Skip to content

Test pr no deploy migration#1058

Open
hubsmoke wants to merge 46 commits into
developfrom
test-pr-mo-deploy-migration
Open

Test pr no deploy migration#1058
hubsmoke wants to merge 46 commits into
developfrom
test-pr-mo-deploy-migration

Conversation

@hubsmoke

@hubsmoke hubsmoke commented Aug 6, 2025

Copy link
Copy Markdown
Member

ensure pr with migration doesn't deploy to pr-preview

Summary by CodeRabbit

  • New Features

    • Shareable image generation endpoint (Puppeteer rendering with SVG fallback).
    • MyST Markdown import/export transformer for research objects.
    • Supabase placeholders and optional client integration.
    • User profiles accept first and last name.
  • Performance

    • Registry-backed Docker build caching and Dockerfile build optimizations.
    • Reduced Docker build context via expanded ignore patterns.
    • One-hour caching for monthly search aggregation.
  • Documentation

    • Enhanced OpenAPI/Swagger docs with dynamic servers and Services section; small README note.
  • Chores

    • CI: PR preview workflow and preview routing infrastructure added; Makefile build target.
  • Tests

    • New transformer unit tests and local Docker optimization test script.

hubsmoke added 30 commits April 15, 2025 00:15
- Fix run: key indentation (was 12+ spaces, now 8 spaces)
- Add mkdir -p to prevent directory exists errors
- Standardize YAML formatting throughout workflow
- Ensure proper alignment of all step fields
…haned resource cleanup

- Filter deployments by health status (availableReplicas > 0)
- Auto-cleanup failed deployments older than 10 minutes
- Remove orphaned services and ingresses without deployments
- Enhanced logging and status reporting
- Prevent stuck/unhealthy deployments from blocking new ones
- Remove -O flag from curl commands (was using both -O and -o)
- Keep only -sL with -o kubectl for single download
- Fixes all 4 kubectl setup occurrences in workflow
- Prevents silent failures and resource waste from duplicate downloads
- Remove problematic hapi stub type packages that conflict with built-in types
- Fix Elasticsearch imports to use correct estypes export from main package
- Update tsconfig-test.json to exclude conflicting stub packages
- All tests now pass TypeScript compilation
@coderabbitai

coderabbitai Bot commented Aug 6, 2025

Copy link
Copy Markdown

Walkthrough

Adds PR preview infrastructure and wildcard ingress, enables registry-backed Docker layer caching and a build validation script, refactors Dockerfile for Puppeteer/Chromium and dependency caching, adds Supabase client and share-image services (Puppeteer + SVG fallback) with OpenAPI docs, updates Prisma User fields/migration, adds MyST transformer and tests, and various ES/TypeScript/IPFS fixes.

Changes

Cohort / File(s) Summary
CI/CD & Docker build
.github/workflows/build-server.yaml, .github/workflows/pr-preview.yaml, .dockerignore, test-optimizations.sh, Dockerfile
Added registry-backed Docker layer caching and cache repos; new PR preview workflow for ephemeral EKS deployments and cleanup; expanded .dockerignore; refactored Dockerfile for better caching, Puppeteer/Chromium support, and dependency handling; added local build/cache test script.
Environment & Tooling
.env.example, desci-server/Makefile, desci-server/README.md, desci-server/tsconfig.json, desci-server/tsconfig-test.json
.env.example adds Supabase placeholders and comments out S3 vars; Makefile adds build target and updates install/clean; README receives a PR preview comment; TypeScript configs adjusted (includes, typeRoots, compiler options).
Kubernetes & Preview Routing
desci-server/kubernetes/deployment_dev.yaml, .../deployment_demo.yaml, .../deployment_staging.yaml, .../deployment_prod.yaml, desci-server/kubernetes/wildcard_preview_ingress.yaml
Changed container command to node ./dist/src/index.js; added SUPABASE_URL/SUPABASE_SERVICE_KEY to Vault env injection; added wildcard ALB ingress, NGINX preview-router ConfigMap/Deployment/Service for dynamic PR preview routing.
desci-models: data model & transformer
desci-models/package.json, desci-models/src/ResearchObject.ts, desci-models/src/transformers/MystTransformer.ts, desci-models/src/transformers/index.ts, desci-models/tests/transformers/MystTransformer.test.ts
Bumped version to 0.2.28 and added js-yaml; added optional date to ResearchObject and email to author; introduced MystTransformer with import/export, file-tree and frontmatter handling; exported it and added comprehensive unit tests.
Share image services & routing
desci-server/src/controllers/services/shareImage.ts, desci-server/src/controllers/services/shareImagePuppeteer.ts, desci-server/src/routes/v1/services/index.ts, desci-server/src/lib/supabase.ts, desci-server/package.json
Added Supabase client module; new share-image endpoints including Puppeteer-based renderer with SVG/Sharp fallback and route registration; added dependencies (@supabase/supabase-js, puppeteer, sharp, marked, xss, etc.).
OpenAPI / Swagger docs
desci-server/src/docs/openapi.ts, desci-server/src/docs/services.ts, desci-server/src/swagger.ts, desci-server/src/server.ts
Replaced static servers with dynamic getServers() (detects PR preview URLs); added servicesPaths and generate-share-image Zod/OpenAPI operation; enriched swagger generation and adjusted server registration usage.
Prisma & DB seed
desci-server/prisma/schema.prisma, desci-server/prisma/migrations/.../migration.sql, desci-server/prisma/seed.ts, desci-server/scripts/be-node-dev.sh
Added optional firstName/lastName to User with migration SQL; seed script now reads JSON via fs with try/catch and improved logging; dev script creates log dirs and commented out seed commands.
Search & ES types / caching
desci-server/src/controllers/search/query.ts, desci-server/src/controllers/search/types.ts, desci-server/src/services/ElasticSearchService.ts
byMonthQuery gained cache read/write (TTL 1h) with error-tolerant logging; Elasticsearch type imports standardized to estypes and typings updated across service.
IPFS & utilities
desci-server/src/services/ipfs.ts, desci-server/src/utils/draftTreeUtils.ts, desci-server/src/utils/dagConcat.ts, desci-server/src/utils/diffUtils.ts
Standardized CID handling by parsing to multiformats CIDs before IPFS calls; adjusted client options/returns; added // @ts-nocheck and TODOs in some utils; addDagNodeToIpfs now returns parsed CID.
Express typings & minor fixes
desci-server/src/middleware/checkJwt.ts, desci-server/src/types/express-augmentations.d.ts, desci-server/src/types/express/index.d.ts, desci-server/src/routes/v1/admin/communities/index.ts
Added global Express augmentation for req.jwtPayload and res.customSuccess; cleaned comments; minor any casts when invoking uploadHandler in communities route.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant GH as GitHub Actions
  participant ECR as AWS ECR
  participant EKS as AWS EKS
  participant ALB as AWS ALB
  participant Vault as Vault

  Dev->>GH: Open/Sync PR
  GH->>ECR: docker login / pull cache (branch-cache)
  GH->>ECR: build with inline cache, push image + cache
  GH->>EKS: kubectl apply Deployment/Service/Ingress (PR-labeled)
  GH->>Vault: Inject secrets via annotations
  EKS->>ALB: Route via wildcard ingress/preview-router
  GH-->>Dev: Comment with preview URL and status

  Dev->>GH: Close PR or scheduled cleanup
  GH->>EKS: Cleanup PR deployments/services/ingress older/closed
Loading
sequenceDiagram
  autonumber
  actor Client
  participant API as /v1/services/generate-share-image
  participant SB as Supabase
  participant PP as Puppeteer/Chromium
  participant SVG as SVG Generator (Sharp fallback)

  Client->>API: GET with id/text/answer/refs/citations
  alt id provided
    API->>SB: Fetch record by id
    SB-->>API: Data or 404
  end
  API->>PP: Render HTML and screenshot
  alt Puppeteer succeeds
    PP-->>API: PNG buffer
    API-->>Client: 200 PNG
  else Puppeteer fails/unavailable
    API->>SVG: Generate SVG/PNG via Sharp
    SVG-->>API: PNG buffer
    API-->>Client: 200 PNG (fallback)
  end
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

I nibble bytes and hop through trees,
I stitch previews on the breeze.
Caches hum and Chromium sings,
CIDs, MyST, and routing wings.
A rabbit claps — CI joy it brings. 🐇✨

✨ Finishing Touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch test-pr-mo-deploy-migration

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 23

🧹 Nitpick comments (18)
desci-server/README.md (1)

3-4: Consider removing the test-only HTML comment before merging to main

<!-- PR Preview Deployment Test --> is useful for workflow experimentation but is invisible in the rendered README and may confuse future readers. If the comment’s only purpose is to trigger the preview-deployment test, please strip it (or replace it with a visible explanatory sentence) before merging.

desci-models/package.json (1)

25-26: New runtime dep js-yaml – confirm tree-shaking & size impact

js-yaml is ~60 kB minified; if this library is only used during build-time parsing, consider moving it to devDependencies. Otherwise, all good.

.env.example (2)

71-81: Re-enable placeholders instead of fully commenting out AWS/SQS variables

.env.example serves as documentation; commenting the keys out removes them from generated .env files and new developers may miss the required variables.
Prefer leaving the keys present with empty values:

-# AWS_S3_BUCKET_NAME=
+# AWS_S3_BUCKET_NAME=
 # …
-# AWS_SQS_QUEUE_URL=
+# AWS_SQS_QUEUE_URL=

200-203: Fix key order and ensure trailing newline

Static-analysis flags two minor style issues:

  1. SUPABASE_SERVICE_KEY should appear immediately before SUPABASE_URL to keep alphabetical order.
  2. Add a blank line after the last entry.
-#MIXPANEL_TOKEN=
-SUPABASE_URL=
-SUPABASE_SERVICE_KEY=
+#MIXPANEL_TOKEN=
+SUPABASE_SERVICE_KEY=
+SUPABASE_URL=
+
.dockerignore (1)

13-18: Deduplicate ignore patterns for cleaner maintenance

**/.git, **/.vscode, and markdown patterns appear twice (Lines 14–18 and 40–44).
Removing duplicates reduces noise and the risk of diverging edits.

Also applies to: 40-44

desci-server/scripts/be-node-dev.sh (1)

21-24: Reconsider disabling seeding during local startup

Commenting out npx prisma db seed and npm run script:seed-social-data speeds boot-up but leaves a blank database, breaking API endpoints that rely on reference data.

If accidental, re-enable or gate behind an env flag (e.g. SKIP_SEED=1).

desci-server/tsconfig.json (1)

25-25: noResolve property is redundant

noResolve defaults to false; keeping an explicit false adds noise without functional benefit.

-    "noResolve": false,
desci-server/src/types/express/index.d.ts (1)

3-13: Duplicated Express augmentations – consolidate to a single file

These Request and Response extensions now also live in src/types/express-augmentations.d.ts.
Maintaining two identical augmentations invites drift and can confuse future readers. Prefer keeping them in one dedicated file and removing the duplicate.

-// Just augment the Express namespace without changing module structure
-... entire file ...
desci-server/src/routes/v1/admin/communities/index.ts (1)

68-68: Avoid any cast around uploadHandler

Casting req/res to any forfeits the type-safety gained from your new Express augmentations.
Consider defining:

const uploadHandler: RequestHandler = upload.fields([...]);

and then calling it without casts:

uploadHandler(req, res, (err) => { ... });

This keeps strict types and still satisfies multer’s signature.

desci-server/src/docs/services.ts (2)

4-14: Consider adding validation for mutually exclusive parameter combinations

The schema allows all parameters to be optional, but based on the implementation logic, either id or text should be required. Consider using Zod's refine or union to express this constraint at the schema level.

