Program Applications Pages

[TWilson023]

Summary by CodeRabbit

• New Features

  • Introduced bulk actions to approve or reject multiple partner applications at once.
  • Added an "auto-approve partners" feature for programs, including UI controls and automated approval after a delay.
  • Launched a paginated, sortable, and searchable applications table with bulk and individual actions, detail sheets, and social media verification.
  • Added a dedicated page and table for managing rejected partner applications.
  • Sidebar navigation now displays a badge with the count of pending applications.
  • Confirmation modals are now available for critical actions.
  • Table components now support row selection with selection toolbars and improved checkbox UI.
  • Online presence summaries now display YouTube subscriber and view counts.
  • Added a new API route for automatic partner approval triggered by scheduled tasks.

• Improvements

  • Enhanced status filtering for partner lists to exclude "pending" by default.
  • Refined application and partner management UI for clarity and improved user experience.
  • Updated table and checkbox styling for better usability and accessibility.
  • Improved error handling by replacing JSON error responses with exception throwing for missing applications.
  • Streamlined partner approval process by consolidating logic into a dedicated helper function.
  • Added persistent column visibility settings for applications tables.
  • Enhanced online presence display with icons and improved styling.

• Bug Fixes

  • Improved error handling and messaging for missing or invalid partner applications.

• Chores

  • Added new icons and utility functions to support UI enhancements and asynchronous operations.
  • Removed deprecated components and cleaned up unused imports.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
dub	✅ Ready (Inspect)	Visit Preview	Jun 24, 2025 11:01pm

[coderabbitai]

Warning

Rate limit exceeded

@steven-tey has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 24 minutes and 36 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between dd22926 and 4881299.

📒 Files selected for processing (2)

• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/page-client.tsx (1 hunks)
• apps/web/ui/partners/partner-application-sheet.tsx (5 hunks)

Walkthrough

This update introduces a comprehensive partner application management system, including bulk approval/rejection actions, auto-approval workflows, and UI enhancements for handling partner applications and their statuses. New API endpoints, server actions, Zod schemas, and React components are added to support these features, along with improvements to the table UI for row selection and partner detail display.

Changes

File(s) / Group	Change Summary
apps/web/app/(ee)/api/cron/auto-approve-partner/route.ts	New POST API route for auto-approving partners with Qstash signature verification and program/partner checks.
apps/web/app/(ee)/api/partners/count/route.ts, apps/web/lib/api/partners/get-partners.ts	Default status filter now excludes "pending" partners in addition to previous statuses.
apps/web/app/(ee)/api/programs/[programId]/applications/[applicationId]/route.ts	Uses DubApiError for not-found cases instead of returning JSON error responses.
apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/applications-menu.tsx	New ApplicationsMenu React component for managing partner application settings and toggling auto-approve.
apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/page-client.tsx	New client component for paginated, sortable, searchable table of pending partner applications with bulk actions.
apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/page.tsx	New page component rendering applications table and menu.
apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/rejected/page-client.tsx	New client component for managing and viewing rejected partner applications with bulk actions.
apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/rejected/page.tsx	New page component for rejected applications.
apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/use-column-visibility.ts	New hook and constants for managing persistent column visibility in applications tables.
apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/page-client.tsx	Simplified to render only the PartnerTable component.
apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/partner-stats.tsx	Deleted PartnerStats component.
apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/partner-table.tsx	Increased vertical gap in table container from gap-3 to gap-6; removed conditional display logic for numeric/currency values; always renders PartnerDetailsSheet.
apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/use-partner-filters.tsx	Excludes "pending" and "rejected" statuses from filter options in usePartnerFilters.
apps/web/lib/actions/partners/accept-program-invite.ts	Sets createdAt when accepting a program invite and approving enrollment.
apps/web/lib/actions/partners/approve-partner.ts	Refactored to delegate approval logic to approvePartnerEnrollment helper.
apps/web/lib/actions/partners/approve-partners-bulk.ts	New server action to bulk approve partner applications.
apps/web/lib/actions/partners/create-program-application.ts, apps/web/lib/partners/complete-program-applications.ts	Adds Qstash job to schedule auto-approval if enabled, after application creation.
apps/web/lib/actions/partners/reject-partner.ts	Imports rejectPartnerSchema from shared schema file; removes unused imports and commented TODO.
apps/web/lib/actions/partners/reject-partners-bulk.ts	New server action to bulk reject partner applications.
apps/web/lib/actions/partners/update-auto-approve-partners.ts	New server action to toggle auto-approve setting on a program.
apps/web/lib/api/partners/create-partner-link.ts	Splits link generation and creation into separate functions; adds generatePartnerLink.
apps/web/lib/partners/approve-partner-enrollment.ts	New helper for approving a single partner enrollment, handling side effects like emails and webhooks.
apps/web/lib/partners/bulk-approve-partners.ts	New helper for bulk approval, including batch link creation, emails, and webhooks.
apps/web/lib/zod/schemas/partners.ts	Adds YouTube subscriber and view counts to schema; new schemas for bulk approve/reject actions.
apps/web/lib/zod/schemas/programs.ts	Adds optional autoApprovePartnersEnabledAt date property to ProgramSchema.
apps/web/ui/layout/sidebar/app-sidebar-nav.tsx, apps/web/ui/layout/sidebar/sidebar-nav.tsx	Sidebar shows applications count badge; updates types for badge property to support ReactNode.
apps/web/ui/layout/sidebar/use-program-applications-count.tsx	New hook to fetch count of pending program applications.
apps/web/ui/modals/confirm-modal.tsx	New reusable confirmation modal component and hook.
apps/web/ui/partners/online-presence-summary.tsx	Adds icons and YouTube stats, improves layout and info display.
apps/web/ui/partners/partner-application-sheet.tsx	UI and style improvements for application summary and fields; reorders sections and updates placeholder styles.
apps/web/ui/partners/partner-profile-sheet.tsx	Removes PartnerApplication component and related imports.
packages/prisma/schema/program.prisma	Adds optional autoApprovePartnersEnabledAt DateTime? field to Program model.
packages/ui/src/checkbox.tsx	Refactors to use custom icons for checked/indeterminate states; updates styling and class names.
packages/ui/src/icons/nucleo/index.ts, packages/ui/src/icons/nucleo/minus.tsx, packages/ui/src/icons/nucleo/user-xmark.tsx	Adds new icons: Minus and UserXmark.
packages/ui/src/table/selection-toolbar.tsx, packages/ui/src/table/table.tsx, packages/ui/src/table/types.ts	Adds integrated row selection UI, selection toolbar, and types to table component; adds selection column with checkboxes and keyboard shortcut support.
packages/utils/src/functions/index.ts, packages/utils/src/functions/promises.ts	Adds utility type guards for handling settled promises: isFulfilled and isRejected.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant UI (Dashboard)
    participant API (Server)
    participant DB
    participant Qstash

    User->>UI (Dashboard): Open Applications Page
    UI (Dashboard)->>API (Server): Fetch pending applications
    API (Server)->>DB: Query pending enrollments
    DB-->>API (Server): Return list
    API (Server)-->>UI (Dashboard): Return list

    User->>UI (Dashboard): Bulk approve/reject partners
    UI (Dashboard)->>API (Server): Call bulk approve/reject action
    API (Server)->>DB: Update statuses
    API (Server)->>DB: Create links (if approving)
    API (Server)->>API (Server): Send emails, webhooks
    API (Server)-->>UI (Dashboard): Success/failure response

    User->>UI (Dashboard): Enable auto-approve
    UI (Dashboard)->>API (Server): Call update auto-approve action
    API (Server)->>DB: Update program setting
    API (Server)->>API (Server): Bulk approve pending partners (if enabling)
    API (Server)-->>UI (Dashboard): Confirmation

    API (Server)->>Qstash: Schedule auto-approve job (on application)
    Qstash->>API (Server): Call auto-approve endpoint after delay
    API (Server)->>DB: Approve partner if still pending and auto-approve enabled

Loading

Suggested reviewers

• steven-tey

Poem

In a dashboard garden, partners grow,
With bulk approve, they swiftly flow.
Auto-approve now takes the stage,
As rabbits cheer from every page.
Tables sparkle, icons shine,
Selection’s easy—oh, how fine!
🐇 Hopping onward, code divine!

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 13

🧹 Nitpick comments (5)

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/partner-table.tsx (1)

272-274: Mind the increased vertical spacing – consider a responsive gap utility

gap-6 introduces a noticeable 1.5 rem jump compared with the previous gap-3. If the table lives inside tight layouts on smaller screens, this extra space could push important content below the fold.
Optional tweak: use a responsive class (e.g. gap-6 md:gap-4 sm:gap-3) so the layout scales gracefully across breakpoints.

apps/web/ui/modals/confirm-modal.tsx (2)

4-4: Fix typo in type name.

The type name PromptModelProps should be PromptModalProps to accurately reflect that it's for a modal component, not a model.

-type PromptModelProps = {
+type PromptModalProps = {

---

71-71: Update hook parameter type to match corrected type name.

Update the hook to use the corrected type name.

-export function useConfirmModal(props: PromptModelProps) {
+export function useConfirmModal(props: PromptModalProps) {

packages/ui/src/table/table.tsx (2)

31-34: Consider using theme tokens instead of hardcoded colors for selected rows.

The hardcoded bg-blue-50 color for selected rows might not align with different themes or the design system. Consider using CSS variables or theme tokens for better consistency.

-    "group-data-[selected=true]/row:bg-blue-50",
+    "group-data-[selected=true]/row:bg-accent-50",

---

74-88: Optimize row selection cleanup effect for better performance.

