feat(services): migrate status-report domain (PR 1/N)

[mxkaske]

Summary

Stacked on #2100. First domain migration onto the service layer. Moves every status-report write and read onto packages/services/src/status-report/ and makes tRPC / Connect / Slack thin adapters. Freezes the ServiceContext shape and the single-object { ctx, input } argument convention for every subsequent domain PR.

What lands here

Services (packages/services/src/status-report/)

• createStatusReport, addStatusReportUpdate, resolveStatusReport (convenience wrapper over add-update with status=resolved), updateStatusReport (metadata + associations), updateStatusReportUpdate (single-update edit), deleteStatusReport, deleteStatusReportUpdate, listStatusReports, getStatusReport, notifyStatusReport.
• All mutations wrapped in withTransaction, emit emitAudit before returning, and throw the typed ServiceError hierarchy (NotFound / Forbidden / Conflict / …).
• Zod schemas exported per operation are the contract — .parse() runs at every entry as defence-in-depth.
• Internal helpers: validatePageComponentIds, updatePageComponentAssociations, getReportInWorkspace, getReportUpdateInWorkspace, getUpdatesForReport, getPageComponentIdsForReport.
• Notification is a separate service call. notifyStatusReport({ ctx, input }) wraps dispatchStatusReportUpdate with workspace-scope + status-subscribers plan check, and is invoked as a second awaited call after the mutation — preserving the dashboard's two-call pattern (mandatory under the Edge runtime).

Surfaces — external contracts preserved

• tRPC (packages/api/src/router/statusReport.ts): every procedure now calls a service. create still returns { ...initialUpdate, notifySubscribers }. list and get still return the enriched { updates, pageComponents, page } shape the dashboard consumes. emailRouter.sendStatusReport becomes a thin wrapper over notifyStatusReport.
• Connect RPC (apps/server/src/routes/rpc/services/status-report/): handler is now proto → parse → service call → convert-back. External Connect API unchanged. Helpers previously exported from this folder (consumed by Slack) are gone; callers go through services.
• Slack (apps/server/src/routes/slack/interactions.ts): the four status-report branches (create / add-update / update / resolve) go through services. The maintenance branch still writes to db directly — it migrates in PR 2.

Adapters

• packages/api/src/service-adapter.ts — toServiceCtx(ctx) + toTRPCError(err) (ServiceError → TRPCError with matching codes; ZodError maps to BAD_REQUEST).
• apps/server/src/routes/rpc/adapter.ts — toServiceCtx(rpcCtx) + toConnectError(err). Synthesises actor.keyId = "ws:<workspaceId>" until the auth interceptor captures the real API key id (open question in the plan).
• apps/server/src/routes/slack/service-adapter.ts — refetches the full workspace for the pending-action's workspaceId, builds a Slack actor context, and renders ServiceError → human-readable Slack messages.

Enforcement

• Biome noRestrictedImports scoped to packages/api/src/router/statusReport.ts + apps/server/src/routes/rpc/services/status-report/**. Bans @openstatus/db, @openstatus/db/src/schema, drizzle-orm, and the three plan/* subpaths. Tests are ignored (setup/cleanup legitimately touch db).
• Subpath export @openstatus/services/status-report.
• packages/api / apps/server now depend on @openstatus/services.

Tests

• packages/services/src/status-report/__tests__/status-report.test.ts — happy paths, workspace isolation, cascade deletes, cross-workspace ForbiddenError / NotFoundError, the slack-actor audit branch, and enriched-relations for list / get.

Deliberate behaviour changes (small)

• Zod throws on invalid input where the old Connect silently coerced (e.g. out-of-range limit). Callers that need clamping can catch.
• updateStatusReport with pageComponentIds: [] now clears associations (same as old Connect's updatePageComponentIds: true). Passing undefined leaves them untouched.

Open questions deferred to later PRs

• Connect auth interceptor does not capture API key id today — surfaced as actor.keyId = "ws:<workspaceId>". Fix comes with a small interceptor change in a later PR.
• Slack LLM tool schemas still hand-written; a follow-up can try feeding services' Zod schemas directly through the AI SDK if round-trip is clean.

Test plan

• CI runs the new services integration tests (seeded turso) alongside existing Connect + tRPC suites
• Dashboard statusReport.create → emailRouter.sendStatusReport two-call path still works (no frontend change)
• Connect CreateStatusReport / AddStatusReportUpdate preserve notify semantics (single RPC call externally, two service calls internally)
• Slack create / add-update / update / resolve actions (approve / approve_notify / cancel) still round-trip
• Biome override fires if a new import from @openstatus/db sneaks into a scoped file

Stack

• feat(services): scaffold domain service layer (PR 0/N) #2100 — scaffold
• This PR — status-report (freezes ctx shape)
• Next: PR 2 maintenance → PR 3 incident → PR 4 monitor → … → final PR (broaden Biome, drop @openstatus/db deps, rename rpc/services/ → rpc/handlers/)

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
openstatus-dashboard	Ready	Preview, Comment	Apr 23, 2026 1:02pm
openstatus-status-page	Ready	Preview, Comment	Apr 23, 2026 1:02pm
openstatus-web	Ready	Preview, Comment	Apr 23, 2026 1:02pm

[cubic-dev-ai]

3 issues found across 25 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="packages/api/src/router/statusReport.ts">

<violation number="1" location="packages/api/src/router/statusReport.ts:202">
P2: `statusReport.list` now silently truncates to 100 reports because it hard-codes `limit: 100` with no pagination path. Workspaces with >100 reports will not receive the full list.</violation>
</file>

<file name="apps/server/src/routes/rpc/adapter.ts">

<violation number="1" location="apps/server/src/routes/rpc/adapter.ts:42">
P2: Map `LIMIT_EXCEEDED` to `Code.ResourceExhausted` instead of `Code.PermissionDenied` to preserve correct RPC error semantics.</violation>
</file>

<file name="biome.jsonc">

<violation number="1" location="biome.jsonc:89">
P2: Use Biome's `includes` key here; `include` prevents this override from applying.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[mxkaske]

Review response (Cubic findings)

Addressed in 539c821 + also fixes the dashboard build regression that the Vercel preview turned up.

1. ✅ statusReport.list silent truncation at limit: 100

Valid — the old tRPC list was unbounded (findMany with no limit). My migration silently capped at 100. Fixed:

• ListStatusReportsInput.limit now min(1) with no max at the schema level
• tRPC passes limit: 10_000 (sentinel "effectively unlimited" for dashboard use)
• Connect handler keeps its own max=100 cap externally — external API behaviour unchanged

2. ✅ LIMIT_EXCEEDED → Code.ResourceExhausted

Valid — PermissionDenied means "authenticated but not entitled"; quota is ResourceExhausted semantically per the Connect/gRPC code table. Fixed.

3. ❌ Biome include key — no change

This one I'm pushing back on. In Biome 1.8.3 (the version pinned here), OverridePattern.include is the documented glob key — the schema entry reads:

"A list of Unix shell style patterns. The formatter will include files/folders that will match these patterns."

The override is firing — pnpm biome check flagged the Connect test file under apps/server/src/routes/rpc/services/status-report/__tests__/ the moment the noRestrictedImports rule landed (which is why the rule now has the __tests__ ignore). includes (plural) is the Biome 2.x spelling; switching would be a false migration here.

If Biome 2 lands in this repo later, this key changes as part of that upgrade — worth a biome migrate run at that point.

4. 🐛 Dashboard build regression (bonus — not from the Cubic review)

Vercel's preview build caught a TS error I missed: row.original.page.customDomain in components/data-table/status-reports/data-table-row-actions.tsx:35. My service migrated the return type from the old zod-validated page: Page (non-null) to page: Page | null (accurate to the nullable pageId FK). The dashboard narrows on pageId earlier in the component, but TS can't cross-correlate pageId nullability with page nullability.

Fixed by narrowing page to non-null in the tRPC get / list wrappers with a small narrowPage helper that throws on the shouldn't-happen case (status report without its page) — matches the old zod-parse behaviour exactly.

[mxkaske]

@claude review

[mxkaske]

@claude review and check again

[claude]

Claude finished @mxkaske's task in 2m 1s —— View job

---

PR Re-Review: feat(services): migrate status-report domain (PR 1/N)

Tasks:

• Gather context from previous review and PR state
• Check if P1 tRPC LIMIT_EXCEEDED mapping was fixed
• Re-examine Drizzle join key fragility in enrichReportsBatch
• Check Slack error message exposure
• Review test cleanup patterns
• Check latest commits since previous review
• Post updated review

---

Follow-up review — all previous findings addressed

Commit 736c9823 ("address post-migration review on #2101") and 5fe213c5 close every item raised in my first pass. Here's the verification:

P1 — tRPC LIMIT_EXCEEDED → TOO_MANY_REQUESTS ✅
packages/api/src/service-adapter.ts now maps LIMIT_EXCEEDED to TOO_MANY_REQUESTS with a comment explaining the semantic distinction. Symmetric with the Connect side's Code.ResourceExhausted.

P2 — Fragile Drizzle join key in enrichReportsBatch ✅
packages/services/src/status-report/list.ts now uses an explicit-column select with reportId: statusReportsToPageComponents.statusReportId — typed, rename-safe, no cast. The code comment explains why the old approach was fragile.

P2 — Slack NOT_FOUND exposes internal row IDs ✅
apps/server/src/routes/slack/service-adapter.ts now returns ":x: Couldn't find what you were looking for." for NOT_FOUND instead of the raw err.message. The JSDoc explains the reasoning for future domain expansions.

P3 — Test cleanup without try/finally ✅
createdReportIds: number[] + afterEach drain pattern is in place. Test bodies push created IDs; cleanup is guaranteed regardless of assertion outcome. The comment above the array explains the intent clearly.

P3 — Multiple toServiceCtx calls per Slack action ✅
toServiceCtx is hoisted above the switch in executeAction. Single workspace DB lookup per action. The comment acknowledges the createMaintenance branch doesn't use ctx (migrates in PR 2).

Bonus fix — pageId follows component associations on update ✅
Commit 5fe213c5 simplified updateStatusReport to always set updateValues.pageId = validated.pageId when pageComponentIds is supplied. The previous overcautious guard (ConflictError on page-change, no-op on clear) didn't match what Connect's pre-migration tests encoded as the intended invariant.

---

Remaining minor notes (non-blocking, no action needed)

• narrowPage throws plain Error — still lands as INTERNAL_SERVER_ERROR through toTRPCError's catch-all, which is correct. The row ID in the message is acceptable here: it only fires on a data-integrity violation that "can't happen" in normal operation, and the error goes to Sentry/logtape, not a user-facing surface.
• updateStatus discards service return value — pre-migration parity preserved. Flag for the caller if the dashboard ever needs the updated row without a refetch.
• resolveStatusReport double-parses input — harmless; the inner addStatusReportUpdate call re-parses but no Zod penalty worth optimising here.

---

Verdict

All P1/P2 issues resolved, P3 fixes solid, bonus behavioral fix correct. The service layer contract is clean and the enforcement mechanism (Biome noRestrictedImports) is in place. Ready to merge from a code-review standpoint.