Chore/cleanup ux palette refactor#3
Conversation
21 tests for github_api.{get_identity_or_reauth, decrypt_token_or_reauth,
github_get} including the 403/429 Retry-After tuple shape and the
needs_reauth persistence on decrypt failure.
9 tests for repos._view_helpers.{normalize_or_400, get_user_repo_or_404_response}
and the RepoStatus enum value-strings (drift-guard for the frontend mirror).
- Stream the chat endpoint as SSE (meta citations -> tokens -> done);
retrieval + access gate stay synchronous so 4xx errors stay clean JSON.
- Switch Gemini SDK to REST transport to fix the gRPC c-ares DNS failures
("Could not contact DNS servers") seen during embedding/chat.
- Update model gemini-2.0-flash -> gemini-2.5-flash (2.0 was retired,
which surfaced as "generation failed").
- Make embeddings resilient: retry transient transport/availability errors
with backoff + per-call timeout.
- Drop the redundant second LLM call for chat follow-up suggestions.
- Graph: hide dunder/boilerplate functions (__init__, …) at the DB-query
level by default; opt back in with ?include_boilerplate=true, return a
`hidden` count, and drop edges dangling to filtered-out nodes.
- Test settings: stream-aware genai stub + GoogleAPICallError/RetryError.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Streaming chat client (fetch + ReadableStream) with markdown, citation chips that focus/center the cited node in the graph, and a Cmd/Ctrl-K Ask palette; chat state lifted into a shared useChat hook. - Design system: Tailwind v4 + tokenized zinc+indigo palette with light mode + toggle, Inter/JetBrains Mono, focus rings, custom scrollbars. - react-router for shareable URLs (/r/:repoId); reserved /share + /orgs. - Resizable dashboard panels; Explorer & Chat are collapsible (open by default) via top-bar toggles; mobile stacked layout + bottom tab bar. - Tasteful framer-motion animations (palette, dropdown, messages, inspector, processing steps). - Enterprise marketing landing/sign-in page (hero, product mockup, feature grid, steps, CTA) with a two-tone wordmark. - Graph: user-defined vs all-functions toggle (server-driven), empty state, theme-aware colors, focus/center on citation. - Processing retry button (pull latest & re-analyze); strip repo names to the project; new node-graph favicon; topbar dropdown z-index fix. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Avoids clashing with other local apps. CORS/CSRF/redirect URIs and the Vite proxy target are aligned to the new ports. Local secrets stay in the gitignored .env / .env.local. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
AI-first chat + design-system overhaul, resilient backend, server-side graph filtering
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (4)
📒 Files selected for processing (70)
📝 WalkthroughWalkthroughAdds GitHub OAuth login, encrypted identity storage, repository access probing and ingestion, repo-scoped chat/graph/file enforcement, and a routed frontend with streaming chat, GitHub repo selection, and theme/auth state. ChangesGitHub auth, repo access, and streaming UI
Sequence Diagram(s)OAuth login flow sequenceDiagram
participant Frontend
participant GithubOAuthStartView
participant GitHub
participant GithubOAuthCallbackView
participant User
participant GitHubIdentity
Frontend->>GithubOAuthStartView: GET /auth/github/start/
GithubOAuthStartView->>Frontend: authorization URL and state
Frontend->>GithubOAuthCallbackView: GET callback with code and state
GithubOAuthCallbackView->>GitHub: exchange code and fetch user profile
GithubOAuthCallbackView->>User: upsert user
GithubOAuthCallbackView->>GitHubIdentity: encrypt token, store scopes, clear needs_reauth
GithubOAuthCallbackView->>Frontend: redirect to FRONTEND_BASE_URL
Repository submission and ingest flow sequenceDiagram
participant Frontend
participant RepositoryView
participant _can_grant_access
participant _probe_github
participant GitHub
participant ingest_repository
participant Repository
Frontend->>RepositoryView: POST /api/repos/
RepositoryView->>_can_grant_access: normalize URL and check access
_can_grant_access->>_probe_github: probe owner/name
_probe_github->>GitHub: GET api.github.com/repos/{owner}/{name}
RepositoryView->>ingest_repository: delay(repo_id, user_id)
ingest_repository->>Repository: set status, is_private, and clone source
Estimated code review effort🎯 5 (Critical) | ⏱️ ~120 minutes Poem
✨ Finishing Touches📝 Generate docstrings
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 Biome (2.5.0)frontend/src/index.cssFile contains syntax errors that prevent linting: Line 10: Tailwind-specific syntax is disabled. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
🧾 High-Level Summary
This PR adds GitHub OAuth/login, repo access control, private-repo ingestion, SSE chat streaming, graph/file auth gating, and a major frontend UI/routing refactor. Overall code health is mixed: the feature set is substantial and fairly well-covered by tests, but there are a few security and correctness risks around auth flows, token handling, and caching.
🚨 Critical Issues (Must Fix)
logout/session auth flow is only as strong as CSRF handling; the custom CSRF-exempt session auth for logout is risky and should be tightly constrained and reviewed for accidental reuse.RepositoryAccess+is_privateintroduce more branchy access logic; the private/public inference and reauth behavior needs careful edge-case review for 401/403/404 consistency.needs_reauth,no_access,github_unreachable, etc.); mismatches will produce confusing UX.💡 Suggestions (Nice to Have)
repos/views.pyandchat/views.pychanges into smaller service modules for maintainability.🔐 Security Verdict
Risky — the PR improves access control and credential handling overall, but it also introduces sensitive OAuth/token paths, custom auth behavior, and broader cache-driven repo gating that need careful hardening.
📊 Final PR Rating
4/5 — strong feature work with good test coverage and meaningful security improvements, but not production-ready without a closer audit of auth/token edge cases and cache/invalidation behavior.
📝 Suggested Prompt Update
The prompt is missing a way to handle PRs where the base branch has no merge base in the sandbox. It should ask for either:
git show --stat --summary <commit>, orwhen
git diff main...HEADis unavailable.It also needs a fallback instruction for “per-commit review” when only a flattened change summary is available: