Skip to content

chore(main): release 1.2.1 #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
suuunly merged 1 commit into from
Jan 20, 2026
Merged

chore(main): release 1.2.1 #7

suuunly merged 1 commit into from
Jan 20, 2026

Conversation

@flowcore-machine
Copy link
Contributor

@flowcore-machine flowcore-machine commented Jan 20, 2026
edited
Loading

🤖 I have created a release beep boop

1.2.1 (2026-01-20)

Bug Fixes

  • auth: Enhance NextAuth.js handlers with error logging and improve redirect logic (5080bce)
  • Update linter rules and enhance Azure configuration scripts (0b7f97f)

This PR was generated with Release Please. See documentation.

@github-actions
Copy link

github-actions bot commented Jan 20, 2026
edited
Loading

📋 Approved Violation Exceptions

This PR can reference the following approved violation exceptions. Any violations matching these exceptions will be automatically waived during validation.

Total Active Exceptions: 0

No exceptions registry found.

💡 How Exception Validation Works:

  1. Validator checks if your code violation matches an exception in the table
  2. Verifies the commit SHA exists in this PR
  3. Fetches the detailed exception documentation from Usable
  4. Validates the exception has proper approval and justification
  5. If all checks pass, the violation is waived

📝 To add a new exception: Follow the guidelines in VIOLATION_EXCEPTIONS.md

🔄 This comment is automatically updated when VIOLATION_EXCEPTIONS.md changes

@github-actions
Copy link

github-actions bot commented Jan 20, 2026
edited
Loading

🤖 Standards Validation

PR Validation Report

Summary

This PR is an automated release for version 1.2.1, which includes bug fixes for NextAuth.js handlers and updates to linter rules. The validation has found no critical violations that would block the release. However, it has identified two important issues related to inconsistent logging practices and deviation from the standard frontend data-fetching pattern. These should be addressed in a follow-up to maintain code quality.

Critical Violations ❌

No critical violations were found.

Important Issues ⚠️

  • Issue: Direct use of console.log and console.error in authentication modules.

    • Location:
      • lib/auth.ts
      • app/api/auth/[...nextauth]/route.ts
    • Standard Violated: "Flowcore Next.js Development Standards" (related to consistent logging). The project includes a dedicated logger.service.ts for structured, environment-aware logging, but the new changes in the authentication files use raw console calls instead.
    • Current Code: 
      // in lib/auth.ts
console.error("❌ Error decoding ID token:", error)

// in app/api/auth/[...nextauth]/route.ts
console.error(`❌ [AUTH] Error in GET handler:`, error)
    • Why It's Wrong: Bypassing the logger service leads to inconsistent log formats, makes it harder to control log levels in different environments, and prevents logs from being sent to a centralized aggregation system in production.
    • Required Fix: Replace all console.* calls in lib/auth.ts and app/api/auth/[...nextauth]/route.ts with the corresponding methods from the logger service singleton.
    • Flowcore Pattern: 
      import { logger } from "@/lib/services/logger.service";

// ...
logger.error("Error in GET handler", { error });

  • Issue: Frontend components use fetch directly instead of TanStack Query hooks.

    • Location:
      • app/dashboards/[dashboardId]/add-graph/page.tsx
      • app/data-sources/[dataSourceId]/view/page.tsx
    • Standard Violated: "Flowcore Next.js Development Standards" (recommending TanStack Query for data fetching).
    • Current Code: 
      // in app/dashboards/[dashboardId]/add-graph/page.tsx
useEffect(() => {
  // ...
  Promise.all([
    fetch(`/api/dashboards/${dashboardId}`, { /* ... */ }),
    fetch("/api/graphs", { /* ... */ }),
  ])
  // ...
}, [workspaceId, dashboardId])
    • Why It's Wrong: Using fetch directly in components requires manual management of loading, error, and caching states. TanStack Query provides hooks (useQuery, useMutation) that handle these concerns automatically, leading to cleaner, more resilient, and more performant components.
    • Required Fix: Refactor the data-fetching logic in the affected components to use useQuery for data retrieval and useMutation for data modification.

Suggestions ℹ️

  • Suggestion: Consider using inline comments to justify disabling linter rules.
    • Location: biome.json
    • Improvement: The biome.json file now disables the noExplicitAny rule for several directories (e.g., lib/services/*.service.ts). Instead of disabling the rule for entire directories, consider keeping the rule enabled and using inline ignore comments (// biome-ignore lint/suspicious/noExplicitAny: <reason>) where any is unavoidable. This makes each exception explicit and documents the reason, improving long-term maintainability.

Validation Outcome

  • Status: PASS ✅
  • Critical Issues: 0
  • Important Issues: 2
  • Suggestions: 1
📊 Validation Statistics

@github-actions
Copy link

github-actions bot commented Jan 20, 2026
edited
Loading

🤖 Security Validation

PR Validation Report

Summary

This Pull Request primarily focuses on enhancing authentication handlers with improved error logging and redirect logic, updating linter rules, and refining Azure configuration scripts. The changes introduce robust security measures in authentication, including secure cookie handling, open redirect prevention, and strict user ID validation. No critical security vulnerabilities were identified.

Critical Violations ❌

None

Important Issues ⚠️

None

Suggestions ℹ️

  • File: lib/auth.ts
  • Issue: Clarify JWT signature verification in extractUsableUserId.
  • Why: The extractUsableUserId function decodes the ID token payload but does not explicitly verify the JWT's signature. While NextAuth.js and Keycloak are expected to handle signature verification, adding a comment to clarify this would improve code readability and reduce potential confusion regarding token validation.
  • Fix: Add a comment to the extractUsableUserId function indicating that JWT signature verification is handled by the authentication provider (Keycloak/NextAuth.js) and this function is solely for payload parsing.

Validation Outcome

  • Status: PASS ✅
  • Critical Vulnerabilities: 0
  • High-Risk Issues: 0
  • Suggestions: 1

See the pinned "📋 Approved Violation Exceptions" comment for the full exceptions registry
Validated against security best practices from Usable workspace
Generated by Gemini CLI + Usable MCP

📊 Validation Statistics

@flowcore-machine flowcore-machine force-pushed the release-please--branches--main--components--graphable branch from 46ea141 to 071f446 Compare January 20, 2026 15:13
@suuunly suuunly merged commit 93c6160 into main Jan 20, 2026
5 checks passed
@suuunly suuunly deleted the release-please--branches--main--components--graphable branch January 20, 2026 15:15
@flowcore-machine
Copy link
Contributor Author

flowcore-machine commented Jan 20, 2026

🤖 Created releases:

🌻

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

autorelease: tagged

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@flowcore-machine @suuunly