Skip to content

Fix critical bugs and update type cast guidance#53

Merged
jln13x merged 1 commit intomainfrom
jln13x/code-review-findings
Jan 23, 2026
Merged

Fix critical bugs and update type cast guidance#53
jln13x merged 1 commit intomainfrom
jln13x/code-review-findings

Conversation

@jln13x
Copy link
Owner

@jln13x jln13x commented Jan 23, 2026

Summary

Fixed two critical bugs found during code review and updated documentation on type safety practices.

  • Store plugin init race: Initialize pluginResults to prevent crash if plugin calls setState during initialization
  • Routes URL encoding: Encode dynamic params to prevent URL injection with special characters (/, ?, #)
  • Type cast guidance: Clarified that internal type casts are acceptable when consumer APIs remain fully type-safe

All existing tests pass.

🤖 Generated with Claude Code

@jln13x @claude
Fix critical bugs and update type cast guidance
591db5c 
- Initialize pluginResults in store to prevent crash if plugin calls setState during setup
- Encode dynamic params in routes to prevent URL injection (/, ?, #)
- Update AGENTS.md to clarify internal type casts are acceptable when consumer API remains type-safe

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
@vercel
Copy link

vercel bot commented Jan 23, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
jlnstack Ready Ready Preview, Comment Jan 23, 2026 3:29pm

Request Review

@github-actions github-actions bot added routes @jlnstack/routes store @jlnstack/store labels Jan 23, 2026
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 23, 2026

Greptile Summary

Fixed two critical race condition and URL injection bugs, and clarified type safety documentation.

  • Store plugin initialization race: Prevented crash when plugins call setState during initialization by initializing pluginResults to empty array instead of undefined
  • Routes URL encoding: Added encodeURIComponent to dynamic route parameters to prevent URL injection with special characters (/, ?, #)
  • Type cast guidance: Added clear documentation that internal type casts are acceptable when consumer APIs remain type-safe

Both bug fixes are solid and address real production issues. The documentation update provides helpful guidance aligned with the fixes.

Confidence Score: 5/5

  • This PR is safe to merge with no risk
  • Both bug fixes address legitimate edge cases with correct implementations. The store fix prevents a crash during plugin initialization, and the routes fix properly encodes URL parameters following web standards. The documentation update is clear and accurate. All changes are minimal, focused, and the author confirms tests pass.
  • No files require special attention

@jln13x jln13x merged commit 51d16eb into main Jan 23, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

routes @jlnstack/routes store @jlnstack/store

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jln13x