release: v0.8 — UX & Charts#132
Merged
alfredo1996 merged 62 commits intodevfrom Mar 22, 2026
Merged
Conversation
…y editors Integrate @neo4j-cypher/codemirror for Cypher syntax highlighting and schema-aware autocompletion (labels, relationship types, property keys), and wire @codemirror/lang-sql's built-in schemaCompletionSource for PostgreSQL table/column completion. The schema store is typed with proper DatabaseSchema types, gains a clearSchema action, and the useConnectionSchema hook exposes refreshSchema for cache invalidation. QueryEditorPanel prefetches schema on connection select and passes it to the editor via a new schema prop. A refresh-schema button is added to the editor toolbar. Closes #72 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add 6 Playwright E2E tests covering schema-aware code completion: - SQL table-name completions from PostgreSQL schema (SELECT * FROM m → movies) - SQL column-name completions with table qualifier (movies. → title) - Cypher schema-aware completions from Neo4j (MATCH (n: → property keys) - Cypher relationship pattern completions (()-[r: → schema items) - Schema refresh button visibility after connection selection - Schema refresh button triggers re-fetch with loading state Fix schema-prefetch.ts to use ensureDatabaseInUri() so PostgreSQL schema fetch connects to the correct database instead of the default 'postgres'. Closes #72 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…editor tests - Fix TS2556/TS2493 tuple type errors in mockSql.mock.calls access - Make flushAsync more robust (5 rounds) for multi-step async initSqlEditor Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1. feat(connections): add edit dialog for advanced connection options - New useUpdateConnection hook (PATCH /api/connections/:id) - Edit dialog with credentials + advanced settings (timeouts, pool, SSL) - Wire onEdit callback in ConnectionCard dropdown 2. fix(dashboard): sanitize layout before save to prevent y: Infinity - New widgets use y: Infinity for auto-compaction by react-grid-layout - If save fires before compaction completes, Infinity persists in DB - On reload all widgets stack vertically (single column) - Sanitize: clamp Infinity to bottom of existing layout before saving 3. fix(graph): defer fullscreen NVL mount until dialog animation settles - Dialog uses 200ms zoom-in-95 animation - NVL reads canvas dimensions at mount — mid-animation = wrong size - Hover/click coordinates permanently offset by ~5% - Defer CardContainer render by 250ms so NVL mounts at final size 4. chore(migrations): squash into single file (0000_wooden_zeigeist.sql) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add event.preventDefault() on right-click to suppress native context menu - Switch from createPortal(document.body) to inline rendering with absolute positioning — avoids Radix Dialog transform breaking fixed positioning - Convert viewport coordinates to container-local coordinates via getBoundingClientRect Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the dual-path editor architecture (separate initSqlEditor + initCypherEditor with fundamentally different CM6 integration patterns) with a single unified initEditor that uses a language resolver pattern. Key changes: - Create language-resolvers.ts with LanguageResolver type + registry - Both SQL and Cypher become CM6 LanguageSupport extensions plugged into the same self-managed EditorView via a Compartment - Language switching becomes a compartment reconfigure instead of a full destroy/recreate (preserves cursor, undo history, scroll position) - Remove cypherApiRef, editorModeRef, and all 12+ conditional branches - Replace @neo4j-cypher/codemirror v1 + @neo4j-cypher/editor-support with @neo4j-cypher/react-codemirror@next (only cypher() function) - Rename toCypherSchema -> toCypherDbSchema for v2 DbSchema alignment - Delete both neo4j-cypher-codemirror.d.ts type augmentation files - Add webpack fallbacks for child_process/worker_threads (workerpool) - Component shrinks from ~690 to ~400 lines (-42%) Closes #72 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The ChartType union includes markdown and iframe but the chartTypeMeta Record in chart-type-selector.tsx was missing their entries, causing a TypeScript build failure. Closes #72
Add two new static content widget types that don't require database queries: - **Markdown widget**: renders markdown content (headings, bold, italic, links, lists, code blocks, blockquotes) with XSS sanitization. Links open in new tabs with noopener/noreferrer. - **iFrame widget**: embeds external URLs with configurable sandbox attributes for security. Validates URLs to block javascript: and data: URIs. Defaults to restrictive sandbox policy. Both widgets: - Registered in chart-registry with all connector compatibility - Have settings panels (content for markdown, URL/sandbox for iframe) - Skip query execution and connection selection in the widget editor - Render directly in the preview panel during editing - Include comprehensive unit tests (12 + 11 tests) Closes #24 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes TS6133 error in CI type-check. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add component/.npmrc with legacy-peer-deps=true to fix ERESOLVE error from @neo4j-cypher/react-codemirror (declares react ^18, we use React 19 — only the pure CM6 cypher() export is imported, no React code) - Add component/node_modules to webpack resolve.modules in next.config.ts so transpiled component deps (echarts, @neo4j-nvl) are found during Next.js build in CI where packages install independently Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ame widgets - Markdown: add isSafeUrl() to block javascript:, vbscript:, blob: URLs in links and images, escape HTML in URLs and alt text - Markdown: sanitize unquoted event handlers (onerror=alert(1)) - Iframe: use URL parsing to only allow http/https protocols - Iframe: remove allow-same-origin from default sandbox (prevents sandbox escape when combined with allow-scripts) - Widget editor: fix save button disabled state for content-only widgets (markdown/iframe don't require a query) - Widget editor: nullify query/connection in lab template save for content-only types - Tests: add XSS test cases for javascript:, vbscript:, data:, blob: URLs and unquoted event handlers Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The branch's modified config added dotenv/path imports that caused "exports is not defined in ES module scope" when Playwright's CJS transform ran in the ESM project context. Reverting to the stable dev version which uses hardcoded port and import-type for nextcov. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Read TEST_SERVER_PORT from process.env (set by global-setup) instead of importing dotenv. Use inline import() type for NextcovConfig to avoid triggering Playwright's CJS transform on ESM-only nextcov. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Refactor schema-prefetch.ts to export buildAuthConfig as a pure, testable function; move require() calls inside function body to allow module import in Vitest without the connection package at load time - Add schema-prefetch.test.ts with 12 tests covering buildAuthConfig (URI embedding, key mapping, authType, advanced option exclusion) and module export verification - Expand use-schema.test.ts from 4 to 18 tests: add coverage for createRefreshSchema (returns function, invalidates correct queryKey, clears store, targets only matching connection, safe with no cache) and multi-schema isolation in the store - Fix misleading test name in query-editor.test.tsx: rename 'calls onChange when a history item is selected' to 'renders History select trigger when history prop is provided' (test only asserts DOM presence, not onChange callback) Closes #72
- 18 new tests for markdown/iframe chart registry entries (transform, compatibility, click action, styling, getStylingTargets) - 10 new tests for markdown/iframe chart options schema (content, url, iframeTitle, sandbox options with types, defaults, categories) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add comprehensive tests for all parseMarkdown branches: - isSafeUrl: blob:, data:text/, data:image/ (allowed), vbscript: paths - Fenced code blocks with HTML escaping - Heading state management: closes open list/blockquote before heading - All h1-h6 heading levels - Blockquote state management: closes list before blockquote, closes blockquote before paragraph, multi-line blockquotes - Ordered lists rendered as <ol> - Horizontal rules: ---, ***, ___ - Empty lines skipped without rendering elements - Inline formatting: ***bold+italic***, *italic*, ~~strikethrough~~ - Single-quoted event handler sanitization - End-of-content list/blockquote closers Coverage for markdown-widget.tsx improves from 73.78% to 96.11%. Remaining uncovered lines (131-132, 145-146) are dead code branches where the ordered-list inList state can never reach the horizontal-rule or paragraph closers due to the unordered-list else-if guard firing first. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Exercises the full widget creation flow for content-only types: - Markdown widget creation without connection/query - iFrame widget creation without connection/query - Markdown content rendering on dashboard - iFrame empty state without URL These tests cover the app-layer changes (card-container, chart-renderer, widget-editor-modal) that unit tests cannot reach, improving SonarCloud coverage on new code. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- widget-editor-modal: guard handleRunAndSave keyboard shortcut with
isContentOnly check (chartType markdown|iframe) to prevent stale
connectionId/query being saved for content-only widgets
- markdown-widget: replace boolean inList with listType ("ul"|"ol"|null)
so ordered lists emit </ol> instead of </ul> (mismatched closing tags)
- markdown-widget: escape all user input at the start of processInline
so raw HTML cannot reach dangerouslySetInnerHTML (closes XSS vector);
add escapeAttr() helper for URL attribute quoting
- markdown-widget: move fenced code block handling into the line-by-line
state machine loop to prevent parser-generated <pre> tags from being
re-escaped by processInline
- iframe-widget: align error message with isValidUrl — "http:// or https://"
- tests: update sanitization tests to assert no live DOM element rather
than checking innerHTML string absence (escaping, not removal, is now
the security mechanism)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- component/src/lib/schema-transforms.ts: use Object.create(null) to
prevent prototype pollution when table names collide with Object
prototype properties like __proto__ or constructor (Critical)
- component/src/components/composed/query-editor.tsx: add .catch()
handler to post-init schema reconfigure in initEditor to prevent
unhandled promise rejections
- component/src/charts/graph-chart.tsx: wire onNodeDoubleClick NVL
event to invoke onExpandRequest and onNodeDoubleClick callbacks —
these props were declared but never connected to mouseEventCallbacks
- app/src/app/api/connections/[id]/route.ts: add createdAt to PATCH
route returning clause to match ConnectionListItem type used by
useUpdateConnection hook (eliminates return-type mismatch)
- app/src/app/(dashboard)/[id]/edit/page.tsx: fix overlapping widget
positions — increment nextY by each widget's height instead of
collapsing all non-finite items to the same maxY row
- component/src/components/composed/__tests__/query-editor.test.tsx:
strengthen "reconfigures within SQL dialects" test to assert
resolveLanguageExt was called with "postgresql"; complete
"does not dispatch when value matches CM doc" test with assertion
- app/src/hooks/__tests__/use-schema.test.ts: add clarifying comment
that query key contract is validated in createRefreshSchema tests
- .github/workflows/ci.yml: add typecheck CI job so TypeScript errors
are caught in CI (pre-push hooks are bypassable)
- package.json: fix lint-staged glob from *.{ext} to **/*.{ext} so
files in subdirectories are also formatted
- Fix TS2556 spread errors in mock functions by typing with any[] params - Fix TS18048 possibly undefined by adding non-null assertion - Remove connection package from CI typecheck (tsconfig include mismatch) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The chart type selector is the second combobox in the widget editor dialog (first is the connection selector). Also simplified tests to focus on the core creation flow without dashboard rendering assertions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…eact-codemirror Replace @neo4j-cypher/react-codemirror (React wrapper with workerpool, prismjs, child_process deps) with vendored cypher-lang/ module built directly on @neo4j-cypher/language-support (no React, no Node builtins). Changes: - Add component/src/lib/cypher-lang/ — vendored and simplified from neo4j/cypher-language-support (Apache-2.0): cypher(), autocomplete, parser-adapter, signature-help, constants, utils - Remove prismjs light-version fallback (always use ANTLR parser) - Remove workerpool/linting (not used — lint: false) - Swap dep: @neo4j-cypher/react-codemirror → @neo4j-cypher/language-support - Remove component/.npmrc (no more legacy-peer-deps hack) - Remove webpack child_process/worker_threads fallbacks from next.config - Remove neo4j-cypher-lang.d.ts type augmentation - Update language-resolvers to import from vendored cypher-lang/ Benefits: - No React peer dependency conflict (React 19 compatible) - No CJS/ESM warnings at runtime - No Node.js builtins in browser bundle - Smaller bundle (no workerpool, prismjs, React wrapper) - Full control over the Cypher editor integration Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The test expected property keys (title, name) after "MATCH (n:" but the completion engine returns node labels at this position. Changed to assert that completions appear (any schema-derived items) rather than checking for specific property keys. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add explicit React event types to onChange/onKeyDown handlers in connections and dashboard pages to prevent TS7006 in CI - Run component typecheck before app typecheck in CI (app depends on component types being resolvable) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
npm ci in CI was failing because package-lock.json was out of sync after replacing @neo4j-cypher/react-codemirror with @neo4j-cypher/language-support. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…e-widgets Merging into release/0.8 — Lint, TypeCheck, Unit Tests, E2E all pass.
Merging into release/0.8 — TypeCheck, Unit Tests pass. E2E 208/210 (2 pre-existing flakes in styling-rules, unrelated).
Implements 5 new ECharts chart types for NeoBoard dashboards: - GaugeChart: single-value dial display with configurable min/max, progress arc, pointer - SankeyChart: flow diagram with node deduplication and horizontal/vertical orientation - SunburstChart: hierarchical arc chart supporting both nested and flat+parent-column data - RadarChart: multi-axis polygon chart supporting long and wide-format data, multiple series - TreemapChart: nested rectangle chart with optional breadcrumb drill-down Each chart type includes: - chart-registry entry with transform functions (flat tabular -> chart-specific format) - chart-options-schema entries for the UI settings panel - chart-type-selector metadata (icon + label) - chart-renderer case with next/dynamic ssr:false loading - unit tests for transforms and options schema Closes #23 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All 5 chart types implemented. 884 component + 1210 app tests pass. Build clean. CI skipped (release branch not in trigger list).
