISOString(); - // const body = { ...(jsonBody as object), createdAt }; - // TODO: Enable once UI has proper designs to handle declined transactions in activity - // await (tx - // ? database - // .update(transactions) - // .set({ - // payload: { - // ...(tx.payload as object), - // bodies: [...v.parse(TransactionPayload, tx.payload).bodies, body], - // }, - // }) - // .where(and(eq(transactions.id, txId), eq(transactions.cardId, spend.cardId))) - // : database.insert(transactions).values([ - // { - // id: txId, - // cardId: spend.cardId, - // hashes: [zeroHash], - // payload: { - // bodies: [body], - // type: "panda", - // }, - // }, - // ])); + // TODO EXA-XXXX add declined-transaction activity once ui supports it.changeset/honest-peas-stand.md (1)
1-5: Fix changeset summary format (gitmoji + no scope) and avoid claiming “activity” until it ships.Based on learnings, changeset summaries must start with a gitmoji (unicode) and must not include
server:. Also, “activity” is currently not enabled inserver/hooks/panda.ts, so the summary should not claim it yet.Proposed fix
-server: add activity and push notification on card decline +<gitmoji> add push notification on card decline
📜 Review details
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (3)
.changeset/honest-peas-stand.mdserver/hooks/panda.tsserver/test/hooks/panda.test.ts
🧰 Additional context used
📓 Path-based instructions (7)
server/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/server.mdc)
server/**/*.ts: Usec.varobject to pass strongly-typed data between Hono middleware and route handlers; do not usec.set
All request validation (headers, body, params) must be handled by@hono/valibot-validatormiddleware; do not perform manual validation inside route handlers
Use Hono's built-in error handling by throwingnew HTTPException()for expected errors; unhandled errors will be caught and logged automatically
Enforce Node.js best practices using ESLintplugin:n/recommendedconfiguration
Enforce Drizzle ORM best practices using ESLintplugin:drizzle/allconfiguration, including requiringwhereclauses forupdateanddeleteoperations
Use Drizzle ORM query builder for all database interactions; do not write raw SQL queries unless absolutely unavoidable
All authentication and authorization logic must be implemented in Hono middleware
Do not accessprocess.envdirectly in application code; load all configuration and secrets once at startup and pass them through dependency injection or context
Avoid long-running, synchronous operations; useasync/awaitcorrectly and be mindful of CPU-intensive tasks to prevent blocking the event loop
Files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
**/*.{js,ts,tsx,jsx,sol}
📄 CodeRabbit inference engine (AGENTS.md)
Follow linter/formatter (eslint, prettier, solhint) strictly with high strictness level. No
anytype.
Files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Omit redundant type names in variable declarations - let the type system explain itself
**/*.{ts,tsx}: Use PascalCase for TypeScript types and interfaces
Use valibot for all runtime validation of API inputs, environment variables, and other data; define schemas once and reuse them
Infer TypeScript types from valibot schemas usingtype User = v.Input<typeof UserSchema>instead of manually defining interfaces
Files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx,js,jsx}: Omit contextual names - don't repeat class/module names in members
Omit meaningless words like 'data', 'state', 'manager', 'engine', 'value' from variable and function names unless they add disambiguation
**/*.{ts,tsx,js,jsx}: Prefer function declarations for all multi-line functions; use function expressions or arrow functions only for single-line implementations
Preferconstfor all variable declarations by default; only useletif the variable's value will be reassigned
Declare each variable on its own line with its ownconstorletkeyword, not multiple declarations on one line
Use camelCase for TypeScript variables and functions
Always useimport type { ... }for type imports
Use relative paths for all imports within the project; avoid tsconfig path aliases
Follow eslint-plugin-import order: react, external libraries, then relative paths
Use object and array destructuring to access and use properties
Use object method shorthand syntax when a function is a property of an object
Prefer optional chaining (?.), nullish coalescing (??), object and array spreading (...), andfor...ofloops over traditional syntax
Do not use abbreviations or cryptic names; write out full words likeerror,parameters,requestinstead oferr,params,req
UseNumber.parseInt()instead of the globalparseInt()function when parsing numbers
All classes called withnewmust use PascalCase
UseBuffer.from(),Buffer.alloc(), orBuffer.allocUnsafe()instead of the deprecatednew Buffer()
Use@ts-expect-errorinstead of@ts-ignore; follow it immediately with a single-line lowercase comment explaining why the error is expected, without separators like-or:
Do not include the type in a variable's name; let the static type system do its job (e.g., useconst user: Usernotconst userObject: User)
Do not repeat the name of a class or module within its members; omit contextual names (e.g., use `class User { getProfil...
Files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
server/**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
server/**/*.{ts,tsx}: Server API: implement schema-first approach using OpenAPI via hono with validation via valibot middleware
Server database: drizzle schema is source of truth. Migrations required. No direct database access in handlers - usec.var.db
Files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/style.mdc)
For files with a single
defaultexport, name the file identically to the export; for files with multiple exports, use camelCase with a strong preference for a single word
Files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
**/.changeset/*.md
📄 CodeRabbit inference engine (.cursor/rules/style.mdc)
Use a lowercase sentence in the imperative present tense for changeset summaries
Files:
.changeset/honest-peas-stand.md
🧠 Learnings (14)
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : All code comments must be lowercase; special tags (TODO, FIXME) are uppercase followed by a single space and lowercase comment, without colons or dashes, and should include a ticket/issue reference when available
Applied to files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `ts-expect-error` instead of `ts-ignore`; follow it immediately with a single-line lowercase comment explaining why the error is expected, without separators like `-` or `:`
Applied to files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Prefer self-documenting code; avoid comments explaining 'what' the code does; comments should explain 'why' code is written a certain way
Applied to files:
server/hooks/panda.tsserver/test/hooks/panda.test.ts
📚 Learning: 2025-12-23T19:57:22.339Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/markdown.mdc:0-0
Timestamp: 2025-12-23T19:57:22.339Z
Learning: Applies to **/*.md : All code comments must be lowercase
Applied to files:
server/test/hooks/panda.test.ts
📚 Learning: 2025-12-23T19:58:16.574Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T19:58:16.574Z
Learning: All internal documentation and commit messages must be lowercase
Applied to files:
server/test/hooks/panda.test.ts
📚 Learning: 2025-12-23T19:56:43.683Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/contracts.mdc:0-0
Timestamp: 2025-12-23T19:56:43.683Z
Learning: Applies to contracts/**/*.t.sol : Test functions must start with 'test' and use descriptive names explaining the scenario (e.g., test_revert_when_caller_is_not_owner())
Applied to files:
server/test/hooks/panda.test.ts
📚 Learning: 2025-12-23T19:58:16.574Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T19:58:16.574Z
Learning: Zero config local dev environment: no `.env` files, mock all external services
Applied to files:
server/test/hooks/panda.test.ts
📚 Learning: 2025-12-31T00:23:55.034Z
Learnt from: cruzdanilo
Repo: exactly/exa PR: 610
File: .changeset/ready-experts-fly.md:1-2
Timestamp: 2025-12-31T00:23:55.034Z
Learning: In the exactly/exa repository, allow and require empty changeset files (containing only --- separators) when changes are not user-facing and do not warrant a version bump. This is needed because CI runs changeset status --since origin/main and requires a changeset file to exist. Ensure such empty changesets are used only for non-user-facing changes and document the rationale in the commit or changelog notes.
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2026-01-09T16:24:11.460Z
Learnt from: cruzdanilo
Repo: exactly/exa PR: 627
File: .changeset/breezy-planes-repeat.md:5-5
Timestamp: 2026-01-09T16:24:11.460Z
Learning: In the exactly/exa repository, changeset summaries in .changeset/*.md must start with a gitmoji and follow the format '<emoji> <message>' (no scope). This should mirror the commit message format '<emoji> <scope>: <message>' but omit the '<scope>:' portion. Ensure the message is clear and describes the change.
