feat: clarify setup completion page

[rupayon123]

Closes #25

This makes the final setup page less abrupt by confirming that credentials were saved, explaining that the setup UI is only for first configuration, and showing where backups are written by default.

Checks:

• git diff --check
• python3 -m py_compile src/init.py tests/test_init.py

I could not run python3 -m pytest tests/test_init.py locally because pytest is not installed in this environment.

• Updated the setup completion (/done) page to explicitly confirm credentials were saved and the app is switching to normal backup mode
• Clarified that the web-based setup UI is only for initial configuration and won’t be available for later operations
• Added guidance showing the default backup destination (DATA_DIR) on the completion page
• Extended tests to assert the completion page renders the actual DATA_DIR value in the HTML

Author	Lines Added	Lines Removed
rupayon123	175	0

Greptile Summary

This PR improves the setup completion page by adding informative messaging and addressing the two issues raised in the previous review round — HTML-escaping DATA_DIR before embedding it in the response and asserting the escaped value in the test.

• src/init.py: wraps DATA_DIR with html.escape before interpolation, and expands the completion page copy to confirm credentials were saved, note that the setup UI is one-time only, and display the default backup directory.
• tests/test_init.py: imports DATA_DIR and adds four new assertions, including f"<code>{escape(DATA_DIR)}</code>" in response.text, which closes the gap from the prior review.

Confidence Score: 5/5

Safe to merge — the change is a small, self-contained UI copy update with correct HTML escaping and matching test coverage.

Both issues from the previous review (unescaped path interpolation and missing DATA_DIR assertion in the test) are now properly addressed. validate_path already returns a plain str, so html.escape receives the right type. No new logic paths are introduced.

No files require special attention.

Important Files Changed

Filename	Overview
src/init.py	Adds html.escape for DATA_DIR before HTML interpolation and expands completion page copy; both previously raised issues are now resolved.
tests/test_init.py	Adds four new assertions to test_done_endpoint, including a check that the escaped DATA_DIR value is present in the rendered HTML.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant U as Browser
    participant F as FastAPI (/done)
    participant T as Shutdown Thread

    U->>F: GET /done
    F->>F: escape(DATA_DIR)
    F->>T: Thread(_shutdown).start()
    F-->>U: 200 HTML (setup complete, DATA_DIR shown)
    T->>T: time.sleep(2)
    T->>F: os.kill(pid, SIGTERM)

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant U as Browser
    participant F as FastAPI (/done)
    participant T as Shutdown Thread

    U->>F: GET /done
    F->>F: escape(DATA_DIR)
    F->>T: Thread(_shutdown).start()
    F-->>U: 200 HTML (setup complete, DATA_DIR shown)
    T->>T: time.sleep(2)
    T->>F: os.kill(pid, SIGTERM)

Loading

_{Reviews (4): Last reviewed commit: "Merge branch 'main' into ui-done-page-gu..." | Re-trigger Greptile}

[coderabbitai]

📝 Walkthrough

Walkthrough

The /done endpoint HTML in src/init.py is updated with a flex layout, left-aligned constrained panel, and expanded text explaining that credentials were saved, the app is switching to normal backup mode, and where backups are written using DATA_DIR. The existing test is extended with new assertions for those strings.

Changes

/done endpoint UI message and test

Layer / File(s)

Summary

/done HTML response and test assertions src/init.py, tests/test_init.py

html.escape import is added to done() function, then the HTML response is rewritten with flex/min-height styling and a left-aligned panel; message text now states credentials were saved, normal backup mode is starting, the UI is only for first-time setup, and specifies the backup output directory from escaped DATA_DIR. Test module imports DATA_DIR and test_done_endpoint gains new assertions verifying these strings in the response body, including DATA_DIR wrapped in a <code> element.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested labels

reviewed

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: clarify setup completion page' accurately captures the main change, which improves the setup completion page UI with better messaging and guidance.
Linked Issues check	✅ Passed	The PR addresses all three coding requirements from issue #25: displaying success confirmation, explaining setup UI scope, and showing backup location with proper HTML escaping for security.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to issue #25 requirements: the /done endpoint improvements, HTML escaping for security, and corresponding test updates are all within scope.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/test_init.py`:
- Around line 84-86: The assertions in the test only verify the presence of
static text phrases like "Backups will be written under" but do not verify that
the actual configured directory path (the DATA_DIR value) is being rendered in
the response. Add an assertion that checks for the actual interpolated backup
directory path value in response.text, such as verifying that the expected
DATA_DIR or its configured path appears in the response alongside or after the
"Backups will be written under" phrase. This ensures that a regression in path
interpolation would be caught by the test.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: fce193d9-ea61-4c10-9334-c4b23124d4dd

📥 Commits

Reviewing files that changed from the base of the PR and between 5fc212c and a50cb0b.

📒 Files selected for processing (2)

• src/init.py
• tests/test_init.py

[rupayon123]

Pushed the test update from the review. It now checks that the rendered page includes the actual DATA_DIR value, not just the surrounding backup-location text.

git diff --check and python3 -m py_compile src/init.py tests/test_init.py pass. pytest still isn’t installed in this local environment, so I couldn’t run the full test file here.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/test_init.py`:
- Line 87: The assertion at line 87 in tests/test_init.py currently validates
unsafe raw HTML interpolation by checking for unescaped DATA_DIR directly inside
the code tag. Replace this assertion to verify that DATA_DIR is properly escaped
(HTML-encoded) when rendered in the response from the /done endpoint. Instead of
expecting raw DATA_DIR in the markup, assert that the escaped/HTML-safe version
of the path appears in response.text. This ensures that the backup path
injection in src/init.py Line 78 is XSS-safe and the test enforces secure
rendering rather than locking in vulnerable behavior.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: b53b019b-a43e-4984-bfe4-bd39ec0b1c5e

📥 Commits

Reviewing files that changed from the base of the PR and between a50cb0b and 8fc50b8.

📒 Files selected for processing (1)

• tests/test_init.py

[mvfc]

Hi @rupayon123 thanks so much for your contribution.

[rupayon123]

Thanks, glad it helped. Happy to stay connected and help where I can.

[mvfc]

Thanks, glad it helped. Happy to stay connected and help where I can.

Always good to have contributions. I haven’t had enough time lately to dedicate to improving the project sadly. Got a new job and it’s intense. Once again thank you!