[ui] implement full application UI#15
Open
dudina-ma wants to merge 8 commits into
Open
Conversation
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (3)
📒 Files selected for processing (8)
📝 WalkthroughWalkthroughAdds a browser SPA runtime: a global ChangesSingle SPA feature (core runtime + pages)
Sequence DiagramssequenceDiagram
participant User
participant Browser as Browser/SPA
participant Storage as localStorage
participant API as Backend API
User->>Browser: Open app / navigate
Browser->>Storage: read access_token
Storage-->>Browser: token/null
alt token present
Browser->>Browser: show authenticated UI via Alpine store
else
Browser->>Browser: show guest UI
end
User->>Browser: Click hash link
Browser->>Browser: map hash -> /static/pages/{page}.html and fetch it
Browser->>Browser: inject `<main>` into `#spa-root` and init Alpine
Browser->>API: page factory calls apiFetch -> GET/POST/etc
API-->>Browser: response (200/401/...)
Browser->>User: render updated UI (logout on 401)
sequenceDiagram
participant User
participant TaskPage as Task Page
participant Storage as localStorage
participant API as Backend API
User->>TaskPage: Open task view
TaskPage->>Storage: read token
TaskPage->>API: apiFetch GET /api/v1/tasks/{id}
API-->>TaskPage: 200 with task payload
TaskPage->>User: render task, comments, attachments
User->>TaskPage: Submit comment
TaskPage->>API: apiFetch POST /api/v1/tasks/{id}/comments
API-->>TaskPage: 201 created comment
TaskPage->>User: append comment
User->>TaskPage: Upload attachment
TaskPage->>API: apiFetch POST /api/v1/tasks/{id}/attachments (init)
API-->>TaskPage: returns upload_url
TaskPage->>API: PUT to upload_url (direct upload)
API-->>TaskPage: upload confirmed
TaskPage->>API: apiFetch PUT /api/v1/tasks/{id}/attachments/{id}/confirm
API-->>TaskPage: attachment confirmed
TaskPage->>User: show attachment
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 8
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@internal/server/ui/module.go`:
- Around line 127-128: The SPA currently mounts full-page HTML under the same
static path in Handler.Register via app.Static("/static", ...), which causes
nested <html>/<body> when web/static/js/app.js fetches /static/pages/* and
injects into `#spa-root`; change the static routing so /static only serves asset
fragments (CSS/JS/images) and move standalone HTML pages to a different mount
(e.g., /pages) or serve them as full-page routes, update Handler.Register to
stop exposing web/static/pages through app.Static and add a separate
route/handler for those full pages, and update web/static/js/app.js fetch
targets to the new path so injected content is fragments only.
- Around line 189-205: The admin routes (app.Get("/admin", "/admin/users",
"/admin/projects") rendering via h.render) are unprotected and should be gated
server-side; add or reuse an authentication+authorization middleware (e.g.,
requireAuth / requireAdmin or a JWT-check that inspects
ctx.Locals("user")/claims) and apply it to these three app.Get handlers (or wrap
the handlers) so only authenticated users with the admin role can reach them,
returning 401/403 otherwise. Ensure the middleware verifies the JWT and the
admin role claim before calling h.render for these routes.
In `@web/static/js/api.js`:
- Around line 9-30: The apiFetch function is rebuilding the fetch init and
dropping options like signal, credentials, mode, and cache and also over-eagerly
stringifying bodies; update apiFetch to merge the incoming options into the
fetch init instead of replacing them (preserve options.signal,
options.credentials, options.mode, options.cache, etc.), copy/merge
options.headers into the Headers instance rather than discarding other init
fields, and only JSON.stringify the body when it is a plain JS object (not
FormData, Blob, ArrayBuffer, URLSearchParams, or already-string/stream) before
passing the merged init to fetch; refer to the apiFetch function, headers
variable, body variable, and the fetch call to locate where to merge and replace
the init object.
In `@web/static/js/app.js`:
- Around line 310-320: The current anonymous
window.addEventListener("task-created", ...) is re-registered on each page init
and accumulates; define a single named handler (e.g., handleTaskCreated) and
ensure you remove any previous registration before adding (call
window.removeEventListener("task-created", handleTaskCreated) then
window.addEventListener("task-created", handleTaskCreated)), or alternatively
register it with the { once: false } and guard with a module-level flag so the
listener is only added once; update the init/teardown logic that currently
creates the listener to use that named handler and removal to prevent duplicate
notices.
- Around line 2310-2339: render() can suffer from async route races where an
earlier fetch resolves after a later navigation and overwrites the page; fix by
adding a render guard (either a module-level incremental token like
currentRenderId or a module-level AbortController) and use it at the start of
render() to cancel or ignore prior requests: when calling
fetch(`/static/pages/${page}`) pass the controller.signal or capture the local
token, and before mutating DOM (setTitleFromDoc, root.innerHTML, initAlpineOn)
verify the token matches the latest or that the request wasn’t aborted so only
the most recent render invocation updates the UI; also ensure you abort/advance
the token at the beginning of render() so pending fetches are canceled/ignored.
In `@web/static/pages/profile.html`:
- Around line 8-11: The external script tags using floating/pinned URLs (the src
values "https://cdn.tailwindcss.com" and
"https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js") must be replaced with fixed
release URLs and include Subresource Integrity and crossorigin attributes: pin
Tailwind to a specific release URL and pin Alpine to a specific version (e.g.
replace "@3.x.x" with a concrete tag like "@3.13.0"), compute the corresponding
SRI hash for each file, add integrity="sha384-..." (or appropriate algorithm)
and add crossorigin="anonymous" on each <script> tag; update all similar
external script tags across the pages in web/static/pages so builds are
reproducible and SRI checks are enforced.
In `@web/static/pages/projects.html`:
- Around line 107-113: The anchor currently binds p.repo_url directly which
allows javascript: or other malicious schemes; add a sanitizer/normalizer
function (e.g., safeRepoUrl or isAllowedRepoUrl) and replace the direct binding
on the anchor (:href="p.repo_url") with the sanitized result and/or conditional
rendering: if safeRepoUrl(p.repo_url) returns a normalized http(s) URL use it as
the href, otherwise render the value as plain text or render the anchor without
an href; implement safety by using the URL constructor to parse the input, allow
only http and https schemes, normalize relative URLs to absolute if needed, and
return null/empty for disallowed values so the template can avoid creating a
clickable javascript: sink.