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:58:16.574Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T19:58:16.574Z
Learning: Use gitmoji format for commits: `<emoji> <scope>: <message>` with scopes: `app`, `server`, `contracts`, `common`, `docs`
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:57:14.465Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-12-23T19:57:14.465Z
Learning: All commit messages must strictly adhere to the format: `<emoji> <scope>: <message>` where emoji is a gitmoji unicode character, scope is a mandatory short name (app, server, contracts, docs, common, dependencies, github, config, or repo), and message is a short lowercase description
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:57:14.465Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-12-23T19:57:14.465Z
Learning: Select the most precise gitmoji that best communicates the intent of the change (e.g., ✨ for new feature, 🐛 for bug fix, ♻️ for refactoring, ⚡️ for performance improvement, 📝 for documentation, 🚀 for deployment)
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-30T15:03:28.449Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/style.mdc:0-0
Timestamp: 2025-12-30T15:03:28.449Z
Learning: Applies to **/.changeset/*.md : Use a lowercase sentence in the imperative present tense for changeset summaries
Applied to files:
.changeset/honest-peas-stand.md
📚 Learning: 2025-12-23T19:57:14.465Z
Learnt from: CR
Repo: exactly/exa PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-12-23T19:57:14.465Z
Learning: All commits must start with a single gitmoji from the official gitmoji list; this is not optional and the emoji visually communicates the intent of the change
Applied to files:
.changeset/honest-peas-stand.md
🧬 Code graph analysis (1)
server/hooks/panda.ts (2)
server/utils/onesignal.ts (1)
sendPushNotification(7-25)server/test/e2e.ts (1)
captureException(58-61)
🔇 Additional comments (1)
server/test/hooks/panda.test.ts (1)
1-7: Mock import order looks safe.Side-effect mock imports still run before
appis imported, so module mocking should apply as intended.
✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.
aguxez
force-pushed
the
card-declined-events
branch
2 times, most recently
from
98e690f to
a16d92d
Compare
aguxez
force-pushed
the
card-declined-events
branch
from
a16d92d to
685fbf3
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@server/hooks/panda.ts`:
- Around line 963-966: Rename the abbreviated identifier txId to transactionId
for clarity wherever it's introduced and used in this block: change "const { id:
txId, spend } = payload.body;" to destructure into transactionId (e.g., "const {
id: transactionId, spend } = payload.body;") and update all subsequent
references of txId in this scope to transactionId (including the early return
check "if (!transactionId) return;"). Ensure variable name changes preserve
behavior and any surrounding logic that references txId (in functions, logs, or
conditionals) is updated to the new transactionId identifier.
♻️ Duplicate comments (3)
server/hooks/panda.ts (1)
967-994: Normalize TODO format and avoid keeping a large commented-out block.The TODO line uses a colon and uppercase text. Also, keeping a long commented-out implementation invites drift—consider moving it to a doc/issue or removing until it’s ready. As per coding guidelines, ...
🔧 Suggested TODO format fix
- // TODO: Enable once UI has proper designs to handle declined transactions in activity + // TODO enable once ui has proper designs to handle declined transactions in activityserver/test/hooks/panda.test.ts (2)
1351-1352: Update TODO comments to the required format (and add a ticket if available).The TODOs use a colon and mixed case; update them to “TODO ”. As per coding guidelines, ...
🔧 Suggested fix
- // TODO: Enable once UI has proper designs to handle declined transactions in activity + // TODO enable once ui has proper designs to handle declined transactions in activity- // TODO: Enable once UI has proper designs to handle declined transactions in activity + // TODO enable once ui has proper designs to handle declined transactions in activityAlso applies to: 1389-1390
1377-1384: Align declined-transaction hash expectations with the intended placeholder.This test expects
hashes: [], while the planned declined insert path useszeroHash. Please align the expectation with the intended behavior before enabling the test.🔧 If zeroHash is the intended placeholder
- hashes: [], + hashes: [zeroHash],
aguxez
force-pushed
the
card-declined-events
branch
from
685fbf3 to
4bcf82f
Compare
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In `@server/hooks/panda.ts`:
- Around line 957-994: The decline activity persistence was commented out in
handleDeclinedTransaction; restore and enable it by making
handleDeclinedTransaction async, reintroducing the transactions lookup (const tx
= await database.query.transactions.findFirst(...) matching transactionId and
spend.cardId), compute createdAt with getCreatedAt(payload) ?? new
Date().toISOString(), build body from _jsonBody (cast to object) plus createdAt,
then re-enable the upsert logic that uses database.update(...) when tx exists
(merging bodies via v.parse(TransactionPayload, tx.payload).bodies) or
database.insert(transactions).values([...]) when not, and keep the existing push
notification; ensure any referenced symbols (handleDeclinedTransaction,
transactions, database.update, database.insert, TransactionPayload,
getCreatedAt, zeroHash) are imported/available and adjust variable names (use
_jsonBody) and error handling as needed.
