feat(APP-625): integrate proposal audit into proposal UI#1103
Draft
cristianizzo wants to merge 5 commits into
Draft
feat(APP-625): integrate proposal audit into proposal UI#1103cristianizzo wants to merge 5 commits into
cristianizzo wants to merge 5 commits into
Conversation
Surfaces the backend audit (BE-213) on the multisig proposal page. Adds a secondary button next to "Approve proposal" that: - runs a fresh audit via POST /v2/proposals/:id/audit when none is cached, with a loading state while the request is in flight - shows the cached audit (no extra cost) once persisted on the proposal document The result is rendered in a dedicated dialog with a colour-coded risk badge, summary, per-finding cards (severity + category + description), recommendations, and a Tenderly trace link.
|
🚀 Preview Deployment: View Here |
|
E2E results (preview) Smoke
|
Contributor
There was a problem hiding this comment.
Pull request overview
Integrates the backend proposal security audit into the multisig proposal UI by adding a “Run audit / Show audit” flow, backed by a new API service + domain types and rendered in a dedicated dialog.
Changes:
- Add a secondary audit button to the multisig proposal voting UI that triggers
POST /v2/proposals/:id/auditand opens an audit dialog. - Introduce a new
ProposalAuditDialogand register it in the governance dialog system. - Add proposal audit domain types, API service/mutation hook, and i18n strings.
Reviewed changes
Copilot reviewed 16 out of 16 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| src/plugins/multisigPlugin/components/multisigSubmitVote/multisigSubmitVote.tsx | Adds “Run audit / Show audit” button and mutation flow on the multisig proposal page. |
| src/modules/governance/dialogs/proposalAuditDialog/proposalAuditDialog.tsx | New dialog UI for rendering risk badge, summary, findings, recommendations, and Tenderly link. |
| src/modules/governance/dialogs/proposalAuditDialog/index.ts | Dynamic import + type exports for the new dialog. |
| src/modules/governance/constants/governanceDialogsDefinitions.ts | Registers the new proposal audit dialog definition. |
| src/modules/governance/constants/governanceDialogId.ts | Adds PROPOSAL_AUDIT dialog ID. |
| src/modules/governance/api/proposalAuditService/proposalAuditService.ts | Adds backend service method to run audits via POST endpoint. |
| src/modules/governance/api/proposalAuditService/proposalAuditService.api.ts | Adds request params typing for the audit endpoint. |
| src/modules/governance/api/proposalAuditService/mutations/useRunProposalAudit/useRunProposalAudit.ts | Adds React Query mutation hook for running audits. |
| src/modules/governance/api/proposalAuditService/mutations/useRunProposalAudit/index.ts | Re-exports the mutation hook. |
| src/modules/governance/api/proposalAuditService/mutations/index.ts | Mutations barrel export. |
| src/modules/governance/api/proposalAuditService/index.ts | Service module barrel export. |
| src/modules/governance/api/governanceService/domain/proposalAudit.ts | Introduces IProposalAudit and IProposalAuditFinding domain types. |
| src/modules/governance/api/governanceService/domain/proposal.ts | Extends proposal domain with optional cached audit field. |
| src/modules/governance/api/governanceService/domain/index.ts | Exports the new audit domain types. |
| src/assets/locales/en.json | Adds translations for audit dialog and multisig audit button labels. |
| .changeset/proposal-audit-ui.md | Changeset for minor release documenting the feature. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Scope queryClient.invalidateQueries to proposal-related caches via a predicate, so finishing an audit no longer nukes every React Query cache across the app. - Show the audit button when a cached audit exists even after the proposal is executed (so members can still review the audit), but hide it on executed-without-audit since "Run audit" would fail upstream anyway. - i18n the per-finding action label and use a 1-based index for users instead of the raw 0-based actionIndex from the API. - Fix two JSDoc typos (singular `/v2/proposal/` → plural `/v2/proposals/`). - Add a unit test for useRunProposalAudit matching the existing useSimulateActions pattern. - Point config/.env.preview at sandbox so the PR's preview deploy exercises the new audit endpoint. Revert before merging.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 18 out of 18 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
`IProposalAudit.riskLevel` and `IProposalAuditFinding.severity` are required strings in the domain type, so the `?? 'low'` / `?? 'info'` fallbacks were dead code and contradicted the contract. Use the values directly; the backend's validateAudit guarantees they're populated before persistence.
- Move audit button out of MultisigSubmitVote into ProposalAuditSection - Show audit section between Voting and Actions on all proposal states - Short summary preview with View Full Report button - Loading phases: simulating → analyzing → generating report - Error handling for failed audits
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Surfaces the backend audit (BE-213) on the multisig proposal page. Next to Approve proposal there's now a secondary button that:
POST /v2/proposals/:id/auditwhen no audit is cached on the proposal yet, with a loading state for the ~15–30s round-trip.The result is rendered in a dedicated dialog with:
Linear: APP-625
Backend PR: aragon/app-backend#1275 (BE-213)
Visibility rules
Test plan
Preview
config/.env.previewis temporarily flipped to point at sandbox so the Vercel preview exercises the new audit endpoint. Revert before merging to main.