fix: surface actionable validation step messages in push detail view#246
Merged
Merged
Conversation
Fixes scanDiff, scanSecrets, identityVerification WARN, and URL rule validation steps so the dashboard push detail panel and git client terminal both display specific, actionable error information instead of placeholder values (e.g. branch refs or missing context). Key changes: - BlockedContentDiffCheck: track violations as Map<summary, firstMatchingLine> so formattedDetail includes the matching content, not null - DiffScanningHook: pass violation.formattedDetail() to addIssue instead of hardcoding the branch ref as the content - ScanDiffFilter: loop per violation (consistent with other filters) instead of collapsing all findings into a single step - SecretScanningHook/SecretScanningFilter: append remediation hint to each finding's formattedDetail so the dashboard shows actionable next steps - IdentityVerificationHook: emit per-violation sideband warnings in WARN mode so developers see the mismatch in their terminal even when push is not blocked - RepositoryUrlRuleHook: fix duplicate step bug — when validationContext is set, PushStorePersistenceHook already creates the FAIL step from the issue, so the explicit pushContext.addStep() was creating a second FAIL entry; also align step name to "checkUrlRules" (was class name "RepositoryUrlRuleHook") - UrlRuleAggregateFilter: align "not in allow list" wording and add NO_ENTRY symbol to NotAllowed title for parity with Denied case - PushStorePersistenceHook: add "checkUrlRules" (order 100) to HOOK_STEP_ORDER; strip ANSI codes from issue.detail() at storage time - GitProxyFilter.recordStep: strip ANSI from content before persisting; change null message args to empty strings throughout - GitClientUtils.stripColors: make public for use in persistence hooks - Rename createAccessRule/deleteAccessRule → createUrlRule/deleteUrlRule in api.ts and Repos.tsx to align with Java internals; update "Access type" label to "Rule type" closes #244 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The 34aebb9 refactor replaced slug/owner/name fields on AccessRule with target (SLUG|OWNER|NAME), value, and matchType (LITERAL|GLOB|REGEX) but the frontend was not updated, causing every rule to display as "any: *" and new rules created via the UI to save with a null value (never matching). - Rule interface: replace slug/owner/name with target/value/matchType - Rule display: render target.toLowerCase() + value; add matchType to the secondary info line so users can see glob/regex/literal at a glance - AddRuleModal: send target/value/matchType in the POST payload instead of slug/owner/name; drop the stale regex: prefix encoding (matchType carries the match semantics now) - createUrlRule: update payload type to match AccessRule fields Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… Jackson) SpringWebConfig configures Jackson with NON_NULL inclusion, so null values are omitted from the JSON response. ConnectivityController sets tls=null for HTTP providers and when TCP fails, but those null values are stripped before reaching the browser. The frontend received tls=undefined, and the strict null check (=== null) fell through to tls.status, crashing with TypeError. - ProviderConnectivity: mark tls and http as optional (| undefined) in api.ts - ConnectivityRow: use == null (covers both null and undefined) for tlsOk - TlsBadge / HttpBadge: accept undefined in prop type, use == null guard Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All provider dropdowns (Add Rule, Add Permission, Add SCM identity) and provider labels (active repos list, rules list) were showing p.host (e.g. "github.com") instead of p.name (e.g. "github"). Since 39f6887 enforced consistent provider IDs, name is the correct human-readable identifier; host is an implementation detail of the upstream URI. Also switch clone URL construction in the active repos view to use provider.proxyPath from the API response rather than manually concatenating /proxy/ + host — cleaner and less error-prone. Repos.tsx: import Provider type and use it for the providers state (previously typed as an inline partial) so proxyPath is available. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
scanDiffstep content was showing the branch ref (ref: refs/heads/...) instead of the blocked pattern and matching file —BlockedContentDiffCheckwas producing violations with nullformattedDetail, andDiffScanningHookwas hardcoding the ref name as contentRepositoryUrlRuleHooknow uses step namecheckUrlRules(not class name); fixes a duplicate step bug where bothvalidationContext.addIssueandpushContext.addStep(FAIL)were called, producing two entries in the push detail view; wording aligned withUrlRuleAggregateFilterRepos.tsxwas using the oldslug/owner/namefield shape; updated totarget/value/matchTypefrom the34aebb9backend refactor — every rule was showing as "any: *" and new rules created via UI were saving withvalue=null(never matching)SpringWebConfigsetsNON_NULLJackson inclusion globally, so nulltls/httpfields are omitted from JSON rather than serialised asnull; the frontend strict=== nullcheck fell through totls.statusand crashed — changed to== nullthroughout and updated types to| undefinedhost(e.g.github.com) instead ofname(e.g.github); fixed acrossRepos.tsx,UserDetail.tsx,Profile.tsx; clone URL construction switched to useprovider.proxyPathfrom the API response;Repos.tsxprovider state typed asProvider[]instead of an ad-hoc inline typecreateAccessRule/deleteAccessRule→createUrlRule/deleteUrlRuleinapi.tsandRepos.tsx; "Access type" label → "Rule type" in the add-rule modalTest plan
BlockedContentDiffCheckTest— assertions forformattedDetailcontent and deduplication with first matching lineScanDiffFilterTest— assertion thaterrorMessagecontains the blocked pattern andcontentincludes the matching line🤖 Generated with Claude Code