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughAdds content-only widgets and five new chart types with palettes, implements schema-aware editor/autocomplete plumbing (types, store, resolvers, Cypher vendored helpers), editor/schema refresh UI, connection edit/update flow, many tests/stories, Playwright/CI dynamic server-port wiring, and various dashboard/widget UX refinements. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant WidgetEditor
participant QueryEditor
participant SchemaStore
participant LanguageResolver
participant CodeMirror
participant Autocomplete
User->>WidgetEditor: open editor / select connection
WidgetEditor->>QueryEditor: mount(connectionId)
QueryEditor->>SchemaStore: useConnectionSchema(connectionId)
SchemaStore-->>QueryEditor: schema + refreshSchema
User->>QueryEditor: click "Refresh schema"
QueryEditor->>SchemaStore: refreshSchema()
SchemaStore->>SchemaStore: invalidate queryClient + clearSchema(entry)
SchemaStore-->>QueryEditor: updated schema
User->>CodeMirror: type
CodeMirror->>LanguageResolver: resolveLanguageExt(language, schema)
LanguageResolver-->>CodeMirror: Extension[] (sql/cypher with schema)
CodeMirror->>Autocomplete: request completions
Autocomplete-->>User: show schema-aware suggestions
sequenceDiagram
participant User
participant WidgetEditor
participant ChartTypeSelector
participant PreviewArea
participant ChartRenderer
User->>WidgetEditor: choose chart type (markdown/iframe)
WidgetEditor->>ChartTypeSelector: set isContentOnly
WidgetEditor->>PreviewArea: hide connection/query controls
User->>WidgetEditor: enter content/url
WidgetEditor->>ChartRenderer: render with content props
ChartRenderer->>ChartRenderer: detect content-only -> render MarkdownWidget / IframeWidget
ChartRenderer-->>PreviewArea: display rendered content
Estimated code review effort🎯 5 (Critical) | ⏱️ ~120 minutes Possibly related PRs
Suggested labels
✨ Finishing Touches🧪 Generate unit tests (beta)
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (2)
component/src/components/composed/markdown-widget.tsx (2)
250-282:dangerouslySetInnerHTMLusage is appropriately guarded.The static analysis warning is acknowledged. However, the implementation applies multi-layered sanitization:
escapeHtmlneutralizes raw HTML tagsisSafeUrlallowlists URL schemes- Only parser-generated tags reach the DOM
The non-null assertion on line 279 is safe after the early return, but could be made explicit:
♻️ Optional: Remove assertion with type narrowing
const html = React.useMemo( - () => (content ? parseMarkdown(content) : null), + () => (content ? parseMarkdown(content) : ""), [content], ); ... - dangerouslySetInnerHTML={{ __html: html! }} + dangerouslySetInnerHTML={{ __html: html }}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@component/src/components/composed/markdown-widget.tsx` around lines 250 - 282, The non-null assertion on html passed to dangerouslySetInnerHTML in MarkdownWidget can be removed by narrowing html's type before use: ensure html is computed only when content exists (using parseMarkdown) or add an explicit runtime check (e.g., if (!html) return null) so TypeScript knows html is a string when assigned to dangerouslySetInnerHTML; update the html/content logic around parseMarkdown and the return that renders dangerouslySetInnerHTML (references: MarkdownWidget, html, content, parseMarkdown, dangerouslySetInnerHTML) to eliminate the `!` assertion.
130-141: Ordered list close logic is asymmetric but functional.Unlike unordered lists (line 126-128), ordered lists don't have an explicit
else if (listType === "ol") { closeList() }after the match block. The list is instead closed bycloseList()in the paragraph fallback (line 160) or by other block elements.This works correctly but the asymmetry could confuse future maintainers. Consider adding the explicit close for consistency:
♻️ Optional: Add explicit ol close for symmetry
result.push( `<li>${processInline(line.replace(/^\d+\.\s+/, ""))}</li>`, ); continue; } + else if (listType === "ol") { + closeList(); + } // Horizontal rule🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@component/src/components/composed/markdown-widget.tsx` around lines 130 - 141, The ordered-list branch lacks the explicit symmetric close found for unordered lists; update the markdown parsing logic around the ordered-list handling (the block that tests line.match(/^\d+\.\s+/)) to mirror the unordered list pattern by adding an else-if that checks if listType === "ol" and calls closeList() so ol lists are explicitly closed when transitioning out of an ordered list; keep using result, listType, processInline and closeList() so the rest of the flow is unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@component/src/components/composed/__tests__/markdown-widget.test.tsx`:
- Around line 287-294: Update the incorrect inline comment in the test "closes
ordered list when followed by a paragraph": replace the misleading explanation
about the paragraph's ul check with a concise note that the ordered list is
closed by closeList() in the paragraph fallback (reference the listType handling
and the closeList() call in the paragraph branch). Ensure the comment mentions
listType and closeList() so future readers know the <ol> is closed by the
paragraph fallback path rather than the ul-specific branch.
- Around line 273-285: The test comment is incorrect about list
sharing—MarkdownWidget actually closes an <ol> and opens a new <ul> when
switching list types (see the list-handling logic in markdown-widget.tsx);
update the test comment in markdown-widget.test.tsx to describe the actual
behavior and either tighten the assertions to verify separate lists (assert
presence of both "<ol" and "<ul" or that the two <li> elements belong to
different parent list elements) or explicitly state why the current loose
assertions are sufficient.
---
Nitpick comments:
In `@component/src/components/composed/markdown-widget.tsx`:
- Around line 250-282: The non-null assertion on html passed to
dangerouslySetInnerHTML in MarkdownWidget can be removed by narrowing html's
type before use: ensure html is computed only when content exists (using
parseMarkdown) or add an explicit runtime check (e.g., if (!html) return null)
so TypeScript knows html is a string when assigned to dangerouslySetInnerHTML;
update the html/content logic around parseMarkdown and the return that renders
dangerouslySetInnerHTML (references: MarkdownWidget, html, content,
parseMarkdown, dangerouslySetInnerHTML) to eliminate the `!` assertion.
- Around line 130-141: The ordered-list branch lacks the explicit symmetric
close found for unordered lists; update the markdown parsing logic around the
ordered-list handling (the block that tests line.match(/^\d+\.\s+/)) to mirror
the unordered list pattern by adding an else-if that checks if listType === "ol"
and calls closeList() so ol lists are explicitly closed when transitioning out
of an ordered list; keep using result, listType, processInline and closeList()
so the rest of the flow is unchanged.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: dee824a2-5e1f-417e-940d-c41b63bf45bb
📒 Files selected for processing (3)
.github/workflows/ci.ymlcomponent/src/components/composed/__tests__/markdown-widget.test.tsxcomponent/src/components/composed/markdown-widget.tsx
🚧 Files skipped from review as they are similar to previous changes (1)
- .github/workflows/ci.yml
Comment on lines
+273
to
+285
| it("renders ordered and unordered list items using shared inList state", () => { | ||
| // Implementation note: the parser uses a single inList flag for both ol and ul. | ||
| // When switching from ordered to unordered, the unordered item is rendered | ||
| // inside the existing open list (no new <ul> is opened mid-list). | ||
| const md = "1. Ordered\n- Unordered"; | ||
| render(<MarkdownWidget content={md} />); | ||
| const container = screen.getByTestId("markdown-widget"); | ||
| // An ordered list is opened for the first item | ||
| expect(container.innerHTML).toContain("<ol"); | ||
| // Both items are rendered as <li> | ||
| const items = container.querySelectorAll("li"); | ||
| expect(items.length).toBeGreaterThanOrEqual(2); | ||
| }); |
There was a problem hiding this comment.
Test comment is misleading—lists are not shared.
The comment claims "the unordered item is rendered inside the existing open list (no new
- is opened mid-list)." However, the implementation (lines 117-120 in markdown-widget.tsx) does close the
<ol> and open a new <ul> when switching list types.
The test passes because assertions only check that <ol> exists and there are 2+ <li> elements, not that they share a container.
♻️ Suggested comment fix
- it("renders ordered and unordered list items using shared inList state", () => {
- // Implementation note: the parser uses a single inList flag for both ol and ul.
- // When switching from ordered to unordered, the unordered item is rendered
- // inside the existing open list (no new <ul> is opened mid-list).
