feat: comprehensive UI overhaul, security hardening, docs, and deployment#71
feat: comprehensive UI overhaul, security hardening, docs, and deployment#71swadhinbiswas wants to merge 13 commits into
Conversation
- Use bun install --production to exclude dev dependencies - Use oven/bun:1-slim instead of oven/bun:1 (smaller base) - Use --no-install-recommends for apt packages - Clean up apt cache in same layer - Rename REPOS_PATH to GIT_REPOS_PATH for consistency
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughThe pull request updates Docker production packaging and publishing, adds Docker Hub documentation, restructures the README, and centralizes Astro layout, code-viewer, and admin HUD styling. The API documentation page now uses the shared base layout, and the blob page adds clipboard copying. ChangesDeployment updates
Project documentation refresh
Frontend layout updates
Estimated code review effort: 3 (Moderate) | ~20 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
| RUN for i in 1 2 3; do \ | ||
| bun install --frozen-lockfile && break || \ | ||
| bun install --frozen-lockfile --production && break || \ | ||
| (echo "bun install attempt $i failed, retrying in 10s..." && sleep 10); \ | ||
| done |
There was a problem hiding this comment.
Production-only install breaks the build stage
bun install --production in the deps stage excludes all devDependencies. The builder stage copies node_modules directly from deps and then runs bun run build. For an Astro project the build toolchain (Astro itself, TypeScript compiler, Vite, etc.) lives in devDependencies, so the bun run build step will fail with missing module errors at compile time. The --production flag is appropriate for the final runner image, but the deps stage that feeds the builder needs the full dependency tree.
Prompt To Fix With AI
This is a comment left during a code review.
Path: Dockerfile
Line: 14-17
Comment:
**Production-only install breaks the build stage**
`bun install --production` in the `deps` stage excludes all `devDependencies`. The `builder` stage copies `node_modules` directly from `deps` and then runs `bun run build`. For an Astro project the build toolchain (Astro itself, TypeScript compiler, Vite, etc.) lives in `devDependencies`, so the `bun run build` step will fail with missing module errors at compile time. The `--production` flag is appropriate for the final `runner` image, but the `deps` stage that feeds the builder needs the full dependency tree.
How can I resolve this? If you propose a fix, please make it concise.| env: | ||
| REGISTRY: docker.io | ||
| IMAGE_NAME: opencodehub/opencodehub | ||
| ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true" |
There was a problem hiding this comment.
Suppressing deprecated Node.js version warning rather than fixing it
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true" silences the GitHub Actions error that fires when a referenced action ships with a deprecated (EOL) Node.js runtime. The correct fix is to upgrade whichever action(s) still use Node 16 or earlier to a version that targets Node 20. Suppressing the warning with this flag means the workflow continues relying on runtimes that no longer receive security patches.
Prompt To Fix With AI
This is a comment left during a code review.
Path: .github/workflows/docker-publish.yml
Line: 12
Comment:
**Suppressing deprecated Node.js version warning rather than fixing it**
`ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true"` silences the GitHub Actions error that fires when a referenced action ships with a deprecated (EOL) Node.js runtime. The correct fix is to upgrade whichever action(s) still use Node 16 or earlier to a version that targets Node 20. Suppressing the warning with this flag means the workflow continues relying on runtimes that no longer receive security patches.
How can I resolve this? If you propose a fix, please make it concise.There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (1)
.github/workflows/docker-publish.yml (1)
12-12: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valuePrefer updating action versions over suppressing deprecation warnings.
Suppressing the Node 20 deprecation warning using
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSIONis a temporary workaround that bypasses security checks.When possible, consider updating the actions used in this workflow to versions that natively support the latest secure Node runtime (Node 24). Once the actions are updated, this environment variable should be removed to restore standard security warnings.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/docker-publish.yml at line 12, Update the GitHub Actions used by the workflow to versions that support the latest secure Node runtime, then remove the ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION environment variable. Preserve the workflow’s existing build and publish behavior.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@README.md`:
- Around line 29-30: Replace the VIDEO_ID placeholders in the OpenCodeHub Demo
Markdown image and link with the actual YouTube video ID, or remove the demo
section entirely if no video is available.
- Line 195: Update the architecture code fence in README.md to include a
language identifier, preferably text, while preserving its existing content.
- Around line 233-234: Update the README clone instructions so the directory
used by the cd command matches the case-sensitive directory name created by git
clone. Keep the repository URL unchanged and use one consistent spelling across
both commands.
- Line 12: Replace the hardcoded CI status image in the README with the
repository’s workflow badge URL and matching link, or remove the badge if no
workflow badge is available. Update the existing CI badge anchor and image while
preserving the surrounding README content.
---
Nitpick comments:
In @.github/workflows/docker-publish.yml:
- Line 12: Update the GitHub Actions used by the workflow to versions that
support the latest secure Node runtime, then remove the
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION environment variable. Preserve the
workflow’s existing build and publish behavior.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 66ce8023-339b-4be4-879a-b71a872587ba
📒 Files selected for processing (3)
.github/workflows/docker-publish.ymlDockerfileREADME.md
| <a href="https://www.npmjs.com/package/opencodehub-cli"><img src="https://img.shields.io/npm/v/opencodehub-cli?style=flat-square&label=CLI" alt="CLI version"></a> | ||
| <a href="LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue?style=flat-square" alt="License"></a> | ||
| <a href="https://github.com/swadhinbiswas/OpencodeHub/actions"><img src="https://img.shields.io/badge/CI-passing-success?style=flat-square" alt="CI"></a> | ||
| <a href="https://github.com/swadhinbiswas/OpencodeHub/actions"><img src="https://img.shields.io/badge/CI-passing-brightgreen?style=for-the-badge" alt="CI"></a> |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '\n== README excerpt ==\n'
nl -ba README.md | sed -n '1,25p'
printf '\n== workflow files ==\n'
find .github/workflows -maxdepth 1 -type f 2>/dev/null | sort
printf '\n== workflow names/paths ==\n'
for f in .github/workflows/*; do
[ -f "$f" ] || continue
echo "--- $f ---"
sed -n '1,120p' "$f" | sed -n '1,40p'
doneRepository: swadhinbiswas/OpencodeHub
Length of output: 225
🏁 Script executed:
#!/bin/bash
set -euo pipefail
nl -ba README.md | sed -n '1,25p'
echo
find .github/workflows -maxdepth 1 -type f 2>/dev/null | sortRepository: swadhinbiswas/OpencodeHub
Length of output: 203
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '== README excerpt ==\n'
sed -n '1,25p' README.md | awk '{printf "%4d %s\n", NR, $0}'
printf '\n== workflow files ==\n'
find .github/workflows -maxdepth 1 -type f 2>/dev/null | sort || true
printf '\n== workflow headers ==\n'
for f in .github/workflows/*; do
[ -f "$f" ] || continue
echo "--- $f ---"
sed -n '1,30p' "$f"
doneRepository: swadhinbiswas/OpencodeHub
Length of output: 5499
Use the CI workflow badge instead of a static status image.
This passing badge is hardcoded, so it can drift from the actual CI state. Point it at the repository’s workflow badge or remove it.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@README.md` at line 12, Replace the hardcoded CI status image in the README
with the repository’s workflow badge URL and matching link, or remove the badge
if no workflow badge is available. Update the existing CI badge anchor and image
while preserving the surrounding README content.
| <!-- Replace VIDEO_ID with your YouTube video ID --> | ||
| [](https://youtu.be/VIDEO_ID) |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Replace the demo placeholder before merging.
VIDEO_ID produces a broken image and link in the published README. Replace it with the real video ID or remove the demo section.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@README.md` around lines 29 - 30, Replace the VIDEO_ID placeholders in the
OpenCodeHub Demo Markdown image and link with the actual YouTube video ID, or
remove the demo section entirely if no video is available.
| ## Documentation | ||
| ## Architecture | ||
|
|
||
| ``` |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Add a language identifier to the architecture code fence.
