Add checksum type indicator to bundle detail page

[riderx]

Summary

Added a visual checksum type indicator badge (SHA-256 or CRC32) to the bundle detail page. When hovering over the badge, users see a tooltip explaining the checksum algorithm, minimum required plugin version, and the algorithm's purpose.

Test plan

1. Navigate to any bundle detail page in the dashboard
2. Look for the checksum field - you should see a colored badge next to the truncated hash
3. Hover over the badge to view the tooltip with algorithm details and minimum plugin version
4. Verify the color changes based on checksum type: blue for SHA-256, green for CRC32

Screenshots

The badge appears inline with the checksum display, using DaisyUI styling for consistency with the rest of the application.

Checklist

• My code follows the code style of this project and passes bun run lint:backend && bun run lint.
• My change requires a change to the documentation.
• I have tested my code manually, and I have provided steps how to reproduce my tests

Summary by CodeRabbit

• New Features
  • Bundle details now show an enhanced checksum badge with algorithm identification, security/verification text, and minimum plugin version info via an interactive tooltip.
• Documentation
  • Added four new public translation strings for checksum labels, descriptions, algorithm info, and minimum plugin version.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@riderx has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 8 minutes and 57 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between a679080 and 353edd6.

📒 Files selected for processing (17)

• messages/de.json
• messages/en.json
• messages/es.json
• messages/fr.json
• messages/hi.json
• messages/id.json
• messages/it.json
• messages/ja.json
• messages/ko.json
• messages/pl.json
• messages/pt-br.json
• messages/ru.json
• messages/tr.json
• messages/vi.json
• messages/zh-cn.json
• src/pages/app/[package].bundle.[bundle].vue
• src/services/conversion.ts

📝 Walkthrough

Walkthrough

Adds checksum metadata: four new translation keys, an exported checksum classification API (getChecksumInfo, ChecksumType, ChecksumInfo) that infers sha256/crc32/unknown by length, and UI changes to show a checksum-type badge with tooltip in the bundle page.

Changes

Cohort / File(s)	Summary
Translations messages/en.json	Added four public translation keys: checksum-crc32-desc, checksum-sha256-desc, checksum-type-info, min-plugin-version.
Checksum service src/services/conversion.ts	Exported ChecksumType, ChecksumInfo, and getChecksumInfo(checksum) which classifies checksums by length (64→sha256, 8→crc32, else unknown) and returns metadata (label, minPluginVersion, features).
Bundle UI src/pages/app/[package].bundle.[bundle].vue	Imported getChecksumInfo, added checksumInfo computed property, and updated template to display checksum as a dynamic badge with tooltip showing type, label, min plugin version, and descriptive text.

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

enhancement

Poem

🐇 I hopped through keys and bytes today,
A badge for checksums to light the way,
sha256, crc32 — now named and neat,
A tooltip snug with version and feat,
Hooray! 🥕✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding a checksum type indicator badge to the bundle detail page.
Description check	✅ Passed	The description covers all major sections of the template: Summary, Test plan, Screenshots, and Checklist with most items addressed.

_{✏️ Tip: You can configure your own custom Pre-merge Checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @src/services/conversion.ts:
- Around line 51-87: The getChecksumInfo function currently classifies checksums
by length only; update it to also validate that the string contains only
hexadecimal characters before returning sha256 (for length 64) or crc32 (for
length 8). Specifically, in getChecksumInfo add a hex-format check (e.g. a regex
check for only 0-9A-F/a-f) applied when length === 64 and length === 8, and fall
back to the existing unknown return if the content is not valid hex; keep all
existing return shapes and labels (type/label/minPluginVersion/features).
- Around line 66-67: The hardcoded minPluginVersion for the SHA-256 entry is
incorrect: update the object with label 'SHA-256' by changing its
minPluginVersion from '4.4.0' to the correct minimum based on the targeted
plugin major line (use '5.10.0' for v5.x, '6.25.0' for v6.x, or leave as the v7+
baseline if targeting v7), and while here verify the CRC32 entry (label 'CRC32'
/ minPluginVersion '4.0.0') against the plugin changelog and adjust that
minPluginVersion if needed to reflect the true historical requirement.

🧹 Nitpick comments (1)

src/pages/app/[package].bundle.[bundle].vue (1)

741-762: Consider extracting the badge and tooltip to a reusable component.

The checksum badge and tooltip implementation is well-structured, but the inline complexity could be improved by extracting it into a dedicated component (e.g., ChecksumBadge.vue). This would:

• Improve maintainability if similar badges are needed elsewhere
• Reduce template complexity in this page
• Make the tooltip behavior easier to test

Additionally, the whitespace-nowrap class on the tooltip (line 754) might truncate longer translations. Consider using whitespace-normal or max-w-xs to allow text wrapping for better i18n support.

💡 Optional refactor: Extract to component

Create src/components/ChecksumBadge.vue:

<script setup lang="ts">
import type { ChecksumInfo } from '~/services/conversion'

defineProps<{
  checksumInfo: ChecksumInfo
}>()

const { t } = useI18n()
</script>

<template>
  <div class="relative group">
    <span
      class="inline-flex items-center px-2 py-0.5 text-xs font-medium rounded-full cursor-help"
      :class="{
        'bg-blue-100 text-blue-800 dark:bg-blue-900/50 dark:text-blue-200': checksumInfo.type === 'sha256',
        'bg-green-100 text-green-800 dark:bg-green-900/50 dark:text-green-200': checksumInfo.type === 'crc32',
        'bg-gray-100 text-gray-800 dark:bg-gray-700 dark:text-gray-200': checksumInfo.type === 'unknown',
      }"
    >
      {{ checksumInfo.label }}
    </span>
    <!-- Tooltip content... -->
  </div>
</template>

Then use it in the page:

<ChecksumBadge :checksum-info="checksumInfo" />

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e79bab9 and 33d8b81.

📒 Files selected for processing (3)

• messages/en.json
• src/pages/app/[package].bundle.[bundle].vue
• src/services/conversion.ts

🧰 Additional context used

📓 Path-based instructions (11)

**/*.{ts,tsx,js,jsx,vue}

📄 CodeRabbit inference engine (CLAUDE.md)

Use single quotes and no semicolons per @antfu/eslint-config

Files:

• src/services/conversion.ts
• src/pages/app/[package].bundle.[bundle].vue

src/services/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

API clients and external service integrations should be organized in src/services/ directory

Files:

• src/services/conversion.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Use TypeScript strict mode with path aliases mapping ~/ to src/

Files:

• src/services/conversion.ts

{capacitor.config.{ts,js},src/**/*.{ts,tsx,vue}}

📄 CodeRabbit inference engine (CLAUDE.md)

Mobile apps should use Capacitor with app ID ee.forgr.capacitor_go for native mobile functionality

Files:

• src/services/conversion.ts
• src/pages/app/[package].bundle.[bundle].vue

src/**/*.{ts,tsx,vue,js}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use ~/ alias for imports from src/ directory in frontend TypeScript and Vue components

Files:

• src/services/conversion.ts
• src/pages/app/[package].bundle.[bundle].vue

src/**/*.{vue,ts,js}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Frontend ESLint must pass before commit; run bun lint:fix to auto-fix issues in frontend files

Files:

• src/services/conversion.ts
• src/pages/app/[package].bundle.[bundle].vue

src/**/*.{vue,ts,tsx,js}

📄 CodeRabbit inference engine (AGENTS.md)

Konsta components are reserved for the safe area helpers; avoid importing konsta anywhere else in the app

Files:

• src/services/conversion.ts
• src/pages/app/[package].bundle.[bundle].vue

src/**/*.vue

📄 CodeRabbit inference engine (CLAUDE.md)

src/**/*.vue: Use Vue 3 with Composition API and <script setup> syntax for frontend components
Style components using TailwindCSS with DaisyUI components

src/**/*.vue: Use Vue 3 <script setup> syntax exclusively for all Vue component scripts
Use Tailwind utility classes for layout and spacing in Vue components
Use DaisyUI components (d-btn, d-input, d-card) for interactive elements in Vue components
Use Konsta components ONLY for safe area helpers (top/bottom insets) in Vue components; avoid other uses
Use useRoute() from vue-router to access route parameters and useRouter() for programmatic navigation in Vue components

Use DaisyUI (d- prefixed classes) for buttons, inputs, and other interactive primitives to keep behavior and spacing consistent

Files:

• src/pages/app/[package].bundle.[bundle].vue

src/pages/**/*.vue

📄 CodeRabbit inference engine (CLAUDE.md)

Use file-based routing with unplugin-vue-router for frontend pages

Frontend file-based routing uses src/pages/ directory structure; routes auto-generate with unplugin-vue-router and types are available in src/typed-router.d.ts

Files:

• src/pages/app/[package].bundle.[bundle].vue

src/**/*.{vue,css,scss}

📄 CodeRabbit inference engine (AGENTS.md)

The web client is built with Vue.js and Tailwind CSS; lean on utility classes and composition-friendly patterns rather than bespoke CSS

Files:

• src/pages/app/[package].bundle.[bundle].vue

src/**/*.{css,scss,vue}

📄 CodeRabbit inference engine (AGENTS.md)

Mirror the Capgo design palette from src/styles/style.css (e.g., --color-primary-500: #515271, --color-azure-500: #119eff) when introducing new UI, using deep slate bases with the Extract azure highlight and soft radii

Files:

• src/pages/app/[package].bundle.[bundle].vue

🧠 Learnings (2)

📚 Learning: 2025-10-30T14:58:37.007Z

Learnt from: Dalanir
Repo: Cap-go/capgo PR: 1238
File: src/layouts/settings.vue:7-13
Timestamp: 2025-10-30T14:58:37.007Z
Learning: In the Cap-go/capgo repository, heroicons are imported using the pattern `~icons/heroicons/icon-name` (e.g., `~icons/heroicons/user`, `~icons/heroicons/bell`) without requiring `/outline/` or `/solid/` path segments. Solid variants use a `-solid` suffix in the icon name itself (e.g., `~icons/heroicons/arrow-path-solid`).

Applied to files:

• src/pages/app/[package].bundle.[bundle].vue

📚 Learning: 2025-12-23T01:19:04.593Z

Learnt from: riderx
Repo: Cap-go/capgo PR: 1297
File: src/components/dashboard/DeploymentBanner.vue:77-79
Timestamp: 2025-12-23T01:19:04.593Z
Learning: In the Cap-go codebase, ensure that app permission checks never include the role 'owner'. App-level permissions should be based on the user_min_right enum with values: read, upload, write, admin, super_admin (and NOT owner). This pattern applies across Vue components that perform permission checks; if you find a check referencing 'owner' for app-level access, replace it with the appropriate user_min_right value and keep organization-level owner handling in organization.ts.

Applied to files:

• src/pages/app/[package].bundle.[bundle].vue

🔇 Additional comments (4)

src/pages/app/[package].bundle.[bundle].vue (2)

17-17: LGTM: Import statement is correct.

The import follows the project's path alias convention and imports the necessary function for checksum detection.

---

159-161: LGTM: Computed property implementation is clean.

The computed property correctly uses optional chaining to handle undefined version values and follows Vue 3 Composition API best practices.

messages/en.json (1)

454-456: LGTM: Translation keys are clear and concise.

The new translation keys (checksum-crc32-desc, checksum-sha256-desc, checksum-type-info, min-plugin-version) are well-named and provide useful information to users.

Minor observation: The min-plugin-version key at line 866 is separated from the other checksum-related keys (lines 454-456). Consider grouping them together in future updates for easier maintenance.

Also applies to: 866-866

src/services/conversion.ts (1)

37-44: LGTM: Type definitions are well-structured.

The ChecksumType union type and ChecksumInfo interface are clearly defined and provide good type safety for the checksum detection feature.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Find all usages of getChecksumInfo function
rg -n "getChecksumInfo" --type=ts --type=tsx --type=vue -B 2 -A 2

Repository: Cap-go/capgo

Length of output: 83

---

🏁 Script executed:

# Find where checksums are sourced/defined in the codebase
rg -n "checksum" --type=ts --type=tsx --type=vue -B 2 -A 2 | head -100

Repository: Cap-go/capgo

Length of output: 83

---

🏁 Script executed:

# Check if there's any validation logic already in place for checksums
rg -n "hex|checksum.*validat|validat.*checksum" --type=ts --type=tsx -i

Repository: Cap-go/capgo

Length of output: 83

---

🏁 Script executed:

# Look for database schema or types related to checksums
fd -e ts -e tsx -e vue | xargs rg -l "checksum" | head -20

Repository: Cap-go/capgo

Length of output: 822

---

🏁 Script executed:

# Retry with corrected file types (ts and vue only)
rg -n "getChecksumInfo" --type=ts --type=vue -B 2 -A 2

Repository: Cap-go/capgo

Length of output: 83

---

🏁 Script executed:

# Find checksum references without problematic types
rg -n "checksum" --type=ts --type=vue -i | head -50

Repository: Cap-go/capgo

Length of output: 83

---

🏁 Script executed:

# Look at the conversion.ts file
cat -n src/services/conversion.ts

Repository: Cap-go/capgo

Length of output: 2959

---

🏁 Script executed:

# Check test files related to checksums
cat -n tests/cli-old-checksum.test.ts

Repository: Cap-go/capgo

Length of output: 1390

---

🏁 Script executed:

# Search for getChecksumInfo usage
rg -n "getChecksumInfo" --type=ts

Repository: Cap-go/capgo

Length of output: 170

---

🏁 Script executed:

# Search for where checksums are generated or stored
rg -n "checksum.*=" --type=ts -A 1 | head -60

Repository: Cap-go/capgo

Length of output: 2600

---

🏁 Script executed:

# Look for checksum handling in bundle/upload functions
rg -n "checksum" supabase/functions/_backend/public/bundle/create.ts -B 3 -A 3

Repository: Cap-go/capgo

Length of output: 945

---

🏁 Script executed:

# Check if checksums are validated when stored in database
rg -n "checksum" supabase/functions/_backend/utils/postgres_schema.ts -B 2 -A 2

Repository: Cap-go/capgo

Length of output: 274

---

🏁 Script executed:

# Search for imports of getChecksumInfo or from conversion.ts
rg -n "getChecksumInfo|from.*conversion" --type=ts

Repository: Cap-go/capgo

Length of output: 349

---

🏁 Script executed:

# Search in all files for getChecksumInfo usage
rg -n "getChecksumInfo" -t ts -t js

Repository: Cap-go/capgo

Length of output: 386

---

🏁 Script executed:

# Check frontend directory structure
find src -type f -name "*.ts" -o -name "*.js" | head -20

Repository: Cap-go/capgo

Length of output: 581

---

🏁 Script executed:

# Look for checksum handling in frontend
rg -n "checksum" src --type=ts --type=js -B 1 -A 1

Repository: Cap-go/capgo

Length of output: 8040

---

🏁 Script executed:

# Check how checksums are generated/validated in backend upload handler
rg -n "parseChecksum" supabase/functions/_backend/files/uploadHandler.ts -B 5 -A 10

Repository: Cap-go/capgo

Length of output: 1161

---

🏁 Script executed:

# Check the parse.ts file for checksum parsing details
cat -n supabase/functions/_backend/files/parse.ts | head -80

Repository: Cap-go/capgo

Length of output: 2570

---

🏁 Script executed:

# Check what format checksums are stored in the database
rg -n "toBase64|fromBase64" supabase/functions/_backend/files/ --type=ts -B 2 -A 2

Repository: Cap-go/capgo

Length of output: 4545

---

🏁 Script executed:

# Check the util.ts to understand checksum format
cat -n supabase/functions/_backend/files/util.ts | head -100

Repository: Cap-go/capgo

Length of output: 3653

---

🏁 Script executed:

# See how checksum is stored when inserting into database
rg -n "custom_metadata\|X_CHECKSUM" supabase/functions/_backend/ --type=ts -B 2 -A 2 | head -40

Repository: Cap-go/capgo

Length of output: 38

---

🏁 Script executed:

# Check if checksums are converted to hex format anywhere
rg -n "toHex|toString.*16|Buffer.*hex" supabase/functions/_backend/ --type=ts

Repository: Cap-go/capgo

Length of output: 391

---

🏁 Script executed:

# Check how checksums are returned to the frontend
rg -n "checksum.*return|return.*checksum" supabase/functions/_backend/public/ --type=ts -B 3 -A 3

Repository: Cap-go/capgo

Length of output: 38

---

🏁 Script executed:

# Look at the bundle create endpoint to see what's stored in the database
rg -n "app_versions.*insert|checksum.*insert" supabase/functions/_backend/public/bundle/create.ts -B 5 -A 5

Repository: Cap-go/capgo

Length of output: 38

---

🏁 Script executed:

# Check if there's a conversion from base64 to hex anywhere in the frontend
rg -n "toHex|toString.*16|hex" src/ --type=ts

Repository: Cap-go/capgo

Length of output: 308

---

🏁 Script executed:

# Check what format the checksum field actually contains in the database
# Look at how bundle creates are tested
cat -n tests/bundle-create.test.ts | head -100

Repository: Cap-go/capgo

Length of output: 4307

---

🏁 Script executed:

# Check the CLI/SDK to see what format it sends checksums in
rg -n "checksum" supabase/functions/_backend/public/bundle/create.ts -B 5 -A 5

Repository: Cap-go/capgo

Length of output: 1600

---

🏁 Script executed:

# See what happens with the checksum in the update flow
rg -n "body\.checksum\|checksum.*string" supabase/functions/_backend/public/bundle/create.ts -B 3 -A 3

Repository: Cap-go/capgo

Length of output: 38

---

Add hexadecimal validation to match documented behavior.

The getChecksumInfo function's JSDoc explicitly states it expects "64 hex characters" for SHA-256 and "8 hex characters" for CRC32, but the implementation only checks string length. A non-hexadecimal string of 64 characters would be incorrectly classified as SHA-256. While checksums currently come from controlled sources (SDK/backend), adding format validation makes the function more robust and aligns with its documented contract.

Suggested enhancement with hex validation

 export function getChecksumInfo(checksum: string | null | undefined): ChecksumInfo {
   if (!checksum) {
     return {
       type: 'unknown',
       label: 'Unknown',
       minPluginVersion: '-',
       features: [],
     }
   }

   const length = checksum.length
+  const isHex = /^[0-9a-fA-F]+$/.test(checksum)
+
+  if (!isHex) {
+    return {
+      type: 'unknown',
+      label: 'Unknown',
+      minPluginVersion: '-',
+      features: [],
+    }
+  }

   if (length === 64) {
     return {
       type: 'sha256',
       label: 'SHA-256',
       minPluginVersion: '4.4.0',
       features: ['integrity-verification', 'corruption-detection', 'security'],
     }
   }

   if (length === 8) {
     return {
       type: 'crc32',
       label: 'CRC32',
       minPluginVersion: '4.0.0',
       features: ['fast-verification', 'corruption-detection'],
     }
   }

   return {
     type: 'unknown',
     label: 'Unknown',
     minPluginVersion: '-',
     features: [],
   }
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export function getChecksumInfo(checksum: string | null | undefined): ChecksumInfo {
	if (!checksum) {
	return {
	type: 'unknown',
	label: 'Unknown',
	minPluginVersion: '-',
	features: [],
	}
	}
	const length = checksum.length
	if (length === 64) {
	return {
	type: 'sha256',
	label: 'SHA-256',
	minPluginVersion: '4.4.0',
	features: ['integrity-verification', 'corruption-detection', 'security'],
	}
	}
	if (length === 8) {
	return {
	type: 'crc32',
	label: 'CRC32',
	minPluginVersion: '4.0.0',
	features: ['fast-verification', 'corruption-detection'],
	}
	}
	return {
	type: 'unknown',
	label: 'Unknown',
	minPluginVersion: '-',
	features: [],
	}
	}
	export function getChecksumInfo(checksum: string | null | undefined): ChecksumInfo {
	if (!checksum) {
	return {
	type: 'unknown',
	label: 'Unknown',
	minPluginVersion: '-',
	features: [],
	}
	}
	const length = checksum.length
	const isHex = /^[0-9a-fA-F]+$/.test(checksum)
	if (!isHex) {
	return {
	type: 'unknown',
	label: 'Unknown',
	minPluginVersion: '-',
	features: [],
	}
	}
	if (length === 64) {
	return {
	type: 'sha256',
	label: 'SHA-256',
	minPluginVersion: '4.4.0',
	features: ['integrity-verification', 'corruption-detection', 'security'],
	}
	}
	if (length === 8) {
	return {
	type: 'crc32',
	label: 'CRC32',
	minPluginVersion: '4.0.0',
	features: ['fast-verification', 'corruption-detection'],
	}
	}
	return {
	type: 'unknown',
	label: 'Unknown',
	minPluginVersion: '-',
	features: [],
	}
	}

🤖 Prompt for AI Agents

In @src/services/conversion.ts around lines 51 - 87, The getChecksumInfo
function currently classifies checksums by length only; update it to also
validate that the string contains only hexadecimal characters before returning
sha256 (for length 64) or crc32 (for length 8). Specifically, in getChecksumInfo
add a hex-format check (e.g. a regex check for only 0-9A-F/a-f) applied when
length === 64 and length === 8, and fall back to the existing unknown return if
the content is not valid hex; keep all existing return shapes and labels
(type/label/minPluginVersion/features).

[riderx]

useless this is read only the backend do the checksomewhere else check here makes zero sense

[coderabbitai]

@riderx, you're absolutely right. Since getChecksumInfo is purely a display utility that classifies already-validated checksums from the database, adding hex validation here would be redundant. The backend handles validation at the point of storage, so this function can safely assume valid input. Thanks for the clarification!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud