feat(recommendations): per-column header filters + sticky bottom action box

[cristim]

Summary

UX overhaul of the Recommendations table: drop the top filter bar in favour of per-column header filters (Excel-style), and move Purchase + Create Plan into a sticky bottom action box. Driven by user request — see plan at ~/.claude/plans/generic-painting-volcano.md (2026-04-27, 19 review passes, 3 consecutive clean).

Two atomic commits land in this PR:

• cb0a9105c — refactor(recommendations): column-filter parser + state + apply pipeline (no-op): introduces the column-filter primitives (parser, state, apply pipeline, visibleRecommendations accessor). Behaviourally a no-op until Bundle B surfaces them. Existing tests stay green as the no-op proof.

• f9d97a720 — feat(recommendations): per-column header filters + sticky bottom action box: surfaces the primitives in the UI; deletes the legacy top filter bar; adds the detached-popover infrastructure; replaces the bulk toolbar with a sticky bottom box; switches handleBulkPurchaseClick to term-aware bucketing; switches plans.ts:savePlan to read getVisibleRecommendations().

What the user will see

Before	After
Top filter bar with 5 dropdowns + Create Purchase Plan button	No top filter bar — every column header has its own sort + filter affordance
Bulk-purchase toolbar above the table with Term / Payment / Capacity / Purchase	Sticky bottom action box with Payment / Capacity / Purchase N selected/visible / Plan from N selected/visible; no Term selector
Toolbar Term overrode each rec's recommended term silently	Each rec is bought with its own per-row term — multi-term selections fan out into multiple buckets
Floating "N selected / Add to plan / Clear" toolbar appeared on selection	Selection summary inline with the bottom box buttons; one control surface, not two

Bundle A — Silent refactor (commit cb0a9105c)

• frontend/src/state.ts: RecommendationsColumnId closed union, discriminated ColumnFilter, getters/setters, getVisibleRecommendations / setVisibleRecommendations.
• frontend/src/recommendations.ts: parseNumericFilter discriminated-union parser (X, X..Y, >X, <X, >=X, <=X, comma-separated for OR, invalid → inline error). applyColumnFilters AND-combiner. Pipeline insertion: loaded → applyColumnFilters → setVisibleRecommendations(visible) → buildListMarkup.
• 23 new tests for parser + apply + state. The existing 39 tests stay green — the no-op proof.

Bundle B — UI overhaul (commit f9d97a720)

Per-column filter popover (portal pattern)

• Detached popover lives in document.body so it survives the table's innerHTML rewrite.
• Module-scope state tracks the active column id (string), not a DOM-node ref. Anchor re-bind by [data-column="..."] after every render.
• Toggle (click same trigger closes), swap (click different trigger replaces), click-outside, ESC, window scroll, window resize, tab-leave (MutationObserver on #recommendations-tab.active) all close.
• Defensive close on rebind failure or detached-state.
• ARIA wiring: role="dialog", aria-modal="false", aria-haspopup="dialog" + aria-expanded on the trigger, aria-labelledby on the popover, aria-live="polite" count region above the table.
• Categorical popover: checkbox list of distinct values from the unfiltered rec set, (All) tri-state checkbox, Clear footer. Account displays name (resolved via accountNamesCache) but filters by cloud_account_id. Term displays via formatTerm but filters by stringified integer.
• Numeric popover: free-text expression input, applies on blur or Enter (not on every keystroke). Mid-typing protection — anchor re-bind skips re-sync of any input that's document.activeElement.

Sticky bottom action box

• Mount-once-then-update lifecycle: mountBottomActionBox() builds DOM identities once, updateBottomActionBox(target) refreshes labels/disabled/aria-busy per render. Fixes the pre-existing pre-Bundle-B bug where rebuilds destroyed mid-typing values in the Capacity input.
• IDs preserved for backward compatibility: #bulk-purchase-payment, #bulk-purchase-capacity (app.ts:307 keeps reading it), #bulk-purchase-btn, #create-plan-btn.
• Dynamic labels: "Purchase 3 selected" / "Purchase 19 visible" / "Purchase" (disabled). Tooltips spell out the difference between one-off Purchase and recurring Plan.
• CSS: :root { --action-box-height: 80px; } + position: sticky; bottom: 0 + #recommendations-list { padding-bottom: var(--action-box-height) } so the box never occludes the last row.

