Conversation
Fix getManageable to use guilds.getMember(guild.id, userId) instead of users.getGuildMember(guild.id) which incorrectly used the bot token on an OAuth-only endpoint. When member fetch fails, fall back to OAuth permissions instead of returning false. Fix isAdmin to handle missing member.permissions field by accepting oauthPermissions as fallback. Fix PermissionNodeManager to properly await async refresh() before run() executes, preventing race condition on first use. Co-authored-by: RedStar071 <76824516+RedStar071@users.noreply.github.com>
Co-authored-by: RedStar071 <76824516+RedStar071@users.noreply.github.com>
The profile page was hiding guilds where the user has `MANAGE_GUILD` but
isn't the owner — unlike the old site which displayed them. Two root
causes:
### `server/utils/discord.ts`
- **`getManageable()`** called `users.getGuildMember(guild.id)` — an
OAuth-only endpoint — with the **bot token**, silently failing for every
guild the bot is in. Changed to `guilds.getMember(guild.id, userId)` and
falls back to OAuth `permissions` bitfield when the member fetch fails
instead of returning `false`.
```diff
- const member = await useApi().users.getGuildMember(guild.id).catch(() => undefined);
- if (!member) return false;
+ const member = await useApi().guilds.getMember(guild.id, userId).catch(() => undefined);
+ if (!member) return hasManageGuild;
```
- **`isAdmin()`** now accepts optional `oauthPermissions: bigint`
fallback for when the bot-fetched member object lacks the `permissions`
field (only present in OAuth member responses).
- **`manage()`** threads `oauthPermissions` through to `isAdmin()`.
### `server/database/settings/structures/PermissionNodeManager.ts`
- `refresh()` is async but was fire-and-forget in the constructor —
`run()` could execute against an empty `sorted` Collection, making the
`conf` command permission node check a no-op (`null ?? true` → always
`true`).
- Store the refresh promise in `#refreshPromise` and `await` it at the
top of `run()`. On rejection, clear the stored promise so subsequent
calls aren't stuck on a stale error.
```typescript
public async run(member: APIGuildMember, command: WolfCommand) {
if (this.#refreshPromise) {
try { await this.#refreshPromise; }
catch { this.#refreshPromise = null; }
}
return (await this.runUser(member, command)) ?? (await this.runRole(member, command));
}
```
`canManage()` (API route handlers) is unaffected — it receives members
from `getCurrentMember()` which already uses the user's OAuth token.
<!-- START COPILOT ORIGINAL PROMPT -->
<details>
<summary>Original prompt</summary>
>
> ----
>
> *This section details on the original issue you should resolve*
>
> <issue_title>request: synchronize server view permissions in profile
as same behavior of old site</issue_title>
> <issue_description>### Is there an existing issue or pull request for
this?
>
> - [x] I have searched the existing issues and pull requests
>
> ### Feature description
>
> allows you to view servers even if you are not the owner or do not
have `ADMINISTRATOR` permissions, as shown here:
>
> Old Site:
> <img width="1383" height="139" alt="Image"
src="https://github.com/user-attachments/assets/9fc02b2d-b7ca-4e7a-8747-3cff16321d92"
/>
> New Site (missing the servers no has support a like old behavior):
> <img width="1412" height="672" alt="Image"
src="https://github.com/user-attachments/assets/1ebde389-8cda-463b-8a33-58919af9e6a3"
/>
>
> ### Desired solution
>
> support old behavior for managing server no has owner or role with
permission `ADMINISTRATOR`
>
> ### Alternatives considered
>
> no alternative i has considered
>
> ### Additional context
>
> _No response_</issue_description>
>
> <agent_instructions>fix NodePermissionsManager and file
server/utils/discord.ts</agent_instructions>
>
> ## Comments on the Issue (you are @copilot in this section)
>
> <comments>
> </comments>
>
</details>
> **Custom agent used: wolfstar-dev-agent**
> WolfStar Development Agent - Enhanced with Context7 MCP and Beast Mode
<!-- START COPILOT CODING AGENT SUFFIX -->
- Fixes #67
<!-- START COPILOT CODING AGENT TIPS -->
---
📍 Connect Copilot coding agent with [Jira](https://gh.io/cca-jira-docs),
[Azure Boards](https://gh.io/cca-azure-boards-docs) or
[Linear](https://gh.io/cca-linear-docs) to delegate work to Copilot in
one click without leaving your project management tool.
) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Consolidated developer tooling and scripts into a unified vite-plus workflow, updated CI flows, pinned workspace overrides, and adjusted package lifecycle hooks. * Moved pre-commit staging to a new hook and updated editor recommendations/settings. * **Tests** * Centralized test configuration into the new Vite-based setup and standardized test invocations across CI. * **Style** * Widespread non-functional whitespace and formatting cleanup across many components and pages. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: RedStar071 <76824516+RedStar071@users.noreply.github.com> Agent-Logs-Url: https://github.com/wolfstar-project/wolfstar.rocks/sessions/56b639db-59a6-49c6-add7-980c76e72c38
The WCAG 2.2 fix (underline -> hover:no-underline) was inadvertently removed by a subsequent commit. Reapply: both NuxtLink elements now show underline by default per WCAG 2.2 SC 1.4.1 (Use of Color). Agent-Logs-Url: https://github.com/wolfstar-project/wolfstar.rocks/sessions/c773c336-ada5-412e-bc60-e7acfb1b5c8a Co-authored-by: RedStar071 <76824516+RedStar071@users.noreply.github.com>
- [x] Identify accessibility issue: NuxtLink underline only visible on hover in Events.vue - [x] Fix NuxtLink default underline state for WCAG 2.2 compliance (both links in Events.vue) - [x] Fix grammar: "setup" → "set up" - [x] Verified current code state — WCAG fix was reverted by a subsequent commit, reapplied - [x] Lint passes: 0 warnings, 0 errors
✅ Contribution Guidelines Check — PassedThis automated release PR meets all contribution guidelines:
The
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code quality review — v0.2.0 release PR
This is a large accumulation PR (160 commits, 997 files) from main → release. The bulk of the file count is .claude/skills/ documentation, so the actual app-surface diff is much smaller than it looks. Here's the overall picture.
✅ CI status
| Check | Status |
|---|---|
| 🔠 Lint | ✅ passed |
| 🧪 Unit tests | ✅ passed |
| 🧪 Component tests | ✅ passed |
| ⚡ Benchmarks | ✅ passed |
| 🧹 Unused code | ✅ passed |
| 🔒 GitGuardian | ✅ passed |
| 📦 Netlify deploy preview | ✅ ready |
| 📊 Codecov | ✅ passed |
| 🖥️ Browser tests | ⏳ in progress |
| ♿ Accessibility audit (light) | ⏳ in progress |
| ♿ Accessibility audit (dark) | ⏳ in progress |
The browser tests and both accessibility audits are still running at review time. Do not merge until these complete successfully — this PR deploys to production.
🔍 Highlights
Solid improvements:
PermissionNodeManager: the new#refreshPromisefield correctly synchronises the asyncrefresh()call that was previously fire-and-forget in the constructor. The race condition this fixes was a real correctness issue.oauth/callback.vue: early-return onerror.valueand switching toexternal: truenavigation ensures the fresh session cookie is picked up by SSR on the target page. Good fix.createApiComposable: clean SWR-style hydration refresh pattern that avoids redundant network calls on already-fresh data.SettingsSection.vue: wrapping heading + description in a semantic<header>improves document structure.useUser.ts: removing the complexfetchMorepagination layer andcacheshallowRef simplifies the composable significantly, at the cost of always requiring a single/api/userscall. Reasonable trade-off for a dashboard.
Minor issues flagged inline (non-blocking):
server/utils/discord.ts— redundant?? falseafterArray.includes()(always a boolean).app/composables/useUser.ts—?? nullfallback is inconsistent with the updatedRef<string | undefined>interface type.app/composables/createApiComposable.ts— SWR refresh silently skips whenonMountedhas no active instance; a dev-mode guard would help.app/pages/oauth/login.vue— verify thereturn login(safeNext)insidedefinePageMetamiddleware integrates cleanly with Nuxt's navigation return contract.
None of these are blockers, but items 1–2 are worth addressing before this lands on release.
Generated by WolfStar Code Quality Reviewer for issue #112
| @@ -125,8 +129,7 @@ export async function transformGuild( | |||
| systemChannelId: null, | |||
There was a problem hiding this comment.
