sync: dev to extern-contrib#904
Merged
PythonSmall-Q merged 18 commits intoextern-contribfrom Feb 11, 2026
Merged
Conversation
Add config files for Claude Code
Deploying xmoj-script-dev-channel with
|
| Latest commit: |
8c30579
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://c826d145.xmoj-script-dev-channel.pages.dev |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Replaces focus-based polling with persistent WebSocket connection to the backend notification service. Notifications now arrive within 1-2 seconds with automatic reconnection and exponential backoff. Maintains polling as fallback for reliability when WebSocket is unavailable. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The backend now includes all required fields (PostTitle, PageNumber, MentionID) in WebSocket notifications, eliminating the need for additional API calls to fetch mention details. This reduces latency and server load for real-time notifications. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…issues 1. Race condition (P1): Store reconnect timer ID to prevent duplicate WebSocket connections when visibilitychange handler and delayed reconnect fire simultaneously 2. XSS vulnerability (P1): Sanitize user-supplied PostTitle with escapeHTML() before rendering to prevent script injection attacks 3. DOM destruction (P2): Replace innerHTML += with appendChild to preserve async GetUsernameHTML() results in mail mention toasts Note: Mail mention matching issue (violation #2) was already resolved by previous commit that passes notification.data directly Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…ns[bot] This prevents infinite loops where the bot commits version updates, which triggers the workflow again, causing another commit. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
hendragon-bot
bot
added
user-script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
sync-branches: New code has just landed in dev, so let's bring extern-contrib up to speed!
Summary by cubic
Sync extern-contrib with dev: add CLAUDE.md and .claude/agents/xmoj-code-navigator.md, and remove stray dot-underscore files. Update XMOJ.user.js to 2.7.3 with real-time WebSocket notifications (auto-reconnect, fallback polling, XSS and race-condition fixes) and guard UpdateVersion from bot commit loops.
Written for commit 8c30579. Summary will update on new commits.