Conversation
- Replace non-standard ci.yml with standardized release-check.yml and pr-validation.yml - Create dependabot.yml for automated dependency management (weekly, 5 PR limit) - Add sonarqube_mcp.instructions.md for SonarQube MCP server guidance - Ensure consistent GitHub Actions versions (v4 for checkout and setup-node) - Configure standardized Node versions (v22 for release, v20 for validation/publish) - Pin SonarQube actions to commit SHA for security hardening - Standardize branch triggers ([master, main] for release, [develop] for validation) This aligns AuthKit-UI with the standardized CI/CD pattern used across all @ciscode/* packages.
… clean, verify, prepublishOnly)
- Add comprehensive instruction files in .github/instructions/ - Includes copilot, testing, bugfix, features, general guidelines - Standardize documentation across all repositories
- Remove deprecated instruction files from .github/ root - Consolidate all docs in .github/instructions/ directory - Improve documentation organization
…ckages - Replace git tag --list strategy with package.json-driven tag validation in all 16 publish workflows; use git rev-parse to verify the exact tag exists rather than guessing the latest repo-wide tag - Update error guidance to reflect feat/** → develop → master flow - Standardize dependabot to npm-only, grouped, monthly cadence across all 16 packages; remove github-actions ecosystem updates - Add missing dependabot.yml to AuthKit-UI, ChartKit-UI, HealthKit, HooksKit, paymentkit, StorageKit
* Updated workflows (#10) * ops: updated release pipeline to run only on version changes, and created ci workflow * 1.0.8 * docs(workflow): add Git Flow and npm version requirements (#11) - Add Git Flow branching strategy (develop/master) - Document npm version command before push - Add prepublishOnly hook recommendation - Update workflow with proper branch management - Clear warnings about PR targeting Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> * docs: added different documentations * 1.0.9 * ops: updated publishing trigger * Fix/verify email UI (#13) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * Unit tests (#17) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * 1.0.12 * Error handling (#18) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * added error handling to forgot password, reset password and signin/up page * 1.0.13 * feat(auth): add dynamic signup fields and custom endpoints * refactor(ui): cleanup imports and formatting in auth pages * fix(auth): remove accessToken from bootstrap useEffect deps to prevent logout bounce-back * fix: resolve lint errors, test failures and add eslint + prettier devDependencies * chore: bump version to 1.0.15 --------- Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> Co-authored-by: Ciscode-Admin <info@ciscod.com> Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiidmo <zaiidmoumnii@gmail.com> Co-authored-by: a-elkhiraooui-ciscode <a.elkhiraoui@ciscod.com> Co-authored-by: saad moumou <saad.moumou.coder@gmail.com>
* Updated workflows (#10) * ops: updated release pipeline to run only on version changes, and created ci workflow * 1.0.8 * docs(workflow): add Git Flow and npm version requirements (#11) - Add Git Flow branching strategy (develop/master) - Document npm version command before push - Add prepublishOnly hook recommendation - Update workflow with proper branch management - Clear warnings about PR targeting Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> * docs: added different documentations * 1.0.9 * ops: updated publishing trigger * Fix/verify email UI (#13) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * Unit tests (#17) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * 1.0.12 * Error handling (#18) * parents translate, components receive plain strings * 1.0.3 * tested in local, bug fixed * 1.0.4 * forgot and reset password done * 1.0.6 * verify email page done * merged * 1.0.10 * updated endpoints * show profile updated to match new response * added unit tests * added error handling to forgot password, reset password and signin/up page * 1.0.13 * feat(auth): add dynamic signup fields and custom endpoints * refactor(ui): cleanup imports and formatting in auth pages * fix(auth): remove accessToken from bootstrap useEffect deps to prevent logout bounce-back * fix: resolve lint errors, test failures and add eslint + prettier devDependencies * chore: bump version to 1.0.15 * test: enhance coverage for AuthKit-UI + fix typecheck and test:cov script - Fix typecheck: add paths aliases to resolve @types/react dual-version conflict - Fix test:cov script: use 'vitest run --coverage' (was watch mode) - Add vitest coverage config: include src/**, exclude models/assets - Add tests/utils/errorHelpers.test.ts: 9 tests covering extractHttpErrorMessage - Add tests/components/SocialButton.test.tsx: 3 tests for SocialButton render - Add tests/components/ProfilePage.test.tsx: 7 tests (load, edit, save, cancel, error toast) - Add tests/pages/auth/authPages.test.tsx: tests for ForgotPassword, ResetPassword, VerifyEmail, GoogleCallback, SignIn, SignUp pages - Add tests/exports.test.ts: smoke test for src/main/app re-exports Coverage: 28.81%% -> 85%% statements * fix: replace deprecated JSX.Element with React.ReactElement in AuthProvider * fix: upgrade @types/react-dom to ^19 to fix npm ci lock file mismatch --------- Co-authored-by: Zaiid Moumni <141942826+Zaiidmo@users.noreply.github.com> Co-authored-by: Ciscode-Admin <info@ciscod.com> Co-authored-by: Reda Channa <r.channa@ciscod.com> Co-authored-by: Zaiidmo <zaiidmoumnii@gmail.com> Co-authored-by: a-elkhiraooui-ciscode <a.elkhiraoui@ciscod.com> Co-authored-by: saad moumou <saad.moumou.coder@gmail.com>
There was a problem hiding this comment.