The ?? false guard after Array.prototype.includes() is redundant — includes() always returns a strict boolean, never null or undefined. Same on the verified line just below. Consider removing it to keep the intent clear.
// Before (current)
partnered: data.features.includes(GuildFeature.Partnered) ?? false,
verified: data.features.includes(GuildFeature.Verified) ?? false,
// After (cleaner)
partnered: data.features.includes(GuildFeature.Partnered),
verified: data.features.includes(GuildFeature.Verified),|
|
||
| // SWR-style hydration refresh: during SSR hydration, asyncData.data is already | ||
| // populated so isStale can be checked synchronously. If stale, schedule a | ||
| // refresh in onMounted to update the cache after hydration completes. |
There was a problem hiding this comment.
The SWR stale-refresh logic fires conditionally at the composable call site — good, but there's a subtle edge: if createApiComposable is called inside a composable that is itself called outside a component (e.g. a route plugin or test helper), onMounted will be a no-op and silently swallow the stale refresh. Consider adding a dev-mode warning:
if (import.meta.client && asyncData.data.value?.isStale) {
if (getCurrentInstance()) {
onMounted(() => asyncData.refresh());
} else if (import.meta.dev) {
console.warn('[createApiComposable] isStale=true but no active component instance; refresh skipped');
}
}This is non-blocking since the fallback is just "no refresh", but it would make debugging easier.
| definePageMeta({ alias: ["/login"] }); | ||
| const log = useLogger("oauth:login"); | ||
|
|
||
| definePageMeta({ |
There was a problem hiding this comment.
Moving the login redirect into definePageMeta middleware is a solid improvement over onMounted (prevents the flash of the empty page). One concern: useAuth() is called inside the middleware arrow function body. In Nuxt 4, middleware runs within the Nuxt context so composables work, but login() from nuxt-auth-utils typically performs an async redirect. Make sure the middleware properly returns or navigateTo()s so Nuxt can intercept the navigation — the current implementation calls return login(safeNext) which should work if login returns a NavigationGuardReturn. Worth a quick smoke-test on the deploy preview to confirm the redirect chain is clean.
| total: data.transformedGuilds?.length || 0, | ||
| user: data.user, | ||
| }; | ||
|
|
||
| return { ...data, isStale }; |
There was a problem hiding this comment.
The UseUserSearchOptions interface was updated to query?: Ref<string | undefined> (removing null), but the computed fallback here still uses ?? null, producing a string | null value downstream. Consider aligning the fallback:
const searchQuery = computed(() => options?.search?.query?.value ?? undefined);Or keep the type as Ref<string | null> if null is intentional. As-is, TypeScript won't complain because null is compatible with many coercions, but it's a latent inconsistency that could confuse future callers or break stricter type checks.
…load (#117) ## What - Removed decorative overload (\`hover-lift\`, \`hover-border-glow\`, \`animate-fade-in-up\`, \`hover:scale-105\`) from non-interactive elements on the commands page - Normalized 6 rainbow section icon colors to consistent \`primary\` token in \`Base.vue\` - Replaced all hardcoded Tailwind palette classes (\`gray-*\`, \`purple-*\`, \`pink-*\`, \`yellow-*\`, \`orange-*\`) with semantic design tokens (\`base-content\`, \`base-300\`, \`primary\`) - Stripped dead \`focus:ring-*\` and \`hover:scale-105\` from non-focusable \`UBadge\` elements in \`Chips.vue\` - Removed decorative blur glow from empty state in \`SubCategory.vue\` - Fixed \`sanitizeAndFormat()\` script-generated HTML to also use semantic tokens ## Why Design critique identified these as AI-generated design tells that added visual noise without functional value. The rainbow colors fragmented visual cohesion, hardcoded palette values bypassed the DaisyUI theme system (light/dark/midnight), and hover effects on static content created false affordances. ## Impact - **Code change** -- CSS classes only, no behavioral or structural modifications - 4 files changed, 38 insertions, 58 deletions (net -20 lines) ## Verification - \`pnpm lint:fix\` -- 0 warnings, 0 errors - No JavaScript/TypeScript logic, ARIA attributes, or component behavior was changed - All semantic tokens adapt automatically across light, dark, and midnight themes ## PR Checklist - [x] Commits follow Conventional Commits - [x] No breaking changes - [x] Run: \`pnpm lint\`, \`pnpm typecheck\`, \`pnpm build\` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Updated command component colors to align with new theme styling * Simplified hover and focus effects on interactive badge elements * Removed fade-in animation from command page header * Streamlined icon styling in empty search states <!-- end of auto-generated comment: release notes by coderabbit.ai -->
- [x] Analyze feedback from PR review - [x] Fix `getMetricRoute()` to replace only full numeric path segments and normalize trailing slash - [x] Extract metrics emission logic into a shared `withApiMetrics(event, fn)` helper - [x] Guard `guilds` watcher in `profile.vue` against non-array values before accessing `.length` - [x] Run `pnpm lint:fix` → 0 errors, 0 warnings --------- Signed-off-by: RedStar <redstar071@proton.me> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
|
✅ Contribution guidelines check passed for this automated release PR.
This release PR is well-structured. Good to go! 🚀
|
🔍 Code Quality Review —
|
There was a problem hiding this comment.
Code quality review — v0.2.0 release PR (latest update)
✅ CI status — all checks green
| Check | Status |
|---|---|
| 🔠 Lint | ✅ passed |
| 🧪 Unit tests | ✅ passed |
| 🧪 Component tests | ✅ passed |
| 🖥️ Browser tests | ✅ passed |
| ♿ Accessibility audit (light) | ✅ passed |
| ♿ Accessibility audit (dark) | ✅ passed |
| ⚡ Benchmarks | ✅ passed |
| 🧹 Unused code (Knip) | ✅ passed |
| 🔒 GitGuardian | ✅ passed |
| 📊 Codecov | ✅ passed |
| ⚡ CodSpeed | ✅ passed |
| 🌐 Netlify deploy preview | ✅ ready |
All checks that were previously in progress (browser tests, accessibility audits, benchmarks) have now completed successfully. The CI picture is fully green.
New change since last review
The only commit since the last review is fix(cards): change reload button to navigate to login page (6bdfbfb8), which correctly changes the 401 error action from a page reload to navigating to /login. The navigation target is right — on a 401, redirecting to the login page is the correct UX.
One inline comment attached: the button text ("Reload Page") and icon (arrow-path) were not updated alongside the to="/login" change. This creates a label/action mismatch that is a WCAG 2.5.3 issue. Suggested fix: icon="heroicons:arrow-right-on-rectangle" and label "Log In". This is a follow-up polish item and not a release blocker.
Non-blocking issues flagged in the three previous reviews remain open as tracking items. All CI is green — this PR is in good shape for the v0.2.0 release once the label fix is addressed or accepted as a follow-up.
Note
🔒 Integrity filter blocked 9 items
The following items were blocked because they don't meet the GitHub integrity level.
- 6bdfbfb
list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved". - ce767b7
list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved". - 02ccf5f
list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved". - 32e5d27
list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved". - 5d1d4bf
list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved". - 760df4f
list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved". - 34f933b
list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved". - b25f1d9
list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved". - 3356bca
list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
To allow these resources, lower min-integrity in your GitHub frontmatter:
tools:
github:
min-integrity: approved # merged | approved | unapproved | noneGenerated by WolfStar Code Quality Reviewer for issue #112
| @@ -107,7 +107,7 @@ | |||
| variant="outline" | |||
| size="sm" | |||
| icon="heroicons:arrow-path" | |||
| @click="reloadPage" | |||
| to="/login" | |||
| > | |||
| Reload Page | |||
There was a problem hiding this comment.
The button label "Reload Page" and the icon heroicons:arrow-path (a circular reload arrow) no longer match the action: the button now navigates to /login instead of reloading the page.
A mismatched label is a WCAG 2.5.3 failure ("Label in Name") and will confuse both sighted users and screen reader users who hear "Reload Page" but get taken to the login page.
Consider something like:
<UButton
v-if="error.status === 401"
color="error"
variant="outline"
size="sm"
icon="heroicons:arrow-right-on-rectangle"
to="/login"
>
Log In
</UButton>heroicons:arrow-right-on-rectangle is the conventional sign-in icon and matches the navigation target. The label "Log In" accurately describes the resulting action.
