Release: audit, design system, UX, and product improvements#206
Closed
tomymaritano wants to merge 183 commits intomainfrom
Closed
Release: audit, design system, UX, and product improvements#206tomymaritano wants to merge 183 commits intomainfrom
tomymaritano wants to merge 183 commits intomainfrom
Conversation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Notebooks now sync before notes in syncNow() to ensure note-notebook dependencies are satisfied. Adds pullNotebooks/pushNotebooks methods and applyRemoteNotebookChange for bidirectional notebook sync. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move validateNotebookTree from inline test definition to a shared module so it can be reused by the API route and other consumers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add conflict state to SyncStatusIndicator with amber warning icon and count. Conflicts now take priority over idle state so users discover them without navigating to Settings. Also export ConflictResolver from sync components barrel. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DatabaseConnection.transaction() already calls the inner fn — no need for extra () at call site. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix pullNotebooks() to only advance cursor to last successfully applied change (prevents skipping failed changes on retry) - Fix tree validation snapshot to properly exclude deleted notebooks (prevents ghost parent references in validation) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
feat: add bidirectional notebook sync
test: add sync-core unit tests (62 tests)
feat: surface sync conflicts in status indicator
# Conflicts: # apps/desktop/src/main/services/apiClient.ts # apps/desktop/src/main/services/syncService.ts # packages/api/src/db/schema.ts # packages/api/src/routes/sync.ts # packages/storage-sqlite/src/migrations/index.ts
feat: add bidirectional tag sync
Configure automated code review with path-specific instructions for core, storage, desktop, and API packages. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ration Add optional metadata (name, version, priority) to registerRemarkPlugin and registerRehypePlugin signatures for debugging and execution ordering. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
## Summary Fixes 3 issues flagged by Codex bot review on PR #177. ## Changes ### 1. Preserve recovery key on passphrase change The `POST /sync/keys` upsert was overwriting `wrappedCekRecovery` with `null` when not provided (e.g., during passphrase change). Now only overwrites if explicitly sent. ### 2. Parse deep link on cold start (Windows/Linux) When the app isn't running and user clicks a `readied://` magic link, the OS launches a new instance with the URL in `process.argv`. Previously only `second-instance` parsed this. Now startup args are checked too. ### 3. Guard sync with encryption readiness `syncNow()` now checks `encryptionService.isReady()` before attempting encrypt/decrypt. Fresh installs without passphrase setup get a clear error instead of crashing. ## Test plan - [x] `pnpm typecheck` passes (17/17) - [x] `pnpm test` passes (42/42) - [ ] Manual: change passphrase → verify recovery key still works - [ ] Manual: close app → click magic link on Windows → app launches and authenticates - [ ] Manual: fresh install without passphrase → sync attempt shows clear error 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Bug Fixes * Deep link authentication tokens passed as command-line arguments are now properly recognized and processed on application startup * Sync operations are prevented from proceeding when the encryption service is not initialized, ensuring system stability * Recovery-wrapped keys are now properly preserved during sync operations instead of being inadvertently cleared <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The requestSingleInstanceLock logic was inverted: startup URL parsing and the second-instance listener were inside if (!gotTheLock), which only runs in the secondary process that immediately quits. This meant the primary instance never registered deep-link forwarding, so readied://auth/verify links were dropped on both cold start and when the app was already running on Windows/Linux. Moved both handlers into the else block (primary instance). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pnpm/action-setup/releases">pnpm/action-setup's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <p>Updated the action to use Node.js 24.</p> <h2>v4.4.0</h2> <p>Updated the action to use Node.js 24.