feat: WebDAV自动备份和自定义保留份数#17
Conversation
后端新增备份调度服务,支持设置自动备份间隔和保留最近N份备份。 前端新增自动备份设置面板,可在设置中配置参数和手动触发。 - 新增 backupService.ts: 数据导出、自动备份、旧备份清理调度 - 新增 backup.ts 路由: settings CRUD / status / trigger 四个API - 提取 exportAllData 函数供 sync 和 backup 服务共用 - webdavService 新增 deleteFile 方法 - 前端新增 AutoBackupPanel 配置面板
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (3)
📝 WalkthroughSummary by CodeRabbit0.6.2 版本发布说明
WalkthroughPR 同时添加一套 14 个 agent-skill 文档/模板/脚本(诊断、访谈、原型、triage 等)和一个自动备份子系统:后端数据导出与 WebDAV 上传/保留策略、调度器、Express API、以及前端设置面板与客户端适配器。 ChangesAgent Skills 框架与文档
自动备份系统
Sequence DiagramsequenceDiagram
participant User as 用户
participant Panel as AutoBackupPanel
participant Backend as frontend backendAdapter
participant Server as Express (backup routes)
participant DB as SQLite
participant WebDAV as WebDAV 目标
participant Scheduler as 后端调度器
User->>Panel: 打开/修改设置 / 点击 Backup Now
Panel->>Backend: GET /api/backup/settings
Backend->>Server: GET /api/backup/settings
Server->>DB: 读取 settings / active config
Server-->>Backend: 返回 settings
User->>Panel: 保存设置
Panel->>Backend: PUT /api/backup/settings
Backend->>Server: PUT /api/backup/settings
Server->>DB: 事务写入 settings
User->>Panel: 触发立即备份
Panel->>Backend: POST /api/backup/trigger
Backend->>Server: POST /api/backup/trigger
Server->>Server: performAutoBackup()
Server->>DB: exportAllData(mask=true)
DB-->>Server: JSON 导出结果
Server->>WebDAV: PUT 上传 <timestamp>.json
WebDAV-->>Server: 200 OK
Server->>WebDAV: PROPFIND 列表
WebDAV-->>Server: 文件列表(XML)
Server->>WebDAV: DELETE 过期文件
WebDAV-->>Server: 删除确认
Server-->>Backend: 返回备份结果
Scheduler->>Server: 定期触发检查并调用 performAutoBackup()
Estimated code review effort🎯 4 (Complex) | ⏱️ ~50 分钟 Possibly related PRs
建议标签:frontend, backend, feature 🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 10
🧹 Nitpick comments (3)
.agents/skills/tdd/SKILL.md (1)
31-109: 💤 Low value文档质量优秀,建议为代码块添加语言标识符。
TDD 技能文档结构完整,理念清晰,工作流详尽。多个示意图和清单使用的代码块未指定语言,可添加
```text以消除 markdownlint 警告(lines 31, 66, 77, 103)。♻️ 建议的改进示例
-``` +```text WRONG (horizontal): RED: test1, test2, test3, test4, test5对其他三处代码块(lines 66, 77, 103)应用相同的修改。
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.agents/skills/tdd/SKILL.md around lines 31 - 109, Add a language identifier "text" to the fenced code blocks in the TDD skill document so markdownlint warnings are resolved; specifically update the three example fences that start with the lines "WRONG (horizontal):" and "RIGHT (vertical):" and the other two standalone fenced examples (the blocks shown around the tracer bullet and checklist) by changing their opening fences to ```text so the blocks render as plain text and lint cleanly..agents/skills/tdd/deep-modules.md (1)
7-27: 💤 Low value可为代码块添加语言标识符。
ASCII 图表所在的代码块未指定语言标识符,可添加
```text以消除 markdownlint 警告。♻️ 建议的改进
-``` +```text ┌─────────────────────┐ │ Small Interface │ ← Few methods, simple params对第二个代码块应用相同的修改。
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.agents/skills/tdd/deep-modules.md around lines 7 - 27, Add a language identifier to the ASCII-art fenced code blocks so markdownlint stops warning; update both diagram blocks (the one labeled "Small Interface" / "Deep Implementation" and the one labeled "Large Interface" / "Thin Implementation"/"Shallow module") to use ```text as the opening fence rather than plain ``` so the ASCII diagrams are treated as plain text..agents/skills/setup-matt-pocock-skills/SKILL.md (1)
61-69: ⚡ Quick win建议将 Domain docs 选项收敛为单上下文,避免仓库约定漂移。
当前引导把 single/multi-context 都作为常规选项,容易把本仓库文档写到非约定位置。建议在本仓库固定为 single-context,并将 multi-context 仅作为“显式例外”说明。
Based on learnings: Maintain a single-context repository structure with
CONTEXT.mdat root and architecture decisions indocs/adr/.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.agents/skills/setup-matt-pocock-skills/SKILL.md around lines 61 - 69, Update "Section C — Domain docs." in SKILL.md to default the repository convention to single-context: state clearly that the repo should use a single CONTEXT.md at the repo root and docs/adr/ for ADRs, and change wording so `improve-codebase-architecture`, `diagnose`, and `tdd` read only the root CONTEXT.md by default; mention CONTEXT-MAP.md / multi-context as an explicit exception (e.g., "only used for monorepos") and provide brief guidance on when to adopt that exception so contributors don't place domain docs in non-standard locations.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.agents/skills/grill-with-docs/SKILL.md:
- Around line 26-34: Two fenced code blocks showing directory trees are missing
language markers; update each opening triple-backtick so they read ```text (the
blocks containing the tree starting with "/" and the one starting with "/ ├──
CONTEXT-MAP.md") to satisfy the MD040 rule and keep linting consistent—locate
the two blocks in SKILL.md (the directory-tree snippets) and change their fence
to ```text.
In @.agents/skills/setup-matt-pocock-skills/domain.md:
- Around line 17-24: Update the two fenced code blocks in
.agents/skills/setup-matt-pocock-skills/domain.md (the ASCII tree snippets shown
around the first snippet starting with "/" and the second snippet starting with
"/ ├── CONTEXT-MAP.md") to include a language hint (e.g., add ```text instead of
```). Locate the two bare triple-backtick blocks that contain the directory tree
ASCII art and change their opening fences to ```text so markdownlint MD040 is
satisfied; do the same for the other occurrence noted in the comment (the block
spanning the second snippet around lines 28-39).