In `@web/static/pages/task.html`:
- Around line 114-149: Labels currently lack for attributes and their
corresponding inputs/textareas lack id attributes, breaking accessibility; add
unique id attributes to each control (e.g., for the project input use
id="project_slug" or a namespaced id tied to editor.form.project_slug, for the
title input use id matching x-ref "editorTitle" such as id="editorTitle", and
for the description textarea use id="description") and update the matching
<label> elements to include for="..." to point to those ids so screen readers
and keyboard users can reliably associate labels with controls.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 2c445ca9-553e-4238-ba68-8b2b603a798e
📒 Files selected for processing (17)
internal/server/ui/module.goweb/static/js/api.jsweb/static/js/app.jsweb/static/pages/admin.htmlweb/static/pages/admin_projects.htmlweb/static/pages/admin_users.htmlweb/static/pages/dashboards.htmlweb/static/pages/dashboards_personal.htmlweb/static/pages/dashboards_tasks.htmlweb/static/pages/home.htmlweb/static/pages/login.htmlweb/static/pages/pending.htmlweb/static/pages/profile.htmlweb/static/pages/projects.htmlweb/static/pages/register.htmlweb/static/pages/task.htmlweb/templates/index.html
🤖 Pull request artifacts
|
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@web/static/js/app.js`:
- Around line 1988-2017: The current upload loop aborts on the first failure
causing stale UI and duplicate retries; modify the for (const file of files)
loop to handle each file independently by wrapping the per-file init→PUT→confirm
sequence in a try/catch, collecting results per attachment (success or error)
instead of throwing to abort the entire batch, continue to the next file on
error, and after the loop call this.load() once to refresh attachments and
update this.attachmentUpload.files/fileLabel, and emit per-file success/failure
feedback (use the existing toastSuccess/toastError or similar) referencing
variables like uploadURL, attachmentId, putRes, window.apiFetch and this.load to
locate the code to change.
- Around line 446-492: The search can be overwritten by out-of-order responses;
in onAssigneeSearchInput/searchAssignees add a request identity (e.g.,
this.assigneeSearch._requestId or store the normalized query in
this.assigneeSearch._lastQuery) before calling searchAssignees, then when the
fetch resolves check that the id/query still matches and only then update
this.assigneeSearch.items/total/loading/error; ignore stale responses (and do
the same check in the catch/finally paths). Apply the same pattern to the other
search flow referenced (the block around the other search handlers).
- Around line 307-315: The safeRepoUrl function currently allows credentialed
URLs because URL preserves username/password; after creating the URL object
(variable u) and validating protocol, reject any URL that contains credentials
by checking u.username or u.password (or other URL credential fields) and return
an empty string if either is present so credentialed repo URLs like
https://user:pass@host/... are not returned.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: d8e2461d-e4bc-4539-bd4f-2b05f3b69210
📒 Files selected for processing (4)
web/static/js/api.jsweb/static/js/app.jsweb/static/pages/projects.htmlweb/static/pages/task.html
✅ Files skipped from review due to trivial changes (2)
- web/static/js/api.js
- web/static/pages/projects.html
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@web/static/pages/admin_users.html`:
- Around line 58-73: The labels "Статус" and "Роль" are not associated with
their select controls, breaking accessibility; add unique id attributes to the
selects (e.g., id="filter-status" and id="filter-role") and set the
corresponding label for attributes (for="filter-status" and for="filter-role")
so the <label> elements bind to the <select> elements (references: the label
text nodes "Статус" and "Роль" and the select elements using
x-model="filter.status" and x-model="filter.role").
In `@web/templates/index.html`:
- Around line 8-11: The Tailwind Play CDN URL is unpinned
("https://cdn.tailwindcss.com") which can change behavior; replace that src with
a pinned, specific versioned CDN URL (e.g., the Tailwind release tag URL) or
better yet remove the Play CDN for production and generate a compiled/optimized
stylesheet via Tailwind CLI or your build tool (Vite) and reference the produced
CSS file instead; apply the same change to every page that currently references
the unpinned Tailwind Play CDN and keep Alpine.js pinned as-is.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 23a16a5f-3fb6-4654-b00b-836691d9942a
📒 Files selected for processing (16)
web/static/js/api.jsweb/static/js/app.jsweb/static/pages/admin.htmlweb/static/pages/admin_projects.htmlweb/static/pages/admin_users.htmlweb/static/pages/dashboards.htmlweb/static/pages/dashboards_personal.htmlweb/static/pages/dashboards_tasks.htmlweb/static/pages/home.htmlweb/static/pages/login.htmlweb/static/pages/pending.htmlweb/static/pages/profile.htmlweb/static/pages/projects.htmlweb/static/pages/register.htmlweb/static/pages/task.htmlweb/templates/index.html
✅ Files skipped from review due to trivial changes (7)
- web/static/pages/register.html
- web/static/pages/home.html
- web/static/pages/pending.html
- web/static/pages/admin.html
- web/static/pages/profile.html
- web/static/pages/dashboards_personal.html
- web/static/pages/task.html
🚧 Files skipped from review as they are similar to previous changes (5)
- web/static/pages/projects.html
- web/static/pages/login.html
- web/static/pages/dashboards.html
- web/static/pages/admin_projects.html
- web/static/js/app.js
There was a problem hiding this comment.
Actionable comments posted: 13
🧹 Nitpick comments (6)
web/static/css/tailwind.css (1)
1-1: Consider upgrading Tailwind CSS from v3.4.17 to v4.2.4 (latest).The compiled CSS indicates Tailwind v3.4.17 is in use. While this version has no known security vulnerabilities, it is 2 major versions behind the latest release (v4.2.4). Upgrading would bring new features, improvements, and ensure the codebase stays current with the project's dependencies.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@web/static/css/tailwind.css` at line 1, The compiled CSS contains the banner "tailwindcss v3.4.17" indicating the project is built with Tailwind v3; update your Tailwind dependency to v4.2.4 (package.json / pnpm-lock or yarn.lock) and re-run the Tailwind build step to regenerate web/static/css/tailwind.css so the banner and generated utilities reflect v4.2.4; ensure any breaking changes between v3 and v4 are handled in your Tailwind config (tailwind.config.js) and rebuild the assets pipeline used by the project.web/static/pages/dashboards.html (2)
8-8: 🏗️ Heavy liftTailwind CDN is render-blocking and not suited for production.
https://cdn.tailwindcss.comis a synchronous (non-deferred) script tag that blocks HTML parsing until fully fetched. Additionally, it ships the entire Tailwind stylesheet without purging unused classes, which inflates payload size. For production, replace this with a build-time Tailwind CLI or PostCSS pipeline that tree-shakes unused styles and outputs a static CSS file.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@web/static/pages/dashboards.html` at line 8, Remove the render‑blocking Tailwind CDN script tag in dashboards.html (the <script src="https://cdn.tailwindcss.com"> entry) and replace it with a link to a production-built static CSS file; set up a Tailwind build step (Tailwind CLI or PostCSS) that points to your app's templates/components (configure content/purge in tailwind.config.js) to tree-shake unused classes and output a minified CSS (e.g., assets/tailwind.css), update dashboards.html to reference that built CSS, and add the build step to your CI/build pipeline so production serves the static, purged stylesheet instead of the CDN script.
8-8: 🏗️ Heavy liftTailwind CDN is render-blocking and not intended for production use.
https://cdn.tailwindcss.comloads synchronously, blocking HTML parsing until the script is fetched and executed. The CDN build also ships the entire Tailwind stylesheet without purging unused classes. For production, a build-time Tailwind setup (CLI or PostCSS plugin) with tree-shaking is strongly recommended.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@web/static/pages/dashboards.html` at line 8, Remove the render-blocking Tailwind CDN script tag (src="https://cdn.tailwindcss.com") from dashboards.html and replace it with a link to a production-built, purged Tailwind stylesheet (e.g. a compiled /assets/css/tailwind.css) that your asset pipeline will emit; update your build pipeline (Tailwind CLI or PostCSS plugin) to generate the final CSS with purge/tree-shaking and ensure dashboards.html references that compiled CSS via a <link rel="stylesheet"> to serve the prebuilt file instead of loading the CDN script at runtime.web/static/pages/task.html (2)
8-11: ⚡ Quick winPin the Alpine.js CDN to a specific version for production stability.
@3.x.xwill pull the latest version of Alpine 3; for stability in production, it's recommended to hardcode a specific version in the CDN link. The current3.x.xwildcard can silently resolve to a different release between deployments, introducing unexpected breaking changes or supply-chain risk. Recent Alpine 3.x releases have included behavioral changes that could affect existing directives.📌 Proposed fix
- <script defer src="https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js"></script> + <script defer src="https://cdn.jsdelivr.net/npm/[email protected]/dist/cdn.min.js"></script>Additionally,
https://cdn.tailwindcss.comis the Tailwind Play CDN (in-browser JIT compiler), which is explicitly not recommended for production — it adds significant weight and cannot be purged. Consider replacing it with a prebuilt, purged CSS asset.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@web/static/pages/task.html` around lines 8 - 11, Update the third-party CDN references for production stability: replace the Alpine.js src that currently uses the wildcard "https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js" with a pinned, specific Alpine 3 release (e.g., alpinejs@3.Y.Z) in the <script defer src="..."> tag so the app.js behavior remains deterministic, and remove or replace the Tailwind Play CDN script tag "https://cdn.tailwindcss.com" with a prebuilt, purged CSS asset (serve a compiled Tailwind CSS file instead) so the page uses a stable, production-ready stylesheet.
8-11: ⚡ Quick winPin the Alpine.js CDN version to a specific release.
@3.x.xis a floating wildcard on unpkg — it resolves to the latest3.*release and can silently change between deployments. Use a pinned version instead.Proposed fix
- <script defer src="https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js"></script> + <script defer src="https://unpkg.com/alpinejs@3.15.12/dist/cdn.min.js"></script>Additionally,
https://cdn.tailwindcss.comis the Tailwind Play CDN (in-browser JIT compiler). It's explicitly not recommended for production by the Tailwind team — it adds significant overhead and can't be purged. Replace it with a prebuilt/purged CSS asset before shipping.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@web/static/pages/task.html` around lines 8 - 11, The page currently uses floating CDN references: change the Alpine script src that matches "https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js" to a pinned release (replace `@3.x.x` with a specific version like `@3`.<minor>.<patch>) so the runtime won't unexpectedly change, and remove/replace the Tailwind Play CDN ("https://cdn.tailwindcss.com") with a prebuilt, purged CSS asset (e.g., a compiled /static/css/tailwind.css served from your assets pipeline) and ensure your build step produces the purged Tailwind output (via Tailwind CLI/PostCSS) so production uses the static, optimized CSS instead of the in-browser JIT CDN.web/static/pages/login.html (1)
11-11: ⚡ Quick winPin the Alpine.js CDN version —
@3.x.xis a floating range.
@3.x.xresolves to the latest3.xrelease on unpkg. Any future minor or patch release that ships a behavioral change will affect this page immediately and silently without a code change. Pin to a concrete version like the current latest stable release@3.15.10.Suggested change
- <script defer src="https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js"></script> + <script defer src="https://unpkg.com/alpinejs@3.15.10/dist/cdn.min.js"></script>🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@web/static/pages/login.html` at line 11, The script tag is using a floating Alpine.js range "alpinejs@3.x.x" which can pull in future minor/patch changes; update the src to pin a specific stable version (e.g., replace "alpinejs@3.x.x" with the chosen concrete version string like "alpinejs@3.15.10") so the <script ... src="https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js"> reference becomes a fixed-version CDN URL and prevents unintended upgrades.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@web/static/css/input.css`:
- Around line 1-3: The Stylelint rule scss/at-rule-no-unknown is flagging
Tailwind directives in web/static/css/input.css (the `@tailwind`
base/components/utilities lines); update your Stylelint config (e.g.,
.stylelintrc) to silence these false positives by configuring the
scss/at-rule-no-unknown (or at-rule-no-unknown if used) rule to ignore Tailwind
at-rules (add ignoreAtRules for "tailwind" and other Tailwind directives like
"apply", "variants", "responsive", "screen"), so the `@tailwind` directives are
accepted by the linter and CI.
- Around line 1-3: Replace the CDN Tailwind injection in every file under
web/static/pages/ (the 13 pages) by removing the <script
src="https://cdn.tailwindcss.com"> tag and instead adding a link tag that loads
the compiled asset used by web/templates/index.html: <link rel="stylesheet"
href="/static/css/tailwind.css"> in the document head; ensure you do not leave
duplicate Tailwind includes and mirror the same HTML head placement used in
web/templates/index.html so all pages use the purged/compiled stylesheet.
In `@web/static/pages/dashboards.html`:
- Line 11: The script tag currently uses the floating tag
"https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js"; replace that src with a
pinned exact Alpine.js version (for example
"https://unpkg.com/alpinejs@3.12.0/dist/cdn.min.js" or whatever exact release
you want) so the <script> tag's src no longer uses "@3.x.x" and will reliably
load a fixed Alpine.js release.
- Line 11: Replace the floating Alpine.js CDN tag "alpinejs@3.x.x" with a
pinned, exact version "alpinejs@3.15.12" in the script include found in the HTML
pages (e.g., the <script defer
src="https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js"></script> line in
dashboards.html and the other listed SPA files); update the src attribute string
to use "https://unpkg.com/alpinejs@3.15.12/dist/cdn.min.js" in all files:
dashboards.html, login.html, home.html, profile.html, register.html,
pending.html, projects.html, task.html, dashboards_tasks.html,
dashboards_personal.html, admin_projects.html, admin_users.html, and admin.html
so the CDN dependency is pinned.
In `@web/static/pages/login.html`:
- Around line 58-78: The "Email" and "Пароль" labels lack for/id bindings so
screen readers and label clicks don't target the inputs; add unique ids to the
inputs (e.g. id="login-email" and id="login-password") and set the corresponding
label for attributes (for="login-email", for="login-password") while keeping the
existing attributes and x-model bindings (form.email, form.password) so focus
and accessibility are restored.
In `@web/static/pages/task.html`:
- Around line 592-643: The delete modal markup lacks ARIA dialog semantics and
focus management: add role="dialog" aria-modal="true" and
aria-labelledby="attachment-delete-modal-title" to the outer modal container,
give the title div the id "attachment-delete-modal-title", and ensure the close
buttons keep :disabled logic; apply the same pattern to the comment delete modal
(use id "comment-delete-modal-title"). In the Alpine component methods
attachmentDeleteModal/open/close (and comment delete equivalents) in app.js,
programmatically move focus into the modal when opening (to the first focusable
element or the modal title) and restore focus to the original trigger when
closing, and ensure keyboard trap/escape handling remains via
`@keydown.escape.window` with closeAttachmentDeleteModal().
