Add visual indicator for sensitive actions

[rSnapkoOpenOps]

Fixes OPS-2810

Summary by CodeRabbit

• New Features
  • Added visual risk indicators to highlight risky steps in the flow canvas, displaying a shield badge with tooltips explaining potential environmental impacts.
  • Enhanced validation indicators for incomplete steps, now consolidated with risk warnings for improved visibility and clarity.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[linear]

OPS-2810 Explore adding a visual indicator for sensitive actions

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This change introduces risk and validation indicators to the step-node component. The previously internal getActionMetadata utility is now exported, allowing the step-node to display visual indicators when a step has HIGH risk or invalid state, consolidating these indicators into the action block's UI.

Changes

Cohort / File(s)	Change Summary
Risk Indicator UI packages/react-ui/src/app/features/builder/flow-canvas/nodes/step-node.tsx	Added risk and validation indicator display using getActionMetadata and RiskLevel.HIGH checks; imported RiskLevel, getActionMetadata, and ShieldHalf; consolidated invalid-step and risk indicators within a new container block; relocated CanvasContextMenu to align with new indicators.
Utility Export packages/react-ui/src/app/features/flows/components/execute-risky-flow-dialog/utils.ts	Exported existing getActionMetadata function to enable external consumption.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Verify risk detection logic correctly identifies HIGH-risk actions via metadata
• Validate that indicator UI (ShieldHalf badge + tooltip) renders correctly without breaking existing step-node layout
• Confirm the relocated CanvasContextMenu functionality is preserved in readonly mode
• Check that getActionMetadata export doesn't expose unintended internal implementation details

Poem

🐰 A risky step now wears a shield so bright,
Warnings wrapped in validation's light,
Metadata flows where caution needs a say,
Keeping your workflows safe each day! 🛡️✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete, missing key sections like motivation, testing checklist, and visual documentation despite the PR being UI-focused.	Add detailed explanation of why this change was needed, testing verification details, and confirm the included screenshot adequately documents the visual changes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: adding a visual indicator for sensitive/risky actions in the step node component.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rSnapkoOpenOps]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/react-ui/src/app/features/builder/flow-canvas/nodes/step-node.tsx (1)

133-152: Use the extracted variables for consistency.

Lines 143-144 re-access data.step?.settings.blockName and data.step?.settings.actionName instead of using the already extracted blockName and actionName variables from lines 134-135.

       const actionMetadata = getActionMetadata(
         actionsMetadata,
-        data.step?.settings.blockName,
-        data.step?.settings.actionName,
+        blockName,
+        actionName,
       );

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 10985cf and f0cf80b.

📒 Files selected for processing (2)

• packages/react-ui/src/app/features/builder/flow-canvas/nodes/step-node.tsx (4 hunks)
• packages/react-ui/src/app/features/flows/components/execute-risky-flow-dialog/utils.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/coding-guidelines.mdc)

**/*.{ts,tsx,js,jsx}: Indentation: 2 spaces for TypeScript/JavaScript
Braces required for all control blocks, even single-line
One space between keywords and parentheses: if (condition) {
Use camelCase for variables and functions
Use PascalCase for classes and types
Use UPPER_SNAKE_CASE for constants
Use lowercase with hyphens for file names (e.g., user-profile.ts)
Prefer const over let or var in TypeScript/JavaScript
Prefer arrow functions for callbacks and functional components in TypeScript/JavaScript

Files:

• packages/react-ui/src/app/features/flows/components/execute-risky-flow-dialog/utils.ts
• packages/react-ui/src/app/features/builder/flow-canvas/nodes/step-node.tsx

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/coding-guidelines.mdc)

**/*.{ts,tsx}: Use types and interfaces where appropriate in TypeScript
Use explicit return types for exported functions in TypeScript

Files:

• packages/react-ui/src/app/features/flows/components/execute-risky-flow-dialog/utils.ts
• packages/react-ui/src/app/features/builder/flow-canvas/nodes/step-node.tsx

**/*.{tsx,ts}

📄 CodeRabbit inference engine (.cursor/rules/coding-guidelines.mdc)

**/*.{tsx,ts}: Frontend tech stack must strictly use: React 18, Zustand, react-query v5, shadcn, and Axios with qs package for query strings
Follow best practices for React hooks
Prefer small, composable components and extract helper functions where possible
Use cn utility to group tailwind classnames in React components

Files:

• packages/react-ui/src/app/features/flows/components/execute-risky-flow-dialog/utils.ts
• packages/react-ui/src/app/features/builder/flow-canvas/nodes/step-node.tsx

🔇 Additional comments (3)

packages/react-ui/src/app/features/flows/components/execute-risky-flow-dialog/utils.ts (1)

10-25: LGTM!

The export addition is clean and minimal. The function logic remains unchanged, and exporting it enables reuse in the step-node component for risk assessment.

packages/react-ui/src/app/features/builder/flow-canvas/nodes/step-node.tsx (2)

279-321: LGTM!

The UI indicators are well-structured:

• Invalid step indicator with appropriate tooltip
• Risk indicator with a distinctive badge design and clear tooltip explaining the impact
• Proper use of cn utility and consistent Tailwind styling
• Correct Tooltip component usage with asChild prop

The consolidated layout improves the visual hierarchy by grouping related indicators together.

---

92-95: No action needed. The hook already implements proper caching via react-query with a query key that includes both searchQuery and type, ensuring that multiple step nodes calling useAllStepsMetadata with identical parameters (searchQuery: '' and type: 'action') will share the same cached response rather than triggering separate API calls.

[Copilot]

Pull request overview

This PR adds visual indicators to highlight risky steps in the flow canvas. When a step is configured to perform a high-risk action, a shield badge now appears with a tooltip explaining the potential environmental impact. The implementation also improves the layout by consolidating validation indicators alongside the new risk warnings.

Key Changes:

• Exported getActionMetadata utility function for reuse across components
• Added risk level detection logic to identify high-risk steps
• Introduced shield badge UI component to visually indicate risky actions

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
packages/react-ui/src/app/features/flows/components/execute-risky-flow-dialog/utils.ts	Exported getActionMetadata function to enable reuse in the step node component
packages/react-ui/src/app/features/builder/flow-canvas/nodes/step-node.tsx	Added risk level detection, shield badge indicator, and reorganized validation indicators for better visual grouping

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[greptile-apps]

Greptile Overview

Greptile Summary

Added visual risk indicators to flow canvas nodes to highlight steps that may make changes to the environment. The implementation fetches action metadata to check risk levels and displays a shield badge with a tooltip for high-risk steps.

Key Changes:

• Fetches all action metadata using useAllStepsMetadata hook to enable risk assessment
• Implemented isRiskyStep computed value that checks if a step's action has RiskLevel.HIGH
• Added shield icon badge (ShieldHalf from lucide-react) with destructive styling for risky steps
• Consolidated validation and risk indicators in a single layout container for better visual hierarchy
• Exported getActionMetadata utility function for reuse across components

Implementation Details:

• Risk indicator displays alongside existing validation warnings (incomplete settings)
• Uses consistent destructive color scheme (bg-destructive-100, text-destructive-300)
• Tooltip message: "This step may make changes to your environment"
• Indicators appear in the top-right area of step nodes, maintaining compact layout

Confidence Score: 4/5

• This PR is safe to merge with minimal risk - it adds a non-intrusive visual indicator without changing core functionality
• The changes are straightforward and well-contained: exporting an existing utility function and adding visual indicators based on metadata. The implementation reuses existing patterns (destructive styling, tooltip positioning) and doesn't modify any business logic. The main consideration is performance - fetching all actions metadata on every step node render could be optimized with memoization at a higher level, but the hook likely handles caching internally.
• No files require special attention - both changes are minimal and follow established patterns

Important Files Changed

File Analysis

Filename	Score	Overview
packages/react-ui/src/app/features/builder/flow-canvas/nodes/step-node.tsx	4/5	Added visual risk indicator badge with tooltip for high-risk steps, repositioned validation indicator for better layout
packages/react-ui/src/app/features/flows/components/execute-risky-flow-dialog/utils.ts	5/5	Exported getActionMetadata function to enable risk level checking in other components

Sequence Diagram

sequenceDiagram
    participant User
    participant StepNode as WorkflowStepNode
    participant BlocksHook as blocksHooks
    participant Utils as getActionMetadata
    participant UI as UI Components
    
    User->>StepNode: View flow canvas
    StepNode->>BlocksHook: useAllStepsMetadata({type: 'action'})
    BlocksHook-->>StepNode: Return actionsMetadata
    
    StepNode->>StepNode: useMemo: Check isRiskyStep
    StepNode->>Utils: getActionMetadata(actionsMetadata, blockName, actionName)
    Utils-->>StepNode: Return actionMetadata with riskLevel
    StepNode->>StepNode: Check if riskLevel === RiskLevel.HIGH
    
    alt Step is risky
        StepNode->>UI: Render ShieldHalf icon in destructive badge
        StepNode->>UI: Add tooltip: "This step may make changes to your environment"
        UI-->>User: Display risk indicator badge
    else Step is not risky
        StepNode->>UI: Skip risk indicator rendering
    end
    
    alt Step has invalid settings
        StepNode->>UI: Render InvalidStepIcon with tooltip
        UI-->>User: Display validation warning
    end

Loading

[greptile-apps]

_{2 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[alexandrudanpop]

would be cool to have this logic extracted from the component

[cezudas]

yes, a custom hook placed outside this module would make mocking this dependency very convenient in case we add unit/sb tests in the future.

[rSnapkoOpenOps]

just moved from packages/react-ui/src/app/features/flows/components/execute-risky-flow-dialog/utils.ts

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud