feat: ready cdn.databayt.org migration (do not merge until CNAME verified)#272
Merged
Conversation
…fied) Stages all code changes needed to migrate hogwarts from raw cloudfront URL (d1dlwtcfl0db67.cloudfront.net) to the friendly cdn.databayt.org alias. Adding the alias is purely additive — original URL keeps working forever, so nothing breaks at any point during this rollout. Changes: - next.config.ts: add cdn.databayt.org to image remotePatterns alongside the existing d1dlwtcfl0db67.cloudfront.net entry. Both work. - public/icons/whatsapp/cdn-manifest.json: rewrite 44 URL literals to use the new host. File is a build artifact, not consumed at runtime — safe to flip even before CNAME goes live. - content/docs-en/cdn.mdx: document both URLs, note the new one is preferred. Out of scope (requires user action): 1. AWS console: add cdn.databayt.org as alternate domain name on the d1dlwtcfl0db67 distribution + ACM cert (us-east-1). See kun/scripts/crawl-anthropic/setup-cname.sh for steps. 2. After CNAME verified live (curl returns 200), flip NEXT_PUBLIC_CDN_DOMAIN in Vercel project env from d1dlwtcfl0db67.cloudfront.net to cdn.databayt.org. 3. Optionally update local .env to match (gitignored — not in this PR). The asset() helper at src/lib/asset-url.ts reads NEXT_PUBLIC_CDN_DOMAIN at build time, so all 4 component callers pick up the new host automatically once the env flip is deployed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
15 tasks
cdn.databayt.org is already in use by an active Vercel project — using a free subdomain instead. DNS already provisioned via Vercel CLI; CAA record for amazon.com added so ACM cert can issue. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DNS already provisioned in Vercel (specific CNAME overrides wildcard that would have routed to hogwarts). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…d skips Personal and location step content components consumed useWizardValidation directly without registering an onSave handler, so the footer's save-and-skip button silently no-op'd. Register a setOnSave that runs the same saveAndNext calls as onNext (without navigating); footer's onSkipToComplete handles the redirect to /students after the save resolves. Cleanup on unmount prevents handler leakage into other steps. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
72 → 236 tests across 14 files. Adds Vitest coverage for the RBAC matrix, query builders, list-params, video upload/owner/review, enrollments, teacher stats, and get-proposable-lessons. Bug fixes: - get-proposable-lessons.ts had no auth check — anyone calling the server action could enumerate the catalog. Added auth() + role gate for DEVELOPER/ADMIN/TEACHER. - dashboard/parent/__tests__/actions.test.ts mocked db.catalogLesson but action uses db.lesson — test threw before assertions. - not-admin/content.tsx had dictionary: any, hardcoded English, and invalid href="/" without locale. Now typed, locale-aware, fixed href. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
github-actions
Bot
added
area: platform
…otificationTypes - Replace 21-entry hardcoded list in getAllowedNotificationTypes with Object.values(NotificationType) — list had drifted from the Prisma enum (missed setup_guide, absence_intention, absence_intention_decision) - Add NOTIFICATION_FILTER_TYPES constant referenced by tests - New: rbac-matrix.test.ts (34 tests) — exhaustive UserRole × NotificationType matrix so future enum additions fail loudly until the role allow-list is reviewed - New: edge-cases.test.ts (10 tests) — expiration derivation, tenant-scoped markAll, subscription unique-key, normal vs overnight quiet-hours windows - New: poll-actions.test.ts (5 tests) — session/tenant guards, getDisplayText translation pipeline, Date → ISO serialization - Fix stale enum copies in config.test.ts (23→24 types, 4→5 channels) and validation.test.ts (24 types + new whatsapp channel coverage) - Fix actions.test.ts: add db.\$transaction mock for updateNotificationPreferences which wraps upserts in a transaction Notification block: 200/204 → 254/254 tests green; 0 TypeScript errors. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…ontribution map, +87 tests Block-level fixes - Avatar upload: was a no-op stub returning fake success; now persists via the shared S3 pipeline (file/upload/actions::uploadFile) with MIME and 5MB caps. - updateProfileSettings: same lie (validated then no-op write); now returns NOT_IMPLEMENTED until the User schema gains settings columns. - Contribution graph timezone bug: getYearDateRange used local-time new Date(year, 0, 1) while formatDateKey was UTC, shifting Jan 1 to Dec 31 in any positive UTC offset (Riyadh +3 etc.). Switched the helper to Date.UTC + setUTCDate so the calendar is timezone-stable. - Added viewerPermission (OWNER/ADMIN/STAFF/RELATED/PUBLIC) to getProfileBasicData so the UI can mask emailAddress/employeeId for non-admins. - Replaced hardcoded English error strings in edit-role-actions.ts and detail/actions.ts with action error codes (i18n compliance). - Removed dead Octicon icon-reference grid that was leaking debug UI into the profile overview tab. - Documented detail/actions.ts as foundation code for a future admin user-detail page (currently dead, kept intentionally). Tests (5 → 92) - __tests__/actions.test.ts: rewrote weak prisma-mock smoke tests into 35 real tests covering auth/tenant gates, schoolId scoping, role mapping, pinned items, activity logging, viewerPermission flagging. - __tests__/validation.test.ts (new, 22): every Zod schema + edge cases. - __tests__/contribution.test.ts (new, 12): year validation, leap-year day count, activity aggregation, streak math, missing-role-record path. - detail/__tests__/permissions.test.ts (new, 23): full RBAC matrix. - tests/e2e/profile/profile-flows.spec.ts (new, 6 specs): own profile, edit form, view-other, auth gate, teacher self-service. Infra - Added NOT_IMPLEMENTED to ACTION_ERRORS for honest stub responses. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| return `http://${host}/en/profile` | ||
| } | ||
|
|
||
| function profileForId(userId: string, host = DEMO_HOST) { |
Set up the rails for the wider docs cleanup: - Register Callout, CardGrid, DocCard MDX components so doc authors stop inlining JSX/Tailwind grids in pages. - Add docs/STYLE.md as the single source of truth for voice, frontmatter, length caps, and component usage. Banishes per-doc Production Readiness / Known Issues sections. - Add scripts/docs-lint.mjs (pnpm docs:lint) — flags duplicate body H1, placeholder descriptions, hardcoded text-* / font-* classes, broken /docs/<slug> links, files over category caps. Emits tmp/docs-link-audit.json with --audit. - Add scripts/docs-strip-h1.mjs and run it: 14 surviving docs lose their duplicate body H1 (the renderer already prints frontmatter title as <h1>). Files slated for Phase 2 deletion are skipped. - Register 3 orphan MDX files in meta.json: cdn, fees, document-intelligence. ai-document-processing remains orphaned — Phase 2 folds it into document-intelligence. Lint baseline: 117 files / 54,382 lines / 89 → 77 issues.
…code Self-QA caught one missed translation leak in updatePinnedItems: "Maximum 6 pinned items allowed" → VALIDATION_ERROR + MAX_PINNED_EXCEEDED detail. Strengthens the corresponding test to assert both error code and detail. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Stages all the code changes hogwarts needs to switch from the raw CloudFront URL (
d1dlwtcfl0db67.cloudfront.net) to the friendlycdn.databayt.orgalias. Adding the alias is purely additive — the original URL keeps working forever — so nothing breaks at any point during this rollout.Changes
next.config.tscdn.databayt.orgto imageremotePatternsalongside the existingd1dlwtcfl0db67.cloudfront.netentry. Both hosts work simultaneouslypublic/icons/whatsapp/cdn-manifest.jsoncdn.databayt.org. File is a build artifact, not consumed at runtime — flipping it before CNAME goes live is safecontent/docs-en/cdn.mdxRequired user actions before merging
Do not merge this PR until step 1 passes.
Set up the CNAME in AWS (steps documented in
kun/scripts/crawl-anthropic/setup-cname.sh):cdn.databayt.org→d1dlwtcfl0db67.cloudfront.netcdn.databayt.org, validate via DNScdn.databayt.orgas alternate domain name on thed1dlwtcfl0db67distribution + attach the ACM certcurl -sI https://cdn.databayt.org/icons/ic-wa-archived-24.svgreturns200 OKAfter this PR merges, flip the Vercel env var:
NEXT_PUBLIC_CDN_DOMAIN:d1dlwtcfl0db67.cloudfront.net→cdn.databayt.orgOptionally, flip your local
.envto match (gitignored, not included here).The
asset()helper atsrc/lib/asset-url.tsreadsNEXT_PUBLIC_CDN_DOMAINat build time, so all 4 component callers (welcome-dialog, wa-tokens, chat-wallpaper, apply-overview-client) pick up the new host automatically once step 2 lands.Why this is zero-risk
CloudFront's "Alternate domain name" feature is purely additive. The original
*.cloudfront.netdistribution domain ALWAYS resolves and cannot be removed. So:Out of scope
.envfile (gitignored — manual user step)setup-cname.sh)kunrepo'sdata.tsCDN_BASE(one-line follow-up PR after CNAME verified)Test plan
next.config.tsadds new hostname (no removal)cdn-manifest.json: 44 URLs flipped, 0 stragglers (grep -c "d1dlwtcfl0db67" public/icons/whatsapp/cdn-manifest.jsonreturns 0)cdn-manifest.json(verified via grep)cdn.databayt.orgrequests/messaging/mobile/chat🤖 Generated with Claude Code