</p> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: fix the run_install example in the Readme by <a href="https://github.com/dreyks"><code>@dreyks</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/175">pnpm/action-setup#175</a></li> <li>chore: remove unused <code>@types/node-fetch</code> dependency by <a href="https://github.com/silverwind"><code>@silverwind</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/186">pnpm/action-setup#186</a></li> <li>Clarify that package_json_file is relative to GITHUB_WORKSPACE by <a href="https://github.com/chris-martin"><code>@chris-martin</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/184">pnpm/action-setup#184</a></li> <li>feat: store caching by <a href="https://github.com/jrmajor"><code>@jrmajor</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/188">pnpm/action-setup#188</a></li> <li>refactor: remove star imports by <a href="https://github.com/KSXGitHub"><code>@KSXGitHub</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/196">pnpm/action-setup#196</a></li> <li>fix(ci): exclude macos by <a href="https://github.com/KSXGitHub"><code>@KSXGitHub</code></a> in <a href="https://redirect.github.com/pnpm/action-setup/pull/197">pnpm/action-setup#197</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dreyks"><code>@dreyks</code></a> made their first contribution in <a href="https://redirect.github.com/pnpm/action-setup/pull/175">pnpm/action-setup#175</a></li> <li><a href="https://github.com/silverwind"><code>@silverwind</code></a> made their first contribution in <a href="https://redirect.github.com/pnpm/action-setup/pull/186">pnpm/action-setup#186</a></li> <li><a href="https://github.com/chris-martin"><code>@chris-martin</code></a> made their first contribution in <a href="https://redirect.github.com/pnpm/action-setup/pull/184">pnpm/action-setup#184</a></li> <li><a href="https://github.com/jrmajor"><code>@jrmajor</code></a> made their first contribution in <a href="https://redirect.github.com/pnpm/action-setup/pull/188">pnpm/action-setup#188</a></li> <li><a href="https://github.com/Boosted-Bonobo"><code>@Boosted-Bonobo</code></a> made their first contribution in <a href="https://redirect.github.com/pnpm/action-setup/pull/199">pnpm/action-setup#199</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pnpm/action-setup/compare/v4.2.0...v4.3.0">https://github.com/pnpm/action-setup/compare/v4.2.0...v4.3.0</a></p> <h2>v4.2.0</h2> <p>When there's a <code>.npmrc</code> file at the root of the repository, pnpm will be fetched from the registry that is specified in that <code>.npmrc</code> file <a href="https://redirect.github.com/pnpm/action-setup/pull/179">#179</a></p> <h2>v4.1.0</h2> <p>Add support for <code>package.yaml</code> <a href="https://redirect.github.com/pnpm/action-setup/pull/156">#156</a>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pnpm/action-setup/commit/fc06bc1257f339d1d5d8b3a19a8cae5388b55320"><code>fc06bc1</code></a> feat!: run the action on Node.js 24 (<a href="https://redirect.github.com/pnpm/action-setup/issues/205">#205</a>)</li> <li>See full diff in <a href="https://github.com/pnpm/action-setup/compare/v4...v5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/labeler](https://github.com/actions/labeler) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Add workflow file for publishing releases to immutable action package by <a href="https://github.com/jcambass"><code>@jcambass</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/802">actions/labeler#802</a></li> </ul> <h3>Breaking Changes</h3> <ul> <li>Upgrade Node.js version to 24 in action and dependencies <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/891">actions/labeler#891</a> Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></li> </ul> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade eslint-config-prettier from 9.0.0 to 9.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/711">actions/labeler#711</a></li> <li>Upgrade eslint from 8.52.0 to 8.55.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/720">actions/labeler#720</a></li> <li>Upgrade <code>@types/jest</code> from 29.5.6 to 29.5.11 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/719">actions/labeler#719</a></li> <li>Upgrade <code>@types/js-yaml</code> from 4.0.8 to 4.0.9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/718">actions/labeler#718</a></li> <li>Upgrade <code>@typescript-eslint/parser</code> from 6.9.0 to 6.14.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/717">actions/labeler#717</a></li> <li>Upgrade prettier from 3.0.3 to 3.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/726">actions/labeler#726</a></li> <li>Upgrade eslint from 8.55.0 to 8.56.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/725">actions/labeler#725</a></li> <li>Upgrade <code>@typescript-eslint/parser</code> from 6.14.0 to 6.19.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/745">actions/labeler#745</a></li> <li>Upgrade eslint-plugin-jest from 27.4.3 to 27.6.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/744">actions/labeler#744</a></li> <li>Upgrade <code>@typescript-eslint/eslint-plugin</code> from 6.9.0 to 6.20.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/750">actions/labeler#750</a></li> <li>Upgrade prettier from 3.1.1 to 3.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/752">actions/labeler#752</a></li> <li>Upgrade undici from 5.26.5 to 5.28.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/757">actions/labeler#757</a></li> <li>Upgrade braces from 3.0.2 to 3.0.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/789">actions/labeler#789</a></li> <li>Upgrade minimatch from 9.0.3 to 10.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/805">actions/labeler#805</a></li> <li>Upgrade <code>@actions/core</code> from 1.10.1 to 1.11.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/811">actions/labeler#811</a></li> <li>Upgrade typescript from 5.4.3 to 5.7.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/819">actions/labeler#819</a></li> <li>Upgrade <code>@typescript-eslint/parser</code> from 7.3.1 to 8.17.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/824">actions/labeler#824</a></li> <li>Upgrade prettier from 3.2.5 to 3.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/825">actions/labeler#825</a></li> <li>Upgrade <code>@types/jest</code> from 29.5.12 to 29.5.14 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/827">actions/labeler#827</a></li> <li>Upgrade eslint-plugin-jest from 27.9.0 to 28.9.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/832">actions/labeler#832</a></li> <li>Upgrade ts-jest from 29.1.2 to 29.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/831">actions/labeler#831</a></li> <li>Upgrade <code>@vercel/ncc</code> from 0.38.1 to 0.38.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/830">actions/labeler#830</a></li> <li>Upgrade typescript from 5.7.2 to 5.7.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/835">actions/labeler#835</a></li> <li>Upgrade eslint-plugin-jest from 28.9.0 to 28.11.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/839">actions/labeler#839</a></li> <li>Upgrade undici from 5.28.4 to 5.28.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/842">actions/labeler#842</a></li> <li>Upgrade <code>@octokit/request-error</code> from 5.0.1 to 5.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/846">actions/labeler#846</a></li> </ul> <h3>Documentation changes</h3> <ul> <li>Add note regarding <code>pull_request_target</code> to README.md by <a href="https://github.com/silverwind"><code>@silverwind</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/669">actions/labeler#669</a></li> <li>Update readme with additional examples and important note about <code>pull_request_target</code> event by <a href="https://github.com/IvanZosimov"><code>@IvanZosimov</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/721">actions/labeler#721</a></li> <li>Document update - permission section by <a href="https://github.com/harithavattikuti"><code>@harithavattikuti</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/840">actions/labeler#840</a></li> <li>Improvement in documentation for pull_request_target event usage in README by <a href="https://github.com/suyashgaonkar"><code>@suyashgaonkar</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/871">actions/labeler#871</a></li> <li>Fix broken links in documentation by <a href="https://github.com/suyashgaonkar"><code>@suyashgaonkar</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/822">actions/labeler#822</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/silverwind"><code>@silverwind</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/669">actions/labeler#669</a></li> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/802">actions/labeler#802</a></li> <li><a href="https://github.com/suyashgaonkar"><code>@suyashgaonkar</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/822">actions/labeler#822</a></li> <li><a href="https://github.com/HarithaVattikuti"><code>@HarithaVattikuti</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/840">actions/labeler#840</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/891">actions/labeler#891</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/labeler/commit/634933edcd8ababfe52f92936142cc22ac488b1b"><code>634933e</code></a> publish-action upgrade to 0.4.0 from 0.2.2 (<a href="https://redirect.github.com/actions/labeler/issues/901">#901</a>)</li> <li><a href="https://github.com/actions/labeler/commit/f1a63e87db0c6baf19c5713083f8d00d789ca184"><code>f1a63e8</code></a> Update Node.js version to 24 in action and dependencies (<a href="https://redirect.github.com/actions/labeler/issues/891">#891</a>)</li> <li><a href="https://github.com/actions/labeler/commit/b0a1180683c9f17424de4d71c044bea4c7b9bc7c"><code>b0a1180</code></a> Bump <code>@octokit/request-error</code> from 5.0.1 to 5.1.1 (<a href="https://redirect.github.com/actions/labeler/issues/846">#846</a>)</li> <li><a href="https://github.com/actions/labeler/commit/110d44140c9195b853f2f24044bbfed8f4968efb"><code>110d441</code></a> Update README.md (<a href="https://redirect.github.com/actions/labeler/issues/871">#871</a>)</li> <li><a href="https://github.com/actions/labeler/commit/bee50fefe18762fad67754b2f3bfff2c8082ebb8"><code>bee50fe</code></a> Bump undici from 5.28.4 to 5.28.5 (<a href="https://redirect.github.com/actions/labeler/issues/842">#842</a>)</li> <li><a href="https://github.com/actions/labeler/commit/6463cdb00ee92c05bec55dffc4e1fce250301945"><code>6463cdb</code></a> Bump eslint-plugin-jest from 28.9.0 to 28.11.0 (<a href="https://redirect.github.com/actions/labeler/issues/839">#839</a>)</li> <li><a href="https://github.com/actions/labeler/commit/c209686724ee12fcc5e6294d1d569b91f86fa691"><code>c209686</code></a> Bump typescript from 5.7.2 to 5.7.3 (<a href="https://redirect.github.com/actions/labeler/issues/835">#835</a>)</li> <li><a href="https://github.com/actions/labeler/commit/5184940b544b0096088a7b42d1b8a551003d9eb1"><code>5184940</code></a> Bump <code>@vercel/ncc</code> from 0.38.1 to 0.38.3 (<a href="https://redirect.github.com/actions/labeler/issues/830">#830</a>)</li> <li><a href="https://github.com/actions/labeler/commit/3629d5568b59204f18786372f6d740d649719488"><code>3629d55</code></a> Document update - permission section (<a href="https://redirect.github.com/actions/labeler/issues/840">#840</a>)</li> <li><a href="https://github.com/actions/labeler/commit/d24f7f3731b2a06433c0bccc364d560c5329c48f"><code>d24f7f3</code></a> Bump ts-jest from 29.1.2 to 29.2.5 (<a href="https://redirect.github.com/actions/labeler/issues/831">#831</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/labeler/compare/v5...v6">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.35.1</h2> <ul> <li>Fix incorrect minimum required Git version for <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li> </ul> <h2>v3.35.0</h2> <ul> <li>Reduced the minimum Git version required for <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> from 2.38.0 to 2.11.0. <a href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li> </ul> <h2>v3.34.1</h2> <ul> <li>Downgrade default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a> due to issues with a small percentage of Actions and JavaScript analyses. <a href="https://redirect.github.com/github/codeql-action/pull/3762">#3762</a></li> </ul> <h2>v3.34.0</h2> <ul> <li>Added an experimental change which disables TRAP caching when <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3569">#3569</a></li> <li>We are rolling out improved incremental analysis to C/C++ analyses that use build mode <code>none</code>. We expect this rollout to be complete by the end of April 2026. <a href="https://redirect.github.com/github/codeql-action/pull/3584">#3584</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0">2.25.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3585">#3585</a></li> </ul> <h2>v3.33.0</h2> <ul> <li>Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. <a href="https://redirect.github.com/github/codeql-action/pull/3562">#3562</a> To opt out of this change: <ul> <li><strong>Repositories owned by an organization:</strong> Create a custom repository property with the name <code>github-codeql-file-coverage-on-prs</code> and the type "True/false", then set this property to <code>true</code> in the repository's settings. For more information, see <a href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing custom properties for repositories in your organization</a>. Alternatively, if you are using an advanced setup workflow, you can set the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to <code>true</code> in your workflow.</li> <li><strong>User-owned repositories using default setup:</strong> Switch to an advanced setup workflow and set the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to <code>true</code> in your workflow.</li> <li><strong>User-owned repositories using advanced setup:</strong> Set the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to <code>true</code> in your workflow.</li> </ul> </li> <li>Fixed <a href="https://redirect.github.com/github/codeql-action/issues/3555">a bug</a> which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. <a href="https://redirect.github.com/github/codeql-action/pull/3557">#3557</a></li> <li>The CodeQL Action now loads <a href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">custom repository properties</a> on GitHub Enterprise Server, enabling the customization of features such as <code>github-codeql-disable-overlay</code> that was previously only available on GitHub.com. <a href="https://redirect.github.com/github/codeql-action/pull/3559">#3559</a></li> <li>Once <a href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private package registries</a> can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. <a href="https://redirect.github.com/github/codeql-action/pull/3563">#3563</a></li> <li>Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". <a href="https://redirect.github.com/github/codeql-action/pull/3564">#3564</a></li> <li>A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3570">#3570</a></li> </ul> <h2>v3.32.6</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3548">#3548</a></li> </ul> <h2>v3.32.5</h2> <ul> <li>Repositories owned by an organization can now set up the <code>github-codeql-disable-overlay</code> custom repository property to disable <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis for CodeQL</a>. First, create a custom repository property with the name <code>github-codeql-disable-overlay</code> and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to <code>true</code> to disable improved incremental analysis. For more information, see <a href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing custom properties for repositories in your organization</a>. This feature is not yet available on GitHub Enterprise Server. <a href="https://redirect.github.com/github/codeql-action/pull/3507">#3507</a></li> <li>Added an experimental change so that when <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3487">#3487</a></li> <li>The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. <a href="https://redirect.github.com/github/codeql-action/pull/3515">#3515</a></li> <li>Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. <a href="https://redirect.github.com/github/codeql-action/pull/3516">#3516</a></li> <li>Added an experimental change which lowers the minimum disk space requirement for <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a>, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3498">#3498</a></li> <li>Added an experimental change which allows the <code>start-proxy</code> action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3512">#3512</a></li> <li>The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. <a href="https://redirect.github.com/github/codeql-action/pull/3503">#3503</a>, <a href="https://redirect.github.com/github/codeql-action/pull/3504">#3504</a></li> </ul> <h2>v3.32.4</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2">2.24.2</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3493">#3493</a></li> <li>Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when <a href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private package registries are configured</a>. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. <a href="https://redirect.github.com/github/codeql-action/pull/3473">#3473</a></li> <li>When the CodeQL Action is run <a href="https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup">with debugging enabled in Default Setup</a> and <a href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private package registries are configured</a>, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. <a href="https://redirect.github.com/github/codeql-action/pull/3486">#3486</a></li> <li>Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. <a href="https://redirect.github.com/github/codeql-action/pull/3485">#3485</a></li> <li>Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a <a href="https://github.com/dsp-testing/codeql-cli-nightlies">nightly CodeQL CLI release</a> instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. <a href="https://redirect.github.com/github/codeql-action/pull/3484">#3484</a></li> </ul> <h2>v3.32.3</h2> <ul> <li>Added experimental support for testing connections to <a href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private package registries</a>. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. <a href="https://redirect.github.com/github/codeql-action/pull/3466">#3466</a></li> </ul> <h2>v3.32.2</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h2>4.32.3 - 13 Feb 2026</h2> <ul> <li>Added experimental support for testing connections to <a href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private package registries</a>. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. <a href="https://redirect.github.com/github/codeql-action/pull/3466">#3466</a></li> </ul> <h2>4.32.2 - 05 Feb 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1">2.24.1</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3460">#3460</a></li> </ul> <h2>4.32.1 - 02 Feb 2026</h2> <ul> <li>A warning is now shown in Default Setup workflow logs if a <a href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private package registry is configured</a> using a GitHub Personal Access Token (PAT), but no username is configured. <a href="https://redirect.github.com/github/codeql-action/pull/3422">#3422</a></li> <li>Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. <a href="https://redirect.github.com/github/codeql-action/pull/3421">#3421</a></li> </ul> <h2>4.32.0 - 26 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0">2.24.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3425">#3425</a></li> </ul> <h2>4.31.11 - 23 Jan 2026</h2> <ul> <li>When running a Default Setup workflow with <a href="https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging">Actions debugging enabled</a>, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. <a href="https://redirect.github.com/github/codeql-action/pull/3409">#3409</a></li> <li>Improved error handling throughout the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3415">#3415</a></li> <li>Added experimental support for automatically excluding <a href="https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github">generated files</a> from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. <a href="https://redirect.github.com/github/codeql-action/pull/3318">#3318</a></li> <li>The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. <a href="https://redirect.github.com/github/codeql-action/pull/3403">#3403</a></li> </ul> <h2>4.31.10 - 12 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to 2.23.9. <a href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li> </ul> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <h2>4.31.6 - 01 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.5 - 24 Nov 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.6. <a href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li> </ul> <h2>4.31.4 - 18 Nov 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/5cc552f43e3a9ff0174c3f5ff48a65f65932165c"><code>5cc552f</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3768">#3768</a> from github/dependabot/npm_and_yarn/npm-minor-3536e7...</li> <li><a href="https://github.com/github/codeql-action/commit/6b1a9f21316cab28a783572d1a21f9c64440e119"><code>6b1a9f2</code></a> Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-3536e7c6f0</li> <li><a href="https://github.com/github/codeql-action/commit/9d3ec5727af849d875626d89231bc989ed1aa11d"><code>9d3ec57</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3770">#3770</a> from github/dependabot/github_actions/dot-github/wor...</li> <li><a href="https://github.com/github/codeql-action/commit/3ff82aacd04bbf827a9ebbbe4084ad623a5dd7ee"><code>3ff82aa</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3575">#3575</a> from github/mbg/ts/sync-checks</li> <li><a href="https://github.com/github/codeql-action/commit/4bdd4e7526a4cfd5a91592c3b8429e517975e99f"><code>4bdd4e7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3554">#3554</a> from github/sam-robson/overlay-include-diff</li> <li><a href="https://github.com/github/codeql-action/commit/23a0098b57aa5903397f33daf70c093ec77d2d1c"><code>23a0098</code></a> fix: improve error handling and logging for diff range path resolution</li> <li><a href="https://github.com/github/codeql-action/commit/ea7b090925e11be0e9d47ec732e8b7265b86ff57"><code>ea7b090</code></a> Rebuild</li> <li><a href="https://github.com/github/codeql-action/commit/a663d0174ae6d4729785acc36e8967971de379e4"><code>a663d01</code></a> Bump ruby/setup-ruby</li> <li><a href="https://github.com/github/codeql-action/commit/b659882aae80c1450f0b84dc23c4ad35812f6621"><code>b659882</code></a> Bump the npm-minor group with 5 updates</li> <li><a href="https://github.com/github/codeql-action/commit/d5bb39fa0b22a80973c7598d7b60a9bec2778bef"><code>d5bb39f</code></a> refactor: single source of truth for getDiffRangesJsonFilePath and simplified...</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/v3...v4">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Remove redundant auto-tag.yml (semantic-release handles tags) - Unify GH_TOKEN across all CI workflows, fix GH Actions injection patterns - Fix command injection in plugin install (exec → execFile) - Fix race condition and missing .catch() in useEmbedResolver - Standardize all 16 tsconfigs to extend base (strict mode everywhere) - Fix 12 type errors from noUncheckedIndexedAccess in API routes - Enable no-floating-promises ESLint rule with typed linting - Fix 12 floating promises in main process with void operator - Upgrade fumadocs 15→16 with import migration for Next.js 16 compat - Sync lucide-react to ^0.562.0, TypeScript to ^5.7.2 across monorepo - Remove stale @types/react global override (was breaking web app React 19) - Add exports field to mcp-server and plugin-cli packages - Remove stale site/* from pnpm-workspace.yaml - Add version validation and error handling to bump-version.js - Add settings broadcast guard in preload - Remove hardcoded version from Hero.tsx - Add .env.example for developer onboarding - Optimize pre-push hook (typecheck only, tests in CI) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix all 72 floating promise warnings with void operators (30 files) - Upgrade Electron 29→35 (Chromium 134, Node.js 22, security patches) - Update electron-updater to ^6.8.3 - Add renderer store tests: editorBufferStore, editorPreferencesStore, performanceStore (26 new tests, 51 total desktop tests) - Enable no-floating-promises as error (was warn, now 0 violations) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…improvements
Design System:
- Add Button primitive (primary/secondary/danger/ghost variants, loading state)
- Add Toast notification system (success/error/info/warning, auto-dismiss)
- Add Modal pattern (glass effect, portal, escape/overlay close)
- Add typography tokens (font-weight, line-height, letter-spacing)
UX Improvements:
- Add save indicator in editor ("Saving..." → "Saved")
- Flush pending saves on window close (prevent data loss)
- Show toast notifications for plugin install/uninstall/toggle
- Humanize AI error messages (raw codes → actionable user guidance)
- Add settings "Reset to Defaults" button in sidebar
- Add update notification banner at top of app window
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Design System: - Replace ~60 hardcoded spacing values with --space-* tokens across 14 CSS modules - Consolidate 30+ ad-hoc button styles to Button primitive in all settings sections - Migrate AiSection inline styles to CSS module classes UX Features: - Add welcome screen for first-run onboarding with feature highlights - Add sync progress indicator in sidebar footer (pending count, status, retry) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Search: - Add collapsible filter bar with status pills (All/Active/On Hold/Completed/Dropped) - Add tag filter dropdown populated from existing tags - Add sort controls (by title/created/updated, asc/desc) - Filter toggle button with active count badge Plugin Marketplace: - Wire BrowseTab to fetch plugins from API (https://api.readied.app/plugins) - Graceful offline fallback to static built-in list with notice - Add plugins:installFromUrl IPC handler (download + extract + validate) - Install button with loading state, toast feedback - Cross-reference installed plugins to show "Installed" badge - Auto-refresh installed tab after marketplace install Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Tables: - Add comprehensive table CSS (tables.css) for editor/preview parity - Style WYSIWYG editor tables identical to preview (tokens, stripes, hover) - Style insert-table modal with glass effect and accent grid selection - Style sortable table headers with sort indicators - Add overflow-x:auto for wide tables, row hover effects - Remove hardcoded text-align so GFM alignment markers work Export: - Add YAML frontmatter to exported markdown (title, dates, tags, id) - Add per-note file export command (Cmd+Shift+E → save dialog) - Improve HTML clipboard conversion: tables, blockquotes, ordered lists, images, horizontal rules - Add data:exportNote IPC handler with save dialog Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
# Conflicts: # apps/desktop/package.json # pnpm-lock.yaml
Security: - Fix YAML frontmatter backslash escaping (CodeQL critical) - Validate plugin IDs with regex + path traversal check (P1) - Fix PowerShell path interpolation to use separate args - Add 50MB size limit and try/finally cleanup to installFromUrl - Fix semver regex to accept build metadata Accessibility: - Welcome screen: role=dialog, aria-modal, aria-labelledby, Escape handler - Modal: aria-labelledby, focus on open, tabIndex - Toast: aria-live=assertive for errors, polite for others - Welcome Skip button uses Button primitive UX fixes: - Save indicator no longer flashes on note switch (track noteId) - UpdateBanner handles download errors with retry - UpdatesSection installNow wrapped in try/catch - Welcome copy updated: "Local-First" instead of "Offline Forever" - Hero play overlay hidden when no video URL Code quality: - CSS keyframes renamed to kebab-case (Stylelint) - MagicLinkFlow border-radius uses --radius-xl not --space-4 - Button.module.css currentcolor lowercase - Toast word-break → overflow-wrap - .env.example with parser-safe placeholders - NoteListFilterBar unmount guard + error handling - SidebarFooter prevStatusRef always updated - PluginsSection slug/id matching improved - Stripe timestamp NaN guard - source.ts import order fixed - Test improvements (consistent patterns, comments) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…oad) Security hardening: - encryptionService: enforce minimum 100k PBKDF2 iterations - encryptionService: validate hex strings before Buffer.from() - preload: validate HTTPS-only URLs for plugin install - preload: guard log:write against non-string payloads Sync/encryption: - syncService: emit status event when encryption not ready (UI visibility) - apiClient: add explicit type generics to all E2EE request calls CI: - ci.yml: add contents:read permission to label job Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix mcp-server TS2532 errors from noUncheckedIndexedAccess (optional chaining on regex matches) - Restructure ESLint config: type-aware rules only for src/ files in tsconfig projects - Ignore incomplete ai-assistant package - Result: 0 lint errors, 32 warnings (all non-blocking) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Main process: - exportNote: async writeFile, Unicode-safe filename sanitizer - plugins:install: tmpDir cleanup via finally block - plugins:installFromUrl: slug validation, URL parsing, JSON guard Renderer: - NoteListFilterBar: aria-pressed on pills, error logging in tags fetch - NoteEditor: guard saved flash against note switch (trackedNoteIdRef) - Welcome: auto-focus primary button on mount - UpdateBanner: include error message in UI, check startDownload result - SidebarFooter: "Synced Xm ago" display, subscribe to lastSyncAt - Modal: useId() for unique aria-labelledby - Toast: conditional role (alert vs status) Plugins & export: - PluginsSection: error toast on failed install/uninstall, validate API response - Section.module.css: rename plugin-spinner to pluginSpinner (camelCase) - exportMarkdown: escapeHtml in tables, escapeYamlScalar in frontmatter, async clipboard handlers - Button.module.css: danger hover uses color-mix tokens - Hero.tsx: non-interactive wrapper when no video URL Other: - .env.example: inline comments moved to own lines - bump-version.js: stricter semver regex Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
# Conflicts: # .env.example # apps/desktop/src/main/index.ts # apps/desktop/src/renderer/components/NoteEditor.tsx # apps/desktop/src/renderer/components/NoteListFilterBar.tsx # apps/desktop/src/renderer/components/UpdateBanner.tsx # apps/desktop/src/renderer/components/Welcome.tsx # apps/desktop/src/renderer/components/sidebar/SidebarFooter.tsx # apps/desktop/src/renderer/pages/settings/sections/PluginsSection.tsx # apps/desktop/src/renderer/pages/settings/sections/Section.module.css # apps/desktop/src/renderer/plugins/exportMarkdown.ts # apps/desktop/src/renderer/ui/patterns/Modal.tsx # apps/desktop/src/renderer/ui/primitives/Button.module.css # apps/desktop/src/renderer/ui/primitives/Toast.tsx # apps/web/components/landing/Hero.tsx # pnpm-lock.yaml # scripts/bump-version.js
## Summary - Add explicit rule: never push directly to `develop` or `main` - Add instruction for Claude Code to always create feature branches - Add "always branch from develop" and "clean up after merge" to hygiene rules 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **No user-facing changes** * Internal documentation update to development workflow and branch governance guidelines. This does not affect end-user functionality or features. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## Summary Fixes two review findings from PR #198: - **P1**: Move `useId()` above early return in Modal to prevent React hook order violation - **P2**: Remove strict slug/id equality check in `plugins:installFromUrl` — marketplace slug and manifest id are independent identifiers ## Test plan - [x] `pnpm typecheck` — 17/17 pass - [x] `pnpm test` — 16/16 pass 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## Summary Addresses P1 review finding from PR #200 and strengthens git flow rules. ### Plugin Install - Add cross-plugin overwrite protection: when marketplace serves wrong bundle (manifest.id ≠ requested slug), block only if it would overwrite an existing plugin directory — prevents silent overwrites without blocking valid installs where slug and manifest ID legitimately differ ### CLAUDE.md - Add explicit step-by-step workflow for Claude Code - Add explicit NEVER list (no direct commits to develop/main) ## Test plan - [x] `pnpm typecheck` — 17/17 pass 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Enhanced plugin installation safety to prevent accidental overwrites of existing plugins during installation from URL. * **Documentation** * Updated development workflow documentation and branch protection requirements. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## Summary Resolves merge conflicts between main and develop for the release PR #202: - `apps/desktop/src/main/index.ts`: Keep develop's cross-plugin overwrite protection (smarter than main's strict equality check) - `apps/desktop/src/renderer/ui/patterns/Modal.tsx`: Keep develop's useId() placement above early return (React hook order fix) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Summary Fixes all 12 review comments from PR #202 (CodeRabbit + Codex). - **NoteEditor**: Remove `note?.id` from save effect deps (P2 — prevents false "Saved" flash) - **exportNote**: Reject Windows reserved filenames (CON, PRN, AUX, etc.) - **installFromUrl**: Return `slugMismatch` in success response for UI awareness - **SidebarFooter**: 60s interval refresh for "Synced Xm ago" staleness - **UpdateBanner**: Fix optional error type + "Download failed: Download failed" duplication - **PluginsSection**: Add `slug` to marketplace response validation - **Section.module.css**: Keyframe `pluginSpin` → `plugin-spin` (stylelint) - **Toast**: Remove nested `aria-live` from container (spec compliance) - **tsconfig.json**: `jsx: "preserve"` for Next.js (was "react-jsx") - **.env.example**: Reference to CLAUDE.md for setup docs ## Test plan - [x] `pnpm typecheck` — 17/17 pass - [x] `pnpm test` — 16/16 pass 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **Bug Fixes** * Fixed handling of Windows reserved filenames in exports * Download failures now display specific error messages instead of generic text * Improved validation when installing marketplace plugins * Sync timestamp display now updates periodically * Enhanced accessibility for toast notifications <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## Summary Merges main into develop to resolve all conflicts so PR #202 (release) can merge cleanly. All 5 conflicts resolved keeping develop's version (which has all review fixes from PRs #199-#204). ## Test plan - [x] `pnpm typecheck` — 17/17 pass 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 43 minutes and 0 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (21)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Owner
Author
|
Need to resolve conflicts first |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b5d27331e2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| } | ||
| prevDirtyRef.current = isDirty; | ||
| }, [isDirty]); | ||
| }, [isDirty, note?.id]); |
There was a problem hiding this comment.
Including note?.id in this dirty-tracking effect makes it run during note switches while isDirty can still be the previous note's value (the buffer reset is scheduled in a separate effect). In that case prevDirtyRef is set from stale state, and the next clean state for the new note is misread as a successful save, causing a misleading “Saved” flash even when the user only changed selection.
Useful? React with 👍 / 👎.
| const content = context.editor.getContent(); | ||
| if (!content) return false; | ||
| void navigator.clipboard.writeText(content); | ||
| await navigator.clipboard.writeText(content); |
There was a problem hiding this comment.
This await can reject when clipboard access is unavailable (e.g., permission/backend failures), and the rejection propagates through command dispatch because there is no local try/catch. Since command invocations are currently fired with void in the UI handlers, this becomes an unhandled promise rejection instead of a controlled command failure message; please handle clipboard errors here and return false (or log) explicitly.
Useful? React with 👍 / 👎.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release Summary
Major release with all review findings resolved and conflicts synced.
Highlights
All review findings addressed
Test plan
pnpm typecheck— 17/17 passpnpm test— 16/16 passpnpm lint— 0 errors🤖 Generated with Claude Code