In @.agents/skills/triage/OUT-OF-SCOPE.md:
- Around line 10-54: The fenced code blocks in .out-of-scope (e.g., the tree
snippet and the dark-mode.md example) lack language markers and the outer
markdown fence conflicts with the inner ```ts fence, causing rendering issues;
update the tree block to use a language tag (e.g., text) and replace the outer
markdown fence around the Dark Mode section with a longer fence to safely nest
the inner TypeScript block (for example, use a four-backtick fence like
````markdown ... ````), and keep the inner code block for the ThemeConfig
interface intact so the ThemeConfig example highlights correctly.
In @.agents/skills/triage/SKILL.md:
- Around line 12-14: Update the fenced code block that contains "> *This was
generated by AI during triage.*" to include a language identifier (e.g., change
the opening fence from ``` to ```markdown) so the block becomes ```markdown ...
```; ensure the closing fence remains present and the content is unchanged.
In @.agents/skills/write-a-skill/SKILL.md:
- Around line 28-86: The fenced code blocks in the SKILL.md template (the top
directory tree block, the Good example block, and the Bad example block) are
missing language identifiers which triggers MD040; update those three fences to
include a language such as "text" or "md" (e.g., add ```text or ```md) so the
directory tree, the Good example string, and the Bad example string each have a
declared language; target the fenced blocks shown in the SKILL.md template and
the Good/Bad example sections to make the change.
In `@docs/agents/domain.md`:
- Around line 16-22: The fenced code block in docs/agents/domain.md is missing a
language identifier which triggers MD040; update the block by adding a language
tag (e.g., "text") after the opening triple backticks so the snippet becomes
```text ... ``` to silence the linter and preserve the tree diagram formatting.
In `@server/src/routes/backup.ts`:
- Around line 29-33: Wrap all successful JSON responses to the backup route
handlers to match the project convention { data, code } instead of returning raw
values; specifically replace usages like res.json(settings), res.json(status),
res.json(result) and res.json({updated: true}) with responses that return the
payload under data and a short success code (e.g. code: 'SUCCESS' or a more
specific code like 'FETCH_BACKUP_SETTINGS_SUCCESS') so that every success
response mirrors the existing error shape; update each handler in this file that
currently returns bare values (references: the res.json(settings) call and the
other occurrences noted at lines ~87, ~98, ~109-113) to use this wrapped format.
- Around line 40-56: Request body handling must validate type and numeric values
before destructuring; update the route to first ensure req.body is a plain
object (return 400 if not), then read auto_backup_enabled,
auto_backup_interval_hours, auto_backup_retention_count from that object and
validate numbers using Number.isFinite and Number.isInteger where appropriate
(e.g., use Number.isInteger for retention count and likely for interval hours if
only whole hours are allowed), rejecting NaN and floats as needed; keep
collecting messages in errors and return a 400 with errors when validation fails
instead of allowing invalid values to be written.
In `@server/src/services/backupService.ts`:
- Around line 147-164: The webdavDeleteFile function currently swallows non-2xx
responses (only console.warn) causing callers to treat failures as successful
deletions; change webdavDeleteFile to return a boolean (true on 2xx, false on
non-2xx or thrown errors) by checking proxyRequest's result.status and catching
exceptions, and update its callers (the cleanup loop that logs "Deleted old
backup" and increments `deleted`) to use the returned boolean to decide whether
to increment `deleted` and log success or log/handle a failure instead;
reference the webdavDeleteFile function and proxyRequest result handling when
making these edits.
In `@src/components/settings/AutoBackupPanel.tsx`:
- Around line 147-167: The label and switch in AutoBackupPanel are not
programmatically associated, hurting screen-reader and keyboard accessibility;
add an id to the label's related control and reference it from the switch via
aria-labelledby (or give the switch an aria-label) and ensure the interactive
element is focusable and keyboard-operable; specifically update the label
element and the switch button used with enabled, noActiveConfig and setEnabled
so the label has an id (e.g., autoBackupLabel) and the button has
aria-labelledby="autoBackupLabel" (or a descriptive aria-label) and preserve
existing disabled/role/aria-checked behavior; apply the same pattern to the
other switch instances mentioned (lines ~170-181 and ~188-199).
---
Nitpick comments:
In @.agents/skills/setup-matt-pocock-skills/SKILL.md:
- Around line 61-69: Update "Section C — Domain docs." in SKILL.md to default
the repository convention to single-context: state clearly that the repo should
use a single CONTEXT.md at the repo root and docs/adr/ for ADRs, and change
wording so `improve-codebase-architecture`, `diagnose`, and `tdd` read only the
root CONTEXT.md by default; mention CONTEXT-MAP.md / multi-context as an
explicit exception (e.g., "only used for monorepos") and provide brief guidance
on when to adopt that exception so contributors don't place domain docs in
non-standard locations.
In @.agents/skills/tdd/deep-modules.md:
- Around line 7-27: Add a language identifier to the ASCII-art fenced code
blocks so markdownlint stops warning; update both diagram blocks (the one
labeled "Small Interface" / "Deep Implementation" and the one labeled "Large
Interface" / "Thin Implementation"/"Shallow module") to use ```text as the
opening fence rather than plain ``` so the ASCII diagrams are treated as plain
text.