Pull request overview
This PR promotes develop → master while introducing new authentication-kit features (custom signup fields/URLs, RBAC permission helpers), expanding test coverage, and overhauling CI/release automation (lint/typecheck/coverage/Sonar, publish workflow).
Changes:
- Add/adjust Auth UI features: customizable signup fields/endpoints, custom signup URL, and improved error handling patterns.
- Add new RBAC permission helper (
useCanAny) and refactor RBAC/permission components to satisfy hook rules; add extensive new tests and coverage config. - Introduce CI workflows for PR validation (develop) and release checks (master), plus updated publish workflow and tooling (ESLint/Prettier/Vitest).
Reviewed changes
Copilot reviewed 54 out of 65 changed files in this pull request and generated 14 comments.
Show a summary per file
| File | Description |
|---|---|
| vitest.config.ts | Adds V8 coverage configuration and include/exclude patterns. |
| tsconfig.json | Adds TS paths overrides for React modules. |
| tests/utils/errorHelpers.test.ts | Adds unit tests for extractHttpErrorMessage. |
| tests/pages/auth/authPages.test.tsx | Adds page-level tests for auth pages and callback flow. |
| tests/exports.test.ts | Adds smoke test for expected exports. |
| tests/context/RbacContext.test.tsx | Updates RBAC tests for new permission hook usage. |
| tests/components/SocialButton.test.tsx | Adds component tests for SocialButton. |
| tests/components/RequirePermissions.test.tsx | Updates permission-guard tests for new hook behavior. |
| tests/components/ProfilePage.test.tsx | Adds tests for profile load/edit/save flows. |
| src/utils/errorHelpers.ts | Tightens isAxiosError typing. |
| src/utils/colorHelpers.ts | Refactors Tailwind prefix typing approach. |
| src/utils/attachAuthInterceptor.ts | Improves typing for _retry flag on Axios config. |
| src/providers/AuthProvider.tsx | Reorders imports/types, tweaks auth guard typing, and adjusts bootstrap/effect patterns. |
| src/pages/auth/VerifyEmailPage.tsx | Removes unused Tailwind class output usage. |
| src/pages/auth/SignUpPage.tsx | Adds configurable signup fields/endpoint/payload transform and improves typing/error handling. |
| src/pages/auth/SignInPage.tsx | Adds customSignUpUrl support and improves session error initialization/typing. |
| src/pages/auth/ResetPasswordPage.tsx | Tightens error typing (unknown). |
| src/models/AuthConfig.ts | Adds config types for custom signup URL/fields/endpoint/payload transform. |
| src/hooks/useAbility.ts | Adds useCanAny hook. |
| src/context/RbacContext.ts | Refactors useGrant to call hooks unconditionally and use useCanAny. |
| src/components/RequirePermissions.tsx | Refactors permission checks to call hooks unconditionally and support “any” permissions. |
| src/components/InlineError.tsx | Reworks dismiss/auto-hide logic to avoid setState-in-effect patterns. |
| package.json | Updates scripts, adds formatting/lint/typecheck, upgrades tooling deps, bumps version. |
| eslint.config.mjs | Updates ignores and rules; adds React/TS + react-hooks rule tuning. |
| .prettierrc.json | Expands Prettier configuration options. |
| .github/workflows/release-check.yml | Adds master PR “release check” workflow (quality/test/build/Sonar). |
| .github/workflows/publish.yml | Changes publish trigger and adds tag/version validation + build/lint/test steps. |
| .github/workflows/pr-validation.yml | Adds develop PR CI workflow. |
| .github/workflows/ci.yml | Removes previous combined CI workflow. |
| .github/instructions/testing.instructions.md | Adds detailed testing guidance and standards. |
| .github/instructions/sonarqube_mcp.instructions.md | Adds SonarQube MCP usage guidance. |
| .github/instructions/general.instructions.md | Adds general module conventions/guidance. |
| .github/instructions/features.instructions.md | Adds feature development guidelines. |
| .github/instructions/copilot-instructions.md | Adds Auth Kit UI module guidelines and conventions. |
| .github/instructions/components.instructions.md | Adds component development standards. |
| .github/instructions/bugfix.instructions.md | Adds bugfix workflow guidance. |
| .github/dependabot.yml | Adds Dependabot configuration for npm dependencies. |
| .github/CODEOWNERS | Adds CODEOWNERS default ownership. |
| .changeset/authkit_ui_71368.md | Adds a changeset entry describing CI/tooling improvements. |
Comments suppressed due to low confidence (1)
src/providers/AuthProvider.tsx:76
GoogleOAuthCallbackis defined but never used (the route rendersGoogleCallbackPageinstead), and this is currently being suppressed with an eslint disable. This leaves dead code and makes it unclear which callback handler is authoritative—either removeGoogleOAuthCallbackor wire the route to use it.
/* ── Google OAuth callback component (inside AuthProvider so it can touch state) ── */
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const GoogleOAuthCallback: React.FC = () => {
const location = useLocation();
useEffect(() => {
const params = new URLSearchParams(location.search);
const tokenFromQuery = params.get('accessToken');
if (tokenFromQuery) {
try {
setAccessToken(tokenFromQuery);
setUser(decodeToken(tokenFromQuery));
localStorage.setItem('authToken', tokenFromQuery);
resetSessionFlag();
} catch (e) {
console.error("Failed to decode or store Google access token:", e);
}
} else {
console.error("No accessToken found in Google OAuth callback URL.");
}
const redirectPath = sessionStorage.getItem('postLoginRedirect') || '/';
sessionStorage.removeItem('postLoginRedirect');
navigate(redirectPath, { replace: true });
}, [location.search]);
// No UI needed; this route just processes the tokens then redirects.
return null;
};
| --- | ||
| '@ciscode/ui-authentication-kit': minor | ||
| --- | ||
|
|
||
| ## Summary | ||
|
|
||
| Added SonarQube MCP integration instructions for code quality analysis and automated quality gates | ||
|
|
||
| ## Changes | ||
|
|
||
| - Updated package configuration and workflows |
There was a problem hiding this comment.
This changeset declares a minor bump, but the PR also directly bumps package.json from 1.0.13 → 1.0.15 (patch). Additionally, the current publish workflow validates/publishes based on package.json + git tag, not changesets. Consider aligning on a single versioning source of truth (either apply changesets to generate the version bump, or drop the changeset if it’s not part of the release flow).
| --- | |
| '@ciscode/ui-authentication-kit': minor | |
| --- | |
| ## Summary | |
| Added SonarQube MCP integration instructions for code quality analysis and automated quality gates | |
| ## Changes | |
| - Updated package configuration and workflows |
|
|
||
| // ─── GoogleCallbackPage ──────────────────────────────────────────────────── | ||
|
|
||
| describe('GoogleCallbackPage', () => { |
There was a problem hiding this comment.
This test overrides window.location via Object.defineProperty(...) but doesn’t restore it afterward, which can leak state into other tests in the same file/run. Capture the original window.location and restore it in an afterEach (or use a safer stubbing helper) to avoid cross-test pollution.
| ))} | ||
| </select> | ||
| </div> | ||
| ); | ||
| } | ||
| return ( | ||
| <InputField | ||
| key={field.name} | ||
| label={field.label} | ||
| type={field.type as 'text' | 'email' | 'password' | 'number' | 'tel'} | ||
| placeholder={field.placeholder || ''} | ||
| color={borderClass} |
There was a problem hiding this comment.