Use ```text (or another appropriate language) so the README passes markdownlint MD040.
🧰 Tools
🪛 markdownlint-cli2 (0.23.0)
[warning] 195-195: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@README.md` at line 195, Update the architecture code fence in README.md to
include a language identifier, preferably text, while preserving its existing
content.
Source: Linters/SAST tools
| git clone https://github.com/swadhinbiswas/OpencodeHub.git | ||
| cd OpenCodeHub |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Fix the case-sensitive clone directory.
The clone URL creates OpencodeHub/, but the next command enters OpenCodeHub/. This fails on case-sensitive systems; use one spelling consistently.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@README.md` around lines 233 - 234, Update the README clone instructions so
the directory used by the cd command matches the case-sensitive directory name
created by git clone. Keep the repository URL unchanged and use one consistent
spelling across both commands.
…cks from layouts blocks from layouts - Move glass-panel and custom-scrollbar styles to globals.css - Remove style block from admin/index.astro - Remove style block from AdminLayout.astro
There was a problem hiding this comment.
Actionable comments posted: 5
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.mimocode/.cron-lock:
- Line 1: Remove the tracked auto-generated .mimocode/.cron-lock PID file from
the repository and add .mimocode/.cron-lock to .gitignore, or ignore the entire
.mimocode directory if it contains only ephemeral runtime data.
In `@DOCKERHUB.md`:
- Around line 40-46: Update the setup command sequence in DOCKERHUB.md to use
the exact directory name Git creates when cloning the repository, changing the
cd target from OpenCodeHub to OpencodeHub while leaving the remaining commands
unchanged.
- Around line 26-36: Update the Quick Start docker run command in the
documentation to include placeholder REDIS_URL and SITE_URL environment
variables alongside the existing configuration, matching the required variables
listed in the Environment Variables section.
In `@src/pages/api-docs.astro`:
- Around line 5-9: Move the inline Scalar API reference script from outside
BaseLayout into the BaseLayout content, alongside the api-reference container,
so it renders within the document body rather than after the closing HTML
element.
In `@src/styles/globals.css`:
- Around line 669-683: Resolve the duplicate global definitions for
`.glass-panel` and `.custom-scrollbar` in the Admin HUD styles. Either scope
these rules beneath the Admin HUD parent class if they are HUD-specific, or
remove the earlier definitions if these values are intended to replace them
globally; do not leave conflicting unscoped duplicates.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 318b5095-c08d-4532-849d-583503d192a8
📒 Files selected for processing (8)
.github/workflows/docker-publish.yml.mimocode/.cron-lockDOCKERHUB.mdsrc/layouts/AdminLayout.astrosrc/layouts/BaseLayout.astrosrc/pages/admin/index.astrosrc/pages/api-docs.astrosrc/styles/globals.css
💤 Files with no reviewable changes (2)
- src/layouts/AdminLayout.astro
- src/pages/admin/index.astro
🚧 Files skipped from review as they are similar to previous changes (1)
- .github/workflows/docker-publish.yml
| @@ -1 +1 @@ | |||
| {"pid":4029,"startedAt":1784090173838} No newline at end of file | |||
| {"pid":5727,"startedAt":1784185065125} No newline at end of file | |||
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟠 Major | ⚡ Quick win
Do not commit lock or PID files to source control.
This file appears to be an auto-generated runtime lock/PID file. Committing such files causes unnecessary repository changes, leads to merge conflicts, and pollutes git history.
Consider removing it from the repository and adding .mimocode/.cron-lock (or the entire .mimocode/ directory if it only contains ephemeral runtime data) to your .gitignore.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.mimocode/.cron-lock at line 1, Remove the tracked auto-generated
.mimocode/.cron-lock PID file from the repository and add .mimocode/.cron-lock
to .gitignore, or ignore the entire .mimocode directory if it contains only
ephemeral runtime data.
| ```bash | ||
| # Pull and run | ||
| docker run -d \ | ||
| --name opencodehub \ | ||
| -p 4321:4321 \ | ||
| -v opencodehub-data:/data \ | ||
| -e JWT_SECRET=$(openssl rand -hex 32) \ | ||
| -e SESSION_SECRET=$(openssl rand -hex 32) \ | ||
| -e DATABASE_URL=postgresql://user:pass@db:5432/opencodehub \ | ||
| opencodehub/opencodehub:latest | ||
| ``` |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Include all required environment variables in the Quick Start command.
The Environment Variables section below lists REDIS_URL and SITE_URL as required, but they are missing from this docker run command. Providing a command that fails due to missing variables will cause friction for users.
Include placeholder values for the missing required variables so the example runs successfully.
💡 Proposed fix
# Pull and run
docker run -d \
--name opencodehub \
-p 4321:4321 \
-v opencodehub-data:/data \
-e JWT_SECRET=$(openssl rand -hex 32) \
-e SESSION_SECRET=$(openssl rand -hex 32) \
-e DATABASE_URL=postgresql://user:pass@db:5432/opencodehub \
+ -e REDIS_URL=redis://redis:6379 \
+ -e SITE_URL=http://localhost:4321 \
opencodehub/opencodehub:latest📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ```bash | |
| # Pull and run | |
| docker run -d \ | |
| --name opencodehub \ | |
| -p 4321:4321 \ | |
| -v opencodehub-data:/data \ | |
| -e JWT_SECRET=$(openssl rand -hex 32) \ | |
| -e SESSION_SECRET=$(openssl rand -hex 32) \ | |
| -e DATABASE_URL=postgresql://user:pass@db:5432/opencodehub \ | |
| opencodehub/opencodehub:latest | |
| ``` |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@DOCKERHUB.md` around lines 26 - 36, Update the Quick Start docker run command
in the documentation to include placeholder REDIS_URL and SITE_URL environment
variables alongside the existing configuration, matching the required variables
listed in the Environment Variables section.
| ```bash | ||
| git clone https://github.com/swadhinbiswas/OpencodeHub.git | ||
| cd OpenCodeHub | ||
| cp .env.example .env | ||
| docker compose up -d | ||
| docker compose exec app bun run scripts/seed-admin.ts | ||
| ``` |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Fix casing for the cloned directory name.
By default, Git clones the repository into a directory that matches the repository name casing exactly (OpencodeHub). Running cd OpenCodeHub (with a capital 'C') will fail on case-sensitive file systems like Linux.
💡 Proposed fix
git clone https://github.com/swadhinbiswas/OpencodeHub.git
-cd OpenCodeHub
+cd OpencodeHub
cp .env.example .env
docker compose up -d
docker compose exec app bun run scripts/seed-admin.ts📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ```bash | |
| git clone https://github.com/swadhinbiswas/OpencodeHub.git | |
| cd OpenCodeHub | |
| cp .env.example .env | |
| docker compose up -d | |
| docker compose exec app bun run scripts/seed-admin.ts | |
| ``` |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@DOCKERHUB.md` around lines 40 - 46, Update the setup command sequence in
DOCKERHUB.md to use the exact directory name Git creates when cloning the
repository, changing the cd target from OpenCodeHub to OpencodeHub while leaving
the remaining commands unchanged.
| <BaseLayout title="API Reference - OpenCodeHub"> | ||
| <div id="api-reference" data-url="/api/openapi.json"></div> | ||
| </BaseLayout> | ||
|
|
||
| <script is:inline src="https://cdn.jsdelivr.net/npm/@scalar/api-reference"></script> |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Move the script tag inside the layout component.
Placing the <script> tag outside of <BaseLayout> causes it to be rendered after the closing </html> tag in the final output, which is invalid HTML. Move it inside the layout component so it renders correctly within the document body.
