Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
WalkthroughVersion bumped to 2.21.17 with updated URLs to include www prefix. New admin configuration dashboard page added. CLI significantly refactored to support standalone and repository modes with Docker lifecycle management (start, stop, logs, status, update commands). Documentation expanded for CLI features and Microsoft OAuth tenant configuration. Changes
Sequence Diagram(s)sequenceDiagram
actor User
participant CLI
participant FS as Filesystem
participant Docker
participant Network
User->>CLI: inbox-zero setup (standalone mode)
CLI->>FS: Check if ~/.inbox-zero/ exists
alt Config dir missing
CLI->>FS: Create ~/.inbox-zero/
end
CLI->>Docker: Check Docker availability
alt Docker not available
CLI-->>User: Error: Docker required
else
CLI->>Docker: Check Docker Compose availability
alt Docker Compose unavailable
CLI-->>User: Error: Docker Compose required
else
CLI->>Network: Fetch docker-compose.yml
CLI->>FS: Save docker-compose.yml to ~/.inbox-zero/
User->>CLI: Input OAuth credentials, ports, LLM provider
CLI->>FS: Generate secrets & config
CLI->>FS: Write .env to ~/.inbox-zero/
CLI-->>User: Setup complete with next steps
end
end
sequenceDiagram
actor User
participant CLI
participant FS as Filesystem
participant Docker
participant Containers
User->>CLI: inbox-zero start [--detach]
CLI->>FS: Read config from ~/.inbox-zero/
CLI->>Docker: Pull latest image
alt Detached mode
CLI->>Docker: docker compose up -d
Docker->>Containers: Start services in background
else Foreground mode
CLI->>Docker: docker compose up
Docker->>Containers: Start services (attached output)
end
CLI->>FS: Extract URLs from .env
CLI-->>User: Display running services & access URLs
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes
Possibly related PRs
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (1 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
![macroscopeapp[bot]](https://avatars.githubusercontent.com/in/900172?s=60&v=4){kind=small}
|
|
||
| // Detect if we're in an inbox-zero project | ||
| function findProjectRoot(): string { | ||
| // Detect if we're running from within the repo |
There was a problem hiding this comment.
findRepoRoot() misdetects when cwd is a subfolder of apps/web. resolve(cwd, "../../apps/web") can normalize to .../apps/apps/web, so the repo root is missed and null is returned. Consider walking up from cwd until you find a directory containing apps/web, then return that directory.
🚀 Reply to ask Macroscope to explain or update this suggestion.
👍 Helpful? React to give us feedback.
| if (restart) { | ||
| spinner.start("Restarting..."); | ||
|
|
||
| spawnSync("docker", ["compose", "-f", COMPOSE_FILE, "down"], { |
There was a problem hiding this comment.
spawnSync handling misses pre‑spawn (status === null) and non‑zero exit failures, causing false success and weak errors. Suggest a shared helper for Docker commands that checks status/error, prefers error.message over stderr, stops the spinner, logs, and exits on failure.
🚀 Reply to ask Macroscope to explain or update this suggestion.
👍 Helpful? React to give us feedback.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (3)
packages/cli/src/main.ts (3)
33-38: Potential type issue with nullableREPO_ROOT.When
IS_REPO_MODEis true,REPO_ROOTis guaranteed to be non-null at runtime. However, TypeScript doesn't narrow the type through the boolean variable, soresolve(REPO_ROOT, ...)passes astring | nullwherestringis expected. This works at runtime but could cause type errors if strict null checks are enabled.Consider using a non-null assertion or restructuring for type safety:
-const ENV_FILE = IS_REPO_MODE - ? resolve(REPO_ROOT, "apps/web/.env") - : resolve(CONFIG_DIR, ".env"); -const COMPOSE_FILE = IS_REPO_MODE - ? resolve(REPO_ROOT, "docker-compose.yml") - : resolve(CONFIG_DIR, "docker-compose.yml"); +const ENV_FILE = IS_REPO_MODE + ? resolve(REPO_ROOT!, "apps/web/.env") + : resolve(CONFIG_DIR, ".env"); +const COMPOSE_FILE = IS_REPO_MODE + ? resolve(REPO_ROOT!, "docker-compose.yml") + : resolve(CONFIG_DIR, "docker-compose.yml");
191-208: Port validation could be more robust.The current validation only checks for numeric digits but doesn't validate the port range. Values like
0,70000, or999999would pass validation but fail at Docker runtime.- validate: (v) => - /^\d+$/.test(v) ? undefined : "Must be a valid port number", + validate: (v) => { + const port = Number.parseInt(v, 10); + if (Number.isNaN(port) || port < 1 || port > 65535) { + return "Must be a valid port number (1-65535)"; + } + return undefined; + },
482-494: Original error details are lost in catch block.When the docker-compose fetch fails, the original error message is discarded and only a generic message is shown. This makes debugging connection issues harder.
