eat: Search by name is supported in cohort member api

[Shubham4026]

Summary by CodeRabbit

• New Features

  • Extended cohort member search to support filtering by first name, middle name, last name, and a combined name field.

• Documentation

  • Added design specification for PII encryption implementation for user data at rest.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5281d888-1cde-48cc-b7b6-8fbfc512df9f

📥 Commits

Reviewing files that changed from the base of the PR and between df8e7bc and c5ef222.

📒 Files selected for processing (3)

• docs/superpowers/specs/2026-05-07-pii-encryption-design.md
• src/cohortMembers/cohortMembers.service.ts
• src/cohortMembers/dto/cohortMembers-search.dto.ts

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

---

Walkthrough

This PR adds new filterable fields to cohort member search functionality, extending the searchable name-related fields (firstName, middleName, lastName) and introducing a composite name filter. A specification document outlines a broader PII encryption initiative for the Users microservice under DPDPA compliance.

Changes

Cohort Member Search Filtering

Layer / File(s)	Summary
Data Shape src/cohortMembers/dto/cohortMembers-search.dto.ts	FiltersDto adds optional name?: string filter field with validation decorators.
Core Implementation src/cohortMembers/cohortMembers.service.ts	searchCohortMembers extends whereKeys to include firstName, middleName, lastName. getUsers adds SQL ILIKE handlers for middleName, lastName, and name filters.
Design Documentation docs/superpowers/specs/2026-05-07-pii-encryption-design.md	Specification for PII encryption in Users table under DPDPA. Documents encrypted field list, encryption modes (deterministic AES-256-CBC vs. random-IV AES-256-GCM), migration strategy, service behavior, API impacts (notably /user/list search changes), and implementation scope.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sdbv_rbac_changes

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[gemini-code-assist]

Code Review

This pull request introduces a design specification for PII encryption in the Users table and updates the cohort members service to include additional name fields in search results. However, the current implementation contains several critical issues, including SQL injection vulnerabilities and direct violations of the encryption design. Specifically, the use of partial matches (ILIKE) on encrypted fields and the inclusion of non-searchable fields like middleName in search filters contradict the proposed security strategy. Furthermore, the name field is not yet accounted for in the encryption scope, and required decryption logic is missing from the service layer.

[gemini-code-assist]

The implementation of these search filters presents several critical issues:

1. SQL Injection: The value is directly interpolated into the SQL string. This is a critical security vulnerability. All queries should be parameterized using TypeORM's query parameters.
2. Design Violation (Searchability): The middleName field is marked as non-searchable in the PII design doc (Section 4) because it uses Random-IV encryption. It should not have a search case here.
3. Design Violation (Exact Match): The design doc (Section 7.4) states that partial/wildcard search (ILIKE) is no longer possible for encrypted fields like firstName and lastName. These should be updated to use exact matches (=) on the encrypted value.
4. Missing Decryption: The service logic lacks the required call to decryptUserPII() after fetching results, which is necessary to return plaintext to the consumer (Section 7.2).
5. Unaccounted PII: The name column is not mentioned in the encryption design but contains PII and should be handled accordingly.

[gemini-code-assist]

As per the PII Encryption Design (Section 4 & 11), middleName is encrypted using Random-IV and is not intended to be searchable at the database level. It should be excluded from the whereKeys array.

Suggested change

	"firstName",
	"middleName",
	"lastName",
	"firstName",
	"lastName",

[gemini-code-assist]

The description for the name filter is misleading as it mentions firstName. It should be updated to accurately describe the field.

Suggested change

	@ApiPropertyOptional({ type: String, description: "Partial match on firstName" })
	@ApiPropertyOptional({ type: String, description: "Partial match on name" })

[gemini-code-assist]

The Users table contains a name column (as seen in user-entity.ts) which is not addressed in this design document. Since it contains personal data, it should be included in the encryption scope and its searchability defined.