🐛 Proposed fix
<BaseLayout title="API Reference - OpenCodeHub">
<div id="api-reference" data-url="/api/openapi.json"></div>
+ <script is:inline src="https://cdn.jsdelivr.net/npm/@scalar/api-reference"></script>
</BaseLayout>
-
-<script is:inline src="https://cdn.jsdelivr.net/npm/@scalar/api-reference"></script>📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| <BaseLayout title="API Reference - OpenCodeHub"> | |
| <div id="api-reference" data-url="/api/openapi.json"></div> | |
| </BaseLayout> | |
| <script is:inline src="https://cdn.jsdelivr.net/npm/@scalar/api-reference"></script> | |
| <BaseLayout title="API Reference - OpenCodeHub"> | |
| <div id="api-reference" data-url="/api/openapi.json"></div> | |
| <script is:inline src="https://cdn.jsdelivr.net/npm/@scalar/api-reference"></script> | |
| </BaseLayout> |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/pages/api-docs.astro` around lines 5 - 9, Move the inline Scalar API
reference script from outside BaseLayout into the BaseLayout content, alongside
the api-reference container, so it renders within the document body rather than
after the closing HTML element.
| /* Admin HUD styles */ | ||
| .glass-panel { | ||
| background: rgba(13, 17, 23, 0.3); | ||
| backdrop-filter: blur(10px); | ||
| border: 1px solid rgba(255, 255, 255, 0.05); | ||
| box-shadow: 0 4px 30px rgba(0, 0, 0, 0.1); | ||
| } | ||
|
|
||
| .custom-scrollbar::-webkit-scrollbar { | ||
| width: 4px; | ||
| } | ||
|
|
||
| .custom-scrollbar::-webkit-scrollbar-thumb { | ||
| background: rgba(255, 255, 255, 0.1); | ||
| border-radius: 2px; |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟠 Major | ⚡ Quick win
Scope the Admin HUD styles or remove the duplicated earlier definitions.
These CSS rules redefine .glass-panel and .custom-scrollbar which are already defined earlier in globals.css (around line 534). Because these are global styles, appending them at the bottom unconditionally overwrites the previous definitions for the entire site.
If these styles should only apply to the Admin HUD, scope them under an admin-specific parent class (e.g., .admin-hud .glass-panel). If they are meant to replace the previous styles globally, please delete the older definitions to remove the duplication.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/styles/globals.css` around lines 669 - 683, Resolve the duplicate global
definitions for `.glass-panel` and `.custom-scrollbar` in the Admin HUD styles.
Either scope these rules beneath the Admin HUD parent class if they are
HUD-specific, or remove the earlier definitions if these values are intended to
replace them globally; do not leave conflicting unscoped duplicates.
- notification-preferences: remove checkbox style block - blob/[branch]/[...path]: remove shiki/scrollbar style block - blame/[branch]/[path]: remove shiki/scrollbar style block - ide/index: move inline styles to body attribute - globals.css: add shiki/scrollbar styles centrally
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
src/styles/globals.css (1)
669-673: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueConsider adding standard scrollbar properties for Firefox compatibility.
WebKit scrollbar pseudo-elements only apply to Chrome, Edge, and Safari. For a consistent visual experience in Firefox, consider adding the standard
scrollbar-widthandscrollbar-colorproperties to the root class.💡 Proposed addition
/* Code block scrollbar */ +.blob-scrollbar { + scrollbar-width: thin; + scrollbar-color: `#30363d` transparent; +} .blob-scrollbar::-webkit-scrollbar {🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/styles/globals.css` around lines 669 - 673, Update the .blob-scrollbar rule to include Firefox-compatible scrollbar-width and scrollbar-color declarations alongside the existing WebKit scrollbar styling, using values that match the current scrollbar dimensions and visual theme.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/pages/`[owner]/[repo]/ide/index.astro:
- Line 44: Restore the WebIDE page’s global box-sizing reset by importing the
existing shared stylesheet that defines it or adding an equivalent global * {
box-sizing: border-box; } rule near the page-level styles in the Astro
component. Ensure the reset applies to all WebIDE descendants without changing
the existing body styling.
---
Nitpick comments:
In `@src/styles/globals.css`:
- Around line 669-673: Update the .blob-scrollbar rule to include
Firefox-compatible scrollbar-width and scrollbar-color declarations alongside
the existing WebKit scrollbar styling, using values that match the current
scrollbar dimensions and visual theme.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 350bcc67-d575-4a07-abd6-442609678354
📒 Files selected for processing (5)
src/pages/[owner]/[repo]/blame/[branch]/[...path].astrosrc/pages/[owner]/[repo]/blob/[branch]/[...path].astrosrc/pages/[owner]/[repo]/ide/index.astrosrc/pages/settings/notification-preferences.astrosrc/styles/globals.css
💤 Files with no reviewable changes (3)
- src/pages/[owner]/[repo]/blame/[branch]/[...path].astro
- src/pages/settings/notification-preferences.astro
- src/pages/[owner]/[repo]/blob/[branch]/[...path].astro
| </style> | ||
| </head> | ||
| <body> | ||
| <body style="margin:0;padding:0;overflow:hidden;background-color:#1e1e1e;font-family:Inter,sans-serif;color:#ccc;"> |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Restore the WebIDE box-sizing reset.
Removing the page-level style also removes * { box-sizing: border-box; }. This standalone page does not consume BaseLayout or globals.css, so WebIDE descendants now fall back to content-box, potentially breaking fixed-width panels and causing overflow. Restore this reset through an imported/shared stylesheet or an equivalent global rule.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/pages/`[owner]/[repo]/ide/index.astro at line 44, Restore the WebIDE
page’s global box-sizing reset by importing the existing shared stylesheet that
defines it or adding an equivalent global * { box-sizing: border-box; } rule
near the page-level styles in the Astro component. Ensure the reset applies to
all WebIDE descendants without changing the existing body styling.
| ENV PORT=4321 | ||
| ENV DATA_DIR=/data | ||
| ENV REPOS_PATH=/data/repos | ||
| ENV GIT_REPOS_PATH=/data/repositories |
There was a problem hiding this comment.
REPOS_PATH dropped from container environment breaks three runtime modules
The old Dockerfile set ENV REPOS_PATH=/data/repos; this PR replaces it with ENV GIT_REPOS_PATH=/data/repositories. However, three source files still read process.env.REPOS_PATH: src/lib/suggested-changes.ts, src/lib/mirror-sync.ts, and src/lib/cron/cleanup-branches.ts. With REPOS_PATH no longer set in the container environment, each falls back to its local default of path.join(process.cwd(), "data", "repos") (i.e., /app/data/repos), a path that does not exist and is not mounted — so mirror-sync writes, suggested-change diffing, and scheduled branch cleanup will silently operate on the wrong (absent) directory.
Additionally, docker-entrypoint.sh line 41 still uses ${REPOS_PATH:-/data/repos}, which means the entrypoint creates /data/repos at startup rather than /data/repositories, leaving the newly configured GIT_REPOS_PATH directory unguarded by the entrypoint.
Prompt To Fix With AI
This is a comment left during a code review.
Path: Dockerfile
Line: 55
Comment:
**`REPOS_PATH` dropped from container environment breaks three runtime modules**
The old Dockerfile set `ENV REPOS_PATH=/data/repos`; this PR replaces it with `ENV GIT_REPOS_PATH=/data/repositories`. However, three source files still read `process.env.REPOS_PATH`: `src/lib/suggested-changes.ts`, `src/lib/mirror-sync.ts`, and `src/lib/cron/cleanup-branches.ts`. With `REPOS_PATH` no longer set in the container environment, each falls back to its local default of `path.join(process.cwd(), "data", "repos")` (i.e., `/app/data/repos`), a path that does not exist and is not mounted — so mirror-sync writes, suggested-change diffing, and scheduled branch cleanup will silently operate on the wrong (absent) directory.
Additionally, `docker-entrypoint.sh` line 41 still uses `${REPOS_PATH:-/data/repos}`, which means the entrypoint creates `/data/repos` at startup rather than `/data/repositories`, leaving the newly configured `GIT_REPOS_PATH` directory unguarded by the entrypoint.
How can I resolve this? If you propose a fix, please make it concise.… globals.css - Remove <style is:global> from BaseLayout.astro - Add font-family, container, scroll-behavior to globals.css - Zero style blocks remain in any Astro files
| <BaseLayout title="API Reference - OpenCodeHub"> | ||
| <div id="api-reference" data-url="/api/openapi.json"></div> | ||
| </BaseLayout> |
There was a problem hiding this comment.
Scalar CDN expects a
<script> element, not a <div>
The @scalar/api-reference CDN bundle's auto-initialization finds its configuration by querying for script#api-reference. Switching the element to a <div id="api-reference" data-url="..."> means Scalar cannot locate the OpenAPI spec URL, and the API docs page will render blank (no error, just an empty page). Change the element back to <script id="api-reference" data-url="/api/openapi.json"></script> while keeping the BaseLayout wrapper.
Prompt To Fix With AI
This is a comment left during a code review.
Path: src/pages/api-docs.astro
Line: 5-7
Comment:
**Scalar CDN expects a `<script>` element, not a `<div>`**
The `@scalar/api-reference` CDN bundle's auto-initialization finds its configuration by querying for `script#api-reference`. Switching the element to a `<div id="api-reference" data-url="...">` means Scalar cannot locate the OpenAPI spec URL, and the API docs page will render blank (no error, just an empty page). Change the element back to `<script id="api-reference" data-url="/api/openapi.json"></script>` while keeping the `BaseLayout` wrapper.
How can I resolve this? If you propose a fix, please make it concise.Vite 8.x defaults to LightningCSS for CSS transformation, which conflicts with Tailwind CSS v3 directives (@tailwind, @apply, @layer). This caused 'Attempted to assign to readonly property' error during Docker build on src/styles/globals.css. Explicitly set css.transformer to 'postcss' in the Vite config to ensure compatibility with Tailwind CSS v3.
The Docker build uses Astro 4.x which depends on Vite 5.4.21. PostCSS 8.5.x introduced frozen/readonly AST node properties that Vite 5.4.21's compileCSS function tries to mutate, causing: 'Attempted to assign to readonly property' on globals.css Pin PostCSS to ~8.4.49 (both in devDependencies and overrides) to ensure compatibility until Astro upgrades to Vite 6+.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/styles/globals.css`:
- Around line 719-721: Update the global body font-family declaration to use the
unquoted Inter identifier while retaining the existing quoted fallback behavior
for font names containing spaces.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 877c8331-1ab2-4768-8341-a3e99082bc91
⛔ Files ignored due to path filters (1)
bun.lockis excluded by!**/*.lock
📒 Files selected for processing (4)
astro.config.mjspackage.jsonsrc/layouts/BaseLayout.astrosrc/styles/globals.css
💤 Files with no reviewable changes (1)
- src/layouts/BaseLayout.astro
| body { | ||
| font-family: "Inter", system-ui, sans-serif; | ||
| } |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Fix the Stylelint violation.
Use Inter without quotes; keep quotes for font names containing spaces.
🧰 Tools
🪛 Stylelint (17.14.0)
[error] 720-720: Expected no quotes around "Inter" (font-family-name-quotes)
(font-family-name-quotes)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/styles/globals.css` around lines 719 - 721, Update the global body
font-family declaration to use the unquoted Inter identifier while retaining the
existing quoted fallback behavior for font names containing spaces.
Source: Linters/SAST tools
Summary
Major overhaul of the entire OpenCodeHub codebase — UI redesign, critical security fixes, documentation rewrite, and Render deployment blueprint.
What Changed
UI/UX (GitHub-style redesign)
Security (Critical Fixes)
new Function()replaced with safe expression evaluatorprocess.envleak to workflows preventedexecSyncfixed (nowexecFileSync)Documentation
Deployment
render.yamlBlueprint for Render (Singapore region, free tier)Dockerfile.workerfor background jobsCI/CD Fixes
Docker Optimization
bun install --productionto exclude dev dependenciesoven/bun:1-slimbase image--no-install-recommendsfor apt packagesSummary by CodeRabbit
Greptile Summary
This PR consolidates scattered per-page
<style is:global>blocks intoglobals.css, switches the Dockerfile to a slimmer image with production-only dependencies, and refreshes documentation/README. The CSS consolidation introduced several regressions by merging styles that were intentionally different across pages.custom-scrollbartoblob-scrollbaringlobals.css, but the blob and blame page HTML still referencescustom-scrollbar, so code viewers now receive the thin 4px admin scrollbar instead of the intended GitHub-style 10px scrollbar.display: inlinefor.shiki codeand.shiki .lineto align syntax-highlighted lines with blame metadata columns;globals.cssoverwrites these with the blob page'sdisplay: flex / flex-direction: columnmodel, collapsing the blame table layout.AdminLayout.astrohadoverflow: hiddenonbodyto prevent body-level scrolling in the full-screen dashboard; this was removed without a globals.css equivalent, allowing the page body to scroll unexpectedly.Confidence Score: 3/5
The CSS consolidation in globals.css broke three visible page behaviors: the blame view layout, code-block scrollbar appearance on both blob and blame pages, and the admin dashboard scroll containment — all affecting core repository-browsing pages.
Three distinct rendering regressions were introduced during the style consolidation: the blame page shiki display model is incompatible with the global rules copied from the blob page; blob/blame scrollable code containers still reference
custom-scrollbarwhich now maps to the admin narrow scrollbar; and the admin layout lost its body overflow constraint.src/styles/globals.css and src/layouts/AdminLayout.astro need the most attention — the globals.css consolidation must reconcile the different shiki display models used by blame vs blob, update HTML class references from
custom-scrollbartoblob-scrollbaron code containers, and AdminLayout needs to restore body overflow/theme styles.Important Files Changed
.blob-scrollbar(new name) for code blocks and re-exports.custom-scrollbarwith conflicting definitions (6px to 4px override), while the.shiki coderules use the blob layout model that breaks the blame view inline rendering.Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A[Per-page style blocks removed] --> B[globals.css consolidation] B --> C[.blob-scrollbar added 10px GitHub-dark styles] B --> D[.custom-scrollbar redefined 4px admin styles DUPLICATE] B --> E[.shiki code display flex flex-direction column] C -->|Intended for| F[blob/blame pages] D -->|Actually applied to| F F -->|HTML still uses class=custom-scrollbar| G[Gets wrong 4px styles] E -->|Applied globally| H[blob page OK display flex is correct] E -->|Applied globally| I[blame page BROKEN needs display inline for side-by-side layout] J[AdminLayout style block removed] --> K[body overflow hidden removed] K --> L[Admin dashboard body can scroll unexpectedly]%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%% flowchart TD A[Per-page style blocks removed] --> B[globals.css consolidation] B --> C[.blob-scrollbar added 10px GitHub-dark styles] B --> D[.custom-scrollbar redefined 4px admin styles DUPLICATE] B --> E[.shiki code display flex flex-direction column] C -->|Intended for| F[blob/blame pages] D -->|Actually applied to| F F -->|HTML still uses class=custom-scrollbar| G[Gets wrong 4px styles] E -->|Applied globally| H[blob page OK display flex is correct] E -->|Applied globally| I[blame page BROKEN needs display inline for side-by-side layout] J[AdminLayout style block removed] --> K[body overflow hidden removed] K --> L[Admin dashboard body can scroll unexpectedly]Reviews (8): Last reviewed commit: "fix: pin postcss to 8.4.x to fix Docker ..." | Re-trigger Greptile