- } catch { + } catch (error) { spinner.stop("Failed to fetch docker-compose.yml"); p.log.error( "Could not fetch docker-compose.yml from GitHub.\n" + - "Please check your internet connection and try again.", + "Please check your internet connection and try again.\n" + + `Error: ${error instanceof Error ? error.message : String(error)}`, ); process.exit(1); }
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (11)
.github/workflows/cli-release.yml(1 hunks)Formula/inbox-zero.rb(1 hunks)README.md(4 hunks)apps/web/app/(app)/admin/config/page.tsx(1 hunks)apps/web/app/(landing)/login/error/page.tsx(3 hunks)apps/web/app/(marketing)(1 hunks)apps/web/app/api/v1/openapi/route.ts(1 hunks)copilot/inbox-zero-ecs/manifest.yml(1 hunks)packages/cli/README.md(2 hunks)packages/cli/src/main.ts(7 hunks)version.txt(1 hunks)
🧰 Additional context used
📓 Path-based instructions (22)
!(pages/_document).{jsx,tsx}
📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)
Don't use the next/head module in pages/_document.js on Next.js projects
Files:
apps/web/app/(marketing)apps/web/app/api/v1/openapi/route.tsapps/web/app/(app)/admin/config/page.tsx.github/workflows/cli-release.ymlversion.txtpackages/cli/README.mdpackages/cli/src/main.tsFormula/inbox-zero.rbREADME.mdcopilot/inbox-zero-ecs/manifest.ymlapps/web/app/(landing)/login/error/page.tsx
apps/web/**/*.{ts,tsx}
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
apps/web/**/*.{ts,tsx}: Use TypeScript with strict null checks
Use@/path aliases for imports from project root
Use proper error handling with try/catch blocks
Format code with Prettier
Follow consistent naming conventions using PascalCase for components
Centralize shared types in dedicated type filesImport specific lodash functions rather than entire lodash library to minimize bundle size (e.g.,
import groupBy from 'lodash/groupBy')
Files:
apps/web/app/api/v1/openapi/route.tsapps/web/app/(app)/admin/config/page.tsxapps/web/app/(landing)/login/error/page.tsx
apps/web/app/**/*.{ts,tsx}
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
Follow NextJS app router structure with (app) directory
Files:
apps/web/app/api/v1/openapi/route.tsapps/web/app/(app)/admin/config/page.tsxapps/web/app/(landing)/login/error/page.tsx
apps/web/app/api/**/*.ts
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
apps/web/app/api/**/*.ts: Wrap GET API routes withwithAuthorwithEmailAccountmiddleware for authentication
Export response types from GET API routes usingAwaited<ReturnType<>>pattern for type-safe client usage
Files:
apps/web/app/api/v1/openapi/route.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/data-fetching.mdc)
**/*.{ts,tsx}: For API GET requests to server, use theswrpackage
Useresult?.serverErrorwithtoastErrorfrom@/components/Toastfor error handling in async operations
**/*.{ts,tsx}: Use wrapper functions for Gmail message operations (get, list, batch, etc.) from @/utils/gmail/message.ts instead of direct API calls
Use wrapper functions for Gmail thread operations from @/utils/gmail/thread.ts instead of direct API calls
Use wrapper functions for Gmail label operations from @/utils/gmail/label.ts instead of direct API calls
**/*.{ts,tsx}: For early access feature flags, create hooks using the naming conventionuse[FeatureName]Enabledthat return a boolean fromuseFeatureFlagEnabled("flag-key")
For A/B test variant flags, create hooks using the naming conventionuse[FeatureName]Variantthat define variant types, useuseFeatureFlagVariantKey()with type casting, and provide a default "control" fallback
Use kebab-case for PostHog feature flag keys (e.g.,inbox-cleaner,pricing-options-2)
Always define types for A/B test variant flags (e.g.,type PricingVariant = "control" | "variant-a" | "variant-b") and provide type safety through type casting
**/*.{ts,tsx}: Don't use primitive type aliases or misleading types
Don't use empty type parameters in type aliases and interfaces
Don't use this and super in static contexts
Don't use any or unknown as type constraints
Don't use the TypeScript directive @ts-ignore
Don't use TypeScript enums
Don't export imported variables
Don't add type annotations to variables, parameters, and class properties that are initialized with literal expressions
Don't use TypeScript namespaces
Don't use non-null assertions with the!postfix operator
Don't use parameter properties in class constructors
Don't use user-defined types
Useas constinstead of literal types and type annotations
Use eitherT[]orArray<T>consistently
Initialize each enum member value explicitly
Useexport typefor types
Use `impo...
Files:
apps/web/app/api/v1/openapi/route.tsapps/web/app/(app)/admin/config/page.tsxpackages/cli/src/main.tsapps/web/app/(landing)/login/error/page.tsx
apps/web/app/api/**/route.ts
📄 CodeRabbit inference engine (.cursor/rules/fullstack-workflow.mdc)
apps/web/app/api/**/route.ts: Create GET API routes usingwithAuthorwithEmailAccountmiddleware inapps/web/app/api/*/route.ts, export response types asGetExampleResponsetype alias for client-side type safety
Always export response types from GET routes asGet[Feature]Responseusing type inference from the data fetching function for type-safe client consumption
Do NOT use POST API routes for mutations - always use server actions withnext-safe-actioninstead
Files:
apps/web/app/api/v1/openapi/route.ts
**/app/**/route.ts
📄 CodeRabbit inference engine (.cursor/rules/get-api-route.mdc)
**/app/**/route.ts: Always wrap GET API route handlers withwithAuthorwithEmailAccountmiddleware for consistent error handling and authentication in Next.js App Router
Infer and export response type for GET API routes usingAwaited<ReturnType<typeof functionName>>pattern in Next.js
Use Prisma for database queries in GET API routes
Return responses usingNextResponse.json()in GET API routes
Do not use try/catch blocks in GET API route handlers when usingwithAuthorwithEmailAccountmiddleware, as the middleware handles error handling
Files:
apps/web/app/api/v1/openapi/route.ts
**/{server,api,actions,utils}/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/logging.mdc)
**/{server,api,actions,utils}/**/*.ts: UsecreateScopedLoggerfrom "@/utils/logger" for logging in backend code
Add thecreateScopedLoggerinstantiation at the top of the file with an appropriate scope name
Use.with()method to attach context variables only within specific functions, not on global loggers
For large functions with reused variables, usecreateScopedLogger().with()to attach context once and reuse the logger without passing variables repeatedly
Files:
apps/web/app/api/v1/openapi/route.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (.cursor/rules/prisma-enum-imports.mdc)
Always import Prisma enums from
@/generated/prisma/enumsinstead of@/generated/prisma/clientto avoid Next.js bundling errors in client componentsImport Prisma using the project's centralized utility:
import prisma from '@/utils/prisma'
Files:
apps/web/app/api/v1/openapi/route.tsapps/web/app/(app)/admin/config/page.tsxpackages/cli/src/main.tsapps/web/app/(landing)/login/error/page.tsx
apps/web/app/**/[!.]*/route.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)
Use kebab-case for route directories in Next.js App Router (e.g.,
api/hello-world/route)
Files:
apps/web/app/api/v1/openapi/route.ts
apps/web/app/api/**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/security-audit.mdc)
apps/web/app/api/**/*.{ts,tsx}: API routes must usewithAuth,withEmailAccount, orwithErrormiddleware for authentication
All database queries must include user scoping withemailAccountIdoruserIdfiltering in WHERE clauses
Request parameters must be validated before use; avoid direct parameter usage without type checking
Use generic error messages instead of revealing internal details; throwSafeErrorinstead of exposing user IDs, resource IDs, or system information
API routes should only return necessary fields usingselectin database queries to prevent unintended information disclosure
Cron endpoints must usehasCronSecretorhasPostCronSecretto validate cron requests and prevent unauthorized access
Request bodies should use Zod schemas for validation to ensure type safety and prevent injection attacks
Files:
apps/web/app/api/v1/openapi/route.ts
**/app/api/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/security.mdc)
**/app/api/**/*.ts: ALL API routes that handle user data MUST use appropriate middleware: usewithEmailAccountfor email-scoped operations, usewithAuthfor user-scoped operations, or usewithErrorwith proper validation for public/custom auth endpoints
UsewithEmailAccountmiddleware for operations scoped to a specific email account, including reading/writing emails, rules, schedules, or any operation usingemailAccountId
UsewithAuthmiddleware for user-level operations such as user settings, API keys, and referrals that use onlyuserId
UsewithErrormiddleware only for public endpoints, custom authentication logic, or cron endpoints. For cron endpoints, MUST usehasCronSecret()orhasPostCronSecret()validation
Cron endpoints without proper authentication can be triggered by anyone. CRITICAL: All cron endpoints MUST validate cron secret usinghasCronSecret(request)orhasPostCronSecret(request)and capture unauthorized attempts withcaptureException()
Always validate request bodies using Zod schemas to ensure type safety and prevent invalid data from reaching database operations
Maintain consistent error response format across all API routes to avoid information disclosure while providing meaningful error feedback
Files:
apps/web/app/api/v1/openapi/route.ts
**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/security.mdc)
**/*.ts: ALL database queries MUST be scoped to the authenticated user/account by including user/account filtering in WHERE clauses to prevent unauthorized data access
Always validate that resources belong to the authenticated user before performing operations, using ownership checks in WHERE clauses or relationships
Always validate all input parameters for type, format, and length before using them in database queries
Use SafeError for error responses to prevent information disclosure. Generic error messages should not reveal internal IDs, logic, or resource ownership details
Only return necessary fields in API responses using Prisma'sselectoption. Never expose sensitive data such as password hashes, private keys, or system flags
Prevent Insecure Direct Object References (IDOR) by validating resource ownership before operations. AllfindUnique/findFirstcalls MUST include ownership filters
Prevent mass assignment vulnerabilities by explicitly whitelisting allowed fields in update operations instead of accepting all user-provided data
Prevent privilege escalation by never allowing users to modify system fields, ownership fields, or admin-only attributes through user input
AllfindManyqueries MUST be scoped to the user's data by including appropriate WHERE filters to prevent returning data from other users
Use Prisma relationships for access control by leveraging nested where clauses (e.g.,emailAccount: { id: emailAccountId }) to validate ownership
Files:
apps/web/app/api/v1/openapi/route.tspackages/cli/src/main.ts
**/*.{tsx,ts}
📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)
**/*.{tsx,ts}: Use Shadcn UI and Tailwind for components and styling
Usenext/imagepackage for images
For API GET requests to server, use theswrpackage with hooks likeuseSWRto fetch data
For text inputs, use theInputcomponent withregisterPropsfor form integration and error handling
Files:
apps/web/app/api/v1/openapi/route.tsapps/web/app/(app)/admin/config/page.tsxpackages/cli/src/main.tsapps/web/app/(landing)/login/error/page.tsx
**/*.{tsx,ts,css}
📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)
Implement responsive design with Tailwind CSS using a mobile-first approach
Files:
apps/web/app/api/v1/openapi/route.tsapps/web/app/(app)/admin/config/page.tsxpackages/cli/src/main.tsapps/web/app/(landing)/login/error/page.tsx
**/*.{js,jsx,ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)
**/*.{js,jsx,ts,tsx}: Don't useaccessKeyattribute on any HTML element
Don't setaria-hidden="true"on focusable elements
Don't add ARIA roles, states, and properties to elements that don't support them
Don't use distracting elements like<marquee>or<blink>
Only use thescopeprop on<th>elements
Don't assign non-interactive ARIA roles to interactive HTML elements
Make sure label elements have text content and are associated with an input
Don't assign interactive ARIA roles to non-interactive HTML elements
Don't assigntabIndexto non-interactive HTML elements
Don't use positive integers fortabIndexproperty
Don't include "image", "picture", or "photo" in img alt prop
Don't use explicit role property that's the same as the implicit/default role
Make static elements with click handlers use a valid role attribute
Always include atitleelement for SVG elements
Give all elements requiring alt text meaningful information for screen readers
Make sure anchors have content that's accessible to screen readers
AssigntabIndexto non-interactive HTML elements witharia-activedescendant
Include all required ARIA attributes for elements with ARIA roles
Make sure ARIA properties are valid for the element's supported roles
Always include atypeattribute for button elements
Make elements with interactive roles and handlers focusable
Give heading elements content that's accessible to screen readers (not hidden witharia-hidden)
Always include alangattribute on the html element
Always include atitleattribute for iframe elements
AccompanyonClickwith at least one of:onKeyUp,onKeyDown, oronKeyPress
AccompanyonMouseOver/onMouseOutwithonFocus/onBlur
Include caption tracks for audio and video elements
Use semantic elements instead of role attributes in JSX
Make sure all anchors are valid and navigable
Ensure all ARIA properties (aria-*) are valid
Use valid, non-abstract ARIA roles for elements with ARIA roles
Use valid AR...
Files:
apps/web/app/api/v1/openapi/route.tsapps/web/app/(app)/admin/config/page.tsxpackages/cli/src/main.tsapps/web/app/(landing)/login/error/page.tsx
**/*.{js,ts,jsx,tsx}
📄 CodeRabbit inference engine (.cursor/rules/utilities.mdc)
**/*.{js,ts,jsx,tsx}: Use lodash utilities for common operations (arrays, objects, strings)
Import specific lodash functions to minimize bundle size (e.g.,import groupBy from 'lodash/groupBy')
Files:
apps/web/app/api/v1/openapi/route.tsapps/web/app/(app)/admin/config/page.tsxpackages/cli/src/main.tsapps/web/app/(landing)/login/error/page.tsx
apps/web/**/*.tsx
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
apps/web/**/*.tsx: Follow tailwindcss patterns with prettier-plugin-tailwindcss for class sorting
Prefer functional components with hooks over class components
Use shadcn/ui components when available
Ensure responsive design with mobile-first approach
Use LoadingContent component for async data with loading and error states
Files:
apps/web/app/(app)/admin/config/page.tsxapps/web/app/(landing)/login/error/page.tsx
apps/web/app/(app)/**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/page-structure.mdc)
apps/web/app/(app)/**/*.{ts,tsx}: Components for the page are either put inpage.tsx, or in theapps/web/app/(app)/PAGE_NAMEfolder
If we're in a deeply nested component we will useswrto fetch via API
If you need to useonClickin a component, that component is a client component and file must start withuse client
Files:
apps/web/app/(app)/admin/config/page.tsx
**/*.tsx
📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)
**/*.tsx: Use theLoadingContentcomponent to handle loading states instead of manual loading state management
For text areas, use theInputcomponent withtype='text',autosizeTextareaprop set to true, andregisterPropsfor form integration
Files:
apps/web/app/(app)/admin/config/page.tsxapps/web/app/(landing)/login/error/page.tsx
**/*.{jsx,tsx}
📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)
**/*.{jsx,tsx}: Don't use unnecessary fragments
Don't pass children as props
Don't use the return value of React.render
Make sure all dependencies are correctly specified in React hooks
Make sure all React hooks are called from the top level of component functions
Don't forget key props in iterators and collection literals
Don't define React components inside other components
Don't use event handlers on non-interactive elements
Don't assign to React component props
Don't use bothchildrenanddangerouslySetInnerHTMLprops on the same element
Don't use dangerous JSX props
Don't use Array index in keys
Don't insert comments as text nodes
Don't assign JSX properties multiple times
Don't add extra closing tags for components without children
Use<>...</>instead of<Fragment>...</Fragment>
Watch out for possible "wrong" semicolons inside JSX elements
Make sure void (self-closing) elements don't have children
Don't usetarget="_blank"withoutrel="noopener"
Don't use<img>elements in Next.js projects
Don't use<head>elements in Next.js projects
Files:
apps/web/app/(app)/admin/config/page.tsxapps/web/app/(landing)/login/error/page.tsx
*.md
📄 CodeRabbit inference engine (.cursor/rules/task-list.mdc)
*.md: Create task lists in markdown files namedTASKS.mdor with a descriptive feature-specific name (e.g.,ASSISTANT_CHAT.md) in the project root to track project progress
Structure task list markdown files with sections: Feature Name Implementation (title), description, Completed Tasks, In Progress Tasks, Future Tasks, Implementation Plan, and Relevant Files subsections
Update task list markdown files by marking tasks as completed with[x], adding new identified tasks, and moving tasks between Completed/In Progress/Future sections as appropriate
Keep the 'Relevant Files' section in task list markdown files updated with file paths that have been created or modified, brief descriptions of each file's purpose, and status indicators (e.g., ✅) for completed components
Files:
README.md
🧠 Learnings (33)
📚 Learning: 2025-11-25T14:38:18.874Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/page-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:18.874Z
Learning: Applies to apps/web/app/(app)/**/page.tsx : Create new pages at `apps/web/app/(app)/PAGE_NAME/page.tsx`
Applied to files:
apps/web/app/(app)/admin/config/page.tsx
📚 Learning: 2025-11-25T14:38:23.265Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/page-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:23.265Z
Learning: Applies to apps/web/app/(app)/*/page.tsx : Create new pages at `apps/web/app/(app)/PAGE_NAME/page.tsx`
Applied to files:
apps/web/app/(app)/admin/config/page.tsx
📚 Learning: 2025-11-25T14:38:56.992Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:56.992Z
Learning: Applies to apps/web/app/(app)/*/page.tsx : Create new pages at `apps/web/app/(app)/PAGE_NAME/page.tsx` with components either colocated in the same folder or in `page.tsx`
Applied to files:
apps/web/app/(app)/admin/config/page.tsx
📚 Learning: 2025-11-25T14:38:23.265Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/page-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:23.265Z
Learning: Applies to apps/web/app/(app)/**/*.{ts,tsx} : Components for the page are either put in `page.tsx`, or in the `apps/web/app/(app)/PAGE_NAME` folder
Applied to files:
apps/web/app/(app)/admin/config/page.tsx
📚 Learning: 2025-11-25T14:38:18.874Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/page-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:18.874Z
Learning: Applies to apps/web/app/(app)/**/*.tsx : Components for pages are either put in `page.tsx`, or in the `apps/web/app/(app)/PAGE_NAME` folder
Applied to files:
apps/web/app/(app)/admin/config/page.tsx
📚 Learning: 2025-11-25T14:38:56.992Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:56.992Z
Learning: Applies to apps/web/app/*/page.tsx : Pages must be Server components that load data directly
Applied to files:
apps/web/app/(app)/admin/config/page.tsx
📚 Learning: 2025-11-25T14:38:23.265Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/page-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:23.265Z
Learning: Applies to apps/web/app/(app)/*/page.tsx : Pages are Server components so you can load data into them directly
Applied to files:
apps/web/app/(app)/admin/config/page.tsx
📚 Learning: 2025-11-25T14:36:45.807Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to apps/web/env.ts : Add client-side environment variables to `apps/web/env.ts` under the `client` object with `NEXT_PUBLIC_` prefix and Zod schema validation
Applied to files:
apps/web/app/(app)/admin/config/page.tsxpackages/cli/src/main.tscopilot/inbox-zero-ecs/manifest.yml
📚 Learning: 2025-11-25T14:38:56.992Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:56.992Z
Learning: Main Next.js application is located in `apps/web`
Applied to files:
apps/web/app/(app)/admin/config/page.tsx
📚 Learning: 2025-11-25T14:36:43.454Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:43.454Z
Learning: Applies to apps/web/env.ts : Define environment variables in `apps/web/env.ts` using Zod schema validation, organizing them into `server` and `client` sections
Applied to files:
apps/web/app/(app)/admin/config/page.tsx
📚 Learning: 2025-11-25T14:36:43.454Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:43.454Z
Learning: Applies to apps/web/env.ts : For client-side environment variables in `apps/web/env.ts`, prefix them with `NEXT_PUBLIC_` and add them to both the `client` and `experimental__runtimeEnv` sections
Applied to files:
packages/cli/src/main.tscopilot/inbox-zero-ecs/manifest.yml
📚 Learning: 2025-11-25T14:36:45.807Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to {.env.example,apps/web/env.ts} : Client-side environment variables must be prefixed with `NEXT_PUBLIC_`
Applied to files:
packages/cli/src/main.tscopilot/inbox-zero-ecs/manifest.yml
📚 Learning: 2025-11-25T14:42:08.869Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ultracite.mdc:0-0
Timestamp: 2025-11-25T14:42:08.869Z
Learning: Applies to **/*.{js,jsx,ts,tsx} : Don't hardcode sensitive data like API keys and tokens
Applied to files:
packages/cli/src/main.ts
📚 Learning: 2025-11-25T14:36:18.416Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-11-25T14:36:18.416Z
Learning: Applies to apps/web/**/{.env.example,env.ts,turbo.json} : Add environment variables to `.env.example`, `env.ts`, and `turbo.json`
Applied to files:
packages/cli/src/main.ts
📚 Learning: 2025-11-25T14:36:18.416Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-11-25T14:36:18.416Z
Learning: Applies to apps/web/**/*NEXT_PUBLIC_* : Prefix client-side environment variables with `NEXT_PUBLIC_`
Applied to files:
copilot/inbox-zero-ecs/manifest.yml
📚 Learning: 2025-11-25T14:39:04.892Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security-audit.mdc:0-0
Timestamp: 2025-11-25T14:39:04.892Z
Learning: No hardcoded secrets in code; all secrets must be stored in environment variables (e.g., CRON_SECRET)
Applied to files:
copilot/inbox-zero-ecs/manifest.yml
📚 Learning: 2025-11-25T14:36:45.807Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to .env.example : Add new environment variables to `.env.example` with example values
Applied to files:
copilot/inbox-zero-ecs/manifest.yml
📚 Learning: 2025-07-08T13:14:07.449Z
Learnt from: elie222
Repo: elie222/inbox-zero PR: 537
File: apps/web/app/(app)/[emailAccountId]/clean/onboarding/page.tsx:30-34
Timestamp: 2025-07-08T13:14:07.449Z
Learning: The clean onboarding page in apps/web/app/(app)/[emailAccountId]/clean/onboarding/page.tsx is intentionally Gmail-specific and should show an error for non-Google email accounts rather than attempting to support multiple providers.
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-11-25T14:37:09.306Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/fullstack-workflow.mdc:0-0
Timestamp: 2025-11-25T14:37:09.306Z
Learning: Applies to apps/web/components/**/*.tsx : Use `LoadingContent` component to consistently handle loading and error states, passing `loading`, `error`, and `children` props
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-11-25T14:39:08.150Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security-audit.mdc:0-0
Timestamp: 2025-11-25T14:39:08.150Z
Learning: Applies to apps/web/app/api/**/*.{ts,tsx} : Use generic error messages instead of revealing internal details; throw `SafeError` instead of exposing user IDs, resource IDs, or system information
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-11-25T14:36:18.416Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-11-25T14:36:18.416Z
Learning: Applies to apps/web/**/*.tsx : Use LoadingContent component for async data with loading and error states
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-06-05T09:49:12.168Z
Learnt from: elie222
Repo: elie222/inbox-zero PR: 485
File: apps/web/app/(landing)/login/page.tsx:41-43
Timestamp: 2025-06-05T09:49:12.168Z
Learning: In Next.js App Router, components that use the `useSearchParams` hook require a Suspense boundary to handle the asynchronous nature of search parameter access. The Suspense wrapper is necessary and should not be removed when a component uses useSearchParams.
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-11-25T14:37:22.822Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/get-api-route.mdc:0-0
Timestamp: 2025-11-25T14:37:22.822Z
Learning: Applies to **/app/**/route.ts : Always wrap GET API route handlers with `withAuth` or `withEmailAccount` middleware for consistent error handling and authentication in Next.js App Router
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-11-25T14:36:18.416Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-11-25T14:36:18.416Z
Learning: Applies to apps/web/components/**/*.tsx : Use `result?.serverError` with `toastError` and `toastSuccess` for error handling in form submissions
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-11-25T14:39:27.909Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security.mdc:0-0
Timestamp: 2025-11-25T14:39:27.909Z
Learning: Applies to **/app/api/**/*.ts : Maintain consistent error response format across all API routes to avoid information disclosure while providing meaningful error feedback
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-11-25T14:39:23.326Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security.mdc:0-0
Timestamp: 2025-11-25T14:39:23.326Z
Learning: Applies to app/api/**/*.ts : Use `SafeError` for error responses to prevent information disclosure - provide generic messages (e.g., 'Rule not found' not 'Rule {id} does not exist for user {userId}') without revealing internal IDs or ownership details
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-08-10T22:03:30.507Z
Learnt from: elie222
Repo: elie222/inbox-zero PR: 667
File: apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx:18-25
Timestamp: 2025-08-10T22:03:30.507Z
Learning: In Next.js 15, both `params` and `searchParams` passed to page components in the App Router are Promises that need to be awaited. They should be typed as `Promise<{...}>` and accessed using `await` in server components or React's `use()` hook in client components. This is different from Next.js 14 where they were plain objects.
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-11-25T14:38:56.992Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:56.992Z
Learning: Components with `onClick` handlers must be client components marked with the `use client` directive
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-11-25T14:38:18.874Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/page-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:18.874Z
Learning: Applies to apps/web/app/(app)/**/*.tsx : If you need to use `onClick` in a component, that component must be a client component and file must start with `use client` directive
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-11-25T14:37:09.306Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/fullstack-workflow.mdc:0-0
Timestamp: 2025-11-25T14:37:09.306Z
Learning: Applies to apps/web/hooks/use*.ts : Use SWR hooks for client-side data fetching, with hooks stored in `apps/web/hooks/use*.ts` that return typed responses from GET API routes
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-11-25T14:40:13.649Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ui-components.mdc:0-0
Timestamp: 2025-11-25T14:40:13.649Z
Learning: Applies to **/*.{tsx,ts,jsx,js} : For API get requests to server, use the `swr` package with `useSWR` hook
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-11-25T14:38:23.265Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/page-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:23.265Z
Learning: Applies to apps/web/app/(app)/**/*.{ts,tsx} : If you need to use `onClick` in a component, that component is a client component and file must start with `use client`
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
📚 Learning: 2025-11-25T14:40:13.649Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/ui-components.mdc:0-0
Timestamp: 2025-11-25T14:40:13.649Z
Learning: Applies to **/*.{tsx,ts,jsx,js} : Use the `LoadingContent` component to handle loading states
Applied to files:
apps/web/app/(landing)/login/error/page.tsx
🧬 Code graph analysis (1)
apps/web/app/(landing)/login/error/page.tsx (1)
apps/web/env.ts (1)
env(17-246)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
- GitHub Check: cubic · AI code reviewer
- GitHub Check: Review for correctness
- GitHub Check: test
- GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (19)
version.txt (1)
1-1: Version bump is appropriate.The patch version bump from v2.21.15 to v2.21.17 aligns with the scope of improvements (better error messages and admin configuration). The version follows consistent semantic versioning conventions.
apps/web/app/(marketing) (1)
1-1: Clarify the scope and purpose of the submodule update.This is a Git submodule pointer update. The actual code changes exist in the external submodule repository and are not visible in this review.
Per the AI summary, there are no observed functional changes to control flow or error handling. However, to ensure this update aligns with the PR's objectives (better error message and admin config), please confirm:
- Is this submodule update intentional and necessary for this PR?
- What specific changes in the submodule are being incorporated?
apps/web/app/api/v1/openapi/route.ts (1)
67-67: LGTM - URL update is consistent with project-wide changes.The production server URL has been correctly updated to include the
wwwprefix, aligning with the broader URL standardization across the repository.apps/web/app/(app)/admin/config/page.tsx (2)
24-54: Good security practice - exposing configuration status without sensitive values.The admin dashboard correctly exposes only the presence/absence of configuration (using
!!env.VALUE) rather than the actual secret values. This is a good security practice that allows admins to verify configuration without exposing sensitive data.
175-178: Incorrect path resolution in getVersion() function.The path
path.join(process.cwd(), "../../version.txt")is incorrect. Sinceprocess.cwd()resolves to the repository root in Next.js, going up two more levels (../../) attempts to access a parent directory of the repository, which will fail. The fileversion.txtis located at the repository root. Usepath.join(process.cwd(), "version.txt")instead.⛔ Skipped due to learnings
Learnt from: CR Repo: elie222/inbox-zero PR: 0 File: .cursor/rules/environment-variables.mdc:0-0 Timestamp: 2025-11-25T14:36:45.807Z Learning: Applies to apps/web/env.ts : Add client-side environment variables to `apps/web/env.ts` under the `client` object with `NEXT_PUBLIC_` prefix and Zod schema validationLearnt from: CR Repo: elie222/inbox-zero PR: 0 File: .cursor/rules/environment-variables.mdc:0-0 Timestamp: 2025-11-25T14:36:45.807Z Learning: Applies to {.env.example,apps/web/env.ts} : Client-side environment variables must be prefixed with `NEXT_PUBLIC_`Learnt from: CR Repo: elie222/inbox-zero PR: 0 File: .cursor/rules/environment-variables.mdc:0-0 Timestamp: 2025-11-25T14:36:43.454Z Learning: Applies to apps/web/env.ts : Define environment variables in `apps/web/env.ts` using Zod schema validation, organizing them into `server` and `client` sectionsLearnt from: CR Repo: elie222/inbox-zero PR: 0 File: .cursor/rules/ultracite.mdc:0-0 Timestamp: 2025-11-25T14:42:08.869Z Learning: Applies to **/*.{js,jsx,ts,tsx} : Don't hardcode sensitive data like API keys and tokensLearnt from: CR Repo: elie222/inbox-zero PR: 0 File: .cursor/rules/environment-variables.mdc:0-0 Timestamp: 2025-11-25T14:36:43.454Z Learning: Applies to apps/web/env.ts : For client-side environment variables in `apps/web/env.ts`, prefix them with `NEXT_PUBLIC_` and add them to both the `client` and `experimental__runtimeEnv` sectionsLearnt from: CR Repo: elie222/inbox-zero PR: 0 File: .cursor/rules/environment-variables.mdc:0-0 Timestamp: 2025-11-25T14:36:45.807Z Learning: Applies to apps/web/env.ts : Add server-only environment variables to `apps/web/env.ts` under the `server` object with Zod schema validationLearnt from: CR Repo: elie222/inbox-zero PR: 0 File: .cursor/rules/environment-variables.mdc:0-0 Timestamp: 2025-11-25T14:36:45.807Z Learning: Applies to apps/web/env.ts : Add client-side environment variables to `apps/web/env.ts` under the `experimental__runtimeEnv` object to enable runtime accessLearnt from: CR Repo: elie222/inbox-zero PR: 0 File: .cursor/rules/page-structure.mdc:0-0 Timestamp: 2025-11-25T14:38:18.874Z Learning: Applies to apps/web/app/(app)/**/*.tsx : Components for pages are either put in `page.tsx`, or in the `apps/web/app/(app)/PAGE_NAME` folderLearnt from: CR Repo: elie222/inbox-zero PR: 0 File: apps/web/CLAUDE.md:0-0 Timestamp: 2025-11-25T14:36:18.416Z Learning: Applies to apps/web/**/*NEXT_PUBLIC_* : Prefix client-side environment variables with `NEXT_PUBLIC_`apps/web/app/(landing)/login/error/page.tsx (2)
17-23: Well-structured error message mapping.The
errorMessagesobject provides a clean way to map error codes to user-friendly messages. Theemail_not_founderror case is particularly helpful for guiding users when their account is not authorized.
25-70: Good refactoring with proper Suspense usage.The extraction of
LoginErrorContentas a separate component improves code organization. The use ofuseSearchParamswith a Suspense boundary in the parent component follows Next.js best practices.Based on learnings, this approach correctly handles the requirement that components using
useSearchParamsneed a Suspense boundary.packages/cli/README.md (1)
18-97: Excellent documentation improvements.The expanded CLI documentation is comprehensive and well-structured. The addition of Quick Start, detailed Commands section, and Configuration guidance significantly improves the user experience. The examples are practical and the flow is logical.
copilot/inbox-zero-ecs/manifest.yml (1)
39-39: LGTM - Consistent URL update.The base URL example has been correctly updated to include the
wwwprefix, maintaining consistency with the project-wide URL standardization.Formula/inbox-zero.rb (1)
5-6: Homepage URL updated correctly.The homepage has been properly updated to include the
wwwprefix. The version will be automatically updated by the CLI release workflow when it runs..github/workflows/cli-release.yml (1)
126-162: Improved formula update mechanism.The Python-based approach is more robust than echo-based replacement. The regex patterns correctly target the version and platform-specific SHA256 values while preserving the file structure.
README.md (2)
224-227: Excellent Microsoft OAuth documentation improvements.The expanded guidance on "Supported account types" with clear descriptions of both multitenant and single tenant options significantly improves the setup experience. This clarification helps users make an informed choice based on their deployment needs.
239-240: Good addition of tenant ID configuration.The instructions for copying the Directory (tenant) ID and the corresponding environment variable documentation are clear and helpful. The comment explaining it's "Only needed for single tenant" prevents confusion.
Also applies to: 272-272
packages/cli/src/main.ts (6)
52-71: LGTM!The Docker availability checks correctly handle both the modern Docker CLI plugin (
docker compose) and the legacy standalone binary (docker-compose), with appropriate fallback logic.
76-121: LGTM!The CLI structure is well-organized with clear command definitions and sensible defaults. The
--no-detachoption correctly inverts to adetachboolean flag.
255-340: LGTM!The OAuth configuration flow is well-structured with clear setup instructions, dynamic port interpolation in redirect URIs, and sensible placeholder values for skipped credentials. The
MICROSOFT_TENANT_ID = "common"is the correct default for supporting both personal and organizational accounts.
548-628: LGTM!The start command implementation is solid with proper image pulling before startup, handling of foreground/background modes, and graceful fallback to default port when the env file is unreadable.
634-716: LGTM!The stop, logs, and status commands are well-implemented. The logs command correctly handles the follow mode where Ctrl+C termination is expected behavior.
785-793: LGTM!The fetch implementation is clean and straightforward. The function properly checks response status and throws a descriptive error on failure.
| if (restart) { | ||
| spinner.start("Restarting..."); | ||
|
|
||
| spawnSync("docker", ["compose", "-f", COMPOSE_FILE, "down"], { | ||
| stdio: "pipe", | ||
| }); | ||
| spawnSync("docker", ["compose", "-f", COMPOSE_FILE, "up", "-d"], { | ||
| stdio: "pipe", | ||
| }); | ||
|
|
||
| spinner.stop("Restarted"); | ||
| } |
There was a problem hiding this comment.
Missing error handling during restart.
The restart logic doesn't check the exit status of docker compose down or docker compose up. If either fails, the spinner still shows "Restarted" and the user won't know something went wrong.
if (restart) {
spinner.start("Restarting...");
- spawnSync("docker", ["compose", "-f", COMPOSE_FILE, "down"], {
+ const downResult = spawnSync("docker", ["compose", "-f", COMPOSE_FILE, "down"], {
stdio: "pipe",
});
- spawnSync("docker", ["compose", "-f", COMPOSE_FILE, "up", "-d"], {
+ if (downResult.status !== 0) {
+ spinner.stop("Failed to stop containers");
+ p.log.error(downResult.stderr?.toString() || "Unknown error");
+ process.exit(1);
+ }
+
+ const upResult = spawnSync("docker", ["compose", "-f", COMPOSE_FILE, "up", "-d"], {
stdio: "pipe",
});
+ if (upResult.status !== 0) {
+ spinner.stop("Failed to start containers");
+ p.log.error(upResult.stderr?.toString() || "Unknown error");
+ process.exit(1);
+ }
spinner.stop("Restarted");
}🤖 Prompt for AI Agents
In packages/cli/src/main.ts around lines 762 to 773, the restart flow calls
spawnSync for "docker compose down" and "docker compose up" but ignores their
exit status and output so the spinner always reports "Restarted" even on
failure; update the code to capture each spawnSync result, check result.status
(and result.error), stop the spinner if a command fails, log or display the
captured stderr/stdout and the error, and abort (throw or call process.exit with
a non-zero code) instead of continuing to the success message so the user sees
the actual failure details.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 12 files
Prompt for AI agents (all 1 issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="packages/cli/src/main.ts">
<violation number="1" location="packages/cli/src/main.ts:568">
P1: Lifecycle commands always call `docker compose`, so setups that only have the legacy `docker-compose` binary (explicitly accepted by `checkDockerCompose`) immediately fail with ENOENT when running `start/stop/logs/status/update`. Use whichever compose binary is available instead of hard‑coding the plugin.</violation>
</file>
Reply to cubic to teach it or ask questions. Re-run a review with @cubic-dev-ai review this PR
| const spinner = p.spinner(); | ||
| spinner.start("Pulling latest image..."); | ||
|
|
||
| const pullResult = spawnSync( |
There was a problem hiding this comment.
P1: Lifecycle commands always call docker compose, so setups that only have the legacy docker-compose binary (explicitly accepted by checkDockerCompose) immediately fail with ENOENT when running start/stop/logs/status/update. Use whichever compose binary is available instead of hard‑coding the plugin.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At packages/cli/src/main.ts, line 568:
<comment>Lifecycle commands always call `docker compose`, so setups that only have the legacy `docker-compose` binary (explicitly accepted by `checkDockerCompose`) immediately fail with ENOENT when running `start/stop/logs/status/update`. Use whichever compose binary is available instead of hard‑coding the plugin.</comment>
<file context>
@@ -550,185 +512,284 @@ Full guide: https://github.com/elie222/inbox-zero#microsoft-oauth-setup`,
+ const spinner = p.spinner();
+ spinner.start("Pulling latest image...");
+
+ const pullResult = spawnSync(
+ "docker",
+ ["compose", "-f", COMPOSE_FILE, "pull"],
</file context>
1 participant
Add admin-only config page and improve login error messaging while automating Homebrew formula updates and introducing standalone CLI lifecycle commands
Introduce an admin config page that reads env and
version.txt, add tailored login error handling viauseSearchParams, automate Homebrew formula version/SHA updates in the release workflow, and add standalone CLI commands for setup/start/stop/logs/status/update with local Docker orchestration.📍Where to Start
Start with the admin config server component in page.tsx, then review the login error handling in page.tsx and the CLI entry in main.ts.
📊 Macroscope summarized 7c96e24. 5 files reviewed, 17 issues evaluated, 10 issues filtered, 2 comments posted
🗂️ Filtered Issues
Formula/inbox-zero.rb — 0 comments posted, 3 evaluated, 3 filtered
sha256fields are placeholder strings ("REPLACE_WITH_DARWIN_ARM64_SHA256"). Homebrew validates the archive checksum at install time; using placeholders will cause a runtime install failure with a SHA256 mismatch for theon_macos on_armartifact. [ Out of scope ]sha256field is a placeholder ("REPLACE_WITH_DARWIN_X64_SHA256"). Homebrew will fail installation on macOS Intel due to checksum mismatch when fetchinginbox-zero-darwin-x64.tar.gz. [ Out of scope ]sha256field is a placeholder ("REPLACE_WITH_LINUX_X64_SHA256"). Homebrew will fail installation on Linux Intel due to checksum mismatch when fetchinginbox-zero-linux-x64.tar.gz. [ Out of scope ]packages/cli/src/main.ts — 2 comments posted, 14 evaluated, 7 filtered
ensureConfigDir()does not handle errors frommkdirSync(CONFIG_DIR, { recursive: true }). In standalone mode on systems where the home directory is not writable or the path cannot be created, this throws and terminates the process without a clear user-facing error or cleanup. A graceful error message and exit would be more robust. [ Low confidence ]"setup"toprocess.argvto run setup; now it callsprogram.help()which prints help and exits. This is an externally visible contract change that may break scenarios relying on implicitsetup. If intended, ensure documentation and dependent automation reflect this change. [ Low confidence ]apps/webdirectory exists before attempting to write the.envfile.ENV_FILEis set toresolve(REPO_ROOT, "apps/web/.env"), but there is no guard ensuringresolve(REPO_ROOT, "apps/web")exists in the current repository. Ifapps/webis missing (e.g., running this in a different repo layout),writeFileSync(ENV_FILE, ...)will throwENOENTat runtime and crash the process. Previously, the implementation guarded this by checkingexistsSync(resolve(PROJECT_ROOT, "apps/web"))and exiting with a helpful error; that check was removed. Add an explicit existence check forapps/web(or create it) before writing toENV_FILE, or restore the prior guard. [ Low confidence ]runStart, whenoptions.detachisfalse, the result ofspawnSync('docker', args, { stdio: 'inherit' })is never checked. Ifdocker compose upfails (e.g., Docker not installed or compose error), the function returns without reporting a failure or setting a non-zero exit code, leading to silent success despite an error. [ Low confidence ]child.on("close", (code) => { ... }), the promise resolves whenoptions.followis true regardless of the exitcode. This suppresses errors fromdocker compose logsin follow mode (e.g., invalid--tailvalue, missing compose file, daemon issues), leading to a silent success even when the subprocess fails. The logic should only resolve on successful termination or explicit user-initiated cancellation, and reject on non-zero exit codes even when following. [ Low confidence ]runStatus, the code does not check the result ofspawnSync('docker', ['compose', '-f', COMPOSE_FILE, 'ps'], { stdio: 'inherit' }). If the command fails, the function still exits with success and provides no error reporting, violating the expectation of a defined terminal state with correct error propagation. [ Low confidence ]fetch(COMPOSE_URL). Under network stalls or very slow responses, the CLI may hang indefinitely, providing no defined terminal state or fallback. [ Low confidence ]Summary by CodeRabbit
Release Notes
New Features
start,stop,logs,status, andupdate.Documentation
Chores
✏️ Tip: You can customize this high-level summary in your review settings.