In @.agents/skills/tdd/SKILL.md:
- Around line 31-109: Add a language identifier "text" to the fenced code blocks
in the TDD skill document so markdownlint warnings are resolved; specifically
update the three example fences that start with the lines "WRONG (horizontal):"
and "RIGHT (vertical):" and the other two standalone fenced examples (the blocks
shown around the tracer bullet and checklist) by changing their opening fences
to ```text so the blocks render as plain text and lint cleanly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro Plus
Run ID: 185585c0-1f8d-48f9-8a72-552e21f7946b
📒 Files selected for processing (48)
.agents/skills/caveman/SKILL.md.agents/skills/diagnose/SKILL.md.agents/skills/diagnose/scripts/hitl-loop.template.sh.agents/skills/grill-me/SKILL.md.agents/skills/grill-with-docs/ADR-FORMAT.md.agents/skills/grill-with-docs/CONTEXT-FORMAT.md.agents/skills/grill-with-docs/SKILL.md.agents/skills/handoff/SKILL.md.agents/skills/improve-codebase-architecture/DEEPENING.md.agents/skills/improve-codebase-architecture/INTERFACE-DESIGN.md.agents/skills/improve-codebase-architecture/LANGUAGE.md.agents/skills/improve-codebase-architecture/SKILL.md.agents/skills/prototype/LOGIC.md.agents/skills/prototype/SKILL.md.agents/skills/prototype/UI.md.agents/skills/setup-matt-pocock-skills/SKILL.md.agents/skills/setup-matt-pocock-skills/domain.md.agents/skills/setup-matt-pocock-skills/issue-tracker-github.md.agents/skills/setup-matt-pocock-skills/issue-tracker-gitlab.md.agents/skills/setup-matt-pocock-skills/issue-tracker-local.md.agents/skills/setup-matt-pocock-skills/triage-labels.md.agents/skills/tdd/SKILL.md.agents/skills/tdd/deep-modules.md.agents/skills/tdd/interface-design.md.agents/skills/tdd/mocking.md.agents/skills/tdd/refactoring.md.agents/skills/tdd/tests.md.agents/skills/to-issues/SKILL.md.agents/skills/to-prd/SKILL.md.agents/skills/triage/AGENT-BRIEF.md.agents/skills/triage/OUT-OF-SCOPE.md.agents/skills/triage/SKILL.md.agents/skills/write-a-skill/SKILL.md.agents/skills/zoom-out/SKILL.mdAGENTS.mddocs/agents/domain.mddocs/agents/issue-tracker.mddocs/agents/triage-labels.mdserver/src/index.tsserver/src/routes/backup.tsserver/src/routes/sync.tsserver/src/services/backupService.tsskills-lock.jsonsrc/components/SettingsPanel.tsxsrc/components/settings/AutoBackupPanel.tsxsrc/components/settings/index.tssrc/services/backendAdapter.tssrc/services/webdavService.ts
📜 Review details
🧰 Additional context used
📓 Path-based instructions (5)
src/components/**
⚙️ CodeRabbit configuration file
src/components/**: React 组件目录(TypeScript + Tailwind CSS)。审查时请关注: 1. 是否同时兼容暗色(dark: 前缀)和亮色主题 2. 响应式布局是否完整(Tailwind 断点系统:sm/md/lg/xl) 3. Props 类型定义是否完整(TypeScript interface) 4. 组件是否保持单一职责 5. 无障碍访问(aria-label、role、键盘导航) 6. React.memo / useMemo / useCallback 的使用是否合理
Files:
src/components/settings/index.tssrc/components/settings/AutoBackupPanel.tsxsrc/components/SettingsPanel.tsx
src/components/settings/**
⚙️ CodeRabbit configuration file
src/components/settings/**: 设置面板组件。审查时请关注: 1. 表单状态管理和输入校验 2. 多语言文本处理(t(zh, en) 函数) 3. API 密钥/密码等敏感信息的输入框类型(type="password") 4. 异步操作的状态反馈(loading/error/success)
Files:
src/components/settings/index.tssrc/components/settings/AutoBackupPanel.tsx
server/src/routes/**
⚙️ CodeRabbit configuration file
server/src/routes/**: Express 路由层。审查时请关注: 1. 输入验证(req.body/req.params/req.query 的类型和范围检查) 2. SQL 注入防护(全部使用 ? 参数化查询,禁止字符串拼接) 3. 事务使用是否正确(批量操作应使用 db.transaction()) 4. 错误处理是否完善(try-catch + 统一错误响应格式) 5. 认证中间件是否正确应用(authMiddleware) 6. JSON 响应格式统一:{ data/error, code }
Files:
server/src/routes/sync.tsserver/src/routes/backup.ts
src/services/**
⚙️ CodeRabbit configuration file
src/services/**: API 服务层。审查时请关注: 1. fetch 请求的超时处理(AbortController) 2. 错误处理和用户友好的错误信息翻译 3. API 密钥/Token 的传输安全性 4. 请求重试和降级策略 5. WebDAV/后端代理的 CORS 处理
Files:
src/services/webdavService.tssrc/services/backendAdapter.ts
server/src/services/**
⚙️ CodeRabbit configuration file
server/src/services/**: 后端服务层。审查时请关注: 1. 加密解密逻辑的正确性(AES-256-GCM) 2. 密钥管理和随机性 3. 错误处理不泄露敏感信息
Files:
server/src/services/backupService.ts
🧠 Learnings (1)
📓 Common learnings
Learnt from: CR
Repo: lostiv/GithubStarsManager
Timestamp: 2026-05-12T03:19:31.429Z
Learning: Use GitHub Issues on `lostiv/GithubStarsManager` with the `gh` CLI for issue tracking
Learnt from: CR
Repo: lostiv/GithubStarsManager
Timestamp: 2026-05-12T03:19:31.429Z
Learning: Apply standard five-role triage labels: `needs-triage`, `needs-info`, `ready-for-agent`, `ready-for-human`, `wontfix`
Learnt from: CR
Repo: lostiv/GithubStarsManager
Timestamp: 2026-05-12T03:19:31.429Z
Learning: Maintain a single-context repository structure with `CONTEXT.md` at root and architecture decisions in `docs/adr/`
🪛 LanguageTool
.agents/skills/grill-with-docs/ADR-FORMAT.md
[style] ~37-~37: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...not surprising, nobody will wonder why. If there was no real alternative, there's ...
(ENGLISH_WORD_REPEAT_BEGINNING_RULE)
[grammar] ~46-~46: Ensure spelling is correct
Context: ...rements." "Response times must be under 200ms because of the partner API contract." -...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
.agents/skills/triage/AGENT-BRIEF.md
[style] ~9-~9: ‘in the meantime’ might be wordy. Consider a shorter alternative.
Context: ...days or weeks. The codebase will change in the meantime. Write the brief so it stays useful eve...
(EN_WORDINESS_PREMIUM_IN_THE_MEANTIME)
.agents/skills/prototype/UI.md
[grammar] ~89-~89: Ensure spelling is correct
Context: ...tinct from the page (e.g. high-contrast pill, subtle shadow) so it's obviously not p...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
.agents/skills/improve-codebase-architecture/INTERFACE-DESIGN.md
[style] ~3-~3: Consider using an alternative to strengthen your wording.
Context: # Interface Design When the user wants to explore alternative interfaces for a...
(WANT_KEEN)
.agents/skills/tdd/deep-modules.md
[style] ~33-~33: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...ods? - Can I simplify the parameters? - Can I hide more complexity inside?
(ENGLISH_WORD_REPEAT_BEGINNING_RULE)
.agents/skills/grill-with-docs/CONTEXT-FORMAT.md
[style] ~47-~47: Consider using “who” when you are referring to a person instead of an object.
Context: ...ation between a dev and a domain expert that demonstrates how the terms interact nat...
(THAT_WHO)
.agents/skills/to-prd/SKILL.md
[style] ~56-~56: As an alternative to the over-used intensifier ‘very’, consider replacing this phrase.
Context: ...nippets. They may end up being outdated very quickly. Exception: if a prototype produced a ...
(EN_WEAK_ADJECTIVE)
.agents/skills/caveman/SKILL.md
[style] ~24-~24: Consider using a different verb to strengthen your wording.
Context: ...xt step].` Not: "Sure! I'd be happy to help you with that. The issue you're experie...
(HELP_ASSIST)
.agents/skills/write-a-skill/SKILL.md
[style] ~23-~23: The present participle “missing” normally requires “is”.
Context: ... - Does this cover your use cases? - Anything missing or unclear? - Should any sec...
(ANYONE_ELSE_WHO_IS_VBG)
[uncategorized] ~72-~72: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...Format*: - Max 1024 chars - Write in third person - First sentence: what it does - Second...
(EN_COMPOUND_ADJECTIVE_INTERNAL)
.agents/skills/setup-matt-pocock-skills/SKILL.md
[style] ~49-~49: Consider a more expressive alternative.
Context: ...up, ready for a human, or won't fix. To do that, it needs to apply labels (or the ...
(DO_ACHIEVE)
.agents/skills/diagnose/SKILL.md
[style] ~37-~37: Consider using a different verb to strengthen your wording.
Context: .... Once you have a loop, ask: - Can I make it faster? (Cache setup, skip unrelated init, nar...
(MAKE_XXX_FASTER)
[style] ~71-~71: Consider using a shorter alternative to avoid wordiness.
Context: ...e the bug disappear / will make it worse." If you cannot state the prediction, ...
(MADE_IT_JJR)
.agents/skills/prototype/LOGIC.md
[grammar] ~28-~28: Ensure spelling is correct
Context: ...opped into the real codebase later. The TUI around it is throwaway; the logic modul...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[style] ~77-~77: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... is specifically about persistence. - Don't generalise. No "what if we wanted ...
(ENGLISH_WORD_REPEAT_BEGINNING_RULE)
.agents/skills/improve-codebase-architecture/SKILL.md
[style] ~41-~41: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...rly as complex as the implementation? - Where have pure functions been extracted just...
(ENGLISH_WORD_REPEAT_BEGINNING_RULE)
[style] ~42-~42: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...how they're called (no locality)? - Where do tightly-coupled modules leak across ...
(ENGLISH_WORD_REPEAT_BEGINNING_RULE)
[style] ~43-~43: To elevate your writing, try using a synonym here.
Context: ... parts of the codebase are untested, or hard to test through their current interface...
(HARD_TO)
[style] ~58-~58: Using “real” as an adverb is considered informal. Consider using “really” or “very”.
Context: ...R, only surface it when the friction is real enough to warrant revisiting the ADR. M...
(REAL_REALLY)
.agents/skills/triage/SKILL.md
[grammar] ~28-~28: Ensure spelling is correct
Context: ...t— new feature or improvement Five **state** roles: -needs-triage` — maintainer...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
🪛 markdownlint-cli2 (0.22.1)
.agents/skills/grill-with-docs/SKILL.md
[warning] 26-26: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 38-38: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
.agents/skills/setup-matt-pocock-skills/domain.md
[warning] 17-17: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 28-28: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
.agents/skills/tdd/deep-modules.md
[warning] 7-7: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 21-21: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
.agents/skills/triage/OUT-OF-SCOPE.md
[warning] 10-10: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 54-54: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
.agents/skills/tdd/SKILL.md
[warning] 31-31: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 66-66: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 77-77: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 103-103: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
docs/agents/domain.md
[warning] 16-16: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
.agents/skills/write-a-skill/SKILL.md
[warning] 28-28: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 78-78: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 84-84: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
.agents/skills/triage/SKILL.md
[warning] 12-12: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🪛 OpenGrep (1.20.0)
server/src/services/backupService.ts
[ERROR] 172-172: Dynamic command passed to child_process.exec/execSync. Use child_process.execFile or spawn with an argument array instead.
(coderabbit.command-injection.exec-js)
[ERROR] 191-191: Dynamic command passed to child_process.exec/execSync. Use child_process.execFile or spawn with an argument array instead.
(coderabbit.command-injection.exec-js)
🔇 Additional comments (30)
.agents/skills/setup-matt-pocock-skills/issue-tracker-local.md (1)
1-20: 文档结构清晰,约定完整。本地 Markdown issue tracker 的文档定义了目录结构、命名约定和技能触发短语,与 GitHub/GitLab tracker 文档形成良好互补。
.agents/skills/tdd/refactoring.md (1)
1-11: 简洁实用的重构清单。重构候选项列表覆盖了常见的代码异味(重复、长方法、浅模块、特性依恋等),与 TDD 工作流配合良好。
.agents/skills/setup-matt-pocock-skills/issue-tracker-gitlab.md (1)
1-24: GitLab tracker 约定完整且清晰。文档涵盖了
glabCLI 的主要操作,特别注意到 GitLab 的关闭流程限制(需先评论再关闭),与 GitHub tracker 文档形成良好对照。.agents/skills/diagnose/scripts/hitl-loop.template.sh (1)
1-42: 脚本实现安全且结构清晰。HITL 循环模板使用了良好的 Bash 实践:
set -euo pipefail确保错误能被捕获- 所有变量正确引用,避免注入风险
- 使用
read -r和printf -v的安全模式.agents/skills/tdd/SKILL.md (1)
10-29: TDD 理念表述清晰,强调行为而非实现。文档明确区分了好测试(通过公共接口验证行为)和坏测试(耦合实现细节),并给出了判断标准。垂直切片(tracer bullets)的方法论避免了批量编写测试的常见陷阱。
.agents/skills/improve-codebase-architecture/LANGUAGE.md (1)
1-54: 术语标准化文档严谨且实用。词汇表明确定义了 Module、Interface、Seam、Adapter 等核心概念,并显式列出了避免使用的术语及其原因(如避免"boundary"以防与 DDD 的 bounded context 混淆)。"Rejected framings" 一节特别有价值,能防止概念混淆。
.agents/skills/setup-matt-pocock-skills/issue-tracker-github.md (1)
1-23: GitHub tracker 文档完整,与 GitLab 版本形成良好对比。
ghCLI 操作约定清晰,特别是 line 9 的 JQ 查询示例为复杂数据提取提供了实用参考。注意到 GitHub 的gh issue close可直接附加评论,与 GitLab 的两步流程不同。.agents/skills/diagnose/SKILL.md (1)
10-118: 诊断流程设计完整,具备高可执行性。分阶段约束、可证伪假设、
[DEBUG-...]清理约定和“无反馈回路即停止”规则都很扎实,能显著降低无效排障与回归风险。.agents/skills/setup-matt-pocock-skills/triage-labels.md (1)
5-16: 标签映射与仓库 triage 约定一致。表格化映射清晰,便于 agent 与人工协同时保持标签语义统一。Based on learnings: Apply standard five-role triage labels:
needs-triage,needs-info,ready-for-agent,ready-for-human,wontfix..agents/skills/caveman/SKILL.md (1)
37-49: 高风险场景的“自动澄清例外”设计合理。对安全告警、不可逆操作和多步骤顺序任务强制切回清晰表达,能有效降低误解与误执行风险。
.agents/skills/tdd/mocking.md (1)
3-60: Mock 边界定义清晰,测试策略方向正确。“仅在系统边界 mock + 依赖注入 + 按操作拆分接口”的组合很实用,能提升测试稳定性与可维护性。
.agents/skills/grill-with-docs/ADR-FORMAT.md (1)
3-48: ADR 规范与仓库结构约定对齐,落地性好。“何时值得写 ADR”的三条件定义明确,能提升决策文档质量并控制文档噪音。Based on learnings: Maintain a single-context repository structure with
CONTEXT.mdat root and architecture decisions indocs/adr/..agents/skills/prototype/LOGIC.md (1)
26-40: 原型边界定义到位,能避免一次性代码侵入正式架构。“纯逻辑模块可复用、TUI 外壳可删除”的原则和反模式清单都很清楚。
Also applies to: 73-80
.agents/skills/tdd/interface-design.md (1)
5-32: 接口可测试性原则简明且实用。三条规则覆盖了大多数“难测接口”的根因,示例对比也足够清晰。
.agents/skills/triage/AGENT-BRIEF.md (1)
3-66: Agent Brief 模板约束充分,能提升异步执行成功率。“当前/期望行为 + 可测试验收标准 + Out of scope”这三层定义完整,适合 AFK agent 执行并可复核。Based on learnings: Use GitHub Issues on
lostiv/GithubStarsManagerwith theghCLI for issue tracking; Apply standard five-role triage labels:needs-triage,needs-info,ready-for-agent,ready-for-human,wontfix.Also applies to: 132-169
AGENTS.md (1)
1-14: 文档结构清晰,且与仓库约定一致。这一页把 issue tracker、标签词汇和领域文档入口都收拢到了一个稳定入口,便于 agent 技能复用。
docs/agents/triage-labels.md (1)
1-14: 标签映射表定义完整,可直接落地。角色名与实际 label 一一对应,能有效避免自动化流程中“角色词”和“真实标签”混用。
docs/agents/issue-tracker.md (1)
1-23: 操作约定覆盖完整,执行路径明确。从创建到关闭的命令链路是闭环的,作为 agent 规范文档可用性很好。
.agents/skills/zoom-out/SKILL.md (1)
1-8: 技能定义聚焦,触发语义明确。
disable-model-invocation: true与该技能的“抽象层上移”定位一致。.agents/skills/grill-me/SKILL.md (1)
1-11: 交互策略定义清楚,可执行性高。“一次一个问题 + 可查代码即查代码”的约束能有效减少无效追问。
.agents/skills/improve-codebase-architecture/DEEPENING.md (1)
1-38: 架构深化指南完整,测试策略方向正确。依赖分类 + seam 纪律 + “替换而非叠加”的测试迁移,整体逻辑自洽。
skills-lock.json (1)
1-90: 锁文件结构规范,技能元数据完整。
source/sourceType/skillPath/computedHash组合能支持后续一致性校验与追溯。src/services/webdavService.ts (1)
534-579: 删除流程实现完整,异常分支处理清晰。新增
deleteFile的代理/直连双路径、超时控制和 404 语义(返回false)都比较合理,和现有服务风格一致。server/src/routes/sync.ts (1)
5-13: 导出逻辑下沉到服务层是正确方向。
/api/sync/export复用exportAllData后可减少重复和分叉实现,维护性更好。server/src/index.ts (1)
18-19: 备份路由与调度器的生命周期接入合理。启动时注册、关闭时停止调度器,集成点清晰,风险可控。
Also applies to: 47-47, 61-63, 78-78
src/services/backendAdapter.ts (1)
781-861: 备份 API 适配层实现一致性很好。这组方法复用了统一的超时与错误翻译逻辑,前后端契约接入干净。
src/components/settings/index.ts (1)
4-4: 导出新增面板的 barrel 变更正确。设置模块对外导出完整,便于统一导入。
src/components/SettingsPanel.tsx (3)
8-8: 新增自动备份 Tab 的类型与依赖接入完整。
icon/panel导入与SettingsTab联合类型保持一致,避免了后续 tab 映射和 switch 分支的类型断裂风险。Also applies to: 20-20, 26-26
272-276: Tab 配置项实现规范,符合现有 UI 体系。中英文文案、图标接入和现有导航渲染逻辑对齐,能在桌面与移动端复用同一配置,无额外样式分叉。
305-306: 内容渲染分支已闭环,集成点清晰。
auto-backup对应渲染分支已补齐,避免点击新标签后出现空内容或回退默认分支。
| ``` | ||
| / | ||
| ├── CONTEXT.md | ||
| ├── docs/ | ||
| │ └── adr/ | ||
| │ ├── 0001-event-sourced-orders.md | ||
| │ └── 0002-postgres-for-write-model.md | ||
| └── src/ | ||
| ``` |
There was a problem hiding this comment.
两个示例代码块建议声明语言类型。
这两处未声明 fenced code block 语言,建议统一改为 text,避免 MD040 告警并保持文档 lint 一致性。
建议修改
-```
+```text
/
├── CONTEXT.md
├── docs/
│ └── adr/
│ ├── 0001-event-sourced-orders.md
│ └── 0002-postgres-for-write-model.md
└── src/@@
- +text
/
├── CONTEXT-MAP.md
├── docs/
│ └── adr/ ← system-wide decisions
├── src/
│ ├── ordering/
│ │ ├── CONTEXT.md
│ │ └── docs/adr/ ← context-specific decisions
│ └── billing/
│ ├── CONTEXT.md
│ └── docs/adr/
Also applies to: 38-50
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 26-26: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.agents/skills/grill-with-docs/SKILL.md around lines 26 - 34, Two fenced
code blocks showing directory trees are missing language markers; update each
opening triple-backtick so they read ```text (the blocks containing the tree
starting with "/" and the one starting with "/ ├── CONTEXT-MAP.md") to satisfy
the MD040 rule and keep linting consistent—locate the two blocks in SKILL.md
(the directory-tree snippets) and change their fence to ```text.
There was a problem hiding this comment.
这些 .agents/skills/ 目录下的文件来自 Matt Pocock 上游仓库,通过 npx skills@latest 安装。修改它们会导致与上游不同步,影响后续更新。Markdown lint 警告不影响功能,建议保持与上游一致。
There was a problem hiding this comment.
@lostiv 了解,.agents/skills/ 下的文件由上游维护,手动修改确实会破坏与上游的同步。忽略此建议,保持原样即可。
✏️ Learnings added
Learnt from: lostiv
Repo: lostiv/GithubStarsManager PR: 17
File: .agents/skills/grill-with-docs/SKILL.md:26-34
Timestamp: 2026-05-12T03:32:25.985Z
Learning: The `.agents/skills/` directory in the `lostiv/GithubStarsManager` repository contains files installed from Matt Pocock's upstream repository via `npx skillslatest`. These files should NOT be modified as changes would cause divergence from upstream and break future updates. Do not flag lint or formatting issues in `.agents/skills/` files.
Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.
| ``` | ||
| .out-of-scope/ | ||
| ├── dark-mode.md | ||
| ├── plugin-system.md | ||
| └── graphql-api.md | ||
| ``` | ||
|
|
||
| One file per **concept**, not per issue. Multiple issues requesting the same thing are grouped under one file. | ||
|
|
||
| ## File format | ||
|
|
||
| The file should be written in a relaxed, readable style — more like a short design document than a database entry. Use paragraphs, code samples, and examples to make the reasoning clear and useful to someone encountering it for the first time. | ||
|
|
||
| ```markdown | ||
| # Dark Mode | ||
|
|
||
| This project does not support dark mode or user-facing theming. | ||
|
|
||
| ## Why this is out of scope | ||
|
|
||
| The rendering pipeline assumes a single color palette defined in | ||
| `ThemeConfig`. Supporting multiple themes would require: | ||
|
|
||
| - A theme context provider wrapping the entire component tree | ||
| - Per-component theme-aware style resolution | ||
| - A persistence layer for user theme preferences | ||
|
|
||
| This is a significant architectural change that doesn't align with the | ||
| project's focus on content authoring. Theming is a concern for downstream | ||
| consumers who embed or redistribute the output. | ||
|
|
||
| ```ts | ||
| // The current ThemeConfig interface is not designed for runtime switching: | ||
| interface ThemeConfig { | ||
| colors: ColorPalette; // single palette, resolved at build time | ||
| fonts: FontStack; | ||
| } | ||
| ``` | ||
|
|
||
| ## Prior requests | ||
|
|
||
| - #42 — "Add dark mode support" | ||
| - #87 — "Night theme for accessibility" | ||
| - #134 — "Dark theme option" | ||
| ``` |
There was a problem hiding this comment.
修复代码围栏语言与嵌套,避免示例渲染错乱
Line 10 缺少 fenced code block 语言;Line 23-54 的外层围栏与内部 ts 围栏冲突,可能导致文档渲染/高亮异常。建议统一改为带语言标识并使用更长围栏包裹嵌套示例。
建议修改
-```
+```text
.out-of-scope/
├── dark-mode.md
├── plugin-system.md
└── graphql-api.md-```markdown
+````markdown
Dark Mode
...
// The current ThemeConfig interface is not designed for runtime switching:
interface ThemeConfig {
colors: ColorPalette; // single palette, resolved at build time
fonts: FontStack;
}...
-```
+````
</details>
<details>
<summary>🧰 Tools</summary>
<details>
<summary>🪛 markdownlint-cli2 (0.22.1)</summary>
[warning] 10-10: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
---
[warning] 54-54: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
</details>
</details>
<details>
<summary>🤖 Prompt for AI Agents</summary>
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.agents/skills/triage/OUT-OF-SCOPE.md around lines 10 - 54, The fenced code
blocks in .out-of-scope (e.g., the tree snippet and the dark-mode.md example)
lack language markers and the outer markdown fence conflicts with the inner
tag (e.g., text) and replace the outer markdown fence around the Dark Mode
section with a longer fence to safely nest the inner TypeScript block (for
example, use a four-backtick fence like ````markdown ... ````), and keep the
inner code block for the ThemeConfig interface intact so the ThemeConfig example
highlights correctly.There was a problem hiding this comment.
同上,这是 Matt Pocock 上游 skill 文件。嵌套围栏问题在原始仓库中也存在,应由上游维护者统一修复,我们不应在 fork 中单独修改。
There was a problem hiding this comment.
@lostiv 了解,这是上游 Matt Pocock skill 文件,嵌套围栏问题源自原始仓库。在 fork 中单独修改会造成与上游的不必要分叉,建议向上游提 issue 或 PR 统一修复,这个方向完全合理。已知悉,不再就此项提出改动。
✏️ Learnings added
Learnt from: lostiv
Repo: lostiv/GithubStarsManager PR: 17
File: .agents/skills/triage/OUT-OF-SCOPE.md:10-54
Timestamp: 2026-05-12T03:32:39.235Z
Learning: In the lostiv/GithubStarsManager repository, the `.agents/skills/` directory contains upstream skill files sourced from Matt Pocock's skills repository (tracked via `skills-lock.json`). Any issues found in these files (e.g., markdown linting, nested fences) should not be fixed in the fork; they should be reported to the upstream maintainer. Avoid flagging style/formatting issues in these upstream skill files during code review.
Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.
| ``` | ||
| > *This was generated by AI during triage.* | ||
| ``` |
There was a problem hiding this comment.
为免责声明示例添加围栏语言标识
Line 12 的 fenced code block 建议显式标注语言(如 markdown),以消除 MD040。
建议修改
-```
+```markdown
> *This was generated by AI during triage.*</details>
<details>
<summary>🧰 Tools</summary>
<details>
<summary>🪛 markdownlint-cli2 (0.22.1)</summary>
[warning] 12-12: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
</details>
</details>
<details>
<summary>🤖 Prompt for AI Agents</summary>
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.agents/skills/triage/SKILL.md around lines 12 - 14, Update the fenced code
block that contains "> This was generated by AI during triage." to include a
language identifier (e.g., change the opening fence from tomarkdown) so
the block becomes markdown ... ; ensure the closing fence remains present
and the content is unchanged.
</details>
<!-- fingerprinting:phantom:triton:hawk -->
<!-- d98c2f50 -->
<!-- This is an auto-generated reply by CodeRabbit -->
There was a problem hiding this comment.
同上,这是 Matt Pocock 上游 skill 文件,不属于本 PR 的业务代码。建议由上游统一处理 markdownlint 问题。
There was a problem hiding this comment.
@lostiv 了解,与之前 domain.md 的情况一致——.agents/skills/ 下的文件均由上游 mattpocock/skills 包通过 npx skills latest 自动生成并由 skills-lock.json 锁定,本地修改会在下次更新时被覆盖。建议由上游统一处理该 markdownlint 问题,此处忽略即可。
🧠 Learnings used
Learnt from: lostiv
Repo: lostiv/GithubStarsManager PR: 17
File: .agents/skills/setup-matt-pocock-skills/domain.md:17-24
Timestamp: 2026-05-12T03:32:27.041Z
Learning: In lostiv/GithubStarsManager, files under `.agents/skills/` (including `domain.md`, `SKILL.md`, etc.) are auto-generated from Matt Pocock’s `skills` package via `npx skillslatest` and tracked alongside `skills-lock.json`. During code reviews, do not suggest edits to these generated markdown files, since local changes will be overwritten by the next upstream update.
| ``` | ||
| / | ||
| ├── CONTEXT.md | ||
| ├── docs/adr/ | ||
| ├── docs/agents/ | ||
| └── src/ | ||
| ``` |
There was a problem hiding this comment.
为代码块补充语言标识以避免 Markdown lint 告警。
这里的 fenced code block 缺少语言标识(如 text),会触发 MD040,建议补上以保持文档检查通过。
建议修改
-```
+```text
/
├── CONTEXT.md
├── docs/adr/
├── docs/agents/
└── src/</details>
<details>
<summary>🧰 Tools</summary>
<details>
<summary>🪛 markdownlint-cli2 (0.22.1)</summary>
[warning] 16-16: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
</details>
</details>
<details>
<summary>🤖 Prompt for AI Agents</summary>
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @docs/agents/domain.md around lines 16 - 22, The fenced code block in
docs/agents/domain.md is missing a language identifier which triggers MD040;
update the block by adding a language tag (e.g., "text") after the opening
triple backticks so the snippet becomes text ... to silence the linter
and preserve the tree diagram formatting.
</details>
<!-- fingerprinting:phantom:triton:hawk -->
<!-- d98c2f50 -->
<!-- This is an auto-generated reply by CodeRabbit -->
There was a problem hiding this comment.
这个文件由 setup-matt-pocock-skills 模板自动生成,内容格式与上游模板保持一致。修改 Markdown 围栏语言标识会偏离模板规范,建议保留原样。
There was a problem hiding this comment.
@lostiv 了解,该文件由 setup-matt-pocock-skills 模板自动生成,保持与上游模板一致是合理的选择。忽略此条建议。
✏️ Learnings added
Learnt from: lostiv
Repo: lostiv/GithubStarsManager PR: 17
File: docs/agents/domain.md:16-22
Timestamp: 2026-05-12T03:32:47.830Z
Learning: In the `lostiv/GithubStarsManager` repository, `docs/agents/domain.md` is auto-generated by the `setup-matt-pocock-skills` template. Its Markdown format (including fenced code blocks without language identifiers) should be kept consistent with the upstream template and should not be modified to fix MD040 lint warnings.
Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.
| res.json(settings); | ||
| } catch (err) { | ||
| console.error('GET /api/backup/settings error:', err); | ||
| res.status(500).json({ error: 'Failed to fetch backup settings', code: 'FETCH_BACKUP_SETTINGS_FAILED' }); | ||
| } |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win
建议统一成功响应格式为 { data, code },与错误响应一致。
目前成功分支返回了多种裸结构(settings、status、result、{updated:true}),会增加前端适配分支。建议统一成 { data, code }。
As per coding guidelines server/src/routes/**: “JSON 响应格式统一:{ data/error, code }”.
Also applies to: 87-87, 98-99, 109-113
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@server/src/routes/backup.ts` around lines 29 - 33, Wrap all successful JSON
responses to the backup route handlers to match the project convention { data,
code } instead of returning raw values; specifically replace usages like
res.json(settings), res.json(status), res.json(result) and res.json({updated:
true}) with responses that return the payload under data and a short success
code (e.g. code: 'SUCCESS' or a more specific code like
'FETCH_BACKUP_SETTINGS_SUCCESS') so that every success response mirrors the
existing error shape; update each handler in this file that currently returns
bare values (references: the res.json(settings) call and the other occurrences
noted at lines ~87, ~98, ~109-113) to use this wrapped format.
There was a problem hiding this comment.
现有 configs.ts 中已有相同的响应模式:res.json(settings) (GET /api/settings) 和 res.json({ updated: true }) (PUT /api/settings)。新的 backup 路由遵循了项目现有的约定。统一 { data, code } 格式属于项目级重构,不应在单个 PR 中引入不一致的行为。建议单独开 issue 讨论全局响应格式规范。
There was a problem hiding this comment.
@lostiv,您的解释很有说服力。在 configs.ts 中已有相同模式的情况下,单独在 backup.ts 中引入 { data, code } 包装反而会造成路由层响应格式不一致,维护成本更高。新路由遵循现有约定是正确的做法。
是否需要我为全局响应格式统一创建一个 GitHub Issue,以便后续统一重构?
🐰
__(")
( • •)
O( ")(") 思考中...
✏️ Learnings added
Learnt from: lostiv
Repo: lostiv/GithubStarsManager PR: 17
File: server/src/routes/backup.ts:29-33
Timestamp: 2026-05-12T03:32:58.000Z
Learning: In the GithubStarsManager project (Express + better-sqlite3 backend), the existing route convention in configs.ts uses bare JSON responses: `res.json(settings)` for GET and `res.json({ updated: true })` for PUT, rather than a wrapped `{ data, code }` format. New routes (e.g., backup.ts) should follow this existing pattern for consistency. A global response format refactor (to `{ data, code }`) should be tracked as a separate issue, not introduced piecemeal in individual PRs.
Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.
- webdavDeleteFile 返回 boolean,清理逻辑根据实际删除结果计数 - backup settings 路由增加 req.body 类型检查和 Number.isInteger 校验 - AutoBackupPanel 开关和输入框添加 aria-labelledby/htmlFor 关联
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@server/src/routes/backup.ts`:
- Around line 41-50: The request validator in the backup route does not enforce
that auto_backup_enabled is a boolean, so string values like "false" are treated
as truthy; update the validation in the handler that destructures
auto_backup_enabled/auto_backup_interval_hours/auto_backup_retention_count to
explicitly check typeof auto_backup_enabled === 'boolean' (or reject with
res.status(400).json({ error: 'auto_backup_enabled must be a boolean', code:
'VALIDATION_FAILED' })) and do not coerce truthy strings; ensure the code that
writes the value (the ternary that converts auto_backup_enabled to
'true'|'false') only runs when auto_backup_enabled passed the boolean check.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro Plus
Run ID: d36166d2-e5ab-41a4-8e0d-005e0abdafed
📒 Files selected for processing (3)
server/src/routes/backup.tsserver/src/services/backupService.tssrc/components/settings/AutoBackupPanel.tsx
🚧 Files skipped from review as they are similar to previous changes (1)
- src/components/settings/AutoBackupPanel.tsx
📜 Review details
🧰 Additional context used
📓 Path-based instructions (2)
server/src/routes/**
⚙️ CodeRabbit configuration file
server/src/routes/**: Express 路由层。审查时请关注: 1. 输入验证(req.body/req.params/req.query 的类型和范围检查) 2. SQL 注入防护(全部使用 ? 参数化查询,禁止字符串拼接) 3. 事务使用是否正确(批量操作应使用 db.transaction()) 4. 错误处理是否完善(try-catch + 统一错误响应格式) 5. 认证中间件是否正确应用(authMiddleware) 6. JSON 响应格式统一:{ data/error, code }
Files:
server/src/routes/backup.ts
server/src/services/**
⚙️ CodeRabbit configuration file
server/src/services/**: 后端服务层。审查时请关注: 1. 加密解密逻辑的正确性(AES-256-GCM) 2. 密钥管理和随机性 3. 错误处理不泄露敏感信息
Files:
server/src/services/backupService.ts
🧠 Learnings (2)
📓 Common learnings
Learnt from: CR
Repo: lostiv/GithubStarsManager
Timestamp: 2026-05-12T03:35:46.240Z
Learning: Use GitHub Issues on `lostiv/GithubStarsManager` repository, operated via the `gh` CLI
Learnt from: CR
Repo: lostiv/GithubStarsManager
Timestamp: 2026-05-12T03:35:46.240Z
Learning: Reference agent skills documentation at `docs/agents/issue-tracker.md` for GitHub Issues operations
Learnt from: CR
Repo: lostiv/GithubStarsManager
Timestamp: 2026-05-12T03:35:46.240Z
Learning: Apply triage labels using the standard five-role vocabulary: `needs-triage`, `needs-info`, `ready-for-agent`, `ready-for-human`, `wontfix`
Learnt from: CR
Repo: lostiv/GithubStarsManager
Timestamp: 2026-05-12T03:35:46.240Z
Learning: Reference triage labels documentation at `docs/agents/triage-labels.md`
Learnt from: CR
Repo: lostiv/GithubStarsManager
Timestamp: 2026-05-12T03:35:46.240Z
Learning: Maintain single-context repository structure with one `CONTEXT.md` file at root and architecture decision records in `docs/adr/`
Learnt from: CR
Repo: lostiv/GithubStarsManager
Timestamp: 2026-05-12T03:35:46.240Z
Learning: Reference domain documentation at `docs/agents/domain.md` for context information
📚 Learning: 2026-05-12T03:32:58.000Z
Learnt from: lostiv
Repo: lostiv/GithubStarsManager PR: 17
File: server/src/routes/backup.ts:29-33
Timestamp: 2026-05-12T03:32:58.000Z
Learning: In GithubStarsManager’s Express + better-sqlite3 backend routes, follow the existing response convention used in configs.ts: for GET routes, respond with the raw settings object via `res.json(settings)`, and for PUT routes, respond with the simple status payload `res.json({ updated: true })` (i.e., do not wrap responses in a `{ data, code }` envelope). Any broader response-format refactor to `{ data, code }` should be handled as a separate tracked issue and not introduced incrementally in individual route PRs.
Applied to files:
server/src/routes/backup.ts
🪛 OpenGrep (1.20.0)
server/src/services/backupService.ts
[ERROR] 173-173: Dynamic command passed to child_process.exec/execSync. Use child_process.execFile or spawn with an argument array instead.
(coderabbit.command-injection.exec-js)
[ERROR] 192-192: Dynamic command passed to child_process.exec/execSync. Use child_process.execFile or spawn with an argument array instead.
(coderabbit.command-injection.exec-js)
🔇 Additional comments (9)
server/src/services/backupService.ts (5)
147-165: 旧备份删除逻辑已正确修复。
webdavDeleteFile现在返回boolean,清理逻辑也基于实际删除结果计数(lines 221-236)。404 被正确处理为false而非抛出异常。
167-197: XML 解析实现合理。静态分析工具将
regex.exec()和nameRegex.exec()标记为命令注入风险,但这是误报。这里使用的是RegExp.prototype.exec()方法进行正则匹配,而非child_process.exec()。正则回退策略(先
<D:href>后<D:displayname>)能够兼容不同 WebDAV 服务器的响应格式。
18-80: 数据导出实现规范。
- 参数化查询防止 SQL 注入
- 敏感字段(API Key、WebDAV 密码、GitHub Token)解密失败时安全回退到
'****'mask参数设计允许备份时保留完整数据(用于恢复)而导出时脱敏
266-325: 自动备份实现完善。
- 单次执行保护(
isBackingUp标志)防止并发备份冲突finally块确保标志始终重置- 配置变更时重置
lastBackupTime避免跳过首次备份
329-363: 调度器设计合理。
- 60 秒轮询间隔在备份场景下合理
- 每次检查时从数据库读取设置,支持动态配置变更
- 启动时立即检查一次,避免等待首个间隔周期
server/src/routes/backup.ts (4)
7-34: GET 设置接口实现规范。
- 参数化查询 (
WHERE key LIKE ?) 防止 SQL 注入- 默认值处理合理,
parseInt转换失败时保留原默认值
54-88: 数值校验已完善。
Number.isFinite+Number.isInteger组合正确拒绝NaN、Infinity和小数- 范围校验(间隔 1-720 小时,保留 0-365 份)合理
- 启用前检查 WebDAV 配置存在性,防止无效配置
90-105: 事务使用正确。
db.transaction()确保多个设置项的原子性更新,INSERT OR REPLACE模式简洁有效。
112-132: 状态和触发接口实现简洁。
- 正确使用
async处理异步备份操作- 错误响应格式与其他接口一致
防止字符串 "false" 被当作 truthy 存储为 'true'。
1 participant
后端新增备份调度服务,支持设置自动备份间隔和保留最近N份备份。
前端新增自动备份设置面板,可在设置中配置参数和手动触发。