docs(server): replace stale root .env-sample with apps/server/.env.example#38
Conversation
…ample The server reads .env from apps/server via dotenv, but the only sample lived at the repo root and carried just DOMAIN/PORT. Move it to apps/server/.env.example (where `cp` actually helps) and document every config key with defaults. Include the loopback SSRF allowlists needed to run the hub against the local client harness (feed + callback on http://localhost:9000), now that the egress guard is always on — with a clear "delete for production" warning. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe changes add a server environment example with hub identity and WebSub allowlist settings, and update the root package overrides to pin ChangesConfiguration updates
Estimated code review effort: 1 (Trivial) | ~5 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@apps/server/.env.example`:
- Around line 28-29: The env template ordering in apps/server/.env.example is
triggering the dotenv-linter warning because WEBSUB_FETCH_ALLOW_CIDRS is listed
before WEBSUB_CALLBACK_ALLOW_CIDRS. Reorder these two entries so
WEBSUB_CALLBACK_ALLOW_CIDRS appears first, keeping the same values, to align
with the linter’s expected key order and avoid CI failures.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 8011d0b6-78f9-4af2-82da-63a6e01bae2c
📒 Files selected for processing (2)
.env-sampleapps/server/.env.example
💤 Files with no reviewable changes (1)
- .env-sample
Keep WEBSUB_CALLBACK_ALLOW_CIDRS before WEBSUB_FETCH_ALLOW_CIDRS so all active keys are in ascending order (satisfies dotenv-linter's UnorderedKey). Values and comments unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…rp68 js-yaml 4.1.1 (dev-only, transitive via eslint's @eslint/eslintrc) carries a medium-severity quadratic-complexity DoS in YAML merge-key handling. Pin the override to ^4.2.0 (resolves 4.3.0) — patched and within eslintrc's ^4.x range. A bare >=4.2.0 would jump to the incompatible js-yaml 5.x. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
What
Replaces the stale, misplaced root
.env-samplewith an accurateapps/server/.env.example.Why
.envvia dotenv fromapps/server(that's the cwdpnpm startruns in), but the only sample sat at the repo root — socp .env-sample .envnever landed where the server actually reads.DOMAIN/PORT. The new one documents every config key with its default, and ships the loopback SSRF allowlists needed to run the hub against the local client harness (which serves its feed + WebSub callback onhttp://localhost:9000), now that the egress guard is always on — with a clear "delete for production" warning.Notes
cp apps/server/.env.example apps/server/.envnow gives a working local hub that interoperates withapps/client.🤖 Generated with Claude Code
Summary by CodeRabbit
js-yamloverride in the root configuration.