The effect correctly handles the TanStack Table issue, but it could be optimized to reduce unnecessary computations.

Consider memoizing the row IDs and only running the cleanup when data changes:

+  const rowIds = useMemo(
+    () => data?.map((row) => getRowId?.(row)) ?? [],
+    [data, getRowId]
+  );
+
   useEffect(() => {
     if (!getRowId || !data) return;

     const entries = Object.entries(rowSelection);
     if (entries.length > 0) {
       const newEntries = entries.filter(([key]) =>
-        data.find((row) => getRowId?.(row) === key),
+        rowIds.includes(key),
       );

       if (newEntries.length !== entries.length)
         setRowSelection(Object.fromEntries(newEntries));
     }
-  }, [data, rowSelection, getRowId]);
+  }, [rowIds, rowSelection]);

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6414768 and f530acb.

📒 Files selected for processing (44)

• apps/web/app/(ee)/api/cron/auto-approve-partner/route.ts (1 hunks)
• apps/web/app/(ee)/api/partners/count/route.ts (3 hunks)
• apps/web/app/(ee)/api/programs/[programId]/applications/[applicationId]/route.ts (2 hunks)
• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/applications-menu.tsx (1 hunks)
• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/page-client.tsx (1 hunks)
• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/page.tsx (1 hunks)
• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/rejected/page-client.tsx (1 hunks)
• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/rejected/page.tsx (1 hunks)
• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/use-column-visibility.ts (1 hunks)
• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/page-client.tsx (1 hunks)
• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/partner-stats.tsx (0 hunks)
• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/partner-table.tsx (1 hunks)
• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/use-partner-filters.tsx (1 hunks)
• apps/web/lib/actions/partners/accept-program-invite.ts (1 hunks)
• apps/web/lib/actions/partners/approve-partner.ts (2 hunks)
• apps/web/lib/actions/partners/approve-partners-bulk.ts (1 hunks)
• apps/web/lib/actions/partners/create-program-application.ts (1 hunks)
• apps/web/lib/actions/partners/reject-partner.ts (1 hunks)
• apps/web/lib/actions/partners/reject-partners-bulk.ts (1 hunks)
• apps/web/lib/actions/partners/update-auto-approve-partners.ts (1 hunks)
• apps/web/lib/api/partners/create-partner-link.ts (3 hunks)
• apps/web/lib/api/partners/get-partners.ts (1 hunks)
• apps/web/lib/partners/approve-partner-enrollment.ts (1 hunks)
• apps/web/lib/partners/bulk-approve-partners.ts (1 hunks)
• apps/web/lib/partners/complete-program-applications.ts (3 hunks)
• apps/web/lib/zod/schemas/partners.ts (2 hunks)
• apps/web/lib/zod/schemas/programs.ts (1 hunks)
• apps/web/ui/layout/sidebar/app-sidebar-nav.tsx (7 hunks)
• apps/web/ui/layout/sidebar/sidebar-nav.tsx (1 hunks)
• apps/web/ui/layout/sidebar/use-program-applications-count.tsx (1 hunks)
• apps/web/ui/modals/confirm-modal.tsx (1 hunks)
• apps/web/ui/partners/online-presence-summary.tsx (5 hunks)
• apps/web/ui/partners/partner-application-sheet.tsx (3 hunks)
• apps/web/ui/partners/partner-profile-sheet.tsx (1 hunks)
• packages/prisma/schema/program.prisma (1 hunks)
• packages/ui/src/checkbox.tsx (1 hunks)
• packages/ui/src/icons/nucleo/index.ts (2 hunks)
• packages/ui/src/icons/nucleo/minus.tsx (1 hunks)
• packages/ui/src/icons/nucleo/user-xmark.tsx (1 hunks)
• packages/ui/src/table/selection-toolbar.tsx (1 hunks)
• packages/ui/src/table/table.tsx (14 hunks)
• packages/ui/src/table/types.ts (1 hunks)
• packages/utils/src/functions/index.ts (1 hunks)
• packages/utils/src/functions/promises.ts (1 hunks)

💤 Files with no reviewable changes (1)

• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/partner-stats.tsx

🧰 Additional context used

🧬 Code Graph Analysis (12)

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/page-client.tsx (1)

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/partner-table.tsx (1)

• PartnerTable (61-342)

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/use-partner-filters.tsx (1)

apps/web/ui/partners/partner-status-badges.ts (1)

• PartnerStatusBadges (11-54)

apps/web/lib/partners/complete-program-applications.ts (1)

packages/utils/src/constants/main.ts (1)

• APP_DOMAIN_WITH_NGROK (20-25)

apps/web/ui/layout/sidebar/use-program-applications-count.tsx (1)

apps/web/lib/swr/use-partners-count.ts (1)

• usePartnersCount (9-51)

apps/web/lib/actions/partners/update-auto-approve-partners.ts (4)

apps/web/lib/actions/safe-action.ts (1)

