Add structured data to Organization pages

[rudransh-shrivastava]

Fixes #1768

Added structured data to organization profile pages: /organizations/[organizationKey]

Rich Results Test detects the data:

[coderabbitai]

Summary by CodeRabbit

• New Features

  • Enhanced the organization details page with structured data for improved SEO, including key organization information such as name, description, logo, and contact details.

• Refactor

  • Updated the organization details page layout to support asynchronous data fetching and rendering.

Walkthrough

The organization details page layout was refactored into an asynchronous component that fetches organization data via GraphQL and injects schema.org Organization structured data as a JSON-LD script for SEO. A helper function generates the structured data, and the layout conditionally renders the JSON-LD script alongside the page content.

Changes

Cohort / File(s)	Change Summary
Organization Layout Refactor & Structured Data frontend/src/app/organizations/[organizationKey]/layout.tsx	Refactored layout to async; added GraphQL data fetching and helper for generating Organization structured data; injects JSON-LD script for SEO; updated imports and component signature.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Add structured data (Organization schema) via JSON-LD script to organization pages (#1768)	✅

Assessment against linked issues: Out-of-scope changes

No out-of-scope changes were found.

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

frontend/src/app/members/[memberKey]/layout.tsx (2)

34-99: Well-structured helper function with considerations for configurability.

The function correctly generates schema.org compliant structured data. Regarding your PR questions:

1. employeeCount: Using collaboratorsCount (line 78) is appropriate as it represents actual contributors
2. URL property: Currently uses organization.url (line 51) which is dynamic - this is better than hardcoding

Consider making the hardcoded values configurable:

-        login: 'OWASP',
+        login: process.env.NEXT_PUBLIC_ORGANIZATION_LOGIN || 'OWASP',

-      memberOf: {
-        '@type': 'Organization' as const,
-        name: 'OWASP Foundation',
-        url: 'https://owasp.org',
-      },
+      memberOf: {
+        '@type': 'Organization' as const,
+        name: process.env.NEXT_PUBLIC_FOUNDATION_NAME || 'OWASP Foundation',
+        url: process.env.NEXT_PUBLIC_FOUNDATION_URL || 'https://owasp.org',
+      },

---

101-118: Consider performance implications of async layout.

Making the layout async means every user profile page will wait for the organization data fetch, potentially impacting page load performance.

The dangerouslySetInnerHTML usage is actually safe here since you're stringifying controlled data from your own GraphQL query, not user input.

Consider these alternatives for better performance:

1. Move structured data generation to a separate component that renders client-side
2. Use static generation with revalidation for organization data
3. Cache the organization data with a longer TTL

Would you like me to help implement one of these optimizations?

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0dd0a8d and 14e4a66.

📒 Files selected for processing (1)

• frontend/src/app/members/[memberKey]/layout.tsx (2 hunks)

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: ahmedxgouda
PR: OWASP/Nest#1675
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:13-21
Timestamp: 2025-07-03T03:47:05.436Z
Learning: The OWASP Nest project does not use async operations anywhere in the codebase and doesn't have the required database driver for async operations. All database methods and GraphQL resolvers should remain synchronous to maintain consistency with the existing architecture.

Learnt from: ahmedxgouda
PR: OWASP/Nest#1823
File: frontend/__tests__/e2e/pages/Login.spec.ts:28-34
Timestamp: 2025-08-01T04:15:32.130Z
Learning: In the OWASP Nest project, the login page (/auth/login) handles only authentication (GitHub OAuth) and does not differentiate between OWASP staff and non-staff users. The role-based access control using the is_owasp_staff field happens after authentication in downstream components like DashboardWrapper and ProjectsWrapper, not during the login process itself.

📚 Learning: in the next.js frontend mentorship application, there are two distinct types for authentication-rela...

Learnt from: Rajgupta36
PR: OWASP/Nest#1717
File: frontend/src/app/mentorship/programs/page.tsx:14-14
Timestamp: 2025-07-13T11:34:31.823Z
Learning: In the Next.js frontend mentorship application, there are two distinct types for authentication-related data: ExtendedSession for useSession hook (containing accessToken and user.login properties) and UserRolesData for useUserRoles hook (containing currentUserRoles.roles array). The correct access pattern for GitHub username is `(session as ExtendedSession)?.user?.login`.

Applied to files:

• frontend/src/app/members/[memberKey]/layout.tsx

📚 Learning: in the detailscard component (frontend/src/components/carddetailspage.tsx), there's a safety check t...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1633
File: frontend/src/components/HealthMetrics.tsx:30-30
Timestamp: 2025-06-20T16:12:59.256Z
Learning: In the DetailsCard component (frontend/src/components/CardDetailsPage.tsx), there's a safety check that ensures HealthMetrics component is only rendered when healthMetricsData exists and has at least one element: `healthMetricsData && healthMetricsData.length > 0`. This makes accessing data[0] safe within the HealthMetrics component.

Applied to files:

• frontend/src/app/members/[memberKey]/layout.tsx

📚 Learning: in next.js 13+ app router, components with the 'use client' directive run entirely on the client sid...

Learnt from: Rajgupta36
PR: OWASP/Nest#1717
File: frontend/src/app/mentorship/programs/page.tsx:59-61
Timestamp: 2025-07-13T11:29:25.245Z
Learning: In Next.js 13+ app router, components with the 'use client' directive run entirely on the client side and don't require window object existence checks or SSR hydration considerations. Direct access to window.location and other browser APIs is safe in client components.

Applied to files:

• frontend/src/app/members/[memberKey]/layout.tsx

🪛 Biome (2.1.2)

frontend/src/app/members/[memberKey]/layout.tsx

[error] 110-110: Avoid passing content using the dangerouslySetInnerHTML prop.

Setting content using code can expose users to cross-site scripting (XSS) attacks

(lint/security/noDangerouslySetInnerHtml)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Run backend tests
• GitHub Check: Run frontend e2e tests
• GitHub Check: Run frontend unit tests
• GitHub Check: CodeQL (python)
• GitHub Check: CodeQL (javascript-typescript)

🔇 Additional comments (2)

frontend/src/app/members/[memberKey]/layout.tsx (2)

2-2: LGTM: Import additions are appropriate.

The Script component and organization query imports are necessary for the structured data functionality.

Also applies to: 5-5

---

110-112: Static analysis false positive: dangerouslySetInnerHTML usage is safe here.

The Biome warning about XSS is a false positive in this context. The content is:

• Generated from your own GraphQL query (not user input)
• Processed through JSON.stringify() which automatically escapes dangerous content
• Following schema.org structured data standards

This is the standard and secure way to inject JSON-LD structured data in Next.js applications.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b16b283 and 244d436.

📒 Files selected for processing (1)

• frontend/src/app/members/[memberKey]/layout.tsx (2 hunks)

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: ahmedxgouda
PR: OWASP/Nest#1675
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:13-21
Timestamp: 2025-07-03T03:47:05.436Z
Learning: The OWASP Nest project does not use async operations anywhere in the codebase and doesn't have the required database driver for async operations. All database methods and GraphQL resolvers should remain synchronous to maintain consistency with the existing architecture.

Learnt from: ahmedxgouda
PR: OWASP/Nest#1823
File: frontend/__tests__/e2e/pages/Login.spec.ts:28-34
Timestamp: 2025-08-01T04:15:32.130Z
Learning: In the OWASP Nest project, the login page (/auth/login) handles only authentication (GitHub OAuth) and does not differentiate between OWASP staff and non-staff users. The role-based access control using the is_owasp_staff field happens after authentication in downstream components like DashboardWrapper and ProjectsWrapper, not during the login process itself.

📚 Learning: in the next.js frontend mentorship application, there are two distinct types for authentication-rela...

Learnt from: Rajgupta36
PR: OWASP/Nest#1717
File: frontend/src/app/mentorship/programs/page.tsx:14-14
Timestamp: 2025-07-13T11:34:31.823Z
Learning: In the Next.js frontend mentorship application, there are two distinct types for authentication-related data: ExtendedSession for useSession hook (containing accessToken and user.login properties) and UserRolesData for useUserRoles hook (containing currentUserRoles.roles array). The correct access pattern for GitHub username is `(session as ExtendedSession)?.user?.login`.

Applied to files:

• frontend/src/app/members/[memberKey]/layout.tsx

📚 Learning: in the detailscard component (frontend/src/components/carddetailspage.tsx), there's a safety check t...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1633
File: frontend/src/components/HealthMetrics.tsx:30-30
Timestamp: 2025-06-20T16:12:59.256Z
Learning: In the DetailsCard component (frontend/src/components/CardDetailsPage.tsx), there's a safety check that ensures HealthMetrics component is only rendered when healthMetricsData exists and has at least one element: `healthMetricsData && healthMetricsData.length > 0`. This makes accessing data[0] safe within the HealthMetrics component.

Applied to files:

• frontend/src/app/members/[memberKey]/layout.tsx

📚 Learning: in next.js 13+ app router, components with the 'use client' directive run entirely on the client sid...

Learnt from: Rajgupta36
PR: OWASP/Nest#1717
File: frontend/src/app/mentorship/programs/page.tsx:59-61
Timestamp: 2025-07-13T11:29:25.245Z
Learning: In Next.js 13+ app router, components with the 'use client' directive run entirely on the client side and don't require window object existence checks or SSR hydration considerations. Direct access to window.location and other browser APIs is safe in client components.

Applied to files:

• frontend/src/app/members/[memberKey]/layout.tsx

🪛 Biome (2.1.2)

frontend/src/app/members/[memberKey]/layout.tsx

[error] 114-114: Avoid passing content using the dangerouslySetInnerHTML prop.

Setting content using code can expose users to cross-site scripting (XSS) attacks

(lint/security/noDangerouslySetInnerHtml)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Run frontend e2e tests
• GitHub Check: Run frontend unit tests
• GitHub Check: Run backend tests

🔇 Additional comments (3)

frontend/src/app/members/[memberKey]/layout.tsx (3)

2-2: LGTM!

The new imports are appropriate for the structured data functionality being added.

Also applies to: 5-5

---

101-105: Async layout and improved typing are good additions.

The change to async layout is appropriate for fetching structured data, and the Readonly<React.ReactNode> type is a good practice improvement.

---

110-118: dangerouslySetInnerHTML usage is safe in this context.

The static analysis warning about XSS risk can be safely ignored here because:

1. The data comes from a controlled GraphQL query to a trusted source (apolloClient)
2. JSON.stringify() properly escapes any potentially dangerous content
3. The structured data object is constructed from controlled properties, not user input
4. This is the standard pattern for injecting JSON-LD structured data in Next.js

The conditional rendering and script setup are correctly implemented.

[rudransh-shrivastava]

Will move the functionality over to the organizations page.
Will mark it "ready for review" then.

[arkid15r]

Will move the functionality over to the organizations page. Will mark it "ready for review" then.

Yeah, I'm sorry about the wrong context in the issue description

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

frontend/src/app/organizations/[organizationKey]/layout.tsx (2)

94-96: Consider logging errors for debugging purposes.

Silent failures can make it difficult to debug issues in production.

-  } catch {
+  } catch (error) {
+    console.error('Failed to generate organization structured data:', error)
     return null
   }

---

99-123: Ready to move to organizations page as mentioned in PR objectives.

Once the url property issue is resolved, this implementation can be easily adapted for the organizations listing page by creating a similar layout component there.

Would you like me to help create the implementation for the organizations listing page?

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 244d436 and 0135455.

📒 Files selected for processing (1)

• frontend/src/app/organizations/[organizationKey]/layout.tsx (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: in next.js 13+ app router, components with the 'use client' directive run entirely on the client sid...

Learnt from: Rajgupta36
PR: OWASP/Nest#1717
File: frontend/src/app/mentorship/programs/page.tsx:59-61
Timestamp: 2025-07-13T11:29:25.245Z
Learning: In Next.js 13+ app router, components with the 'use client' directive run entirely on the client side and don't require window object existence checks or SSR hydration considerations. Direct access to window.location and other browser APIs is safe in client components.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

🪛 Biome (2.1.2)

frontend/src/app/organizations/[organizationKey]/layout.tsx

[error] 115-115: Avoid passing content using the dangerouslySetInnerHTML prop.

Setting content using code can expose users to cross-site scripting (XSS) attacks

(lint/security/noDangerouslySetInnerHtml)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Run frontend e2e tests
• GitHub Check: Run backend tests
• GitHub Check: Run frontend unit tests
• GitHub Check: CodeQL (javascript-typescript)

🔇 Additional comments (2)

frontend/src/app/organizations/[organizationKey]/layout.tsx (2)

2-2: LGTM! Appropriate imports for structured data implementation.

The imports are correctly added to support the new structured data functionality.

Also applies to: 5-5

---

111-119: Implementation correctly uses Next.js Script component for JSON-LD.

The use of dangerouslySetInnerHTML here is safe and follows the standard pattern for injecting JSON-LD structured data. The static analysis warning is a false positive because:

• The data source is controlled (GraphQL query)
• JSON.stringify provides proper escaping
• This is the recommended approach in Next.js documentation

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

frontend/src/app/organizations/[organizationKey]/layout.tsx (1)

32-96: Implement the structured data generation with URL correction

The structured data generation function is well-implemented with proper error handling and data transformation. However, the URL property issue from the previous review still needs to be addressed.

The URL should point to the canonical OWASP organization page instead of the GitHub URL:

-      url: organization.url,
+      url: `https://owasp.org/organizations/${organizationKey}`,

Additionally, update the sameAs array to ensure the OWASP URL is the primary reference:

-      sameAs: [organization.url, `https://github.com/${organization.login}`].filter(Boolean),
+      sameAs: [`https://owasp.org/organizations/${organizationKey}`, organization.url].filter(Boolean),

The rest of the implementation follows schema.org standards correctly and handles edge cases appropriately.

🧹 Nitpick comments (1)

frontend/src/app/organizations/[organizationKey]/layout.tsx (1)

98-122: Address static analysis warning for structured data rendering

The layout component correctly implements async structured data injection. The static analysis tool flags dangerouslySetInnerHTML, but this usage is safe since the data is server-generated and properly serialized with JSON.stringify.

To address the static analysis concern while maintaining functionality, consider adding a comment to clarify the safety:

        <Script
          id="organization-structured-data"
          type="application/ld+json"
+         // Safe usage: server-generated structured data, properly serialized
          dangerouslySetInnerHTML={{
            __html: JSON.stringify(structuredData, null, 2),
          }}
        />

The conditional rendering and overall structure are well-implemented.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0135455 and c036d07.

📒 Files selected for processing (1)

• frontend/src/app/organizations/[organizationKey]/layout.tsx (2 hunks)

🧰 Additional context used

🪛 Biome (2.1.2)

frontend/src/app/organizations/[organizationKey]/layout.tsx

[error] 114-114: Avoid passing content using the dangerouslySetInnerHTML prop.

Setting content using code can expose users to cross-site scripting (XSS) attacks

(lint/security/noDangerouslySetInnerHtml)

🪛 GitHub Actions: Run CI/CD

frontend/src/app/organizations/[organizationKey]/layout.tsx

[error] 2-10: Unstaged changes detected. Run make check and use git add to address it.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: CodeQL (javascript-typescript)

🔇 Additional comments (2)

frontend/src/app/organizations/[organizationKey]/layout.tsx (2)

2-2: LGTM: Import additions are appropriate

The new imports for Script from Next.js and GET_ORGANIZATION_DATA query are necessary for the structured data implementation.

Also applies to: 5-5

---

1-122: Fix formatting and lint errors in frontend

Pipeline failures indicate uncommitted formatting changes. This project defines Prettier and ESLint scripts in frontend/package.json. Please run the following in the frontend directory and commit any resulting fixes:

pnpm run format
pnpm run format:check
pnpm run lint:check

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

frontend/src/app/organizations/[organizationKey]/layout.tsx (1)

77-77: Update memberOf URL to use nest.owasp.org domain.

Based on the previous discussion, URLs with owasp.org return 404. The memberOf organization URL should use the same domain as the main site.

-        url: 'https://owasp.org',
+        url: 'https://nest.owasp.org',

🧹 Nitpick comments (1)

frontend/src/app/organizations/[organizationKey]/layout.tsx (1)

79-87: Consider making keywords array construction more robust.

The current implementation could fail if organization.name or organization.login are null/undefined, potentially creating empty strings in the keywords.

-      keywords: [
-        organization.name,
-        organization.login,
-        'cybersecurity',
-        'application security',
-        'open source',
-      ]
-        .filter(Boolean)
-        .join(', '),
+      keywords: [
+        organization.name,
+        organization.login,
+        'cybersecurity',
+        'application security',
+        'open source',
+        'OWASP',
+      ]
+        .filter(Boolean)
+        .join(', '),

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 68378a3 and 25b1a7a.

📒 Files selected for processing (1)

• frontend/src/app/organizations/[organizationKey]/layout.tsx (2 hunks)

🧰 Additional context used

🧠 Learnings (10)

📚 Learning: in the owasp nest project, the login page (/auth/login) handles only authentication (github oauth) a...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1823
File: frontend/__tests__/e2e/pages/Login.spec.ts:28-34
Timestamp: 2025-08-01T04:15:32.151Z
Learning: In the OWASP Nest project, the login page (/auth/login) handles only authentication (GitHub OAuth) and does not differentiate between OWASP staff and non-staff users. The role-based access control using the is_owasp_staff field happens after authentication in downstream components like DashboardWrapper and ProjectsWrapper, not during the login process itself.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, exact mathematical accuracy in mock data is not required. mock data value...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/__tests__/unit/data/mockProjectsDashboardOverviewData.ts:12-14
Timestamp: 2025-07-08T16:25:39.325Z
Learning: In the OWASP Nest project, exact mathematical accuracy in mock data is not required. Mock data values can be simplified or rounded for testing purposes, as the focus is on testing functionality rather than precise calculations.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, the maintainer adithya-naik prefers not to create separate components for...

Learnt from: adithya-naik
PR: OWASP/Nest#1894
File: frontend/src/components/TopContributorsList.tsx:74-74
Timestamp: 2025-07-28T14:51:14.736Z
Learning: In the OWASP/Nest project, the maintainer adithya-naik prefers not to create separate components for code that's only used in two specific cases, following the YAGNI principle to avoid over-engineering when the duplication is limited and manageable.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest application has logging disabled, so avoid suggesting console.log, console.error, or ...

Learnt from: Rajgupta36
PR: OWASP/Nest#1634
File: frontend/src/app/api/auth/[...nextauth]/route.ts:30-55
Timestamp: 2025-06-18T20:00:23.899Z
Learning: The OWASP Nest application has logging disabled, so avoid suggesting console.log, console.error, or any other logging statements in code review suggestions.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, createdat fields are auto-created in the backend, so they will always exi...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1718
File: frontend/src/components/MetricsCard.tsx:25-25
Timestamp: 2025-07-10T10:04:36.224Z
Learning: In the OWASP Nest project, createdAt fields are auto-created in the backend, so they will always exist and not be null. This makes null checks unnecessary when displaying these dates in the frontend.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, interfaces or types are not created for component props that are used onl...

Learnt from: kasya
PR: OWASP/Nest#1680
File: frontend/src/components/SponsorCard.tsx:3-3
Timestamp: 2025-06-30T00:55:03.133Z
Learning: In the OWASP/Nest project, interfaces or types are not created for component props that are used only once. Inline prop type definitions are preferred for single-use cases.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project's barchart component (frontend/src/components/barchart.tsx), the days and ...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1703
File: frontend/src/components/BarChart.tsx:33-46
Timestamp: 2025-07-03T03:08:03.290Z
Learning: In the OWASP Nest project's BarChart component (frontend/src/components/BarChart.tsx), the days and requirements arrays are guaranteed to always have the same length in their use cases, so input validation for array length matching is not needed.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest project does not use async operations anywhere in the codebase and doesn't have the r...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1675
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:13-21
Timestamp: 2025-07-03T03:47:05.436Z
Learning: The OWASP Nest project does not use async operations anywhere in the codebase and doesn't have the required database driver for async operations. All database methods and GraphQL resolvers should remain synchronous to maintain consistency with the existing architecture.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, union types for component props are not necessary when they would require...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/src/components/ProjectTypeDashboardCard.tsx:8-12
Timestamp: 2025-07-08T17:07:50.988Z
Learning: In the OWASP/Nest project, union types for component props are not necessary when they would require creating separate type definitions. The project prefers inline prop type definitions even for props with specific string values, maintaining consistency with the single-use component prop pattern.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the next.js frontend mentorship application, there are two distinct types for authentication-rela...

Learnt from: Rajgupta36
PR: OWASP/Nest#1717
File: frontend/src/app/mentorship/programs/page.tsx:14-14
Timestamp: 2025-07-13T11:34:31.823Z
Learning: In the Next.js frontend mentorship application, there are two distinct types for authentication-related data: ExtendedSession for useSession hook (containing accessToken and user.login properties) and UserRolesData for useUserRoles hook (containing currentUserRoles.roles array). The correct access pattern for GitHub username is `(session as ExtendedSession)?.user?.login`.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

🪛 Biome (2.1.2)

frontend/src/app/organizations/[organizationKey]/layout.tsx

[error] 117-117: Avoid passing content using the dangerouslySetInnerHTML prop.

Setting content using code can expose users to cross-site scripting (XSS) attacks

(lint/security/noDangerouslySetInnerHtml)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Run backend tests
• GitHub Check: Run frontend unit tests
• GitHub Check: Run frontend e2e tests
• GitHub Check: CodeQL (javascript-typescript)
• GitHub Check: CodeQL (python)

🔇 Additional comments (4)

frontend/src/app/organizations/[organizationKey]/layout.tsx (4)

2-2: LGTM!

The import additions are appropriate for the structured data functionality - Script for JSON-LD injection and GET_ORGANIZATION_DATA for fetching comprehensive organization details.

Also applies to: 5-8

---

35-99: Excellent structured data implementation!

The helper function follows schema.org Organization specification well, includes comprehensive metadata fields, handles errors gracefully, and properly cleans up undefined properties. The structured data will significantly improve SEO visibility.

---

117-117: dangerouslySetInnerHTML usage is safe in this context.

The static analysis warning about XSS is a false positive here. The content is JSON.stringify'd data from a trusted GraphQL source, which is the standard pattern for injecting JSON-LD structured data. The JSON.stringify() call ensures proper escaping of any potentially dangerous content.

---

101-125: Well-implemented async layout with structured data injection!

The component correctly handles the async params, conditionally renders the structured data script, and maintains the original layout functionality. The JSON-LD injection follows Next.js best practices for SEO structured data.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 25b1a7a and 2685652.

📒 Files selected for processing (1)

• frontend/src/app/organizations/[organizationKey]/layout.tsx (2 hunks)

🧰 Additional context used

🧠 Learnings (10)

📚 Learning: in the owasp nest project, the login page (/auth/login) handles only authentication (github oauth) a...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1823
File: frontend/__tests__/e2e/pages/Login.spec.ts:28-34
Timestamp: 2025-08-01T04:15:32.151Z
Learning: In the OWASP Nest project, the login page (/auth/login) handles only authentication (GitHub OAuth) and does not differentiate between OWASP staff and non-staff users. The role-based access control using the is_owasp_staff field happens after authentication in downstream components like DashboardWrapper and ProjectsWrapper, not during the login process itself.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, exact mathematical accuracy in mock data is not required. mock data value...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/__tests__/unit/data/mockProjectsDashboardOverviewData.ts:12-14
Timestamp: 2025-07-08T16:25:39.325Z
Learning: In the OWASP Nest project, exact mathematical accuracy in mock data is not required. Mock data values can be simplified or rounded for testing purposes, as the focus is on testing functionality rather than precise calculations.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, the maintainer adithya-naik prefers not to create separate components for...

Learnt from: adithya-naik
PR: OWASP/Nest#1894
File: frontend/src/components/TopContributorsList.tsx:74-74
Timestamp: 2025-07-28T14:51:14.736Z
Learning: In the OWASP/Nest project, the maintainer adithya-naik prefers not to create separate components for code that's only used in two specific cases, following the YAGNI principle to avoid over-engineering when the duplication is limited and manageable.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest application has logging disabled, so avoid suggesting console.log, console.error, or ...

Learnt from: Rajgupta36
PR: OWASP/Nest#1634
File: frontend/src/app/api/auth/[...nextauth]/route.ts:30-55
Timestamp: 2025-06-18T20:00:23.899Z
Learning: The OWASP Nest application has logging disabled, so avoid suggesting console.log, console.error, or any other logging statements in code review suggestions.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, createdat fields are auto-created in the backend, so they will always exi...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1718
File: frontend/src/components/MetricsCard.tsx:25-25
Timestamp: 2025-07-10T10:04:36.224Z
Learning: In the OWASP Nest project, createdAt fields are auto-created in the backend, so they will always exist and not be null. This makes null checks unnecessary when displaying these dates in the frontend.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, interfaces or types are not created for component props that are used onl...

Learnt from: kasya
PR: OWASP/Nest#1680
File: frontend/src/components/SponsorCard.tsx:3-3
Timestamp: 2025-06-30T00:55:03.133Z
Learning: In the OWASP/Nest project, interfaces or types are not created for component props that are used only once. Inline prop type definitions are preferred for single-use cases.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project's barchart component (frontend/src/components/barchart.tsx), the days and ...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1703
File: frontend/src/components/BarChart.tsx:33-46
Timestamp: 2025-07-03T03:08:03.290Z
Learning: In the OWASP Nest project's BarChart component (frontend/src/components/BarChart.tsx), the days and requirements arrays are guaranteed to always have the same length in their use cases, so input validation for array length matching is not needed.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest project does not use async operations anywhere in the codebase and doesn't have the r...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1675
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:13-21
Timestamp: 2025-07-03T03:47:05.436Z
Learning: The OWASP Nest project does not use async operations anywhere in the codebase and doesn't have the required database driver for async operations. All database methods and GraphQL resolvers should remain synchronous to maintain consistency with the existing architecture.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, union types for component props are not necessary when they would require...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/src/components/ProjectTypeDashboardCard.tsx:8-12
Timestamp: 2025-07-08T17:07:50.988Z
Learning: In the OWASP/Nest project, union types for component props are not necessary when they would require creating separate type definitions. The project prefers inline prop type definitions even for props with specific string values, maintaining consistency with the single-use component prop pattern.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the next.js frontend mentorship application, there are two distinct types for authentication-rela...

Learnt from: Rajgupta36
PR: OWASP/Nest#1717
File: frontend/src/app/mentorship/programs/page.tsx:14-14
Timestamp: 2025-07-13T11:34:31.823Z
Learning: In the Next.js frontend mentorship application, there are two distinct types for authentication-related data: ExtendedSession for useSession hook (containing accessToken and user.login properties) and UserRolesData for useUserRoles hook (containing currentUserRoles.roles array). The correct access pattern for GitHub username is `(session as ExtendedSession)?.user?.login`.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

🪛 Biome (2.1.2)

frontend/src/app/organizations/[organizationKey]/layout.tsx

[error] 122-122: Avoid passing content using the dangerouslySetInnerHTML prop.

Setting content using code can expose users to cross-site scripting (XSS) attacks

(lint/security/noDangerouslySetInnerHtml)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Run pre-commit checks
• GitHub Check: CodeQL (javascript-typescript)
• GitHub Check: CodeQL (python)

🔇 Additional comments (3)

frontend/src/app/organizations/[organizationKey]/layout.tsx (3)

2-2: LGTM on import additions!

The new imports are necessary and correctly sourced for the structured data functionality.

Also applies to: 5-8

---

106-130: Excellent async layout implementation with appropriate structured data injection.

The component correctly handles the async nature of data fetching and conditionally renders the structured data script. The dangerouslySetInnerHTML usage here is appropriate and safe for JSON-LD structured data.

Regarding the static analysis warning about dangerouslySetInnerHTML: This usage is safe and appropriate because:

• The content is server-generated structured data, not user input
• JSON.stringify() provides proper escaping
• This is the standard pattern for JSON-LD structured data injection in Next.js
• The data comes from trusted GraphQL queries, not external user content

---

47-93: Excellent schema.org Organization implementation!

The structured data object comprehensively implements the schema.org Organization schema with all relevant fields. This perfectly aligns with the PR objectives to enhance SEO visibility and search result appearance for organization pages.

Notable strengths:

• Comprehensive field mapping (name, description, logo, location, contact, etc.)
• Proper schema.org types and structure
• Appropriate fallbacks and conditional fields
• Clean keyword generation and filtering

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

frontend/src/app/organizations/[organizationKey]/layout.tsx (1)

95-98: Consider a more functional approach for removing undefined properties.

The current object mutation approach works but could be improved for better readability.

Apply this diff for a more functional approach:

-    // Remove undefined properties
-    Object.keys(structuredData).forEach(
-      (key) => structuredData[key] === undefined && delete structuredData[key]
-    )
-
-    return structuredData
+    // Remove undefined properties
+    return Object.fromEntries(
+      Object.entries(structuredData).filter(([, value]) => value !== undefined)
+    )

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2685652 and 7269a57.

📒 Files selected for processing (1)

• frontend/src/app/organizations/[organizationKey]/layout.tsx (2 hunks)

🧰 Additional context used

🧠 Learnings (10)

📚 Learning: in the owasp nest project, the login page (/auth/login) handles only authentication (github oauth) a...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1823
File: frontend/__tests__/e2e/pages/Login.spec.ts:28-34
Timestamp: 2025-08-01T04:15:32.151Z
Learning: In the OWASP Nest project, the login page (/auth/login) handles only authentication (GitHub OAuth) and does not differentiate between OWASP staff and non-staff users. The role-based access control using the is_owasp_staff field happens after authentication in downstream components like DashboardWrapper and ProjectsWrapper, not during the login process itself.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, exact mathematical accuracy in mock data is not required. mock data value...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/__tests__/unit/data/mockProjectsDashboardOverviewData.ts:12-14
Timestamp: 2025-07-08T16:25:39.325Z
Learning: In the OWASP Nest project, exact mathematical accuracy in mock data is not required. Mock data values can be simplified or rounded for testing purposes, as the focus is on testing functionality rather than precise calculations.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, the maintainer adithya-naik prefers not to create separate components for...

Learnt from: adithya-naik
PR: OWASP/Nest#1894
File: frontend/src/components/TopContributorsList.tsx:74-74
Timestamp: 2025-07-28T14:51:14.736Z
Learning: In the OWASP/Nest project, the maintainer adithya-naik prefers not to create separate components for code that's only used in two specific cases, following the YAGNI principle to avoid over-engineering when the duplication is limited and manageable.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest application has logging disabled, so avoid suggesting console.log, console.error, or ...

Learnt from: Rajgupta36
PR: OWASP/Nest#1634
File: frontend/src/app/api/auth/[...nextauth]/route.ts:30-55
Timestamp: 2025-06-18T20:00:23.899Z
Learning: The OWASP Nest application has logging disabled, so avoid suggesting console.log, console.error, or any other logging statements in code review suggestions.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, createdat fields are auto-created in the backend, so they will always exi...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1718
File: frontend/src/components/MetricsCard.tsx:25-25
Timestamp: 2025-07-10T10:04:36.224Z
Learning: In the OWASP Nest project, createdAt fields are auto-created in the backend, so they will always exist and not be null. This makes null checks unnecessary when displaying these dates in the frontend.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project's barchart component (frontend/src/components/barchart.tsx), the days and ...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1703
File: frontend/src/components/BarChart.tsx:33-46
Timestamp: 2025-07-03T03:08:03.290Z
Learning: In the OWASP Nest project's BarChart component (frontend/src/components/BarChart.tsx), the days and requirements arrays are guaranteed to always have the same length in their use cases, so input validation for array length matching is not needed.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, interfaces or types are not created for component props that are used onl...

Learnt from: kasya
PR: OWASP/Nest#1680
File: frontend/src/components/SponsorCard.tsx:3-3
Timestamp: 2025-06-30T00:55:03.133Z
Learning: In the OWASP/Nest project, interfaces or types are not created for component props that are used only once. Inline prop type definitions are preferred for single-use cases.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest project does not use async operations anywhere in the codebase and doesn't have the r...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1675
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:13-21
Timestamp: 2025-07-03T03:47:05.436Z
Learning: The OWASP Nest project does not use async operations anywhere in the codebase and doesn't have the required database driver for async operations. All database methods and GraphQL resolvers should remain synchronous to maintain consistency with the existing architecture.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, union types for component props are not necessary when they would require...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/src/components/ProjectTypeDashboardCard.tsx:8-12
Timestamp: 2025-07-08T17:07:50.988Z
Learning: In the OWASP/Nest project, union types for component props are not necessary when they would require creating separate type definitions. The project prefers inline prop type definitions even for props with specific string values, maintaining consistency with the single-use component prop pattern.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the next.js frontend mentorship application, there are two distinct types for authentication-rela...

Learnt from: Rajgupta36
PR: OWASP/Nest#1717
File: frontend/src/app/mentorship/programs/page.tsx:14-14
Timestamp: 2025-07-13T11:34:31.823Z
Learning: In the Next.js frontend mentorship application, there are two distinct types for authentication-related data: ExtendedSession for useSession hook (containing accessToken and user.login properties) and UserRolesData for useUserRoles hook (containing currentUserRoles.roles array). The correct access pattern for GitHub username is `(session as ExtendedSession)?.user?.login`.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

🪛 Biome (2.1.2)

frontend/src/app/organizations/[organizationKey]/layout.tsx

[error] 122-122: Avoid passing content using the dangerouslySetInnerHTML prop.

Setting content using code can expose users to cross-site scripting (XSS) attacks

(lint/security/noDangerouslySetInnerHtml)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: CodeQL (python)
• GitHub Check: CodeQL (javascript-typescript)

🔇 Additional comments (4)

frontend/src/app/organizations/[organizationKey]/layout.tsx (4)

2-2: LGTM! Imports are correctly added for new functionality.

The Script component import and additional GraphQL query import are appropriate for implementing structured data functionality.

Also applies to: 5-8

---

78-82: Verify memberOf URL points to correct OWASP Foundation website.

The memberOf organization should point to the main OWASP Foundation website (https://owasp.org) rather than the Nest application (https://nest.owasp.org).

Please confirm if this should be https://owasp.org for the OWASP Foundation or if there's a specific reason to use the Nest URL.

---

106-130: LGTM! Proper async layout implementation with safe structured data injection.

The async layout pattern is correctly implemented for server-side data fetching. The dangerouslySetInnerHTML usage is safe here despite the static analysis warning - it's the standard approach for JSON-LD structured data and the content is controlled via GraphQL queries and JSON.stringify().

---

35-104: Excellent structured data implementation that meets SEO objectives.

The helper function properly implements schema.org Organization structured data with comprehensive coverage of available organization properties. The error handling is robust and the data mapping is thorough. This successfully addresses the PR objective of improving organization page visibility in search results.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

frontend/src/app/organizations/[organizationKey]/layout.tsx (1)

35-103: Well-implemented structured data generation with proper schema.org compliance.

The helper function correctly:

• Handles errors gracefully with try-catch
• Maps organization data to schema.org Organization format
• Removes undefined properties to keep JSON-LD clean
• Includes comprehensive field mapping for SEO optimization

Consider adding a return type annotation for better type safety:

-async function generateOrganizationStructuredData(organizationKey: string) {
+async function generateOrganizationStructuredData(organizationKey: string): Promise<object | null> {

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7269a57 and bb569f7.

📒 Files selected for processing (1)

• frontend/src/app/organizations/[organizationKey]/layout.tsx (2 hunks)

🧰 Additional context used

🧠 Learnings (10)

📚 Learning: in the owasp nest project, the login page (/auth/login) handles only authentication (github oauth) a...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1823
File: frontend/__tests__/e2e/pages/Login.spec.ts:28-34
Timestamp: 2025-08-01T04:15:32.151Z
Learning: In the OWASP Nest project, the login page (/auth/login) handles only authentication (GitHub OAuth) and does not differentiate between OWASP staff and non-staff users. The role-based access control using the is_owasp_staff field happens after authentication in downstream components like DashboardWrapper and ProjectsWrapper, not during the login process itself.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, exact mathematical accuracy in mock data is not required. mock data value...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/__tests__/unit/data/mockProjectsDashboardOverviewData.ts:12-14
Timestamp: 2025-07-08T16:25:39.325Z
Learning: In the OWASP Nest project, exact mathematical accuracy in mock data is not required. Mock data values can be simplified or rounded for testing purposes, as the focus is on testing functionality rather than precise calculations.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, the maintainer adithya-naik prefers not to create separate components for...

Learnt from: adithya-naik
PR: OWASP/Nest#1894
File: frontend/src/components/TopContributorsList.tsx:74-74
Timestamp: 2025-07-28T14:51:14.736Z
Learning: In the OWASP/Nest project, the maintainer adithya-naik prefers not to create separate components for code that's only used in two specific cases, following the YAGNI principle to avoid over-engineering when the duplication is limited and manageable.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest application has logging disabled, so avoid suggesting console.log, console.error, or ...

Learnt from: Rajgupta36
PR: OWASP/Nest#1634
File: frontend/src/app/api/auth/[...nextauth]/route.ts:30-55
Timestamp: 2025-06-18T20:00:23.899Z
Learning: The OWASP Nest application has logging disabled, so avoid suggesting console.log, console.error, or any other logging statements in code review suggestions.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, createdat fields are auto-created in the backend, so they will always exi...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1718
File: frontend/src/components/MetricsCard.tsx:25-25
Timestamp: 2025-07-10T10:04:36.224Z
Learning: In the OWASP Nest project, createdAt fields are auto-created in the backend, so they will always exist and not be null. This makes null checks unnecessary when displaying these dates in the frontend.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, interfaces or types are not created for component props that are used onl...

Learnt from: kasya
PR: OWASP/Nest#1680
File: frontend/src/components/SponsorCard.tsx:3-3
Timestamp: 2025-06-30T00:55:03.133Z
Learning: In the OWASP/Nest project, interfaces or types are not created for component props that are used only once. Inline prop type definitions are preferred for single-use cases.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project's barchart component (frontend/src/components/barchart.tsx), the days and ...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1703
File: frontend/src/components/BarChart.tsx:33-46
Timestamp: 2025-07-03T03:08:03.290Z
Learning: In the OWASP Nest project's BarChart component (frontend/src/components/BarChart.tsx), the days and requirements arrays are guaranteed to always have the same length in their use cases, so input validation for array length matching is not needed.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest project does not use async operations anywhere in the codebase and doesn't have the r...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1675
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:13-21
Timestamp: 2025-07-03T03:47:05.436Z
Learning: The OWASP Nest project does not use async operations anywhere in the codebase and doesn't have the required database driver for async operations. All database methods and GraphQL resolvers should remain synchronous to maintain consistency with the existing architecture.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, union types for component props are not necessary when they would require...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/src/components/ProjectTypeDashboardCard.tsx:8-12
Timestamp: 2025-07-08T17:07:50.988Z
Learning: In the OWASP/Nest project, union types for component props are not necessary when they would require creating separate type definitions. The project prefers inline prop type definitions even for props with specific string values, maintaining consistency with the single-use component prop pattern.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the next.js frontend mentorship application, there are two distinct types for authentication-rela...

Learnt from: Rajgupta36
PR: OWASP/Nest#1717
File: frontend/src/app/mentorship/programs/page.tsx:14-14
Timestamp: 2025-07-13T11:34:31.823Z
Learning: In the Next.js frontend mentorship application, there are two distinct types for authentication-related data: ExtendedSession for useSession hook (containing accessToken and user.login properties) and UserRolesData for useUserRoles hook (containing currentUserRoles.roles array). The correct access pattern for GitHub username is `(session as ExtendedSession)?.user?.login`.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

🪛 Biome (2.1.2)

frontend/src/app/organizations/[organizationKey]/layout.tsx

[error] 121-121: Avoid passing content using the dangerouslySetInnerHTML prop.

Setting content using code can expose users to cross-site scripting (XSS) attacks

(lint/security/noDangerouslySetInnerHtml)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Run frontend e2e tests
• GitHub Check: Run frontend unit tests
• GitHub Check: Run backend tests
• GitHub Check: CodeQL (javascript-typescript)

🔇 Additional comments (2)

frontend/src/app/organizations/[organizationKey]/layout.tsx (2)

2-2: LGTM - Necessary imports for structured data functionality.

The Script import and additional GraphQL query are properly utilized in the implementation.

Also applies to: 5-8

---

105-129: Excellent implementation of structured data injection.

The async layout component correctly:

• Awaits params to extract organizationKey
• Fetches structured data using the helper function
• Conditionally renders the JSON-LD script only when data exists
• Uses Next.js Script component for optimal performance

Regarding the static analysis warning about dangerouslySetInnerHTML: This usage is safe and appropriate because:

• JSON.stringify() sanitizes the data
• Data comes from trusted GraphQL queries, not user input
• This is the standard Next.js pattern for JSON-LD structured data injection

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

frontend/src/app/organizations/[organizationKey]/layout.tsx (1)

35-102: Well-implemented structured data helper with comprehensive schema.org compliance.

The function properly handles GraphQL data fetching, error cases, and constructs valid schema.org Organization structured data. The property cleanup logic ensures clean JSON-LD output.

Consider enhancing the sameAs array to include the GitHub URL for better cross-referencing:

-      sameAs: [organization.url],
+      sameAs: [
+        organization.url,
+        `https://github.com/${organization.login}`,
+      ].filter(Boolean),

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bb569f7 and 35a9f18.

📒 Files selected for processing (1)

• frontend/src/app/organizations/[organizationKey]/layout.tsx (2 hunks)

🧰 Additional context used

🧠 Learnings (10)

📚 Learning: in the owasp nest project, the login page (/auth/login) handles only authentication (github oauth) a...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1823
File: frontend/__tests__/e2e/pages/Login.spec.ts:28-34
Timestamp: 2025-08-01T04:15:32.151Z
Learning: In the OWASP Nest project, the login page (/auth/login) handles only authentication (GitHub OAuth) and does not differentiate between OWASP staff and non-staff users. The role-based access control using the is_owasp_staff field happens after authentication in downstream components like DashboardWrapper and ProjectsWrapper, not during the login process itself.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, exact mathematical accuracy in mock data is not required. mock data value...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/__tests__/unit/data/mockProjectsDashboardOverviewData.ts:12-14
Timestamp: 2025-07-08T16:25:39.325Z
Learning: In the OWASP Nest project, exact mathematical accuracy in mock data is not required. Mock data values can be simplified or rounded for testing purposes, as the focus is on testing functionality rather than precise calculations.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, the maintainer adithya-naik prefers not to create separate components for...

Learnt from: adithya-naik
PR: OWASP/Nest#1894
File: frontend/src/components/TopContributorsList.tsx:74-74
Timestamp: 2025-07-28T14:51:14.736Z
Learning: In the OWASP/Nest project, the maintainer adithya-naik prefers not to create separate components for code that's only used in two specific cases, following the YAGNI principle to avoid over-engineering when the duplication is limited and manageable.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest application has logging disabled, so avoid suggesting console.log, console.error, or ...

Learnt from: Rajgupta36
PR: OWASP/Nest#1634
File: frontend/src/app/api/auth/[...nextauth]/route.ts:30-55
Timestamp: 2025-06-18T20:00:23.899Z
Learning: The OWASP Nest application has logging disabled, so avoid suggesting console.log, console.error, or any other logging statements in code review suggestions.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, createdat fields are auto-created in the backend, so they will always exi...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1718
File: frontend/src/components/MetricsCard.tsx:25-25
Timestamp: 2025-07-10T10:04:36.224Z
Learning: In the OWASP Nest project, createdAt fields are auto-created in the backend, so they will always exist and not be null. This makes null checks unnecessary when displaying these dates in the frontend.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, interfaces or types are not created for component props that are used onl...

Learnt from: kasya
PR: OWASP/Nest#1680
File: frontend/src/components/SponsorCard.tsx:3-3
Timestamp: 2025-06-30T00:55:03.133Z
Learning: In the OWASP/Nest project, interfaces or types are not created for component props that are used only once. Inline prop type definitions are preferred for single-use cases.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project's barchart component (frontend/src/components/barchart.tsx), the days and ...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1703
File: frontend/src/components/BarChart.tsx:33-46
Timestamp: 2025-07-03T03:08:03.290Z
Learning: In the OWASP Nest project's BarChart component (frontend/src/components/BarChart.tsx), the days and requirements arrays are guaranteed to always have the same length in their use cases, so input validation for array length matching is not needed.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest project does not use async operations anywhere in the codebase and doesn't have the r...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1675
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:13-21
Timestamp: 2025-07-03T03:47:05.436Z
Learning: The OWASP Nest project does not use async operations anywhere in the codebase and doesn't have the required database driver for async operations. All database methods and GraphQL resolvers should remain synchronous to maintain consistency with the existing architecture.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, union types for component props are not necessary when they would require...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/src/components/ProjectTypeDashboardCard.tsx:8-12
Timestamp: 2025-07-08T17:07:50.988Z
Learning: In the OWASP/Nest project, union types for component props are not necessary when they would require creating separate type definitions. The project prefers inline prop type definitions even for props with specific string values, maintaining consistency with the single-use component prop pattern.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the next.js frontend mentorship application, there are two distinct types for authentication-rela...