🔍 Code Quality Overview —
|
| File | Change |
|---|---|
app/app.config.ts |
73 lines removed — footer column definitions extracted out |
app/components/app/Footer.vue |
Now consumes useFooter() composable instead of inline config |
Summary
A clean, focused refactor. The static footer navigation links (Support Server, GitHub, Blog, Donate, Terms, Privacy) were previously defined in app.config.ts and are now owned by the dedicated app/composables/useFooter.ts composable. Footer.vue is updated to call useFooter() and destructure columns from it. app.config.ts is now minimal — only the UI theme is defined there.
What's good:
- Separation of concerns is improved; footer link configuration is now colocated with the composable that owns it.
app.config.tsis cleaner and focused on UI theming only.- The destructuring in
Footer.vue(const { columns } = useFooter()) is idiomatic.
Minor observation (non-blocking):
The columns array in useFooter.ts is fully static — it has no reactive dependencies. Wrapping it in computed<FooterColumn[]>(() => [...]) adds a reactivity layer that Vue will compute once and cache but never invalidate. A simple top-level const would be slightly more efficient and clearer in intent:
// Current
const columns = computed<FooterColumn[]>(() => [...]);
// Consider
const columns: FooterColumn[] = [...];This is only worth changing if the columns ever need to depend on reactive state (e.g., i18n, auth status); if that's anticipated, keeping computed makes sense as a forward-compatible choice.
CI Status
CI checks are still in progress for this commit. The previous commit's CI (6bdfbfb8) completed with ✅ all checks passing (lint, tests, contribution guidelines, code quality). No regressions are expected from this focused refactor, but confirm CI green before merging to release.
Generated by WolfStar Code Quality Reviewer · ◷
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated build and test configuration files to use modern JavaScript module utilities for determining the project root directory. This improves code maintainability and ensures better compatibility with current Node.js development standards. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
🔍 Code Quality Overview —
|
| File | Type | Risk |
|---|---|---|
.gitignore |
Config / housekeeping | 🟢 None |
This is a pure housekeeping commit — removes a duplicate .nvmrc entry from .gitignore. No source code, components, composables, server routes, or tests were modified. No correctness, performance, or accessibility concerns.
🚦 CI Status (at time of review)
| Job | Status |
|---|---|
| 🔠 Lint project | ✅ Passed |
| 🧪 Unit tests | ✅ Passed |
| 🧹 Unused code check | ✅ Passed |
| 🧪 Component tests | ✅ Passed |
| 🛡️ GitGuardian Security | ✅ Passed |
| 🖥️ Browser tests | 🔄 In progress |
| ⚡ Benchmarks | 🔄 In progress |
| ♿ Accessibility audit (light) | 🔄 In progress |
| ♿ Accessibility audit (dark) | 🔄 In progress |
All completed checks are green. The remaining jobs (browser tests, benchmarks, accessibility audits) are still running but are expected to pass as the commit touches no application logic.
✅ No quality concerns. This is a safe, self-contained housekeeping fix.
Generated by WolfStar Code Quality Reviewer · ◷
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [std-env](https://redirect.github.com/unjs/std-env) | [`^3.10.0` → `^4.0.0`](https://renovatebot.com/diffs/npm/std-env/3.10.0/4.0.0) |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/83) for more information. --- ### Release Notes <details> <summary>unjs/std-env (std-env)</summary> ### [`v4.0.0`](https://redirect.github.com/unjs/std-env/blob/HEAD/CHANGELOG.md#v400-rc1) [Compare Source](https://redirect.github.com/unjs/std-env/compare/v3.10.0...v4.0.0) [compare changes](https://redirect.github.com/unjs/std-env/compare/v3.10.0...v4.0.0-rc.1) ##### 🚀 Enhancements - Agent detection ([#​179](https://redirect.github.com/unjs/std-env/pull/179)) - Check `MODE` variable for `isDevelopment` and `isProduction` flags ([#​114](https://redirect.github.com/unjs/std-env/pull/114)) ##### 🔥 Performance - No need to pass env ref ([44bab37](https://redirect.github.com/unjs/std-env/commit/44bab37)) ##### 🩹 Fixes - Jenkins detection ([#​171](https://redirect.github.com/unjs/std-env/pull/171)) ##### 💅 Refactors -⚠️ Remove env and process shims ([d4de8a4](https://redirect.github.com/unjs/std-env/commit/d4de8a4)) -⚠️ Improve codebase ([653b127](https://redirect.github.com/unjs/std-env/commit/653b127)) - Default `nodeEnv` to `undefined` ([c78098a](https://redirect.github.com/unjs/std-env/commit/c78098a)) - Remove `toBoolean` util ([23bfb8f](https://redirect.github.com/unjs/std-env/commit/23bfb8f)) ##### 📦 Build -⚠️ Esm-only dist ([d31cca3](https://redirect.github.com/unjs/std-env/commit/d31cca3)) ##### 🏡 Chore - Migrate to oxlint, oxfmt and tsgo ([3de70cf](https://redirect.github.com/unjs/std-env/commit/3de70cf)) - Update lockfile ([c6e909c](https://redirect.github.com/unjs/std-env/commit/c6e909c)) - Update ([06201cc](https://redirect.github.com/unjs/std-env/commit/06201cc)) - Apply automated updates ([8f0d79f](https://redirect.github.com/unjs/std-env/commit/8f0d79f)) - Update deps ([8168254](https://redirect.github.com/unjs/std-env/commit/8168254)) - Prepare for v4 rc ([58118f5](https://redirect.github.com/unjs/std-env/commit/58118f5)) #####⚠️ Breaking Changes -⚠️ Remove env and process shims ([d4de8a4](https://redirect.github.com/unjs/std-env/commit/d4de8a4)) -⚠️ Improve codebase ([653b127](https://redirect.github.com/unjs/std-env/commit/653b127)) -⚠️ Esm-only dist ([d31cca3](https://redirect.github.com/unjs/std-env/commit/d31cca3)) ##### ❤️ Contributors - Pooya Parsa ([@​pi0](https://redirect.github.com/pi0)) - Mark R. Florkowski ([@​markflorkowski](https://redirect.github.com/markflorkowski)) - Gustavo Perdomo <gperdomor@gmail.com> </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/wolfstar-project/wolfstar.rocks). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45NC4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiY2hvcmUiLCJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: RedStar <redstar071@proton.me> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated code ownership configuration. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: LoryPelli <87276663+lorypelli@users.noreply.github.com>
…de quality configurations (#123) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated code quality workflow configuration to prevent no-op outputs from being reported as issues in pull requests. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
🤖 Code Quality Overview —
|
| Check | Status |
|---|---|
| 🔠 Lint | ✅ Passed |
| 🧪 Unit tests | ✅ Passed |
| 🧪 Component tests | ✅ Passed |
| 🖥️ Browser tests | ✅ Passed |
| 🧹 Unused code check | ✅ Passed |
| ♿ Accessibility audit (light) | ✅ Passed |
| ♿ Accessibility audit (dark) | 🔄 In progress |
| ⚡ Benchmarks | 🔄 In progress |
| 🔒 GitGuardian | ✅ Passed |
| 📊 Codecov | ✅ Passed |
Change Assessment
The PR template is well-structured and follows good contribution hygiene practices. A couple of minor observations:
- Duplicate context slots: The
### 🧭 Contextsection contains two adjacent comment placeholders (<!-- Brief background … -->and<!-- High-level summary … -->). Consider merging these into one prompt to avoid ambiguity about what goes where. - Checklist placement: The pre-submission checklist is wrapped in an HTML comment block, meaning it will not render as interactive checkboxes. This is a reasonable design choice if the intent is guidance-only, but contributors won't be able to tick items. If you want trackable checkboxes, move the list outside the comment block.
No bugs, security concerns, or accessibility issues — this is a safe, low-risk change. ✅
Generated by WolfStar Code Quality Reviewer · ◷
There was a problem hiding this comment.