- Around line 592-643: Add proper ARIA dialog semantics and focus management for
both modals: in the attachment delete modal (the container using x-show and
controlled by attachmentDeleteModal) add role="dialog" aria-modal="true" and
aria-labelledby pointing to an id you add to the modal title element (e.g.,
id="attachment-delete-modal-title"), and ensure the title div (text-sm
font-semibold) gets that id; do the same for the comment-delete modal (use
id="comment-delete-modal-title" on its title). Then update the corresponding JS
methods closeAttachmentDeleteModal(), confirmAttachmentDeleteModal(), and the
app.js open/close handlers for the comment modal to move focus into the modal
when opening (to the first focusable element or the title) and return focus to
the original trigger when closing. Ensure :disabled bindings and x-cloak remain
unchanged.
- Around line 345-361: The assignee list in view-mode renders only u.name which
can be empty; update the template that iterates assigneeSearch.items so the
display text uses the same fallback as edit/create (e.g., use u.name || u.email
|| ''), keeping the rest of the button behavior (setAssignee click and disabled
logic referencing loading and assigneeSave.saving) unchanged so users without a
name show their email instead.
- Around line 345-361: The assignee list in the template rendering for
"assigneeSearch.items" uses x-text="u.name" and will show blank rows for users
without a name; update the display to fall back to the user's email (e.g.,
change the element that currently uses x-text="u.name" to use x-text="u.name ||
u.email") so entries without a name render their email; apply the same fallback
pattern anywhere the same user list is rendered (the template with x-for="u in
assigneeSearch.items" and the button using setAssignee).
- Around line 229-236: The textarea bound to x-model="editingContent" inside the
x-for loop is missing an accessible label; add a proper label or
aria-labelledby/aria-label tied to a stable id so screen readers can identify
the field (e.g. generate a unique id per comment like "edit-{comment.id}" and
set <label for="...">Edit comment</label> or give the textarea aria-labelledby
pointing to that label; keep existing bindings (x-model="editingContent",
:disabled="commentEdit.saving", maxlength, required) and ensure the label text
is clear and localized if applicable.
- Around line 229-236: The textarea bound to x-model="editingContent" (the
inline comment-edit field) lacks an accessible label: add an aria-label or
aria-labelledby to that textarea (e.g., aria-label="Edit comment" or a dynamic
label including the commenter) so screen readers can identify the field; update
the element with aria-label="" (or aria-labelledby pointing to a visually-hidden
span) while keeping existing attributes like maxlength and
:disabled="commentEdit.saving".
- Around line 561-567: The href binding currently uses a.download_url which can
be a javascript: URI; update the anchor to call safeRepoUrl(a.download_url) so
only http/https schemes are allowed (same approach as used for repo_url in
projects.html). Locate the template anchor with :href="a.download_url" and
replace the bound value to call safeRepoUrl(...) and keep existing attributes
(target, rel, x-text) unchanged so the link rendering and text remain the same
while preventing javascript: URIs.
- Around line 561-567: Wrap the download URL in the same sanitizer used
elsewhere: replace the direct binding :href="a.download_url" with
:href="safeRepoUrl(a.download_url)" in task.html (anchor rendering the
file_name) so client-side code blocks javascript: and other unsafe schemes; also
make the repo_url binding in admin_projects.html use safeRepoUrl(repo_url) to
restore consistency with projects.html. Ensure safeRepoUrl is imported/available
in the component where the anchor is rendered and update any template references
accordingly.
---
Nitpick comments:
In `@web/static/css/tailwind.css`:
- Line 1: The compiled CSS contains the banner "tailwindcss v3.4.17" indicating
the project is built with Tailwind v3; update your Tailwind dependency to v4.2.4
(package.json / pnpm-lock or yarn.lock) and re-run the Tailwind build step to
regenerate web/static/css/tailwind.css so the banner and generated utilities
reflect v4.2.4; ensure any breaking changes between v3 and v4 are handled in
your Tailwind config (tailwind.config.js) and rebuild the assets pipeline used
by the project.
In `@web/static/pages/dashboards.html`:
- Line 8: Remove the render‑blocking Tailwind CDN script tag in dashboards.html
(the <script src="https://cdn.tailwindcss.com"> entry) and replace it with a
link to a production-built static CSS file; set up a Tailwind build step
(Tailwind CLI or PostCSS) that points to your app's templates/components
(configure content/purge in tailwind.config.js) to tree-shake unused classes and
output a minified CSS (e.g., assets/tailwind.css), update dashboards.html to
reference that built CSS, and add the build step to your CI/build pipeline so
production serves the static, purged stylesheet instead of the CDN script.
- Line 8: Remove the render-blocking Tailwind CDN script tag
(src="https://cdn.tailwindcss.com") from dashboards.html and replace it with a
link to a production-built, purged Tailwind stylesheet (e.g. a compiled
/assets/css/tailwind.css) that your asset pipeline will emit; update your build
pipeline (Tailwind CLI or PostCSS plugin) to generate the final CSS with
purge/tree-shaking and ensure dashboards.html references that compiled CSS via a
<link rel="stylesheet"> to serve the prebuilt file instead of loading the CDN
script at runtime.
In `@web/static/pages/login.html`:
- Line 11: The script tag is using a floating Alpine.js range "alpinejs@3.x.x"
which can pull in future minor/patch changes; update the src to pin a specific
stable version (e.g., replace "alpinejs@3.x.x" with the chosen concrete version
string like "alpinejs@3.15.10") so the <script ...
src="https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js"> reference becomes a
fixed-version CDN URL and prevents unintended upgrades.
In `@web/static/pages/task.html`:
- Around line 8-11: Update the third-party CDN references for production
stability: replace the Alpine.js src that currently uses the wildcard
"https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js" with a pinned, specific
Alpine 3 release (e.g., alpinejs@3.Y.Z) in the <script defer src="..."> tag so
the app.js behavior remains deterministic, and remove or replace the Tailwind
Play CDN script tag "https://cdn.tailwindcss.com" with a prebuilt, purged CSS
asset (serve a compiled Tailwind CSS file instead) so the page uses a stable,
production-ready stylesheet.
- Around line 8-11: The page currently uses floating CDN references: change the
Alpine script src that matches
"https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js" to a pinned release (replace
`@3.x.x` with a specific version like `@3`.<minor>.<patch>) so the runtime won't
unexpectedly change, and remove/replace the Tailwind Play CDN
("https://cdn.tailwindcss.com") with a prebuilt, purged CSS asset (e.g., a
compiled /static/css/tailwind.css served from your assets pipeline) and ensure
your build step produces the purged Tailwind output (via Tailwind CLI/PostCSS)
so production uses the static, optimized CSS instead of the in-browser JIT CDN.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 5e89eda3-fa62-4b97-992c-597d170cc87c
📒 Files selected for processing (19)
tailwind.config.jsweb/static/css/input.cssweb/static/css/tailwind.cssweb/static/js/api.jsweb/static/js/app.jsweb/static/pages/admin.htmlweb/static/pages/admin_projects.htmlweb/static/pages/admin_users.htmlweb/static/pages/dashboards.htmlweb/static/pages/dashboards_personal.htmlweb/static/pages/dashboards_tasks.htmlweb/static/pages/home.htmlweb/static/pages/login.htmlweb/static/pages/pending.htmlweb/static/pages/profile.htmlweb/static/pages/projects.htmlweb/static/pages/register.htmlweb/static/pages/task.htmlweb/templates/index.html
✅ Files skipped from review due to trivial changes (5)
- tailwind.config.js
- web/static/pages/admin.html
- web/static/pages/profile.html
- web/static/pages/dashboards_tasks.html
- web/static/js/api.js
🚧 Files skipped from review as they are similar to previous changes (9)
- web/templates/index.html
- web/static/pages/home.html
- web/static/pages/register.html
- web/static/pages/admin_users.html
- web/static/pages/projects.html
- web/static/pages/pending.html
- web/static/pages/admin_projects.html
- web/static/pages/dashboards_personal.html
- web/static/js/app.js
|
Caution Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted. Error details |
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (3)
web/static/pages/task.html (1)
297-305: 💤 Low valueAssignee display can render blank if
nameis empty.For consistency with the assignee search rows (Lines 350 and 502, which use
u.name || u.email || ''), consider applying the same fallback here. If the backend guaranteesnameis always populated ontask.assignee, this is moot — but the same guarantee did not hold for search results, which is why the fallback was added there.♻️ Proposed fix
<template x-if="task && task.assignee && task.assignee.id"> <div> - <span x-text="task.assignee.name"></span> + <span x-text="task.assignee.name || task.assignee.email || ''"></span> </div> </template>The same applies to the editor sidebar at Line 448 (
selectedAssignee.name || selectedAssignee.email— already using the fallback there, good).🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@web/static/pages/task.html` around lines 297 - 305, The assignee display currently uses task.assignee.name directly and can render blank if name is empty; change the x-text in the template that shows the assignee (the block guarded by template x-if="task && task.assignee && task.assignee.id") to use a fallback expression like task.assignee.name || task.assignee.email || '' so it mirrors the search rows' behavior and avoids empty output; update only that x-text expression (the element showing the assignee name) — the editor sidebar already uses a similar fallback.web/static/js/app.js (2)
1007-1015: 💤 Low valueTypo: missing space in
!=null.Trivial cosmetic — every other call site in this file uses
!= nullwith a space.✏️ Proposed fix
- const offset = Number(state && state.offset !=null ? state.offset : 0); + const offset = Number(state && state.offset != null ? state.offset : 0);🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@web/static/js/app.js` around lines 1007 - 1015, The paginationText function contains a cosmetic typo: `!=null` without a space; update the three occurrences in paginationText (the checks for state.total, state.limit, and state.offset) to use `!= null` with a space so they match the project's style and other call sites.
307-319: ⚡ Quick winExtract
safeRepoUrlinto a single shared helper.This exact function is duplicated verbatim in
taskPage(Lines 1112–1124), andadminProjectsPagewill need it too once theadmin_projects.htmlhref binding is sanitized. Three near-identical copies risk drifting (one was already strengthened in a past review to reject credentials — the others must be kept in sync forever). Lifting it to a single module-scoped function keeps validation rules in one place and makes the admin URL save validation easier to share with display logic.♻️ Suggested shape
// Top-level (e.g., near toastApiError) function safeRepoUrl(raw) { const s = String(raw == null ? "" : raw).trim(); if (!s) return ""; try { const u = new URL(s); const proto = (u.protocol || "").toLowerCase(); if (proto !== "http:" && proto !== "https:") return ""; if (u.username || u.password) return ""; return u.toString(); } catch { return ""; } }Then expose it on each page factory (
projectsPage,adminProjectsPage,taskPage) assafeRepoUrl: safeRepoUrl,so templates can keep callingsafeRepoUrl(...)unchanged.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@web/static/js/app.js` around lines 307 - 319, Extract the duplicated safeRepoUrl function to a single module-scoped helper (place it near other top-level helpers like toastApiError), then remove the inline copies and expose the shared helper from each page factory that needs it (projectsPage, taskPage, adminProjectsPage) by adding safeRepoUrl: safeRepoUrl to their returned/page-context object so existing template calls to safeRepoUrl(...) work unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@web-deps.mk`:
- Line 11: Replace the floating Alpine.js tag in the curl line that currently
references "https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js" with a fixed,
exact version (e.g., "https://unpkg.com/alpinejs@3.15.12/dist/cdn.min.js") so
the vendored file written to "web/static/vendor/alpinejs/alpine.min.js" is
reproducible; update the curl invocation in the web-deps make recipe (the line
downloading alpine.min.js) to use the pinned version.
In `@web/static/js/app.js`:
- Around line 641-700: The client-side save() in web/static/js/app.js currently
only checks repoUrl.startsWith("https://") which allows malformed URLs and URLs
with embedded credentials; update save() to parse repoUrl with the URL
constructor (same approach used by safeRepoUrl) and reject if parsing throws, if
parsed.protocol !== "https:" or if parsed.host is empty or if parsed.username or
parsed.password are present before calling window.apiFetch; also mirror this
check server-side by updating validateRepoURL() in internal/projects/domain.go
to reject URLs where u.User != nil (i.e., any embedded credentials) in addition
to existing scheme/host checks.
In `@web/static/pages/admin_projects.html`:
- Around line 107-113: Add a sanitization helper and use it in the admin
template: implement a safeRepoUrl(raw) method on the adminProjectsPage component
(mirroring the existing safeRepoUrl used by projectsPage/taskPage) that
validates the URL, ensures protocol is http/https, rejects credentials, and
returns a normalized string or empty string on failure; then update the
admin_projects.html template to bind the anchor href via
:href="safeRepoUrl(p.repo_url)" (and optionally use the same helper for the
displayed link text) instead of directly binding p.repo_url to prevent
non-http(s) schemes like javascript: from becoming clickable XSS sinks.
- Around line 205-210: The edit/create modal controlled by
x-show="projectModal.open" lacks dialog ARIA semantics; add role="dialog",
aria-modal="true", and an aria-labelledby attribute on the modal container (same
pattern as the delete modal) and give the dynamic title element (the project
modal title div associated with closeProjectModal()) a unique id so
aria-labelledby can reference it; ensure the id matches exactly and that the
closeProjectModal() handler still works.
In `@web/static/pages/home.html`:
- Around line 43-75: The wrapper <div> containing the cards is missing an Alpine
scope, so the admin card's x-show/x-cloak (on the <a> with
x-show="$store.auth.user && $store.auth.user.role === 'admin'") never
initializes and stays hidden; fix by adding an Alpine component scope (add
x-data on the outer wrapper div that wraps the grid/cards) so Alpine will
evaluate $store.auth.user and remove x-cloak accordingly, matching the pattern
used in dashboards_personal.html/admin.html.
---
Nitpick comments:
In `@web/static/js/app.js`:
- Around line 1007-1015: The paginationText function contains a cosmetic typo:
`!=null` without a space; update the three occurrences in paginationText (the
checks for state.total, state.limit, and state.offset) to use `!= null` with a
space so they match the project's style and other call sites.
- Around line 307-319: Extract the duplicated safeRepoUrl function to a single
module-scoped helper (place it near other top-level helpers like toastApiError),
then remove the inline copies and expose the shared helper from each page
factory that needs it (projectsPage, taskPage, adminProjectsPage) by adding
safeRepoUrl: safeRepoUrl to their returned/page-context object so existing
template calls to safeRepoUrl(...) work unchanged.