-export const generateShareImageQuerySchema = z.object({
-  query: z.object({
-    text: z.string().describe('The search question text to display on the image').optional(),
-    id: z
-      .string()
-      .describe('ID of a stored search result to generate image from (alternative to other parameters)')
-      .optional(),
-    answer: z.string().describe('The answer text to preview on the image').optional(),
-    refs: z.string().describe('Number of references/citations').optional(),
-    citations: z.string().describe('JSON string containing citation data').optional(),
-  }),
+export const generateShareImageQuerySchema = z.object({
+  query: z
+    .object({
+      text: z.string().describe('The search question text to display on the image').optional(),
+      id: z
+        .string()
+        .describe('ID of a stored search result to generate image from (alternative to other parameters)')
+        .optional(),
+      answer: z.string().describe('The answer text to preview on the image').optional(),
+      refs: z.string().describe('Number of references/citations').optional(),
+      citations: z.string().describe('JSON string containing citation data').optional(),
+    })
+    .refine((data) => data.id || data.text, {
+      message: 'Either id or text parameter is required',
+    }),
});

94-95: Remove hardcoded timestamp comment

The comment with a hardcoded timestamp should be removed as it provides no value and will become outdated.

-// Documentation updated for generateShareImage API Mon Jul 28 18:30:40 WITA 2025
-
Dockerfile (1)

64-65: Document the package.json transformation rationale

The sed command replacing "link:" with "file:" appears to be a workaround. Consider adding a comment explaining why this transformation is necessary for better maintainability.

 # Install dependencies after desci-models is built (better cache invalidation)
+# Replace "link:" with "file:" to avoid symlink issues in Docker context
 RUN mv package.json package.json.old && \
     sed 's/link:/file:/' package.json.old > package.json
desci-server/src/controllers/services/shareImage.ts (1)

114-185: Consider breaking down the large controller function

The generateShareImage function handles multiple responsibilities (validation, database fetching, parameter parsing). Consider extracting these into separate functions for better testability and maintainability.

Consider extracting:

  • Database fetching logic into a separate fetchSearchDataById function
  • Parameter validation and parsing into a parseShareImageParams function
  • This would make the controller more modular and easier to test
desci-server/src/controllers/services/shareImagePuppeteer.ts (1)

353-591: Consider extracting HTML template to a separate file

The HTML template is quite large (200+ lines). Consider extracting it to a separate template file for better maintainability and separation of concerns.

Consider:

  1. Moving the HTML template to a separate file (e.g., shareImageTemplate.html)
  2. Using a template engine like Handlebars or EJS for better template management
  3. This would make the code more maintainable and allow designers to work on templates independently
desci-server/kubernetes/wildcard_preview_ingress.yaml (1)

58-58: Remove unnecessary empty line.

-
-
+
desci-models/src/transformers/MystTransformer.ts (1)

678-750: Code duplication between frontmatter generation methods.

There's significant duplication between generateComprehensiveFrontmatter and generateBasicFrontmatterData methods. The logic for processing authors, references, and other fields is repeated.

Consider refactoring to have generateComprehensiveFrontmatter call generateBasicFrontmatterData and then add the additional fields:

private generateComprehensiveFrontmatter(researchObject: ResearchObjectV1): string {
-  const frontmatterData: any = {};
-  // ... duplicated code ...
+  const frontmatterData = this.generateBasicFrontmatterData(researchObject);
+  
+  // Add additional comprehensive fields not in basic
+  frontmatterData.subject = 'Research Article';
+  frontmatterData.open_access = true;
+  // ... other comprehensive-specific fields ...
  
  return this.generateYamlFrontmatter(frontmatterData);
}
.github/workflows/pr-preview.yaml (2)

59-59: Remove trailing spaces throughout the file.

YAMLlint detected trailing spaces on multiple lines which should be removed for cleaner code.

Remove trailing spaces from the indicated lines. Most editors can be configured to automatically trim trailing whitespace on save.

Also applies to: 62-62, 67-67, 69-69, 144-144, 147-147, 155-155, 159-159, 164-164, 176-176, 191-191, 209-209, 267-267, 313-313, 473-473, 476-476


635-635: Consider making deployment timeout configurable.

The hardcoded 300s timeout for deployment rollout might be insufficient for larger deployments or during high cluster load.

- kubectl rollout status deployment/desci-server-pr-${PR_NUMBER} --timeout=300s
+ # Make timeout configurable with a reasonable default
+ DEPLOYMENT_TIMEOUT="${DEPLOYMENT_TIMEOUT:-300s}"
+ kubectl rollout status deployment/desci-server-pr-${PR_NUMBER} --timeout=${DEPLOYMENT_TIMEOUT}
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e6b8413 and dbe5673.

⛔ Files ignored due to path filters (4)
  • desci-models/yarn.lock is excluded by !**/yarn.lock, !**/*.lock
  • desci-server/package-lock.json is excluded by !**/package-lock.json
  • desci-server/public/ai-share-blank.png is excluded by !**/*.png
  • desci-server/yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (44)
  • .dockerignore (1 hunks)
  • .env.example (2 hunks)
  • .github/workflows/build-server.yaml (1 hunks)
  • .github/workflows/pr-preview.yaml (1 hunks)
  • Dockerfile (1 hunks)
  • desci-models/package.json (2 hunks)
  • desci-models/src/ResearchObject.ts (2 hunks)
  • desci-models/src/transformers/MystTransformer.ts (1 hunks)
  • desci-models/src/transformers/index.ts (1 hunks)
  • desci-models/tests/transformers/MystTransformer.test.ts (1 hunks)
  • desci-server/Makefile (1 hunks)
  • desci-server/README.md (1 hunks)
  • desci-server/kubernetes/deployment_demo.yaml (1 hunks)
  • desci-server/kubernetes/deployment_dev.yaml (2 hunks)
  • desci-server/kubernetes/deployment_prod.yaml (2 hunks)
  • desci-server/kubernetes/deployment_staging.yaml (1 hunks)
  • desci-server/kubernetes/wildcard_preview_ingress.yaml (1 hunks)
  • desci-server/package.json (4 hunks)
  • desci-server/prisma/migrations/20250806170333_add_first_last_name_user/migration.sql (1 hunks)
  • desci-server/prisma/schema.prisma (1 hunks)
  • desci-server/prisma/seed.ts (1 hunks)
  • desci-server/scripts/be-node-dev.sh (1 hunks)
  • desci-server/src/controllers/search/query.ts (2 hunks)
  • desci-server/src/controllers/search/types.ts (1 hunks)
  • desci-server/src/controllers/services/shareImage.ts (1 hunks)
  • desci-server/src/controllers/services/shareImagePuppeteer.ts (1 hunks)
  • desci-server/src/docs/openapi.ts (6 hunks)
  • desci-server/src/docs/services.ts (1 hunks)
  • desci-server/src/lib/supabase.ts (1 hunks)
  • desci-server/src/middleware/checkJwt.ts (1 hunks)
  • desci-server/src/routes/v1/admin/communities/index.ts (1 hunks)
  • desci-server/src/routes/v1/services.ts (2 hunks)
  • desci-server/src/server.ts (2 hunks)
  • desci-server/src/services/ElasticSearchService.ts (23 hunks)
  • desci-server/src/services/ipfs.ts (7 hunks)
  • desci-server/src/swagger.ts (1 hunks)
  • desci-server/src/types/express-augmentations.d.ts (1 hunks)
  • desci-server/src/types/express/index.d.ts (1 hunks)
  • desci-server/src/utils/dagConcat.ts (1 hunks)
  • desci-server/src/utils/diffUtils.ts (1 hunks)
  • desci-server/src/utils/draftTreeUtils.ts (1 hunks)
  • desci-server/tsconfig-test.json (2 hunks)
  • desci-server/tsconfig.json (2 hunks)
  • test-optimizations.sh (1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
desci-server/src/docs/**/*

📄 CodeRabbit Inference Engine (.cursorrules)

When asked to create API documentation or update API documentation for an API route/controller/service, follow the pattern already established in the desci-server/src/docs folder

Files:

  • desci-server/src/docs/services.ts
  • desci-server/src/docs/openapi.ts
🧠 Learnings (1)
📚 Learning: applies to desci-server/src/docs/**/* : when asked to create api documentation or update api documen...
Learnt from: CR
PR: desci-labs/nodes#0
File: .cursorrules:0-0
Timestamp: 2025-07-18T15:23:44.865Z
Learning: Applies to desci-server/src/docs/**/* : When asked to create API documentation or update API documentation for an API route/controller/service, follow the pattern already established in the desci-server/src/docs folder

Applied to files:

  • desci-server/src/routes/v1/services.ts
  • desci-server/src/docs/openapi.ts
  • desci-server/src/swagger.ts
  • desci-server/src/server.ts
🧬 Code Graph Analysis (6)
desci-server/src/utils/draftTreeUtils.ts (1)
desci-server/src/services/ipfs.ts (1)
  • client (36-36)
desci-server/src/types/express-augmentations.d.ts (1)
desci-server/src/types/express/index.d.ts (2)
  • Request (6-9)
  • Response (10-12)
desci-server/src/docs/openapi.ts (1)
desci-server/src/docs/services.ts (1)
  • servicesPaths (89-93)
desci-server/prisma/seed.ts (1)
desci-server/src/client.ts (1)
  • prisma (3-7)
desci-server/src/controllers/services/shareImagePuppeteer.ts (2)
desci-server/src/lib/supabase.ts (1)
  • supabase (10-10)
desci-server/src/controllers/services/shareImage.ts (1)
  • generateShareImage (114-185)
desci-models/src/transformers/MystTransformer.ts (1)
desci-models/src/ResearchObject.ts (4)
  • ResearchObjectV1 (18-56)
  • ResearchObject (1-3)
  • ResearchObjectV1Component (80-97)
  • ResearchObjectV1Author (102-123)
🪛 dotenv-linter (3.3.0)
.env.example

[warning] 68-68: [QuoteCharacter] The value has quote characters (', ")


[warning] 203-203: [EndingBlankLine] No blank line at the end of the file


[warning] 203-203: [UnorderedKey] The SUPABASE_SERVICE_KEY key should go before the SUPABASE_URL key

🪛 checkmake (0.2.2)
desci-server/Makefile

[warning] 1-1: Missing required phony target "all"

(minphony)


[warning] 1-1: Missing required phony target "test"

(minphony)

🪛 Biome (2.1.2)
desci-server/tsconfig-test.json

[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 21-21: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 21-21: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 21-21: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 21-21: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 22-22: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 22-22: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 22-22: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 22-22: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 23-23: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 23-23: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 23-23: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 23-23: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 24-24: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 24-24: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 24-24: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 24-25: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 26-26: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 26-26: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 26-26: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 26-26: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 27-27: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 27-27: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 27-27: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 27-27: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 28-28: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 28-28: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 28-28: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 28-28: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 29-29: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 29-29: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 29-29: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 30-30: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 31-31: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 31-31: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 31-31: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 31-31: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 32-32: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 32-32: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 32-32: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 32-32: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 33-33: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 33-33: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 33-33: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 33-34: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

🪛 ast-grep (0.38.6)
desci-server/src/controllers/services/shareImage.ts

[warning] 439-439: Regular expression constructed from variable input detected. This can lead to Regular Expression Denial of Service (ReDoS) attacks if the variable contains malicious patterns. Use libraries like 'recheck' to validate regex safety or use static patterns.
Context: new RegExp(\\[${citation.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}\\], 'g')
Note: [CWE-1333] Inefficient Regular Expression Complexity [REFERENCES]
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
- https://cwe.mitre.org/data/definitions/1333.html

(regexp-from-variable)

🪛 Gitleaks (8.27.2)
desci-server/prisma/seed.ts

34-34: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


38-38: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 actionlint (1.7.7)
.github/workflows/build-server.yaml

135-135: shellcheck reported issue in this script: SC2086:info:2:37: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:2:104: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:2:128: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:5:50: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:6:45: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:12:13: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:17:16: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:18:6: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:19:6: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:19:30: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:19:64: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:20:6: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:24:13: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:24:37: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:24:71: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:25:13: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:2:37: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:2:104: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:2:128: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:5:50: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:6:45: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:12:13: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:17:16: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:18:6: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:19:6: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:19:30: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:19:64: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:20:6: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:24:13: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:24:37: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:24:71: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:25:13: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:2:37: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:2:104: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:2:128: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:5:50: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:6:45: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:12:13: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:17:16: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:18:6: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:19:6: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:19:30: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:19:64: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:20:6: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:24:13: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:24:37: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:24:71: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:25:13: Double quote to prevent globbing and word splitting

(shellcheck)

.github/workflows/pr-preview.yaml

29-29: label "blacksmith-4vcpu-ubuntu-2204" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)


32-32: shellcheck reported issue in this script: SC2086:info:12:10: Double quote to prevent globbing and word splitting

(shellcheck)


32-32: shellcheck reported issue in this script: SC2086:info:13:58: Double quote to prevent globbing and word splitting

(shellcheck)


32-32: shellcheck reported issue in this script: SC2162:info:21:7: read without -r will mangle backslashes

(shellcheck)


32-32: shellcheck reported issue in this script: SC2236:style:28:8: Use -n instead of ! -z

(shellcheck)


32-32: shellcheck reported issue in this script: SC2086:info:29:97: Double quote to prevent globbing and word splitting

(shellcheck)


32-32: shellcheck reported issue in this script: SC2086:info:32:31: Double quote to prevent globbing and word splitting

(shellcheck)


32-32: shellcheck reported issue in this script: SC2086:info:33:44: Double quote to prevent globbing and word splitting

(shellcheck)


32-32: shellcheck reported issue in this script: SC2086:info:34:44: Double quote to prevent globbing and word splitting

(shellcheck)


76-76: label "blacksmith-4vcpu-ubuntu-2204" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)


79-79: shellcheck reported issue in this script: SC2086:info:12:10: Double quote to prevent globbing and word splitting

(shellcheck)


79-79: shellcheck reported issue in this script: SC2086:info:13:58: Double quote to prevent globbing and word splitting

(shellcheck)


112-112: label "blacksmith-4vcpu-ubuntu-2204" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)


120-120: shellcheck reported issue in this script: SC2086:info:12:10: Double quote to prevent globbing and word splitting

(shellcheck)


120-120: shellcheck reported issue in this script: SC2086:info:13:58: Double quote to prevent globbing and word splitting

(shellcheck)


120-120: shellcheck reported issue in this script: SC2162:info:22:7: read without -r will mangle backslashes

(shellcheck)


120-120: shellcheck reported issue in this script: SC2086:info:31:44: Double quote to prevent globbing and word splitting

(shellcheck)


120-120: shellcheck reported issue in this script: SC2086:info:41:33: Double quote to prevent globbing and word splitting

(shellcheck)


120-120: shellcheck reported issue in this script: SC2086:info:42:46: Double quote to prevent globbing and word splitting

(shellcheck)


120-120: shellcheck reported issue in this script: SC2086:info:43:46: Double quote to prevent globbing and word splitting

(shellcheck)


120-120: shellcheck reported issue in this script: SC2162:info:54:7: read without -r will mangle backslashes

(shellcheck)


120-120: shellcheck reported issue in this script: SC2086:info:58:47: Double quote to prevent globbing and word splitting

(shellcheck)


120-120: shellcheck reported issue in this script: SC2086:info:60:28: Double quote to prevent globbing and word splitting

(shellcheck)


120-120: shellcheck reported issue in this script: SC2162:info:69:7: read without -r will mangle backslashes

(shellcheck)


120-120: shellcheck reported issue in this script: SC2086:info:73:47: Double quote to prevent globbing and word splitting

(shellcheck)


120-120: shellcheck reported issue in this script: SC2086:info:75:28: Double quote to prevent globbing and word splitting

(shellcheck)


120-120: shellcheck reported issue in this script: SC2162:info:87:7: read without -r will mangle backslashes

(shellcheck)


120-120: shellcheck reported issue in this script: SC2126:style:100:17: Consider using 'grep -c' instead of 'grep|wc -l'

(shellcheck)


253-253: shellcheck reported issue in this script: SC2086:info:12:37: Double quote to prevent globbing and word splitting

(shellcheck)


253-253: shellcheck reported issue in this script: SC2086:info:16:30: Double quote to prevent globbing and word splitting

(shellcheck)


253-253: shellcheck reported issue in this script: SC2086:info:20:17: Double quote to prevent globbing and word splitting

(shellcheck)


253-253: shellcheck reported issue in this script: SC2086:info:22:38: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:11:31: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:19:37: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:19:104: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:19:128: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:31:13: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:38:18: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:39:8: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:39:28: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:40:8: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:40:32: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:40:66: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:40:86: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:41:8: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:47:10: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:57:13: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:57:37: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:57:71: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:57:91: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:58:13: Double quote to prevent globbing and word splitting

(shellcheck)


347-347: shellcheck reported issue in this script: SC2086:info:61:32: Double quote to prevent globbing and word splitting

(shellcheck)


412-412: shellcheck reported issue in this script: SC2086:info:12:10: Double quote to prevent globbing and word splitting

(shellcheck)


412-412: shellcheck reported issue in this script: SC2086:info:13:58: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 Shellcheck (0.10.0)
test-optimizations.sh

[error] 36-36: < is for string comparisons. Use -lt instead.

(SC2071)

🪛 YAMLlint (1.37.1)
.github/workflows/pr-preview.yaml

[error] 59-59: trailing spaces

(trailing-spaces)


[error] 62-62: trailing spaces

(trailing-spaces)


[error] 67-67: trailing spaces

(trailing-spaces)


[error] 69-69: trailing spaces

(trailing-spaces)


[error] 144-144: trailing spaces

(trailing-spaces)


[error] 147-147: trailing spaces

(trailing-spaces)


[error] 155-155: trailing spaces

(trailing-spaces)


[error] 159-159: trailing spaces

(trailing-spaces)


[error] 164-164: trailing spaces

(trailing-spaces)


[error] 176-176: trailing spaces

(trailing-spaces)


[error] 191-191: trailing spaces

(trailing-spaces)


[error] 209-209: trailing spaces

(trailing-spaces)


[error] 267-267: trailing spaces

(trailing-spaces)


[error] 313-313: trailing spaces

(trailing-spaces)


[error] 473-473: trailing spaces

(trailing-spaces)


[error] 476-476: trailing spaces

(trailing-spaces)

🔇 Additional comments (61)
desci-server/prisma/schema.prisma (1)

182-183: Verify downstream code & indexes for newly added firstName / lastName columns

The new optional fields look innocuous, but please double-check:

  1. API DTOs / GraphQL types / serializers include these properties (otherwise writes will silently drop).
  2. Any full-text or autocomplete queries that key off name might need to include the split fields.
  3. No uniqueness or length constraints were required—confirm that is intentional.

If everything is covered, no action needed.

desci-server/prisma/migrations/20250806170333_add_first_last_name_user/migration.sql (1)

1-3: LGTM – migration matches the schema change

Adds two nullable columns; safe for irreversible-down scenarios.

desci-models/package.json (2)

3-3: Semver bump looks fine but ensure rebuilt artefacts are published

Version moves to 0.2.27; remember to run the build & publish job so consumers receive the compiled output that includes the new transformer.


31-32: Good call adding the corresponding type definitions

No further action.

.dockerignore (1)

44-46: Double-check ignoring Dockerfile* does not exclude the build Dockerfile

The pattern **/Dockerfile* matches the root-level Dockerfile; Docker will still send the build file, but the pattern produces a warning and may hide auxiliary Dockerfiles needed by CI.
Consider restringing it to sub-directories:

-**/Dockerfile*
+*/**/Dockerfile*
desci-server/kubernetes/deployment_demo.yaml (1)

75-75: Verify new entry-point path ./dist/src/index.js

The build previously emitted dist/index.js; switching to dist/src/index.js will crash the pod if the file does not exist.
Confirm that:

  1. yarn build outputs that exact path.
  2. All other environment manifests are updated consistently (they appear to be).
desci-server/scripts/be-node-dev.sh (1)

16-19: Good addition: ensure log directories exist
No issues found with the mkdir -p guard.

desci-server/kubernetes/deployment_staging.yaml (1)

134-134: Same path change as demo – please validate build artefacts

As with the demo deployment, ensure dist/src/index.js exists in the production image; otherwise, rolling updates will fail.

desci-server/tsconfig.json (1)

39-46: Include list looks correct – no action needed
Additional paths ensure new seed script and Express augmentations are compiled.

desci-server/kubernetes/deployment_dev.yaml (2)

117-118: Secrets must contain new Supabase keys

Ensure the Vault secret secrets/desci-server/dev/app really defines SUPABASE_URL and SUPABASE_SERVICE_KEY; otherwise pods will start with empty env vars.


130-130: Verify new entry-point path

node ./dist/src/index.js assumes the build output preserves the src/ folder inside dist.
Double-check that tsc produces this path (or adjust the Docker build) to prevent container crash-loops.

desci-models/src/transformers/index.ts (1)

4-4: Export added correctly

MystTransformer is now publicly exposed; change looks good.

desci-server/src/utils/dagConcat.ts (1)

1-3: Please verify TypeScript setup and implicit-any count in desci-server

Before removing // @ts-nocheck, ensure your local TypeScript toolchain and config are in place and that the TODO’s “20 implicit any” count is accurate:

• Check that desci-server/package.json lists "typescript" (likely as a devDependency) and that desci-server/tsconfig.json enables --strict and --noImplicitAny.
• From the desci-server folder, run:

npx tsc --noEmit --strict --noImplicitAny src/utils/dagConcat.ts 2>&1 | grep -i "any" | wc -l

to confirm the number of implicit-any errors.
• If the result isn’t ~20, update the TODO to reflect the true scope (and/or add missing type annotations now).

desci-server/kubernetes/deployment_prod.yaml (1)

116-117: Supabase integration verified – please confirm Vault secrets

  • desci-server/src/lib/supabase.ts correctly reads SUPABASE_URL and SUPABASE_SERVICE_KEY and warns if they’re missing
  • Both deployment_prod.yaml and deployment_dev.yaml inject these environment variables
  • No inconsistencies found in code or deployments

Ensure that the corresponding Vault secrets (SUPABASE_URL and SUPABASE_SERVICE_KEY) are configured in your production (and any other) Vault namespaces to prevent runtime failures.

desci-server/src/controllers/search/types.ts (1)

1-3: LGTM! Improved type import consistency.

The refactoring to use the estypes namespace for Elasticsearch types improves consistency and maintainability while preserving backward compatibility through the type alias.

desci-server/src/utils/draftTreeUtils.ts (1)

124-130: LGTM! Excellent CID format standardization.

This change ensures consistent CID format handling by converting from the kubo-rpc-client specific format to the standard multiformats CID. This improves compatibility and consistency across IPFS operations throughout the codebase.

The explicit await and format conversion prevents potential issues with different CID representations between client implementations.

desci-server/src/routes/v1/services.ts (1)

6-18: Documentation Verified for generate-share-image Endpoint

The API docs in desci-server/src/docs/services.ts include the new
'/v1/services/generate-share-image' path and a matching
generateShareImageOperation with operationId, summary, description, tags,
requestParams, and responses—consistent with existing documentation patterns.

No further changes needed.

desci-models/src/ResearchObject.ts (2)

51-52: LGTM! Clean addition of date field.

The optional date property is well-documented with the expected format (YYYY-MM-DD) and maintains backward compatibility. This supports enhanced metadata capture for research objects.


109-110: LGTM! Author email field addition is appropriate.

The optional email property follows the established pattern of other optional author metadata fields. This enhances author information capture while maintaining backward compatibility.

desci-server/Makefile (4)

1-1: LGTM! Makefile improvements support better build workflows.

The addition of build to the phony targets is correct and supports the enhanced CI/CD pipeline mentioned in the summary.


5-5: LGTM! Building after installation streamlines the workflow.

Running yarn build after dependency installation ensures the project is ready to use immediately after the install target completes, which aligns with the improved build and deployment processes.


7-8: LGTM! Dedicated build target provides flexibility.

