feat: SKILL.mdを修正#41
Conversation
|
Important Review skippedAuto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment Tip CodeRabbit can use OpenGrep to find security vulnerabilities and bugs across 17+ programming languages.OpenGrep is compatible with Semgrep configurations. Add an |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! このプルリクエストは、リポジトリのスキルガイドラインと開発ドキュメントを更新し、特に履歴データの取り扱いとAPIの利用に関する情報を明確にすることを目的としています。これにより、開発者が履歴機能の動作をより正確に理解し、効率的かつコスト効率の良い方法で変更を実装できるようになります。 Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
このプルリクエストは、SKILL.md を更新し、戦績履歴機能がハードコードされたデータからバックエンドを利用する形に変更されたことを反映するものです。新しいAPIエンドポイント、SWRを利用したデータフロー、そして新しい実装に伴う注意点など、将来の開発者にとって重要なコンテキストが追加されており、全体として良い改善です。一点、Known pitfallsセクションからSQLインジェクションの可能性に関する警告が削除されています。この警告はまだ有効である可能性があるため、ドキュメントに残しておくことを検討してください。詳細はコメントをご確認ください。
| If a task touches Cloudflare runtime behavior, note that local verification may also require a Pages/Workers dev setup that is not fully captured by current package scripts. | ||
|
|
||
| ## Known pitfalls | ||
|
|
||
| - `functions/api/routes/weapon.ts` builds the SQL `LIMIT` clause from the query string directly. Be cautious when changing request handling there. | ||
| - `index.html` still has the default Vite title, so product polish tasks may need to update app metadata. |
There was a problem hiding this comment.
この「Known pitfalls」から functions/api/routes/weapon.ts に関する警告を削除していますが、この警告はまだ有効だと思われます。
weapon.ts の L35 では、SQLクエリに文字列補間 (LIMIT ${parsedCount}) を使用しており、これはSQLインジェクションのリスクを伴う可能性があります。
parsedCount は数値であるか検証されていますが、セキュリティのベストプラクティスとして、このような記述は避けるべきです。
将来の開発者がこのリスクを認識できるよう、この警告を残しておくことを推奨します。
There was a problem hiding this comment.
Pull request overview
This PR updates SKILL.md to reflect the current /api/results history workflow (KV-backed result history + SWR cache updates) and to add guidance around keeping frontend/backend behavior aligned and free-tier-conscious.
Changes:
- Document
POST /api/resultsalongside the existing history endpoints. - Update repo “working rules” to describe live history + SWR mutation-based freshness and bounded KV storage.
- Add/adjust verification and known-pitfall notes (build step, retention-limit alignment).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - `useSWR('results', ...)` reads current history from `GET /api/results`. | ||
| - After `POST /api/results`, the frontend updates the SWR cache directly instead of forcing a refetch. |
There was a problem hiding this comment.
src/app.tsx sets revalidateOnMount: false (and also disables focus/reconnect revalidation) and there’s no SWRConfig fallback/other mount-time trigger in src/, so the history list may not be fetched on initial page load. This makes the statement that useSWR('results', ...) “reads current history from GET /api/results” potentially misleading; consider clarifying the docs or adjusting the app’s initial fetch strategy so history is actually loaded on mount.
| - `useSWR('results', ...)` reads current history from `GET /api/results`. | |
| - After `POST /api/results`, the frontend updates the SWR cache directly instead of forcing a refetch. | |
| - `useSWR('results', ...)` manages the result history cache under the `'results'` key. Given the current SWR config in `src/app.tsx` (with `revalidateOnMount`, focus, and reconnect revalidation disabled), history is not automatically fetched on initial page load unless you explicitly trigger a fetch. | |
| - After `POST /api/results`, the frontend updates the SWR cache directly instead of forcing a refetch, to avoid extra KV reads. |
No description provided.