feat: add document metadata options and improve HubDocs configuration#5
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 4 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 98d15e6. Configure here.
| .replaceAll("&", "&") | ||
| .replaceAll("<", "<") | ||
| .replaceAll(">", ">"); | ||
| } |
There was a problem hiding this comment.
HTML escape function missing double-quote escaping
Medium Severity
The esc function escapes &, <, and > but does not escape double quotes ("). Values processed by esc are then interpolated directly inside double-quoted HTML attributes (e.g., href="${esc(meta.projectUrl)}"). A value containing " can break out of the attribute context and inject arbitrary HTML attributes, including event handlers, resulting in a potential XSS vector.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 98d15e6. Configure here.
| var properties = new Dictionary<string, object?>(); | ||
| foreach (var property in schema.Properties ?? []) | ||
| { | ||
| properties[property.Name] = BuildJsonSchemaForType(property.Type, [], property.Example, property.IsNullable); |
There was a problem hiding this comment.
Schema property references lost due to empty known schemas
Medium Severity
ConvertHubSchemaToProtocolSchema passes an empty collection [] as the knownSchemas argument to BuildJsonSchemaForType. This means schema properties whose types match other known schemas will never generate a $ref reference — they'll fall through to MapPrimitiveJsonSchema and be incorrectly mapped as "type": "string". The method-level code correctly passes schemas.Keys, so this is inconsistent.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 98d15e6. Configure here.
| </div> | ||
|
|
||
| <div id="api-links" class="mt-4 text-sm text-gray-300 space-y-1"></div> | ||
| </section> |
There was a problem hiding this comment.
API info section misplaced inside horizontal flex container
Medium Severity
The api-info <section> is placed inside the <div class="flex items-center gap-4"> that contains the SVG icon and "HubDocs" title. When unhidden, this large block (with its own title, version badge, description, and links) renders inline horizontally alongside the logo, breaking the header layout. It likely belongs outside this flex container.
Reviewed by Cursor Bugbot for commit 98d15e6. Configure here.
| listSchema["nullable"] = true; | ||
|
|
||
| return listSchema; | ||
| } |
There was a problem hiding this comment.
Return type schema missing Task wrapper unwrapping
Medium Severity
BuildJsonSchemaForType handles List<T> unwrapping (mapping it to an array schema) but has no equivalent handling for Task<T>. Since FormatMethodReturnType produces strings like "Task<MessageDto>" for async hub methods, the generic fallback at line 651 extracts "Task" as the schema name, fails to match any known schema, and MapPrimitiveJsonSchema maps the entire string to {"type": "string"}. Any hub method returning Task<int>, Task<MyDto>, etc. will have its return type incorrectly represented in the protocol document.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 98d15e6. Configure here.
1 participant
Note
Medium Risk
Changes the shape of
GET /hubdocs/hubdocs.jsonfrom a hubs array to a structured document with protocol-stylechannels/components, which may be a breaking change for any consumers parsing the old JSON. Also touches JSON-schema generation and UI rendering for the new metadata block.Overview
HubDocs now supports Swagger-like document metadata and returns a richer protocol document.
AddHubDocsgains an overload acceptingAction<HubDocsDocumentOptions>so callers can set title/version/description/links/contact/license, andhubdocs.jsonnow returns a top-level document containinghubdocsmetadata plushubs,channels, andcomponents(messages/schemas) instead of returning hubs alone.The embedded UI (
hubdocs.html) is updated to read the new document shape, render the metadata header section, and remain backward-compatible by falling back if the response is still an array. Samples/docs are updated to demonstrate the new options, a unit test validatesBuildHubDocsDocument, and the package version is bumped to0.0.9.Reviewed by Cursor Bugbot for commit 98d15e6. Bugbot is set up for automated code reviews on this repo. Configure here.