The standalone build target allows for independent build execution, supporting both CI/CD workflows and developer convenience.


11-11: LGTM! Enhanced clean target is more thorough.

Removing both node_modules and dist directories ensures a complete cleanup, which is appropriate since dist contains build artifacts that should be regenerated.

desci-server/package.json (5)

88-88: LGTM! Supabase client dependency supports new database integration.

The @supabase/supabase-js dependency enables the Supabase client functionality implemented in src/lib/supabase.ts.


90-90: LGTM! Markdown processing dependencies support MystTransformer.

The marked library and its TypeScript definitions enable markdown parsing functionality for the new MystTransformer feature.

Also applies to: 122-122


137-137: LGTM! Puppeteer enables headless browser automation for image generation.

The Puppeteer dependency supports the share image generation services mentioned in the summary.


145-145: LGTM! Sharp provides efficient image processing capabilities.

Sharp is a high-performance image processing library that complements Puppeteer for the image generation services.


157-157: LGTM! XSS library enhances security posture.

The xss library provides input sanitization to prevent cross-site scripting attacks, improving the application's security.

desci-server/src/lib/supabase.ts (1)

1-11: LGTM! Clean Supabase client initialization with proper error handling.

The implementation follows best practices:

  • Proper environment variable configuration
  • Graceful degradation with informative warning when credentials are missing
  • Conditional client creation prevents runtime errors in misconfigured environments
  • Clean exports support the image generation services mentioned in the summary

The approach aligns well with the Kubernetes deployment configurations that inject these environment variables via Vault secrets.

desci-server/tsconfig-test.json (4)

12-12: LGTM - Configuration consolidation looks good.

The consolidation of the "lib" array into a single line improves readability while maintaining the same functionality.


21-24: LGTM - Appropriate compiler options added.

The new compiler options are well-chosen:

  • skipDefaultLibCheck: true improves build performance
  • noResolve: false allows proper module resolution
  • noImplicitAny: false provides flexibility for test scenarios
  • types: [] gives explicit control over included types

28-28: Good improvement - explicit typeRoots configuration.

Replacing the Express path mapping with explicit typeRoots configuration is more maintainable and aligns with the Express type augmentations being introduced.


31-32: LGTM - Proper inclusion of type augmentations.

Including src/types/**/*.d.ts and the specific Express augmentation file ensures proper type resolution across the test environment.

desci-server/src/controllers/search/query.ts (2)

151-162: LGTM - Well-implemented cache-first strategy.

The caching implementation follows best practices:

  • Proper error handling that doesn't interrupt normal flow
  • Descriptive logging for cache hits
  • Graceful degradation when cache fails

190-207: Excellent caching implementation with proper error handling.

The response construction and caching logic is well-structured:

  • Response object is properly typed
  • 1-hour TTL (3600s) is appropriate for monthly aggregations
  • Error handling ensures the API continues working even if caching fails
  • Consistent logging for debugging
desci-server/src/server.ts (2)

23-23: Good correction - proper naming for OpenAPI documentation.

The import rename from 'openai' to 'openapi' corrects the naming and aligns with the actual OpenAPI documentation structure.


221-221: Appropriate type casting for swagger-ui-express compatibility.

The middleware setup with type casting addresses TypeScript compatibility issues with swagger-ui-express. The spread operator and type assertions are a common workaround for this library's typing issues.

desci-server/prisma/seed.ts (6)

2-7: Good refactoring - improved file loading approach.

Replacing the JSON import with synchronous file read using fs.readFileSync is more reliable and avoids potential module loading issues with JSON assertions.


10-16: Excellent addition - comprehensive logging and connection management.

The enhanced logging and explicit Prisma connection management will greatly improve debugging capabilities:

  • Environment variable logging helps with configuration issues
  • Explicit connection testing catches connectivity problems early
  • Structured approach to connection management

17-46: LGTM - Proper indentation after try-catch wrapping.

The core seeding logic remains unchanged with appropriate indentation adjustments for the new error handling structure.


101-105: Well-implemented error handling structure.

The try-catch block provides proper error handling with detailed logging, including stack traces for debugging.


115-122: Robust disconnect handling with proper error management.

The Prisma disconnect logic is properly wrapped in try-catch to handle potential disconnection errors gracefully.


34-34: Static analysis false positive - test data, not secrets.

The static analysis tool flagged these as API keys, but they appear to be base64-encoded hashes used for test/seed data (yMcm5OwIUcmh98cmpDhCZArwRV+8Q14XIOs2LhKQ6fY=). The memo indicates this is for "nodes-lib tests", confirming it's test data rather than production secrets.

Also applies to: 38-38

desci-server/src/swagger.ts (1)

6-171: Comprehensive API documentation implementation looks excellent.

The OpenAPI documentation follows the established patterns from the desci-server/src/docs folder as specified in the coding guidelines. The schema definitions are well-structured with clear descriptions, examples, and proper type specifications. The response schemas correctly define content types and error handling scenarios.

desci-server/src/services/ipfs.ts (6)

40-40: LGTM - Proper HTTPS agent configuration.

The addition of the HTTPS agent with SSL certificate for the public IPFS client is correctly implemented.


623-623: LGTM - Consistent IPFS client method usage.

The addAll method call correctly uses the IPFS client with proper options.


719-719: LGTM - Consistent return type handling.

The migration function correctly handles the result type.


733-733: LGTM - Proper CID parsing in pin operations.

The pin.add method correctly uses CID.parse() for type safety.


762-762: LGTM - Consistent CID parsing in block operations.

The block.stat method correctly uses CID.parse().


811-811: LGTM - Proper CID parsing in block removal.

The block.rm method correctly uses CID.parse() for type safety.

desci-server/src/docs/openapi.ts (4)

75-112: Dynamic server detection implementation is well-designed.

The getServers() function properly handles different environments and includes intelligent PR preview detection with regex pattern matching. The URL deduplication logic prevents duplicate entries when the current environment matches existing servers.


24-24: Proper integration of services paths.

The import and spreading of servicesPaths correctly integrates the new share image generation API endpoints into the OpenAPI documentation, following the established pattern.

Also applies to: 162-162


114-114: Correct naming convention fix.

The export name change from openaiDocumentation to openApiDocumentation fixes the typo and uses the proper OpenAPI terminology.


137-137: Proper tag integration for services.

The addition of the "Services" tag aligns with the new service endpoints and follows the established documentation pattern.

desci-models/tests/transformers/MystTransformer.test.ts (1)

1-704: Comprehensive and well-structured test suite.

This test file provides excellent coverage of the MystTransformer functionality with:

  • Proper use of ts-interface-checker for validation
  • Comprehensive roundtrip testing to ensure data integrity
  • Edge case handling (missing frontmatter, complex YAML)
  • Clear test organization and descriptive test names
  • Thorough assertion coverage for all major features

The tests validate the transformer's ability to handle complex academic metadata, author information, references, and various YAML parsing scenarios. The roundtrip tests are particularly valuable for ensuring data fidelity.

desci-server/src/controllers/services/shareImage.ts (1)

439-441: Regex construction is safe - no action needed

The static analysis warning about regex construction from variable input is a false positive. The citation text is properly escaped using replace(/[.*+?^${}()|[\]\\]/g, '\\$&') before being used in the RegExp constructor, which prevents ReDoS attacks.

desci-server/src/controllers/services/shareImagePuppeteer.ts (2)

17-29: Good implementation of safe string replacement

The replaceAllSafe function properly avoids regex-based replacement, preventing potential ReDoS vulnerabilities. This is a good security practice.


838-845: Excellent error handling and cleanup

The browser cleanup in the finally block ensures resources are properly released even if an error occurs. The custom error class for fallback handling is also well-designed.

desci-server/src/services/ElasticSearchService.ts (1)

1-1: Good type import consolidation.

The change to use namespace import for Elasticsearch types improves code organization and makes it clear which types come from the Elasticsearch library.

.github/workflows/pr-preview.yaml (2)

251-278: Migration check successfully implements PR objective!

The schema change detection correctly blocks deployment when migrations are detected, which fulfills the main PR objective of preventing deployments with pending migrations.


547-548: New Supabase environment variables added as mentioned in PR summary.

The addition of SUPABASE_URL and SUPABASE_SERVICE_KEY environment variables aligns with the infrastructure enhancements mentioned in the PR summary.

Comment thread .env.example

# A map for email types to sendgrid template IDs, mainly used for sending journal emails.
SENDGRID_TEMPLATE_ID_MAP=
SENDGRID_TEMPLATE_ID_MAP="{}"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Remove embedded quotes from SENDGRID_TEMPLATE_ID_MAP to avoid parsing issues

Most dotenv parsers treat the value verbatim, so the surrounding quotes ("{}") will be included in the string.
Unless the application explicitly strips them, every reference will read the literal value "{}" instead of {} and JSON parsing will fail.

-SENDGRID_TEMPLATE_ID_MAP="{}"
+SENDGRID_TEMPLATE_ID_MAP={}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
SENDGRID_TEMPLATE_ID_MAP="{}"
SENDGRID_TEMPLATE_ID_MAP={}
🧰 Tools
🪛 dotenv-linter (3.3.0)

[warning] 68-68: [QuoteCharacter] The value has quote characters (', ")

🤖 Prompt for AI Agents
In .env.example at line 68, remove the surrounding double quotes from the
SENDGRID_TEMPLATE_ID_MAP value so it reads SENDGRID_TEMPLATE_ID_MAP={} instead
of SENDGRID_TEMPLATE_ID_MAP="{}". This prevents the quotes from being included
in the string and avoids JSON parsing errors.

Comment on lines +133 to +160
- name: Build and push image (DEV) - With Registry Caching
if: github.ref == 'refs/heads/develop'
run: |
# Build and tag the image
docker build \
-t $CONTAINER_IMAGE-dev:${{ github.sha }} \
-t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev \
.
# ECR login
aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com

- name: Build and tag the image (DEMO)
if: github.ref == 'refs/heads/demo'
run: |
# Build and tag the image
docker build \
-t $CONTAINER_IMAGE-demo:${{ github.sha }} \
-t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-demo \
.
# Create cache repository if it doesn't exist
aws ecr describe-repositories --repository-names $CONTAINER_IMAGE-dev-cache 2>/dev/null || \
aws ecr create-repository --repository-name $CONTAINER_IMAGE-dev-cache

- name: Build and tag the image (PROD)
if: github.ref == 'refs/heads/main'
run: |
# Build and tag the image
# Define cache image
CACHE_IMAGE=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev-cache:latest

# Pull cache image (ignore failures for first builds)
docker pull $CACHE_IMAGE || echo "No cache found, building from scratch"

# Build with cache-from and inline cache
docker build \
-t $CONTAINER_IMAGE:${{ github.sha }} \
-t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE \
.
--build-arg BUILDKIT_INLINE_CACHE=1 \
--cache-from $CACHE_IMAGE \
-t $CONTAINER_IMAGE-dev:${{ github.sha }} \
-t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev:${{ github.sha }} \
-t $CACHE_IMAGE \
.

- name: Push (DEV)
if: github.ref == 'refs/heads/develop'
run: |
# Push image to AWS ECR
aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
docker tag $CONTAINER_IMAGE-dev:${{ github.sha }} $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev:${{ github.sha }}
# Push both main image and cache
docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev:${{ github.sha }}
docker push $CACHE_IMAGE

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Fix shell script variable quoting issues.

The registry caching implementation is well-designed, but there are multiple shellcheck warnings about unquoted variables that could lead to issues with globbing and word splitting.

