fix(review): warn at boot when PUBLIC_API_ORIGIN/PUBLIC_SITE_ORIGIN look private#4185
Conversation
…ook private (#4184) Visual-capture screenshots embed these origins directly as public <img src> values in PR comments; a private/tailnet hostname (e.g. a bare Tailscale MagicDNS address) makes every screenshot render as a broken image with no other signal. Adds a boot-time advisory + gauge mirroring the existing sqliteBackupAdvisory pattern, and documents PUBLIC_SITE_ORIGIN (previously undocumented) alongside a corrected PUBLIC_API_ORIGIN description.
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
gittensory-ui | 9116c46 | Commit Preview URL Branch Preview URL |
Jul 08 2026, 10:24 AM |
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4185 +/- ##
=======================================
Coverage 93.73% 93.74%
=======================================
Files 387 387
Lines 36371 36393 +22
Branches 13316 13326 +10
=======================================
+ Hits 34092 34115 +23
Misses 1621 1621
+ Partials 658 657 -1
🚀 New features to boost your workflow:
|
|
Warning 🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨 ⏸️ Gittensory review result - manual review recommendedReview updated: 2026-07-08 10:36:53 UTC
⏸️ Suggested Action - Manual Review
Review summary Nits — 5 non-blocking
Concerns raised — review before merging
Review context
Contributor next steps
Signal definitions
Visual preview
Click any thumbnail to open the full-size screenshot. Before = production · After = this PR's preview deploy. 🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
Summary
PUBLIC_API_ORIGINis a bare Tailscale MagicDNS (*.ts.net) hostname — reachable from the tailnet, not from GitHub's own servers, which is what actually fetches the<img src>in a PR comment.PUBLIC_SITE_ORIGIN(the "before" source) was never set at all, and wasn't even documented in.env.example's self-host section.publicOriginReachabilityAdvisory+publicOriginAcknowledgedGaugeValue(src/selfhost/health.ts), mirroring the existingsqliteBackupAdvisory/backupAcknowledgedGaugeValuepattern exactly: a non-blocking boot-time warning (never a hard preflight failure, since a legitimately Tailscale-Funnel-exposed*.ts.netnode would otherwise false-positive) plus a matching Prometheus gauge, with aPUBLIC_ORIGIN_ACKNOWLEDGED=trueescape hatch for that case.PUBLIC_SITE_ORIGINin.env.examplefor the first time, and fixesPUBLIC_API_ORIGIN's misleading "not needed once the App credentials are configured" framing in both example files (it stays load-bearing forever, for every visual-capture screenshot).Scope
CONTRIBUTING.md.Validation
git diff --checknpm run typechecknpm run docs:drift-checknpm run selfhost:env-reference— regenerated,PUBLIC_SITE_ORIGIN/PUBLIC_ORIGIN_ACKNOWLEDGEDnow appear.npx vitest run test/unit/selfhost-health.test.ts— 30/30 passing, 100% lines/branches/functions onsrc/selfhost/health.ts.npm run test:changed(againstorigin/main) — 67/67 passing across the 2 files it selected.npm run test:workers,build:mcp,test:mcp-pack,ui:openapi:check,ui:lint,ui:typecheck,ui:build,npm audit— not re-run locally (no worker-entry/MCP/OpenAPI/UI-component code touched); CI runs them authoritatively.Safety
src/server.tsis Codecov-ignored; the new pure logic lives insrc/selfhost/health.ts, fully covered.0-value gauge, never a boot failure — an explicit, documented trade-off against catching real misconfigurations by default.