fix(api): decode html entities before parsing notifications

[pujitm]

so the parser does not treat them as comments.

This surfaces a new bug: #'s in notification subject or descriptions are treated as comments, and content following a # will not be displayed in queries from the api, unless the values are explicitly quoted as strings:

subject=Warning #1 OS      # ❌ Truncates after "Warning"
subject=\#1 OS             # ❌ Backslash escape doesn't work
subject="Warning #1 OS"    # ✅ Double quotes work!
subject='Warning #1 OS'    # ✅ Single quotes work!

Summary by CodeRabbit

Version 4.25.3

• Improvements

  • Enhanced notification system with improved handling of special characters and HTML-formatted content in messages.
  • Better text rendering accuracy across all notification types.

• Chores

  • Updated application dependencies.
  • Version bumped to 4.25.3.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

The changes introduce HTML entity decoding to the notification file parsing pipeline. A new dependency, html-entities, is added to support decoding HTML-encoded content before INI parsing. The notification service is refactored to read file contents directly via fs/promises, decode HTML entities, and pass decoded content to the parser. Tests are updated to mock the readFile operation. Version incremented to 4.25.3.

Changes

Cohort / File(s)	Summary
Version & Configuration api/dev/configs/api.json	Version bump from 4.25.2 to 4.25.3
Test Notification Files api/dev/notifications/unread/Hashtag_Test_1730937650.notify, api/dev/notifications/unread/Temperature_Test_1730937600.notify	Two new test notification files added with timestamp, event, subject, description, and importance fields for testing notification handling
Dependencies api/package.json	Added html-entities ^2.6.0 dependency for HTML entity decoding
Notification Service api/src/unraid-api/graph/resolvers/notifications/notifications.service.ts	Updated loadNotificationFile to read raw file content via readFile, decode HTML entities using html-entities, and pass decoded content to INI parser instead of file path
Notification Tests api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts	Refactored to mock fs/promises.readFile with mocked file contents, replacing parseConfig-based mocking; tests now provide INI-formatted strings via mocked readFile instead of constructing in-memory objects

Sequence Diagram(s)

sequenceDiagram
    participant Test as Test Code
    participant Service as Notification Service
    participant FS as fs/promises
    participant Decode as html-entities
    participant Parser as INI Parser
    
    rect rgb(220, 240, 220)
    Note over Test,Parser: New Flow with HTML Decoding
    Test->>Service: loadNotificationFile(filePath)
    Service->>FS: readFile(filePath)
    FS-->>Service: rawContent (HTML-encoded)
    Service->>Decode: decode(rawContent)
    Decode-->>Service: decodedContent
    Service->>Parser: parse({file: decodedContent, type: 'ini'})
    Parser-->>Service: notificationObject
    Service-->>Test: notificationObject
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Areas requiring attention:
  • Verify HTML entity decoding logic handles edge cases and malformed entities gracefully in notifications.service.ts
  • Confirm test mocking strategy in loadNotificationsFile.test.ts adequately covers file reading and parsing paths
  • Ensure html-entities dependency version ^2.6.0 is compatible with existing Node.js version constraints
  • Validate that decoded content produces valid INI format before parser consumption

Poem

🐰 HTML entities decoded with care,
Files read fresh from the rabbit's lair,
No more paths to parse and decode,
Just content raw, then down the road,
A tidy 4.25.3 we share! 🎉

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: decoding HTML entities before parsing notifications to fix comment delimiter issues.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/symbol-rendering

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 11d2de5 and b5fbaac.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• api/dev/configs/api.json (1 hunks)
• api/dev/notifications/unread/Hashtag_Test_1730937650.notify (1 hunks)
• api/dev/notifications/unread/Temperature_Test_1730937600.notify (1 hunks)
• api/package.json (1 hunks)
• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts (8 hunks)
• api/src/unraid-api/graph/resolvers/notifications/notifications.service.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (7)

api/src/unraid-api/**

📄 CodeRabbit inference engine (.cursor/rules/api-rules.mdc)

Prefer adding new files to the Nest repo at api/src/unraid-api/ instead of legacy code

Files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts
• api/src/unraid-api/graph/resolvers/notifications/notifications.service.ts

api/**/*.{test,spec}.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/api-rules.mdc)

api/**/*.{test,spec}.{js,jsx,ts,tsx}: Use Vitest for tests in the api; do not use Jest
Prefer not to mock simple dependencies in tests
For error testing, use .rejects.toThrow() without arguments; avoid asserting exact error messages unless the message format is the subject under test

Files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

{**/*.test.ts,**/__test__/{components,store}/**/*.ts}

📄 CodeRabbit inference engine (.cursor/rules/web-testing-rules.mdc)

{**/*.test.ts,**/__test__/{components,store}/**/*.ts}: Use .rejects.toThrow() without arguments when asserting that async functions throw; avoid checking exact error message strings unless the message format is explicitly under test
Focus tests on observable behavior and outcomes, not implementation details such as exact error messages
Use await nextTick() for DOM update assertions and flushPromises() for complex async chains; always await async operations before asserting
Place module mock declarations (vi.mock) at the top level of the test file to avoid hoisting issues
Use factory functions in vi.mock calls to define mocks and avoid hoisting pitfalls
Use vi.spyOn() to specify return values or behavior of methods under test
Reset/clear mocks between tests using vi.clearAllMocks() (and vi.resetAllMocks() when appropriate) to ensure isolation
Do not rely on Nuxt auto-imports in tests; import required Vue utilities explicitly in test files
Remember that vi.mock calls are hoisted; avoid mixing mock declarations and module mocks incorrectly

Files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Use TypeScript import specifiers with .js extensions for ESM compatibility
Never use the any type; prefer precise typing
Avoid type casting; model proper types from the start

Files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts
• api/src/unraid-api/graph/resolvers/notifications/notifications.service.ts

api/**/*.{test,spec}.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

api/**/*.{test,spec}.{ts,tsx}: API test suite is Vitest; do not use Jest
Prefer not to mock simple dependencies in API tests

Files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

{api,web}/**/*.{test,spec}.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

{api,web}/**/*.{test,spec}.{ts,tsx}: For error tests, use .rejects.toThrow() without arguments; avoid asserting exact error messages unless that format is the subject
Focus tests on behavior, not implementation details
Avoid brittle tests tied to exact error or log wording
Use mocks as nouns, not verbs
Always await async operations before making assertions
Place all mock declarations at the top level; use factory functions for module mocks; clear mocks between tests

Files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

api/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

cache-manager v7 TTL values must be in milliseconds (e.g., 600000 for 10 minutes)

Files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts
• api/src/unraid-api/graph/resolvers/notifications/notifications.service.ts

🧠 Learnings (17)

📚 Learning: 2025-08-11T15:10:28.150Z

Learnt from: CR
Repo: unraid/api PR: 0
File: .cursor/rules/web-testing-rules.mdc:0-0
Timestamp: 2025-08-11T15:10:28.150Z
Learning: Applies to **/__test__/store/**/*.ts : In store tests, mock external dependencies used by the store and verify interactions with those mocks

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-08-11T15:10:28.150Z

Learnt from: CR
Repo: unraid/api PR: 0
File: .cursor/rules/web-testing-rules.mdc:0-0
Timestamp: 2025-08-11T15:10:28.150Z
Learning: Applies to {**/*.test.ts,**/__test__/{components,store}/**/*.ts} : Use factory functions in vi.mock calls to define mocks and avoid hoisting pitfalls

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-09-12T01:36:59.838Z

Learnt from: CR
Repo: unraid/api PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-12T01:36:59.838Z
Learning: Applies to {api,web}/**/*.{test,spec}.{ts,tsx} : Place all mock declarations at the top level; use factory functions for module mocks; clear mocks between tests

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-08-11T15:10:28.150Z

Learnt from: CR
Repo: unraid/api PR: 0
File: .cursor/rules/web-testing-rules.mdc:0-0
Timestamp: 2025-08-11T15:10:28.150Z
Learning: Applies to **/__test__/mocks/**/*.ts : Frequently used mocks can also be placed under __test__/mocks

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-08-11T15:10:28.150Z

Learnt from: CR
Repo: unraid/api PR: 0
File: .cursor/rules/web-testing-rules.mdc:0-0
Timestamp: 2025-08-11T15:10:28.150Z
Learning: Applies to {**/*.test.ts,**/__test__/{components,store}/**/*.ts} : Focus tests on observable behavior and outcomes, not implementation details such as exact error messages

