carverauto/serviceradar

Fork 0

2295 bug new sysmon profile cant paste srql query #2668

Merged

mfreeman451 merged 5 commits from refs/pull/2668/head into staging

2026-01-14 17:31:44 +00:00

mfreeman451 commented

2026-01-14 16:20:35 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #2297
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2297
Original created: 2026-01-14T16:20:35Z
Original updated: 2026-01-14T17:31:46Z
Original head: carverauto/serviceradar:2295-bug-new-sysmon-profile----cant-paste-srql-query
Original base: staging
Original merged: 2026-01-14T17:31:44Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Bug fix, Tests

Description

Parse SRQL query input and sync builder state when valid
Add form ID and conditional builder updates on validation
Create comprehensive tests for SRQL paste and sync behavior
Document change with specs and implementation tasks

Diagram Walkthrough

flowchart LR
  A["User pastes SRQL query"] -->|validate_profile event| B["Parse target query to builder"]
  B -->|valid SRQL| C["Update builder state"]
  B -->|unsupported SRQL| D["Mark builder not synced"]
  C --> E["Form synced with builder"]
  D --> E
  E --> F["Device count updated"]

File Walkthrough

Relevant files

Bug fix

index.ex

Sync builder state on target query validation

web-ng/lib/serviceradar_web_ng_web/live/settings/sysmon_profiles_live/index.ex

Parse target query input to builder representation in validate_profile
event handler
Add builder_sync state tracking to indicate if builder matches parsed
query
Conditionally update builder only when SRQL can be represented
Add form ID attribute for test selectors

+17/-5

Tests

sysmon_profiles_live_test.exs

Add SRQL paste and builder sync tests

web-ng/test/serviceradar_web_ng_web/live/settings/sysmon_profiles_live_test.exs

Test SRQL query paste syncs builder filters correctly
Verify builder shows applied state for valid SRQL
Test unsupported SRQL marks builder as not applied
Validate form element selectors and builder field updates

+51/-0

Documentation

proposal.md `Change proposal for SRQL builder sync` openspec/changes/update-sysmon-profile-srql-input/proposal.md Document issue of pasted SRQL queries not updating builder Outline solution to parse and sync builder state Specify impact on web-ng Sysmon Profiles LiveView	+13/-0
spec.md `Update spec with builder sync scenarios` openspec/changes/update-sysmon-profile-srql-input/specs/build-web-ui/spec.md Add scenario for target query input updating builder filters Add scenario for unsupported SRQL leaving builder unsynced Maintain existing Sysmon Profile management requirements	+54/-0
tasks.md `Implementation and validation task tracking` openspec/changes/update-sysmon-profile-srql-input/tasks.md Document implementation tasks for query parsing and builder sync Mark implementation tasks as complete List validation tasks for testing	+7/-0

Imported from GitHub pull request. Original GitHub pull request: #2297 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2297 Original created: 2026-01-14T16:20:35Z Original updated: 2026-01-14T17:31:46Z Original head: carverauto/serviceradar:2295-bug-new-sysmon-profile----cant-paste-srql-query Original base: staging Original merged: 2026-01-14T17:31:44Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Bug fix, Tests ___ ### **Description** - Parse SRQL query input and sync builder state when valid - Add form ID and conditional builder updates on validation - Create comprehensive tests for SRQL paste and sync behavior - Document change with specs and implementation tasks ___ ### Diagram Walkthrough ```mermaid flowchart LR A["User pastes SRQL query"] -->|validate_profile event| B["Parse target query to builder"] B -->|valid SRQL| C["Update builder state"] B -->|unsupported SRQL| D["Mark builder not synced"] C --> E["Form synced with builder"] D --> E E --> F["Device count updated"] ``` <details><summary><h3>File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Bug fix</strong></td><td><table> <tr> <td> <details> <summary><strong>index.ex</strong><dd><code>Sync builder state on target query validation</code>                        </dd></summary> <hr> web-ng/lib/serviceradar_web_ng_web/live/settings/sysmon_profiles_live/index.ex <ul><li>Parse target query input to builder representation in <code>validate_profile</code> <br>event handler<br> <li> Add <code>builder_sync</code> state tracking to indicate if builder matches parsed <br>query<br> <li> Conditionally update builder only when SRQL can be represented<br> <li> Add form ID attribute for test selectors</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2297/files#diff-8849d05a7171d718f17babecdf46709110ad58d7dbf378ed29429f2a4d50a5c5">+17/-5</a>    </td> </tr> </table></td></tr><tr><td><strong>Tests</strong></td><td><table> <tr> <td> <details> <summary><strong>sysmon_profiles_live_test.exs</strong><dd><code>Add SRQL paste and builder sync tests</code>                                        </dd></summary> <hr> web-ng/test/serviceradar_web_ng_web/live/settings/sysmon_profiles_live_test.exs <ul><li>Test SRQL query paste syncs builder filters correctly<br> <li> Verify builder shows applied state for valid SRQL<br> <li> Test unsupported SRQL marks builder as not applied<br> <li> Validate form element selectors and builder field updates</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2297/files#diff-87280f0ec7b2529780bfaf05b677100cdfd988f9146026c0f32ee393800c3883">+51/-0</a>    </td> </tr> </table></td></tr><tr><td><strong>Documentation</strong></td><td><table> <tr> <td> <details> <summary><strong>proposal.md</strong><dd><code>Change proposal for SRQL builder sync</code>                                        </dd></summary> <hr> openspec/changes/update-sysmon-profile-srql-input/proposal.md <ul><li>Document issue of pasted SRQL queries not updating builder<br> <li> Outline solution to parse and sync builder state<br> <li> Specify impact on web-ng Sysmon Profiles LiveView</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2297/files#diff-1589bd774d05890951fa5f308467a4f6ab865e5edcd2e167bacea729d6051053">+13/-0</a>    </td> </tr> <tr> <td> <details> <summary><strong>spec.md</strong><dd><code>Update spec with builder sync scenarios</code>                                    </dd></summary> <hr> openspec/changes/update-sysmon-profile-srql-input/specs/build-web-ui/spec.md <ul><li>Add scenario for target query input updating builder filters<br> <li> Add scenario for unsupported SRQL leaving builder unsynced<br> <li> Maintain existing Sysmon Profile management requirements</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2297/files#diff-6c5fa4748aa6a6165cd15753a602c0534f9f4e42595c13a88ef79a5aac0986bd">+54/-0</a>    </td> </tr> <tr> <td> <details> <summary><strong>tasks.md</strong><dd><code>Implementation and validation task tracking</code>                            </dd></summary> <hr> openspec/changes/update-sysmon-profile-srql-input/tasks.md <ul><li>Document implementation tasks for query parsing and builder sync<br> <li> Mark implementation tasks as complete<br> <li> List validation tasks for testing</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2297/files#diff-710fab10e7cdf5b1304c87f620623183285316cc2a657955d99b9b4017f1946a">+7/-0</a>      </td> </tr> </table></td></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2026-01-14 16:21:18 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2297#issuecomment-3750374934
Original created: 2026-01-14T16:21:18Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance

🟢

No security concerns identified

No security vulnerabilities detected by AI analysis. Human verification advised for critical code.

Ticket Compliance

🟡

🎫 #2295

🟢	When a user pastes a valid SRQL query into the `New Sysmon Profile` Target Query input, the query builder should update automatically to match the input.
🟢	The SRQL input should be accepted/processed on paste (i.e., the UI should not ignore a legal/valid SRQL query).
⚪	Confirm in the browser that pasting the example SRQL query into the Target Query input updates the visible builder UI state as expected (including any "applied" indicators) and does not introduce UX regressions.

Codebase Duplication Compliance

⚪

Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance

🟢

Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

⚪

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
Unhandled parse failures: The new parse_target_query_to_builder(target_query) call has no visible guarding or error
handling in this diff, so failures on nil/invalid SRQL could crash the LiveView or
silently desync without actionable feedback.