In `@web/static/pages/task.html`:
- Around line 297-305: The assignee display currently uses task.assignee.name
directly and can render blank if name is empty; change the x-text in the
template that shows the assignee (the block guarded by template x-if="task &&
task.assignee && task.assignee.id") to use a fallback expression like
task.assignee.name || task.assignee.email || '' so it mirrors the search rows'
behavior and avoids empty output; update only that x-text expression (the
element showing the assignee name) — the editor sidebar already uses a similar
fallback.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: aabbbebd-b7c4-49bf-8632-86ee0735c263
⛔ Files ignored due to path filters (1)
web/static/vendor/alpinejs/alpine.min.jsis excluded by!**/*.min.js
📒 Files selected for processing (19)
.github/workflows/tailwind-css.ymltailwind.config.jstailwind.mkweb-deps.mkweb/static/js/app.jsweb/static/pages/admin.htmlweb/static/pages/admin_projects.htmlweb/static/pages/admin_users.htmlweb/static/pages/dashboards.htmlweb/static/pages/dashboards_personal.htmlweb/static/pages/dashboards_tasks.htmlweb/static/pages/home.htmlweb/static/pages/login.htmlweb/static/pages/pending.htmlweb/static/pages/profile.htmlweb/static/pages/projects.htmlweb/static/pages/register.htmlweb/static/pages/task.htmlweb/templates/index.html
🚧 Files skipped from review as they are similar to previous changes (3)
- web/static/pages/dashboards_tasks.html
- web/static/pages/register.html
- web/static/pages/profile.html
|
This PR is stale because it has been open for 7 days with no activity. |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@web/static/css/tailwind.css`:
- Line 1: The committed web/static/css/tailwind.css is out of date and missing a
trailing newline which breaks the tailwind-css / build-and-check CI; regenerate
the file by running the Tailwind build (e.g. make tailwind-build or npx
tailwindcss with your project config), replace web/static/css/tailwind.css with
the freshly generated output, ensure the file ends with a newline (configure
your editor or append one after build), and commit the updated file so git diff
--exit-code is clean.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: ba64ecb1-33f5-4f06-986a-cd0bfa42686d
⛔ Files ignored due to path filters (1)
web/static/vendor/alpinejs/alpine.min.jsis excluded by!**/*.min.js
📒 Files selected for processing (23)
.github/workflows/tailwind-css.ymltailwind.config.jstailwind.mkweb-deps.mkweb/static/css/input.cssweb/static/css/tailwind.cssweb/static/js/api.jsweb/static/js/app.jsweb/static/pages/admin.htmlweb/static/pages/admin_projects.htmlweb/static/pages/admin_users.htmlweb/static/pages/dashboards.htmlweb/static/pages/dashboards_personal.htmlweb/static/pages/dashboards_tasks.htmlweb/static/pages/home.htmlweb/static/pages/login.htmlweb/static/pages/pending.htmlweb/static/pages/profile.htmlweb/static/pages/project_tasks.htmlweb/static/pages/projects.htmlweb/static/pages/register.htmlweb/static/pages/task.htmlweb/templates/index.html
🚧 Files skipped from review as they are similar to previous changes (13)
- web/static/pages/admin.html
- .github/workflows/tailwind-css.yml
- web/static/pages/pending.html
- tailwind.config.js
- tailwind.mk
- web/static/pages/register.html
- web-deps.mk
- web/static/pages/dashboards_personal.html
- web/static/pages/admin_projects.html
- web/static/pages/dashboards.html
- web/static/js/api.js
- web/static/pages/home.html
- web/static/pages/login.html
| @@ -0,0 +1 @@ | |||
| *,:after,:before{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }::backdrop{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }/*! tailwindcss v3.4.17 | MIT License | https://tailwindcss.com*/*,:after,:before{box-sizing:border-box;border:0 solid #e5e7eb}:after,:before{--tw-content:""}:host,html{line-height:1.5;-webkit-text-size-adjust:100%;-moz-tab-size:4;-o-tab-size:4;tab-size:4;font-family:ui-sans-serif,system-ui,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;font-feature-settings:normal;font-variation-settings:normal;-webkit-tap-highlight-color:transparent}body{margin:0;line-height:inherit}hr{height:0;color:inherit;border-top-width:1px}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,pre,samp{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace;font-feature-settings:normal;font-variation-settings:normal;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}table{text-indent:0;border-color:inherit;border-collapse:collapse}button,input,optgroup,select,textarea{font-family:inherit;font-feature-settings:inherit;font-variation-settings:inherit;font-size:100%;font-weight:inherit;line-height:inherit;letter-spacing:inherit;color:inherit;margin:0;padding:0}button,select{text-transform:none}button,input:where([type=button]),input:where([type=reset]),input:where([type=submit]){-webkit-appearance:button;background-color:transparent;background-image:none}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}progress{vertical-align:baseline}::-webkit-inner-spin-button,::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}summary{display:list-item}blockquote,dd,dl,figure,h1,h2,h3,h4,h5,h6,hr,p,pre{margin:0}fieldset{margin:0}fieldset,legend{padding:0}menu,ol,ul{list-style:none;margin:0;padding:0}dialog{padding:0}textarea{resize:vertical}input::-moz-placeholder,textarea::-moz-placeholder{opacity:1;color:#9ca3af}input::placeholder,textarea::placeholder{opacity:1;color:#9ca3af}[role=button],button{cursor:pointer}:disabled{cursor:default}audio,canvas,embed,iframe,img,object,svg,video{display:block;vertical-align:middle}img,video{max-width:100%;height:auto}[hidden]:where(:not([hidden=until-found])){display:none}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);white-space:nowrap;border-width:0}.pointer-events-none{pointer-events:none}.static{position:static}.fixed{position:fixed}.inset-0{inset:0}.bottom-4{bottom:1rem}.left-4{left:1rem}.z-50{z-index:50}.z-\[9999\]{z-index:9999}.mx-2{margin-left:.5rem;margin-right:.5rem}.mx-auto{margin-left:auto;margin-right:auto}.mb-3{margin-bottom:.75rem}.mb-4{margin-bottom:1rem}.mb-5{margin-bottom:1.25rem}.mb-6{margin-bottom:1.5rem}.mt-0\.5{margin-top:.125rem}.mt-1{margin-top:.25rem}.mt-2{margin-top:.5rem}.mt-3{margin-top:.75rem}.mt-4{margin-top:1rem}.mt-5{margin-top:1.25rem}.block{display:block}.flex{display:flex}.inline-flex{display:inline-flex}.table{display:table}.grid{display:grid}.max-h-48{max-height:12rem}.min-h-screen{min-height:100vh}.w-full{width:100%}.min-w-0{min-width:0}.min-w-full{min-width:100%}.max-w-5xl{max-width:64rem}.max-w-lg{max-width:32rem}.max-w-md{max-width:28rem}.max-w-xl{max-width:36rem}.flex-1{flex:1 