Conversation
## Problem
When a customer updates a policy via MCP, the request succeeds but the `content` field gets saved as empty arrays instead of the actual content nodes. The policy body becomes blank even though the write timestamp updates, corrupting the draft.
## Root cause
The `createPolicy` and `updatePolicy` endpoints use `@Body() dto` which feeds into the global `ValidationPipe` with `enableImplicitConversion: true`. A no-op `@Transform(({value}) => value)` on the `content: unknown[]` field triggers class-transformer to coerce each TipTap node object into an empty array, yielding `content: [[],...]`.
The sibling `updateVersionContent` endpoint already avoids this by reading `@Req() req.body` directly with a comment noting "avoid class-transformer mangling TipTap JSON" a clear behavioral gap that the broken endpoints didn't follow.
## Fix
Apply the same `@Req()` bypass pattern to both `createPolicy` and `updatePolicy` in policies.controller.ts (lines 1068 and 1100). Extract the DTO from the raw request body to sidestep the harmful implicit conversion.
## Explicitly NOT touched
No changes to ValidationPipe config, class-transformer behavior, or other endpoints. The fix is localized to the policies feature only.
## Verification
✅ Reproduced the exact symptom (content coerced to empty arrays)
✅ Verified `updateVersionContent` already uses the safe pattern
✅ Confirmed no open PRs interfere with this change
✅ Policy drafts retain original `draftContent` so no data loss on main content field
…rialization-bug fix(policies): restore content serialization in mcp write path
|
The latest updates on your projects. Learn more about Vercel for GitHub.
1 Skipped Deployment
|
…dard At a customer showcase, an Intune device showed Compliant: Yes while its Disk Encryption check was failing — because the column displayed the vendor's own verdict (Intune complianceState), which reflects the customer's MDM policy configuration, not our framework standard. An Intune tenant with no policies calls every device compliant. Imported devices are now judged exactly like agent devices, by the four canonical checks (Disk Encryption, Antivirus, Password Policy, Screen Lock), computed from the source-reported check data: - any canonical check failed -> No (one failure is enough) - all four reported and passed -> Yes - some reported, none failed -> 'Unverified (n/4)' with a tooltip that lists what the provider doesn't report and recommends the agent - none reported -> Not tracked, as before The vendor verdict is demoted to an informational line in the device details. Provider-specific extra checks (e.g. Firewall) remain visible but never affect the verdict. Chart buckets follow the same rule (gray segment renamed Unverified); CSV exports per-check yes/no/unverified for imported devices. The details panel now always lists all four canonical checks for imported devices, marking unreported ones honestly.
Zero-reported devices were represented as unverified(reported: 0), forcing every consumer to special-case that combination back into 'Not tracked' — three call sites duplicated the check and a future consumer could forget it. The verdict union now has an explicit not_tracked kind; consumers simplify and the unreachable zero-reported tooltip branch is removed.
fix(devices): judge imported devices by the canonical four-check standard
Contributor
|
🎉 This PR is included in version 3.100.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.
Summary by cubic
Fixes policy content serialization and updates imported device compliance to use our four canonical checks. Prevents blank policy bodies and makes device verdicts consistent across table, chart, details, and CSV.
CreatePolicyDto.contentnow returnsobj.contentto preserve TipTap nodes; addedValidationPiperegression tests.Written for commit d52f0b6. Summary will update on new commits.