fix: v1.1 Quality Hardening — Phase 1-3 dashboard fixes

[thebtf]

Summary

• Phase 1 (8 quick wins): Graph h-screen fix, Search Windows path regex, SystemView grid alignment, Vault 409 error message, Maintenance tooltips, Analytics phantom metrics removed, Queue Depth → Observations, GraphView v-show guard
• Phase 2: 10 tasks audited — 7 already done from previous PRs, 3 (T001-T003 vector metrics) deferred to next PR
• Phase 3: 6 tasks audited — 3 already done, T016 (memory badge raw count) fixed, T014/T015 deferred

Changes

• App.vue: min-h-screen → h-screen (fixes Graph flex height chain)
• middleware.go: regex allows backslash + colon for Windows paths
• SystemView.vue: unified grid + Latency Percentiles label + Maintenance tooltips
• VaultView.vue + useVault.ts: user-friendly 409 key mismatch message
• AnalyticsView.vue: removed Cache Hits + Latency Breakdown (never populated)
• HomeView.vue + StatsCards.vue: Queue Depth → Observations count
• GraphView.vue: v-show guard on graph container
• user-prompt.js: badge shows raw match count, not token-budget-trimmed

Test plan

• Graph page renders vis-network with nodes
• Search works with Windows project path (D:\Dev\engram)
• System page: metrics grid aligned, maintenance buttons have tooltips
• Vault reveal shows clear error on key mismatch
• Analytics: no phantom zeros for Cache Hits / Latency Breakdown
• Home: shows Observations count instead of Queue Depth
• Memory matches badge shows actual count

Summary by CodeRabbit

• Новые функции

  • Расширена валидация имён проектов — теперь допускается больше допустимых символов.

• Улучшения

  • Разделение и уточнение счётчиков совпадений для логирования и контекста.
  • Заменён показатель «глубина очереди» на «количество наблюдений».
  • Упрощена панель аналитики (убраны данные о кэше и деталях задержек).
  • Скорректирована высота основного контейнера для более предсказуемой вёрстки.

• UI/UX

  • Добавлены подсказки к кнопкам обслуживания.
  • Улучшена верстка и отображение ошибок в разделе хранилища.
  • Граф скрывается во время загрузки/ошибок.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c7b5f494-9693-496d-be33-fd1e89066933

📥 Commits

Reviewing files that changed from the base of the PR and between 0235b98 and f2c620b.

📒 Files selected for processing (2)

• plugin/engram/hooks/user-prompt.js
• ui/src/composables/useVault.ts

✅ Files skipped from review due to trivial changes (1)

• ui/src/composables/useVault.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• plugin/engram/hooks/user-prompt.js

---

Walkthrough

Обновлены валидация имён проектов, подсчёт совпадений наблюдений при инициализации сессии, заменено свойство StatsCards, а также внесены несколько правок UI‑раскладки и отображения ошибок в компонентах интерфейса.

Изменения

Когорта / Файлы	Описание
Валидация серверной части internal/worker/middleware.go	Изменён регулярное выражение projectNamePattern на ^[a-zA-Z0-9_.\\/:-]+$, расширяя допустимые символы (включая . и :) и уточняя экранирование для /.
Логика подсчёта совпадений наблюдений plugin/engram/hooks/user-prompt.js	Введена переменная matchedCount (устанавливается из safeObservations.length) и отправляется в /api/sessions/init как matchedObservations, отделяя «сырое» число совпадений от количества наблюдений, используемых для принятия решения о внедрении контекста.
Компонент статистики ui/src/components/StatsCards.vue	Свойство queueDepth: number заменено на observationCount: number; логика статуса теперь использует props.stats.isProcessing; UI карточки обновлён (лейбл/иконка/значение).
Использование наблюдений в представлении Home ui/src/views/HomeView.vue	Удалён импорт useSSE() и передача queueDepth; вместо этого передаётся :observation-count="observationCount" из useTimeline().
UI‑раскладка приложения ui/src/App.vue	Аутентифицированный контейнер переключён с min-h-screen на h-screen.
Аналитика и графы ui/src/views/AnalyticsView.vue, ui/src/views/GraphView.vue	В Analytics: сетка md:grid-cols-4 → md:grid-cols-3, удалена карточка «Cache Hits» и секция «Latency Breakdown». В Graph: контейнер теперь условно отображается v-show="hasGraph && !loading && !error".
Хранилище и обработка ошибок ui/src/composables/useVault.ts, ui/src/views/VaultView.vue	В useVault — нормализация текста ошибки и специальное сообщение при несоответствии ключей/ошибках дешифрования; в VaultView — изменена вёрстка блока actionError на flex с выровненной иконкой и уменьшенным текстом.
Системная страница ui/src/views/SystemView.vue	Обновлена секция «Latency Percentiles» (добавлен заголовок, md:grid-cols-4), добавлено описание в секции Maintenance и title-атрибуты для кнопок обслуживания.

Оценка затрат на проверку кода

🎯 3 (Moderate) | ⏱️ ~20 minutes

Возможно связанные PR

• feat: observation browser, detail view, semantic search (Phases 4-5) #20: Модификации в internal/worker/middleware.go — релевантно для изменений валидации имён проектов.
• feat: dashboard frontend layout — router, sidebar, auth, placeholder views #19: Внесёт изменения в то же internal/worker/middleware.go (TokenAuth/middleware), потенциально пересекается с новым regex/валидацией.
• feat: all secondary dashboard views — vault, logs, tokens, analytics, graph, patterns, sessions, system #21: Также изменяет internal/worker/middleware.go; стоит проверить совместимость изменений middleware.

Стихотворение

🐇 Шаг за шагом цифры сложены,
Совпадения в строках помечены,
Проекты теперь имя держат смело,
UI моргнёт — и станет светло.
Ключ хранится — тихо и крохотно,
Новые правки — прыг, дорога ровна!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title clearly references v1.1 Quality Hardening and multiple dashboard fixes, aligning with the PR's 8 quick wins across Graph sizing, regex, grid alignment, error messages, metrics removal, and observations count.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/v1.1-quality-hardening

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request delivers a series of quality hardening fixes for version 1.1, primarily focusing on improving the user experience and reliability of the application's dashboards and core functionalities. It resolves various UI/UX inconsistencies, enhances error reporting, and refines data presentation, making the application more robust and user-friendly.

Highlights

• Dashboard UI/UX Improvements: Addressed several visual and layout issues across various dashboards, including graph height, system view grid alignment, and analytics display.
• Enhanced Error Messaging: Improved the clarity of error messages, specifically for vault key mismatches, to provide more actionable feedback to users.
• Search Functionality Refinements: Updated the project name regex to support Windows paths and adjusted the memory badge to display the raw count of matched observations.
• Metric Renaming and Cleanup: Renamed 'Queue Depth' to 'Observations' in relevant UI components and removed phantom metrics from the Analytics view that were never populated.
• Component Logic and Guards: Implemented a v-show guard for the graph container to prevent rendering issues and added tooltips to maintenance controls for better user guidance.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[thebtf]

@coderabbitai review

[thebtf]

@gemini-code-assist review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[thebtf]

@codex review

[gemini-code-assist]

Code Review

This pull request introduces several changes across the codebase. The projectNamePattern regex was updated to support Windows paths by including backslashes and colons. In the user-prompt.js hook, matchedCount is now used for matchedObservations during session initialization, and comments were added to clarify observation tracking. UI updates include changing the authenticated layout to h-screen, refactoring StatsCards.vue and HomeView.vue to use observationCount instead of queueDepth and updating status logic to isProcessing, and simplifying the AnalyticsView by removing cache hits and latency breakdown sections. Error handling in useVault.ts was enhanced to provide more specific messages for decryption failures. The GraphView now conditionally displays the graph container, and the SystemView received minor layout adjustments and added descriptive tooltips for maintenance actions. Additionally, the VaultView's error message styling was updated.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

internal/worker/middleware.go (1)

471-472: ⚠️ Potential issue | 🟡 Minor

Сообщение об ошибке не соответствует обновлённому regex.