For custom select fields, the <label> isn't associated with the <select> (no htmlFor/id and the label doesn't wrap the control). This hurts screen-reader and click-to-focus behavior. Add an id to the <select> and connect the label (and consider localizing the hardcoded "Select an option" placeholder).
| ))} | |
| </select> | |
| </div> | |
| ); | |
| } | |
| return ( | |
| <InputField | |
| key={field.name} | |
| label={field.label} | |
| type={field.type as 'text' | 'email' | 'password' | 'number' | 'tel'} | |
| placeholder={field.placeholder || ''} | |
| color={borderClass} | |
| const selectId = `signup-${field.name}`; | |
| return ( | |
| <div key={field.name} className="flex flex-col w-full relative"> | |
| <label htmlFor={selectId} className="text-sm font-medium pb-2 text-gray-700"> | |
| {field.label} | |
| </label> | |
| <select | |
| id={selectId} | |
| value={customValues[field.name]} | |
| onChange={(e) => setCustomValues({ ...customValues, [field.name]: e.target.value })} | |
| className={`flex w-full items-center px-3 py-2 text-sm justify-between shadow-sm rounded-lg border focus:border-2 bg-white ${borderClass} hover:border-gray-200 hover:shadow-md focus:outline-none focus:ring-0`} | |
| required={field.required} | |
| > | |
| <option value="" disabled hidden> | |
| {t("form.selectOptionPlaceholder", { defaultValue: "Select an option" })} | |
| </option> |
| if ! git rev-parse "$TAG" >/dev/null 2>&1; then | ||
| echo "❌ ERROR: Tag $TAG not found!" | ||
| echo "" | ||
| echo "This typically happens when:" | ||
| echo " 1. You forgot to run 'npm version patch|minor|major' on your feature branch" | ||
| echo " 2. You didn't push the tag: git push origin <feat/your-feature> --tags" | ||
| echo " 3. The tag was created locally but never pushed to remote" | ||
| echo "" | ||
| echo "📋 Correct workflow:" | ||
| echo " 1. On feat/** or feature/**: npm version patch (or minor/major)" | ||
| echo " 2. Push branch + tag: git push origin feat/your-feature --tags" | ||
| echo " 3. PR feat/** → develop, then PR develop → master" | ||
| echo " 4. Workflow automatically triggers on master push" | ||
| echo "" | ||
| exit 1 | ||
| fi |
There was a problem hiding this comment.
The version/tag validation only checks that the tag name exists somewhere in the repo (git rev-parse "$TAG"). If an older tag with the same name exists or the tag doesn’t point at the commit being built, this can still pass and publish an unintended version. Validate that the expected tag points at GITHUB_SHA (e.g., git tag --points-at $GITHUB_SHA).
| "@types/react": "^19.0.0", | ||
| "@types/react-dom": "^19.0.0", |
There was a problem hiding this comment.
@types/react/@types/react-dom are pinned to v19, but peerDependencies allow React 18. Since this package publishes .d.ts built against these types, using React 19 types can leak React-19-only typings into the emitted declarations and break TS consumers on React 18. Consider aligning the type packages to the lowest supported React major (or narrowing the peer range).
| "@types/react": "^19.0.0", | |
| "@types/react-dom": "^19.0.0", | |
| "@types/react": "^18.0.0", | |
| "@types/react-dom": "^18.0.0", |
| import { describe, it, expect, vi, beforeEach } from 'vitest'; | ||
| import { render, screen, fireEvent, waitFor } from '@testing-library/react'; | ||
| import { MemoryRouter, Route, Routes } from 'react-router-dom'; |
There was a problem hiding this comment.
These tests use fireEvent for user interactions. The repo’s testing instructions recommend @testing-library/user-event for more realistic interaction semantics (focus/keyboard, async typing). Consider switching to userEvent for the interaction steps in this suite to better match real user behavior.
| import { describe, it, expect, vi, beforeEach } from 'vitest'; | ||
| import { render, screen, fireEvent, waitFor } from '@testing-library/react'; | ||
| import { AuthStateCtx } from '../../src/context/AuthStateContext'; |
There was a problem hiding this comment.
This test suite uses fireEvent for interactions. Using @testing-library/user-event is recommended for more realistic behavior (e.g., it triggers focus/keyboard sequences and handles async typing). Consider migrating the interaction portions to userEvent.
| on: | ||
| push: | ||
| tags: | ||
| - "v*.*.*" | ||
| branches: | ||
| - master | ||
| workflow_dispatch: |
There was a problem hiding this comment.
Publishing is now triggered on every master branch push. The repo’s release guide documents publishing being triggered by pushing a vX.Y.Z tag on master (docs/RELEASE.md:53-85). Consider reverting to a tag-based trigger (and keep master pushes as release-promotions only) to avoid accidental publishes on non-release merges.
| run: npm run lint --if-present 2>/dev/null || true | ||
|
|
||
| - name: Test | ||
| run: npm test --if-present 2>/dev/null || true |
There was a problem hiding this comment.
The Lint/Test steps explicitly ignore failures (... || true). Since publishing should be gated on quality checks, this is risky/unclear. Either make these steps fail the job on errors, or remove them and rely on prepublishOnly/verify to enforce checks consistently.
| run: npm run lint --if-present 2>/dev/null || true | |
| - name: Test | |
| run: npm test --if-present 2>/dev/null || true | |
| run: npm run lint --if-present | |
| - name: Test | |
| run: npm test --if-present |
| /* auto-hide after delay */ | ||
| useEffect(() => { | ||
| setShow(Boolean(message)); | ||
| if (message && dismissAfterMs > 0) { | ||
| const id = window.setTimeout(() => setShow(false), dismissAfterMs); | ||
| return () => window.clearTimeout(id); | ||
| } | ||
| if (!message || dismissAfterMs <= 0) return; | ||
| const id = window.setTimeout(() => setDismissedForMessage(message), dismissAfterMs); | ||
| return () => window.clearTimeout(id); | ||
| }, [message, dismissAfterMs]); | ||
|
|
||
| if (!show || !message) return null; | ||
| const show = Boolean(message) && message !== dismissedForMessage; | ||
|
|
||
| if (!show) return null; | ||
|
|
||
| return ( | ||
| <div |
There was a problem hiding this comment.
The new dismissedForMessage logic permanently suppresses re-showing the same error string: if a message is dismissed/auto-hidden and later the same message occurs again, message === dismissedForMessage keeps it hidden. Consider resetting dismissedForMessage when message changes (or tracking a timestamp/id) so repeated identical errors can still be shown.
|
| Added SonarQube MCP integration instructions for code quality analysis and automated quality gates | ||
|
|
||
| ## Changes | ||
|
|
||
| - Updated package configuration and workflows | ||
| - Enhanced code quality and automation tooling | ||
| - Improved CI/CD integration and monitoring capabilities |
There was a problem hiding this comment.
The changeset summary focuses on SonarQube MCP instructions, but this PR also includes consumer-facing auth UI/config changes (e.g., signup custom fields, new pages, RBAC hook additions). Please update the changeset to accurately describe the user-visible changes so release notes are correct.
| Added SonarQube MCP integration instructions for code quality analysis and automated quality gates | |
| ## Changes | |
| - Updated package configuration and workflows | |
| - Enhanced code quality and automation tooling | |
| - Improved CI/CD integration and monitoring capabilities | |
| Added new consumer-facing authentication kit capabilities, including support for signup custom fields, new auth-related pages, and RBAC hook enhancements, alongside updates to quality automation and CI tooling. | |
| ## Changes | |
| - Added support for configurable signup custom fields in the authentication UI | |
| - Introduced new auth-related pages and configuration updates for consumer applications | |
| - Added RBAC hook enhancements to support role-aware authentication flows | |
| - Updated package configuration, workflows, and code quality automation tooling |
| /* ── Google OAuth callback component (inside AuthProvider so it can touch state) ── */ | ||
| // eslint-disable-next-line @typescript-eslint/no-unused-vars | ||
| const GoogleOAuthCallback: React.FC = () => { |
There was a problem hiding this comment.
GoogleOAuthCallback is declared but never used (eslint is suppressed). Keeping an unused in-file callback component increases maintenance burden and can confuse the intended OAuth flow (especially since routes use GoogleCallbackPage). Consider removing it, or wiring the route to use it instead of suppressing the lint warning.
| navigate(redirectPath, { replace: true }); | ||
| }, [location.search, navigate]); | ||
| }, [location.search]); |
There was a problem hiding this comment.
This effect calls navigate(redirectPath, ...), but navigate is not included in the dependency array. With hooks linting enabled in the repo, this will raise an exhaustive-deps warning; include navigate (or otherwise avoid capturing it) to keep the effect safe and lint-clean.
| const { data } = await axios.post(refreshUrl, {}, { withCredentials: true }); | ||
| opts.setAccessToken(data.accessToken); | ||
| queue.forEach((cb) => cb(data.accessToken)); | ||
| queue = []; | ||
| return api.request(original); | ||
| } catch (refreshErr) { |
There was a problem hiding this comment.