Apply these fixes to properly quote variables:

       run: |
         # ECR login
-        aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
+        aws ecr get-login-password --region "$AWS_DEFAULT_REGION" | docker login --username AWS --password-stdin "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com"

         # Create cache repository if it doesn't exist
-        aws ecr describe-repositories --repository-names $CONTAINER_IMAGE-dev-cache 2>/dev/null || \
-        aws ecr create-repository --repository-name $CONTAINER_IMAGE-dev-cache
+        aws ecr describe-repositories --repository-names "$CONTAINER_IMAGE-dev-cache" 2>/dev/null || \
+        aws ecr create-repository --repository-name "$CONTAINER_IMAGE-dev-cache"

         # Define cache image
-        CACHE_IMAGE=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev-cache:latest
+        CACHE_IMAGE="$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev-cache:latest"

         # Pull cache image (ignore failures for first builds)
-        docker pull $CACHE_IMAGE || echo "No cache found, building from scratch"
+        docker pull "$CACHE_IMAGE" || echo "No cache found, building from scratch"

         # Build with cache-from and inline cache
         docker build \
           --build-arg BUILDKIT_INLINE_CACHE=1 \
-          --cache-from $CACHE_IMAGE \
-          -t $CONTAINER_IMAGE-dev:${{ github.sha }} \
-          -t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev:${{ github.sha }} \
-          -t $CACHE_IMAGE \
+          --cache-from "$CACHE_IMAGE" \
+          -t "$CONTAINER_IMAGE-dev:${{ github.sha }}" \
+          -t "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev:${{ github.sha }}" \
+          -t "$CACHE_IMAGE" \
           .

         # Push both main image and cache
-        docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev:${{ github.sha }}
-        docker push $CACHE_IMAGE
+        docker push "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev:${{ github.sha }}"
+        docker push "$CACHE_IMAGE"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Build and push image (DEV) - With Registry Caching
if: github.ref == 'refs/heads/develop'
run: |
# Build and tag the image
docker build \
-t $CONTAINER_IMAGE-dev:${{ github.sha }} \
-t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev \
.
# ECR login
aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
- name: Build and tag the image (DEMO)
if: github.ref == 'refs/heads/demo'
run: |
# Build and tag the image
docker build \
-t $CONTAINER_IMAGE-demo:${{ github.sha }} \
-t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-demo \
.
# Create cache repository if it doesn't exist
aws ecr describe-repositories --repository-names $CONTAINER_IMAGE-dev-cache 2>/dev/null || \
aws ecr create-repository --repository-name $CONTAINER_IMAGE-dev-cache
- name: Build and tag the image (PROD)
if: github.ref == 'refs/heads/main'
run: |
# Build and tag the image
# Define cache image
CACHE_IMAGE=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev-cache:latest
# Pull cache image (ignore failures for first builds)
docker pull $CACHE_IMAGE || echo "No cache found, building from scratch"
# Build with cache-from and inline cache
docker build \
-t $CONTAINER_IMAGE:${{ github.sha }} \
-t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE \
.
--build-arg BUILDKIT_INLINE_CACHE=1 \
--cache-from $CACHE_IMAGE \
-t $CONTAINER_IMAGE-dev:${{ github.sha }} \
-t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev:${{ github.sha }} \
-t $CACHE_IMAGE \
.
- name: Push (DEV)
if: github.ref == 'refs/heads/develop'
run: |
# Push image to AWS ECR
aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
docker tag $CONTAINER_IMAGE-dev:${{ github.sha }} $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev:${{ github.sha }}
# Push both main image and cache
docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev:${{ github.sha }}
docker push $CACHE_IMAGE
- name: Build and push image (DEV) - With Registry Caching
if: github.ref == 'refs/heads/develop'
run: |
# ECR login
aws ecr get-login-password --region "$AWS_DEFAULT_REGION" | docker login --username AWS --password-stdin "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com"
# Create cache repository if it doesn't exist
aws ecr describe-repositories --repository-names "$CONTAINER_IMAGE-dev-cache" 2>/dev/null || \
aws ecr create-repository --repository-name "$CONTAINER_IMAGE-dev-cache"
# Define cache image
CACHE_IMAGE="$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev-cache:latest"
# Pull cache image (ignore failures for first builds)
docker pull "$CACHE_IMAGE" || echo "No cache found, building from scratch"
# Build with cache-from and inline cache
docker build \
--build-arg BUILDKIT_INLINE_CACHE=1 \
--cache-from "$CACHE_IMAGE" \
-t "$CONTAINER_IMAGE-dev:${{ github.sha }}" \
-t "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev:${{ github.sha }}" \
-t "$CACHE_IMAGE" \
.
# Push both main image and cache
docker push "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-dev:${{ github.sha }}"
docker push "$CACHE_IMAGE"
🧰 Tools
🪛 actionlint (1.7.7)

135-135: shellcheck reported issue in this script: SC2086:info:2:37: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:2:104: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:2:128: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:5:50: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:6:45: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:12:13: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:17:16: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:18:6: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:19:6: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:19:30: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:19:64: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:20:6: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:24:13: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:24:37: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:24:71: Double quote to prevent globbing and word splitting

(shellcheck)


135-135: shellcheck reported issue in this script: SC2086:info:25:13: Double quote to prevent globbing and word splitting

(shellcheck)

🤖 Prompt for AI Agents
In .github/workflows/build-server.yaml between lines 133 and 160, the shell
script uses unquoted variables which can cause issues with word splitting and
globbing. To fix this, enclose all variable references like $AWS_DEFAULT_REGION,
$AWS_ACCOUNT_ID, $CONTAINER_IMAGE, and $CACHE_IMAGE in double quotes throughout
the script, especially in commands like aws ecr get-login-password, docker
login, aws ecr describe-repositories, docker pull, docker build, and docker push
to ensure safe and predictable variable expansion.

Comment on lines +162 to +189
- name: Build and push image (DEMO) - With Registry Caching
if: github.ref == 'refs/heads/demo'
run: |
# Push image to AWS ECR
# ECR login
aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
docker tag $CONTAINER_IMAGE-demo:${{ github.sha }} $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-demo:${{ github.sha }}

# Create cache repository if it doesn't exist
aws ecr describe-repositories --repository-names $CONTAINER_IMAGE-demo-cache 2>/dev/null || \
aws ecr create-repository --repository-name $CONTAINER_IMAGE-demo-cache

# Define cache image
CACHE_IMAGE=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-demo-cache:latest

# Pull cache image (ignore failures for first builds)
docker pull $CACHE_IMAGE || echo "No cache found, building from scratch"

# Build with cache-from and inline cache
docker build \
--build-arg BUILDKIT_INLINE_CACHE=1 \
--cache-from $CACHE_IMAGE \
-t $CONTAINER_IMAGE-demo:${{ github.sha }} \
-t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-demo:${{ github.sha }} \
-t $CACHE_IMAGE \
.

# Push both main image and cache
docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-demo:${{ github.sha }}
docker push $CACHE_IMAGE

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Apply the same shell script fixes to the DEMO build step.

The DEMO build step has identical shellcheck issues that need the same variable quoting fixes as the DEV step.

🧰 Tools
🪛 actionlint (1.7.7)

164-164: shellcheck reported issue in this script: SC2086:info:2:37: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:2:104: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:2:128: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:5:50: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:6:45: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:12:13: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:17:16: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:18:6: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:19:6: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:19:30: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:19:64: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:20:6: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:24:13: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:24:37: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:24:71: Double quote to prevent globbing and word splitting

(shellcheck)


164-164: shellcheck reported issue in this script: SC2086:info:25:13: Double quote to prevent globbing and word splitting

(shellcheck)

🤖 Prompt for AI Agents
In .github/workflows/build-server.yaml between lines 162 and 189, the shell
script for the DEMO build step lacks proper quoting of variables, causing
shellcheck issues. Fix this by adding double quotes around all variable
references in the script, such as "$AWS_DEFAULT_REGION", "$AWS_ACCOUNT_ID",
"$CONTAINER_IMAGE-demo-cache", and others, to ensure safe and correct shell
execution.

Comment on lines +191 to +218
- name: Build and push image (PROD) - With Registry Caching
if: github.ref == 'refs/heads/main'
run: |
# Push image to AWS ECR
# ECR login
aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
docker tag $CONTAINER_IMAGE:${{ github.sha }} $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE:${{ github.sha }}

# Create cache repository if it doesn't exist
aws ecr describe-repositories --repository-names $CONTAINER_IMAGE-cache 2>/dev/null || \
aws ecr create-repository --repository-name $CONTAINER_IMAGE-cache

# Define cache image
CACHE_IMAGE=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE-cache:latest

# Pull cache image (ignore failures for first builds)
docker pull $CACHE_IMAGE || echo "No cache found, building from scratch"

# Build with cache-from and inline cache
docker build \
--build-arg BUILDKIT_INLINE_CACHE=1 \
--cache-from $CACHE_IMAGE \
-t $CONTAINER_IMAGE:${{ github.sha }} \
-t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE:${{ github.sha }} \
-t $CACHE_IMAGE \
.

# Push both main image and cache
docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$CONTAINER_IMAGE:${{ github.sha }}
docker push $CACHE_IMAGE

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Apply the same shell script fixes to the PROD build step.

The PROD build step has identical shellcheck issues that need the same variable quoting fixes as the DEV and DEMO steps.

🧰 Tools
🪛 actionlint (1.7.7)

193-193: shellcheck reported issue in this script: SC2086:info:2:37: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:2:104: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:2:128: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:5:50: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:6:45: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:12:13: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:17:16: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:18:6: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:19:6: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:19:30: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:19:64: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:20:6: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:24:13: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:24:37: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:24:71: Double quote to prevent globbing and word splitting

(shellcheck)


193-193: shellcheck reported issue in this script: SC2086:info:25:13: Double quote to prevent globbing and word splitting

(shellcheck)

🤖 Prompt for AI Agents
In .github/workflows/build-server.yaml from lines 191 to 218, the shell script
in the PROD build step lacks proper quoting of variables, causing shellcheck
issues. Fix this by adding double quotes around all variable references such as
"$AWS_DEFAULT_REGION", "$AWS_ACCOUNT_ID", "$CONTAINER_IMAGE", and "$CACHE_IMAGE"
throughout the script to ensure safe and correct shell execution.

runs-on: blacksmith-4vcpu-ubuntu-2204
steps:
- name: Cleanup expired PR deployments (15 days TTL)
run: |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Shell script improvements needed for robustness.

Multiple shellcheck warnings indicate potential issues with unquoted variables and read commands:

  • Unquoted variables can cause word splitting issues
  • read without -r will mangle backslashes
  • Use -n instead of ! -z for better readability

Example fixes for the most critical issues:

# Line 53 (in cleanup-expired-deployments)
- while read deployment_name created_at pr_number; do
+ while IFS=' ' read -r deployment_name created_at pr_number; do

# Line 142 (in check concurrent deployment)
- while read deployment_name pr_num desired_replicas available_replicas ready_replicas; do
+ while IFS=' ' read -r deployment_name pr_num desired_replicas available_replicas ready_replicas; do

# Line 264
- if git diff --name-only origin/$TARGET_BRANCH...HEAD | grep -q "desci-server/prisma/schema.prisma"; then
+ if git diff --name-only "origin/$TARGET_BRANCH...HEAD" | grep -q "desci-server/prisma/schema.prisma"; then

Also applies to: 120-120, 253-253, 347-347, 412-412

🧰 Tools
🪛 actionlint (1.7.7)

32-32: shellcheck reported issue in this script: SC2086:info:12:10: Double quote to prevent globbing and word splitting

(shellcheck)


32-32: shellcheck reported issue in this script: SC2086:info:13:58: Double quote to prevent globbing and word splitting

(shellcheck)


32-32: shellcheck reported issue in this script: SC2162:info:21:7: read without -r will mangle backslashes

(shellcheck)


32-32: shellcheck reported issue in this script: SC2236:style:28:8: Use -n instead of ! -z

(shellcheck)


32-32: shellcheck reported issue in this script: SC2086:info:29:97: Double quote to prevent globbing and word splitting

(shellcheck)


32-32: shellcheck reported issue in this script: SC2086:info:32:31: Double quote to prevent globbing and word splitting

(shellcheck)


32-32: shellcheck reported issue in this script: SC2086:info:33:44: Double quote to prevent globbing and word splitting

(shellcheck)


32-32: shellcheck reported issue in this script: SC2086:info:34:44: Double quote to prevent globbing and word splitting

(shellcheck)

🤖 Prompt for AI Agents
In .github/workflows/pr-preview.yaml at line 32 and also lines 120, 253, 347,
and 412, the shell script has unquoted variables, uses read without the -r flag,
and uses ! -z instead of -n for string tests. To fix, quote all variable
expansions to prevent word splitting, add the -r flag to all read commands to
avoid backslash mangling, and replace tests like ! -z "$var" with the more
readable -n "$var". Apply these changes consistently at all mentioned lines.

Comment on lines +1 to +17
import { JwtPayload } from '../JwtPayload';

// Re-export all Express types from the original module
export * from 'express';

// Just augment the Express namespace without changing module structure
declare global {
namespace Express {
export interface Request {
jwtPayload: JwtPayload;
// language: Language;
}
export interface Response {
customSuccess(httpStatusCode: number, message: string, data?: any): Response;
}
}
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Well-implemented Express type augmentation with potential duplication concern.

The global namespace augmentation follows TypeScript best practices and provides proper type safety for JWT payloads and custom response methods.

However, there appears to be potential duplication with src/types/express/index.d.ts which defines identical Request and Response interfaces. Consider consolidating these type definitions to avoid maintenance overhead.

Let me check for potential duplication in the Express type definitions:


🏁 Script executed:

#!/bin/bash
# Description: Check for duplicate Express type definitions
# Expected: Find if there are multiple files defining similar Express augmentations

echo "=== Searching for Express type augmentations ==="
fd -e ts -e d.ts | xargs rg -l "interface Request|interface Response" | grep -E "(express|Express)"

echo -e "\n=== Checking content of Express-related type files ==="
fd -e ts -e d.ts | xargs rg -A 5 -B 2 "namespace Express|interface Request.*jwtPayload|interface Response.*customSuccess"

Length of output: 2272


Consolidate Duplicate Express Type Augmentations

The Express augmentation is correctly implemented, but identical Request and Response extensions are declared in multiple places. To reduce maintenance overhead and prevent drift, please consolidate these definitions.

• desci-server/src/types/express-augmentations.d.ts
• desci-server/src/types/express/index.d.ts
• (Optional) desci-server/src/middleware/checkJwt.ts also contains a local augmentation—consider relying on the centralized type file instead of redefining here.

🤖 Prompt for AI Agents
In desci-server/src/types/express-augmentations.d.ts lines 1 to 17, consolidate
the Express Request and Response interface augmentations currently duplicated
across this file, desci-server/src/types/express/index.d.ts, and optionally
desci-server/src/middleware/checkJwt.ts. Remove the duplicate augmentations from
the other files and keep a single centralized augmentation in this file to
reduce maintenance overhead and prevent type definition drift.

Comment on lines +1 to +3
// @ts-nocheck
// TODO: Remove @ts-nocheck and fix 15 implicit any type errors
// This file needs proper typing for diff operations and object mapping

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Avoid leaving // @ts-nocheck in perpetuity

Disabling type-checking hides real errors (the file already has 15 implicit-anys). Schedule a follow-up task to add typings and remove the directive; otherwise technical debt will accumulate quickly.

🤖 Prompt for AI Agents
In desci-server/src/utils/diffUtils.ts at the beginning of the file (lines 1 to
3), the use of // @ts-nocheck disables TypeScript checking and hides 15 implicit
any type errors. To fix this, remove the // @ts-nocheck directive and add proper
TypeScript typings for all variables, function parameters, and return types in
the file. Schedule a follow-up task to fully address these type errors and
ensure the file is correctly typed to prevent accumulating technical debt.

Comment thread Dockerfile
Comment on lines +36 to +42
# Create directories and set permissions in a single layer for better caching
RUN mkdir /app && \
chown -R node:node /app && \
chown -R node:node /root && \
mkdir -p /tmp/ipfs/src /tmp/ipfs/ipfs && \
chown -R node:node /tmp/ipfs && \
mkdir -p /root/.yarn/v6

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

⚠️ Potential issue

Security concern: Consider running as non-root user

The container appears to run as root user. For better security, consider switching to a non-root user after setting up the required permissions.

Add after line 42:

+# Switch to non-root user for security
+USER node
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Create directories and set permissions in a single layer for better caching
RUN mkdir /app && \
chown -R node:node /app && \
chown -R node:node /root && \
mkdir -p /tmp/ipfs/src /tmp/ipfs/ipfs && \
chown -R node:node /tmp/ipfs && \
mkdir -p /root/.yarn/v6
# Create directories and set permissions in a single layer for better caching
RUN mkdir /app && \
chown -R node:node /app && \
chown -R node:node /root && \
mkdir -p /tmp/ipfs/src /tmp/ipfs/ipfs && \
chown -R node:node /tmp/ipfs && \
mkdir -p /root/.yarn/v6
# Switch to non-root user for security
USER node
🤖 Prompt for AI Agents
In Dockerfile around lines 36 to 42, the container is currently running as root,
which poses a security risk. After setting up the necessary directories and
permissions, add a USER instruction to switch to the non-root user 'node' to run
the container processes securely. This change should be placed immediately after
line 42 to ensure all setup steps run as root but the application runs with
limited privileges.

Comment thread test-optimizations.sh
echo -e "${GREEN}✓${NC} Context size: $size"

# Check if size seems reasonable (less than 200MB)
if [[ $context_line =~ ([0-9.]+)MB && ${BASH_REMATCH[1]} < 200 ]] || [[ $context_line =~ ([0-9.]+)[KB] ]]; then

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix numeric comparison in shell script

Using < for numeric comparison in bash is incorrect. Use -lt for numeric comparisons.

-    if [[ $context_line =~ ([0-9.]+)MB && ${BASH_REMATCH[1]} < 200 ]] || [[ $context_line =~ ([0-9.]+)[KB] ]]; then
+    if [[ $context_line =~ ([0-9.]+)MB ]] && (( $(echo "${BASH_REMATCH[1]} < 200" | bc -l) )) || [[ $context_line =~ ([0-9.]+)[KB] ]]; then
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if [[ $context_line =~ ([0-9.]+)MB && ${BASH_REMATCH[1]} < 200 ]] || [[ $context_line =~ ([0-9.]+)[KB] ]]; then
if [[ $context_line =~ ([0-9.]+)MB ]] && (( $(echo "${BASH_REMATCH[1]} < 200" | bc -l) )) || [[ $context_line =~ ([0-9.]+)[KB] ]]; then
🧰 Tools
🪛 Shellcheck (0.10.0)

[error] 36-36: < is for string comparisons. Use -lt instead.

(SC2071)

🤖 Prompt for AI Agents
In test-optimizations.sh at line 36, the script uses the '<' operator for
numeric comparison, which is invalid in bash. Replace the '<' operator with
'-lt' to correctly perform numeric comparison in the if condition.

Comment thread test-optimizations.sh
Comment on lines +54 to +62
echo "// optimization test $(date)" >> desci-server/src/index.ts
echo "Building second time (should use cached layers)..."
time3=$(date +%s)
docker build -q -t desci-server:test-v2 . >/dev/null 2>&1
time4=$(date +%s)
second_build=$((time4-time3))

# Clean up the test change
git checkout -- desci-server/src/index.ts 2>/dev/null || true

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Ensure safe file modification and restoration

The script modifies a source file but the cleanup might fail if the script is interrupted. Consider using a trap to ensure cleanup.

+# Set up cleanup trap
+cleanup() {
+    git checkout -- desci-server/src/index.ts 2>/dev/null || true
+}
+trap cleanup EXIT
+
 # Make a small change to test incremental builds
 echo "// optimization test $(date)" >> desci-server/src/index.ts
 echo "Building second time (should use cached layers)..."
 time3=$(date +%s)
 docker build -q -t desci-server:test-v2 . >/dev/null 2>&1
 time4=$(date +%s)
 second_build=$((time4-time3))

-# Clean up the test change
-git checkout -- desci-server/src/index.ts 2>/dev/null || true

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents
In test-optimizations.sh around lines 54 to 62, the script modifies
desci-server/src/index.ts but only attempts cleanup at the end, which may fail
if interrupted. To fix this, add a trap command at the start of the script or
before the modification that restores the original file using git checkout on
script exit or interruption signals. This ensures the file is always restored
even if the script is terminated prematurely.

@github-actions

github-actions Bot commented Aug 6, 2025

Copy link
Copy Markdown

🚀 PR Preview Deployment

Your PR has been deployed and is available at:
https://pr-1058.nodes-api-dev.desci.com

📋 Deployment Details:

  • 🔗 Preview URL: https://pr-1058.nodes-api-dev.desci.com
  • 📦 Image: desci-server-pr:pr-1058-dbe5673c
  • ⏱️ Deployed at: 2025-08-06T17:40:01.037Z
  • 🗓️ Expires on: 8/21/2025 (15 days TTL)
  • 🔄 Uses dev environment configuration

⚠️ Note: This deployment shares the dev database. Be cautious with destructive operations.

🧹 This deployment will be automatically cleaned up when:

  • The PR is closed, or
  • 15 days have passed since deployment

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (7)
.github/workflows/pr-preview.yaml (7)

51-58: Repeat of previous shell lint issues – still reading into vars unsafely

while read deployment_name created_at pr_number; do
– still lacks a safe IFS definition and the -r flag. Untrusted values (e.g. deployment names containing spaces or back-slashes) will be split/mangled, producing false clean-ups.

Same comment was already raised on earlier commits (SC2162 / SC2086).
Please apply the earlier fix everywhere:

-while read deployment_name created_at pr_number; do
+while IFS=' ' read -r deployment_name created_at pr_number; do

…and quote all variable expansions inside the loop.


60-61: String-test style still non-idiomatic

[ ! -z "$created_at" ] ⇒ use the positive form [ -n "$created_at" ] for clarity and to avoid ! precedence gotchas.
Issue already raised previously (SC2236).

-if [ ! -z "$created_at" ] && [ "$created_at" -lt "$CUTOFF_DATE" ]; then
+if [ -n "$created_at" ] && [ "$created_at" -lt "$CUTOFF_DATE" ]; then

140-148: Unquoted, unsafe read loop recurs

Same hazards as earlier:

while read deployment_name pr_num desired_replicas available_replicas ready_replicas; do

Add IFS=... read -r … and quote all vars. The prior review already pointed this out.


173-183: Orphan-services loop repeats the unsafe pattern

Update to the hardened form:

-while read service_name pr_num; do
+while IFS=' ' read -r service_name pr_num; do

…plus quoting as noted earlier.


187-198: Same unsafe read usage for ingress cleanup

Apply the same IFS=' ' read -r … refactor and quote expansions.


206-214: File-based loop uses plain read

Even when reading from a tmp-file, keep the -r flag to avoid back-slash processing:

-while read pr_num available_replicas; do
+while read -r pr_num available_replicas; do

260-265: Still missing the protective git fetch from previous review

If the workflow runs on a fresh runner where origin/$TARGET_BRANCH isn’t present, git diff will fail. The earlier review suggested an explicit git fetch, but the change here still relies on the conditional fetch inside the sub-shell. A simpler, deterministic pattern is:

git fetch --no-tags --depth=1 origin "$TARGET_BRANCH"

before the diff logic.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dbe5673 and ec6ee01.

📒 Files selected for processing (1)
  • .github/workflows/pr-preview.yaml (1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.7)
.github/workflows/pr-preview.yaml

29-29: label "blacksmith-4vcpu-ubuntu-2204" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)


76-76: label "blacksmith-4vcpu-ubuntu-2204" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)


112-112: label "blacksmith-4vcpu-ubuntu-2204" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

🪛 YAMLlint (1.37.1)
.github/workflows/pr-preview.yaml

[error] 59-59: trailing spaces

(trailing-spaces)


[error] 62-62: trailing spaces

(trailing-spaces)


[error] 67-67: trailing spaces

(trailing-spaces)


[error] 69-69: trailing spaces

(trailing-spaces)


[error] 144-144: trailing spaces

(trailing-spaces)


[error] 147-147: trailing spaces

(trailing-spaces)


[error] 155-155: trailing spaces

(trailing-spaces)


[error] 159-159: trailing spaces

(trailing-spaces)


[error] 164-164: trailing spaces

(trailing-spaces)


[error] 176-176: trailing spaces

(trailing-spaces)


[error] 191-191: trailing spaces

(trailing-spaces)


[error] 209-209: trailing spaces

(trailing-spaces)


[error] 276-276: trailing spaces

(trailing-spaces)


[error] 322-322: trailing spaces

(trailing-spaces)


[error] 482-482: trailing spaces

(trailing-spaces)


[error] 485-485: trailing spaces

(trailing-spaces)

Comment on lines +364 to +370

# Setup Sentry
npm install -g @sentry/cli
sentry-cli login --auth-token $SENTRY_AUTH_TOKEN
echo -e "\nSENTRY_AUTH_TOKEN=$SENTRY_AUTH_TOKEN" >> desci-server/.env

# Build and tag image with retry logic and registry caching

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Secret baked into container image

echo -e "\nSENTRY_AUTH_TOKEN=$SENTRY_AUTH_TOKEN" >> desci-server/.env
persists the production token inside the built Docker layer, so anyone with image pull access can read it. Consider:

  1. Injecting the token at runtime via Kubernetes secret or Vault rather than hard-coding.
  2. At minimum, marking the ENV as build-time only (--build-arg) and not committing it to the final image layer.
🤖 Prompt for AI Agents
In .github/workflows/pr-preview.yaml around lines 364 to 370, the current
approach appends the SENTRY_AUTH_TOKEN directly into the desci-server/.env file
during build, which bakes the secret into the Docker image layers. To fix this,
remove the line that writes the token into the .env file during build and
instead configure the token to be injected at runtime using Kubernetes secrets
or Vault. If runtime injection is not possible, pass the token as a build
argument with --build-arg and ensure it is not persisted in the final image
layers.

@github-actions

github-actions Bot commented Aug 6, 2025

Copy link
Copy Markdown

⚠️ PR Preview Deployment Blocked

This PR contains changes to the Prisma schema that may require database migrations affecting the shared dev database. To prevent accidental data loss or corruption, the preview deployment has been skipped.

📋 Schema Changes Detected:

🔧 Next Steps:

  1. Review the schema changes carefully to ensure they are safe for the dev environment
  2. Generate and apply migrations if the changes are safe:
    # Generate migration for these schema changes:
    npx prisma migrate dev --name describe_your_changes
    
    # Or apply existing migrations to dev database:
    npx prisma migrate deploy
  3. Re-run this workflow after migrations are properly handled

⚠️ Important: This safety check prevents accidentally nuking the dev database with destructive schema changes. Always review schema modifications before applying them to shared environments.

🔄 This comment will be updated if you push new commits to this PR.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

♻️ Duplicate comments (1)
.env.example (1)

68-68: Remove quotes around JSON map to avoid literal quotes in value

dotenv will keep the quotes; JSON.parse would fail on '"{}"'.

-SENDGRID_TEMPLATE_ID_MAP="{}"
+SENDGRID_TEMPLATE_ID_MAP={}
🧹 Nitpick comments (2)
.env.example (2)

209-209: Remove duplicate MIXPANEL token placeholder

There’s a commented MIXPANEL entry and an active one below; keep a single definition to avoid confusion.

-#MIXPANEL_TOKEN=

211-212: Swap SUPABASE env ordering to satisfy linter and keep grouping consistent

dotenv-linter flagged ordering; put SERVICE_KEY before URL (and keep values empty in example).

-SUPABASE_URL=
-SUPABASE_SERVICE_KEY=
+SUPABASE_SERVICE_KEY=
+SUPABASE_URL=
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a4a1c31 and 8f0198f.

⛔ Files ignored due to path filters (1)
  • desci-server/yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (8)
  • .env.example (2 hunks)
  • desci-server/kubernetes/deployment_dev.yaml (2 hunks)
  • desci-server/kubernetes/deployment_prod.yaml (2 hunks)
  • desci-server/kubernetes/deployment_staging.yaml (1 hunks)
  • desci-server/package.json (4 hunks)
  • desci-server/prisma/schema.prisma (1 hunks)
  • desci-server/src/routes/v1/services/index.ts (2 hunks)
  • desci-server/src/server.ts (2 hunks)
🚧 Files skipped from review as they are similar to previous changes (6)
  • desci-server/prisma/schema.prisma
  • desci-server/kubernetes/deployment_staging.yaml
  • desci-server/kubernetes/deployment_dev.yaml
  • desci-server/src/server.ts
  • desci-server/kubernetes/deployment_prod.yaml
  • desci-server/package.json
🧰 Additional context used
🧬 Code Graph Analysis (1)
desci-server/src/routes/v1/services/index.ts (1)
desci-server/src/controllers/services/shareImagePuppeteer.ts (1)
  • generateShareImagePuppeteer (596-689)
🪛 dotenv-linter (3.3.0)
.env.example

[warning] 68-68: [QuoteCharacter] The value has quote characters (', ")


[warning] 77-77: [KeyWithoutValue] The <<<<<<< HEAD key should be with a value or have an equal sign


[warning] 77-77: [LeadingCharacter] Invalid leading character detected


[warning] 82-82: [LeadingCharacter] Invalid leading character detected


[warning] 82-82: [UnorderedKey] The key should go before the <<<<<<< HEAD key


[warning] 85-85: [UnorderedKey] The AWS_SQS_REGION key should go before the AWS_SQS_SECRET_ACCESS_KEY key


[warning] 87-87: [UnorderedKey] The AWS_SQS_DATA_MIGRATION_QUEUE_URL key should go before the AWS_SQS_REGION key


[warning] 88-88: [UnorderedKey] The AWS_SQS_ML_TOOL_QUEUE_URL key should go before the AWS_SQS_REGION key


[warning] 89-89: [KeyWithoutValue] The >>>>>>> 9455d09 key should be with a value or have an equal sign


[warning] 89-89: [LeadingCharacter] Invalid leading character detected


[warning] 89-89: [LowercaseKey] The >>>>>>> 9455d09 key should be in uppercase


[warning] 89-89: [UnorderedKey] The >>>>>>> 9455d09 key should go before the AWS_SQS_ACCESS_KEY_ID key


[warning] 212-212: [UnorderedKey] The SUPABASE_SERVICE_KEY key should go before the SUPABASE_URL key

🔇 Additional comments (2)
desci-server/src/routes/v1/services/index.ts (1)

5-9: Imports update looks correct

ESM-style .js extensions from TS are consistent with NodeNext; no issues spotted with the moved paths.

.env.example (1)

71-74: Commenting S3 placeholders is fine

No functional impact in example env; this reduces accidental partial configuration.

Comment thread .env.example Outdated
Comment on lines +20 to +22
// Share image generation endpoint - now using Puppeteer for better layout and markdown support
router.get('/generate-share-image', [], generateShareImagePuppeteer);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Add basic abuse protection and validation to Puppeteer-powered GET endpoint

Puppeteer is CPU/memory heavy. Recommend adding a rate limiter to this route and validating input size to prevent abuse.

You can wire a simple limiter like below and attach it to this route:

- router.get('/generate-share-image', [], generateShareImagePuppeteer);
+ router.get('/generate-share-image', [shareImageRateLimiter], generateShareImagePuppeteer);

Additions outside the selected lines:

import rateLimit from 'express-rate-limit';

const shareImageRateLimiter = rateLimit({
  windowMs: 60_000, // 1 minute
  limit: 30,        // tune per env
  standardHeaders: true,
  legacyHeaders: false,
});

Also consider max-length validation of query params (text, citations JSON) in the controller or with a request-schema middleware.

To ensure docs and route are consistent, search for the OpenAPI path:
/v1/services/generate-share-image should exist in the docs.


🏁 Script executed:

#!/bin/bash
rg -n "/v1/services/generate-share-image" desci-server/src

Length of output: 380


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "==== Show route file (first 240 lines) ===="
sed -n '1,240p' desci-server/src/routes/v1/services/index.ts || true

echo
echo "==== Search for generateShareImagePuppeteer definition/usage ===="
rg -n "generateShareImagePuppeteer" || true

echo
echo "==== Search repository for rate limiter usage (express-rate-limit, rateLimit) ===="
rg -n "express-rate-limit|rateLimit|rate_limiter|rate-limit|rateLimiter" || true

echo
echo "==== Search for common validation libs referenced in repo (express-validator, celebrate, joi, zod) ===="
rg -n "express-validator|celebrate|joi|zod|class-validator|@hapi/joi" || true

echo
echo "==== Search for app-level middleware that might apply rate limiting (app.use or server setup) ===="
rg -n "app.use|server.ts|app.ts|index.ts" || true

echo
echo "==== Show swagger and docs hits for context (lines around matches) ===="
sed -n '1,200p' desci-server/src/swagger.ts || true
sed -n '1,140p' desci-server/src/docs/services.ts || true

Length of output: 56380


I can’t share my internal chain-of-thought, but I ran targeted repository checks and verified the facts below. Summary of findings and an actionable rewritten review comment follow.

Findings (concise):

  • Endpoint exists: desci-server/src/routes/v1/services/index.ts — router.get('/generate-share-image', [], generateShareImagePuppeteer);
  • Controller location: desci-server/src/controllers/services/shareImagePuppeteer.ts (exported generateShareImagePuppeteer).
  • OpenAPI / Zod query schema exists: desci-server/src/docs/services.ts (generateShareImageQuerySchema) and swagger.ts definitions.
  • No express-rate-limit usage found in the repository.
  • The route currently has no per-route rate limiter or validator middleware attached.

Suggested rewritten review comment (concise + actionable):

Add per-route rate limiting and request validation to Puppeteer share-image endpoint

Short explanation:

  • Puppeteer generation is resource-heavy. The route currently has no rate-limiter or validation attached even though a Zod query schema exists in docs. Add a per-route rate limiter and apply the existing Zod query schema (via the repo’s validator middleware) to protect the server from abuse and large inputs.

Pinpointed locations to change:

  • desci-server/src/routes/v1/services/index.ts — attach limiter + validator to the route
  • desci-server/src/routes/v1/services/index.ts (add imports and limiter definition)
  • Optionally: desci-server/src/controllers/services/shareImagePuppeteer.ts — add defensive checks for input lengths if desired

Suggested code diffs (apply to desci-server/src/routes/v1/services/index.ts):

  1. Add imports and limiter near the top (example):
+ import rateLimit from 'express-rate-limit';
+ import { validate } from '../../../middleware/validator.js'; // adjust relative path if necessary
+ import { generateShareImageQuerySchema } from '../../../docs/services.js';
+
+ const shareImageRateLimiter = rateLimit({
+   windowMs: 60_000, // 1 minute - tune per environment
+   max: 30, // allow up to 30 requests per minute per IP (tune as needed)
+   standardHeaders: true,
+   legacyHeaders: false,
+ });
  1. Attach limiter + validator to the route:
- router.get('/generate-share-image', [], generateShareImagePuppeteer);
+ router.get(
+   '/generate-share-image',
+   [shareImageRateLimiter, validate(generateShareImageQuerySchema)],
+   generateShareImagePuppeteer
+ );

Notes and recommendations:

  • tune windowMs/max according to deployment env and expected traffic; consider lower limits for public endpoints.
  • The repository already defines generateShareImageQuerySchema (Zod) in desci-server/src/docs/services.ts — reuse it via the existing validator middleware (desci-server/src/middleware/validator.ts). If the validator API differs, adapt the above validate(...) call to match (e.g., validateQuery or similar).
  • Add explicit max-length checks for heavy query params (text, answer, citations JSON) either in the controller or via a Zod refinement, e.g. z.string().max(2000) / schema refinements for citations. For citations, limit JSON string length and/or number of items parsed.
  • Consider applying a global or per-host concurrency limit for Puppeteer (single shared browser pool with queueing) rather than allowing many concurrent Puppeteer launches.
  • Add monitoring/alerts for rate-limiter hits and for long-running Puppeteer runs.

Classification:

🤖 Prompt for AI Agents
In desci-server/src/routes/v1/services/index.ts around lines 20-22, the GET
/generate-share-image route uses generateShareImagePuppeteer but has no
per-route rate limiter or request validation attached; add imports for the
express-rate-limit factory used in the repo and the validator middleware plus
the generateShareImageQuerySchema, define a sensible per-route limiter
(windowMs/max) near the top, and then attach both the limiter and the validator
to the route signature (e.g., router.get('/generate-share-image', [limiter,
validate(generateShareImageQuerySchema)], generateShareImagePuppeteer));
optionally add guards in the controller for max input lengths or Zod refinements
for large text/citations.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (1)
.env.example (1)

68-68: Remove quotes around JSON to avoid parsing issues

Most dotenv loaders take values verbatim; the quotes will be included, breaking JSON.parse or similar consumers.

-SENDGRID_TEMPLATE_ID_MAP="{}"
+SENDGRID_TEMPLATE_ID_MAP={}
🧹 Nitpick comments (2)
.env.example (2)

71-74: Clarify S3 placeholders’ intent

Since these are now commented out, add a guiding note so devs know when to enable them.

-# S3 Bucket
+# S3 Bucket
+# Uncomment these if using S3-backed storage (uploads, static assets, etc.)
 # AWS_S3_BUCKET_NAME=
 # AWS_S3_BUCKET_REGION=
 # AWS_ACCESS_KEY_ID=
 # AWS_SECRET_ACCESS_KEY=

202-206: Deduplicate MIXPANEL_TOKEN and satisfy dotenv-linter ordering for Supabase

  • Keep a single MIXPANEL_TOKEN placeholder (uncommented, empty) for consistency with the rest of the file.
  • dotenv-linter warns that SUPABASE_SERVICE_KEY should go before SUPABASE_URL. Reorder to silence the warning.
-#MIXPANEL_TOKEN=
-
-SUPABASE_URL=
-SUPABASE_SERVICE_KEY=
-MIXPANEL_TOKEN=
+SUPABASE_SERVICE_KEY=
+SUPABASE_URL=
+MIXPANEL_TOKEN=
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8f0198f and 3760f6b.

📒 Files selected for processing (1)
  • .env.example (2 hunks)
🧰 Additional context used
🪛 dotenv-linter (3.3.0)
.env.example

[warning] 68-68: [QuoteCharacter] The value has quote characters (', ")


[warning] 205-205: [UnorderedKey] The SUPABASE_SERVICE_KEY key should go before the SUPABASE_URL key

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 84d49a1 and 7ead1c8.

📒 Files selected for processing (3)
  • desci-server/src/routes/v1/services/index.ts (2 hunks)
  • desci-server/src/utils/upload.ts (0 hunks)
  • desci-server/tsconfig-test.json (2 hunks)
💤 Files with no reviewable changes (1)
  • desci-server/src/utils/upload.ts
🚧 Files skipped from review as they are similar to previous changes (1)
  • desci-server/src/routes/v1/services/index.ts
🧰 Additional context used
🪛 Biome (2.1.2)
desci-server/tsconfig-test.json

[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 21-21: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 21-21: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 21-21: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 21-21: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 22-22: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 22-22: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 22-22: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 22-22: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 23-23: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 23-23: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 23-23: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 23-23: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 24-24: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 24-24: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 24-24: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 24-25: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 26-26: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 26-26: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 26-26: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 26-26: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 27-27: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 27-27: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 27-27: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 27-27: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 28-28: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 28-28: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 28-28: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 28-28: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 29-29: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 29-29: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 29-29: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 30-30: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 31-31: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 31-31: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 31-31: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 31-31: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 32-32: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 32-32: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 32-32: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 32-32: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 33-33: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 33-33: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 33-33: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 33-34: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: build-and-deploy-pr
  • GitHub Check: build-and-test
🔇 Additional comments (1)
desci-server/tsconfig-test.json (1)

31-32: Include/Exclude selections look good for isolating tests and custom type augmentations.

Including the Express augmentation and excluding scripts/one-off utilities is appropriate.

"esnext",
"dom"
],
"lib": ["esnext", "dom"],

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

⚠️ Potential issue

Fix Biome parse errors: tsconfig contains comments (JSONC) but Biome expects strict JSON.

Biome 2.1.2 is erroring with “End of file expected” on multiple lines because this file contains comments (//, /* */). Options:

  • Option A (preferred): Strip all comments from tsconfig to keep Biome happy.
  • Option B: Configure Biome to ignore tsconfig files or treat them as JSON-with-comments if supported in your setup.

Option A: remove comments (example patch for the commented sections shown in this file):

-    /**
-     * Implied by "module: nodenext":
-     * "moduleResolution": "nodenext",
-     * "esModuleInterop": true,
-     */
+ 
-    // Recommended by docs, but a lot of errors
-    // "verbatimModuleSyntax": true,
+ 
-    // dagConcat.cjs requires this
+ 

Option B: ignore tsconfig in Biome (.biome.json):

{
  "$schema": "https://biomejs.dev/schemas/1.6.0/schema.json",
  "files": {
    "ignore": [
      "desci-server/tsconfig*.json"
    ]
  }
}

Alternatively, use an override to disable the linter just for tsconfig files:

{
  "overrides": [
    {
      "include": ["**/tsconfig*.json"],
      "linter": { "enabled": false },
      "formatter": { "enabled": true }
    }
  ]
}
🧰 Tools
🪛 Biome (2.1.2)

[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

🤖 Prompt for AI Agents
In desci-server/tsconfig-test.json around line 12, the file contains JSONC
comments which cause Biome 2.1.2 parse errors ("End of file expected"); remove
all comments (both // and /* */) so the file is strict JSON (option A preferred)
and ensure the JSON remains syntactically valid after removal (no dangling
commas or stray commas where comments were); alternatively, if you choose option
B, add a Biome config to ignore or treat tsconfig*.json as JSON-with-comments
(e.g., add ignore or overrides in .biome.json) but default fix is to strip all
comments from tsconfig-test.json.

🛠️ Refactor suggestion

Reconsider adding "dom" to lib; it can pollute Node test types and cause conflicts.

In a Node/Express test environment, including "dom" frequently introduces conflicting globals (e.g., Request, Event) and can mask real issues. Unless tests truly rely on browser APIs, drop "dom".

Apply this diff to keep the surface lean:

-    "lib": ["esnext", "dom"],
+    "lib": ["esnext"],
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"lib": ["esnext", "dom"],
"lib": ["esnext"],
🧰 Tools
🪛 Biome (2.1.2)

[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 12-12: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

🤖 Prompt for AI Agents
In desci-server/tsconfig-test.json around line 12, the "lib" array currently
includes "dom" which can pollute Node test types; remove "dom" from the array so
it reads only the needed Node/ECMAScript libs (e.g., keep "esnext" or change to
an appropriate ES target), and if any browser-specific tests truly need DOM
types, create a separate tsconfig (or use per-test /// <reference lib="dom" />
or a specific tsconfig.extend) for those tests instead of adding "dom" globally.

Comment on lines +21 to +24
"skipDefaultLibCheck": true,
"noResolve": false,
"noImplicitAny": false,
"types": [],

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

"types": [] disables all ambient types; remove it or explicitly include your test runner + node. Also prune redundant flags.

  • "types": [] turns off auto-inclusion of all @types packages. This often breaks test globals (describe/it) and Node types.
  • "skipDefaultLibCheck" is redundant when "skipLibCheck" is true.
  • "noResolve": false and "noImplicitAny": false are defaults; omit to reduce noise.

Suggested minimal cleanup (if you don’t need explicit test types):

-    "skipDefaultLibCheck": true,
-    "noResolve": false,
-    "noImplicitAny": false,
-    "types": [],
+    // Keep defaults; don't restrict ambient types

If you rely on a specific test framework, explicitly include types to prevent ambiguity:

  • Mocha:
-    "types": [],
+    "types": ["node", "mocha"],
  • Jest:
-    "types": [],
+    "types": ["node", "jest"],
  • Vitest:
-    "types": [],
+    "types": ["node", "vitest"],

Run this script to detect your test framework and whether globals are used:


🏁 Script executed:

#!/bin/bash
# Detect common test frameworks and usage of global test functions

echo "Searching for test frameworks in package.json..."
rg -n '"(jest|mocha|vitest)"' -S --glob package.json -A 3 || true

echo
echo "Checking for global test functions in test files..."
rg -n -e '\b(describe|it|test|before|after)\b' --glob 'test/**/*.ts' -A 2 || true

Length of output: 1924


🏁 Script executed:

#!/bin/bash
# Check if skipLibCheck is set in tsconfig-test.json
rg -n '"skipLibCheck"' -n desci-server/tsconfig-test.json -A2 -B2 || true

Length of output: 236


🏁 Script executed:

#!/bin/bash
# Verify presence of test files under desci-server
echo "Checking for test globals in desci-server/test/**/*.ts..."
rg -n -e '\b(describe|it|test|before|after)\b' --glob 'desci-server/test/**/*.ts' -A2 || true

Length of output: 250658


Clean up desci-server/tsconfig-test.json to restore ambient types and drop redundant flags

Please update desci-server/tsconfig-test.json as follows:

• Remove redundant options

  • Drop "skipDefaultLibCheck": true (you already have "skipLibCheck": true)
  • Omit "noResolve": false and "noImplicitAny": false (those are compiler defaults)

• Re-enable ambient Mocha and Node types
Replace the empty types array with the specific test runner and Node definitions you’re using:

--- a/desci-server/tsconfig-test.json
@@
-    "skipDefaultLibCheck": true,
-    "noResolve": false,
-    "noImplicitAny": false,
-    "types": [],
+    // skipLibCheck covers library checks; noResolve/noImplicitAny can be omitted
+    "types": ["node", "mocha"],

This ensures that your Mocha globals (describe/it) and Node built-ins are available in your test build.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"skipDefaultLibCheck": true,
"noResolve": false,
"noImplicitAny": false,
"types": [],
// skipLibCheck covers library checks; noResolve/noImplicitAny can be omitted
"types": ["node", "mocha"],
🧰 Tools
🪛 Biome (2.1.2)

[error] 21-21: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 21-21: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 21-21: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 21-21: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 22-22: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 22-22: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 22-22: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 22-22: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 23-23: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 23-23: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 23-23: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 23-23: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 24-24: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 24-24: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 24-24: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

🤖 Prompt for AI Agents
In desci-server/tsconfig-test.json around lines 21 to 24, remove the redundant
compiler flags "skipDefaultLibCheck": true, "noResolve": false and
"noImplicitAny": false, and replace the empty "types": [] entry with the ambient
test and node types you use (e.g. ["mocha","node"]) so Mocha globals and Node
built-ins are available to the test build.

"./src/types/express"
]
},
"typeRoots": ["./node_modules/@types"],

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Hard-coding typeRoots may break hoisted/monorepo type resolution; prefer defaults.

Setting typeRoots to "./node_modules/@types" prevents TypeScript from searching ancestor node_modules in a workspace. This can break type resolution under pnpm/yarn workspaces.

Apply this diff to rely on TS defaults (it already searches node_modules/@types up the tree):

-    "typeRoots": ["./node_modules/@types"],
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"typeRoots": ["./node_modules/@types"],
🧰 Tools
🪛 Biome (2.1.2)

[error] 28-28: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 28-28: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 28-28: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)


[error] 28-28: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

🤖 Prompt for AI Agents
In desci-server/tsconfig-test.json around line 28, the tsconfig hard-codes
"typeRoots": ["./node_modules/@types"], which prevents TypeScript from searching
ancestor node_modules in monorepos/workspaces; remove the "typeRoots" entry (or
comment it out) so the config relies on TypeScript's defaults and allows
hoisted/ancestor node_modules/@types to be resolved correctly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant