Skip to content

Release typing#23

Merged
Sytten merged 9 commits into
mainfrom
ef-typing
Apr 17, 2026
Merged

Release typing#23
Sytten merged 9 commits into
mainfrom
ef-typing

Conversation

@Sytten

@Sytten Sytten commented Apr 11, 2026

Copy link
Copy Markdown
Member

Summary by CodeRabbit

  • New Features

    • Published a new shared QuickSSRF package that provides a stabilized plugin API and events surface.
  • Documentation

    • Added a README with overview and quick links.
  • Chores

    • Release process now builds and publishes the shared package automatically.
    • Frontend and backend now consume the centralized spec and consolidated typings; workspace dependency wiring and build tooling updated.

@coderabbitai

coderabbitai Bot commented Apr 11, 2026

Copy link
Copy Markdown

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1d9db265-b52b-49ee-a7b9-bfa237f91175

📥 Commits

Reviewing files that changed from the base of the PR and between 52f0ad7 and 8fe6ada.

📒 Files selected for processing (1)
  • .github/workflows/release.yml
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/release.yml

📝 Walkthrough

Walkthrough

Converted the internal shared workspace into a publishable package @caido-community/quickssrf, added build/tsdown and README, moved API/events spec into packages/shared and exported Spec, updated backend/frontend to consume Spec types, adjusted workspace dependencies, and extended the release workflow to build, version, and publish the shared package. (50 words)

Changes

Cohort / File(s) Summary
Release & Root Scripts
.github/workflows/release.yml, package.json
Added a Publish package step to the release workflow that runs pnpm run build:shared, sets packages/shared version via npm pkg set, and publishes @caido-community/quickssrf; added root script build:shared and pnpm.overrides for @caido/sdk-shared.
Shared package (publishable spec)
packages/shared/package.json, packages/shared/README.md, packages/shared/tsdown.config.ts, packages/shared/src/index.ts, packages/shared/src/api.ts, packages/shared/src/events.ts
Converted shared@caido-community/quickssrf, made package publishable (main/types → dist/, files, exports), added build/prepare scripts and tsdown config, added README, introduced exported API, renamed events map to Events, and added Spec export.
Backend package
packages/backend/package.json, packages/backend/src/index.ts, packages/backend/src/types.ts
Changed shared dependency to workspace:@caido-community/quickssrf@*; bumped @caido/sdk-backend; replaced local API/BackendEvents generics with imported Spec, updating SDK type signatures and removing older exported types.
Frontend package
packages/frontend/package.json, packages/frontend/src/types.ts, packages/frontend/tsconfig.json
Changed shared dependency to workspace:@caido-community/quickssrf@*; updated devDeps (bumped @caido/sdk-frontend, removed @caido/sdk-backend dev dep), removed backend type references; FrontendSDK now Caido<Spec> and tsconfig no longer references backend types.
Tooling / Analysis config
knip.ts
Updated knip workspace ignore lists to include shared for backend and frontend workspaces.

Sequence Diagram(s)

sequenceDiagram
  participant GH as GitHub Actions
  participant Repo as Monorepo
  participant Build as Build (pnpm / tsdown)
  participant Registry as NPM Registry

  GH->>Repo: release workflow starts / version extracted
  GH->>Build: run `pnpm run build:shared`
  Build->>Repo: produce `packages/shared/dist/` artifacts
  GH->>Repo: run `npm pkg set` to set `packages/shared` version
  GH->>Registry: `pnpm --filter "@caido-community/quickssrf" publish --access public --no-git-checks`
  Registry-->>GH: publish result
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

  • Plugin refactor #22: Overlapping refactor migrating API/event typings and the publish/build flow for the shared/quickssrf package.

Suggested reviewers

  • f8thl3ss

Poem

🐇 I hopped through types and build steps bright,
From workspace shared to a published sight.
Dist files packed, a version set true—
QuickSSRF released, a carrot-shaped debut! 🥕✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check ❓ Inconclusive The title 'Release typing' is vague and does not clearly convey the main purpose of this changeset, which involves refactoring SDK type definitions, publishing a shared package, and updating type imports across backend and frontend. Consider a more descriptive title such as 'Refactor SDK types to use shared Spec' or 'Extract shared API/Events spec and publish package' to better communicate the primary changes.
✅ Passed checks (1 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ef-typing

Comment @coderabbitai help to get the list of available commands and usage tips.

@socket-security

socket-security Bot commented Apr 11, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updated@​caido/​sdk-shared@​0.1.1 ⏵ 0.2.271 +210074 +193 +10100
Updated@​caido/​sdk-backend@​0.55.3 ⏵ 0.56.073 +110077 +297 -2100
Updated@​caido/​sdk-frontend@​0.55.3 ⏵ 0.56.1-beta.181 +110088 +299 +1100
Addedtsdown@​0.21.7981008896100

View full report

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
packages/frontend/package.json (1)

18-18: Clarify the intention for beta SDK dependency; consider upgrading from 0.55.3 to stable for release branches.

The current version pins 0.56.1-beta.1, which is a pre-release. The latest stable version 0.55.3 is available and already supports the required Caido<Spec> typing. If this package feeds production releases, upgrading to the stable release is recommended for consistency, unless 0.56.1-beta.1 includes specific features or fixes your team requires. Confirm the intentional use of the pre-release version.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@packages/frontend/package.json` at line 18, The dependency
"@caido/sdk-frontend" is pinned to a pre-release "0.56.1-beta.1"; either confirm
this pre-release is intentionally required or change it to the latest stable
"0.55.3" to avoid shipping a beta SDK; update the package.json entry for
"@caido/sdk-frontend" accordingly, run the package manager (npm/yarn/pnpm) to
refresh the lockfile, and run the test/build pipeline to ensure no typing or
runtime regressions from switching versions.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release.yml:
- Around line 70-74: The "Publish package" step currently runs after the release
creation which can leave an immutable GitHub release half-complete; move the
publication step so it runs before the release action (i.e., place the "Publish
package" job/step before the job that runs caido/action-release@v1), or gate the
release creation on a successful publish by adding an explicit
dependency/condition (use job-level needs or step-level if: success()
referencing the publish job/step) so that the release (and immutableCreate:
true) only runs after pnpm publish completes successfully.

In `@packages/shared/README.md`:
- Around line 6-10: Update the external anchor tags that use target="_blank"
(the Github, Documentation, and Discord <a> links) to include rel="noopener
noreferrer" so new tabs are opened with proper tab isolation; locate the <a
href="https://github.com/caido-community" ...>, <a
href="https://developer.caido.io/" ...>, and <a
href="https://links.caido.io/www-discord" ...> anchors and add rel="noopener
noreferrer" to each.

---

Nitpick comments:
In `@packages/frontend/package.json`:
- Line 18: The dependency "@caido/sdk-frontend" is pinned to a pre-release
"0.56.1-beta.1"; either confirm this pre-release is intentionally required or
change it to the latest stable "0.55.3" to avoid shipping a beta SDK; update the
package.json entry for "@caido/sdk-frontend" accordingly, run the package
manager (npm/yarn/pnpm) to refresh the lockfile, and run the test/build pipeline
to ensure no typing or runtime regressions from switching versions.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b6dc5e2a-f539-4af1-ad86-274c28ea53b8

📥 Commits

Reviewing files that changed from the base of the PR and between 061a05c and 8e55502.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (14)
  • .github/workflows/release.yml
  • package.json
  • packages/backend/package.json
  • packages/backend/src/index.ts
  • packages/backend/src/types.ts
  • packages/frontend/package.json
  • packages/frontend/src/types.ts
  • packages/frontend/tsconfig.json
  • packages/shared/README.md
  • packages/shared/package.json
  • packages/shared/src/api.ts
  • packages/shared/src/events.ts
  • packages/shared/src/index.ts
  • packages/shared/tsdown.config.ts
💤 Files with no reviewable changes (1)
  • packages/frontend/tsconfig.json

Comment thread .github/workflows/release.yml Outdated
Comment thread packages/shared/README.md
Comment on lines +6 to +10
<a href="https://github.com/caido-community" target="_blank">Github</a>
<span>&nbsp;&nbsp;•&nbsp;&nbsp;</span>
<a href="https://developer.caido.io/" target="_blank">Documentation</a>
<span>&nbsp;&nbsp;•&nbsp;&nbsp;</span>
<a href="https://links.caido.io/www-discord" target="_blank">Discord</a>

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find markdown anchor tags using target="_blank" without rel=...
rg -nP --iglob '*.md' '<a\s+[^>]*target="_blank"(?![^>]*\brel=)'

Repository: caido-community/quickssrf

Length of output: 636


Add rel="noopener noreferrer" to external links opened in new tabs.

Lines 6, 8, and 10 in packages/shared/README.md use target="_blank" without the rel attribute, weakening tab isolation security. The same pattern exists in the root README.md file.

Suggested fix
-  <a href="https://github.com/caido-community" target="_blank">Github</a>
+  <a href="https://github.com/caido-community" target="_blank" rel="noopener noreferrer">Github</a>
-  <a href="https://developer.caido.io/" target="_blank">Documentation</a>
+  <a href="https://developer.caido.io/" target="_blank" rel="noopener noreferrer">Documentation</a>
-  <a href="https://links.caido.io/www-discord" target="_blank">Discord</a>
+  <a href="https://links.caido.io/www-discord" target="_blank" rel="noopener noreferrer">Discord</a>
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<a href="https://github.com/caido-community" target="_blank">Github</a>
<span>&nbsp;&nbsp;&nbsp;&nbsp;</span>
<a href="https://developer.caido.io/" target="_blank">Documentation</a>
<span>&nbsp;&nbsp;&nbsp;&nbsp;</span>
<a href="https://links.caido.io/www-discord" target="_blank">Discord</a>
<a href="https://github.com/caido-community" target="_blank" rel="noopener noreferrer">Github</a>
<span>&nbsp;&nbsp;&nbsp;&nbsp;</span>
<a href="https://developer.caido.io/" target="_blank" rel="noopener noreferrer">Documentation</a>
<span>&nbsp;&nbsp;&nbsp;&nbsp;</span>
<a href="https://links.caido.io/www-discord" target="_blank" rel="noopener noreferrer">Discord</a>
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@packages/shared/README.md` around lines 6 - 10, Update the external anchor
tags that use target="_blank" (the Github, Documentation, and Discord <a> links)
to include rel="noopener noreferrer" so new tabs are opened with proper tab
isolation; locate the <a href="https://github.com/caido-community" ...>, <a
href="https://developer.caido.io/" ...>, and <a
href="https://links.caido.io/www-discord" ...> anchors and add rel="noopener
noreferrer" to each.

@Sytten Sytten merged commit ce0d3a9 into main Apr 17, 2026
8 checks passed
@Sytten Sytten deleted the ef-typing branch April 17, 2026 20:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant