Skip to content

rework risk engine to be weighted + add blacklist#1295

Merged
N2D4 merged 1 commit intodevfrom
risk-score-rework
Mar 28, 2026
Merged

rework risk engine to be weighted + add blacklist#1295
N2D4 merged 1 commit intodevfrom
risk-score-rework

Conversation

@mantrakp04
Copy link
Copy Markdown
Collaborator

@mantrakp04 mantrakp04 commented Mar 28, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated internal dependency references.

Copilot AI review requested due to automatic review settings March 28, 2026 00:02
@vercel
Copy link
Copy Markdown

vercel bot commented Mar 28, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
stack-auth-hosted-components Ready Ready Preview, Comment Mar 28, 2026 0:08am
stack-backend Ready Ready Preview, Comment Mar 28, 2026 0:08am
stack-dashboard Ready Ready Preview, Comment Mar 28, 2026 0:08am
stack-demo Ready Ready Preview, Comment Mar 28, 2026 0:08am
stack-docs Ready Ready Preview, Comment Mar 28, 2026 0:08am

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Mar 28, 2026
edited
Loading

📝 Walkthrough

Walkthrough

A submodule reference in the backend private implementation directory was updated to point to a new commit hash, advancing the pinned version of the private subproject dependency.

Changes

Cohort / File(s) Summary
Submodule Reference Update
apps/backend/src/private/implementation		 Updated subproject commit hash from a93d7ea0c0a91d7a4dfbc97c0032c9c9c68ec4d6 to e4f32c675a640f40ffc19b1013ff46fc633d2438.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

Suggested reviewers

  • N2D4

Poem

🐰 A hop and a skip through commit hashes we go,
Pinning new versions, watching them grow,
The private implementation takes a stride,
Forward we venture with submodule pride! 🌟

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name Status Explanation Resolution
Description check ⚠️ Warning The PR description is missing substantive content—it only contains the repository template reminder with no actual explanation of changes, motivation, or implementation details. Add a detailed description explaining the risk engine rework, the weighted approach, blacklist feature implementation, and any relevant context or testing performed.
Title check ❓ Inconclusive The PR title describes a rework of the risk engine with weighted changes and blacklist addition, but the actual changeset only updates a subproject commit hash without revealing the substantive changes. Verify the actual changes in the subproject commit to confirm the title accurately reflects the implemented changes, or clarify if this is a submodule update PR.
✅ Passed checks (1 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch risk-score-rework

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI reviewed Mar 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR, as currently reflected in the diff, updates dependency resolution in the pnpm lockfile.

Changes:

  • Updates the nitro lockfile resolution to include rolldown@1.0.0-rc.3 as an optional dependency.
  • Removes the packages/private importer entry from pnpm-lock.yaml.
  • Adjusts lockfile snapshot entries related to eslint-plugin-import / eslint-module-utils peer dependency resolution.
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

coderabbitai[bot]
coderabbitai bot reviewed Mar 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/backend/src/private/implementation`:
- Line 1: The PR updates the submodule gitlink to
e4f32c675a640f40ffc19b1013ff46fc633d2438 but doesn't include the upstream diff
or validation artifacts; please provide a commit-range diff summary (e.g.,
upstream old..e4f32c6) and an explicit list of files changed in that range, add
a short security and behavioral risk assessment enumerating any breaking
changes, new dependencies, or surface-area changes, and attach test evidence
(unit/integration/CI run logs or matrix results) showing compatibility with our
backend implementation; include these artifacts in the PR description and CI
checks so reviewers can verify before merge.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9ccb34da-5968-4d9c-be50-d951d4d2de93

📥 Commits

Reviewing files that changed from the base of the PR and between b8ea06f and f4aadd3.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (1)
  • apps/backend/src/private/implementation

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Mar 28, 2026

Greptile Summary

This PR bumps the private apps/backend/src/private/implementation git submodule (a93d7ea → e4f32c6), which contains the reworked weighted sign-up risk engine and a new blacklist capability. The accompanying pnpm-lock.yaml diff is auto-generated and removes the now-gone packages/private workspace importer, updates nitro's peer-dep resolution to include rolldown@1.0.0-rc.3, and tightens a few eslint resolution strings.

Because the implementation lives in a private submodule that is not checked out in this review environment, the actual algorithmic changes (new weights, blacklist logic) cannot be inspected. The public-facing interface (SignUpRiskEngine, SignUpRiskScores, DerivedSignUpHeuristicFacts) is unchanged, and the open-source fallback (implementation-fallback/index.ts) still satisfies that interface by returning neutral zero scores.

Key observations:

  • The SignUpRiskScores schema (bot, free_trial_abuse) and the SignUpRiskEngine interface are unchanged, so the new private implementation must satisfy the same contract.
  • The inline snapshot test in risk-scores.tsx (line 150) expects { bot: 0, free_trial_abuse: 0 } for all-null/zero inputs; a sensible weighted engine with a blacklist should still return zeros for those inputs, but this cannot be verified without submodule access.
  • The pnpm-lock.yaml changes appear correct and are consistent with the removal of the packages/private workspace directory.

Confidence Score: 4/5

Safe to merge assuming the private submodule satisfies the existing SignUpRiskEngine interface and the inline snapshot test passes in CI

The only changed public artifact is the lockfile, which looks correct. The private submodule's new commit cannot be reviewed here, so the score is capped at 4/5 due to limited visibility rather than any identified defect.

apps/backend/src/private/implementation — the submodule commit contains all substantive changes but is not accessible for review

Important Files Changed

Filename Overview
apps/backend/src/private/implementation Private git submodule bumped from a93d7ea to e4f32c6; contains the weighted risk engine rework and blacklist additions but content is not accessible for review
pnpm-lock.yaml Generated lockfile: removes the now-deleted packages/private importer section (rimraf devDep), updates nitro peer-dep resolution to include rolldown, and tightens eslint-module-utils/eslint-plugin-import resolution strings

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Sign-up Request] --> B[calculateSignUpRiskAssessment]
    B --> C{Private submodule available?}
    C -- Yes --> D[signUpRiskEngine.calculateRiskAssessment]
    C -- No / fallback --> E[Neutral scores bot=0, free_trial_abuse=0]
    D --> F{Weighted risk engine}
    F --> G[checkPrimaryEmailRisk via Emailable]
    F --> H[loadRecentSignUpStats from DB]
    F --> I[Blacklist check]
    G --> J[SignUpRiskAssessment scores + heuristicFacts]
    H --> J
    I --> J
    E --> J
    J --> K[Sign-up rule evaluation via CEL evaluator]
    K --> L{Blocked?}
    L -- Yes --> M[Restrict user restricted_by_admin=true]
    L -- No --> N[Allow sign-up]
Loading

Reviews (1): Last reviewed commit: "update submodule" | Re-trigger Greptile

@N2D4 N2D4 merged commit 4ddf6a5 into dev Mar 28, 2026
41 checks passed
@N2D4 N2D4 deleted the risk-score-rework branch March 28, 2026 00:10
@coderabbitai coderabbitai bot mentioned this pull request Apr 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Copilot code review Copilot Copilot left review comments

@N2D4 N2D4 N2D4 approved these changes

Assignees

@mantrakp04 mantrakp04

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mantrakp04 @N2D4