Fix bugs, add DeepSeek LLM support, and implement Custom Framework Builder (v1.2)#2
Open
PanwalaVandan wants to merge 10 commits intoMikeDominic92:masterfrom
Open
Conversation
Adds DeepSeek-V3/R1 as a third LLM provider option alongside Anthropic and Gemini. DeepSeek uses an OpenAI-compatible API so no new dependencies are required. - backend/app/config.py: added deepseek_api_key, deepseek_model, deepseek_base_url settings; updated llm_provider comment - backend/app/services/llm.py: added DeepSeekService class implementing all five LLM methods (analyze_document, analyze_document_with_prompt, generate_finding_details, answer_query, _generate); updated create_llm_service() factory to handle LLM_PROVIDER=deepseek
SQLite stores datetimes without timezone info (naive), but the code used datetime.now(timezone.utc) (aware). Subtracting them raised: TypeError: can't subtract offset-naive and offset-aware datetimes Fix: treat naive datetimes from SQLite as UTC before comparison in _calculate_document_freshness_score().
The backend FindingResponse uses snake_case (confidence_score, framework_control, finding_type, remediation, created_at) while the frontend Finding type and all its consuming components (FindingCard, FindingsList) expected camelCase. This caused a crash on render because finding.findingType was undefined and .charAt(0) threw a TypeError, resulting in a completely blank Analysis page. Changes: - frontend/src/lib/findings.ts: new normalizeFinding() utility that maps every backend field to its camelCase counterpart; splits framework_control into controlId and controlName; defaults missing fields safely - frontend/src/pages/Analysis.tsx: apply normalizeFinding() to API response; add FindingsErrorBoundary to catch any future render crashes; read ?document_id= URL param to allow vendor/document pages to pre-select a document; increase analysis timeout to 180s for LLM calls
…dor page When navigating to /documents?vendor_id=<id> (e.g. from the vendor detail page), the upload form now passes vendor_id as a query parameter to the POST /api/v1/documents endpoint. Previously the parameter was ignored and documents appeared under Others with no vendor link. Also increases the upload request timeout to 120s to accommodate large files and slow document processing.
The View All Findings button previously navigated to /analysis with no context, leaving the page empty. It now navigates to /analysis?document_id=<first_analyzed_doc_id> so the document is pre-selected and existing findings are loaded immediately. Also applies normalizeFinding() to vendor-level findings so the severity breakdown sidebar renders correctly.
When the backend was restarted or tokens expired, Zustand's persisted store could retain isAuthenticated: true while localStorage had no tokens. On the next page load, ProtectedRoute saw isAuthenticated: true and redirected to /dashboard, which immediately redirected back to /login, creating a loop. Three-part fix: - authStore.ts: init() now explicitly resets user/tokens/isAuthenticated to null/false when no tokens are found in localStorage, clearing any stale persisted state - api.ts: 401 response handler also clears the auth-storage Zustand persist key so the store resets on the next load after token expiry - App.tsx: defers route rendering until after init() completes via a ready flag, preventing ProtectedRoute/PublicRoute from reading stale Zustand state before the reset has run
❌ Deploy Preview for vendor-audit-ai failed. Why did it fail? →
|
Add full custom compliance framework CRUD and wire it into the analysis pipeline so users can define their own controls and run AI analysis against them exactly like built-in frameworks. Backend: - New CustomFramework + CustomControl SQLAlchemy models - New Pydantic schemas (create/update/response/list) - New /custom-frameworks REST endpoints (framework + control CRUD) - Register models in __init__.py, router under /custom-frameworks - Extend AnalysisRequest with optional custom_framework_id field - analysis.py service: fetch custom framework + inject controls into LLM prompt; store framework as "custom:<name>" on run - analysis.py endpoint: validate exactly one of framework / custom_framework_id is supplied Frontend: - New Frameworks page: list view, edit view, controls table, add/edit control inline form, clone-from-built-in modal, Run Analysis shortcut button - Export Frameworks from pages/index.ts - Add /frameworks route in App.tsx - Add Frameworks nav link (Layers icon) in Sidebar.tsx - Analysis page: fetch /custom-frameworks, show as second optgroup in framework dropdown, pass custom_framework_id in POST body when a custom framework is selected, support ?custom_framework_id= URL param for deep-linking
…mport
Clone modal now fetches real frameworks from GET /api/v1/frameworks and
loads all controls via GET /api/v1/frameworks/{id}/controls. Added a
2-step flow: pick framework, then select controls from a searchable
checkbox list with Select All / Clear shown options. Imports all
selected controls including description, category and guidance fields.
PanwalaVandan
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bug Fixes
TypeErrorin risk scoring when comparing naive vs timezone-aware datetimes (_calculate_document_freshness_score)finding_type,confidence_score, etc.) but frontend expected camelCase; addednormalizeFinding()mapper andFindingsErrorBoundaryis_configured()check, causing silent 30s timeoutsvendor_idfrom URL params to the POST request/analysishad no document context; now passes?document_id=paramisAuthenticated: truecaused infinite redirects; fixed inauthStore.ts,api.ts(clear on 401), andApp.tsx(init delay)datetime.now(timezone.utc)comparison crashNew Feature: DeepSeek LLM Provider
DeepSeekServiceusing the OpenAI-compatible endpoint (https://api.deepseek.com)config.pywithdeepseek_api_key,deepseek_model,deepseek_base_urlsettingscreate_llm_service()factory to supportprovider = "deepseek"New Feature: Custom Framework Builder (v1.2 Feature 1)
CustomFrameworkandCustomControlSQLAlchemy models with full cascade delete/api/v1/custom-frameworks(create, list, get, update, delete frameworks and controls)custom_framework_id; builds prompt from custom controls and tags findings ascustom:<name>/frameworkspage — list view with cards, edit view with controls table, inline add/edit control formTest Plan