feat(security-questionnaire): add AI-powered questionnaire parsing an… (#1751)

* feat(security-questionnaire): add AI-powered questionnaire parsing and auto-answering functionality

* feat(frameworks): enhance FrameworksOverview with badge display and improve Security Questionnaire layout

- Update FrameworksOverview to conditionally render badges or initials based on availability.
- Refactor Security Questionnaire page to include a breadcrumb navigation and improve layout for better user experience.
- Enhance QuestionnaireParser with new alert dialog for exit confirmation and streamline question answering process.
- Improve UI components for better accessibility and responsiveness.

* refactor(security-questionnaire): improve QuestionnaireParser layout and styling

- Update search input styling for better visibility and responsiveness.
- Adjust layout of command bar components for improved user experience.
- Streamline button functionalities and ensure consistent styling across export options.

* feat(security-questionnaire): enhance UI and functionality of Security Questionnaire page

- Adjust padding and layout for improved responsiveness on the Security Questionnaire page.
- Update header styles for better visibility and consistency.
- Implement download functionality for questionnaire responses with enhanced user feedback.
- Refactor question and answer display for better organization and accessibility across devices.
- Improve button and input styling for a more cohesive user experience.

* feat(security-questionnaire): enhance QuestionnaireParser UI and functionality

- Update tab trigger styles for improved visibility and consistency.
- Refactor file upload and URL input sections for better user experience.
- Enhance dropzone component with clearer instructions and improved styling.
- Streamline action button layout and functionality for better accessibility.

* refactor(security-questionnaire): streamline action button layout in QuestionnaireParser

- Reorganize action button section for improved clarity and consistency.
- Maintain existing functionality while enhancing the overall UI structure.

* feat(security-questionnaire): implement feature flag checks for questionnaire access

- Add feature flag checks to control access to the AI vendor questionnaire.
- Remove FeatureFlagWrapper component and directly use QuestionnaireParser.
- Update header, sidebar, and mobile menu to conditionally render questionnaire options based on feature flag status.

* refactor(api): simplify run status retrieval logic in task status route

---------

Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
Co-authored-by: Claudio Fuentes <imclaudfuen@gmail.com>

Author: 3 people

.gitignore

@@ -5,6 +5,7 @@ node_modules
 .pnp
 .pnp.js
 
+.idea/
 # testing
 coverage
 

apps/.cursor/rules/trigger.basic.mdc

@@ -0,0 +1,190 @@
+---
+description: Only the most important rules for writing basic Trigger.dev tasks
+globs: **/trigger/**/*.ts
+alwaysApply: false
+---
+# Trigger.dev Basic Tasks (v4)
+
+**MUST use `@trigger.dev/sdk` (v4), NEVER `client.defineJob`**
+
+## Basic Task
+
+```ts
+import { task } from "@trigger.dev/sdk";
+
+export const processData = task({
+  id: "process-data",
+  retry: {
+    maxAttempts: 10,
+    factor: 1.8,
+    minTimeoutInMs: 500,
+    maxTimeoutInMs: 30_000,
+    randomize: false,
+  },
+  run: async (payload: { userId: string; data: any[] }) => {
+    // Task logic - runs for long time, no timeouts
+    console.log(`Processing ${payload.data.length} items for user ${payload.userId}`);
+    return { processed: payload.data.length };
+  },
+});
+```
+
+## Schema Task (with validation)
+
+```ts
+import { schemaTask } from "@trigger.dev/sdk";
+import { z } from "zod";
+
+export const validatedTask = schemaTask({
+  id: "validated-task",
+  schema: z.object({
+    name: z.string(),
+    age: z.number(),
+    email: z.string().email(),
+  }),
+  run: async (payload) => {
+    // Payload is automatically validated and typed
+    return { message: `Hello ${payload.name}, age ${payload.age}` };
+  },
+});
+```
+
+## Scheduled Task
+
+```ts
+import { schedules } from "@trigger.dev/sdk";
+
+const dailyReport = schedules.task({
+  id: "daily-report",
+  cron: "0 9 * * *", // Daily at 9:00 AM UTC
+  // or with timezone: cron: { pattern: "0 9 * * *", timezone: "America/New_York" },
+  run: async (payload) => {
+    console.log("Scheduled run at:", payload.timestamp);
+    console.log("Last run was:", payload.lastTimestamp);
+    console.log("Next 5 runs:", payload.upcoming);
+
+    // Generate daily report logic
+    return { reportGenerated: true, date: payload.timestamp };
+  },
+});
+```
+
+## Triggering Tasks
+
+### From Backend Code
+
+```ts
+import { tasks } from "@trigger.dev/sdk";
+import type { processData } from "./trigger/tasks";
+
+// Single trigger
+const handle = await tasks.trigger<typeof processData>("process-data", {
+  userId: "123",
+  data: [{ id: 1 }, { id: 2 }],
+});
+
+// Batch trigger
+const batchHandle = await tasks.batchTrigger<typeof processData>("process-data", [
+  { payload: { userId: "123", data: [{ id: 1 }] } },
+  { payload: { userId: "456", data: [{ id: 2 }] } },
+]);
+```
+
+### From Inside Tasks (with Result handling)
+
+```ts
+export const parentTask = task({
+  id: "parent-task",
+  run: async (payload) => {
+    // Trigger and continue
+    const handle = await childTask.trigger({ data: "value" });
+
+    // Trigger and wait - returns Result object, NOT task output
+    const result = await childTask.triggerAndWait({ data: "value" });
+    if (result.ok) {
+      console.log("Task output:", result.output); // Actual task return value
+    } else {
+      console.error("Task failed:", result.error);
+    }
+
+    // Quick unwrap (throws on error)
+    const output = await childTask.triggerAndWait({ data: "value" }).unwrap();
+
+    // Batch trigger and wait
+    const results = await childTask.batchTriggerAndWait([
+      { payload: { data: "item1" } },
+      { payload: { data: "item2" } },
+    ]);
+
+    for (const run of results) {
+      if (run.ok) {
+        console.log("Success:", run.output);
+      } else {
+        console.log("Failed:", run.error);
+      }
+    }
+  },
+});
+
+export const childTask = task({
+  id: "child-task",
+  run: async (payload: { data: string }) => {
+    return { processed: payload.data };
+  },
+});
+```
+
+> Never wrap triggerAndWait or batchTriggerAndWait calls in a Promise.all or Promise.allSettled as this is not supported in Trigger.dev tasks.
+
+## Waits
+
+```ts
+import { task, wait } from "@trigger.dev/sdk";
+
+export const taskWithWaits = task({
+  id: "task-with-waits",
+  run: async (payload) => {
+    console.log("Starting task");
+
+    // Wait for specific duration
+    await wait.for({ seconds: 30 });
+    await wait.for({ minutes: 5 });
+    await wait.for({ hours: 1 });
+    await wait.for({ days: 1 });
+
+    // Wait until specific date
+    await wait.until({ date: new Date("2024-12-25") });
+
+    // Wait for token (from external system)
+    await wait.forToken({
+      token: "user-approval-token",
+      timeoutInSeconds: 3600, // 1 hour timeout
+    });
+
+    console.log("All waits completed");
+    return { status: "completed" };
+  },
+});
+```
+
+> Never wrap wait calls in a Promise.all or Promise.allSettled as this is not supported in Trigger.dev tasks.
+
+## Key Points
+
+- **Result vs Output**: `triggerAndWait()` returns a `Result` object with `ok`, `output`, `error` properties - NOT the direct task output
+- **Type safety**: Use `import type` for task references when triggering from backend
+- **Waits > 5 seconds**: Automatically checkpointed, don't count toward compute usage
+
+## NEVER Use (v2 deprecated)
+
+```ts
+// BREAKS APPLICATION
+client.defineJob({
+  id: "job-id",
+  run: async (payload, io) => {
+    /* ... */
+  },
+});
+```
+
+Use v4 SDK (`@trigger.dev/sdk`), check `result.ok` before accessing `result.output`

apps/app/package.json

@@ -106,6 +106,7 @@
     "use-debounce": "^10.0.4",
     "use-long-press": "^3.3.0",
     "use-stick-to-bottom": "^1.1.1",
+    "xlsx": "^0.18.5",
     "xml2js": "^0.6.2",
     "zaraz-ts": "^1.2.0",
     "zod": "^3.25.76",

apps/app/src/app/(app)/[orgId]/frameworks/components/FrameworksOverview.tsx

@@ -98,19 +98,28 @@ export function FrameworksOverview({
             <div className="space-y-0 pr-4">
               {frameworksWithControls.map((framework, index) => {
                 const complianceScore = complianceMap.get(framework.id) ?? 0;
+                const badgeSrc = mapFrameworkToBadge(framework);
 
                 return (
                   <div key={framework.id}>
                     <div className="flex items-start justify-between py-4 px-1">
                       <div className="flex items-start gap-3 flex-1 min-w-0">
                         <div className="flex-shrink-0 mt-1">
-                          <Image
-                            src={mapFrameworkToBadge(framework) ?? ''}
-                            alt={framework.framework.name}
-                            width={400}
-                            height={400}
-                            className="rounded-full w-8 h-8"
-                          />
+                          {badgeSrc ? (
+                            <Image
+                              src={badgeSrc}
+                              alt={framework.framework.name}
+                              width={400}
+                              height={400}
+                              className="rounded-full w-8 h-8"
+                            />
+                          ) : (
+                            <div className="rounded-full w-8 h-8 bg-muted flex items-center justify-center">
+                              <span className="text-xs text-muted-foreground">
+                                {framework.framework.name.charAt(0)}
+                              </span>
+                            </div>
+                          )}
                         </div>
                         <div className="flex flex-col flex-1 min-w-0">
                           <span className="text-sm font-medium text-foreground flex flex-col">

apps/app/src/app/(app)/[orgId]/security-questionnaire/actions/auto-answer-questionnaire.ts

@@ -0,0 +1,59 @@
+'use server';
+
+import { authActionClient } from '@/actions/safe-action';
+import { autoAnswerQuestionnaireTask } from '@/jobs/tasks/vendors/auto-answer-questionnaire';
+import { tasks } from '@trigger.dev/sdk';
+import { z } from 'zod';
+
+const inputSchema = z.object({
+  questionsAndAnswers: z.array(
+    z.object({
+      question: z.string(),
+      answer: z.string().nullable(),
+    }),
+  ),
+});
+
+export const autoAnswerQuestionnaire = authActionClient
+  .inputSchema(inputSchema)
+  .metadata({
+    name: 'auto-answer-questionnaire',
+    track: {
+      event: 'auto-answer-questionnaire',
+      channel: 'server',
+    },
+  })
+  .action(async ({ parsedInput, ctx }) => {
+    const { questionsAndAnswers } = parsedInput;
+    const { session } = ctx;
+
+    if (!session?.activeOrganizationId) {
+      throw new Error('No active organization');
+    }
+
+    const organizationId = session.activeOrganizationId;
+
+    try {
+      // Trigger the root orchestrator task - it will handle batching internally
+      const handle = await tasks.trigger<typeof autoAnswerQuestionnaireTask>(
+        'auto-answer-questionnaire',
+        {
+          vendorId: `org_${organizationId}`,
+          organizationId,
+          questionsAndAnswers,
+        },
+      );
+
+      return {
+        success: true,
+        data: {
+          taskId: handle.id, // Return orchestrator task ID for polling
+        },
+      };
+    } catch (error) {
+      throw error instanceof Error
+        ? error
+        : new Error('Failed to trigger auto-answer questionnaire');
+    }
+  });
+