A voting app where users rank options#3
Conversation
…dio.test.group-vote12@0.1.0)
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
…dio.test.group-vote@0.1.0)
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
Bugbot Autofix prepared fixes for all 3 issues found in the latest run.
- ✅ Fixed: Environment variable overrides correct package name with wrong value
- Removed the incorrect VITE_PACKAGE_NAME=com.calimero.chat from .env so the app now correctly uses APP_PACKAGE from studio.config.json.
- ✅ Fixed: Variable named base58 but encoded as base64
- Renamed the variable from publicKeyBase58 to publicKeyBase64 to accurately reflect that it uses base64 encoding.
- ✅ Fixed: Unused MAX_NAME_LEN constant in Sidebar component
- Removed the unused MAX_NAME_LEN constant as it was never referenced in the component.
Or push these changes by commenting:
@cursor push de039f2c25
Preview (de039f2c25)
diff --git a/app/.env b/app/.env
--- a/app/.env
+++ b/app/.env
@@ -1 +1,0 @@
-VITE_PACKAGE_NAME=com.calimero.chat
\ No newline at end of file
diff --git a/app/e2e/global-setup.ts b/app/e2e/global-setup.ts
--- a/app/e2e/global-setup.ts
+++ b/app/e2e/global-setup.ts
@@ -76,14 +76,14 @@
refreshToken: string;
}> {
const keypair = nacl.sign.keyPair();
- const publicKeyBase58 = Buffer.from(keypair.publicKey).toString('base64');
+ const publicKeyBase64 = Buffer.from(keypair.publicKey).toString('base64');
const resp = await fetch(`${adminUrl}/auth/token`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
auth_method: 'user_password',
- public_key: publicKeyBase58,
+ public_key: publicKeyBase64,
client_name: 'playwright-e2e',
timestamp: Date.now(),
permissions: ['context:create', 'context:list', 'context:execute', 'admin:*'],
diff --git a/app/src/components/Sidebar.tsx b/app/src/components/Sidebar.tsx
--- a/app/src/components/Sidebar.tsx
+++ b/app/src/components/Sidebar.tsx
@@ -3,8 +3,6 @@
import { Vote } from '../api/voting/VotingClient';
import type { WorkspaceRecord } from '../hooks/useVotingWorkspace';
-const MAX_NAME_LEN = 20;
-
interface SidebarProps {
// Workspace selector
workspaces: WorkspaceRecord[];You can send follow-ups to the cloud agent here.
Reviewed by Cursor Bugbot for commit d75bed3. Configure here.
| @@ -0,0 +1 @@ | |||
| VITE_PACKAGE_NAME=com.calimero.chat | |||
There was a problem hiding this comment.
Environment variable overrides correct package name with wrong value
High Severity
VITE_PACKAGE_NAME is set to com.calimero.chat but studio.config.json declares the correct package as com.calimero-studio.test.group-vote. In App.tsx, the env var takes precedence over APP_PACKAGE, so the app connects to the wrong backend package at runtime during development.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit d75bed3. Configure here.
| refreshToken: string; | ||
| }> { | ||
| const keypair = nacl.sign.keyPair(); | ||
| const publicKeyBase58 = Buffer.from(keypair.publicKey).toString('base64'); |
There was a problem hiding this comment.
Variable named base58 but encoded as base64
Medium Severity
The variable publicKeyBase58 is encoded using toString('base64'), not base58. If the auth endpoint expects base58-encoded keys (common in the Calimero/NEAR ecosystem), authentication will fail with an invalid key format. If it expects base64, the naming is dangerously misleading.
Reviewed by Cursor Bugbot for commit d75bed3. Configure here.
| import React from 'react'; | ||
| import type { GroupMember } from '@calimero-network/mero-react'; | ||
| import { Vote } from '../api/voting/VotingClient'; | ||
| import type { WorkspaceRecord } from '../hooks/useVotingWorkspace'; |
There was a problem hiding this comment.
Unused MAX_NAME_LEN constant in Sidebar component
Low Severity
MAX_NAME_LEN is declared but never referenced anywhere in the Sidebar.tsx component, making it dead code.
Reviewed by Cursor Bugbot for commit d75bed3. Configure here.



Publish com.calimero-studio.test.group-vote12@0.1.0
Note
Medium Risk
Large addition of new frontend app scaffolding plus Playwright infrastructure that spins up and authenticates multiple
merodnodes; failures are most likely around environment assumptions (binary resolution, ports, auth) and test flakiness rather than runtime security changes.Overview
Introduces a new
app/Vite + React application for collaborative ranked voting, including screens to create votes, reorder and submit/update rankings, close votes (organizer-only), and compute/display live aggregated results.Adds generated ABI clients (notably
VotingClient) plus config wiring viastudio.config.json, and new Playwright E2E harness (global-setup/teardown, helpers, and organizer/voter/participant specs) that boots 1–3 localmerodnodes with embedded auth, installs the built.mpk, and drives cross-node sync scenarios.Also adds supporting tooling/config (
.nvmrc, apppackage.json/lockfile,codegen+merod-installscripts) and tightens.gitignoreto exclude build/runtime data directories while preserving committed bundle artifacts.Reviewed by Cursor Bugbot for commit d75bed3. Bugbot is set up for automated code reviews on this repo. Configure here.