You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A backend-vs-frontend audit found tRPC procedures across src/trpc/router.ts with no UI in the deployed build. The trigger: org.claimDomain / org.verifyDomain (organization domain claims). settings.updateOidc is gated by assertVerifiedDomainForIssuer (src/server/services/auth/oidc-domain-gate.ts) — it throws PRECONDITION_FAILED on every write unless the org holds a verifiedOrganizationDomainClaim matching the IdP issuer hostname. The only way to create that claim is the domain-claim procedures, which had no UI. Net effect: OIDC SSO could not be configured in-product for an own-domain IdP.
Status — corrected after capability-level re-audit
The original procedure-level signal ("no client caller") was too coarse: it flagged legacy aliases, dead procedures, internal/admin triggers, and capabilities already reachable via a sibling procedure as "gaps." Every candidate was re-audited at the capability level and the genuine reachable-nowhere capabilities have been implemented; the rest are closed or deferred. Scope shrank accordingly.
UI: Delete saved dashboard view #437 — dashboard.deleteView is now wired (per-view delete + confirm in the view-builder dialog, mirroring create/update). But the saved-views components (ViewBuilderDialog / CustomView) are currently orphaned — not mounted by any page — so the whole saved-views feature (incl. delete) is not user-reachable yet. Mounting that surface is a separate, larger gap.
❌ Closed — not a gap (false positives)
UI: OIDC group→role mapping #442 — settings.updateOidcRoleMapping is a legacy alias; group→role mapping is already exposed via the wired settings.updateOidcTeamMappings (IdP Group Mappings card).
UI: Small unsurfaced actions in existing features #444 — all five are dead / intentionally "coming soon" / excluded: ai.startNewConversation (REST sibling auto-creates), certificate.bundleGet (UI uses bundleList), migration.parse (OSS migration UI is "Coming soon"), analytics.topPipelines (KPI card excluded), stagedRollout.list (UI uses getActive).
Tech-debt: remove dead/legacy procedures with no UI and no caller #445 — confirmed dead/legacy with no caller and no user-facing capability (fleet.create, secret.resolve, team.myRole, dashboard.recentPipelines / operationalOverview / nodeCards). Source removal is separate tech-debt.
Diffed procedures against every client reference — dotted trpc.ns.procand minified ["ns","proc"] query-key forms.
Cross-checked surviving candidates against the running cloud /static bundle.
The follow-up re-audit added a capability-level check (is the capability reachable via any sibling procedure / REST endpoint?) to eliminate the false positives above.
Additional context
Out of scope: cloud-only routers in the private cloud/ workspace. Per AGENTS.md, this OSS repo is the source of truth; shared changes flow one-way into vectorflow-cloud.
Problem
A backend-vs-frontend audit found tRPC procedures across
src/trpc/router.tswith no UI in the deployed build. The trigger:org.claimDomain/org.verifyDomain(organization domain claims).settings.updateOidcis gated byassertVerifiedDomainForIssuer(src/server/services/auth/oidc-domain-gate.ts) — it throwsPRECONDITION_FAILEDon every write unless the org holds a verifiedOrganizationDomainClaimmatching the IdP issuer hostname. The only way to create that claim is the domain-claim procedures, which had no UI. Net effect: OIDC SSO could not be configured in-product for an own-domain IdP.Status — corrected after capability-level re-audit
The original procedure-level signal ("no client caller") was too coarse: it flagged legacy aliases, dead procedures, internal/admin triggers, and capabilities already reachable via a sibling procedure as "gaps." Every candidate was re-audited at the capability level and the genuine reachable-nowhere capabilities have been implemented; the rest are closed or deferred. Scope shrank accordingly.
✅ Implemented (close on merge)
org.claimDomain/verifyDomain/listDomains/unclaimDomain— Domain claims card in SSO settings; unblockssettings.updateOidcgovernance.report/previewDestinationPolicy— new/governanceroute + sidebar entryorg.resetMemberAuth(aliasresetMemberMfaauto-covered)user.eraseSelf+user.eraseUseraudit.exportAuditLog— filtered CSV/JSON exportfleet.previewAgentUpgrade+triggerAgentUpdates+triggerBulkAgentUpdatefleet.cpuHeatmap+agentDriftReportcostRecommendation.markApplied✅ —getById/triggerAnalysisare not gapssettings.updateAiBaseUrlOptIn✅ — sub-processor email toggle excludeddashboard.deleteViewis now wired (per-view delete + confirm in the view-builder dialog, mirroring create/update). But the saved-views components (ViewBuilderDialog/CustomView) are currently orphaned — not mounted by any page — so the whole saved-views feature (incl. delete) is not user-reachable yet. Mounting that surface is a separate, larger gap.❌ Closed — not a gap (false positives)
settings.updateOidcRoleMappingis a legacy alias; group→role mapping is already exposed via the wiredsettings.updateOidcTeamMappings(IdP Group Mappings card).ai.startNewConversation(REST sibling auto-creates),certificate.bundleGet(UI usesbundleList),migration.parse(OSS migration UI is "Coming soon"),analytics.topPipelines(KPI card excluded),stagedRollout.list(UI usesgetActive).fleet.create,secret.resolve,team.myRole,dashboard.recentPipelines/operationalOverview/nodeCards). Source removal is separate tech-debt.⏸ Deferred
linkExisting/acceptUpdateBulkare dead; theupdate/delete/getByIddetail page is deferred pending v2.0 design approval.Audit method (original)
trpc.ns.procand minified["ns","proc"]query-key forms./staticbundle.Additional context
Out of scope: cloud-only routers in the private
cloud/workspace. PerAGENTS.md, this OSS repo is the source of truth; shared changes flow one-way intovectorflow-cloud.