Skip to content

Add privacy-safe PWA offline shell#702

Merged
BigSimmo merged 10 commits into
mainfrom
codex/pwa-privacy-safe-20260717
Jul 17, 2026
Merged

Add privacy-safe PWA offline shell#702
BigSimmo merged 10 commits into
mainfrom
codex/pwa-privacy-safe-20260717

Conversation

@BigSimmo

@BigSimmo BigSimmo commented Jul 17, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add a privacy-safe installable PWA shell with an explicit generic offline fallback.
  • Keep APIs, auth, clinical queries, documents, uploads, signed URLs, RSC payloads, range requests, and cross-origin traffic out of CacheStorage.
  • Add install/update/connectivity lifecycle UI, manifest/theme integration, resource-specific headers, and focused unit/browser coverage.
  • Fix the PWA browser cleanup test to pass its cache prefix into the browser context and allow the cold installability path a focused timeout.

Verification

  • npm run verify:pr-local (the dry-run selected format, lint, typecheck, test, and build; those components were run individually because the shared worktree cache/process wrapper exited during host contention)
  • npm run verify:ui (focused Chromium PWA gate run instead: 2/2 passed)
  • npm run verify:release (not run; includes provider-backed gates)
  • npm run eval:retrieval:quality (not applicable: no retrieval/ranking changes)
  • npm run eval:rag -- --limit 15 + npm run eval:quality -- --rag-only (not applicable: no answer-generation changes)
  • npm run check:production-readiness (run locally; environment-blocked by the isolated worktree's intentionally absent Supabase/OpenAI variables)
  • npm run check:deployment-readiness (not run; production startup requires credentials and no deployment was requested)

Completed local evidence:

  • Focused PWA/security Vitest: 81/81 passed on the final current-main integration.
  • Focused Chromium PWA: 2/2 passed with local APIs and Supabase/OpenAI requests blocked.
  • Full uncached ESLint, TypeScript, scoped Prettier, and diff checks passed.
  • Production Webpack build compiled, type-checked, generated 1,043 pages, and passed the client-bundle secret scan.
  • Full Vitest reached 2,506 passing tests; six tests timed out under cross-worktree contention, and all affected files passed 24/24 when rerun serially.

Clinical Governance Preflight

  • Source-backed claims still require linked source verification before clinical use
  • No patient-identifiable document workflow was introduced or expanded without explicit governance approval
  • Supabase target remains Clinical KB Database (sjrfecxgysukkwxsowpy)
  • Service-role keys and private document access remain server-only
  • Demo/synthetic content remains clearly separated from real clinical sources
  • Source metadata, review status, and outdated/unknown-source behavior remain conservative
  • Deployment classification/TGA SaMD impact was checked; no clinical decision-support behavior changed

Notes

  • No live Supabase, OpenAI, ingestion, retrieval-evaluation, or production-provider workflow was run.
  • Review record: docs/branch-review-ledger.md.

Summary by CodeRabbit

  • New Features
    • Added a privacy-safe installable PWA experience with an offline fallback page, offline/restore messaging, install prompt handling, and user-friendly update notifications.
    • Enhanced the PWA manifest with richer app metadata and shortcuts.
  • Bug Fixes
    • Tightened PWA caching and security rules (including route-specific headers) and ensured public PWA assets don’t depend on user session state.
    • Updated theme-color syncing to match the active theme.
  • Documentation
    • Added PWA architecture/operational documentation and updated the codebase index/branch review record.
  • Tests
    • Added Playwright E2E coverage for PWA behavior and added/expanded automated checks for the manifest, service worker, lifecycle UI, and security headers (including test:e2e:pwa).

@supabase

supabase Bot commented Jul 17, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project sjrfecxgysukkwxsowpy because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@BigSimmo, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 2 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 88c8fb90-b4fe-486a-b68a-8c4ef22e8c6e

📥 Commits

Reviewing files that changed from the base of the PR and between 9bb5447 and 50dc7bc.

📒 Files selected for processing (2)
  • docs/branch-review-ledger.md
  • tests/ui-smoke.spec.ts
📝 Walkthrough

Walkthrough

Introduces a privacy-safe installable PWA with constrained service-worker caching, offline fallback, install/update lifecycle UI, public asset headers, theme integration, proxy handling, and Vitest/Playwright verification.

Changes

Privacy-safe PWA

Layer / File(s) Summary
Bootstrap assets and privacy contracts
docs/pwa.md, public/offline.html, src/app/manifest.ts, next.config.ts, src/proxy.ts, src/lib/security-headers.ts, src/lib/theme.ts
Defines PWA identity, offline behavior, cache boundaries, public routes, security headers, CSP restrictions, and manifest shortcuts.
Constrained service-worker caching
public/sw.js, tests/pwa-service-worker.test.ts
Adds allow-listed caching for static and public assets, offline navigation fallback, bounded cache retention, lifecycle events, and request/response safety checks.
Lifecycle notices and theme integration
src/components/pwa-lifecycle.tsx, src/app/layout.tsx, src/app/globals.css, src/components/clinical-dashboard/use-theme.ts, tests/pwa-lifecycle.dom.test.tsx
Adds worker registration, connectivity notices, install/update controls, standalone detection, safe-area layout, and synchronized theme colors.
Verification and project wiring
tests/ui-pwa.spec.ts, playwright.config.ts, package.json, tests/proxy-session-refresh.test.ts, tests/pwa-manifest.test.ts, tests/security-headers.test.ts, tests/theme.test.ts, docs/codebase-index.md, docs/branch-review-ledger.md
Adds Chromium PWA coverage, test selection and command wiring, manifest/security/theme assertions, proxy regression tests, documentation indexing, and a review ledger entry.

Estimated code review effort: 4 (Complex) | ~60 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Browser
  participant PwaLifecycle
  participant ServiceWorker
  participant CacheStorage
  Browser->>PwaLifecycle: load application
  PwaLifecycle->>ServiceWorker: register /sw.js
  ServiceWorker->>CacheStorage: precache offline shell and public assets
  Browser->>ServiceWorker: navigate or request public asset
  ServiceWorker-->>Browser: network, cached asset, or offline fallback
Loading

Possibly related PRs

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 4.35% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately captures the main change: adding a privacy-safe PWA offline shell.
Description check ✅ Passed The description follows the required template with Summary, Verification, Clinical Governance Preflight, and Notes, and it is sufficiently complete.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/pwa-privacy-safe-20260717

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
tests/ui-pwa.spec.ts (1)

238-281: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Exercise a successful private response before checking CacheStorage.

This flow only inspects assets loaded naturally, while API requests are aborted. A regression that caches successful API/auth/document responses could therefore pass. Fulfill and fetch a synthetic same-origin private URL, then explicitly assert that URL is absent from every cache.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/ui-pwa.spec.ts` around lines 238 - 281, The test around “serves a cold
offline fallback…” only validates naturally loaded assets and must exercise a
successful private response before inspecting CacheStorage. After the app
recovers online, fulfill and fetch a synthetic same-origin private URL covering
a sensitive path, then explicitly verify that exact URL is absent from every
cache while preserving the existing inventory allowlist assertions.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/proxy.ts`:
- Around line 30-33: Add "/icon.svg" to the publicPwaPaths allowlist in
src/proxy.ts, and add "/icon.svg" to the parameterized public-path cases in
tests/proxy-session-refresh.test.ts so the proxy and regression test treat it as
public.

In `@tests/pwa-service-worker.test.ts`:
- Around line 617-619: Remove the Set-Cookie header assertion from the synthetic
new Response test in tests/pwa-service-worker.test.ts. Add the no-cookie
invariant to the origin/proxy test instead, where the worker’s actual
response-header behavior is exercised.

---

Nitpick comments:
In `@tests/ui-pwa.spec.ts`:
- Around line 238-281: The test around “serves a cold offline fallback…” only
validates naturally loaded assets and must exercise a successful private
response before inspecting CacheStorage. After the app recovers online, fulfill
and fetch a synthetic same-origin private URL covering a sensitive path, then
explicitly verify that exact URL is absent from every cache while preserving the
existing inventory allowlist assertions.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: b7f17f07-8e47-46d3-b8cc-c22e4c9abe84

📥 Commits

Reviewing files that changed from the base of the PR and between 561cefe and 1cdeef7.

📒 Files selected for processing (23)
  • docs/branch-review-ledger.md
  • docs/codebase-index.md
  • docs/pwa.md
  • next.config.ts
  • package.json
  • playwright.config.ts
  • public/offline.html
  • public/sw.js
  • src/app/globals.css
  • src/app/layout.tsx
  • src/app/manifest.ts
  • src/components/clinical-dashboard/use-theme.ts
  • src/components/pwa-lifecycle.tsx
  • src/lib/security-headers.ts
  • src/lib/theme.ts
  • src/proxy.ts
  • tests/proxy-session-refresh.test.ts
  • tests/pwa-lifecycle.dom.test.tsx
  • tests/pwa-manifest.test.ts
  • tests/pwa-service-worker.test.ts
  • tests/security-headers.test.ts
  • tests/theme.test.ts
  • tests/ui-pwa.spec.ts

Comment thread src/proxy.ts Outdated
Comment thread tests/pwa-service-worker.test.ts Outdated
@BigSimmo
BigSimmo enabled auto-merge July 17, 2026 07:21
…e-20260717

# Conflicts:
#	docs/branch-review-ledger.md
@github-actions

Copy link
Copy Markdown

CI triage

CI failed on this PR. Automated classification of the 2 failed job(s):

  • UI regressionpossible known flake: UI/Playwright job; check tests/flake-ledger.json (tests/ui-smoke.spec.ts, tests/ui-smoke.spec.ts, tests/ui-tools.spec.ts, tests/ui-tools.spec.ts) and re-run before bisecting.
  • PR requiredpossible known flake: UI/Playwright job; check tests/flake-ledger.json (tests/ui-smoke.spec.ts, tests/ui-smoke.spec.ts, tests/ui-tools.spec.ts, tests/ui-tools.spec.ts) and re-run before bisecting.

Heuristic only — a main-side or flake label is a starting point, not a verdict.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant