feat: full implementation of GitHub tracker dashboard#1
Closed
wgordon17 wants to merge 52 commits into
Closed
Conversation
- QA-001: fetchAllData reads userLogin from auth store (was hardcoded empty) - QA-002/003/004: DashboardPage uses static imports and passes props to all tabs - QA-005: ActionsTab error prop uses ApiError[] consistently - SEC-001: refreshAccessToken validates token before storing (SDR-013)
- PERF-003: adds onCleanup for MediaQueryList listener in SettingsPage
- ADV-007: uses Navigate component instead of window.location.replace - ADV-006: adds isRefreshing guard against concurrent poll fetches - ADV-011: fixes IDB eviction to use cursor instead of index keys - ADV-012: removes dead _previousData signal from DashboardPage
- ADV-001: adds global error store with dismissable banners in DashboardPage - ADV-009: adds Vary: Origin, Access-Control-Max-Age to CORS preflight - ADV-010: adds 30s tick signal to FilterBar for live Updated X ago - ADV-013: replaces startsWith URL check with proper hostname parsing - PERF-002: adds 2-min maxAge to check-status cache entries - PERF-005: wraps ActionsTab filteredRuns/repoGroups in createMemo - SEC-002: extracts isSafeGitHubUrl to shared lib, uses everywhere - SEC-003: adds ghr_ prefix regex validation for refresh tokens - removes dead exports (isItemIgnored), dead code (preChecked) - de-duplicates SortIcon, ErrorBannerList, PaginationControls, relativeTime - combines duplicate imports in config.ts, DashboardPage.tsx
Replaces per-repo API calls with batched Search API queries to dramatically reduce API call count (~85% reduction for 75 repos): - Issues: 225 calls to ~3 (batched search with involves qualifier) - PRs: 75 calls to ~6 search + N detail (involves + review-requested) - Workflow runs: ~450 calls to 75 (single /actions/runs per repo) Search API uses separate 30 req/min rate limit, preserving the core 5000/hr budget for PR details and check status.
Replaces 2N REST calls (commit status + check runs per PR) with one GraphQL query using statusCheckRollup.state, which combines both legacy status API and modern check runs into a single field. Uses parameterized GraphQL variables to prevent injection, batches at 50 PRs per call, and falls back to null on GraphQL errors.
- Fixes check status map key collision: uses owner/repo:sha composite key instead of bare SHA to prevent cross-repo check status bleed - Fixes workflow sort: uses Math.max over all runs in group instead of assuming API returns runs in descending order - Adds console.warn for silent failures in batchedSearch and GraphQL - Parallelizes GraphQL chunk calls via Promise.allSettled - Guards split on full_name, moves constant, fixes vacuous test assertion - Removes orphaned github-issues.json fixture
- Adds console.warn for PR detail fetch failures - Adds console.warn for per-repo workflow run fetch failures - Adds empty userLogin guard to fetchIssues and fetchPullRequests - Sorts intra-workflow runs by created_at before slicing - Adds console.warn for malformed full_name in PR filter
- Errors from batch search, PR detail, and workflow run failures now surface through DashboardData.errors to the existing error banner UI - fetchWorkflowRuns paginates beyond 100 runs per repo - IDB cache evicts stale pr-detail: entries not in the active PR set - Adds API-level test gaps (Task 9b) to testing plan
- fixes 429 double-handling between plugin-retry and plugin-throttling - fixes onSecondaryRateLimit infinite retry by adding retryCount guard - adds If-Modified-Since/Last-Modified support alongside ETags in cache - adds notifications API gate to skip full fetch when nothing changed - adds created-since filter to workflow runs for smaller payloads - adds GraphQL rateLimit monitoring to check status queries - adds test for lastModified conditional header propagation
- fixes doNotRetry replacing default list instead of extending it - removes createdSince/updatedSince filters that break full-replace pattern - handles skipped flag in doFetch to prevent detectNewItems corruption - removes dead code (unused updatedSince params on fetchIssues/fetchPullRequests)
prevents dashboard from staying stale indefinitely when notifications do not cover all change types (workflow runs on unwatched repos, label changes). Forces full fetch after 10 minutes regardless of gate result.
- resets poll state on logout to prevent stale notifications gate across sessions - only sets _lastSuccessfulFetch when at least one fetch succeeded - removes updateRateLimitFromGraphQL to prevent overwriting REST rate limit signal - corrects misleading If-Modified-Since comment about token refresh
- auto-disables notifications gate after 403 to stop wasting rate limit tokens when app lacks notifications permission - adds lastModified: null to evictStaleEntries test entries to match CacheEntry interface
replaces direct import of resetPollState in auth.ts with onAuthCleared callback pattern. poll.ts registers its reset function at module load via onAuthCleared(resetPollState) — no circular import needed.
wgordon17
force-pushed
the
feat/full-implementation
branch
from
0f675aa to
d4305e2
Compare
- removes data: from CSP img-src, relaxes OAuth code regex to [a-zA-Z0-9_-]{1,40}
- validates token BEFORE storing in OAuth callback (SDR-013 pre-flight)
- converts mutable metadata Maps to createMemo for SolidJS reactivity
- replaces Date object creation with string comparison for date sorting
- REST fallback fetches Check Runs API alongside Status API for full fidelity
- extracts extractRejectionError helper, uses IDBKeyRange in evictByPrefix
- exports filter field types from view store, migrates Settings Data to SettingRow
- adds 49 new tests: REST fallback branches, poll coordinator guards, cache eviction, worker refresh parity, auth edge cases, empty userLogin short-circuit
Security: adds AuthGuard on protected routes, moves refresh token to HttpOnly cookie (Worker sets/reads/clears via Set-Cookie), adds CSP hash CI verification, adds CORS credentials support, documents Worker API endpoints in DEPLOY.md. Correctness: fixes clearErrors wiping in-flight pushError calls, resets notification seen-sets on logout, fixes fork PR check status GraphQL lookup, adds try-catch around onAuthCleared callbacks, fixes formatDuration type. Performance: chunks PR detail fetches (batches of 10), memoizes selectedSet in RepoSelector, debounces view state persistence (200ms). Code quality: extracts SkeletonRows and ChevronIcon shared components, unifies ErrorBannerList with onDismiss, exports storage key constants, removes dead code. Tests: adds coverage for QuotaExceededError eviction, onAuthCleared callbacks, poll skipped path, cachedRequest If-Modified-Since fallback, worker regex boundaries, HttpOnly cookie refresh flow, and logout endpoint.
wgordon17
force-pushed
the
feat/full-implementation
branch
from
7072037 to
1c521cc
Compare
wgordon17
added a commit
to wgordon17/github-tracker
that referenced
this pull request
May 4, 2026
- Rename statuses: needs-review→Mergeable, waiting→Needs Action (gordon-code#9) - Add Pending Rebase status group with first-priority classification (gordon-code#14) - Remove duplicate All entries from filter popovers (gordon-code#1) - Restyle status group headers to match RepoGroupHeader patterns (gordon-code#2) - Add ExpandCollapseButtons for status groups (gordon-code#3) - Add StatusDot, SizeBadge, ReviewBadge to PR rows (gordon-code#4) - Persist expand state in viewState.dependencyExpandedGroups (gordon-code#5) - Structured title display with package name and version arrow (gordon-code#6) - Wire viewState.globalSort into classifiedPRs with repo tiebreaker (gordon-code#7) - Remove count badges from status group headers (gordon-code#10) - Unknown bot detection with one-time info notification (gordon-code#12) - Filter out dep-tool labels (dependencies, renovate) from PR rows (gordon-code#13)
wgordon17
added a commit
that referenced
this pull request
May 5, 2026
…ping (#96) * feat(deps): adds dependency detection module and config schema * feat(deps): adds Renovate Dashboard abandoned-section parser * feat(deps): add dependencies tab filter schema and TabBar integration * feat(deps): add dependencies settings section * feat(deps): add DependenciesTab with status-based grouping and abandoned pills * feat(deps): integrate pre-exclusivity dep PR detection into DashboardPage * fix(deps): address review findings from Phase 4 * fix(deps): preserve stale abandoned-deps on total API failure * fix(deps): derive DEP_FILTER_DEFAULTS from schema (STRUCT-008) * docs: update documentation for Dependencies tab feature * fix(deps): correct USER_GUIDE docs and clear regex cache on auth reset * test(deps): add coverage for fetchDashboardIssueBodies, ignore/track, filter schema, and integration * refactor(deps): removes redundant filters and slop comments * perf(deps): removes redundant state filter in bot options memo * fix(deps): removes dead props, adds dependencies to settings export * fix(deps): defaults only Needs Review group expanded per plan * fix(deps): gates pre-exclusivity on config.dependencies.enabled * fix(deps): corrects stale comment in PersonalSummaryStrip * fix(deps): resolves 9 quality-gate gaps - Add e2e/dependencies.spec.ts with 4 tests: tab auto-appears, absent when no dep PRs, hidden when settings disabled, status groups render - Add bot avatar (20px round) before badges in DependenciesTab PR rows - Gate dependencyPullRequests memo with config.dependencies.enabled check - Fix aria-controls violation: replace <Show> with CSS hidden class so content div stays in DOM when collapsed - Wire Dependencies settings toggles through saveWithFeedback for saved indicator parity with notification toggles - Add tests: loading skeleton, no-filter-matches empty state, resetAbandonedPatternCache cache clearing, equal-version semver edge case - Update collapse tests to check hidden class instead of DOM absence * feat(deps): resolves 12 UAT findings - Rename statuses: needs-review→Mergeable, waiting→Needs Action (#9) - Add Pending Rebase status group with first-priority classification (#14) - Remove duplicate All entries from filter popovers (#1) - Restyle status group headers to match RepoGroupHeader patterns (#2) - Add ExpandCollapseButtons for status groups (#3) - Add StatusDot, SizeBadge, ReviewBadge to PR rows (#4) - Persist expand state in viewState.dependencyExpandedGroups (#5) - Structured title display with package name and version arrow (#6) - Wire viewState.globalSort into classifiedPRs with repo tiebreaker (#7) - Remove count badges from status group headers (#10) - Unknown bot detection with one-time info notification (#12) - Filter out dep-tool labels (dependencies, renovate) from PR rows (#13) * fix(deps): fixes unknown bot detection bugs - Excludes authenticated user from unknown bot flagging - Handles dependabot vs dependabot[bot] via base-name matching - Replaces pushNotification with inline banner + Track/Dismiss buttons - Passes userLogin prop from DashboardPage to DependenciesTab * fix(deps): fixes header styling, title parsing, and sort - Adds repo-header-text class to status group headers for consistent color - Moves version info into title string (package: from → to) for visibility - Adds Python requirement pattern (>=A to >=B) to extractVersionInfo - Default sort clusters by repo first, then updatedAt within each repo * refactor(deps): reuses RepoGroupHeader for status groups Replaces custom header div+button+ChevronIcon with the existing RepoGroupHeader component, guaranteeing identical styling. * fix(deps): matches filter bar layout, strips commit prefixes from titles - Matches PullRequestsTab filter bar: gap-3 compact:gap-2, shrink-0 wrapper - Strips chore(deps)/fix(deps) prefix from all displayed titles - Lock file maintenance → Lock file maintenance - Pin dependencies → Pin dependencies - Update all major dependencies → Update all major dependencies * fix(deps): matches tracked bots with and without [bot] suffix expandBotLogins() generates both variants — tracking 'khepri-bot' now matches PRs from 'khepri-bot[bot]' and vice versa. Applied in both DashboardPage (isDependencyPr) and DependenciesTab (unknown bot banner). * fix(deps): normalizes bot logins on write, expands on read - handleTrackBot strips [bot] suffix before storing - validateGitHubUser strips [bot] from input before API call - fetchIssuesAndPullRequests runs both base and [bot] variant searches for tracked bots (mergeTrackedUserResults deduplicates) - expandBotLogins still covers local matching in both memos * feat(deps): triggers refresh after tracking a bot onRefresh callback fires manualRefresh via the poll coordinator so newly tracked bot PRs appear immediately. * fix(deps): adds [bot] fallback in validateGitHubUser Tries base login first, then auto-appends [bot] on 404. Entering 'khepri-bot' in Settings now finds the GitHub App bot automatically. Response login normalized (strips [bot]) for consistent storage. * fix(deps): assigns category to every PR, fixes filter passthrough Every PR gets a DepCategory: major | minor | patch | maintenance | other. Filter is now exact match — no more unconditional passthrough for undetected types. Maintenance (pin, lock file) and Other (unknown bump magnitude) are filterable options. * feat(deps): adds pin category and label fallback for update type - Pin dependencies is now its own filterable category - Lock file maintenance stays as 'maintenance' - When title parsing can't determine major/minor/patch, checks PR labels as fallback (Renovate/Dependabot may label PRs) - Body parsing for Renovate tables is a future enhancement * feat(deps): body fallback for update type, ignored visibility - Add parseRenovateBody to parse update type from Renovate PR body table - Fetch PR bodies on demand for dep PRs where title yields no updateType - Merge body-derived version info (packageName, from, to, updateType) into classifiedPRs for richer display titles and accurate category badges - Expand VersionInfo.updateType to include pin and digest - Add needsBodyFallback helper to identify PRs needing body fetch - Add fetchDepPRBodies GraphQL query in api.ts (nodes batch pattern) - Ignored dep PRs now stay visible on Dependencies tab (exclusive ownership still prevents them from appearing on Pull Requests tab) - Change empty filter message to 'No dependency PRs match your current filters' * fix(deps): body version priority, category badges, IgnoreBadge - Prefer body-derived versions over imprecise title versions (body has full semver, title may only have tag like v9) - Show category badge for all types including pin and maintenance (previously only shown when versionInfo.updateType was set) - Wire IgnoreBadge into Dependencies tab toolbar for unignoring dep PRs - Exclude dep PR IDs from Pull Requests tab IgnoreBadge via depPrIds prop - Restore ignored item filtering in Dependencies tab classifiedPRs * fix(deps): parse all Renovate table variants for update type - Detect table schema from header row (Package/Update/Change columns) - Handle 3-column format (Package | Update | Change) used by some PRs - Handle tables without Update column (Package | Change | Age | ...) by deriving updateType from semver comparison of version change - Strip markdown links from header cells (e.g. [Age](url)) - Scan all cells for version arrow when no Change column exists * feat(deps): cleans up row layout for deps tab - Add hideAuthor, hideNumber, subtleRepo, titlePrefix props to ItemRow - Dependencies tab: repo toned down (no pill, just monospace text), fixed min-width for vertical alignment of titles across rows - Type badge moved to titlePrefix slot (between repo and title) with fixed min-width for column alignment - Author name and PR number hidden (noise for dep PRs) - Bot avatar removed (redundant when author is hidden) * fix(deps): persists body data to dashboard cache Body fetch effect writes updated PR data (with body field) back to localStorage after the produce. On next page load, cached dep PRs already have bodies for immediate version info enrichment. * feat(deps): sorts by category priority, detects abandoned titles - Default sort: maintenance→pin→patch→minor→major→other, then repo within each category group (major at bottom, easy merges at top) - Detect Renovate ' - abandoned' title suffix as abandoned signal independent of Dashboard issue matching - Strip ' - abandoned' from title before version parsing and display - Shortened badge label from 'Abandoned dep' to 'Abandoned' * fix(deps): fires body fetch on cache load, not just poll Body fetch effect now tracks dependencyPullRequests() directly instead of coordinator lastRefreshAt. This fires on both cache load (page reload) and poll completion, so body-derived badges appear immediately from cached data without waiting for a full poll cycle. * fix(deps): preserves body across poll cycles carryOverBodies merges body from existing PR objects into fresh API data during both produce-path and full-replacement-path store updates. Bodies no longer flash away on each 5-minute poll cycle. * fix(deps): aligns filter dropdown order with sort order Update type filter options now match the table sort order: maintenance → pin → patch → minor → major → other (safest first). * fix(deps): category sort is always primary, not just default Category priority (maintenance→major→other) is now the primary sort axis regardless of the user-selected globalSort. The dropdown sort (repo, title, etc.) serves as secondary within each category group. * fix(deps): category sort is secondary to user-selected sort User-selected sort (repo, title, etc.) is primary. Update type category (maintenance→major→other) is secondary within each group. With Repo A-Z: PRs grouped by repo, then sorted by category within. * fix: resolves rebase artifacts (missing brace, unused import) * fix(deps): uses reactive signal for body data, not store mutation dependencyPullRequests() returns filtered plain objects that lose SolidJS store proxy tracking. Mutations via produce() to pr.body never triggered classifiedPRs recomputation. Replaced with a separate depBodies signal (Map<id, body>) passed as a prop — reads in classifiedPRs now trigger reactivity correctly. * feat(deps): persist parsed dep metadata to localStorage Replaces ephemeral depBodies signal (raw body strings) with depMeta signal (parsed VersionInfo objects) backed by localStorage. Bodies are parsed immediately on fetch via parseRenovateBody and the result is cached, eliminating classification jank on page refresh. Stale entries are pruned against the current dependency PR set. * fix(deps): address PR review findings - Remove dead STATUS_META fields (badgeClass, defaultExpanded) - Collapse duplicated label-scanning loops in depCategory - Remove redundant /i regex flags on lowercased strings - Replace badge class ternary with CATEGORY_BADGE_CLASS lookup - Pass trackedBotLogins as prop instead of duplicate memo - Exclude all tracked user logins from unknownBots banner - Remove dead pr.body guard from needsBodyFallback - Remove unused updateDependencyConfig export - Restore hideDepDashboard toggle when dep tab is disabled - Fix tabCounts badge/content mismatch for hidden dep dashboard issues - Fix stale E2E comment referencing nonexistent 'Waiting' status - Add fetchDepPRBodies unit tests (10 tests) - Add approved+stale classifyDepStatus test - Add hideDepDashboard filter tests (4 tests) * docs(deps): adds dep tab screenshot Synthetic dep PRs from dependabot[bot] and renovate[bot] across all four status groups: mergeable, pending-rebase, needs-action, and stale. Seeds dep-meta localStorage for version info display. * fix(deps): adds DEP_META_STORAGE_KEY to auth mock The DashboardPage test mock for stores/auth was missing the new DEP_META_STORAGE_KEY export, causing onAuthCleared callback tests to fail when accessing the constant at runtime. * fix(e2e): increases timeout for dep tab cold-start flake The first test in the suite hits Vite's cold-start module compilation, causing the 5s default assertion timeout to expire before the graphql response is processed. Waits for tablist first, then uses 10s timeout.
wgordon17
added a commit
to wgordon17/github-tracker
that referenced
this pull request
May 6, 2026
- Rename statuses: needs-review→Mergeable, waiting→Needs Action (gordon-code#9) - Add Pending Rebase status group with first-priority classification (gordon-code#14) - Remove duplicate All entries from filter popovers (gordon-code#1) - Restyle status group headers to match RepoGroupHeader patterns (gordon-code#2) - Add ExpandCollapseButtons for status groups (gordon-code#3) - Add StatusDot, SizeBadge, ReviewBadge to PR rows (gordon-code#4) - Persist expand state in viewState.dependencyExpandedGroups (gordon-code#5) - Structured title display with package name and version arrow (gordon-code#6) - Wire viewState.globalSort into classifiedPRs with repo tiebreaker (gordon-code#7) - Remove count badges from status group headers (gordon-code#10) - Unknown bot detection with one-time info notification (gordon-code#12) - Filter out dep-tool labels (dependencies, renovate) from PR rows (gordon-code#13)
wgordon17
added a commit
that referenced
this pull request
May 6, 2026
* feat(deps): adds dependency detection module and config schema * feat(deps): add dependencies tab filter schema and TabBar integration * feat(deps): add dependencies settings section * feat(deps): integrate pre-exclusivity dep PR detection into DashboardPage * fix(deps): address review findings from Phase 4 * test(deps): add coverage for fetchDashboardIssueBodies, ignore/track, filter schema, and integration * refactor(deps): removes redundant filters and slop comments * perf(deps): removes redundant state filter in bot options memo * fix(deps): removes dead props, adds dependencies to settings export * feat(deps): resolves 12 UAT findings - Rename statuses: needs-review→Mergeable, waiting→Needs Action (#9) - Add Pending Rebase status group with first-priority classification (#14) - Remove duplicate All entries from filter popovers (#1) - Restyle status group headers to match RepoGroupHeader patterns (#2) - Add ExpandCollapseButtons for status groups (#3) - Add StatusDot, SizeBadge, ReviewBadge to PR rows (#4) - Persist expand state in viewState.dependencyExpandedGroups (#5) - Structured title display with package name and version arrow (#6) - Wire viewState.globalSort into classifiedPRs with repo tiebreaker (#7) - Remove count badges from status group headers (#10) - Unknown bot detection with one-time info notification (#12) - Filter out dep-tool labels (dependencies, renovate) from PR rows (#13) * fix(deps): fixes unknown bot detection bugs - Excludes authenticated user from unknown bot flagging - Handles dependabot vs dependabot[bot] via base-name matching - Replaces pushNotification with inline banner + Track/Dismiss buttons - Passes userLogin prop from DashboardPage to DependenciesTab * fix(deps): fixes header styling, title parsing, and sort - Adds repo-header-text class to status group headers for consistent color - Moves version info into title string (package: from → to) for visibility - Adds Python requirement pattern (>=A to >=B) to extractVersionInfo - Default sort clusters by repo first, then updatedAt within each repo * fix(deps): matches tracked bots with and without [bot] suffix expandBotLogins() generates both variants — tracking 'khepri-bot' now matches PRs from 'khepri-bot[bot]' and vice versa. Applied in both DashboardPage (isDependencyPr) and DependenciesTab (unknown bot banner). * feat(deps): triggers refresh after tracking a bot onRefresh callback fires manualRefresh via the poll coordinator so newly tracked bot PRs appear immediately. * feat(deps): body fallback for update type, ignored visibility - Add parseRenovateBody to parse update type from Renovate PR body table - Fetch PR bodies on demand for dep PRs where title yields no updateType - Merge body-derived version info (packageName, from, to, updateType) into classifiedPRs for richer display titles and accurate category badges - Expand VersionInfo.updateType to include pin and digest - Add needsBodyFallback helper to identify PRs needing body fetch - Add fetchDepPRBodies GraphQL query in api.ts (nodes batch pattern) - Ignored dep PRs now stay visible on Dependencies tab (exclusive ownership still prevents them from appearing on Pull Requests tab) - Change empty filter message to 'No dependency PRs match your current filters' * fix(deps): body version priority, category badges, IgnoreBadge - Prefer body-derived versions over imprecise title versions (body has full semver, title may only have tag like v9) - Show category badge for all types including pin and maintenance (previously only shown when versionInfo.updateType was set) - Wire IgnoreBadge into Dependencies tab toolbar for unignoring dep PRs - Exclude dep PR IDs from Pull Requests tab IgnoreBadge via depPrIds prop - Restore ignored item filtering in Dependencies tab classifiedPRs * fix(deps): preserves body across poll cycles carryOverBodies merges body from existing PR objects into fresh API data during both produce-path and full-replacement-path store updates. Bodies no longer flash away on each 5-minute poll cycle. * fix(deps): category sort is always primary, not just default Category priority (maintenance→major→other) is now the primary sort axis regardless of the user-selected globalSort. The dropdown sort (repo, title, etc.) serves as secondary within each category group. * fix: resolves rebase artifacts (missing brace, unused import) * fix(deps): uses reactive signal for body data, not store mutation dependencyPullRequests() returns filtered plain objects that lose SolidJS store proxy tracking. Mutations via produce() to pr.body never triggered classifiedPRs recomputation. Replaced with a separate depBodies signal (Map<id, body>) passed as a prop — reads in classifiedPRs now trigger reactivity correctly. * feat(deps): persist parsed dep metadata to localStorage Replaces ephemeral depBodies signal (raw body strings) with depMeta signal (parsed VersionInfo objects) backed by localStorage. Bodies are parsed immediately on fetch via parseRenovateBody and the result is cached, eliminating classification jank on page refresh. Stale entries are pruned against the current dependency PR set. * fix(deps): address PR review findings - Remove dead STATUS_META fields (badgeClass, defaultExpanded) - Collapse duplicated label-scanning loops in depCategory - Remove redundant /i regex flags on lowercased strings - Replace badge class ternary with CATEGORY_BADGE_CLASS lookup - Pass trackedBotLogins as prop instead of duplicate memo - Exclude all tracked user logins from unknownBots banner - Remove dead pr.body guard from needsBodyFallback - Remove unused updateDependencyConfig export - Restore hideDepDashboard toggle when dep tab is disabled - Fix tabCounts badge/content mismatch for hidden dep dashboard issues - Fix stale E2E comment referencing nonexistent 'Waiting' status - Add fetchDepPRBodies unit tests (10 tests) - Add approved+stale classifyDepStatus test - Add hideDepDashboard filter tests (4 tests) * fix(deps): fixes post-deploy dependency tab issues - Includes offending login in Invalid userLogin error message - Strips Python version specifiers (==, >=, ~=) from parsed versions - Constrains repo badge width to prevent layout overflow on long names - Removes sort dropdown from Dependencies tab, uses fixed repo+category sort * fix(deps): migrates tracked user logins to strip [bot] suffix Pre-migration data stores logins like 'khepri-bot[bot]'. The bot variant search appends [bot] again, creating 'khepri-bot[bot][bot]' which fails VALID_TRACKED_LOGIN and surfaces as an Invalid userLogin toast on every poll cycle. * fix(deps): constrains compact-mode repo badge width for long names The previous fix only applied to comfortable mode. Compact mode also has shrink-0 + min-w-[9.5rem] with no max-width, so long repo names like rosa-eng-inventory-dashboard break column alignment. * fix(deps): uses inline-block for subtleRepo badge truncation text-overflow: ellipsis only works on block containers, not inline-flex. Switches subtleRepo badge to inline-block with align-middle so truncate actually produces an ellipsis on long repo names. * fix(deps): uses inline style for repo badge max-width Tailwind v4 was not generating CSS for max-w-[14rem]/max-w-[16rem] arbitrary values. Uses inline style for max-width to ensure the constraint is applied regardless of Tailwind CSS scanning. * fix(deps): replaces inline styles with Tailwind max-w classes Tailwind v4 does generate max-w-[16rem]/max-w-[14rem] correctly. The earlier issue was inline-flex + truncate incompatibility, not CSS generation. Reverts to pure Tailwind classes (no inline styles). * fix(deps): shows short repo name in comfortable subtleRepo mode Full owner/repo names wasted horizontal space and broke column alignment. Comfortable mode with subtleRepo now shows the short name (repo only, no org prefix) matching compact mode behavior. Full name remains accessible via title tooltip on hover. * fix(deps): uses fixed-width repo badge column for consistent alignment Variable min-w/max-w caused each badge to size to its content, so category badges and titles started at different x-positions per row. Fixed w-[14rem] ensures consistent column alignment. * fix(deps): narrows repo badge column to 11rem for tighter layout * fix(deps): narrows compact repo badge column to 9rem * fix(deps): tighten title pattern and address PR review findings - DEP_TITLE_PATTERN requires bot action words after conventional commit prefix, preventing false positives on human fix(deps) PRs - Reset _fetchingDepBodies on auth clear to prevent stale lock - Replace inline regex with stripVersionSpecifier() (DRY) - Align USER_GUIDE status groups with code's 4-status model - Add tests for hideDepDashboard, depPrIds filtering, == specifier * fix(deps): restores missing prop and test after rebase
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary