[Components] workflow_max #14568

[lcaresia]

WHY

Summary by CodeRabbit

• New Features

  • Added the ability to create client groups in Workflow Max, including specifying client, group name, and taxable status.
  • Added the ability to delete client groups in Workflow Max.
  • Enhanced dropdown selections for clients and client groups with dynamic loading from the API.

• Chores

  • Updated package version and dependencies for improved compatibility and functionality.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

3 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
docs-v2	⬜️ Ignored (Inspect)	Visit Preview		Jul 9, 2025 6:14pm
pipedream-docs	⬜️ Ignored (Inspect)			Jul 9, 2025 6:14pm
pipedream-docs-redirect-do-not-edit	⬜️ Ignored (Inspect)			Jul 9, 2025 6:14pm

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Two new action modules, "Create Client Group" and "Delete Client Group," were added for Workflow Max integration. The app module was expanded with property definitions and API methods for client and client group management, including XML parsing and HTTP request handling. The package version was incremented and a new dependency added.

Changes

File(s)	Change Summary
components/workflow_max/actions/create-client-group/... components/workflow_max/actions/delete-client-group/...	Added new action modules for creating and deleting client groups, including XML payload construction, API calls, and response parsing with error handling.
components/workflow_max/workflow_max.app.mjs	Added prop definitions for clientUuid, clientGroupUuid, name, and taxable; implemented methods for API interaction including createClientGroup, getClients, getClientGroups, and deleteClientGroup; removed placeholder authKeys method; added XML parsing and HTTP request handling.
components/workflow_max/package.json	Updated version to 0.1.0, added "@pipedream/platform" dependency, and fixed JSON structure.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant ActionModule
    participant AppModule
    participant WorkflowMaxAPI

    User->>ActionModule: Trigger "Create Client Group"
    ActionModule->>AppModule: Call createClientGroup(clientUuid, name, taxable)
    AppModule->>WorkflowMaxAPI: POST /clientgroup.api/add (XML payload)
    WorkflowMaxAPI-->>AppModule: XML response
    AppModule-->>ActionModule: Parsed status/error
    ActionModule-->>User: Success/Error message

    User->>ActionModule: Trigger "Delete Client Group"
    ActionModule->>AppModule: Call deleteClientGroup(clientGroupUuid)
    AppModule->>WorkflowMaxAPI: POST /clientgroup.api/delete (XML payload)
    WorkflowMaxAPI-->>AppModule: XML response
    AppModule-->>ActionModule: Parsed status/error
    ActionModule-->>User: Success/Error message

Loading

Poem

A bunny hopped through code anew,
With actions for groups—one, then two!
Create or delete, with XML delight,
The workflow’s now smarter, working just right.
Version hopped up, dependencies in tow,
This rabbit’s proud—just thought you should know!
🐇✨

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (1)

components/workflow_max/actions/delete-client-group/delete-client-group.mjs (1)

29-34: Consider using xml2js for parsing the response.

The current regex-based XML parsing is brittle and could fail with special characters or nested structures. Since xml2js is already imported in the app module, consider using it for more robust parsing.

Example implementation:

import { parseStringPromise } from "xml2js";

// After getting the response
const parsed = await parseStringPromise(response, { explicitArray: false });
const status = parsed.Response?.Status;
const error = parsed.Response?.Error;

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 925f252 and d843cdd.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (4)

• components/workflow_max/actions/create-client-group/create-client-group.mjs (1 hunks)
• components/workflow_max/actions/delete-client-group/delete-client-group.mjs (1 hunks)
• components/workflow_max/package.json (2 hunks)
• components/workflow_max/workflow_max.app.mjs (1 hunks)

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: js07
PR: PipedreamHQ/pipedream#17375
File: components/zerobounce/actions/get-validation-results-file/get-validation-results-file.mjs:23-27
Timestamp: 2025-07-01T17:07:48.193Z
Learning: "dir" props in Pipedream components are hidden in the component form and not user-facing, so they don't require labels or descriptions for user clarity.

components/workflow_max/package.json (1)

Learnt from: jcortes
PR: PipedreamHQ/pipedream#14935
File: components/sailpoint/package.json:15-18
Timestamp: 2024-12-12T19:23:09.039Z
Learning: When developing Pipedream components, do not add built-in Node.js modules like `fs` to `package.json` dependencies, as they are native modules provided by the Node.js runtime.

components/workflow_max/actions/create-client-group/create-client-group.mjs (3)

Learnt from: jcortes
PR: PipedreamHQ/pipedream#14467
File: components/gainsight_px/actions/create-account/create-account.mjs:4-6
Timestamp: 2024-10-30T15:24:39.294Z
Learning: In `components/gainsight_px/actions/create-account/create-account.mjs`, the action name should be "Create Account" instead of "Create Memory".

Learnt from: GTFalcao
PR: PipedreamHQ/pipedream#12731
File: components/hackerone/actions/get-members/get-members.mjs:3-28
Timestamp: 2024-07-04T18:11:59.822Z
Learning: When exporting a summary message in the `run` method of an action, ensure the message is correctly formatted. For example, in the `hackerone-get-members` action, the correct format is `Successfully retrieved ${response.data.length} members`.

Learnt from: GTFalcao
PR: PipedreamHQ/pipedream#12731
File: components/hackerone/actions/get-members/get-members.mjs:3-28
Timestamp: 2024-10-08T15:33:38.240Z
Learning: When exporting a summary message in the `run` method of an action, ensure the message is correctly formatted. For example, in the `hackerone-get-members` action, the correct format is `Successfully retrieved ${response.data.length} members`.

components/workflow_max/workflow_max.app.mjs (1)

Learnt from: GTFalcao
PR: PipedreamHQ/pipedream#16954
File: components/salesloft/salesloft.app.mjs:14-23
Timestamp: 2025-06-04T17:52:05.780Z
Learning: In the Salesloft API integration (components/salesloft/salesloft.app.mjs), the _makeRequest method returns response.data which directly contains arrays for list endpoints like listPeople, listCadences, listUsers, and listAccounts. The propDefinitions correctly call .map() directly on these responses without needing to destructure a nested data property.

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: Publish TypeScript components
• GitHub Check: Verify TypeScript components
• GitHub Check: pnpm publish
• GitHub Check: Lint Code Base

🔇 Additional comments (1)

components/workflow_max/package.json (1)

3-17: Changes look good!

The version bump to 0.1.0 is appropriate for feature additions, and the @pipedream/platform dependency is correctly added. The JSON structure fix is also properly implemented.

[coderabbitai]

⚠️ Potential issue

Fix undefined reference in summary message.

The export summary references this.name which is not defined in the action's props. This will result in "undefined" in the summary message.

Apply this diff to fix the issue:

-    $.export("$summary", "Successfully deleted the client group: " + this.name);
+    $.export("$summary", `Successfully deleted the client group with UUID: ${this.clientGroupUuid}`);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	$.export("$summary", "Successfully deleted the client group: " + this.name);
	$.export("$summary", `Successfully deleted the client group with UUID: ${this.clientGroupUuid}`);

🤖 Prompt for AI Agents

In components/workflow_max/actions/delete-client-group/delete-client-group.mjs
at line 36, the summary message uses this.name which is undefined in the current
context. Replace this.name with the correct property or variable that holds the
client group name, likely from the action's props or input parameters, to ensure
the summary message displays the actual deleted client group name instead of
"undefined".

[coderabbitai]

⚠️ Potential issue

Fix incorrect documentation link.

The documentation link points to /Client/createClient but this action creates a client group, not a client. Update to the correct endpoint documentation.

🤖 Prompt for AI Agents

In components/workflow_max/actions/create-client-group/create-client-group.mjs
at line 6, the documentation link incorrectly points to the client creation
endpoint instead of the client group creation endpoint. Update the URL in the
description to reference the correct API documentation endpoint for creating a
client group.

[coderabbitai]

🛠️ Refactor suggestion

Add XML escaping for user input.

The name field could contain special XML characters that would break the XML structure. Consider escaping the input to prevent XML injection or parsing errors.

Add an XML escape function:

+  function escapeXml(unsafe) {
+    return unsafe.replace(/[<>&'"]/g, (c) => {
+      switch (c) {
+        case '<': return '&lt;';
+        case '>': return '&gt;';
+        case '&': return '&amp;';
+        case '\'': return '&apos;';
+        case '"': return '&quot;';
+      }
+    });
+  }
+
   async run({ $ }) {
     const xmlBody = `
     <Group>
       <ClientUUID>${this.clientUuid}</ClientUUID>
-      <Name>${this.name}</Name>
+      <Name>${escapeXml(this.name)}</Name>
       <Taxable>${this.taxable
     ? "Yes"
     : "No"}</Taxable>
     </Group>
   `.trim();

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const xmlBody = `
	<Group>
	<ClientUUID>${this.clientUuid}</ClientUUID>
	<Name>${this.name}</Name>
	<Taxable>${this.taxable
	? "Yes"
	: "No"}</Taxable>
	</Group>
	`.trim();
	// Escape special XML characters to prevent breaking the document or injection
	function escapeXml(unsafe) {
	return unsafe.replace(/[<>&'"]/g, (c) => {
	switch (c) {
	case '<': return '&lt;';
	case '>': return '&gt;';
	case '&': return '&amp;';
	case '\'': return '&apos;';
	case '"': return '&quot;';
	}
	});
	}
	async run({ $ }) {
	const xmlBody = `
	<Group>
	<ClientUUID>${this.clientUuid}</ClientUUID>
	<Name>${escapeXml(this.name)}</Name>
	<Taxable>${this.taxable
	? "Yes"
	: "No"}</Taxable>
	</Group>
	`.trim();

🤖 Prompt for AI Agents

In components/workflow_max/actions/create-client-group/create-client-group.mjs
around lines 31 to 39, the XML body construction directly inserts user input
into the XML without escaping, which can break the XML structure if special
characters are present. Implement an XML escape function to replace characters
like &, <, >, ", and ' with their corresponding XML entities, and apply this
function to the this.name value before embedding it in the XML string.

[coderabbitai]

⚠️ Potential issue

Fix typo in description.

-      description: "Wheter the client group is taxable",
+      description: "Whether the client group is taxable",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	description: "Wheter the client group is taxable",
	description: "Whether the client group is taxable",

🤖 Prompt for AI Agents

In components/workflow_max/workflow_max.app.mjs at line 37, fix the typo in the
description string by changing "Wheter" to "Whether" to correct the spelling.

[jcortes]

Hi @lcaresia lgtm! Ready for QA!

[jcortes]

Hi @lcaresia lgtm! Ready for QA!

[luancazarine]

Hi @lcaresia, LGTM! Ready for QA!