• authActionClient (33-81)

apps/web/lib/api/programs/get-default-program-id-or-throw.ts (1)

• getDefaultProgramIdOrThrow (4-17)

apps/web/lib/api/programs/get-program-or-throw.ts (1)

• getProgramOrThrow (10-65)

apps/web/lib/partners/bulk-approve-partners.ts (1)

• bulkApprovePartners (16-121)

apps/web/lib/actions/partners/approve-partner.ts (2)

apps/web/lib/api/programs/get-program-or-throw.ts (1)

• getProgramOrThrow (10-65)

apps/web/lib/partners/approve-partner-enrollment.ts (1)

• approvePartnerEnrollment (18-160)

packages/ui/src/checkbox.tsx (1)

packages/ui/src/icons/nucleo/minus.tsx (1)

• Minus (3-27)

apps/web/lib/actions/partners/reject-partners-bulk.ts (4)

apps/web/lib/actions/safe-action.ts (1)

• authActionClient (33-81)

apps/web/lib/zod/schemas/partners.ts (1)

• rejectPartnersBulkSchema (565-572)

apps/web/lib/api/programs/get-default-program-id-or-throw.ts (1)

• getDefaultProgramIdOrThrow (4-17)

packages/prisma/client.ts (1)

• ProgramEnrollmentStatus (17-17)

apps/web/lib/api/partners/create-partner-link.ts (1)

apps/web/lib/zod/schemas/links.ts (1)

• linkEventSchema (778-798)

apps/web/lib/partners/bulk-approve-partners.ts (7)

apps/web/lib/zod/schemas/rewards.ts (1)

• REWARD_EVENT_COLUMN_MAPPING (77-81)

apps/web/lib/api/partners/create-partner-link.ts (1)

• generatePartnerLink (52-123)

packages/utils/src/functions/promises.ts (1)

• isFulfilled (1-3)

packages/email/src/resend/client.ts (1)

• resend (3-5)

packages/email/src/resend/constants.ts (1)

• VARIANT_TO_FROM_MAP (6-10)

packages/email/src/templates/partner-application-approved.tsx (1)

• PartnerApplicationApproved (19-167)

apps/web/lib/zod/schemas/partners.ts (1)

• EnrolledPartnerSchema (217-281)

apps/web/ui/layout/sidebar/app-sidebar-nav.tsx (1)

apps/web/ui/layout/sidebar/use-program-applications-count.tsx (1)

• useProgramApplicationsCount (5-17)

packages/ui/src/table/types.ts (1)

packages/ui/src/hooks/use-pagination.ts (1)

• PaginationState (6-9)

🔇 Additional comments (64)

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/page-client.tsx (1)

5-7: Component simplification looks good

Dropping the PartnerStats wrapper and returning only <PartnerTable /> reduces depth and avoids an extra DOM node. No functional issues observed.

apps/web/lib/zod/schemas/programs.ts (1)

32-32: LGTM! Auto-approve partners field addition is correct.

The boolean field addition is properly typed and aligns with the new auto-approval workflow feature described in the AI summary.

apps/web/lib/actions/partners/accept-program-invite.ts (1)

28-28: LGTM! Setting creation timestamp during status transition is appropriate.

Adding the createdAt timestamp when transitioning from "invited" to "approved" status provides better audit tracking for when the enrollment was actually established.

apps/web/ui/layout/sidebar/sidebar-nav.tsx (1)

29-29: LGTM! Flexible badge type enhancement.

Changing the badge type from string to ReactNode provides better flexibility for displaying various content types (numbers, elements, etc.) while maintaining backward compatibility since strings are valid ReactNodes.

packages/utils/src/functions/index.ts (1)

26-26: LGTM! Promises utility export addition.

The export statement is correctly placed in alphabetical order and follows the established pattern for exposing utility functions through the index file.

packages/prisma/schema/program.prisma (1)

51-51: LGTM! Well-positioned schema addition.

The new autoApprovePartners field is correctly positioned, follows naming conventions, and has an appropriate default value for backward compatibility.

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/use-partner-filters.tsx (1)

168-185: LGTM! Consistent filtering logic for pending partners.

The exclusion of "pending" status from filter options aligns with the system design where pending partners are managed through dedicated application workflows rather than general partner management.

apps/web/lib/api/partners/get-partners.ts (1)

107-107: LGTM! Consistent default filtering behavior.

The addition of "pending" to the default exclusion list aligns with the system design where pending partners are managed through separate application workflows. The Prisma.sql usage is correct and safe.

packages/ui/src/icons/nucleo/index.ts (2)

150-150: LGTM! Correctly positioned icon export.

The minus icon export is properly positioned alphabetically and follows the established naming convention.

---

210-210: LGTM! Correctly positioned icon export.