After a successful refresh, the retry uses api.request(original) but the request interceptor still reads opts.getAccessToken(). If getAccessToken is backed by React state (as in AuthProvider), it can still return the old token here, causing the retried request(s) to be sent with a stale Authorization header and fail. Consider keeping a mutable token reference inside the interceptor (update it on refresh) and/or ensuring the retry request bypasses/doesn’t overwrite the refreshed header.
| "name": "@ciscode/ui-authentication-kit", | ||
| "version": "1.0.13", | ||
| "version": "1.0.15", | ||
| "description": "", |
There was a problem hiding this comment.
This repo’s release guide uses Changesets for versioning; directly bumping package.json here (while also adding a new .changeset/* file) is inconsistent and can lead to double-versioning. Prefer keeping only the changeset in feature PRs and letting changeset version (or the repo’s versioning step) update package.json during the release prep.
| // Track which message was dismissed — avoids setState-in-effect and ref-during-render issues | ||
| const [dismissedForMessage, setDismissedForMessage] = useState<string | null>(null); | ||
|
|
||
| /* show on message change */ | ||
| /* auto-hide after delay */ | ||
| useEffect(() => { | ||
| setShow(Boolean(message)); | ||
| if (message && dismissAfterMs > 0) { | ||
| const id = window.setTimeout(() => setShow(false), dismissAfterMs); | ||
| return () => window.clearTimeout(id); | ||
| } | ||
| if (!message || dismissAfterMs <= 0) return; | ||
| const id = window.setTimeout(() => setDismissedForMessage(message), dismissAfterMs); | ||
| return () => window.clearTimeout(id); | ||
| }, [message, dismissAfterMs]); | ||
|
|
||
| if (!show || !message) return null; | ||
| const show = Boolean(message) && message !== dismissedForMessage; | ||
|
|
||
| if (!show) return null; |
There was a problem hiding this comment.
dismissedForMessage is never reset when message becomes null or when the same message occurs again later. As a result, if the same error string is shown twice, the second occurrence will stay hidden. Consider resetting dismissedForMessage when message changes (or tracking dismissal per-render rather than per-message string).
| export { useHasRole, useHasModule, useCan } from '../hooks/useAbility' | ||
| export { RequirePermissions } from '../components/RequirePermissions' | ||
| export { RbacContext, RbacProvider, useGrant } from '../context/RbacContext' | ||
| export { useHasRole, useHasModule, useCan } from '../hooks/useAbility'; |
There was a problem hiding this comment.
useCanAny was added and is now used internally (RBAC/RequirePermissions), but it’s not exported from the package entry (src/main/app.ts) alongside useCan/useHasRole. If this hook is part of the intended public API, export it here to keep the ability-hook surface consistent.
| export { useHasRole, useHasModule, useCan } from '../hooks/useAbility'; | |
| export { useHasRole, useHasModule, useCan, useCanAny } from '../hooks/useAbility'; |
| if (color.startsWith(`${prefix}-`)) { | ||
| return color; // e.g. "bg-red-500" | ||
| } | ||
| if (color.startsWith("#")) { | ||
| if (color.startsWith('#')) { | ||
| return `${color}`; // e.g. "bg-[#FF9900]" | ||
| } |
There was a problem hiding this comment.
When color is a hex value (e.g. #FF9900), this returns the raw hex string, but the JSDoc/examples indicate it should return a valid Tailwind class (e.g. bg-[#FF9900]). This will produce invalid classNames for hex themes; consider returning ${prefix}-[${color}] (and similarly for other prefixes).
| it('grants by permissions when useCan returns true', () => { | ||
| (useCan as any).mockReturnValueOnce(true); | ||
| (useCanAny as ReturnType<typeof vi.fn>).mockReturnValueOnce(true); | ||
| render( |
There was a problem hiding this comment.
Test description says “when useCan returns true”, but the mocked hook used here is useCanAny. Updating the test name will keep intent clear and avoid confusion when reading failures.
Summary
Why
Checklist
npm run lintpassesnpm run typecheckpassesnpm testpassesnpm run buildpassesnpx changeset) if this affects consumersNotes