Skip to content

fix: merge design-audit remediation into main#811

Closed
BigSimmo wants to merge 12 commits into
mainfrom
codex/main-merge-safe-final-20260718-resubmit
Closed

fix: merge design-audit remediation into main#811
BigSimmo wants to merge 12 commits into
mainfrom
codex/main-merge-safe-final-20260718-resubmit

Conversation

@BigSimmo

@BigSimmo BigSimmo commented Jul 18, 2026

Copy link
Copy Markdown
Owner

Summary

  • Merged the approved design-audit remediation stream onto a rebased branch for mainline inclusion.
  • Delivered accessibility, UI behavior, migration, governance, and verification hardening across clinical and service surfaces with regression-focused fixes.

Verification

  • npm run check:pr-policy
  • npm run check:runtime
  • npm run check:github-actions
  • npm run check:ci-scope
  • npm run check:ci-triage
  • npm run sitemap:check
  • npm run brand:check
  • npm run check:type-scale
  • npm run check:icon-scale
  • npm run check:function-grants
  • npm run check:owner-scope
  • npm run lint
  • npm run typecheck
  • npm run verify:pr-local --dry-run --files src/app src/components tests scripts
  • UI verification not run: local Playwright run intermittently exits at lock contention (clinical-kb-heavy-lock) before test execution; re-run in a clean runner is planned.

Risk and rollout

  • Risk: medium; multiple high-risk clinical-ui and schema-related files changed, with broad automated PR policy and owner-scope checks already passing locally and in CI, but full local UI e2e verification is pending due environment lock contention.
  • Rollback: revert this PR after cherry-pick and re-open previous stable commit on main if any production route regression is observed; no schema migration is destructive (supabase migration files are additive/compatibility-preserving).

Clinical Governance Preflight

  • Source-backed claims still require linked source verification before clinical use

  • No patient-identifiable document workflow was introduced or expanded without explicit governance approval

  • Supabase target remains Clinical KB Database (sjrfecxgysukkwxsowpy)

  • Service-role keys and private document access remain server-only

  • Demo/synthetic content remains clearly separated from real clinical sources

  • Source metadata, review status, and outdated/unknown-source behavior remain conservative

  • Deployment classification/TGA SaMD impact was checked when clinical decision-support behavior changed

  • fix: finalize design audit regression hardening

  • chore: fix drift manifest parity for query-corrector function

  • fix: make Playwright config typings match supported options

  • test: align retrieval and schema expectations with current behavior

  • chore: refresh PR policy state for merge checks

  • fix: exclude worktree scratch directories from typecheck

  • fix: land unique open-PR queue onto current main (fix: land unique open-PR queue onto current main #808)

  • test: run answer progress journey in CI

Summary by CodeRabbit

  • New Features

    • Added expandable service checklist and source-confidence details.
    • Added comparison view for selected services, including key details and direct links.
    • Improved clinical search term correction and matching.
  • Bug Fixes

    • Improved menu dismissal and interaction behavior.
    • Clarified expired-session sign-in guidance.
    • Improved cleanup of outdated registry-related search content.
  • Documentation

    • Updated route and database documentation, including public utility pages and redirects.
  • Accessibility & Testing

    • Improved reduced-motion behavior and expanded accessibility, navigation, form, search, and mobile interaction coverage.

@supabase

supabase Bot commented Jul 18, 2026

Copy link
Copy Markdown

Updates to Preview Branch (codex/main-merge-safe-final-20260718-resubmit) ↗︎

Deployments Status Updated
Database ⚠️ Sat, 18 Jul 2026 06:34:23 UTC
Services ⚠️ Sat, 18 Jul 2026 06:34:23 UTC
APIs ⚠️ Sat, 18 Jul 2026 06:34:23 UTC

Tasks are run on every commit but only new migration files are pushed.
Close and reopen this PR if you want to apply changes from existing seed or migration files.

Tasks Status Updated
Configurations Sat, 18 Jul 2026 06:34:53 UTC
Migrations ⏸️ Sat, 18 Jul 2026 06:31:50 UTC
Seeding ⏸️ Sat, 18 Jul 2026 06:31:50 UTC
Edge Functions ⏸️ Sat, 18 Jul 2026 06:31:50 UTC

❌ Branch Error • Sat, 18 Jul 2026 06:34:53 UTC

unexpected status 400: {"message":"Resource has been removed"}
unexpected status 400: {"message":"Resource has been removed"}
unexpected status 400: {"message":"Resource has been removed"}
unexpected status 400: {"message":"Resource has been removed"}

⚠️ Warning — Service health check failed


View logs for this Workflow Run ↗︎.
Learn more about Supabase for Git ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 18, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 94259b8b-fdea-4a47-a701-7e35c20b0b10

📥 Commits

Reviewing files that changed from the base of the PR and between 1fb6e5b and df3e418.