1 0%}.shrink-0{flex-shrink:0}.translate-y-0{--tw-translate-y:0px}.translate-y-0,.translate-y-1{transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.translate-y-1{--tw-translate-y:0.25rem}.cursor-pointer{cursor:pointer}.select-none{-webkit-user-select:none;-moz-user-select:none;user-select:none}.flex-col{flex-direction:column}.flex-wrap{flex-wrap:wrap}.items-start{align-items:flex-start}.items-end{align-items:flex-end}.items-center{align-items:center}.justify-end{justify-content:flex-end}.justify-center{justify-content:center}.justify-between{justify-content:space-between}.gap-2{gap:.5rem}.gap-3{gap:.75rem}.gap-4{gap:1rem}.gap-x-3{-moz-column-gap:.75rem;column-gap:.75rem}.gap-y-1{row-gap:.25rem}.space-y-4>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-top:calc(1rem*(1 - var(--tw-space-y-reverse)));margin-bottom:calc(1rem*var(--tw-space-y-reverse))}.divide-y>:not([hidden])~:not([hidden]){--tw-divide-y-reverse:0;border-top-width:calc(1px*(1 - var(--tw-divide-y-reverse)));border-bottom-width:calc(1px*var(--tw-divide-y-reverse))}.overflow-auto{overflow:auto}.overflow-x-auto{overflow-x:auto}.truncate{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.whitespace-pre-wrap{white-space:pre-wrap}.rounded{border-radius:.25rem}.rounded-lg{border-radius:.5rem}.rounded-md{border-radius:.375rem}.rounded-xl{border-radius:.75rem}.border{border-width:1px}.border-b{border-bottom-width:1px}.border-amber-300{--tw-border-opacity:1;border-color:rgb(252 211 77/var(--tw-border-opacity,1))}.border-emerald-200{--tw-border-opacity:1;border-color:rgb(167 243 208/var(--tw-border-opacity,1))}.border-emerald-300{--tw-border-opacity:1;border-color:rgb(110 231 183/var(--tw-border-opacity,1))}.border-rose-200{--tw-border-opacity:1;border-color:rgb(254 205 211/var(--tw-border-opacity,1))}.border-rose-300{--tw-border-opacity:1;border-color:rgb(253 164 175/var(--tw-border-opacity,1))}.border-sky-300{--tw-border-opacity:1;border-color:rgb(125 211 252/var(--tw-border-opacity,1))}.border-slate-200{--tw-border-opacity:1;border-color:rgb(226 232 240/var(--tw-border-opacity,1))}.border-slate-300{--tw-border-opacity:1;border-color:rgb(203 213 225/var(--tw-border-opacity,1))}.bg-amber-100{--tw-bg-opacity:1;background-color:rgb(254 243 199/var(--tw-bg-opacity,1))}.bg-emerald-100{--tw-bg-opacity:1;background-color:rgb(209 250 229/var(--tw-bg-opacity,1))}.bg-emerald-50{--tw-bg-opacity:1;background-color:rgb(236 253 245/var(--tw-bg-opacity,1))}.bg-emerald-600{--tw-bg-opacity:1;background-color:rgb(5 150 105/var(--tw-bg-opacity,1))}.bg-red-600{--tw-bg-opacity:1;background-color:rgb(220 38 38/var(--tw-bg-opacity,1))}.bg-rose-100{--tw-bg-opacity:1;background-color:rgb(255 228 230/var(--tw-bg-opacity,1))}.bg-rose-50{--tw-bg-opacity:1;background-color:rgb(255 241 242/var(--tw-bg-opacity,1))}.bg-rose-600{--tw-bg-opacity:1;background-color:rgb(225 29 72/var(--tw-bg-opacity,1))}.bg-sky-100{--tw-bg-opacity:1;background-color:rgb(224 242 254/var(--tw-bg-opacity,1))}.bg-sky-600{--tw-bg-opacity:1;background-color:rgb(2 132 199/var(--tw-bg-opacity,1))}.bg-slate-100{--tw-bg-opacity:1;background-color:rgb(241 245 249/var(--tw-bg-opacity,1))}.bg-slate-50{--tw-bg-opacity:1;background-color:rgb(248 250 252/var(--tw-bg-opacity,1))}.bg-slate-900{--tw-bg-opacity:1;background-color:rgb(15 23 42/var(--tw-bg-opacity,1))}.bg-slate-900\/30{background-color:rgba(15,23,42,.3)}.bg-white{--tw-bg-opacity:1;background-color:rgb(255 255 255/var(--tw-bg-opacity,1))}.p-3{padding:.75rem}.p-4{padding:1rem}.p-6{padding:1.5rem}.px-2{padding-left:.5rem;padding-right:.5rem}.px-3{padding-left:.75rem;padding-right:.75rem}.px-4{padding-left:1rem;padding-right:1rem}.py-0\.5{padding-top:.125rem;padding-bottom:.125rem}.py-1{padding-top:.25rem;padding-bottom:.25rem}.py-1\.5{padding-top:.375rem;padding-bottom:.375rem}.py-2{padding-top:.5rem;padding-bottom:.5rem}.py-3{padding-top:.75rem;padding-bottom:.75rem}.py-4{padding-top:1rem;padding-bottom:1rem}.py-6{padding-top:1.5rem;padding-bottom:1.5rem}.pt-2{padding-top:.5rem}.pt-4{padding-top:1rem}.text-left{text-align:left}.text-right{text-align:right}.text-base{font-size:1rem;line-height:1.5rem}.text-lg{font-size:1.125rem;line-height:1.75rem}.text-sm{font-size:.875rem;line-height:1.25rem}.text-xs{font-size:.75rem;line-height:1rem}.font-medium{font-weight:500}.font-semibold{font-weight:600}.text-amber-900{--tw-text-opacity:1;color:rgb(120 53 15/var(--tw-text-opacity,1))}.text-emerald-700{--tw-text-opacity:1;color:rgb(4 120 87/var(--tw-text-opacity,1))}.text-emerald-800{--tw-text-opacity:1;color:rgb(6 95 70/var(--tw-text-opacity,1))}.text-emerald-900{--tw-text-opacity:1;color:rgb(6 78 59/var(--tw-text-opacity,1))}.text-red-600{--tw-text-opacity:1;color:rgb(220 38 38/var(--tw-text-opacity,1))}.text-red-700{--tw-text-opacity:1;color:rgb(185 28 28/var(--tw-text-opacity,1))}.text-rose-800{--tw-text-opacity:1;color:rgb(159 18 57/var(--tw-text-opacity,1))}.text-rose-900{--tw-text-opacity:1;color:rgb(136 19 55/var(--tw-text-opacity,1))}.text-sky-900{--tw-text-opacity:1;color:rgb(12 74 110/var(--tw-text-opacity,1))}.text-slate-500{--tw-text-opacity:1;color:rgb(100 116 139/var(--tw-text-opacity,1))}.text-slate-600{--tw-text-opacity:1;color:rgb(71 85 105/var(--tw-text-opacity,1))}.text-slate-700{--tw-text-opacity:1;color:rgb(51 65 85/var(--tw-text-opacity,1))}.text-slate-800{--tw-text-opacity:1;color:rgb(30 41 59/var(--tw-text-opacity,1))}.text-slate-900{--tw-text-opacity:1;color:rgb(15 23 42/var(--tw-text-opacity,1))}.text-white{--tw-text-opacity:1;color:rgb(255 255 255/var(--tw-text-opacity,1))}.underline{text-decoration-line:underline}.decoration-slate-200{text-decoration-color:#e2e8f0}.decoration-slate-300{text-decoration-color:#cbd5e1}.opacity-0{opacity:0}.opacity-100{opacity:1}.opacity-60{opacity:.6}.shadow-lg{--tw-shadow:0 10px 15px -3px rgba(0,0,0,.1),0 4px 6px -4px rgba(0,0,0,.1);--tw-shadow-colored:0 10px 15px -3px var(--tw-shadow-color),0 4px 6px -4px var(--tw-shadow-color)}.shadow-lg,.shadow-sm{box-shadow:var(--tw-ring-offset-shadow,0 0 #0000),var(--tw-ring-shadow,0 0 #0000),var(--tw-shadow)}.shadow-sm{--tw-shadow:0 1px 2px 0 rgba(0,0,0,.05);--tw-shadow-colored:0 1px 2px 0 var(--tw-shadow-color)}.outline-none{outline:2px solid transparent;outline-offset:2px}.filter{filter:var(--tw-blur) var(--tw-brightness) var(--tw-contrast) var(--tw-grayscale) var(--tw-hue-rotate) var(--tw-invert) var(--tw-saturate) var(--tw-sepia) var(--tw-drop-shadow)}.transition-all{transition-property:all;transition-timing-function:cubic-bezier(.4,0,.2,1);transition-duration:.15s}.duration-300{transition-duration:.3s}.hover\:bg-emerald-500:hover{--tw-bg-opacity:1;background-color:rgb(16 185 129/var(--tw-bg-opacity,1))}.hover\:bg-red-50:hover{--tw-bg-opacity:1;background-color:rgb(254 242 242/var(--tw-bg-opacity,1))}.hover\:bg-red-500:hover{--tw-bg-opacity:1;background-color:rgb(239 68 68/var(--tw-bg-opacity,1))}.hover\:bg-rose-500:hover{--tw-bg-opacity:1;background-color:rgb(244 63 94/var(--tw-bg-opacity,1))}.hover\:bg-sky-500:hover{--tw-bg-opacity:1;background-color:rgb(14 165 233/var(--tw-bg-opacity,1))}.hover\:bg-slate-100:hover{--tw-bg-opacity:1;background-color:rgb(241 245 249/var(--tw-bg-opacity,1))}.hover\:bg-slate-50:hover{--tw-bg-opacity:1;background-color:rgb(248 250 252/var(--tw-bg-opacity,1))}.hover\:bg-slate-800:hover{--tw-bg-opacity:1;background-color:rgb(30 41 59/var(--tw-bg-opacity,1))}.hover\:decoration-slate-400:hover{text-decoration-color:#94a3b8}.hover\:decoration-slate-500:hover{text-decoration-color:#64748b}.focus\:ring-2:focus{--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(2px + var(--tw-ring-offset-width)) var(--tw-ring-color);box-shadow:var(--tw-ring-offset-shadow),var(--tw-ring-shadow),var(--tw-shadow,0 0 #0000)}.focus\:ring-slate-200:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(226 232 240/var(--tw-ring-opacity,1))}.active\:bg-slate-100:active{--tw-bg-opacity:1;background-color:rgb(241 245 249/var(--tw-bg-opacity,1))}.disabled\:cursor-not-allowed:disabled{cursor:not-allowed}.disabled\:bg-slate-50:disabled{--tw-bg-opacity:1;background-color:rgb(248 250 252/var(--tw-bg-opacity,1))}.disabled\:opacity-40:disabled{opacity:.4}.disabled\:opacity-50:disabled{opacity:.5}.disabled\:opacity-60:disabled{opacity:.6}@media (min-width:640px){.sm\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}}@media (min-width:1024px){.lg\:col-span-1{grid-column:span 1/span 1}.lg\:col-span-2{grid-column:span 2/span 2}.lg\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.lg\:grid-cols-3{grid-template-columns:repeat(3,minmax(0,1fr))}} No newline at end of file | |||
There was a problem hiding this comment.
Critical: Pipeline failure — regenerate with trailing newline.
The CI job tailwind-css / build-and-check is failing because the committed file differs from the build output:
git diff --exit-codedetected changes — the file content doesn't match whatnpx tailwindcssproduces- Missing newline at end of file — POSIX standard requires text files to end with a newline
Re-run the Tailwind build command (likely make tailwind-build or similar) and commit the updated output. Ensure your build process or editor preserves the trailing newline.
🔧 Quick fix
After rebuilding, verify the file ends with a newline:
#!/bin/bash
# Ensure the generated CSS ends with a newline
if [ -n "$(tail -c 1 web/static/css/tailwind.css)" ]; then
echo "" >> web/static/css/tailwind.css
fi🧰 Tools
🪛 GitHub Actions: tailwind-css / 0_build-and-check.txt
[error] 1-1: git diff --exit-code failed (exit code 1) because web/static/css/tailwind.css differs from the checked-in version.
[error] 1-1: File ends without a newline ("\ No newline at end of file"), causing a diff.
🪛 GitHub Actions: tailwind-css / build-and-check
[error] 1-1: git diff --exit-code detected uncommitted/unexpected changes in this file, causing the step to fail with exit code 1.
[warning] 1-1: Missing newline at end of file ("\ No newline at end of file").
🪛 Stylelint (17.11.1)
[error] 1-1: Expected quotes around "Apple Color Emoji" (font-family-name-quotes)
(font-family-name-quotes)
[error] 1-1: Expected quotes around "Segoe UI Emoji" (font-family-name-quotes)
(font-family-name-quotes)
[error] 1-1: Expected quotes around "Segoe UI Symbol" (font-family-name-quotes)
(font-family-name-quotes)
[error] 1-1: Expected quotes around "Noto Color Emoji" (font-family-name-quotes)
(font-family-name-quotes)
[error] 1-1: Expected quotes around "Liberation Mono" (font-family-name-quotes)
(font-family-name-quotes)
[error] 1-1: Expected quotes around "Courier New" (font-family-name-quotes)
(font-family-name-quotes)
[error] 1-1: Deprecated property "clip" (property-no-deprecated)
(property-no-deprecated)
[error] 1-1: Vendor-prefixed selector "::-moz-placeholder" (selector-no-vendor-prefix)
(selector-no-vendor-prefix)
[error] 1-1: Vendor-prefixed selector "::-moz-placeholder" (selector-no-vendor-prefix)
(selector-no-vendor-prefix)
[error] 1-1: Expected "Emoji" to be "emoji" (value-keyword-case)
(value-keyword-case)
[error] 1-1: Expected "Emoji" to be "emoji" (value-keyword-case)
(value-keyword-case)
[error] 1-1: Expected "Emoji" to be "emoji" (value-keyword-case)
(value-keyword-case)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@web/static/css/tailwind.css` at line 1, The committed
web/static/css/tailwind.css is out of date and missing a trailing newline which
breaks the tailwind-css / build-and-check CI; regenerate the file by running the
Tailwind build (e.g. make tailwind-build or npx tailwindcss with your project
config), replace web/static/css/tailwind.css with the freshly generated output,
ensure the file ends with a newline (configure your editor or append one after
build), and commit the updated file so git diff --exit-code is clean.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implement application UI
Summary by CodeRabbit
New Features
Style / Chores