Term-aware bucketing

• Bucket key in handleBulkPurchaseClick: provider|service → provider|service|term. Each bucket is term-uniform; isPaymentSupported is called per bucket with the bucket's own term. FanOutBucket.term reads from the bucket itself.
• BulkPurchaseToolbarState drops the term field. loadBulkPurchaseState was rewritten to explicitly pick known fields rather than spread-and-omit, so any stray term from legacy localStorage values silently disappears.

Plans.ts target alignment

• savePlan reads state.getVisibleRecommendations() (post-filter) instead of state.getRecommendations() (raw API). Same selected-IDs intersection on top. Falls back to all visible when no selection. Plans never include filtered-out recs.

Test plan

• npx jest — 1342/1342 tests pass across 38 suites.
• npx tsc --noEmit — clean.
• npm run build — production webpack build succeeds (224 KB app.js minified).
• Pre-commit Build frontend + Run frontend tests — green on both bundle commits.
• Browser smoke against the production bundle + mock-API server (per the plan's Verification §4 checklist) — TODO post-merge or via a follow-up smoke session.

Known follow-ups (out of scope, documented in the plan)

• Server-side filter pushdown for Service / Region / numerics (only relevant for tenants exceeding the API page-cap).
• localStorage persistence of column filters.
• Cross-column-aware distinct values for categorical popovers (Excel-style — first iteration uses the unfiltered rec set).
• Column visibility toggles.
• Harvesting the column-filter helpers as a shared module for Purchase Plans / Purchase History / RI Exchange tables.

Plan file

The implementation plan (incl. context, glossary, pipeline order, popover lifecycle, term-aware bucketing rationale, edge cases, 19-pass review log, and verification checklist) lives at ~/.claude/plans/generic-painting-volcano.md on the local machine that authored this PR.

Summary by CodeRabbit

Release Notes

• New Features

  • Added per-column header filter popovers supporting numeric expressions and categorical filtering
  • Introduced sticky bottom action box for plan creation and purchase workflow

• Improvements

  • Relocated filter controls from top toolbar to column-based headers
  • Added visible recommendation counter with clear-all filters option

[coderabbitai]

Warning

Rate limit exceeded

@cristim has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 8 minutes and 8 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3b580b70-caae-4be2-8a71-1f397f77834b

📥 Commits

Reviewing files that changed from the base of the PR and between f9d97a7 and 034ea00.

📒 Files selected for processing (9)

• frontend/src/__tests__/html.test.ts
• frontend/src/__tests__/plans.test.ts
• frontend/src/__tests__/recommendations.test.ts
• frontend/src/app.ts
• frontend/src/index.html
• frontend/src/plans.ts
• frontend/src/recommendations.ts
• frontend/src/state.ts
• frontend/src/styles/components.css

📝 Walkthrough

Walkthrough

The pull request migrates the recommendations filtering system from a centralized top filter bar with server-side logic to client-side per-column header filter popovers. It introduces column-filter state management, implements numeric and categorical filtering utilities, reorganizes the bulk purchase UI from a floating toolbar to a sticky bottom action box, and updates all dependent modules and tests accordingly.