In `@server/test/hooks/panda.test.ts`:
- Around line 1354-1355: Rename the abbreviated variable txId to the full
transactionId across this test file: replace the declaration const txId =
"declined-tx-insert"; and all its usages (including the other occurrences
referenced around the later block) with const transactionId =
"declined-tx-insert"; and update any assertions, mocks, helper calls, or test
setup that reference txId so names remain consistent (e.g., in
functions/variables that accept transactionId).
♻️ Duplicate comments (1)
server/test/hooks/panda.test.ts (1)
1351-1352: Fix TODO format and include the issue reference.These TODOs should be lowercase after the tag, without a colon, and include the tracking issue. As per coding guidelines, ...
📝 Proposed fix
- // TODO: Enable once UI has proper designs to handle declined transactions in activity + // TODO `#114` enable once ui has proper designs to handle declined transactions in activity- // TODO: Enable once UI has proper designs to handle declined transactions in activity + // TODO `#114` enable once ui has proper designs to handle declined transactions in activityAlso applies to: 1389-1390
aguxez
force-pushed
the
card-declined-events
branch
from
4bcf82f to
bbacd86
Compare
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
cruzdanilo
force-pushed
the
main
branch
4 times, most recently
from
d4d2407 to
5d070cb
Compare
aguxez
force-pushed
the
card-declined-events
branch
from
32f9dbc to
55cd33f
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@server/test/api/activity.test.ts`:
- Around line 188-191: The eslint-disable annotation on the
expect(...toMatchObject(...)) line is verbose and uses uppercase; replace the
inline comment "// eslint-disable-next-line prefer-structured-clone -- need to
simulate JSON serialization removing undefined values" with a concise, lowercase
annotation such as "// eslint-disable-next-line prefer-structured-clone" (or, if
tooling requires a short note, use a one-phrase lowercase note like "//
eslint-disable-next-line prefer-structured-clone -- simulate json"), and apply
the same concise change to the other occurrences mentioned (the block around the
expect at lines 214-217).
55cd33f to
317150f
Compare
aguxez
force-pushed
the
card-declined-events
branch
3 times, most recently
from
d7e35f9 to
32fd57d
Compare
cruzdanilo
force-pushed
the
main
branch
2 times, most recently
from
71c073f to
d84de4f
Compare
There was a problem hiding this comment.
Actionable comments posted: 7
🤖 Fix all issues with AI agents
In @.agent/skills/agent-browser/references/commands.md:
- Around line 1-5: Add a cspell ignore directive at the top of the commands
reference to suppress spellcheck errors for known command tokens; specifically
insert a line like "cspell:ignore" followed by the command keywords used in this
file (e.g., any tokens under the "command reference" and "## navigation"
sections) so the spellchecker ignores them, and ensure the directive appears
before the first header so it applies to the whole document.
In @.agent/skills/agent-browser/references/proxy-support.md:
- Around line 1-4: Update the intro line to hyphenate the compound adjective(s):
change "rate limiting avoidance" to "rate-limiting avoidance" in the sentence
containing "proxy configuration for geo-testing, rate limiting avoidance, and
corporate environments." Ensure the modified phrase uses "rate-limiting" so the
compound adjective is clear.
In @.agent/skills/agent-browser/templates/authenticated-session.sh:
- Around line 20-66: Add a cleanup trap at the top of the script so the browser
is always closed on any exit path: register a trap on EXIT (and optionally ERR)
that calls "agent-browser close" to ensure the browser is closed even when the
saved-session fast path in the STATE_FILE branch triggers an early exit; place
the trap before any "agent-browser open" or the saved-state check so it runs for
both fast-path (where CURRENT_URL leads to exit 0) and full login flows, and
ensure the trap is idempotent/safe if the browser is not open.
In @.agent/skills/agent-browser/templates/capture-workflow.sh:
- Around line 14-66: Add an EXIT trap to always run cleanup so the browser
session is closed on any exit: define a small cleanup function that calls
"agent-browser close" (and tolerates failures, e.g., ignore errors) and register
it with "trap cleanup EXIT" right after the set -euo pipefail / variable setup;
ensure you reference the existing agent-browser close command so it runs on
normal exit and on errors.
In @.agent/skills/agent-browser/templates/form-automation.sh:
- Around line 14-61: Add an EXIT trap that always attempts to close the browser
session so agent-browser isn't left orphaned when the script exits; define a
small cleanup function (e.g., cleanup) that checks/attempts to run
"agent-browser close" (idempotent/safe to call even if no session) and register
it with trap 'cleanup EXIT' near the top after set -euo pipefail and FORM_URL
initialization so every exit invokes cleanup; ensure the cleanup function does
not fail the script (catch/ignore errors) and keep the existing final
"agent-browser close" call for the normal success path.
In @.agent/skills/ask-questions-if-underspecified/SKILL.md:
- Around line 6-7: Update the broken repository URL in the SKILL.md file by
replacing the incorrect value of the repository field (the line beginning with
"repository:") from "https://github.com/trailofbits/skill" to the correct plural
form "https://github.com/trailofbits/skills" so it matches the working URL used
in the url field.
In `@server/test/api/activity.test.ts`:
- Around line 21-36: The helper httpSerialize currently uses parameter name
"object" and preserves undefined array entries, but JSON.stringify turns
undefined array items into null; rename the parameters (e.g., to "input" or
"value") in both httpSerialize and removeUndefined to avoid the fluff name and
update removeUndefined's array branch to map undefined elements to null (i.e.,
for arrays return array.map(v => v === undefined ? null : removeUndefined(v)))
while keeping the existing recursion and object-field removal behavior so the
function matches JSON array semantics and types.
32fd57d to
0e80f8b
Compare
aguxez
force-pushed
the
card-declined-events
branch
from
0e80f8b to
f370464
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@server/api/activity.ts`:
- Around line 306-309: The picklist for the action field inside bodies:
array(looseObject({...})) currently has a new item appended; reorder the
picklist entries to insert the new action into the preferred/sorted position
(not at the end) to minimize diffs and keep consistency, and apply the same
insertion strategy to the other picklist occurrence referenced elsewhere (the
second action picklist), ensuring trailing commas are preserved; update the
array in the picklist([...]) calls used for action so both locations reflect the
same ordered list.
f370464 to
631e502
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
server/api/activity.ts (1)
414-425:⚠️ Potential issue | 🟡 MinorInclude created merchant icon as a fallback.
Created‑only flows can drop an available icon because only completed/updated are checked.
Proposed fix
- const icon = flow.completed?.merchant.icon ?? flow.updates.at(-1)?.merchant.icon; + const icon = flow.completed?.merchant.icon ?? flow.updates.at(-1)?.merchant.icon ?? flow.created?.merchant.icon;
🤖 Fix all issues with AI agents
In `@server/api/activity.ts`:
- Around line 280-283: The Sentry call currently sends full parse payloads via
captureException(new Error("bad transaction"), { contexts: { cryptomate, panda }
}); — replace this by constructing and passing sanitized/minimal context objects
(e.g., { cryptomate: { id: cryptomate?.id, status: cryptomate?.status }, panda:
{ id: panda?.id, status: panda?.status } } or similar non‑PII fields) so that
parse inputs and user identifiers are not logged; update the captureException
invocation to use these sanitized objects and, if needed, add a helper like
sanitizeParseContext to centralize stripping PII before passing to
captureException.
631e502 to
e1159e1
Compare
aguxez
force-pushed
the
card-declined-events
branch
3 times, most recently
from
555a87d to
4f0ca41
Compare
aguxez
force-pushed
the
card-declined-events
branch
from
4f0ca41 to
0b3b055
Compare
aguxez
force-pushed
the
card-declined-events
branch
from
0b3b055 to
645b403
Compare
1 participant
closes #114
Summary by CodeRabbit
New Features
Bug Fixes
Tests
Chores