Skip to content

fix: remove dead Run Analysis button, URL-encode node IDs, replace Tailwind CDN#2

Merged
aksOps merged 4 commits into
mainfrom
fix/frontend-dead-button-url-encoding-tailwind-cdn
Mar 31, 2026
Merged

fix: remove dead Run Analysis button, URL-encode node IDs, replace Tailwind CDN#2
aksOps merged 4 commits into
mainfrom
fix/frontend-dead-button-url-encoding-tailwind-cdn

Conversation

@aksOps

@aksOps aksOps commented Mar 31, 2026

Copy link
Copy Markdown
Contributor

Summary

  • F1 (HIGH): Removed dead "Run Analysis" button that called non-existent POST /api/analyze. Replaced with CLI instructions showing code-iq index/enrich/serve pipeline.
  • F2 (MEDIUM): URL-encoded node IDs in HTMX hx-get attributes using Thymeleaf #uris.escapePathSegment() to handle : and / characters in IDs like yaml:path/to/file.yaml.
  • F3 (LOW): Replaced Tailwind CDN script with locally built CSS via existing Vite/PostCSS pipeline. Added build:explorer-css npm script, updated Tailwind config to scan Thymeleaf templates, created explorer.css entry point.

Test plan

  • ExplorerController tests pass (15/15)
  • Manual: Load web UI with code-iq serve on test project, verify styling renders correctly
  • Manual: Click "Details" on nodes with special characters in IDs (colons, slashes)
  • Manual: Verify empty state shows CLI instructions instead of dead button
  • Manual: Verify UI works offline (no CDN dependency)

🤖 Generated with Claude Code

aksOps and others added 4 commits March 31, 2026 17:28
@aksOps
checkpoint: pre-yolo 20260331-172845
abf7f92
@aksOps @Paperclip-Paperclip @claude
fix: remove dead Run Analysis button, URL-encode node IDs, replace Ta…
d28f062 
…ilwind CDN

- F1: Replace dead POST /api/analyze button with CLI instructions (index/enrich/serve)
- F2: URL-encode node IDs in HTMX hx-get attributes using #uris.escapePathSegment()
- F3: Build Tailwind CSS locally via existing Vite pipeline, remove CDN dependency

Co-Authored-By: Paperclip <noreply@paperclip.ing>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@aksOps @Paperclip-Paperclip @claude
fix: address code review — query params for node IDs, correct brand c…
9a310da 
…olors

- F2: Switch /ui/node and /ui/fragments/detail from path variables to
  query parameters (?nodeId=...) to avoid Tomcat %2F rejection for node
  IDs containing slashes. Use #uris.escapeQueryStringParam() in templates.
- F2: Update all th:href links in detail-panel, nodes-grid, and
  search-results to use query param format.
- F2: Update ExplorerController endpoints and tests accordingly.
- F3: Create separate explorer-tailwind.config.ts with original blue
  brand colors (#3b82f6/#2563eb) and 0.3s animation timing, avoiding
  regression in the React app's indigo branding.
- F3: Revert React tailwind.config.ts to original (no template scanning).
- F3: Add explorer.css to .gitignore as a build artifact.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@aksOps @Paperclip-Paperclip @claude
fix: encode kindEntry in hx-get path for consistency
14bdeb3 
Addresses CTO review note: kindEntry['kind'] in Quick View button's
hx-get was the only unencoded path segment. Low risk since kind values
are ASCII enum names, but now consistent with the encoding pattern.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@sonarqubecloud

sonarqubecloud Bot commented Mar 31, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@aksOps aksOps merged commit 88bf14c into main Mar 31, 2026
10 checks passed
@aksOps aksOps deleted the fix/frontend-dead-button-url-encoding-tailwind-cdn branch April 3, 2026 15:58
This was referenced Apr 25, 2026
Merged
Merged
aksOps added a commit that referenced this pull request Apr 25, 2026
@aksOps
chore(ci): add top-level permissions: read-all to workflows (RAN-46 A…
6c3b9e9 
…C) (#90)

Closes one of the audit gaps from RAN-46 AC #2 ("Workflow permissions:
default to read-all, scoped up per job") + Scorecard Token-Permissions
finding.

Before:
- ci-java.yml had no permissions declaration anywhere — relied on
  repo-default GITHUB_TOKEN scope (which can be write-all on older repos).
- beta-java.yml + release-java.yml only had job-level scopes; missing the
  explicit top-level read-all that Scorecard checks for.

After:
- All three workflows declare `permissions: read-all` at the top level.
- ci-java.yml's build job now declares `contents: read` explicitly
  (no other scopes needed — Sonar uses SONAR_TOKEN, not GITHUB_TOKEN).
- beta-java.yml and release-java.yml keep their existing job-level
  `contents: write` (and `packages: write` for beta) which override the
  top-level for the deploy/tag steps.

Audit confirmation (orthogonal to the (A)/(B) security-stack ruling
still pending on RAN-46):
- All `uses:` SHA-pinned across all 4 workflows (Pinned-Dependencies)
- No pull_request_target anywhere (Dangerous-Workflow)
- scorecard.yml already had `permissions: read-all` at top level
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aksOps