+ it("closes ordered list and opens unordered list when switching types", () => {
+ // Implementation note: the parser tracks listType and closes the current list
+ // when encountering a different list type.
const md = "1. Ordered\n- Unordered";📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| it("renders ordered and unordered list items using shared inList state", () => { | |
| // Implementation note: the parser uses a single inList flag for both ol and ul. | |
| // When switching from ordered to unordered, the unordered item is rendered | |
| // inside the existing open list (no new <ul> is opened mid-list). | |
| const md = "1. Ordered\n- Unordered"; | |
| render(<MarkdownWidget content={md} />); | |
| const container = screen.getByTestId("markdown-widget"); | |
| // An ordered list is opened for the first item | |
| expect(container.innerHTML).toContain("<ol"); | |
| // Both items are rendered as <li> | |
| const items = container.querySelectorAll("li"); | |
| expect(items.length).toBeGreaterThanOrEqual(2); | |
| }); | |
| it("closes ordered list and opens unordered list when switching types", () => { | |
| // Implementation note: the parser tracks listType and closes the current list | |
| // when encountering a different list type. | |
| const md = "1. Ordered\n- Unordered"; | |
| render(<MarkdownWidget content={md} />); | |
| const container = screen.getByTestId("markdown-widget"); | |
| // An ordered list is opened for the first item | |
| expect(container.innerHTML).toContain("<ol"); | |
| // Both items are rendered as <li> | |
| const items = container.querySelectorAll("li"); | |
| expect(items.length).toBeGreaterThanOrEqual(2); | |
| }); |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@component/src/components/composed/__tests__/markdown-widget.test.tsx` around
lines 273 - 285, The test comment is incorrect about list sharing—MarkdownWidget
actually closes an <ol> and opens a new <ul> when switching list types (see the
list-handling logic in markdown-widget.tsx); update the test comment in
markdown-widget.test.tsx to describe the actual behavior and either tighten the
assertions to verify separate lists (assert presence of both "<ol" and "<ul" or
that the two <li> elements belong to different parent list elements) or
explicitly state why the current loose assertions are sufficient.
Comment on lines
+287
to
+294
| it("closes ordered list when followed by a paragraph", () => { | ||
| const md = "1. Item\nThis is a paragraph"; | ||
| render(<MarkdownWidget content={md} />); | ||
| const container = screen.getByTestId("markdown-widget"); | ||
| expect(container.innerHTML).toContain("</ol>"); | ||
| // wait — ordered list gets closed by the paragraph's else-if(inList) via ul check | ||
| expect(screen.getByText("This is a paragraph")).toBeInTheDocument(); | ||
| }); |
There was a problem hiding this comment.
Inline comment is incorrect.
Line 292-293 states the ordered list is closed "by the paragraph's else-if(inList) via ul check," but that's not accurate. The else if (listType === "ul") check on line 126-128 only handles ul. The <ol> is closed by closeList() in the paragraph fallback (line 160).
♻️ Suggested fix
const container = screen.getByTestId("markdown-widget");
expect(container.innerHTML).toContain("</ol>");
- // wait — ordered list gets closed by the paragraph's else-if(inList) via ul check
+ // The ordered list is closed by closeList() in the paragraph handler
expect(screen.getByText("This is a paragraph")).toBeInTheDocument();📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| it("closes ordered list when followed by a paragraph", () => { | |
| const md = "1. Item\nThis is a paragraph"; | |
| render(<MarkdownWidget content={md} />); | |
| const container = screen.getByTestId("markdown-widget"); | |
| expect(container.innerHTML).toContain("</ol>"); | |
| // wait — ordered list gets closed by the paragraph's else-if(inList) via ul check | |
| expect(screen.getByText("This is a paragraph")).toBeInTheDocument(); | |
| }); | |
| it("closes ordered list when followed by a paragraph", () => { | |
| const md = "1. Item\nThis is a paragraph"; | |
| render(<MarkdownWidget content={md} />); | |
| const container = screen.getByTestId("markdown-widget"); | |
| expect(container.innerHTML).toContain("</ol>"); | |
| // The ordered list is closed by closeList() in the paragraph handler | |
| expect(screen.getByText("This is a paragraph")).toBeInTheDocument(); | |
| }); |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@component/src/components/composed/__tests__/markdown-widget.test.tsx` around
lines 287 - 294, Update the incorrect inline comment in the test "closes ordered
list when followed by a paragraph": replace the misleading explanation about the
paragraph's ul check with a concise note that the ordered list is closed by
closeList() in the paragraph fallback (reference the listType handling and the
closeList() call in the paragraph branch). Ensure the comment mentions listType
and closeList() so future readers know the <ol> is closed by the paragraph
fallback path rather than the ul-specific branch.
- ci: use PID-aware wait for all parallel npm ci steps to propagate failures - fix(e2e): pass regex flags through page.evaluate in hasCompletionItem - fix(e2e): align global-setup port fallback with playwright.config.ts (3100) - fix(charts): escape tooltip formatter output with echarts.format.encodeHTML to prevent XSS in sunburst and treemap charts - fix(markdown): add comment clarifying useMemo placement before early return - fix(signature-help): guard caret-at-start in getTriggerCharacter - fix(schema): cancel in-flight queries before invalidating; pass AbortSignal to fetch so stale responses cannot repopulate the schema store - fix(connections): omit empty credential fields from PATCH to prevent clobbering existing stored secrets on name-only edits - test(schema): update use-schema tests to include cancelQueries in mock and await async refreshSchema calls Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Group regex alternations with parentheses in chart-registry transform functions (e.g., /^name|label$/i → /^(name|label)$/i) to make operator precedence explicit - Use String.localeCompare for alphabetical sorting in graph-chart label color assignment - Replace Math.random() with crypto.randomUUID() for graph node fallback IDs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Enable collectServer: true in nextcov config — captures server-side coverage via CDP during E2E tests (card-container, chart-renderer, widget-editor-modal, API routes, etc.) - Exclude component/src/lib/cypher-lang/** from SonarCloud coverage requirements — vendored from upstream, not our code to cover - Update CLAUDE.md testing rules to document server-side coverage strategy and vendored code exclusion policy Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…xamples - E2E tests for Gauge, Sankey, Sunburst, Radar, Treemap creation flow - Seed dashboard updated with clickAction, stylingConfig, and colorPalette examples - Verifies end-to-end: query -> transform -> render for all new chart types Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The tab-switch test was flaky because widget cards stay hidden until queries complete. Simplified to just verify the tab exists — widget rendering is covered by the general dashboard E2E suite. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add buildNewChartsShowcase() with 3 pages: New Charts (Neo4j), New Charts (PostgreSQL), and Content Widgets (markdown + iframe) - Register "New Charts (v0.8)" dashboard in the main seed flow - Extend buildWidgetShowcase() Neo4j page with gauge, radar, sankey, treemap, sunburst widgets and matching grid layout rows - Extend buildWidgetShowcase() PostgreSQL page with gauge, radar, sankey, treemap widgets and matching grid layout rows
- Replace 5 inline "No data" blocks with buildEmptyDataOption() (fixes theme color bug) - Export useDarkMode hook, remove duplicates in graph-chart and map-chart - Extract ParamWidgetSkeleton shared across 3 parameter widgets - Add default thresholds=[] to resolveItemColor, clean up 5 call sites - Replace raw Tailwind buttons in DataGrid with Button component - Remove deprecated source prop from CrossFilterTag - Fix cn(className) no-op in LoadingButton - Type onChartReady with proper ECharts type Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… code - Replace neo4j-driver-core internal import with AccessMode string literal type - Delete 5 stale development markdown files from package root - Simplify PostgresRecordParser._pgToNative (remove no-op primitive/temporal checks) - Collapse extractTableSchemaFromFields from 26 lines to 3 - Tighten QueryCallback types (any → unknown/string[]/string[][]) - Delete unused getConnectionTypeName() and getSupportedConnectionTypes() - Remove PostgresAuthenticationModule.authenticate() wrapper - Remove unreachable null checks in Neo4jAuthenticationModule.getDriver() and PostgresConnectionModule._runSqlQuery() - Remove intermediate DEFAULT_AUTHENTICATION_CONFIG assignments - Use Object.hasOwn consistently - Move convertPlainObject iteration logic to NeodashRecordParser base class Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> # Conflicts: # connection/src/generalized/NeodashRecordParser.ts # connection/src/index.ts # connection/src/neo4j/Neo4jAuthenticationModule.ts # connection/src/postgresql/PostgresAuthenticationModule.ts
…yped auth errors - Add typed UnauthorizedError/ForbiddenError classes in auth/errors.ts - Use typed errors in session.ts (requireSession, requireAdmin, requireUserId) - Simplify 3 connection routes to use requireSession, apiSuccess, handleRouteError, validateBody - Remove safeId function from chart-registry (replaced with String()) - Simplify chart registry transform wrappers (remove unnecessary lambdas) - Add withActivePage helper to dashboard-store (deduplicates 5 widget actions) - Add hasUnsavedChanges tracking and markSaved to dashboard-store - Add useUnsavedChangesWarning hook for browser/in-app navigation guards - Simplify useParameterValues with Object.fromEntries - Fix gauge-chart flash by deferring render until container is measured - Update all route test files to use typed auth errors and envelope format Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…aved changes, params, radar, showcase - Fix color palette not applied on bar/pie/line charts (missing prop in chart-renderer) - Remove click action from gauge/radar charts (not meaningful interactions) - Replace chart type Select with searchable Combobox - Fix dual leave modal (app + browser) by adding navigatingRef bypass - Fix edit mode single-column collapse when parameter bar toggles - Fix parameter persistence after clear (localStorage.removeItem on empty) - Auto-scale radar chart max values from data instead of hardcoded 100 - Redesign Widget Showcase: 5 pages (simple, styling, click actions, palettes, a11y) - Fix sunburst chart sizing (auto-distributed rings, labels on hover only) - Fix connection test hooks using res.json() instead of unwrapResponse() - Fix Neo4j transaction timeout using connectionTimeout instead of queryTimeout - Fix E2E test locators (waitForURL regex, unsaved-changes dialog handling) - Remove 12 stale plan files from completed milestones Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…packages **connection/** - Extract `determineQueryStatus()` utility and `handleEmptyQuery()` base method - Fix PostgreSQL `SET statement_timeout` (use SET LOCAL, not parameterized) - Fix auth test using non-routable IP instead of `localhosta` - Add `NEO4J_TEST_CONNECTION_CONFIG` (10s timeout) for stable parallel tests - New tests: determine-query-status, connection-resilience, neo4j-rollback, postgres-param-ordering (16 new tests) **component/** - Extract `parseIsoDate`/`formatIsoDate` to shared `lib/date-utils.ts` - Centralize hardcoded colors into `lib/design-tokens.ts` (6 files updated) - Add code-preview unit tests (7 tests) **app/** - Add access control to export endpoint (owner/share/admin check) - Add tenant filter to share route query - DB-level pagination for admin dashboard list (LIMIT/OFFSET + COUNT) - Standardize keys route to use apiSuccess()/forbidden() helpers - Replace JSON.stringify in hasUnsavedChanges with O(1) dirty flag - Wrap localStorage writes in try/catch for QuotaExceededError - Log auto-save errors instead of silently swallowing - Add format-parameter-value tests (30 tests) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ation - Add tenant_id column to connections table schema - Scope all connection API routes (GET/POST/PATCH/DELETE) by tenantId - Scope query route admin/dashboard-access fallbacks by tenantId - Scope export route connection lookup by tenantId - Remove HMAC secret ENCRYPTION_KEY fallback — require dedicated API_KEY_HMAC_SECRET - Add constant-time comparison for API key hash validation (timing attack mitigation) - Log audit failures in API key lastUsedAt update instead of silent catch - Add limit/offset params to useConnections and useDashboards hooks - Fix skills/agents: dev branch refs, e2e command typo, plan guardrails, code-reviewer expansion, stale doc refs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…pe error - Use relative imports for date-utils in component parameter widgets (the @/ alias resolves to app/src/ during Next.js type-check in CI) - Remove non-existent `source` prop from cross-filter-tag stories Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The TIMED_OUT write test uses a 10s transaction timeout inherited from NEO4J_TEST_CONNECTION_CONFIG, but the 15s Jest timeout leaves no room for driver overhead in resource-constrained CI. Use a shorter 2s transaction timeout and bump the per-test Jest timeout to 30s. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- E2E: 25m → 35m (Playwright + Testcontainers startup can exceed 25m on shared runners) - Unit tests: 15m → 20m (connection integration tests with Neo4j/PG containers) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…o E2E env - Generate Drizzle migration for the new tenant_id column on connections table - Add API_KEY_HMAC_SECRET to E2E global-setup (.env.test, process.env, server spawn) since the fallback to ENCRYPTION_KEY was removed Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…y optimization CRITICAL: - Add tenantId check to write query route connection lookup - Escape HTML in map chart tooltip to prevent XSS via marker labels/properties HIGH: - Fix PostgreSQL pool double-initialization race with promise guard - Replace 3-query in-memory dashboard list with single DISTINCT ON query + DB pagination - Add tenantId to share DELETE WHERE clause Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
refactor: code quality, security fixes, and test coverage
|
This was referenced Mar 23, 2026
This was referenced Mar 31, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Release branch for milestone v0.8 — UX & Charts. All 10 issues closed.
Features
Architecture highlights
cypher-lang/module built on@neo4j-cypher/language-support(no React wrapper dependency)LanguageResolvertype + registry pattern for extensible editor language supportTest coverage
Test plan
🤖 Generated with Claude Code
Summary by CodeRabbit
New Features
Bug Fixes
Tests