fix(cli): make quality gate pass

[iipanda]

Summary

• Ran the repo Prettier formatter over the files failing format:check.
• Kept the CLI push dry-run/no-work paths from requiring schema state before writes.
• Added an explicit SCHEMA_STATE_MISSING failure before real push writes if schema sync does not leave readable local state.

Verification

• bun run format:check initially failed on 58 files.
• bun nx run cli:build passes.
• bun run quality passes.
• git diff --check passes.

Local ci:required note

• bun run ci:required reaches unit tests and fails in server:test on existing server-side cases outside this branch scope:
  • CLI login authorize applies password backoff without authorizing the challenge
  • CLI login authorize GET with expired challenge returns styled HTML error page
  • CLI login authorize GET with invalid challenge ID returns styled HTML error page
  • CLI login authorize POST with invalid credentials returns HTML with error message
  • demo:seed completes successfully for a fresh staging scope

Summary by CodeRabbit

• New Features

  • Push command now defers schema-state validation until writes, so dry-run/no-op pushes can succeed without a local schema state.

• Tests

  • Added tests covering push behavior when local schema state is absent, including dry-run and no-op scenarios.

• Documentation

  • Widespread docs reformatting for improved table alignment, wrapping, and readability across guides and API reference.

• Style

  • Formatting tweaks across UI markup, styles, and test/assertion formatting for consistency.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR is mostly documentation and formatting edits across the repo; the primary functional change defers reading/validating local schema state in the CLI push flow until immediately before content writes (so dry-run/no-write paths can proceed without local state). All other edits are presentational (MDX/Markdown/CSS/JSX/test formatting).

Changes

Cohort / File(s)	Summary
Push Command Logic apps/cli/src/lib/push.ts	Deferred local schema-state validation: initial read is retained but final read/re-check is performed immediately before content writes; interactive sync/prompt and SCHEMA_STATE_MISSING handling now occur at that time.
Push Command Tests apps/cli/src/lib/push.test.ts	Added tests for push behavior without local schema state and for --force --dry-run; extended seedPushableWorkspace helper with writeSchemaState option.
Build Script apps/cli/scripts/build.ts	Minor formatting: collapsed entrypoints array to single-line.
Server Tests apps/server/src/lib/auth.test.ts	Condensed assertion formatting in a test; behavior unchanged.
Studio Runtime & UI packages/studio/src/lib/..., packages/studio/src/lib/runtime-ui/app/admin/*, packages/studio/src/lib/runtime-ui/components/*	Various JSX/TS formatting changes (collapse/expand prop blocks, type formatting), minor string literal formatting; no behavioral changes except exported StudioSessionState formatting preserved semantically.
Studio Styles & Constants packages/studio/src/lib/runtime-ui/styles.css, packages/studio/src/lib/studio-component.tsx	CSS hex values lowercased, gradient formatting adjusted, LOADING_SUMMARY string compacted.
Studio Tests packages/studio/src/lib/studio.test.ts	Condensed test assertion formatting; no behavior change.
Documentation (MDX/Markdown/JSON) apps/docs/**, AGENTS.md, apps/docs/docs.json, docs/specs/*, packages/*/README.md	Widespread presentation-only edits: Markdown/MDX table reformatting, line-wrapping of prose and code examples, blank-line adjustments, and minor JSON formatting changes.
Misc README / Examples apps/studio-example/README.md, apps/studio-review/README.md	Table reformatting and whitespace changes.

Sequence Diagram

sequenceDiagram
    participant User
    participant CLI
    participant Preflight
    participant State
    participant Interactive
    participant Writer

    User->>CLI: run `mdcms push` [--dry-run] [--sync-schema]
    CLI->>Preflight: runSchemaPreflight()
    Preflight-->>CLI: preflight result

    CLI->>State: readSchemaState()  %% initial read retained
    State-->>CLI: initial schema state or missing

    Note over CLI,State: Final schema-state check happens immediately before writes
    CLI->>State: readSchemaState()  %% final attempt before writes
    alt schema state present
        State-->>CLI: schema state loaded
    else schema state missing
        alt interactive or --sync-schema
            CLI->>Interactive: prompt / performSchemaSync()
            Interactive-->>CLI: synced schema state
            CLI->>State: readSchemaState()  %% re-read after sync
            State-->>CLI: schema state loaded or still missing
        else
            CLI-->>CLI: throw SCHEMA_STATE_MISSING
        end
    end

    alt --dry-run
        CLI->>Writer: applyPush(dryRun=true, schemaHash)
        Writer-->>CLI: dry-run summary
    else normal push
        CLI->>Writer: applyPush(dryRun=false, schemaHash)
        Writer-->>CLI: push complete
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• CMS-186 | Add schema-sync preflight and unified flow to cms push  #51: Changes to apps/cli/src/lib/push.ts and associated tests that overlap schema-state/preflight behavior.
• Add AGENTS.md files for AI coding agents #57: Edits to AGENTS.md affecting the same repository layout documentation.
• CMS-139: make content editor chrome truthful #19: Modifies apps/server/src/lib/auth.test.ts, overlapping test-file edits.

Poem

🐰 Hopping through diff lines with tidy paws,
Tables aligned and JSX trims the claws,
Push waits for state till just before the write,
Dry-run skips the check—no late-night fright,
Docs polished bright—repo bunnies cheer tonight! 🎉

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The PR title 'fix(cli): make quality gate pass' is partially related to the changeset. It references a CLI fix and quality gate passing, which aligns with the PR's objective to fix the quality gate. However, the title is overly vague and does not clearly convey the main changes: extensive Prettier formatting across 50+ documentation and code files, plus meaningful changes to CLI push behavior regarding schema state handling.	Consider a more specific title that captures the primary changes, such as 'fix: apply formatting and adjust CLI push schema state handling' or splitting into multiple commits with focused messages.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/format-quality-gate

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/docs/api-reference/media-and-webhooks.mdx (1)

364-375: ⚠️ Potential issue | 🟠 Major

Fix webhook signature verification to decode hex and guard length before timingSafeEqual.

Line 397 currently compares UTF-8 string interpretations of hex values, which breaks HMAC verification and can throw RangeError when buffer lengths differ. Both signature (from the header) and expected (from .digest("hex")) are hex-encoded strings that must be decoded and validated before passing to timingSafeEqual.

Proposed fix

  // Constant-time comparison
-  return timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
+  // Constant-time comparison (hex-decoded, equal length required)
+  let providedBuf: Buffer;
+  let expectedBuf: Buffer;
+  try {
+    providedBuf = Buffer.from(signature, "hex");
+    expectedBuf = Buffer.from(expected, "hex");
+  } catch {
+    return false;
+  }
+
+  if (providedBuf.length !== expectedBuf.length) {
+    return false;
+  }
+
+  return timingSafeEqual(providedBuf, expectedBuf);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/docs/api-reference/media-and-webhooks.mdx` around lines 364 - 375, In
verifyWebhookSignature, the header-derived signature and the expected digest are
currently compared as UTF-8 strings which breaks HMAC verification and can throw
RangeError; fix by parsing the hex string values (the header part -> signature
and the computed expected from .digest("hex")) into binary Buffers using
Buffer.from(..., "hex"), validate that both buffers are defined and have equal
length, and only then call crypto.timingSafeEqual(expectedBuf, signatureBuf); if
decoding fails or lengths differ return false. Ensure you reference the parts
object, the signature variable extracted from it, the expected digest from the
HMAC, and the timingSafeEqual call in verifyWebhookSignature when making the
change.

🧹 Nitpick comments (1)

apps/docs/api-reference/errors.mdx (1)

35-35: Line 35: sentence fragment in table description.

May be empty {} reads as a fragment in the table row. Consider making it a full sentence for consistency with the rest of the doc prose.

Suggested wording

-| `details`    | object  | Additional context specific to the error type. May be empty `{}`.       |
+| `details`    | object  | Additional context specific to the error type. This field may be empty (`{}`). |

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/docs/api-reference/errors.mdx` at line 35, Replace the sentence fragment
in the table row for `details` (the line containing "| `details`    | object  |
Additional context specific to the error type. May be empty `{}`. |") with a
full sentence for consistency—for example: "Additional context specific to the
error type. It may be empty ({})." Update that table cell so the description
reads as two full sentences or a single grammatically complete sentence.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/cli/src/lib/push.ts`:
- Around line 1647-1652: Remove the stale fallback to initialSchemaState when
reading the schema state: replace the nullish-coalescing use of
initialSchemaState so that schemaState is assigned directly from
readSchemaState(...) (i.e., let schemaState = await readSchemaState({...})), and
ensure any downstream code that used schemaState handles the undefined case
explicitly instead of silently resurrecting the old hash; this change affects
the variable schemaState and the call to readSchemaState.

In `@apps/docs/guide/cli/commands.mdx`:
- Around line 181-184: Update the Warning block text that currently states "Push
requires a valid schema hash..." to clarify that the schema-hash requirement
only applies to real write operations: change the message to say push will fail
without a previously synced local schema hash when performing actual writes, but
that dry-run/no-write invocations (e.g., using --dry-run) do not require local
schema state and can proceed; locate and edit the Warning block containing that
sentence in apps/docs/guide/cli/commands.mdx to reflect this scoped behavior.

In `@apps/docs/guide/concepts.mdx`:
- Line 138: Edit the table row describing `path` so the fragment "Can be renamed
without losing history." becomes a complete sentence by adding an explicit
subject (e.g., change it to "It can be renamed without losing history.") in the
cell that defines `path` to improve clarity.

---

Outside diff comments:
In `@apps/docs/api-reference/media-and-webhooks.mdx`:
- Around line 364-375: In verifyWebhookSignature, the header-derived signature
and the expected digest are currently compared as UTF-8 strings which breaks
HMAC verification and can throw RangeError; fix by parsing the hex string values
(the header part -> signature and the computed expected from .digest("hex"))
into binary Buffers using Buffer.from(..., "hex"), validate that both buffers
are defined and have equal length, and only then call
crypto.timingSafeEqual(expectedBuf, signatureBuf); if decoding fails or lengths
differ return false. Ensure you reference the parts object, the signature
variable extracted from it, the expected digest from the HMAC, and the
timingSafeEqual call in verifyWebhookSignature when making the change.

---

Nitpick comments:
In `@apps/docs/api-reference/errors.mdx`:
- Line 35: Replace the sentence fragment in the table row for `details` (the
line containing "| `details`    | object  | Additional context specific to the
error type. May be empty `{}`. |") with a full sentence for consistency—for
example: "Additional context specific to the error type. It may be empty ({})."
Update that table cell so the description reads as two full sentences or a
single grammatically complete sentence.

🪄 Autofix (Beta)

✅ Autofix completed

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 0b165aef-d6f2-474d-8483-a15ee48a0175

📥 Commits

Reviewing files that changed from the base of the PR and between 75252a1 and 7907dfb.

📒 Files selected for processing (56)

• AGENTS.md
• apps/cli/scripts/build.ts
• apps/cli/src/lib/push.test.ts
• apps/cli/src/lib/push.ts
• apps/docs/agent-instructions.mdx
• apps/docs/api-reference/authentication.mdx
• apps/docs/api-reference/content.mdx
• apps/docs/api-reference/errors.mdx
• apps/docs/api-reference/media-and-webhooks.mdx
• apps/docs/api-reference/overview.mdx
• apps/docs/api-reference/schema.mdx
• apps/docs/api-reference/sdk.mdx
• apps/docs/architecture/data-model.mdx
• apps/docs/architecture/migrations.mdx
• apps/docs/architecture/module-system.mdx
• apps/docs/architecture/overview.mdx
• apps/docs/architecture/request-flow.mdx
• apps/docs/development/contributing.mdx
• apps/docs/development/packages.mdx
• apps/docs/development/setup.mdx
• apps/docs/development/testing.mdx
• apps/docs/docs.json
• apps/docs/guide/cli/ci-cd.mdx
• apps/docs/guide/cli/commands.mdx
• apps/docs/guide/cli/configuration.mdx
• apps/docs/guide/cli/installation.mdx
• apps/docs/guide/concepts.mdx
• apps/docs/guide/quickstart.mdx
• apps/docs/guide/schema/defining-types.mdx
• apps/docs/guide/schema/mdx-components.mdx
• apps/docs/guide/schema/references.mdx
• apps/docs/guide/self-hosting.mdx
• apps/docs/guide/studio/content-editor.mdx
• apps/docs/guide/studio/dashboard.mdx
• apps/docs/guide/studio/localization.mdx
• apps/docs/guide/studio/publishing.mdx
• apps/docs/guide/studio/settings.mdx
• apps/docs/index.mdx
• apps/server/src/lib/auth.test.ts
• apps/studio-example/README.md
• apps/studio-review/README.md
• docs/specs/SPEC-013-mintlify-docs-site.md
• packages/modules/README.md
• packages/sdk/README.md
• packages/studio/README.md
• packages/studio/src/lib/runtime-ui/app/admin/page.tsx
• packages/studio/src/lib/runtime-ui/app/admin/schema-page.tsx
• packages/studio/src/lib/runtime-ui/app/admin/session-context.tsx
• packages/studio/src/lib/runtime-ui/app/admin/settings-page.tsx
• packages/studio/src/lib/runtime-ui/app/admin/users-page.tsx
• packages/studio/src/lib/runtime-ui/components/layout/page-header.tsx
• packages/studio/src/lib/runtime-ui/components/ui/badge.tsx
• packages/studio/src/lib/runtime-ui/components/ui/card.tsx
• packages/studio/src/lib/runtime-ui/styles.css
• packages/studio/src/lib/studio-component.tsx
• packages/studio/src/lib/studio.test.ts

[coderabbitai]

Note

Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it.

Fixes Applied Successfully

Fixed 3 file(s) based on 3 unresolved review comments.

Files modified:

• apps/cli/src/lib/push.ts
• apps/docs/guide/cli/commands.mdx
• apps/docs/guide/concepts.mdx

Commit: 4875ae03a53f804defe4d62c5223474469de0eac

The changes have been pushed to the fix/format-quality-gate branch.

Time taken: 8m 27s

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/cli/src/lib/push.ts`:
- Around line 1660-1662: The confirmation prompt text is misleading: change the
call to context.confirm that currently asks "Sync schema from server before
pushing content?" to accurately reflect the operation performed by
performSchemaSync(...) (which pushes the local schema to the server and updates
local state). Update the prompt wording to something like "Push local schema to
server before pushing content?" or "Push local schema to server and update local
state before pushing content?" wherever context.confirm is used in this branch
so it matches performSchemaSync's behavior.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 0d8ea4b2-c36f-4a3a-a9a1-b517749c2dd2

📥 Commits

Reviewing files that changed from the base of the PR and between 7907dfb and 4875ae0.

📒 Files selected for processing (3)

• apps/cli/src/lib/push.ts
• apps/docs/guide/cli/commands.mdx
• apps/docs/guide/concepts.mdx

✅ Files skipped from review due to trivial changes (1)

• apps/docs/guide/concepts.mdx

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/docs/guide/cli/commands.mdx

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Prompt wording reverses the sync direction.

This branch calls performSchemaSync(...), which pushes the local schema to the server and then updates local state. Asking users to “Sync schema from server” suggests the opposite operation and can lead to an incorrect confirmation.

✏️ Suggested wording fix

       const accepted = await context.confirm(
-        "Sync schema from server before pushing content?",
+        "Sync local schema to server before pushing content?",
       );

Also applies to: 1669-1689

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/cli/src/lib/push.ts` around lines 1660 - 1662, The confirmation prompt
text is misleading: change the call to context.confirm that currently asks "Sync
schema from server before pushing content?" to accurately reflect the operation
performed by performSchemaSync(...) (which pushes the local schema to the server
and updates local state). Update the prompt wording to something like "Push
local schema to server before pushing content?" or "Push local schema to server
and update local state before pushing content?" wherever context.confirm is used
in this branch so it matches performSchemaSync's behavior.