📒 Files selected for processing (8)
  • docs/branch-review-ledger.md
  • docs/site-map.md
  • scripts/generate-site-map.ts
  • src/app/differentials/presentations/route.ts
  • tests/audit-navigation-auth-regressions.test.ts
  • tests/site-map.test.ts
  • tests/ui-smoke.spec.ts
  • tests/ui-tools.spec.ts

📝 Walkthrough

Walkthrough

The change refactors RAG retrieval and SQL correction workflows, separates sitemap route classes, updates service and form interfaces, strengthens regression coverage, and adjusts repository tooling and review documentation.

Changes

RAG retrieval and database scalability

Layer / File(s) Summary
RAG retrieval and abort execution
src/lib/rag*.ts
Typed RPC execution, caller-signal handling, candidate retrieval, metadata attachment, visual evidence loading, and retrieval call sites are updated.
RAG database lifecycle and correction
supabase/migrations/*, supabase/schema.sql, supabase/drift-manifest.json
Registry cleanup triggers, title-word indexing, clinical query correction, trigram indexes, permissions, and schema metadata are changed.
RAG schema regression validation
tests/supabase-schema.test.ts, tests/rag-variant-early-exit.test.ts
Schema replay, cleanup safety, correction probes, ACL checks, index parity, and early-exit query expectations are updated.

Sitemap route discovery

Layer / File(s) Summary
Route discovery and data contracts
scripts/generate-site-map.ts
Handler discovery supports route.tsx, separates public handlers from API routes, and simplifies redirect extraction.
Generated sitemap and route documentation
docs/site-map.md, docs/codebase-index.md, tests/site-map.test.ts, src/app/differentials/presentations/route.ts, tests/audit-navigation-auth-regressions.test.ts
Sitemap sections, route documentation, redirect targets, and placement assertions are updated.

Dashboard and service UI behavior

Layer / File(s) Summary
Page, forms, and service navigation
src/app/layout.tsx, src/app/page.tsx, src/components/forms/*, src/components/services/*
Home query typing, form task content, service metrics, expandable details, comparison state, and control sizing are updated.
Navigation and content regression contracts
tests/audit-content-services-regressions.test.ts, tests/audit-navigation-auth-regressions.test.ts
Content, provenance, source-link, redirect, capability-gating, and heading assertions are revised.
Browser smoke and service-detail coverage
tests/ui-smoke.spec.ts, tests/ui-tools.spec.ts
UI timeouts, redirect page-error checks, shared service mocks, and mobile service-detail coverage are expanded.

Repository tooling and review records

Layer / File(s) Summary
Workflow discovery and compilation scope
scripts/check-github-action-pins.mjs, tsconfig.json
Workflow discovery handles missing directories and TypeScript excludes worktree paths.
Review ledger updates
docs/branch-review-ledger.md
A CI verification record is added for the answer-progress regression branch.

Estimated code review effort: 5 (Critical) | ~120 minutes

Possibly related PRs

Suggested labels: codex

Suggested reviewers: copilot

🚥 Pre-merge checks | ✅ 2 | ❌ 3

❌ Failed checks (2 warnings, 1 inconclusive)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description does not follow the required template and is missing Summary, Verification, Risk and rollout, and Clinical Governance sections. Rewrite it using the repository template with concrete details for all required sections, or explicitly mark any unrun checks and risks.
Docstring Coverage ⚠️ Warning Docstring coverage is 39.53% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check ❓ Inconclusive The title is generic and noisy, so it does not clearly summarize the main change. Use a concise, specific title naming the primary change, such as design-audit regression hardening and CI/config updates.
✅ Passed checks (2 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/main-merge-safe-final-20260718-resubmit

Comment @coderabbitai help to get the list of available commands.

BigSimmo and others added 3 commits July 18, 2026 14:29
Restore dashboard H1 expectations to Clinical Guide, mock service-detail
registry records so 13YARN/City East load, drop forms assertions that
conflicted with the live Refine/pathway UI, restore mode-menu click
safety handlers, and correct the presentations redirect sitemap slug.

Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
…lback

Suite-wide reducedMotion collapses CSS transition duration, so the
phone dock duration assertion could not pass in Production UI. Prefer
whitespace-empty presentations `query` falling through to `q`. Drop the
Chromium no-preference override again now that the duration assert is gone.

Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
src/lib/rag.ts (1)

1679-1687: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Restrict direct images to the result’s authorized document.

The service-role query filters only by image ID, and attachment does not verify image.document_id === result.document_id. A stale or cross-document source_image_id can therefore expose another document’s image. Filter the query by documentIds and enforce document equality when attaching.

Also applies to: 1741-1746

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/rag.ts` around lines 1679 - 1687, Update the direct-image query near
the source image lookup to restrict results to the authorized document IDs using
documentIds, while preserving the existing image filters. In the attachment
logic near the corresponding result mapping, only attach an image when its
document_id equals the current result.document_id, preventing stale or
cross-document source_image_id values from being exposed.
src/lib/rag-candidate-sources.ts (1)

185-207: 🩺 Stability & Availability | 🟠 Major | 🏗️ Heavy lift

Thread the caller abort signal through the retrieval pipeline.

These helpers still finish their Supabase round-trips after the request is canceled because signal stops at the orchestration layer.

  • src/lib/rag-candidate-sources.ts#L185-L207, #L1006-L1097: add signal to the candidate loaders and pass it into callVersionedRetrievalRpc.
  • src/lib/rag-candidate-sources.ts#L632-L873 and src/lib/rag.ts#L1543-L1691: thread args.signal through the document/chunk hydration, ranking metadata, and page-evidence queries.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/rag-candidate-sources.ts` around lines 185 - 207, Thread the caller
abort signal through the retrieval pipeline: add signal parameters to the
candidate loaders in src/lib/rag-candidate-sources.ts at lines 185-207 and
1006-1097, and pass them to callVersionedRetrievalRpc. Propagate args.signal
through document/chunk hydration and ranking metadata in
src/lib/rag-candidate-sources.ts at lines 632-873, plus page-evidence and
related queries in src/lib/rag.ts at lines 1543-1691, 2514-2527, and 2802-2852,
ensuring every relevant Supabase round-trip receives the signal.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/branch-review-ledger.md`:
- Line 598: Update the ledger row identified by commit 570e6ba56 in the branch
review record to replace every literal � replacement character with the intended
punctuation, preserving the entry’s wording and table structure.

In `@playwright.config.ts`:
- Line 58: Update the transition assertion in tests/ui-tools.spec.ts (1021-1033)
to honor the suite-wide reduced-motion setting from playwright.config.ts
(58-58): assert the zero-duration state under reduced motion, or restrict the
100ms assertion to a motion-enabled project.

In `@scripts/check-github-action-pins.mjs`:
- Around line 13-22: Guard the SAST-specific validation block near the existing
workflow-file processing so it does not read sast.yml when .github/workflows is
absent. Reuse the directory existence result from discoverGitHubActionFiles or
otherwise check the workflow directory before the SAST read, while preserving
normal validation when the directory exists.

In `@scripts/generate-site-map.ts`:
- Around line 397-408: Update the sitemap generation flow around
productRouteHandlerPaths and productRoutes so product redirect handlers are
included in the “Main product routes” section, while remaining excluded from
publicUtilityRouteHandlers. Adjust the downstream assertion in the relevant
sitemap test to expect these handlers in the main product routes section,
preserving the existing Redirects behavior as applicable.

In `@src/components/services/services-navigator-page.tsx`:
- Around line 497-502: Update the Link rendered for each comparison card in the
services navigator so its accessible name includes the corresponding service
name while retaining the visible “Open” text and existing destination. Use the
card’s service data already available in this rendering path to provide an
accessible label or equivalent link context.

In `@supabase/migrations/20260717010000_harden_rag_scalability_patch.sql`:
- Around line 31-96: Scope correct_clinical_query_terms vocabulary to the
caller’s owner and public records by adding the required access-scope parameters
and applying identical owner/public filters to both rag_aliases and
document_title_words. Mirror the complete scoped function definition in
supabase/schema.sql at lines 3473-3552, and update tests/supabase-schema.test.ts
at lines 1388-1406 to verify private vocabulary from another owner cannot affect
correction.