Learnt from: Rajgupta36
PR: OWASP/Nest#1717
File: frontend/src/app/mentorship/programs/page.tsx:14-14
Timestamp: 2025-07-13T11:34:31.823Z
Learning: In the Next.js frontend mentorship application, there are two distinct types for authentication-related data: ExtendedSession for useSession hook (containing accessToken and user.login properties) and UserRolesData for useUserRoles hook (containing currentUserRoles.roles array). The correct access pattern for GitHub username is `(session as ExtendedSession)?.user?.login`.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

🪛 Biome (2.1.2)

frontend/src/app/organizations/[organizationKey]/layout.tsx

[error] 120-120: Avoid passing content using the dangerouslySetInnerHTML prop.

Setting content using code can expose users to cross-site scripting (XSS) attacks

(lint/security/noDangerouslySetInnerHtml)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Run frontend e2e tests
• GitHub Check: Run backend tests
• GitHub Check: Run frontend unit tests
• GitHub Check: CodeQL (python)
• GitHub Check: CodeQL (javascript-typescript)

🔇 Additional comments (2)

frontend/src/app/organizations/[organizationKey]/layout.tsx (2)

2-8: LGTM! Import additions are appropriate.

The new imports for Script component and GET_ORGANIZATION_DATA query are correctly added to support the structured data functionality.

---

104-128: LGTM! Layout component properly implements structured data injection.

The async layout component correctly fetches and conditionally renders the JSON-LD structured data. The use of dangerouslySetInnerHTML is appropriate here as it's the standard pattern for injecting structured data that search engines can parse.

[arkid15r]

This looks good, a couple of suggestions before approval:

[arkid15r]

Could you add email as a top level field?

[rudransh-shrivastava]

Yes

[arkid15r]

Could you order the attributes alphabetically?

[rudransh-shrivastava]

Yes

[arkid15r]

Is this recommended somewhere?

[rudransh-shrivastava]

Not exactly, contactType is of type Text:A person or organization can have different contact points, for different purposes. For example, a sales contact point, a PR contact point and so on. This property is used to specify the kind of contact point.

general inquiry seemed okay to me
Contact Type Doc

[arkid15r]

Is this part of a broader schema?

[rudransh-shrivastava]

Yes, its part of Thing schema, Organization inherits from it.
Keyword Doc

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

frontend/src/app/organizations/[organizationKey]/layout.tsx (1)

35-101: Well-implemented structured data generation with comprehensive schema.org compliance.

The helper function properly:

• Handles errors gracefully with try-catch
• Maps organization data to appropriate schema.org properties
• Removes undefined properties for clean output
• Includes comprehensive fields (email, location, logo, etc.)

However, consider alphabetically ordering the structured data properties as previously requested by @arkid15r for better maintainability:

     const structuredData = {
       '@context': 'https://schema.org' as const,
       '@type': 'Organization' as const,
-      contactPoint: organization.email
-        ? {
-            '@type': 'ContactPoint' as const,
-            email: organization.email,
-            contactType: 'general inquiry',
-          }
-        : undefined,
-      description: organization.description,
-      email: organization.email,
-      foundingDate: organization.createdAt,
-      keywords: [
-        organization.name,
-        organization.login,
-        'cybersecurity',
-        'application security',
-        'open source',
-        'OWASP',
-      ].filter(Boolean),
-      location: organization.location
-        ? {
-            '@type': 'Place' as const,
-            name: organization.location,
-          }
-        : undefined,
-      logo: organization.avatarUrl
-        ? {
-            '@type': 'ImageObject' as const,
-            url: organization.avatarUrl,
-          }
-        : undefined,
-      memberOf: {
-        '@type': 'Organization' as const,
-        name: 'OWASP Foundation',
-        url: 'https://owasp.org',
-      },
-      name: organization.name || organization.login,
-      sameAs: [organization.url].filter(Boolean),
-      url: `https://nest.owasp.org/organizations/${organizationKey}`,
+      contactPoint: organization.email
+        ? {
+            '@type': 'ContactPoint' as const,
+            contactType: 'general inquiry',
+            email: organization.email,
+          }
+        : undefined,
+      description: organization.description,
+      email: organization.email,
+      foundingDate: organization.createdAt,
+      keywords: [
+        organization.name,
+        organization.login,
+        'cybersecurity',
+        'application security',
+        'open source',
+        'OWASP',
+      ].filter(Boolean),
+      location: organization.location
+        ? {
+            '@type': 'Place' as const,
+            name: organization.location,
+          }
+        : undefined,
+      logo: organization.avatarUrl
+        ? {
+            '@type': 'ImageObject' as const,
+            url: organization.avatarUrl,
+          }
+        : undefined,
+      memberOf: {
+        '@type': 'Organization' as const,
+        name: 'OWASP Foundation',
+        url: 'https://owasp.org',
+      },
+      name: organization.name || organization.login,
+      sameAs: [organization.url].filter(Boolean),
+      url: `https://nest.owasp.org/organizations/${organizationKey}`,
     }

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 35a9f18 and 13ca8aa.

📒 Files selected for processing (1)

• frontend/src/app/organizations/[organizationKey]/layout.tsx (2 hunks)

🧰 Additional context used

🧠 Learnings (10)

📚 Learning: in the owasp nest project, the login page (/auth/login) handles only authentication (github oauth) a...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1823
File: frontend/__tests__/e2e/pages/Login.spec.ts:28-34
Timestamp: 2025-08-01T04:15:32.151Z
Learning: In the OWASP Nest project, the login page (/auth/login) handles only authentication (GitHub OAuth) and does not differentiate between OWASP staff and non-staff users. The role-based access control using the is_owasp_staff field happens after authentication in downstream components like DashboardWrapper and ProjectsWrapper, not during the login process itself.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, exact mathematical accuracy in mock data is not required. mock data value...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/__tests__/unit/data/mockProjectsDashboardOverviewData.ts:12-14
Timestamp: 2025-07-08T16:25:39.325Z
Learning: In the OWASP Nest project, exact mathematical accuracy in mock data is not required. Mock data values can be simplified or rounded for testing purposes, as the focus is on testing functionality rather than precise calculations.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, the maintainer adithya-naik prefers not to create separate components for...

Learnt from: adithya-naik
PR: OWASP/Nest#1894
File: frontend/src/components/TopContributorsList.tsx:74-74
Timestamp: 2025-07-28T14:51:14.736Z
Learning: In the OWASP/Nest project, the maintainer adithya-naik prefers not to create separate components for code that's only used in two specific cases, following the YAGNI principle to avoid over-engineering when the duplication is limited and manageable.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest application has logging disabled, so avoid suggesting console.log, console.error, or ...

Learnt from: Rajgupta36
PR: OWASP/Nest#1634
File: frontend/src/app/api/auth/[...nextauth]/route.ts:30-55
Timestamp: 2025-06-18T20:00:23.899Z
Learning: The OWASP Nest application has logging disabled, so avoid suggesting console.log, console.error, or any other logging statements in code review suggestions.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, createdat fields are auto-created in the backend, so they will always exi...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1718
File: frontend/src/components/MetricsCard.tsx:25-25
Timestamp: 2025-07-10T10:04:36.224Z
Learning: In the OWASP Nest project, createdAt fields are auto-created in the backend, so they will always exist and not be null. This makes null checks unnecessary when displaying these dates in the frontend.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project's barchart component (frontend/src/components/barchart.tsx), the days and ...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1703
File: frontend/src/components/BarChart.tsx:33-46
Timestamp: 2025-07-03T03:08:03.290Z
Learning: In the OWASP Nest project's BarChart component (frontend/src/components/BarChart.tsx), the days and requirements arrays are guaranteed to always have the same length in their use cases, so input validation for array length matching is not needed.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, interfaces or types are not created for component props that are used onl...

Learnt from: kasya
PR: OWASP/Nest#1680
File: frontend/src/components/SponsorCard.tsx:3-3
Timestamp: 2025-06-30T00:55:03.133Z
Learning: In the OWASP/Nest project, interfaces or types are not created for component props that are used only once. Inline prop type definitions are preferred for single-use cases.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest project does not use async operations anywhere in the codebase and doesn't have the r...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1675
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:13-21
Timestamp: 2025-07-03T03:47:05.436Z
Learning: The OWASP Nest project does not use async operations anywhere in the codebase and doesn't have the required database driver for async operations. All database methods and GraphQL resolvers should remain synchronous to maintain consistency with the existing architecture.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, union types for component props are not necessary when they would require...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/src/components/ProjectTypeDashboardCard.tsx:8-12
Timestamp: 2025-07-08T17:07:50.988Z
Learning: In the OWASP/Nest project, union types for component props are not necessary when they would require creating separate type definitions. The project prefers inline prop type definitions even for props with specific string values, maintaining consistency with the single-use component prop pattern.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the next.js frontend mentorship application, there are two distinct types for authentication-rela...

Learnt from: Rajgupta36
PR: OWASP/Nest#1717
File: frontend/src/app/mentorship/programs/page.tsx:14-14
Timestamp: 2025-07-13T11:34:31.823Z
Learning: In the Next.js frontend mentorship application, there are two distinct types for authentication-related data: ExtendedSession for useSession hook (containing accessToken and user.login properties) and UserRolesData for useUserRoles hook (containing currentUserRoles.roles array). The correct access pattern for GitHub username is `(session as ExtendedSession)?.user?.login`.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

🪛 Biome (2.1.2)

frontend/src/app/organizations/[organizationKey]/layout.tsx

[error] 119-119: Avoid passing content using the dangerouslySetInnerHTML prop.

Setting content using code can expose users to cross-site scripting (XSS) attacks

(lint/security/noDangerouslySetInnerHtml)

🪛 ast-grep (0.38.6)

frontend/src/app/organizations/[organizationKey]/layout.tsx

[warning] 118-118: Usage of dangerouslySetInnerHTML detected. This bypasses React's built-in XSS protection. Always sanitize HTML content using libraries like DOMPurify before injecting it into the DOM to prevent XSS attacks.
Context: dangerouslySetInnerHTML
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://reactjs.org/docs/dom-elements.html#dangerouslysetinnerhtml
- https://cwe.mitre.org/data/definitions/79.html

(react-unsafe-html-injection)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Run frontend unit tests
• GitHub Check: Run frontend e2e tests
• GitHub Check: Run backend tests
• GitHub Check: CodeQL (python)
• GitHub Check: CodeQL (javascript-typescript)

🔇 Additional comments (2)

frontend/src/app/organizations/[organizationKey]/layout.tsx (2)

2-2: LGTM! Imports are appropriate for the structured data implementation.

The addition of Script from Next.js and the GET_ORGANIZATION_DATA query import are necessary and correctly added for the structured data functionality.

Also applies to: 5-8

---

103-127: LGTM! Proper async layout implementation with secure structured data injection.

The layout component correctly:

• Converts to async to handle data fetching
• Uses the Next.js params Promise pattern appropriately
• Conditionally renders structured data only when available
• Employs the standard Next.js Script component for JSON-LD injection

Regarding the static analysis warnings about dangerouslySetInnerHTML: This is a false positive. The usage is secure because:

• Content comes from a controlled GraphQL API, not user input
• JSON.stringify() escapes potential XSS vectors
• This is the standard and recommended approach for schema.org structured data in Next.js
• The data source is trusted (internal API)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

frontend/src/app/organizations/[organizationKey]/layout.tsx (1)

35-101: Well-implemented helper function with minor organizational improvement needed.

The function correctly implements schema.org Organization structured data with proper error handling. Email is already included as a top-level field as requested. However, consider reordering the structured data properties alphabetically for better maintainability.

Apply this diff to organize properties alphabetically:

     const structuredData = {
       '@context': 'https://schema.org' as const,
       '@type': 'Organization' as const,
       contactPoint: organization.email
         ? {
             '@type': 'ContactPoint' as const,
             contactType: 'general inquiry',
             email: organization.email,
           }
         : undefined,
       description: organization.description,
       email: organization.email,
       foundingDate: organization.createdAt,
       keywords: [
         organization.name,
         organization.login,
         'application security',
         'cybersecurity',
         'open source',
         'OWASP',
       ].filter(Boolean),
       location: organization.location
         ? {
             '@type': 'Place' as const,
             name: organization.location,
           }
         : undefined,
       logo: organization.avatarUrl
         ? {
             '@type': 'ImageObject' as const,
             url: organization.avatarUrl,
           }
         : undefined,
       memberOf: {
         '@type': 'Organization' as const,
         name: 'OWASP Foundation',
         url: 'https://owasp.org',
       },
       name: organization.name || organization.login,
       sameAs: [organization.url].filter(Boolean),
       url: `https://nest.owasp.org/organizations/${organizationKey}`,
     }

Should be reordered as:

     const structuredData = {
       '@context': 'https://schema.org' as const,
       '@type': 'Organization' as const,
+      contactPoint: organization.email
+        ? {
+            '@type': 'ContactPoint' as const,
+            contactType: 'general inquiry',
+            email: organization.email,
+          }
+        : undefined,
+      description: organization.description,
+      email: organization.email,
+      foundingDate: organization.createdAt,
+      keywords: [
+        organization.name,
+        organization.login,
+        'application security',
+        'cybersecurity',
+        'open source',
+        'OWASP',
+      ].filter(Boolean),
+      location: organization.location
+        ? {
+            '@type': 'Place' as const,
+            name: organization.location,
+          }
+        : undefined,
+      logo: organization.avatarUrl
+        ? {
+            '@type': 'ImageObject' as const,
+            url: organization.avatarUrl,
+          }
+        : undefined,
+      memberOf: {
+        '@type': 'Organization' as const,
+        name: 'OWASP Foundation',
+        url: 'https://owasp.org',
+      },
+      name: organization.name || organization.login,
+      sameAs: [organization.url].filter(Boolean),
+      url: `https://nest.owasp.org/organizations/${organizationKey}`,
     }

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 13ca8aa and 54b410b.

📒 Files selected for processing (1)

• frontend/src/app/organizations/[organizationKey]/layout.tsx (2 hunks)

🧰 Additional context used

🧠 Learnings (10)

📚 Learning: in the owasp nest project, the login page (/auth/login) handles only authentication (github oauth) a...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1823
File: frontend/__tests__/e2e/pages/Login.spec.ts:28-34
Timestamp: 2025-08-01T04:15:32.151Z
Learning: In the OWASP Nest project, the login page (/auth/login) handles only authentication (GitHub OAuth) and does not differentiate between OWASP staff and non-staff users. The role-based access control using the is_owasp_staff field happens after authentication in downstream components like DashboardWrapper and ProjectsWrapper, not during the login process itself.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, exact mathematical accuracy in mock data is not required. mock data value...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/__tests__/unit/data/mockProjectsDashboardOverviewData.ts:12-14
Timestamp: 2025-07-08T16:25:39.325Z
Learning: In the OWASP Nest project, exact mathematical accuracy in mock data is not required. Mock data values can be simplified or rounded for testing purposes, as the focus is on testing functionality rather than precise calculations.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, the maintainer adithya-naik prefers not to create separate components for...

Learnt from: adithya-naik
PR: OWASP/Nest#1894
File: frontend/src/components/TopContributorsList.tsx:74-74
Timestamp: 2025-07-28T14:51:14.736Z
Learning: In the OWASP/Nest project, the maintainer adithya-naik prefers not to create separate components for code that's only used in two specific cases, following the YAGNI principle to avoid over-engineering when the duplication is limited and manageable.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest application has logging disabled, so avoid suggesting console.log, console.error, or ...

Learnt from: Rajgupta36
PR: OWASP/Nest#1634
File: frontend/src/app/api/auth/[...nextauth]/route.ts:30-55
Timestamp: 2025-06-18T20:00:23.899Z
Learning: The OWASP Nest application has logging disabled, so avoid suggesting console.log, console.error, or any other logging statements in code review suggestions.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, createdat fields are auto-created in the backend, so they will always exi...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1718
File: frontend/src/components/MetricsCard.tsx:25-25
Timestamp: 2025-07-10T10:04:36.224Z
Learning: In the OWASP Nest project, createdAt fields are auto-created in the backend, so they will always exist and not be null. This makes null checks unnecessary when displaying these dates in the frontend.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project's barchart component (frontend/src/components/barchart.tsx), the days and ...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1703
File: frontend/src/components/BarChart.tsx:33-46
Timestamp: 2025-07-03T03:08:03.290Z
Learning: In the OWASP Nest project's BarChart component (frontend/src/components/BarChart.tsx), the days and requirements arrays are guaranteed to always have the same length in their use cases, so input validation for array length matching is not needed.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, interfaces or types are not created for component props that are used onl...

Learnt from: kasya
PR: OWASP/Nest#1680
File: frontend/src/components/SponsorCard.tsx:3-3
Timestamp: 2025-06-30T00:55:03.133Z
Learning: In the OWASP/Nest project, interfaces or types are not created for component props that are used only once. Inline prop type definitions are preferred for single-use cases.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest project does not use async operations anywhere in the codebase and doesn't have the r...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1675
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:13-21
Timestamp: 2025-07-03T03:47:05.436Z
Learning: The OWASP Nest project does not use async operations anywhere in the codebase and doesn't have the required database driver for async operations. All database methods and GraphQL resolvers should remain synchronous to maintain consistency with the existing architecture.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, union types for component props are not necessary when they would require...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/src/components/ProjectTypeDashboardCard.tsx:8-12
Timestamp: 2025-07-08T17:07:50.988Z
Learning: In the OWASP/Nest project, union types for component props are not necessary when they would require creating separate type definitions. The project prefers inline prop type definitions even for props with specific string values, maintaining consistency with the single-use component prop pattern.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the next.js frontend mentorship application, there are two distinct types for authentication-rela...

Learnt from: Rajgupta36
PR: OWASP/Nest#1717
File: frontend/src/app/mentorship/programs/page.tsx:14-14
Timestamp: 2025-07-13T11:34:31.823Z
Learning: In the Next.js frontend mentorship application, there are two distinct types for authentication-related data: ExtendedSession for useSession hook (containing accessToken and user.login properties) and UserRolesData for useUserRoles hook (containing currentUserRoles.roles array). The correct access pattern for GitHub username is `(session as ExtendedSession)?.user?.login`.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

🪛 Biome (2.1.2)

frontend/src/app/organizations/[organizationKey]/layout.tsx

[error] 119-119: Avoid passing content using the dangerouslySetInnerHTML prop.

Setting content using code can expose users to cross-site scripting (XSS) attacks

(lint/security/noDangerouslySetInnerHtml)

🪛 ast-grep (0.38.6)

frontend/src/app/organizations/[organizationKey]/layout.tsx

[warning] 118-118: Usage of dangerouslySetInnerHTML detected. This bypasses React's built-in XSS protection. Always sanitize HTML content using libraries like DOMPurify before injecting it into the DOM to prevent XSS attacks.
Context: dangerouslySetInnerHTML
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://reactjs.org/docs/dom-elements.html#dangerouslysetinnerhtml
- https://cwe.mitre.org/data/definitions/79.html

(react-unsafe-html-injection)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Run Code Scan
• GitHub Check: Run CI Denendencies Scan
• GitHub Check: CodeQL (javascript-typescript)
• GitHub Check: CodeQL (python)

🔇 Additional comments (3)

frontend/src/app/organizations/[organizationKey]/layout.tsx (3)

2-2: LGTM! Appropriate imports for structured data functionality.

The new imports are correctly added and directly used in the implementation for injecting JSON-LD structured data.

Also applies to: 5-8

---

103-127: Excellent async layout implementation with safe structured data injection.

The transformation to async layout with structured data injection is well-implemented. The static analysis warning about dangerouslySetInnerHTML can be safely ignored in this context since:

1. The content is JSON-stringified data from your own GraphQL API
2. This is the standard Next.js pattern for injecting JSON-LD structured data
3. No user-provided HTML content is involved

---

119-122: Static analysis warning can be safely ignored for JSON-LD injection.

The dangerouslySetInnerHTML usage here is safe because:

• Content is JSON-stringified structured data, not raw HTML
• Data originates from your controlled GraphQL API
• This is the standard Next.js pattern for JSON-LD injection
• No user-provided content is directly injected

This is a false positive from static analysis tools that don't understand the JSON-LD context.

[rudransh-shrivastava]

I don't see any differences in coderabbits diffs :)
Properties are sorted properly.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

frontend/src/app/organizations/[organizationKey]/layout.tsx (1)

35-46: Consider adding error handling for GraphQL query failures.

The function lacks error handling for potential GraphQL query failures, which could cause the layout to crash.

Consider wrapping the query in a try-catch block:

 async function generateOrganizationStructuredData(organizationKey: string) {
   // https://developers.google.com/search/docs/appearance/structured-data/organization#structured-data-type-definitions

+  try {
     const { data } = await apolloClient.query({
       query: GET_ORGANIZATION_DATA,
       variables: {
         login: organizationKey,
       },
     })

     const organization = data?.organization
     if (!organization) return null
+  } catch (error) {
+    // Gracefully handle GraphQL errors - return null to skip structured data
+    return null
+  }

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 54b410b and 2a0c1e2.

📒 Files selected for processing (1)

• frontend/src/app/organizations/[organizationKey]/layout.tsx (2 hunks)

🧰 Additional context used

🧠 Learnings (10)

📚 Learning: in the owasp nest project, the login page (/auth/login) handles only authentication (github oauth) a...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1823
File: frontend/__tests__/e2e/pages/Login.spec.ts:28-34
Timestamp: 2025-08-01T04:15:32.151Z
Learning: In the OWASP Nest project, the login page (/auth/login) handles only authentication (GitHub OAuth) and does not differentiate between OWASP staff and non-staff users. The role-based access control using the is_owasp_staff field happens after authentication in downstream components like DashboardWrapper and ProjectsWrapper, not during the login process itself.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, exact mathematical accuracy in mock data is not required. mock data value...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/__tests__/unit/data/mockProjectsDashboardOverviewData.ts:12-14
Timestamp: 2025-07-08T16:25:39.325Z
Learning: In the OWASP Nest project, exact mathematical accuracy in mock data is not required. Mock data values can be simplified or rounded for testing purposes, as the focus is on testing functionality rather than precise calculations.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, the maintainer adithya-naik prefers not to create separate components for...

Learnt from: adithya-naik
PR: OWASP/Nest#1894
File: frontend/src/components/TopContributorsList.tsx:74-74
Timestamp: 2025-07-28T14:51:14.736Z
Learning: In the OWASP/Nest project, the maintainer adithya-naik prefers not to create separate components for code that's only used in two specific cases, following the YAGNI principle to avoid over-engineering when the duplication is limited and manageable.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest application has logging disabled, so avoid suggesting console.log, console.error, or ...

Learnt from: Rajgupta36
PR: OWASP/Nest#1634
File: frontend/src/app/api/auth/[...nextauth]/route.ts:30-55
Timestamp: 2025-06-18T20:00:23.899Z
Learning: The OWASP Nest application has logging disabled, so avoid suggesting console.log, console.error, or any other logging statements in code review suggestions.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project, createdat fields are auto-created in the backend, so they will always exi...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1718
File: frontend/src/components/MetricsCard.tsx:25-25
Timestamp: 2025-07-10T10:04:36.224Z
Learning: In the OWASP Nest project, createdAt fields are auto-created in the backend, so they will always exist and not be null. This makes null checks unnecessary when displaying these dates in the frontend.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp nest project's barchart component (frontend/src/components/barchart.tsx), the days and ...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1703
File: frontend/src/components/BarChart.tsx:33-46
Timestamp: 2025-07-03T03:08:03.290Z
Learning: In the OWASP Nest project's BarChart component (frontend/src/components/BarChart.tsx), the days and requirements arrays are guaranteed to always have the same length in their use cases, so input validation for array length matching is not needed.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, interfaces or types are not created for component props that are used onl...

Learnt from: kasya
PR: OWASP/Nest#1680
File: frontend/src/components/SponsorCard.tsx:3-3
Timestamp: 2025-06-30T00:55:03.133Z
Learning: In the OWASP/Nest project, interfaces or types are not created for component props that are used only once. Inline prop type definitions are preferred for single-use cases.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: the owasp nest project does not use async operations anywhere in the codebase and doesn't have the r...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1675
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:13-21
Timestamp: 2025-07-03T03:47:05.436Z
Learning: The OWASP Nest project does not use async operations anywhere in the codebase and doesn't have the required database driver for async operations. All database methods and GraphQL resolvers should remain synchronous to maintain consistency with the existing architecture.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the owasp/nest project, union types for component props are not necessary when they would require...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1714
File: frontend/src/components/ProjectTypeDashboardCard.tsx:8-12
Timestamp: 2025-07-08T17:07:50.988Z
Learning: In the OWASP/Nest project, union types for component props are not necessary when they would require creating separate type definitions. The project prefers inline prop type definitions even for props with specific string values, maintaining consistency with the single-use component prop pattern.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

📚 Learning: in the next.js frontend mentorship application, there are two distinct types for authentication-rela...

Learnt from: Rajgupta36
PR: OWASP/Nest#1717
File: frontend/src/app/mentorship/programs/page.tsx:14-14
Timestamp: 2025-07-13T11:34:31.823Z
Learning: In the Next.js frontend mentorship application, there are two distinct types for authentication-related data: ExtendedSession for useSession hook (containing accessToken and user.login properties) and UserRolesData for useUserRoles hook (containing currentUserRoles.roles array). The correct access pattern for GitHub username is `(session as ExtendedSession)?.user?.login`.

Applied to files:

• frontend/src/app/organizations/[organizationKey]/layout.tsx

🪛 Biome (2.1.2)

frontend/src/app/organizations/[organizationKey]/layout.tsx

[error] 108-108: Avoid passing content using the dangerouslySetInnerHTML prop.

Setting content using code can expose users to cross-site scripting (XSS) attacks

(lint/security/noDangerouslySetInnerHtml)

🪛 ast-grep (0.38.6)

frontend/src/app/organizations/[organizationKey]/layout.tsx

[warning] 107-107: Usage of dangerouslySetInnerHTML detected. This bypasses React's built-in XSS protection. Always sanitize HTML content using libraries like DOMPurify before injecting it into the DOM to prevent XSS attacks.
Context: dangerouslySetInnerHTML
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://reactjs.org/docs/dom-elements.html#dangerouslysetinnerhtml
- https://cwe.mitre.org/data/definitions/79.html

(react-unsafe-html-injection)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Run frontend e2e tests
• GitHub Check: Run frontend unit tests
• GitHub Check: Run backend tests
• GitHub Check: CodeQL (javascript-typescript)
• GitHub Check: CodeQL (python)

🔇 Additional comments (3)

frontend/src/app/organizations/[organizationKey]/layout.tsx (3)

2-8: LGTM! Clean imports for structured data functionality.

The new imports are appropriate and necessary for the structured data implementation.

---

104-112: LGTM! Safe usage of dangerouslySetInnerHTML for JSON-LD structured data.

The static analysis warnings about dangerouslySetInnerHTML are false positives in this context. This is the standard and safe pattern for injecting JSON-LD structured data because:

• Content is generated from controlled GraphQL responses, not user input
• JSON.stringify() properly escapes any special characters
• Data originates from trusted backend sources
• This follows Next.js best practices for structured data implementation

---

92-116: LGTM! Well-structured async layout component.

The layout component properly:

• Handles async params extraction
• Generates structured data conditionally
• Uses appropriate Next.js Script component for SEO injection
• Maintains clean component architecture

[arkid15r]

I refactored it to look more idiomatic and merging this to try in staging.
The refactoring is always smoother when tests are there for you :)