Referred Code

def handle_event("validate_profile", %{"form" => params}, socket) do
  scope = socket.assigns.current_scope
  target_query = Map.get(params, "target_query")
  device_count = count_target_devices(scope, target_query)
  ash_form = socket.assigns.ash_form |> Form.validate(params)
  {parsed_builder, builder_sync} = parse_target_query_to_builder(target_query)

  socket =
    socket
    |> assign(:ash_form, ash_form)
    |> assign(:form, to_form(ash_form))
    |> assign(:target_device_count, device_count)
    |> assign(:builder_sync, builder_sync)

  socket =
    if builder_sync do
      assign(socket, :builder, parsed_builder)
    else
      socket
    end



 ... (clipped 1 lines)

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status:
Parser error exposure: Because SRQL parsing is newly introduced via parse_target_query_to_builder/1 and no error
pathway is shown here, it is unclear whether parsing errors could surface internal details
to the UI instead of being handled generically.

Referred Code

def handle_event("validate_profile", %{"form" => params}, socket) do
  scope = socket.assigns.current_scope
  target_query = Map.get(params, "target_query")
  device_count = count_target_devices(scope, target_query)
  ash_form = socket.assigns.ash_form |> Form.validate(params)
  {parsed_builder, builder_sync} = parse_target_query_to_builder(target_query)

  socket =
    socket
    |> assign(:ash_form, ash_form)
    |> assign(:form, to_form(ash_form))
    |> assign(:target_device_count, device_count)
    |> assign(:builder_sync, builder_sync)

  socket =
    if builder_sync do
      assign(socket, :builder, parsed_builder)
    else
      socket
    end



 ... (clipped 1 lines)

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
SRQL input validation: The PR adds parsing of user-provided target_query into builder state, but the diff does
not show input validation/sanitization or safeguards ensuring SRQL cannot trigger unsafe
downstream behavior.

Referred Code

def handle_event("validate_profile", %{"form" => params}, socket) do
  scope = socket.assigns.current_scope
  target_query = Map.get(params, "target_query")
  device_count = count_target_devices(scope, target_query)
  ash_form = socket.assigns.ash_form |> Form.validate(params)
  {parsed_builder, builder_sync} = parse_target_query_to_builder(target_query)

  socket =
    socket
    |> assign(:ash_form, ash_form)
    |> assign(:form, to_form(ash_form))
    |> assign(:target_device_count, device_count)
    |> assign(:builder_sync, builder_sync)

  socket =
    if builder_sync do
      assign(socket, :builder, parsed_builder)
    else
      socket
    end



 ... (clipped 1 lines)

Learn more about managing compliance generic rules or creating your own custom rules

Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2297#issuecomment-3750374934 Original created: 2026-01-14T16:21:18Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR:<br> <table><tbody><tr><td colspan='2'><strong>Security Compliance</strong></td></tr> <tr><td>🟢</td><td><details><summary><strong>No security concerns identified</strong></summary> No security vulnerabilities detected by AI analysis. Human verification advised for critical code. </details></td></tr> <tr><td colspan='2'><strong>Ticket Compliance</strong></td></tr> <tr><td>🟡</td> <td> <details> <summary>🎫 <a href=https://github.com/carverauto/serviceradar/issues/2295>#2295</a></summary> <table width='100%'><tbody> <tr><td rowspan=2>🟢</td> <td>When a user pastes a valid SRQL query into the <code>New Sysmon Profile</code> Target Query input, the <br>query builder should update automatically to match the input.<br></td></tr> <tr><td>The SRQL input should be accepted/processed on paste (i.e., the UI should not ignore a <br>legal/valid SRQL query).<br></td></tr> <tr><td rowspan=1>⚪</td> <td>Confirm in the browser that pasting the example SRQL query into the Target Query input <br>updates the visible builder UI state as expected (including any "applied" indicators) and <br>does not introduce UX regressions.<br></td></tr> </tbody></table> </details> </td></tr> <tr><td colspan='2'><strong>Codebase Duplication Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>Codebase context is not defined </strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'><strong>Custom Compliance</strong></td></tr> <tr><td rowspan=3>🟢</td><td> <details><summary><strong>Generic: Comprehensive Audit Trails</strong></summary><br> **Objective:** To create a detailed and reliable record of critical system actions for security analysis <br>and compliance.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Meaningful Naming and Self-Documenting Code</strong></summary><br> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code <br>self-documenting<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Logging Practices</strong></summary><br> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive <br>information like PII, PHI, or cardholder data.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=3>⚪</td> <td><details> <summary><strong>Generic: Robust Error Handling and Edge Case Management</strong></summary><br> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful <br>degradation<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2297/files#diff-8849d05a7171d718f17babecdf46709110ad58d7dbf378ed29429f2a4d50a5c5R111-R132'><strong>Unhandled parse failures</strong></a>: The new <code>parse_target_query_to_builder(target_query)</code> call has no visible guarding or error <br>handling in this diff, so failures on <code>nil</code>/invalid SRQL could crash the LiveView or <br>silently desync without actionable feedback.<br> <details open><summary>Referred Code</summary> ```elixir def handle_event("validate_profile", %{"form" => params}, socket) do scope = socket.assigns.current_scope target_query = Map.get(params, "target_query") device_count = count_target_devices(scope, target_query) ash_form = socket.assigns.ash_form |> Form.validate(params) {parsed_builder, builder_sync} = parse_target_query_to_builder(target_query) socket = socket |> assign(:ash_form, ash_form) |> assign(:form, to_form(ash_form)) |> assign(:target_device_count, device_count) |> assign(:builder_sync, builder_sync) socket = if builder_sync do assign(socket, :builder, parsed_builder) else socket end ... (clipped 1 lines) ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary><strong>Generic: Secure Error Handling</strong></summary><br> **Objective:** To prevent the leakage of sensitive system information through error messages while <br>providing sufficient detail for internal debugging.<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2297/files#diff-8849d05a7171d718f17babecdf46709110ad58d7dbf378ed29429f2a4d50a5c5R111-R132'><strong>Parser error exposure</strong></a>: Because SRQL parsing is newly introduced via <code>parse_target_query_to_builder/1</code> and no error <br>pathway is shown here, it is unclear whether parsing errors could surface internal details <br>to the UI instead of being handled generically.<br> <details open><summary>Referred Code</summary> ```elixir def handle_event("validate_profile", %{"form" => params}, socket) do scope = socket.assigns.current_scope target_query = Map.get(params, "target_query") device_count = count_target_devices(scope, target_query) ash_form = socket.assigns.ash_form |> Form.validate(params) {parsed_builder, builder_sync} = parse_target_query_to_builder(target_query) socket = socket |> assign(:ash_form, ash_form) |> assign(:form, to_form(ash_form)) |> assign(:target_device_count, device_count) |> assign(:builder_sync, builder_sync) socket = if builder_sync do assign(socket, :builder, parsed_builder) else socket end ... (clipped 1 lines) ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary><strong>Generic: Security-First Input Validation and Data Handling</strong></summary><br> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent <br>vulnerabilities<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2297/files#diff-8849d05a7171d718f17babecdf46709110ad58d7dbf378ed29429f2a4d50a5c5R111-R132'><strong>SRQL input validation</strong></a>: The PR adds parsing of user-provided <code>target_query</code> into builder state, but the diff does <br>not show input validation/sanitization or safeguards ensuring SRQL cannot trigger unsafe <br>downstream behavior.<br> <details open><summary>Referred Code</summary> ```elixir def handle_event("validate_profile", %{"form" => params}, socket) do scope = socket.assigns.current_scope target_query = Map.get(params, "target_query") device_count = count_target_devices(scope, target_query) ash_form = socket.assigns.ash_form |> Form.validate(params) {parsed_builder, builder_sync} = parse_target_query_to_builder(target_query) socket = socket |> assign(:ash_form, ash_form) |> assign(:form, to_form(ash_form)) |> assign(:target_device_count, device_count) |> assign(:builder_sync, builder_sync) socket = if builder_sync do assign(socket, :builder, parsed_builder) else socket end ... (clipped 1 lines) ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant<br> 🟡 - Partial Compliant<br> 🔴 - Not Compliant<br> ⚪ - Requires Further Human Verification<br> 🏷️ - Compliance label<br> </details>

qodo-code-review[bot] commented

2026-01-14 16:22:24 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2297#issuecomment-3750379796
Original created: 2026-01-14T16:22:24Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Gracefully handle parse errors Add a `try/rescue` block around the `parse_target_query_to_builder/1` call to prevent crashes from malformed SRQL input and gracefully handle parsing failures. web-ng/lib/serviceradar_web_ng_web/live/settings/sysmon_profiles_live/index.ex [116] `-{parsed_builder, builder_sync} = parse_target_query_to_builder(target_query) +{parsed_builder, builder_sync} = + try do + parse_target_query_to_builder(target_query) + rescue + _ -> {nil, false} + end` Apply / Chat Suggestion importance[1-10]: 8 __ Why: This is a critical improvement for robustness, as it prevents the LiveView process from crashing due to unexpected input in `target_query`, which is a common source of errors in user-facing forms.	Medium
General	Clear stale builder on unsynced When `builder_sync` is false, reset the `:builder` state to an empty map to clear stale data from the UI and prevent user confusion. web-ng/lib/serviceradar_web_ng_web/live/settings/sysmon_profiles_live/index.ex [125-130] `socket = if builder_sync do assign(socket, :builder, parsed_builder) else - socket + assign(socket, :builder, %{}) end` Apply / Chat Suggestion importance[1-10]: 7 __ Why: This suggestion correctly identifies that stale data could be left in the builder UI when an un-parseable query is entered, and proposes a good solution to clear it, improving UI consistency.	Medium
Update

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2297#issuecomment-3750379796 Original created: 2026-01-14T16:22:24Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td><strong>Category</strong></td><td align=left><strong>Suggestion                                                                                                                                    </strong></td><td align=center><strong>Impact</strong></td></tr><tbody><tr><td rowspan=1>Possible issue</td> <td> <details><summary>Gracefully handle parse errors</summary> ___ **Add a <code>try/rescue</code> block around the <code>parse_target_query_to_builder/1</code> call to <br>prevent crashes from malformed SRQL input and gracefully handle parsing <br>failures.** [web-ng/lib/serviceradar_web_ng_web/live/settings/sysmon_profiles_live/index.ex [116]](https://github.com/carverauto/serviceradar/pull/2297/files#diff-8849d05a7171d718f17babecdf46709110ad58d7dbf378ed29429f2a4d50a5c5R116-R116) ```diff -{parsed_builder, builder_sync} = parse_target_query_to_builder(target_query) +{parsed_builder, builder_sync} = + try do + parse_target_query_to_builder(target_query) + rescue + _ -> {nil, false} + end ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: This is a critical improvement for robustness, as it prevents the LiveView process from crashing due to unexpected input in `target_query`, which is a common source of errors in user-facing forms. </details></details></td><td align=center>Medium </td></tr><tr><td rowspan=1>General</td> <td> <details><summary>Clear stale builder on unsynced</summary> ___ **When <code>builder_sync</code> is false, reset the <code>:builder</code> state to an empty map to clear <br>stale data from the UI and prevent user confusion.** [web-ng/lib/serviceradar_web_ng_web/live/settings/sysmon_profiles_live/index.ex [125-130]](https://github.com/carverauto/serviceradar/pull/2297/files#diff-8849d05a7171d718f17babecdf46709110ad58d7dbf378ed29429f2a4d50a5c5R125-R130) ```diff socket = if builder_sync do assign(socket, :builder, parsed_builder) else - socket + assign(socket, :builder, %{}) end ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 7</summary> __ Why: This suggestion correctly identifies that stale data could be left in the builder UI when an un-parseable query is entered, and proposes a good solution to clear it, improving UI consistency. </details></details></td><td align=center>Medium </td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td><td></td></tr></tbody></table>