После добавления поддержки двоеточия и обратного слеша сообщение об ошибке устарело и вводит пользователя в заблуждение.

📝 Предлагаемое исправление

 	// Check for valid characters
 	if !projectNamePattern.MatchString(project) {
-		return fmt.Errorf("invalid project name: only alphanumeric, underscore, dash, dot, and slash allowed")
+		return fmt.Errorf("invalid project name: only alphanumeric, underscore, dash, dot, slash, colon, and backslash allowed")
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/worker/middleware.go` around lines 471 - 472, Ошибка говорит об
устаревшем списке разрешённых символов — после изменения projectNamePattern он
теперь разрешает двоеточие и обратный слеш; обновите сообщение об ошибке в том
условии, где проверяется !projectNamePattern.MatchString(project) (внутри
middleware.go), заменив текущую строку fmt.Errorf("invalid project name: only
alphanumeric, underscore, dash, dot, and slash allowed") на текст, который
включает двоеточие и backslash (например: "invalid project name: only
alphanumeric, underscore, dash, dot, slash, colon and backslash allowed") чтобы
оно отражало текущий regex.

🧹 Nitpick comments (1)

ui/src/composables/useVault.ts (1)

59-64: Нормализуйте проверку ошибки дешифрования, чтобы не терять 409-кейсы.

На Line 60 матчинг хрупкий: includes(...) чувствителен к регистру и includes('409') может дать ложные срабатывания. Лучше нормализовать строку и использовать более точный паттерн.

Предлагаемый патч

-      const msg = err instanceof Error ? err.message : ''
-      if (msg.includes('409') || msg.includes('key mismatch') || msg.includes('encryption') || msg.includes('decrypt')) {
+      const msg = err instanceof Error ? err.message : ''
+      const normalized = msg.toLowerCase()
+      const isDecryptMismatch =
+        /\b409\b/.test(normalized) ||
+        normalized.includes('key mismatch') ||
+        normalized.includes('encryption') ||
+        normalized.includes('decrypt')
+      if (isDecryptMismatch) {
         actionError.value = 'Cannot decrypt: this credential was encrypted with a different vault key. Set the original ENGRAM_VAULT_KEY to reveal it.'
       } else {
         actionError.value = msg || 'Failed to reveal credential'
       }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ui/src/composables/useVault.ts` around lines 59 - 64, The current error check
in useVault.ts uses a fragile includes-based match on msg which is
case-sensitive and can false-match the substring "409"; update the logic that
sets actionError.value to normalize and more precisely detect a decryption /
conflict error by lowercasing the message and using a stricter pattern (e.g.,
regex boundaries or explicit numeric check) and also check structured error
fields on err (such as err.status or err.code) before falling back to the
message; adjust the block around the msg variable and the actionError.value
assignment so it reliably detects HTTP 409/conflict and decryption-related
strings (case-insensitive) without accidental matches.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@plugin/engram/hooks/user-prompt.js`:
- Around line 149-153: The ReferenceError happens because matchedCount is
declared with const inside the if (safeObservations.length > 0) block but
referenced later in the /api/sessions/init handler; fix by lifting matchedCount
to the outer scope used by the handler (declare let matchedCount = 0 before the
if) and remove the inner const matchedCount declaration so the assignment inside
the block becomes matchedCount = safeObservations.length; ensure the outer
variable is in the same scope as the later usage and initialized to a safe
default.
- Line 218: Initialize matchedCount at the top of the surrounding function
(e.g., alongside other locals) with let matchedCount = 0; so it's always defined
even when safeObservations is empty, then keep the existing reassignment inside
the if (safeObservations.length > 0) block so matchedCount is updated when
results exist; this ensures the matchedObservations: matchedCount usage does not
raise a ReferenceError.

---

Outside diff comments:
In `@internal/worker/middleware.go`:
- Around line 471-472: Ошибка говорит об устаревшем списке разрешённых символов
— после изменения projectNamePattern он теперь разрешает двоеточие и обратный
слеш; обновите сообщение об ошибке в том условии, где проверяется
!projectNamePattern.MatchString(project) (внутри middleware.go), заменив текущую
строку fmt.Errorf("invalid project name: only alphanumeric, underscore, dash,
dot, and slash allowed") на текст, который включает двоеточие и backslash
(например: "invalid project name: only alphanumeric, underscore, dash, dot,
slash, colon and backslash allowed") чтобы оно отражало текущий regex.

---

Nitpick comments:
In `@ui/src/composables/useVault.ts`:
- Around line 59-64: The current error check in useVault.ts uses a fragile
includes-based match on msg which is case-sensitive and can false-match the
substring "409"; update the logic that sets actionError.value to normalize and
more precisely detect a decryption / conflict error by lowercasing the message
and using a stricter pattern (e.g., regex boundaries or explicit numeric check)
and also check structured error fields on err (such as err.status or err.code)
before falling back to the message; adjust the block around the msg variable and
the actionError.value assignment so it reliably detects HTTP 409/conflict and
decryption-related strings (case-insensitive) without accidental matches.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 08e7a8cc-0fa2-49e0-a3b4-bb3ac0d830c2

📥 Commits

Reviewing files that changed from the base of the PR and between cf53ae6 and 0235b98.

📒 Files selected for processing (10)

• internal/worker/middleware.go
• plugin/engram/hooks/user-prompt.js
• ui/src/App.vue
• ui/src/components/StatsCards.vue
• ui/src/composables/useVault.ts
• ui/src/views/AnalyticsView.vue
• ui/src/views/GraphView.vue
• ui/src/views/HomeView.vue
• ui/src/views/SystemView.vue
• ui/src/views/VaultView.vue

[gemini-code-assist]

Code Review

This pull request introduces several UI/UX improvements, data display adjustments, and error handling enhancements across the application. Key changes include expanding the allowed characters for project names in internal/worker/middleware.go, clarifying observation counts in user-prompt.js by distinguishing between raw matched results and post-trim observations, and refining the authenticated layout height in App.vue. The StatsCards component was updated to display "Observations" instead of "Queue Depth" and now uses an isProcessing flag for status. The analytics view was streamlined by removing the "Cache Hits" metric and the "Latency Breakdown" section, and the terminology for "search misses" was updated. Error messages for vault credential revelation were made more specific to guide users on key mismatches, and the graph view now conditionally displays based on data availability. Additionally, the system view received layout adjustments for latency metrics and improved descriptive tooltips for maintenance actions, while the HomeView was refactored to remove unused SSE dependencies.

I am having trouble creating individual review comments. Click here to see my feedback.

plugin/engram/hooks/user-prompt.js (149-152)

The addition of comments explaining observationCount and matchedCount significantly improves code clarity and maintainability. It clearly distinguishes between the post-trim and pre-trim counts, which is crucial for understanding the logic.

ui/src/views/AnalyticsView.vue (112-115)

Removing the 'Cache Hits' metric is a good cleanup, especially if it was never populated. This simplifies the analytics view and removes potentially misleading or irrelevant information, as noted in the summary.

ui/src/views/AnalyticsView.vue (130-155)

The removal of the 'Latency Breakdown' section further streamlines the analytics view. If this data was not being populated or was deemed unnecessary, its removal reduces visual clutter and focuses the dashboard on more relevant metrics.

ui/src/views/HomeView.vue (2-8)

Removing the useSSE import and queueDepth variable from HomeView.vue is a logical refactoring, as the StatsCards component now directly uses isProcessing from its stats prop. This simplifies the HomeView component by removing unused dependencies.

[thebtf]

🤖 PR Review MCP State (auto-managed, do not edit)

{
  "version": 2,
  "parentChildren": {},
  "resolvedNitpicks": {
    "coderabbit-nitpick-335390b1-59": {
      "resolvedAt": "2026-03-20T11:54:04.183Z",
      "resolvedBy": "agent"
    },
    "coderabbit-outside-diff-48733e21-59": {
      "resolvedAt": "2026-03-20T11:54:06.693Z",
      "resolvedBy": "agent"
    }
  },
  "updatedAt": "2026-03-20T11:54:07.281Z"
}