graph LR
subgraph "<b>Lint Configuration & Auto-Fix</b>"
direction TB
A26["API #26 per-project config"] --> W56["Web #56 lint config UI"]
A26 --> A81["API #81 lint auto-fix"]
end
subgraph "<b>Favorites</b>"
direction TB
A30["API #30 favorites API"] --> W78["Web #78 favorites UI"]
end
subgraph "<b>Index & WebSocket</b>"
direction TB
A48["API #48 index-status"] --> W137["#137 index WS updates"]
W137 --> W141["#141 HealthCheck WS regression"]
W140["#140 decouple collab/lint WS"] ~~~ A78["API #78 per-project pubsub"]
A79["API #79 async quality jobs"] --> W150["#150 async quality API"]
end
subgraph "<b>Sync</b>"
direction TB
A20["API #20 provider abstraction"] --> A21["API #21 loop prevention"]
A21 --> W5["Web #5 read-only fields"]
end
subgraph "<b>Suggestion / PR Workflow</b>"
direction TB
W60["#60 access control"] --> W62["#62 branch strategy"]
W62 --> W63["#63 auto-commit"]
W62 --> W66["#66 auto-rebase"]
W63 --> W65["#65 unified UI"]
W66 --> W65
end
subgraph "<b>Independent</b>"
direction TB
W81["#81 entity graph"] ~~~ W89["#89 React Query migration"]
W89 ~~~ W200["#200 set-state-in-effect cleanup"]
W200 ~~~ W51["#51 multi-branch index"]
W51 ~~~ W3["#3 custom login UI"]
W3 ~~~ W97["#97 BCP 47 language picker"]
W97 ~~~ W98["#98 viewer/editor selection"]
W98 ~~~ W201["#201 dirty-draft indicators"]
W201 ~~~ W202["#202 type-aware useIriLabels"]
W202 ~~~ W99["#99 remote-sync errors"]
W99 ~~~ W100["#100 aria-hidden a11y"]
W100 ~~~ W101["#101 webhook error UX"]
W101
end
v0.4.0 Merge Strategy
This issue tracks the merge order and dependency relationships for v0.4.0 work. The focus of this release is the suggestion/PR workflow redesign, provider abstraction, and entity graph visualization. (SPARQL explorer was deferred to v0.5.0 — see #214.)
Bug Fixes
/projects/{id}/ontology/index-statusendpoint — PR: ontokit-api#76EntitySearchResult— PR: ontokit-api#120 — must merge before #176pyproject.tomlare stale (missing 3.13) (independent, packaging metadata) — PR: ontokit-api#135json.dumpsforredis.publishpayloads inworker.py(independent, payload escaping) — PR: ontokit-api#118Security
Defensive hardening surfaced by static analysis (Semgrep, CodeQL). None of these are known active exploits — they're precautionary fixes that close attack surface before it can be abused. Tracked separately from Bug Fixes so the latter stays focused on user-visible defects.
pr-target-guard.ymlworkflow (independent, surfaced by Semgrep) — PR: fix(ci): prevent shell injection in pr-target-guard workflow #193pr-target-guard.ymlworkflow (independent, surfaced by Semgrep; API counterpart to ontokit-web#191) — PR: ontokit-api#116github_service.py(independent, surfaced by Semgrep) — PR: ontokit-api#116.semgrepignore(independent, CI/security tooling) — PR: ci: add Semgrep security scan workflow #194.semgrepignore(independent, CI/security tooling; API counterpart to ontokit-web#192) — PR: ontokit-api#125python-josepulls inecdsawith two open advisories: Minerva timing attack + improper input validation) — PR: ontokit-api#129actions/checkout@v4 → v6insemgrep.ymlfor consistency) — PR: ontokit-api#133Features
setState-in-effect anti-patterns across 16 sites; graduatereact-hooks/set-state-in-effectfromwarntoerror(independent) — Category C (server-data-derived state) overlaps with #89label-per-language,subject_typeCHECK constraint, role-gating tests, empty-rules end-to-end test, XOR validator onLintConfigUpdate) — merge order: ontokit-api#103 → ontokit-api#94 →devso fixes land in ontokit-api#94's branch before it merges, keeping a single migration — must merge before or alongside #56useIriLabelsto eliminate fallback 404 noise (independent) — follow-up to #98 / PR #104; commits26bd907+bc35651on PR feat: preserve entity selection across viewer/editor modes #104 already reduced the noise, this closes it outskos:hiddenLabelto backend annotation extraction — PR: ontokit-api#94 (delivered alongside ontokit-api#26)redundant-regional-label— PR: ontokit-api#94missing-type-declaration— PR: ontokit-api#94rdf:Propertyentities in search results (legacy/RDFS support) — follow-up to ontokit-api#117Architecture & Sync
Documentation
rdf:Property+ OWL property typology), introduce sticky left-side TOC on the Changelog page, fix JSX whitespace stripping across all guide pages, and passserversto Scalar so/api-docscode samples render withoutInvalid URLerrorsSuggestion & PR Workflow Redesign
These issues require significant design work before implementation. #65 can be tackled first independently; the rest are interdependent and need design finalization:
Dependency Graph
graph LR subgraph "<b>Lint Configuration & Auto-Fix</b>" direction TB A26["API #26 per-project config"] --> W56["Web #56 lint config UI"] A26 --> A81["API #81 lint auto-fix"] end subgraph "<b>Favorites</b>" direction TB A30["API #30 favorites API"] --> W78["Web #78 favorites UI"] end subgraph "<b>Index & WebSocket</b>" direction TB A48["API #48 index-status"] --> W137["#137 index WS updates"] W137 --> W141["#141 HealthCheck WS regression"] W140["#140 decouple collab/lint WS"] ~~~ A78["API #78 per-project pubsub"] A79["API #79 async quality jobs"] --> W150["#150 async quality API"] end subgraph "<b>Sync</b>" direction TB A20["API #20 provider abstraction"] --> A21["API #21 loop prevention"] A21 --> W5["Web #5 read-only fields"] end subgraph "<b>Suggestion / PR Workflow</b>" direction TB W60["#60 access control"] --> W62["#62 branch strategy"] W62 --> W63["#63 auto-commit"] W62 --> W66["#66 auto-rebase"] W63 --> W65["#65 unified UI"] W66 --> W65 end subgraph "<b>Independent</b>" direction TB W81["#81 entity graph"] ~~~ W89["#89 React Query migration"] W89 ~~~ W200["#200 set-state-in-effect cleanup"] W200 ~~~ W51["#51 multi-branch index"] W51 ~~~ W3["#3 custom login UI"] W3 ~~~ W97["#97 BCP 47 language picker"] W97 ~~~ W98["#98 viewer/editor selection"] W98 ~~~ W201["#201 dirty-draft indicators"] W201 ~~~ W202["#202 type-aware useIriLabels"] W202 ~~~ W99["#99 remote-sync errors"] W99 ~~~ W100["#100 aria-hidden a11y"] W100 ~~~ W101["#101 webhook error UX"] W101 end