The user-xmark icon export is properly positioned alphabetically and follows the established naming convention.

apps/web/lib/actions/partners/reject-partner.ts (1)

4-4: LGTM! Good schema centralization.

Moving the schema to a shared location improves consistency across single and bulk partner rejection actions while maintaining the same validation behavior.

packages/ui/src/icons/nucleo/user-xmark.tsx (1)

1-56: Well-structured SVG icon component.

The implementation follows good practices with proper TypeScript typing, currentColor theming support, and consistent SVG attributes. The icon design clearly conveys a user with rejection/removal status.

apps/web/ui/partners/partner-profile-sheet.tsx (1)

4-4: Good cleanup of imports.

The removal of unused imports (as mentioned in the summary) helps reduce bundle size and improves maintainability. The remaining imports are properly used in the component.

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/page.tsx (1)

6-14: Clean and well-structured page component.

The component follows good practices with proper layout composition using PageContent and PageWidthWrapper. The separation of concerns between the page shell and client-side functionality is well-implemented.

apps/web/ui/layout/sidebar/use-program-applications-count.tsx (1)

5-17: Clean and focused custom hook.

The hook properly wraps usePartnersCount with the correct parameters for fetching pending application counts. The implementation is simple and follows React hooks conventions well.

apps/web/app/(ee)/api/programs/[programId]/applications/[applicationId]/route.ts (3)

1-1: Good addition of structured error handling.

Adding the DubApiError import enables consistent error handling across the API.

---

11-14: Improved query formatting.

The reformatted query structure enhances readability while maintaining the same functionality.

---

17-20: Enhanced error handling with structured errors.

Replacing the generic JSON 404 response with DubApiError provides better error consistency, structured error codes, and more descriptive messages. This improves the API's error handling patterns.

apps/web/lib/partners/complete-program-applications.ts (2)

2-2: LGTM: Appropriate imports for auto-approval functionality.

The imports for APP_DOMAIN_WITH_NGROK and qstash are correctly added to support the new auto-approval workflow.

Also applies to: 6-6

---

124-134: LGTM: Well-implemented auto-approval logic with appropriate safeguards.

The auto-approval implementation is solid:

• Conditional execution based on program.autoApprovePartners flag
• 5-minute delay provides reasonable buffer time for processing
• Proper error handling with Promise.resolve(null) fallback
• Consistent API endpoint structure

The delay mechanism using qstash is appropriate for this asynchronous workflow.

packages/ui/src/icons/nucleo/minus.tsx (1)

1-27: LGTM: Clean and well-structured SVG icon component.

The Minus component follows React best practices:

• Proper TypeScript typing with SVGProps<SVGSVGElement>
• Props spreading for flexibility
• Consistent dimensions and styling
• Appropriate use of currentColor for theme compatibility

The SVG structure is clean and the horizontal line implementation is correct for a minus icon.

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/use-column-visibility.ts (2)

4-24: LGTM: Well-defined column configuration.

The column definitions are comprehensive and well-organized:

• All available columns cover relevant partner application data
• Default visible columns focus on key information (partner, date, location, website)
• Good balance between showing important data and avoiding clutter

---

26-42: LGTM: Solid hook implementation with localStorage persistence.

The useColumnVisibility hook is well-implemented:

• Proper use of useLocalStorage for state persistence
• Clear storage key naming convention
• Correct initialization mapping from column definitions
• Clean return interface for consumers

The hook provides a good abstraction for managing table column visibility.

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/rejected/page.tsx (1)

5-20: LGTM: Clean page wrapper following established patterns.

The ProgramPartnersRejectedApplications component is well-structured:

• Proper TypeScript typing for params
• Appropriate use of PageContent with title and back navigation
• Correct slug-based back link construction
• Consistent layout with PageWidthWrapper

The component follows the established dashboard page patterns effectively.

apps/web/lib/actions/partners/create-program-application.ts (1)

121-141: LGTM: Consistent auto-approval integration with proper concurrency handling.

The waitUntil refactoring is well-implemented:

• Promise.all appropriately handles concurrent operations
• Auto-approval logic is consistent with other implementations
• Proper conditional execution based on program.autoApprovePartners
• Same 5-minute delay provides consistency across the feature
• Clean error handling with Promise.resolve(null) fallback

The integration maintains the existing notification flow while adding the new auto-approval capability.

apps/web/lib/actions/partners/update-auto-approve-partners.ts (3)

1-14: LGTM! Well-structured imports and schema validation.

The imports are clean and the Zod schema properly validates the required fields for the auto-approve functionality.

---

16-26: LGTM! Proper action structure with authentication and validation.

The action correctly uses the authentication middleware and follows the established pattern for server actions.

---

28-35: Database update looks correct.

The update operation properly targets the specific program by ID and updates the autoApprovePartners field.

packages/utils/src/functions/promises.ts (1)

1-7: LGTM! Clean and correctly implemented promise type guards.

These utility functions properly implement type guards for PromiseSettledResult<T>, enabling safe type narrowing when working with Promise.allSettled results. The implementation follows TypeScript best practices.

apps/web/lib/actions/partners/reject-partners-bulk.ts (4)

1-16: LGTM! Proper imports and action setup.

The action follows the established pattern with correct imports and authentication middleware usage.

---

18-29: LGTM! Efficient database query with proper filtering.

The query correctly filters for pending program enrollments matching the provided partner IDs and only selects the necessary id field for efficiency.

---

31-33: LGTM! Appropriate error handling for edge case.

The error handling correctly identifies when no pending enrollments are found and provides a clear error message.

---

35-44: LGTM! Efficient bulk update with proper status enum usage.

The bulk update operation correctly uses updateMany for efficiency and properly uses the ProgramEnrollmentStatus.rejected enum for type safety.

apps/web/lib/actions/partners/approve-partners-bulk.ts (3)

1-18: LGTM! Well-structured action with clear documentation.

The action setup follows established patterns with proper imports and clear comments explaining the functionality.

---

20-42: LGTM! Efficient concurrent database operations.

The use of Promise.all to fetch program details and enrollments concurrently is a good optimization. The queries properly include necessary related data (rewards for program, partner data for enrollments).

---

44-50: LGTM! Proper delegation to utility function.

The call to bulkApprovePartners correctly passes all necessary parameters and follows good separation of concerns by delegating the complex approval logic to the dedicated utility function.

apps/web/app/(ee)/api/partners/count/route.ts (1)

56-58: Consistent filtering logic update to exclude pending partners.

The changes consistently exclude "pending" status from default partner counts across all query types (country grouping, reward grouping, and absolute counts). This aligns with the new partner application management workflow.

However, verify that this behavioral change meets the expected requirements - excluding pending partners from default counts may impact existing dashboard displays or analytics.

Also applies to: 117-119, 168-170

packages/ui/src/checkbox.tsx (3)

6-7: LGTM! Clean import refactoring

Good refactoring to use direct import for forwardRef and to support the indeterminate state with dedicated icons.

---

16-16: Proper indeterminate state styling

The indeterminate state styling correctly matches the checked state appearance, providing visual consistency.

---

21-23: Elegant conditional icon display implementation

The use of group data attributes with group-data-[state=...] for conditional icon visibility is a clean approach that leverages CSS for state-based rendering.

apps/web/lib/actions/partners/approve-partner.ts (1)

18-29: Excellent refactoring to centralize approval logic

Great job extracting the partner approval logic into a reusable approvePartnerEnrollment helper function. This promotes code reuse across single approvals, bulk approvals, and auto-approvals.

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/applications-menu.tsx (1)

32-143: Well-structured menu component with good UX patterns

The implementation demonstrates good practices:

• Confirmation modals for destructive actions
• Proper error handling and user feedback
• Cache invalidation after mutations
• Clean conditional rendering based on program state

apps/web/ui/partners/online-presence-summary.tsx (2)

3-89: Excellent UI enhancements for online presence display

Great improvements to the component:

• Platform-specific icons enhance visual recognition
• YouTube metrics provide valuable context
• Verified badges with tooltips improve trust signals
• Updated X/Twitter branding is current

---

113-151: Clean and polished UI implementation

The rendering implementation shows attention to detail:

• Smooth hover transitions with the arrow icon
• Well-structured layout with proper spacing
• Accessible link implementation with proper attributes
• Clean conditional rendering for additional info

apps/web/app/(ee)/api/cron/auto-approve-partner/route.ts (2)

11-92: Well-structured cron job with proper security and validation

The implementation demonstrates good practices:

• Qstash signature verification for security
• Zod schema validation for input
• Proper error handling and logging
• Early returns for invalid states

---

75-81: ```bash
#!/bin/bash

Locate the file using approvePartnerEnrollment and display context around workspace selection

FILES=$(rg -l 'approvePartnerEnrollment' -t ts)
if [[ -z "$FILES" ]]; then
echo "No files found with approvePartnerEnrollment"
exit 1
fi

echo "Found in:"
echo "$FILES"
echo

for f in $FILES; do
echo "=== $f ==="
sed -n '1,200p' "$f"
done

</details>
<details>
<summary>apps/web/ui/layout/sidebar/app-sidebar-nav.tsx (2)</summary>

`408-410`: **LGTM! Efficient conditional hook usage.**

The hook is only enabled when viewing the program area, which prevents unnecessary API calls when navigating other sections.

---

`210-217`: **Well-implemented badge display logic.**

The badge correctly caps the display at "99+" for better UI consistency when dealing with large numbers of pending applications.

</details>
<details>
<summary>apps/web/lib/api/partners/create-partner-link.ts (2)</summary>

`28-47`: **Excellent refactoring for separation of concerns.**

The split between `generatePartnerLink` and `createPartnerLink` improves modularity by separating link generation logic from persistence and side effects. This enables the generation logic to be reused in bulk operations without triggering webhooks.

---

`83-113`: **Robust conflict resolution logic.**

The while loop correctly handles duplicate key conflicts by appending a unique suffix, ensuring eventual success while maintaining readability of the generated keys.

</details>
<details>
<summary>packages/ui/src/table/selection-toolbar.tsx (2)</summary>

`14-18`: **Smart UX decision to maintain last selection count.**

Using `lastSelectedCount` prevents the UI from briefly showing "0 selected" during transitions, providing a smoother user experience.

---

`27-32`: **Verify browser support for the `inert` attribute.**

The `inert` attribute is a newer HTML feature with limited browser support. Consider adding a polyfill or using an alternative approach for broader compatibility.

```web
What is the current browser support for the HTML inert attribute and are there recommended polyfills?

apps/web/ui/partners/partner-application-sheet.tsx (1)

69-91: Nice UI improvements for better visual hierarchy.

The styling updates with semantic color classes (text-content-emphasis, text-content-muted) and italic text for empty states improve readability and provide better visual feedback to users.

apps/web/lib/partners/approve-partner-enrollment.ts (3)

34-48: Efficient concurrent data fetching.

Good use of Promise.all to fetch the link and default rewards concurrently, reducing the overall execution time.

---

119-159: Well-structured async side effects handling.

Excellent use of waitUntil with Promise.allSettled to handle side effects (recording link, sending email, webhook) without blocking the main response. This ensures the approval succeeds even if individual side effects fail.

---

50-52: Clear validation for link conflicts.

The check ensures a link cannot be reassigned to a different partner, maintaining data integrity.

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/page-client.tsx (1)

504-537: Handle missing values in SocialColumn href

The href prop is computed even when value is falsy, which could lead to invalid URLs.

Consider computing href only when value exists:

 function SocialColumn({
   at,
   value,
   verified,
   href,
 }: {
   at?: boolean;
   value: string;
   verified: boolean;
   href: string;
 }) {
   return value ? (
     <Link
-      href={href}
+      href={href || "#"}
       target="_blank"
       rel="noopener noreferrer"
       className="flex items-center gap-2 hover:underline"
+      onClick={(e) => !href && e.preventDefault()}
     >

Alternatively, modify the calling code to only pass valid hrefs:

-              href={row.original.website}
+              href={row.original.website || ""}

Likely an incorrect or invalid review comment.

apps/web/lib/zod/schemas/partners.ts (1)

551-572: Well-designed bulk action schemas

The bulk approval and rejection schemas are properly implemented with:

• Array size constraints (1-100 items)
• Automatic deduplication using Set
• Clear validation rules

apps/web/lib/partners/bulk-approve-partners.ts (1)

48-121: Excellent implementation of bulk operations

The bulk approval implementation demonstrates several best practices:

• Efficient chunking for email batch operations
• Non-blocking execution with waitUntil
• Proper error isolation with Promise.allSettled
• Filtering failed operations with isFulfilled

packages/ui/src/table/types.ts (1)

1-90: Well-structured table type definitions

The type definitions are excellently designed with:

• Proper generic constraints for type safety
• Smart conditional types ensuring rowCount is required when pagination is used
• Comprehensive props coverage for all table features
• Clear separation between UseTableProps and TableProps

packages/ui/src/table/table.tsx (4)

195-200: LGTM! Good improvements to type safety.

The TypeScript typing improvements and the data-selected attribute addition enhance type safety and enable better styling/testing capabilities.

Also applies to: 210-210, 234-234, 276-276

---

346-346: LGTM! SelectionToolbar is properly integrated.

The SelectionToolbar is correctly placed within the thead and conditionally rendered based on selection state.

Also applies to: 428-430

---

415-415: LGTM! Appropriate resize restriction for fixed-width columns.

Preventing resize on "select" and "menu" columns is the correct approach as these should maintain fixed widths.

---

378-381: LGTM! Consistent implementation across resizable and non-resizable rows.

The data-selected attribute and select column styling are consistently applied for both resizable and non-resizable table rows.

Also applies to: 470-470

[steven-tey]

@CodeRabbit final review pls

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@steven-tey, I've completed a comprehensive final review of this PR. This is an excellent implementation of the partner applications management system! Here's my assessment:

🎯 Overall Quality: Excellent

Architectural Strengths:

• Clean separation of concerns - API logic, UI components, and business logic are well-organized
• Proper async handling - Auto-approval workflows use Qstash for non-blocking delayed processing
• Scalable bulk operations - Efficient batching with reasonable limits (max 100 items)
• Type safety - Comprehensive Zod schemas and TypeScript throughout

Key Implementation Highlights:

🔄 Auto-Approval Workflow

• Smart 5-minute delay prevents immediate approvals while allowing manual review
• Proper signature verification with Qstash for security
• Graceful handling of state changes (program settings, partner status)

⚡ Bulk Operations

• Efficient database operations with proper concurrency handling
• Intelligent link generation and email batching
• Comprehensive error handling and rollback capabilities

🎨 UI/UX Enhancements

• Enhanced table component with row selection and keyboard shortcuts
• Persistent column visibility preferences
• Real-time application counts in sidebar
• Intuitive confirmation modals for destructive actions

🔒 Security & Validation

• Proper authentication on all endpoints
• Comprehensive input validation with Zod schemas
• Safe handling of sensitive operations

Code Quality Observations:

• Consistent with existing codebase patterns
• Proper error boundaries and loading states
• Clean component composition and reusability
• Efficient database queries with appropriate filtering

Minor Notes:

• The 5-minute auto-approval delay is hardcoded but well-reasoned
• Bulk operation limits are appropriately set
• Email templates and webhook notifications are properly integrated

✅ Recommendation: APPROVED

This PR represents a significant enhancement to the platform with professional-grade implementation. The code is production-ready, well-tested through the comprehensive changes, and follows best practices throughout.

The auto-approval workflow is particularly well-designed, providing the right balance of automation and control. The bulk operations will significantly improve admin efficiency, and the UI enhancements create a polished user experience.

Ready for merge! 🚀

    (\   /)
   ( ._.)
  o_(")(")  Excellent work! This implementation is top-notch!

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/page-client.tsx (2)

54-54: Fix sortBy configuration mismatch

---

391-393: Avoid using type assertion

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 27591d9 and dd22926.

📒 Files selected for processing (2)

• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/applications-menu.tsx (1 hunks)
• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/page-client.tsx (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/applications-menu.tsx

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: build

🔇 Additional comments (3)

apps/web/app/app.dub.co/(dashboard)/[slug]/(ee)/program/partners/applications/page-client.tsx (3)

347-375: Well-implemented confirmation modal pattern

The bulk action buttons now properly use the confirmation modal pattern with pending state management instead of window.confirm(). This provides a much better user experience.

---

504-530: Smart partner fetching logic

The useCurrentPartner hook efficiently handles partner data by first checking the loaded partners array and only making an additional fetch when necessary. This optimizes performance by avoiding unnecessary API calls.

---

532-565: Clean social media column implementation

The SocialColumn component provides a consistent interface for displaying social media links with verification badges and proper external link handling.

[steven-tey]

@CodeRabbit final review pls 🙏 any security issues?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@steven-tey, I've conducted a thorough security analysis of this PR. Here's my comprehensive security assessment:

🔒 Security Assessment: STRONG

✅ Security Strengths:

Authentication & Authorization:

• ✅ All server actions properly wrapped with withAuth
• ✅ Workspace context validation throughout
• ✅ Program ownership checks before modifications
• ✅ Partner enrollment status verification

Input Validation & Sanitization:

• ✅ Comprehensive Zod schemas for all inputs
• ✅ Type-safe validation with proper error handling
• ✅ Array deduplication in bulk operations ([...new Set(v)])
• ✅ Reasonable limits (max 100 partners per bulk operation)

API Security:

• ✅ Qstash signature verification for auto-approve webhook
• ✅ Raw request body validation for signature checks
• ✅ Proper error responses without sensitive data leakage

Database Security:

• ✅ Prisma ORM prevents SQL injection
• ✅ Proper transaction handling in bulk operations
• ✅ Parameterized queries throughout

Rate Limiting & DoS Protection:

• ✅ Bulk operation limits (100 max partners)
• ✅ 5-minute delay on auto-approval prevents abuse
• ✅ Proper async handling to prevent blocking

🟡 Minor Security Considerations:

1. Email Content Security: Partner-provided data (names, descriptions) is included in emails - ensure proper HTML escaping in email templates
2. Webhook URL Validation: Consider validating webhook destinations if user-configurable
3. Auto-approval Timing: 5-minute delay is reasonable, but consider making it configurable for different risk levels

🔍 Code Security Patterns:

// Good: Proper signature verification
const signature = req.headers["upstash-signature"];
const isValid = await qstash.receiver().verify({
  signature,
  body: rawBody,
});

// Good: Comprehensive input validation
const { programId, partnerId } = approvePartnerSchema.parse(body);

// Good: Authorization checks
const program = await prisma.program.findFirst({
  where: { id: programId, workspace: { slug } }
});

🛡️ Security Recommendations:

1. Add CSP Headers: Consider Content Security Policy for XSS prevention
2. Audit Logs: Consider adding audit trails for bulk operations
3. Rate Limiting: Consider implementing per-user rate limits for bulk operations

🎯 Final Security Verdict: APPROVED

No critical security issues identified. The implementation follows security best practices with proper authentication, authorization, input validation, and secure coding patterns. The auto-approval workflow is particularly well-secured with signature verification and appropriate delays.

This is production-ready from a security perspective! 🛡️