Rearrange partners cron workflows

[steven-tey]

Summary by CodeRabbit

• New Features

  • Added fraud-risk checks to automated partner enrollment approvals.

• Improvements

  • Partner banning now records rejection reason and note for auditability.
  • Consolidated and renamed cron endpoints for partner workflows (auto-approve, ban, merge accounts) to standardize scheduling behavior.
  • Updated cron invocation targets across partner workflows to use the new endpoints.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
dub	Ready	Preview	Jan 16, 2026 10:53pm

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR renames and consolidates partner cron endpoints under /api/cron/partners/*. The auto-approve implementation is moved to /api/cron/partners/auto-approve (with fraud checks and approval flow) and the old route re-exports it. Client code and cron enqueue calls update URLs; ban payload adds rejection metadata and a merge-route comment is corrected.

Changes

Cohort / File(s)	Summary
Auto-approve route move & implementation apps/web/app/(ee)/api/cron/auto-approve-partner/route.ts, apps/web/app/(ee)/api/cron/partners/auto-approve/route.ts	New /api/cron/partners/auto-approve POST implemented with withCron: validates input, loads enrollment+group, checks pending status, optionally queries fraud risk, and calls approvePartnerEnrollment. Original route now re-exports POST from the new file.
Ban route and cron enqueue updates apps/web/app/(ee)/api/cron/partners/ban/route.ts, apps/web/lib/actions/partners/ban-partner.ts, apps/web/lib/actions/partners/bulk-ban-partners.ts	Route comment/import path adjusted; ban rejection payload extended with rejectionReason: "other" and rejectionNote: "Rejected automatically because the partner was banned.". Cron enqueue URLs changed to /api/cron/partners/ban.
Merge-accounts route comment & enqueue path apps/web/app/(ee)/api/cron/partners/merge-accounts/route.ts, apps/web/lib/actions/partners/merge-partner-accounts.ts	Route comment corrected to /api/cron/partners/merge-accounts; enqueue URL updated to match new path.
Auto-approve enqueue URL updates apps/web/lib/actions/partners/create-program-application.ts, apps/web/lib/partners/complete-program-applications.ts	Cron enqueue target changed from /api/cron/auto-approve-partner to /api/cron/partners/auto-approve.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Scheduler as Scheduler
participant Qstash as qStash
participant CronRoute as Cron Route\n(/api/cron/partners/auto-approve)
participant DB as Database
participant Fraud as Fraud Service
participant Approver as Approval Service
participant Logger as Logger

Scheduler->>Qstash: enqueue POST (programId, partnerId)
Qstash->>CronRoute: deliver POST (rawBody)
CronRoute->>DB: fetch programEnrollment (with group, partner, platforms)
CronRoute->>DB: fetch program (workspace owners, plan)
alt fraud-enabled
CronRoute->>Fraud: getPartnerApplicationRisks(partnerId)
Fraud-->>CronRoute: riskSeverity
alt high risk
CronRoute->>Logger: log skip (high risk)
else not high
CronRoute->>Approver: approvePartnerEnrollment(programId, partnerId, ownerUserId, groupId)
Approver-->>CronRoute: approval result
CronRoute->>Logger: log success
end
else fraud-not-enabled
CronRoute->>Approver: approvePartnerEnrollment(programId, partnerId, ownerUserId, groupId)
Approver-->>CronRoute: approval result
CronRoute->>Logger: log success
end

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Refactor cron routes to use withCron middleware #3238: Moves and re-exports the auto-approve POST handler and consolidates cron routes (direct overlap with this refactor).
• Refactor partner program summary cron job handling #3207: Introduces/extends the withCron wrapper and enqueue utilities used by the new auto-approve cron route.
• Resolve fraud events synchronously in banPartner #3174: Touches partner ban flow and related cron enqueue usage; overlaps with ban changes and enqueue URL updates.

Suggested reviewers

• devkiran

Poem

🐰 I hopped the routes to tidy trails,
Cron bells rang and cleared the rails.
Auto-approve checks risk and crew,
Bans now note why they bid adieu.
Hooray—fresh paths and tidy tails! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Rearrange partners cron workflows' accurately describes the main change: reorganizing and consolidating partner-related cron job endpoints from scattered locations (auto-approve-partner, merge-partner-accounts, ban/process) into a unified partners directory structure.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@apps/web/app/`(ee)/api/cron/partners/auto-approve/route.ts:
- Around line 99-104: The code assumes a workspace owner exists by using
program.workspace.users[0].userId when calling approvePartnerEnrollment; add a
defensive guard to check that program.workspace &&
Array.isArray(program.workspace.users) && program.workspace.users.length > 0
before reading [0]; if missing, handle gracefully (e.g., log a clear error or
skip/mark the enrollment as failed) and avoid calling approvePartnerEnrollment
with an undefined userId; extract ownerUserId into a variable (ownerUserId =
program.workspace.users[0].userId) and use it in approvePartnerEnrollment to
make the check and handling explicit.

🧹 Nitpick comments (1)

apps/web/app/(ee)/api/cron/auto-approve-partner/route.ts (1)

3-4: Clarify the deprecation timeline.

The TODO comment "Remove in 5 mins" is ambiguous. Consider specifying a concrete version, date, or referencing a tracking issue for when this deprecated route should be removed.

📝 Suggested improvement

-// TODO: Remove in 5 mins
+// TODO: Remove this deprecated route after migration is complete (tracking issue: `#XXXX`)
 export { POST } from "../partners/auto-approve/route";

[steven-tey]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@apps/web/app/`(ee)/api/cron/auto-approve-partner/route.ts:
- Around line 3-4: The file contains a temporary re-export "export { POST } from
../partners/auto-approve/route" with a "Remove in 5 mins" note; either remove
this re-export before merging or convert it into a tracked follow-up (create an
issue/PR) and reference that ticket in a TODO. Update the file by deleting the
temporary re-export if it's not needed, or replace the inline comment with a
TODO that includes the issue/PR number and a short justification, and ensure the
exported symbol POST is still reachable where required (verify callers relying
on POST after the change).

♻️ Duplicate comments (1)

apps/web/app/(ee)/api/cron/partners/auto-approve/route.ts (1)

99-103: Guard against missing workspace owner before indexing users[0].
Same issue noted previously; a missing owner would throw here.