In `@tests/site-map.test.ts`:
- Around line 66-88: Update the site-map section assertions around
productSection, apiSection, and redirectSection to validate that each section
heading exists before slicing, so missing headings fail the test instead of
producing misleading empty sections. Also extract the Public utility route
handlers section and assert that it contains both /auth/callback and
/icons/[variant], while retaining the existing handler and API exclusion checks.

---

Outside diff comments:
In `@src/lib/rag-candidate-sources.ts`:
- Around line 185-207: Thread the caller abort signal through the retrieval
pipeline: add signal parameters to the candidate loaders in
src/lib/rag-candidate-sources.ts at lines 185-207 and 1006-1097, and pass them
to callVersionedRetrievalRpc. Propagate args.signal through document/chunk
hydration and ranking metadata in src/lib/rag-candidate-sources.ts at lines
632-873, plus page-evidence and related queries in src/lib/rag.ts at lines
1543-1691, 2514-2527, and 2802-2852, ensuring every relevant Supabase round-trip
receives the signal.

In `@src/lib/rag.ts`:
- Around line 1679-1687: Update the direct-image query near the source image
lookup to restrict results to the authorized document IDs using documentIds,
while preserving the existing image filters. In the attachment logic near the
corresponding result mapping, only attach an image when its document_id equals
the current result.document_id, preventing stale or cross-document
source_image_id values from being exposed.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: b34b0d93-4cea-4621-8c97-e337a3a1a9f5

📥 Commits

Reviewing files that changed from the base of the PR and between bf3c855 and 1fb6e5b.

📒 Files selected for processing (27)
  • docs/branch-review-ledger.md
  • docs/codebase-index.md
  • docs/site-map.md
  • playwright.config.ts
  • scripts/check-github-action-pins.mjs
  • scripts/generate-site-map.ts
  • src/app/layout.tsx
  • src/app/page.tsx
  • src/components/clinical-dashboard/master-search-header.tsx
  • src/components/forms/forms-home-page.tsx
  • src/components/services/services-navigator-page.tsx
  • src/lib/rag-candidate-sources.ts
  • src/lib/rag.ts
  • supabase/drift-manifest.json
  • supabase/migrations/20260714180000_patch_rag_and_corrector_scalability.sql
  • supabase/migrations/20260714190000_document_table_facts_trgm_idx.sql
  • supabase/migrations/20260717010000_harden_rag_scalability_patch.sql
  • supabase/schema.sql
  • tests/audit-content-services-regressions.test.ts
  • tests/audit-navigation-auth-regressions.test.ts
  • tests/rag-variant-early-exit.test.ts
  • tests/site-map.test.ts
  • tests/supabase-schema.test.ts
  • tests/ui-accessibility.spec.ts
  • tests/ui-smoke.spec.ts
  • tests/ui-tools.spec.ts
  • tsconfig.json

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Inline review comments failed to post. This is likely due to GitHub's internal server error or limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
src/lib/rag.ts (1)

1679-1687: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Restrict direct images to the result’s authorized document.

The service-role query filters only by image ID, and attachment does not verify image.document_id === result.document_id. A stale or cross-document source_image_id can therefore expose another document’s image. Filter the query by documentIds and enforce document equality when attaching.

Also applies to: 1741-1746

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/rag.ts` around lines 1679 - 1687, Update the direct-image query near
the source image lookup to restrict results to the authorized document IDs using
documentIds, while preserving the existing image filters. In the attachment
logic near the corresponding result mapping, only attach an image when its
document_id equals the current result.document_id, preventing stale or
cross-document source_image_id values from being exposed.
src/lib/rag-candidate-sources.ts (1)

185-207: 🩺 Stability & Availability | 🟠 Major | 🏗️ Heavy lift

Thread the caller abort signal through the retrieval pipeline.

These helpers still finish their Supabase round-trips after the request is canceled because signal stops at the orchestration layer.

