Skip to content

Enhance session logging for program managers and CI permissions#567

Merged
pboachie merged 7 commits intomainfrom
staging
Mar 25, 2026
Merged

Enhance session logging for program managers and CI permissions#567
pboachie merged 7 commits intomainfrom
staging

Conversation

@pboachie
Copy link
Copy Markdown
Collaborator

@pboachie pboachie commented Mar 25, 2026

This pull request introduces significant performance and maintainability improvements to the apps/admin_settings/demo_engine.py demo data seeding engine, as well as minor updates to GitHub workflow files for improved permissions and output handling. The main changes focus on optimizing plan and note generation, adding detailed stage timing logs, and enabling efficient bulk database operations. These updates should make demo data generation faster, more transparent, and easier to debug.

Demo Engine Improvements:

Performance and Caching:

  • Added per-program context caching (metrics and plan templates) to avoid redundant database queries during demo data generation. Plan template structures (sections and targets) are now cached for each program, improving efficiency when creating plans and notes. [1] [2]
  • Introduced bulk creation for ProgressNoteTarget and MetricValue objects in the note generation process, significantly reducing the number of database writes and improving performance for large demo datasets.

Maintainability and Extensibility:

  • Refactored plan and note generation functions to accept pre-cached context and additional parameters (such as author_role and episode), supporting more flexible and accurate demo data creation. [1] [2]
  • Added helper functions for achievement status computation, encapsulating logic for trend analysis and making the codebase easier to maintain and extend.

Instrumentation and Logging:

  • Added a timed_stage context manager and integrated it throughout the main run orchestration method. This provides precise start/end timing logs for each major data seeding stage, aiding in performance monitoring and troubleshooting. [1] [2] [3]

GitHub Workflow Updates:

Security and Output Handling:

  • Added permissions: contents: read to all workflow YAML files to explicitly declare required GitHub token permissions, improving security posture. [1] [2] [3]
  • Updated the Azure deployment step in build-push-acr.yml to suppress output (--output none), reducing log noise during deployments.

pboachie and others added 7 commits March 23, 2026 18:21
@pboachie
Add program manager permissions for session logging and enhance tests
9bf1a0b 
- Updated permissions to allow program managers to log sessions when direct-service staff are unavailable.
- Added tests to verify that program managers can access and submit group session logs.
@pboachie @claude
Fix custom fields not rendering when no values entered, add JSON impo…
0225d51 
…rt command

The Info/Profile tab gated the custom fields section on `custom_data`
being non-empty, but `hide_empty=True` filtered out all valueless
fields — so the entire section (including the Edit button) never
rendered for new participants. Now the section renders whenever editable
custom field groups exist, showing the existing "Click Edit to add
information" prompt.

Also adds `import_custom_fields` management command for importing custom
field groups and definitions from a JSON file.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@pboachie @claude
Restrict CI workflow to read-only permissions
c6230f8 
Public repos inherit the repository-level default GITHUB_TOKEN
permissions. Explicitly set contents: read so fork PRs can never
escalate privileges if repo defaults change.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@pboachie
Merge pull request #565 from LogicalOutcomes:chore/ci-workflow-hardening
23bd819 
Restrict CI workflow to read-only permissions
@pboachie @claude
Suppress az containerapp output in deploy logs
4530c99 
Public repo action logs were exposing infrastructure details (resource
group, scaling config, probe settings, creator email) from the full
JSON response. Add --output none to silence it.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@pboachie @claude
Add read-only permissions to remaining workflows
e91d634 
All four workflows now explicitly set permissions: contents: read,
matching the hardening already applied to ci.yml and qa-scenarios.yml.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@pboachie
Merge pull request #566 from LogicalOutcomes/develop
e1ec083 
Enhance session logging for program managers and CI permissions
@pboachie pboachie self-assigned this Mar 25, 2026
@pboachie pboachie merged commit 9e8d591 into main Mar 25, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@pboachie pboachie

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pboachie