Code quality review — v0.2.0 release PR (latest update)
CI status
| Check | Status |
|---|---|
| 🔠 Lint | ✅ passed |
| 🧪 Unit tests | ✅ passed |
| 🧪 Component tests | ✅ passed |
| 🧹 Unused code (Knip) | ✅ passed |
| 🔒 GitGuardian | ✅ passed |
| 📊 Codecov (patch + project) | ✅ passed |
| 🌐 Netlify deploy preview | ✅ ready |
| 🖥️ Browser tests | ⏳ in progress |
| ♿ Accessibility audit (light) | ⏳ in progress |
| ♿ Accessibility audit (dark) | ⏳ in progress |
| ⚡ Benchmarks | ⏳ in progress |
New commit since last review
The only change since the previous review is e9f0471c — feat: add pull request template (.github/PULL_REQUEST_TEMPLATE.md, +28 lines, documentation-only).
The template is well-structured:
- Linked issue, context, and description sections
- A thoughtful AI-usage note encouraging contributors to write in their own voice
- A contributor checklist (conventional commits, documentation, tests, etc.)
No code changes, no regressions. ✅
Open items from prior reviews (carry-over)
The following non-blocking items were flagged in earlier reviews and remain unaddressed — worth tracking as follow-up work before or shortly after the v0.2.0 release:
fix(cards)— label/action mismatch: the reload button now navigates to/loginbut still uses thearrow-pathicon and "Reload Page" label. This is a WCAG 2.5.3 issue; suggested fix:icon="heroicons:arrow-right-on-rectangle"+ label"Log In".createApiComposable.ts—isStalecheck runs at setup time, not insideonMounted, so SWR refreshes can be silently skipped on data that goes stale after hydration.PermissionNodeManager.ts—#refreshPromiseis never cleared after resolution, adding a microtask overhead on every subsequentrun()call.server/utils/discord.ts—?? falseafterArray.includes()is redundant (always boolean).useUser.ts—?? nullfallback is inconsistent with theRef<string | undefined>return type.
None of these are blockers for the release. The PR is in good shape pending the browser tests, accessibility audits, and benchmarks completing green.
Generated by WolfStar Code Quality Reviewer for PR #112
Generated by WolfStar Code Quality Reviewer for issue #112
This PR will deploy the following changes to production (
wolfstar.rocks).Next version:
v0.2.0(current:v0.1.0)Features
e9f0471c)02ccf5ff)5a5000ce)136e9f48)a50f1b1d)2124b5fa)a082e97b)28d3348f)c6bcaff2)Fixes
827e4950)6bdfbfb8)ce767b74)8132ebd0)760df4fa)34f933b1)1d19bd1d)d5ad6eb0)61503796)434a16c0)446859c2)5fbdca85)8725751c)e05e1326)ece11d86)50c0a805)18b6b84a)58f60be2)3891eb0e)fcf6bfda)bbe73c59)false(5375da9e)ab9a544b)8b9d11d4)417cc237)baf3b054)004aedb1)add18b83)17886de5)1b61d487)5158f0bd)Other Changes
fcb21a3b)4e2e463c)4e8d3b24)7904ea02)3ccf7886)32e5d27d)b25f1d9c)3356bca8)19931fd1)449d6d92)ac2b6174)18f445ee)f8fbfd62)48a018fe)92dde526)951936a6)4ab48318)1efd1b16)845d3289)9d639d63)ec8a94f0)6f9a33af)31b75380)1c6ee898)ceb40a0e)91bb909a)d08e2e04)e2b66478)1d085773)16933906)4177bc54)eec99761)5272420f)136df097)38f4d865)a514341d)4f0df00b)5fee2495)1dc84cfb)e72ab852)b9d60c54)3b8dfaae)0223ed27)2375a0f3)ecaf8d17)572f2124)f811722e)c97307c0)8bc6a133)1f6af1ae)d323a532)47bc2734)31aceb72)53d20d25)0bc6d3e9)eb4b3c96)45749d40)consola(056662ff)22583f3a)0544bcb6)5d05f70c)6982c8cd)055e5981)0254d85b)47479196)0527396b)a66f3e5a)95a5cd69)fb7c7612)de064a17)714edc65)60c9d0b2)a0d49605)b3cc0458)40403287)af008693)cc756897)04594280)1435739c)28bff2c2)d2d4b388)caa501f6)57584dec)82a45473)03e92bcb)738ad8b4)17eecc6d)Uncategorized
abe7a058)dd606c3b)46fe3d68)6357c182)e8ee404d)9a497fd8)777b1480)6aef6279)de71a2ed)ece8fc0d)e2b3fdc4)0d5b7fd8)4350700f)