  • src/lib/rag-candidate-sources.ts#L185-L207, #L1006-L1097: add signal to the candidate loaders and pass it into callVersionedRetrievalRpc.
  • src/lib/rag-candidate-sources.ts#L632-L873 and src/lib/rag.ts#L1543-L1691: thread args.signal through the document/chunk hydration, ranking metadata, and page-evidence queries.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/rag-candidate-sources.ts` around lines 185 - 207, Thread the caller
abort signal through the retrieval pipeline: add signal parameters to the
candidate loaders in src/lib/rag-candidate-sources.ts at lines 185-207 and
1006-1097, and pass them to callVersionedRetrievalRpc. Propagate args.signal
through document/chunk hydration and ranking metadata in
src/lib/rag-candidate-sources.ts at lines 632-873, plus page-evidence and
related queries in src/lib/rag.ts at lines 1543-1691, 2514-2527, and 2802-2852,
ensuring every relevant Supabase round-trip receives the signal.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/branch-review-ledger.md`:
- Line 598: Update the ledger row identified by commit 570e6ba56 in the branch
review record to replace every literal � replacement character with the intended
punctuation, preserving the entry’s wording and table structure.

In `@playwright.config.ts`:
- Line 58: Update the transition assertion in tests/ui-tools.spec.ts (1021-1033)
to honor the suite-wide reduced-motion setting from playwright.config.ts
(58-58): assert the zero-duration state under reduced motion, or restrict the
100ms assertion to a motion-enabled project.

In `@scripts/check-github-action-pins.mjs`:
- Around line 13-22: Guard the SAST-specific validation block near the existing
workflow-file processing so it does not read sast.yml when .github/workflows is
absent. Reuse the directory existence result from discoverGitHubActionFiles or
otherwise check the workflow directory before the SAST read, while preserving
normal validation when the directory exists.

In `@scripts/generate-site-map.ts`:
- Around line 397-408: Update the sitemap generation flow around
productRouteHandlerPaths and productRoutes so product redirect handlers are
included in the “Main product routes” section, while remaining excluded from
publicUtilityRouteHandlers. Adjust the downstream assertion in the relevant
sitemap test to expect these handlers in the main product routes section,
preserving the existing Redirects behavior as applicable.

In `@src/components/services/services-navigator-page.tsx`:
- Around line 497-502: Update the Link rendered for each comparison card in the
services navigator so its accessible name includes the corresponding service
name while retaining the visible “Open” text and existing destination. Use the
card’s service data already available in this rendering path to provide an
accessible label or equivalent link context.

In `@supabase/migrations/20260717010000_harden_rag_scalability_patch.sql`:
- Around line 31-96: Scope correct_clinical_query_terms vocabulary to the
caller’s owner and public records by adding the required access-scope parameters
and applying identical owner/public filters to both rag_aliases and
document_title_words. Mirror the complete scoped function definition in
supabase/schema.sql at lines 3473-3552, and update tests/supabase-schema.test.ts
at lines 1388-1406 to verify private vocabulary from another owner cannot affect
correction.

In `@tests/site-map.test.ts`:
- Around line 66-88: Update the site-map section assertions around
productSection, apiSection, and redirectSection to validate that each section
heading exists before slicing, so missing headings fail the test instead of
producing misleading empty sections. Also extract the Public utility route
handlers section and assert that it contains both /auth/callback and
/icons/[variant], while retaining the existing handler and API exclusion checks.

---

Outside diff comments:
In `@src/lib/rag-candidate-sources.ts`:
- Around line 185-207: Thread the caller abort signal through the retrieval
pipeline: add signal parameters to the candidate loaders in
src/lib/rag-candidate-sources.ts at lines 185-207 and 1006-1097, and pass them
to callVersionedRetrievalRpc. Propagate args.signal through document/chunk
hydration and ranking metadata in src/lib/rag-candidate-sources.ts at lines
632-873, plus page-evidence and related queries in src/lib/rag.ts at lines
1543-1691, 2514-2527, and 2802-2852, ensuring every relevant Supabase round-trip
receives the signal.

In `@src/lib/rag.ts`:
- Around line 1679-1687: Update the direct-image query near the source image
lookup to restrict results to the authorized document IDs using documentIds,
while preserving the existing image filters. In the attachment logic near the
corresponding result mapping, only attach an image when its document_id equals
the current result.document_id, preventing stale or cross-document
source_image_id values from being exposed.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: b34b0d93-4cea-4621-8c97-e337a3a1a9f5

📥 Commits

Reviewing files that changed from the base of the PR and between bf3c855 and 1fb6e5b.

📒 Files selected for processing (27)
  • docs/branch-review-ledger.md
  • docs/codebase-index.md
  • docs/site-map.md
  • playwright.config.ts
  • scripts/check-github-action-pins.mjs
  • scripts/generate-site-map.ts
  • src/app/layout.tsx
  • src/app/page.tsx
  • src/components/clinical-dashboard/master-search-header.tsx
  • src/components/forms/forms-home-page.tsx
  • src/components/services/services-navigator-page.tsx
  • src/lib/rag-candidate-sources.ts
  • src/lib/rag.ts
  • supabase/drift-manifest.json
  • supabase/migrations/20260714180000_patch_rag_and_corrector_scalability.sql
  • supabase/migrations/20260714190000_document_table_facts_trgm_idx.sql
  • supabase/migrations/20260717010000_harden_rag_scalability_patch.sql
  • supabase/schema.sql
  • tests/audit-content-services-regressions.test.ts
  • tests/audit-navigation-auth-regressions.test.ts
  • tests/rag-variant-early-exit.test.ts
  • tests/site-map.test.ts
  • tests/supabase-schema.test.ts
  • tests/ui-accessibility.spec.ts
  • tests/ui-smoke.spec.ts
  • tests/ui-tools.spec.ts
  • tsconfig.json
🛑 Comments failed to post (7)
docs/branch-review-ledger.md (1)

598-598: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Remove the replacement characters from this ledger entry.

The updated row contains literal characters. Replace them with the intended punctuation so the review record remains readable and auditable.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/branch-review-ledger.md` at line 598, Update the ledger row identified
by commit 570e6ba56 in the branch review record to replace every literal �
replacement character with the intended punctuation, preserving the entry’s
wording and table structure.
playwright.config.ts (1)

58-58: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -eu

config="$(fd -a '^playwright\.config\.ts$' | head -n1)"
spec="$(fd -a '^ui-tools\.spec\.ts$' tests | head -n1)"

sed -n '41,83p' "$config"
rg -n -C8 'transitionDuration|reducedMotion|browserName|test\.skip' "$spec"

Repository: BigSimmo/Database

Length of output: 1483


🏁 Script executed:

#!/bin/bash
set -eu

config="$(fd -a 'playwright\.config\.ts$' | head -n1)"
spec="$(fd -a 'ui-tools\.spec\.ts$' tests | head -n1)"

printf '\n== playwright.config.ts ==\n'
sed -n '45,75p' "$config"

printf '\n== tests/ui-tools.spec.ts ==\n'
sed -n '1000,1040p' "$spec"

Repository: BigSimmo/Database

Length of output: 3181


🏁 Script executed:

#!/bin/bash
set -eu

spec="$(fd -a 'ui-tools\.spec\.ts$' tests | head -n1)"
config="$(fd -a 'playwright\.config\.ts$' | head -n1)"

printf '\n== motion-related uses in playwright.config.ts ==\n'
rg -n 'reducedMotion|contextOptions|use:' "$config"

printf '\n== surrounding test body ==\n'
sed -n '1008,1045p' "$spec"

printf '\n== motion-related matches in tests/ui-tools.spec.ts ==\n'
rg -n 'reducedMotion|transitionDuration|transitionProperty|motion-reduce|durationMs|browserName|test\.use|test\.describe' "$spec"

Repository: BigSimmo/Database

Length of output: 2613


🏁 Script executed:

#!/bin/bash
set -eu

spec="$(fd -a 'ui-tools\.spec\.ts$' tests | head -n1)"

sed -n '1014,1038p' "$spec"

Repository: BigSimmo/Database

Length of output: 1271


🏁 Script executed:

#!/bin/bash
set -eu

rg -n -C4 'answer-footer-search-dock|motion-reduce:transition-none|transition-(none|duration|transform)|data-scroll-hidden|data-command-open' .

Repository: BigSimmo/Database

Length of output: 50373


Make the transition assertion respect the suite-wide reduced-motion setting. playwright.config.ts applies reducedMotion: "reduce" to every project, so this test should not require a 100ms transition here; assert the zero-duration state instead or scope the check to a motion-enabled project.

📍 Affects 2 files
  • playwright.config.ts#L58-L58 (this comment)
  • tests/ui-tools.spec.ts#L1021-L1033
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@playwright.config.ts` at line 58, Update the transition assertion in
tests/ui-tools.spec.ts (1021-1033) to honor the suite-wide reduced-motion
setting from playwright.config.ts (58-58): assert the zero-duration state under
reduced motion, or restrict the 100ms assertion to a motion-enabled project.
scripts/check-github-action-pins.mjs (1)

13-22: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Guard the later SAST validation as well.

discoverGitHubActionFiles() now returns [] when .github/workflows is absent, but the subsequent sast.yml validation at Line [65] still reads from that directory unconditionally. The script will therefore still fail with ENOENT in the missing-directory scenario this change intends to support. Skip or explicitly handle the SAST-specific block when the workflow directory is absent.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/check-github-action-pins.mjs` around lines 13 - 22, Guard the
SAST-specific validation block near the existing workflow-file processing so it
does not read sast.yml when .github/workflows is absent. Reuse the directory
existence result from discoverGitHubActionFiles or otherwise check the workflow
directory before the SAST read, while preserving normal validation when the
directory exists.
scripts/generate-site-map.ts (1)

397-408: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Include product redirect handlers in “Main product routes”.

These handlers are excluded from both the product and public-utility sections, so they appear only under Redirects. This contradicts the placement contract and the test name; combine handlers in productRouteHandlerPaths with productRoutes, then change the downstream assertion at Line 96 to expect their presence.

Proposed fix
+  const productRouteHandlers = data.publicRouteHandlers.filter((route) =>
+    productRouteHandlerPaths.has(route.route),
+  );
   const publicUtilityRouteHandlers = data.publicRouteHandlers.filter(
     (route) => !productRouteHandlerPaths.has(route.route),
   );
+  const mainProductRoutes = [...productRoutes, ...productRouteHandlers].sort((left, right) =>
+    left.route.localeCompare(right.route),
+  );

     ...section(
       "Main product routes",
-      productRoutes.map((route) => routeLine(route, routeDescriptions)),
+      mainProductRoutes.map((route) => routeLine(route, routeDescriptions)),
     ),
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

  const productRouteHandlers = data.publicRouteHandlers.filter((route) =>
    productRouteHandlerPaths.has(route.route),
  );
  const publicUtilityRouteHandlers = data.publicRouteHandlers.filter(
    (route) => !productRouteHandlerPaths.has(route.route),
  );
  const mainProductRoutes = [...productRoutes, ...productRouteHandlers].sort((left, right) =>
    left.route.localeCompare(right.route),
  );

  const lines = [
    "# Clinical KB Site Map",
    "",
    "This file is generated by `npm run sitemap:update`. Run `npm run sitemap:check` to verify it is current.",
    "",
    ...section(
      "Main product routes",
      mainProductRoutes.map((route) => routeLine(route, routeDescriptions)),
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/generate-site-map.ts` around lines 397 - 408, Update the sitemap
generation flow around productRouteHandlerPaths and productRoutes so product
redirect handlers are included in the “Main product routes” section, while
remaining excluded from publicUtilityRouteHandlers. Adjust the downstream
assertion in the relevant sitemap test to expect these handlers in the main
product routes section, preserving the existing Redirects behavior as
applicable.
src/components/services/services-navigator-page.tsx (1)

497-502: 🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win

Include the service name in each comparison link’s accessible name.

Every comparison card exposes an identical “Open” link, so assistive-technology link lists cannot distinguish their destinations.

Proposed fix
 <Link
   href={`/services/${service.slug}`}
+  aria-label={`Open ${service.title}`}
   className="inline-flex min-h-tap items-center text-xs font-bold text-[color:var(--clinical-accent)] sm:min-h-0"
 >
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

                <Link
                  href={`/services/${service.slug}`}
                  aria-label={`Open ${service.title}`}
                  className="inline-flex min-h-tap items-center text-xs font-bold text-[color:var(--clinical-accent)] sm:min-h-0"
                >
                  Open
                </Link>
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/components/services/services-navigator-page.tsx` around lines 497 - 502,
Update the Link rendered for each comparison card in the services navigator so
its accessible name includes the corresponding service name while retaining the
visible “Open” text and existing destination. Use the card’s service data
already available in this rendering path to provide an accessible label or
equivalent link context.
supabase/migrations/20260717010000_harden_rag_scalability_patch.sql (1)

31-96: 🔒 Security & Privacy | 🟠 Major | 🏗️ Heavy lift

Scope typo-correction vocabulary to the caller’s retrieval access.

The security-definer corrector scans every tenant’s aliases and document-title words. A tenant can poison another tenant’s typo correction with crafted private titles or aliases. Pass owner/public scope into the RPC and filter both vocabulary sources consistently.

  • supabase/migrations/20260717010000_harden_rag_scalability_patch.sql#L31-L96: add access-scope parameters and owner/public filters.
  • supabase/schema.sql#L3473-L3552: mirror the scoped final function definition.
  • tests/supabase-schema.test.ts#L1388-L1406: assert private vocabulary cannot affect another owner’s correction.
📍 Affects 3 files
  • supabase/migrations/20260717010000_harden_rag_scalability_patch.sql#L31-L96 (this comment)
  • supabase/schema.sql#L3473-L3552
  • tests/supabase-schema.test.ts#L1388-L1406
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@supabase/migrations/20260717010000_harden_rag_scalability_patch.sql` around
lines 31 - 96, Scope correct_clinical_query_terms vocabulary to the caller’s
owner and public records by adding the required access-scope parameters and
applying identical owner/public filters to both rag_aliases and
document_title_words. Mirror the complete scoped function definition in
supabase/schema.sql at lines 3473-3552, and update tests/supabase-schema.test.ts
at lines 1388-1406 to verify private vocabulary from another owner cannot affect
correction.
tests/site-map.test.ts (1)

66-88: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Make section-placement assertions fail when headings are missing.

Unchecked indexOf() results can yield empty slices, making every negative assertion pass. Also extract the Public utility route handlers section and positively assert that /auth/callback and /icons/[variant] occur there.

Proposed fix
+    const productStart = siteMap.indexOf("## Main product routes");
+    const modeStart = siteMap.indexOf("## Mode/query routes");
+    const utilityStart = siteMap.indexOf("## Public utility route handlers");
+    const apiStart = siteMap.indexOf("## API routes");
+    const redirectsStart = siteMap.indexOf("## Redirects");
+
+    expect([productStart, modeStart, utilityStart, apiStart, redirectsStart]).not.toContain(-1);
+
-    const productSection = siteMap.slice(
-      siteMap.indexOf("## Main product routes"),
-      siteMap.indexOf("## Mode/query routes"),
-    );
-    const apiSection = siteMap.slice(siteMap.indexOf("## API routes"), siteMap.indexOf("## Redirects"));
+    const productSection = siteMap.slice(productStart, modeStart);
+    const utilitySection = siteMap.slice(utilityStart, apiStart);
+    const apiSection = siteMap.slice(apiStart, redirectsStart);
+    expect(utilitySection).toContain("`/auth/callback`");
+    expect(utilitySection).toContain("`/icons/[variant]`");
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

    const productStart = siteMap.indexOf("## Main product routes");
    const modeStart = siteMap.indexOf("## Mode/query routes");
    const utilityStart = siteMap.indexOf("## Public utility route handlers");
    const apiStart = siteMap.indexOf("## API routes");
    const redirectsStart = siteMap.indexOf("## Redirects");

    expect([productStart, modeStart, utilityStart, apiStart, redirectsStart]).not.toContain(-1);

    const productSection = siteMap.slice(productStart, modeStart);
    const utilitySection = siteMap.slice(utilityStart, apiStart);
    const apiSection = siteMap.slice(apiStart, redirectsStart);
    const expectedProductHandlers = [
      ["/applications", "src/app/applications/route.ts", "/tools"],
      [
        "/differentials/presentations",
        "src/app/differentials/presentations/route.ts",
        "/differentials/presentations/[workflow-slug]",
      ],
      ["/medications", "src/app/medications/route.ts", "/?mode=prescribing"],
    ] as const;
    const redirectSection = siteMap.slice(siteMap.indexOf("## Redirects"));

    expect(utilitySection).toContain("`/auth/callback`");
    expect(utilitySection).toContain("`/icons/[variant]`");
    expect(data.apiRoutes.every((route) => route.route === "/api" || route.route.startsWith("/api/"))).toBe(true);
    expect(data.publicRouteHandlers.some((route) => route.route === "/auth/callback")).toBe(true);
    expect(data.publicRouteHandlers).toContainEqual({
      route: "/icons/[variant]",
      file: "src/app/icons/[variant]/route.tsx",
    });
    expect(apiSection).not.toContain("`/icons/[variant]`");
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/site-map.test.ts` around lines 66 - 88, Update the site-map section
assertions around productSection, apiSection, and redirectSection to validate
that each section heading exists before slicing, so missing headings fail the
test instead of producing misleading empty sections. Also extract the Public
utility route handlers section and assert that it contains both /auth/callback
and /icons/[variant], while retaining the existing handler and API exclusion
checks.

@BigSimmo BigSimmo changed the title codex/main merge safe final 20260718 resubmit fix: merge design-audit remediation into main Jul 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants