Fix/reliability#167
Merged
Merged
Conversation
- S8209: group consecutive params of same type in chat.go, task.go, user.go - S1192: extract constants for duplicated literals in community.go, auth.go, echo.go, router.go, user.go - S3776: reduce cognitive complexity by extracting helpers in community.go, chat.go, task_ai.go, user.go - S107: create Handlers struct in router.go to reduce Setup() params from 16 to 4 - S1135: replace TODO with descriptive comment in auth.go - S4144: extract shared toggleLike() in interaction.go - S8239: use available ctx param instead of context.Background() in chat.go
…sues - S7764: prefer globalThis over window across composables and PearlShell - S7767: use Math.trunc instead of bitwise |0 in random.ts, BarPage, PearlShell - S7748: remove zero fractions in seagulls.ts, reflections.ts, PearlShell - S3863: merge duplicate imports in App.vue, ChatPanel.vue - S3358: replace nested ternaries with if/else in CarPage, SpritesLayer, useParallax - S7773: use Number.parseFloat/Number.isNaN in spriteOffset.ts - S7746: prefer throw over Promise.reject in apiClient.ts - S7786: use TypeError for type checks in auth.ts - S4325: remove unnecessary type assertions in useTutorial, apiClient - S7769: use Math.hypot in PearlShell - S7762: use childNode.remove() in PearlShell - S6759: mark props readonly in PearlShell - S7778: combine multiple push calls in CarPage - S7758: use codePointAt over charCodeAt in BarPage - S3735: remove void operator in NavBar - S7735: flip negated condition in useTutorial - S7785: use top-level await in main.ts - S2004/S3776: reduce nesting and complexity in PearlShell - css:S7924: improve text contrast across 8+ overlay components - Web:ImgWithoutAltCheck: add alt attributes to images - Web:S6851: remove redundant alt words in CarPage - Web:S6853: add form label accessibility in CarPage
There was a problem hiding this comment.
Pull request overview
This PR focuses on reliability-oriented refactors and small UX/accessibility tweaks across the frontend and backend, aiming to reduce complexity, centralize repeated logic, and improve runtime behavior consistency.
Changes:
- Frontend: refactors for readability/typing, improves service worker registration handling, and adds/adjusts accessibility attributes and UI color variables.
- Backend: refactors service logic into helpers/constants, improves context propagation in chat, and simplifies router wiring by grouping handlers.
- General: reduces duplicated code paths (e.g., interaction handlers, chat memory helpers) and standardizes some formatting.
Reviewed changes
Copilot reviewed 37 out of 37 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| frontend/src/utils/spriteOffset.ts | Formatting + minor parsing/API usage cleanup for sprite offset calculation. |
| frontend/src/utils/random.ts | Refactors seeded PRNG implementation (see review comment re: int32 wrap semantics). |
| frontend/src/styles/variables.css | Adjusts secondary text color variable. |
| frontend/src/main.ts | Changes SW registration to await within try/catch in production. |
| frontend/src/lib/auth.ts | Changes thrown error type for API error responses (see review comment re: TypeError). |
| frontend/src/lib/apiClient.ts | Adds typed _retry request config and refactors interceptor rejection handling (see review comment re: error.config). |
| frontend/src/constants/seagulls.ts | Formatting/standardization of constant data definitions. |
| frontend/src/constants/reflections.ts | Formatting/standardization + minor numeric literal normalization. |
| frontend/src/composables/useTutorial.ts | Simplifies spriteId extraction and callback flow when offset is null. |
| frontend/src/composables/useParallax.ts | Refactors wheel delta selection + switches some globals to globalThis (see review comment re: timer typing). |
| frontend/src/composables/useIsMobile.ts | Switches window access to globalThis for matchMedia checks and subscriptions. |
| frontend/src/composables/useBackgroundMusicLoop.ts | Refactors/background-music lifecycle code formatting + uses globalThis for unlock events. |
| frontend/src/components/scene/SpritesLayer.vue | Refactors responsive sprite style selection for readability. |
| frontend/src/components/scene/NavBar.vue | Reflow trigger line adjusted to satisfy lint rule. |
| frontend/src/components/react/PearlShell.tsx | Refactors animation helpers + global access cleanup + PRNG change (see review comment re: int32 wrap semantics). |
| frontend/src/components/overlay/WhisperPanel.vue | Adjusts status colors. |
| frontend/src/components/overlay/TaskPanel.vue | Adjusts category/status colors. |
| frontend/src/components/overlay/MemoryPanel.vue | Adjusts error color. |
| frontend/src/components/overlay/CommunityPanel.vue | Adds alt attributes and tweaks some text color opacity. |
| frontend/src/components/overlay/ChatPanel.vue | Replaces type import with inline type reference. |
| frontend/src/components/overlay/CarPage.vue | Adds/adjusts alt attributes and improves form label/input associations; minor readability refactors. |
| frontend/src/components/overlay/BarPage.vue | Adds alt attributes and minor hashing change for determinism; color tweaks. |
| frontend/src/components/overlay/AuthPanel.vue | Adjusts error color. |
| frontend/src/components/overlay/AiMemoryPanel.vue | Adjusts category/error colors. |
| frontend/src/App.vue | Consolidates Vue imports ordering. |
| backend/internal/service/user.go | Extracts role-change validation helper and centralizes "id = ?" literal. |
| backend/internal/service/task_ai.go | Extracts chat-memory age-stage inference helper. |
| backend/internal/service/task.go | Minor signature cleanup. |
| backend/internal/service/echo.go | Centralizes trim whitespace characters constant in memoir text cleaning. |
| backend/internal/service/community.go | Extracts moderation/source validation helpers and centralizes error string constants. |
| backend/internal/service/chat.go | Extracts user-context resolution, improves context propagation, and factors fact parsing/saving helpers. |
| backend/internal/service/auth.go | Centralizes repeated auth error strings into constants. |
| backend/internal/router/router.go | Introduces Handlers struct to bundle route handler dependencies and centralizes repeated route fragments. |
| backend/internal/repository/chat.go | Minor signature cleanup. |
| backend/internal/handler/interaction.go | Deduplicates like handler logic via shared method (see review comment re: DELETE idempotency). |
| backend/internal/handler/auth.go | Clarifies why reset token is unused (avoids leaking token). |
| backend/cmd/server/main.go | Updates router setup call to pass *router.Handlers. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
- CORS: disable credentials when origins is wildcard (#1) - Token blacklist: evict expired entries before dropping new tokens (#3) - Static files: add security headers, block dangerous file types (#5) - HSTS: add Strict-Transport-Security header (#6) - HTML sanitization: escape user content in community service (#10) - Security logging: log auth failures, admin ops, JWT errors (#12) - Guest sessions: HMAC-sign session IDs to prevent spoofing (#15) - AI credentials: read from env vars instead of hardcoding (#16) - Cache-Control: add no-store for API responses (#17) - URL validation: reject non-HTTP(S) URLs in chat search (#19) - Like endpoints: split POST/DELETE into idempotent AddLike/RemoveLike (PR #167)
- CSP: add Content-Security-Policy meta tag (#18) - Source maps: disable in production builds (#13) - Remove redundant X-Access-Token headers from auth API calls - PRNG: restore int32 wraparound with `| 0` instead of Math.trunc (PR #167) - auth.ts: use Error instead of TypeError for API errors (PR #167) - useParallax: use ReturnType<typeof setTimeout> for timer type (PR #167) - apiClient: guard against undefined error.config (PR #167)
Replace hardcoded default password with crypto/rand generated random hex string. The AI service user never logs in interactively, so a random password on each startup is sufficient. Also add AI_USER_* env vars to .env.example.
|
koishi510
approved these changes
Mar 15, 2026
koishi510
pushed a commit
that referenced
this pull request
Mar 15, 2026
- CORS: disable credentials when origins is wildcard (#1) - Token blacklist: evict expired entries before dropping new tokens (#3) - Static files: add security headers, block dangerous file types (#5) - HSTS: add Strict-Transport-Security header (#6) - HTML sanitization: escape user content in community service (#10) - Security logging: log auth failures, admin ops, JWT errors (#12) - Guest sessions: HMAC-sign session IDs to prevent spoofing (#15) - AI credentials: read from env vars instead of hardcoding (#16) - Cache-Control: add no-store for API responses (#17) - URL validation: reject non-HTTP(S) URLs in chat search (#19) - Like endpoints: split POST/DELETE into idempotent AddLike/RemoveLike (PR #167)
koishi510
pushed a commit
that referenced
this pull request
Mar 15, 2026
- CSP: add Content-Security-Policy meta tag (#18) - Source maps: disable in production builds (#13) - Remove redundant X-Access-Token headers from auth API calls - PRNG: restore int32 wraparound with `| 0` instead of Math.trunc (PR #167) - auth.ts: use Error instead of TypeError for API errors (PR #167) - useParallax: use ReturnType<typeof setTimeout> for timer type (PR #167) - apiClient: guard against undefined error.config (PR #167)
koishi510
pushed a commit
that referenced
this pull request
Mar 15, 2026
- CORS: disable credentials when origins is wildcard (#1) - Token blacklist: evict expired entries before dropping new tokens (#3) - Static files: add security headers, block dangerous file types (#5) - HSTS: add Strict-Transport-Security header (#6) - HTML sanitization: escape user content in community service (#10) - Security logging: log auth failures, admin ops, JWT errors (#12) - Guest sessions: HMAC-sign session IDs to prevent spoofing (#15) - AI credentials: read from env vars instead of hardcoding (#16) - Cache-Control: add no-store for API responses (#17) - URL validation: reject non-HTTP(S) URLs in chat search (#19) - Like endpoints: split POST/DELETE into idempotent AddLike/RemoveLike (PR #167)
koishi510
pushed a commit
that referenced
this pull request
Mar 15, 2026
- CSP: add Content-Security-Policy meta tag (#18) - Source maps: disable in production builds (#13) - Remove redundant X-Access-Token headers from auth API calls - PRNG: restore int32 wraparound with `| 0` instead of Math.trunc (PR #167) - auth.ts: use Error instead of TypeError for API errors (PR #167) - useParallax: use ReturnType<typeof setTimeout> for timer type (PR #167) - apiClient: guard against undefined error.config (PR #167)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related Issue
Summary
Change Type
Self-Check Checklist
Backend (Go):
go build ./...passesgo vet ./...passesgofmtproduces no diffFrontend (Vue):
npm run lintpassesnpm run typecheckpassesGeneral:
Test Steps