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-09-12T01:36:59.838Z

Learnt from: CR
Repo: unraid/api PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-12T01:36:59.838Z
Learning: Applies to web/__test__/**/*.{test,spec}.{ts,tsx} : Mock external dependencies and services in component tests

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-09-12T01:36:59.838Z

Learnt from: CR
Repo: unraid/api PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-12T01:36:59.838Z
Learning: Applies to {api,web}/**/*.{test,spec}.{ts,tsx} : Avoid brittle tests tied to exact error or log wording

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-08-11T15:10:28.150Z

Learnt from: CR
Repo: unraid/api PR: 0
File: .cursor/rules/web-testing-rules.mdc:0-0
Timestamp: 2025-08-11T15:10:28.150Z
Learning: Applies to {**/*.test.ts,**/__test__/{components,store}/**/*.ts} : Remember that vi.mock calls are hoisted; avoid mixing mock declarations and module mocks incorrectly

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-08-11T15:10:28.150Z

Learnt from: CR
Repo: unraid/api PR: 0
File: .cursor/rules/web-testing-rules.mdc:0-0
Timestamp: 2025-08-11T15:10:28.150Z
Learning: Applies to {**/*.test.ts,**/__test__/{components,store}/**/*.ts} : Place module mock declarations (vi.mock) at the top level of the test file to avoid hoisting issues

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-08-11T15:10:28.150Z

Learnt from: CR
Repo: unraid/api PR: 0
File: .cursor/rules/web-testing-rules.mdc:0-0
Timestamp: 2025-08-11T15:10:28.150Z
Learning: Applies to **/__test__/components/**/*.ts : Mock external dependencies and services in component tests (e.g., vi.mock for helper modules)

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-08-11T15:10:28.150Z

Learnt from: CR
Repo: unraid/api PR: 0
File: .cursor/rules/web-testing-rules.mdc:0-0
Timestamp: 2025-08-11T15:10:28.150Z
Learning: Applies to {**/*.test.ts,**/__test__/{components,store}/**/*.ts} : Reset/clear mocks between tests using vi.clearAllMocks() (and vi.resetAllMocks() when appropriate) to ensure isolation

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-08-11T15:07:39.222Z

Learnt from: CR
Repo: unraid/api PR: 0
File: .cursor/rules/api-rules.mdc:0-0
Timestamp: 2025-08-11T15:07:39.222Z
Learning: Applies to api/**/*.{test,spec}.{js,jsx,ts,tsx} : Prefer not to mock simple dependencies in tests

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-08-11T15:10:28.150Z

Learnt from: CR
Repo: unraid/api PR: 0
File: .cursor/rules/web-testing-rules.mdc:0-0
Timestamp: 2025-08-11T15:10:28.150Z
Learning: Applies to **/__test__/store/**/*.ts : Thoroughly test async store actions: assert intermediate loading state, await completion, and check final state

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-08-11T15:10:28.150Z

Learnt from: CR
Repo: unraid/api PR: 0
File: .cursor/rules/web-testing-rules.mdc:0-0
Timestamp: 2025-08-11T15:10:28.150Z
Learning: Applies to {**/*.test.ts,**/__test__/{components,store}/**/*.ts} : Use vi.spyOn() to specify return values or behavior of methods under test

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-08-11T15:10:28.150Z

Learnt from: CR
Repo: unraid/api PR: 0
File: .cursor/rules/web-testing-rules.mdc:0-0
Timestamp: 2025-08-11T15:10:28.150Z
Learning: Applies to {**/*.test.ts,**/__test__/{components,store}/**/*.ts} : Use .rejects.toThrow() without arguments when asserting that async functions throw; avoid checking exact error message strings unless the message format is explicitly under test

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts

📚 Learning: 2025-01-31T22:01:22.708Z

Learnt from: elibosley
Repo: unraid/api PR: 1101
File: api/src/unraid-api/unraid-file-modifier/modifications/patches/default-page-layout.patch:24-27
Timestamp: 2025-01-31T22:01:22.708Z
Learning: The Unraid UI uses a modern notification system with a custom `unraid-toaster` component replacing the legacy jGrowl notifications. The system is backed by a comprehensive GraphQL API with real-time subscription support for notification updates.

Applied to files:

• api/dev/notifications/unread/Temperature_Test_1730937600.notify

📚 Learning: 2025-04-21T18:44:39.643Z

Learnt from: elibosley
Repo: unraid/api PR: 1352
File: packages/unraid-api-plugin-connect/src/config.persistence.ts:0-0
Timestamp: 2025-04-21T18:44:39.643Z
Learning: When working with file operations in Node.js, prefer using the native Promise-based APIs from the fs/promises module instead of callback-based APIs from fs or manually wrapping callbacks in Promises.

Applied to files:

• api/src/unraid-api/graph/resolvers/notifications/notifications.service.ts

🧬 Code graph analysis (1)

api/src/unraid-api/graph/resolvers/notifications/notifications.service.ts (2)

api/src/core/utils/misc/parse-config.ts (1)

• parseConfig (146-203)

api/src/core/types/states/notification.ts (1)

• NotificationIni (1-8)

🔇 Additional comments (14)

api/dev/configs/api.json (1)

2-2: LGTM!

Version bump is appropriate for this PR's changes.

api/package.json (1)

119-119: LGTM!

The html-entities dependency is correctly added to support HTML entity decoding in notification files.

api/dev/notifications/unread/Temperature_Test_1730937600.notify (1)

1-6: LGTM!

This test notification properly demonstrates HTML entity decoding with   (thin space), ° (degree symbol), and <br> tags. It validates that the new decode functionality works correctly.

api/src/unraid-api/graph/resolvers/notifications/notifications.service.ts (2)

2-2: LGTM!

Adding readFile to the fs/promises imports follows best practices for Promise-based file operations.

Based on learnings

---

10-10: LGTM!

The decode function from html-entities is correctly imported to support HTML entity decoding in notification files.

api/src/unraid-api/graph/resolvers/notifications/loadNotificationsFile.test.ts (9)

17-25: LGTM!

The mock setup for fs/promises follows best practices: declared at the top level with a factory function, preserving actual exports while mocking only readFile. This aligns with the new service implementation that reads files directly.

As per coding guidelines

---

76-81: LGTM!

The beforeEach properly imports the mocked module and clears the mock state between tests, ensuring test isolation.

As per coding guidelines

---

84-109: LGTM!

The test correctly provides mock file content as an INI-formatted string and validates that the service properly parses and transforms it into a Notification object. This aligns with the updated implementation that reads raw file content before parsing.

---

111-126: LGTM!

The test properly verifies that files with missing required fields result in a masked warning notification, demonstrating graceful error handling.

---

128-146: LGTM!

The test correctly verifies that invalid enum values fall back to INFO importance rather than causing a validation failure, which is appropriate defensive behavior.

---

148-163: LGTM!

The test properly verifies that missing description fields trigger the masked warning notification behavior.

---

165-194: LGTM!

The test correctly verifies that only known fields are preserved and custom fields are not passed through, ensuring schema compliance.

---

196-213: LGTM!

The test properly verifies graceful handling of missing timestamp fields, with undefined values for both timestamp and formattedTimestamp.

---

215-233: LGTM!

The test correctly verifies that malformed timestamps result in undefined timestamp values while preserving the original string in formattedTimestamp for debugging purposes.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Hash characters in notification values are still stripped

Decoding the file before parseConfig removes HTML entities but the INI parser still treats # as a comment delimiter. If a notification subject or description legitimately contains a hash (for example the new Hashtag Test sample or real alerts like #1 disk is hot or hashtags), ini.parse will drop everything after the first #, so clients receive truncated text. Consider escaping hashes or configuring the parser so literal # characters survive.

Useful? React with 👍 / 👎.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 52.69%. Comparing base (11d2de5) to head (b5fbaac).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1768   +/-   ##
=======================================
  Coverage   52.69%   52.69%           
=======================================
  Files         865      865           
  Lines       49343    49346    +3     
  Branches     4952     4952           
=======================================
+ Hits        26000    26003    +3     
  Misses      23270    23270           
  Partials       73       73           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

This plugin has been deployed to Cloudflare R2 and is available for testing.
Download it at this URL:

https://preview.dl.unraid.net/unraid-api/tag/PR1768/dynamix.unraid.net.plg