Changes

Cohort / File(s)	Summary
State Management frontend/src/state.ts	Introduces typed column filter state (RecommendationsColumnId, RecommendationsColumnFilter, RecommendationsColumnFilters) with getters/setters, and a separate visibleRecommendations list to track filtered-visible rows.
Filtering Logic & Utilities frontend/src/recommendations.ts	Removes legacy top filter bar wiring and server-side filter plumbing. Adds exported filtering utilities: parseNumericFilter (parses =, comparisons, ranges, comma-OR expressions) and applyColumnFilters (applies categorical and numeric filters). Extends sorting to string columns and reworks bulk purchase UI from floating toolbar to sticky bottom action box with dynamic "Create Plan" import.
Plan Creation frontend/src/plans.ts	Updates savePlan to derive recommendations from state.getVisibleRecommendations() rather than raw list, intersecting selected IDs with visible set when selection exists.
HTML Structure frontend/src/index.html	Removes centralized filter/control section (provider/service/region/min-savings selectors and Create Plan button). Adds comment documenting per-column filter controls and dynamic filter/action-box rendering; retains freshness, summary, and list containers.
Application Wiring frontend/src/app.ts	Removes openCreatePlanModal dependency and its click handler from #create-plan-btn; documents button now wired in recommendations.ts:mountBottomActionBox.
Styling frontend/src/styles/components.css	Replaces bulk toolbar styles with per-column header filter button styles, a detached popover component (with sub-elements: heading, all/list/numeric sections, footer, clear button), filter-status bar with clear-filters control, and sticky bottom action box with CSS variable height and compensating list padding.
Test Suite – HTML Structure frontend/src/__tests__/html.test.ts	Removes legacy top filter bar and select-option/optgroup validation tests. Adds regression guard asserting legacy controls (#recommendations-controls, filter selects, account/provider filters) are absent.
Test Suite – Plans frontend/src/__tests__/plans.test.ts	Updates savePlan test cases to validate intersection of selected IDs with state.getVisibleRecommendations(), covering selected-subset, all-visible, and empty-selection scenarios.
Test Suite – Recommendations frontend/src/__tests__/recommendations.test.ts	Reorganizes around two bundles: Unit tests for numeric filter parsing, column filtering (categorical/account-id/numeric/AND-combination), and state accessors; DOM tests for per-column header popover lifecycle, categorical option generation, numeric validation, clear behavior, filter-status aria-live region, sticky bottom action box, and term-aware purchase bucketing.

Sequence Diagram

sequenceDiagram
    participant User
    participant UI as Column<br/>Header
    participant Filter as Filter<br/>Logic
    participant State as State<br/>Manager
    participant Plan as Plan<br/>Creation

    User->>UI: Adjust column filters (text, numeric range, categorical)
    activate UI
    UI->>Filter: applyColumnFilters(recs, filters)
    activate Filter
    Filter->>State: setVisibleRecommendations(filtered)
    activate State
    State->>State: Update internal visible list
    deactivate State
    Filter-->>UI: Filtered recommendations
    deactivate Filter
    UI->>UI: Render filtered table & clear badge
    deactivate UI

    User->>UI: Select recommendations & click Create Plan
    activate UI
    UI->>State: getVisibleRecommendations()
    activate State
    State-->>UI: Filtered visible recs
    deactivate State
    UI->>Plan: savePlan(selectedIDs ∩ visible)
    activate Plan
    Plan->>State: getVisibleRecommendations()
    activate State
    State-->>Plan: Current visible set
    deactivate State
    Plan->>Plan: Intersect selected with visible
    Plan-->>UI: Plan saved with visible subset
    deactivate Plan
    deactivate UI

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

🐰 Filters hop per column now,
No top bar, just popovers—
The sticky box bows at the bottom,
And visible plans bloom anew! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 34.09% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: introduction of per-column header filters and a sticky bottom action box in the recommendations feature.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ux/recommendations-column-filters

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cristim]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

frontend/src/recommendations.ts (1)

57-77: ⚠️ Potential issue | 🔴 Critical

Clear recommendation state before or on a failed reload.

All of the state resets happen only after the async fetch succeeds. If getRecommendations() rejects during a provider/account switch or refresh, the table shows an error but state.getRecommendations(), state.getVisibleRecommendations(), and the previous selection stay live, so the bottom action box can still operate on stale rows.

Suggested fix

 export async function loadRecommendations(): Promise<void> {
   try {
+    state.setRecommendations([]);
+    state.setVisibleRecommendations([]);
+    state.clearSelectedRecommendations();
+
     const accountIDs = state.getCurrentAccountIDs();
     const filters: api.RecommendationFilters = {
       provider: state.getCurrentProvider(),
       account_ids: accountIDs.length > 0 ? accountIDs : undefined,
     };

Or do the same reset in the catch block before updating the error UI.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/recommendations.ts` around lines 57 - 77, When
loadRecommendations calls api.getRecommendations it only resets state after the
await succeeds, leaving stale recommendations/selection if the fetch rejects;
modify loadRecommendations so it clears or resets the relevant state immediately
when starting the reload and also in the catch path: call
state.setRecommendations([]) and state.clearSelectedRecommendations() (and
optionally render empty summary/list via renderRecommendationsSummary({}) and
renderRecommendationsList([])) before awaiting api.getRecommendations and again
inside the catch that handles api.getRecommendations rejection to ensure
state.getRecommendations()/state.getVisibleRecommendations() and the selection
cannot operate on stale rows.

frontend/src/__tests__/recommendations.test.ts (1)

47-57: ⚠️ Potential issue | 🟠 Major

Avoid document.body.innerHTML in this suite.

This repo blocks .innerHTML writes even in tests, so this fixture setup is likely to fail once the security hook is active. Please switch this setup to document.body.replaceChildren() plus createElement()/appendChild() like the newer test blocks already do.

Based on learnings, In the LeanerCloud/CUDly repository, .innerHTML writes are blocked by a project-level security hook in all contexts, including test files. Use document.body.replaceChildren() or equivalent DOM methods for DOM teardown/reset in tests instead of .innerHTML = ''.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/__tests__/recommendations.test.ts` around lines 47 - 57, The
beforeEach DOM fixture in recommendations.test.ts currently uses
document.body.innerHTML which is blocked; change the beforeEach setup that
creates the `#recommendations-tab` and `#purchase-modal` to use
document.body.replaceChildren() and build the elements via
document.createElement()/appendChild() (target the beforeEach block and the
elements with ids recommendations-tab, recommendations-summary,
recommendations-list, purchase-modal, purchase-details) so the DOM is reset
without assigning to innerHTML.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@frontend/src/recommendations.ts`:
- Around line 1477-1480: The empty-results early return leaves the portal
popover detached; before returning from the block that sets container.innerHTML
and calls updateBottomActionBox, call the popover cleanup helper to close/rebind
the anchor (e.g., invoke rebindOpenPopoverAnchor() or, if available,
closeOpenPopover()) so the popover ARIA state and anchor are cleared when
recommendations is empty. Update the code path in the block that checks
(!recommendations || recommendations.length === 0) to perform that call prior to
the return.
- Around line 1176-1242: resolvePurchaseTarget currently falls back to all
visible when the user has a non-empty selection that is filtered out; change it
so that if state.getSelectedRecommendationIDs() is non-empty it returns the
intersection (even if empty) instead of visible, and only return visible when
there is no selected ID at all. Also update updateBottomActionBox: use the raw
selected set (state.getSelectedRecommendationIDs()) to decide whether the intent
is a selection (not selectedVisibleCount>0), compute targetCount as
selectedVisibleCount when selected.size>0 (even if zero) otherwise visibleCount,
and treat the case selected.size>0 && selectedVisibleCount===0 as empty (disable
buttons and adjust titles) so a hidden selection does not turn into a bulk
action on all visible rows.

In `@frontend/src/state.ts`:
- Around line 119-136: getRecommendationsColumnFilters and
setRecommendationsColumnFilter only perform a shallow copy of
recommendationsColumnFilters so nested filter objects and their values arrays
can still be mutated by callers; fix by making a deep/defensive copy of each
filter object and its values when returning the map in
getRecommendationsColumnFilters and when inserting/updating/deleting in
setRecommendationsColumnFilter (i.e., clone each RecommendationsColumnFilter and
any nested arrays/objects before storing into or returning from
recommendationsColumnFilters); you can use structuredClone or explicitly copy
the filter shape to ensure no shared references remain.

In `@frontend/src/styles/components.css`:
- Around line 804-811: The .column-filter-popover .column-filter-clear button
relies on a global button color (white) and can become invisible on the light
popover; update the .column-filter-popover .column-filter-clear rule to set an
explicit, high-contrast text color (for example use a project text token like
--color-text or a hex such as `#24292f`) so the label overrides the global button
color and remains readable on the popover.

---

Outside diff comments:
In `@frontend/src/__tests__/recommendations.test.ts`:
- Around line 47-57: The beforeEach DOM fixture in recommendations.test.ts
currently uses document.body.innerHTML which is blocked; change the beforeEach
setup that creates the `#recommendations-tab` and `#purchase-modal` to use
document.body.replaceChildren() and build the elements via
document.createElement()/appendChild() (target the beforeEach block and the
elements with ids recommendations-tab, recommendations-summary,
recommendations-list, purchase-modal, purchase-details) so the DOM is reset
without assigning to innerHTML.

In `@frontend/src/recommendations.ts`:
- Around line 57-77: When loadRecommendations calls api.getRecommendations it
only resets state after the await succeeds, leaving stale
recommendations/selection if the fetch rejects; modify loadRecommendations so it
clears or resets the relevant state immediately when starting the reload and
also in the catch path: call state.setRecommendations([]) and
state.clearSelectedRecommendations() (and optionally render empty summary/list
via renderRecommendationsSummary({}) and renderRecommendationsList([])) before
awaiting api.getRecommendations and again inside the catch that handles
api.getRecommendations rejection to ensure
state.getRecommendations()/state.getVisibleRecommendations() and the selection
cannot operate on stale rows.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6e8351b5-43fe-4ad3-928d-162dd7b68c11

📥 Commits

Reviewing files that changed from the base of the PR and between 5520317 and f9d97a7.

📒 Files selected for processing (9)

• frontend/src/__tests__/html.test.ts
• frontend/src/__tests__/plans.test.ts
• frontend/src/__tests__/recommendations.test.ts
• frontend/src/app.ts
• frontend/src/index.html
• frontend/src/plans.ts
• frontend/src/recommendations.ts
• frontend/src/state.ts
• frontend/src/styles/components.css

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Close the detached popover on the empty-results path.

When filtering narrows the table to zero rows, this early return skips rebindOpenPopoverAnchor(). The portal popover stays open even though its trigger/header has been removed, so its ARIA state and anchor are left stale until the user clicks elsewhere.

🧰 Tools

🪛 ast-grep (0.42.1)

[warning] 1477-1477: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: container.innerHTML = '

No recommendations match these filters. Try clearing filters or refreshing.

'
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 1477-1477: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: container.innerHTML = '

No recommendations match these filters. Try clearing filters or refreshing.

'
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/recommendations.ts` around lines 1477 - 1480, The empty-results
early return leaves the portal popover detached; before returning from the block
that sets container.innerHTML and calls updateBottomActionBox, call the popover
cleanup helper to close/rebind the anchor (e.g., invoke
rebindOpenPopoverAnchor() or, if available, closeOpenPopover()) so the popover
ARIA state and anchor are cleared when recommendations is empty. Update the code
path in the block that checks (!recommendations || recommendations.length === 0)
to perform that call prior to the return.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Defensive copy is incomplete for column filter state.

At Line 120 and Line 133, only the top-level record is copied. Nested filter objects/values arrays are still shared, so callers can mutate module state indirectly.

🔧 Proposed fix

+function cloneColumnFilter(filter: RecommendationsColumnFilter): RecommendationsColumnFilter {
+  return filter.kind === 'set'
+    ? { kind: 'set', values: [...filter.values] }
+    : { kind: 'expr', expr: filter.expr };
+}
+
+function cloneColumnFiltersMap(
+  source: RecommendationsColumnFilters,
+): RecommendationsColumnFilters {
+  const out: RecommendationsColumnFilters = {};
+  (Object.keys(source) as RecommendationsColumnId[]).forEach((k) => {
+    const f = source[k];
+    if (f) out[k] = cloneColumnFilter(f);
+  });
+  return out;
+}
+
 export function getRecommendationsColumnFilters(): RecommendationsColumnFilters {
-  return { ...recommendationsColumnFilters };
+  return cloneColumnFiltersMap(recommendationsColumnFilters);
 }
@@
   recommendationsColumnFilters = {
     ...recommendationsColumnFilters,
-    [column]: filter,
+    [column]: cloneColumnFilter(filter),
   };
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/state.ts` around lines 119 - 136,
getRecommendationsColumnFilters and setRecommendationsColumnFilter only perform
a shallow copy of recommendationsColumnFilters so nested filter objects and
their values arrays can still be mutated by callers; fix by making a
deep/defensive copy of each filter object and its values when returning the map
in getRecommendationsColumnFilters and when inserting/updating/deleting in
setRecommendationsColumnFilter (i.e., clone each RecommendationsColumnFilter and
any nested arrays/objects before storing into or returning from
recommendationsColumnFilters); you can use structuredClone or explicitly copy
the filter shape to ensure no shared references remain.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Set explicit text color for .column-filter-clear.

At Line 805, this button does not override the global button { color: white; }, so its label can become low-contrast/invisible on the white popover.

🎨 Proposed fix

 .column-filter-popover .column-filter-clear {
     background: transparent;
     border: 1px solid `#d0d7de`;
     border-radius: 3px;
     padding: 0.3rem 0.6rem;
     font-size: 0.85em;
     cursor: pointer;
+    color: `#333`;
 }
+.column-filter-popover .column-filter-clear:hover {
+    background: `#f5f7fa`;
+    border-color: `#b8c2cc`;
+}
+.column-filter-popover .column-filter-clear:focus-visible {
+    outline: 2px solid `#1a73e8`;
+    outline-offset: 2px;
+}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/styles/components.css` around lines 804 - 811, The
.column-filter-popover .column-filter-clear button relies on a global button
color (white) and can become invisible on the light popover; update the
.column-filter-popover .column-filter-clear rule to set an explicit,
high-contrast text color (for example use a project text token like --color-text
or a hex such as `#24292f`) so the label overrides the global button color and
remains readable on the popover.

[cristim]

Filed follow-up tracking issues for everything in the PR's "Out of scope" section + the post-merge browser smoke:

• ux(recommendations): server-side pushdown for Service / Region / numeric column filters #162 — ux(recommendations): server-side pushdown for Service / Region / numeric column filters
• ux(recommendations): persist column filters across page reload (localStorage) #163 — ux(recommendations): persist column filters across page reload (localStorage)
• ux(recommendations): cross-column-aware distinct values for categorical popovers (Excel-style) #164 — ux(recommendations): cross-column-aware distinct values for categorical popovers (Excel-style)
• ux(recommendations): column-visibility toggles for the table #165 — ux(recommendations): column-visibility toggles for the table
• refactor(frontend): extract column-filter primitives into a shared module — adopt on Plans / History / RI Exchange #166 — refactor(frontend): extract column-filter primitives into a shared module — adopt on Plans / History / RI Exchange
• test(recommendations): end-to-end browser smoke for PR #160 (column filters + bottom action box) #167 — test(recommendations): end-to-end browser smoke for PR feat(recommendations): per-column header filters + sticky bottom action box #160

[cristim]

@coderabbitai review

Pushed 77ac16bc8 addressing all 6 review findings (4 inline + 2 outside-diff):

1. CRITICAL resolvePurchaseTarget: never silently broaden a hidden selection into the visible set.
2. CRITICAL loadRecommendations: state reset on reload start + on fetch error so stale rows can't survive.
3. MAJOR state.ts: deep clone of column-filter values on read + write.
4. MAJOR .column-filter-clear: explicit color so the label isn't invisible.
5. MINOR empty-results path: rebindOpenPopoverAnchor so an open popover doesn't dangle on detached DOM.
6. MAJOR test fixtures: dropped .innerHTML writes (security hook also blocks them in tests).

1359/1359 frontend tests pass; tsc clean; pre-commit build + tests green.

[coderabbitai]

@cristim: Triggering a review of commit 77ac16bc8. Thanks for the thorough write-up of all six fixes and for filing the follow-up tracking issues (#162–#167) — that's a clean way to keep the out-of-scope items visible without blocking this PR.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.