Skip to content

fix(ui): wire the /surfaces public_safe/auth/rate_limited filter shortcuts (#3975)#4950

Merged
JSONbored merged 1 commit into
JSONbored:mainfrom
rust-toml:feat/ui-surfaces-filter-shortcuts
Jul 13, 2026
Merged

fix(ui): wire the /surfaces public_safe/auth/rate_limited filter shortcuts (#3975)#4950
JSONbored merged 1 commit into
JSONbored:mainfrom
rust-toml:feat/ui-surfaces-filter-shortcuts

Conversation

@rust-toml

Copy link
Copy Markdown
Contributor

Summary

Closes #3975

The nav mega-menu links to /surfaces?public_safe=1, ?auth=required, and ?rate_limited=1, but surfaces.tsx validated against the shared tableSearchSchema (no such params) and its predicate never read them — so all three shortcuts silently rendered the unfiltered list.

This adds a surfaces-local surfacesSearchSchema (extends the shared schema, so the sibling /subnets schema stays lean) and moves the row predicate into a pure, unit-tested matchesSurfaceFilters: public_safes.public_safe, auths.auth_required (required/none), rate_limited→ the per-row rate_limit_notes. Reset + active-filter indicator now cover them too.

Gates

typecheck ✓ · unit tests ✓ (8 new: every filter branch) · prettier ✓ · build ✓ · responsive-overflow e2e ✓

Screenshots

Shown on ?auth=required (the demonstrable case: 188 → 2 rows). All 3 filters are covered by the 8 unit tests.

Viewport · Theme Before After
Mobile · Light
filter ignored — full list

2 auth-gated surfaces
Mobile · Dark
filter ignored — full list

2 auth-gated surfaces
Tablet · Light
filter ignored — full list

2 auth-gated surfaces
Tablet · Dark
filter ignored — full list

2 auth-gated surfaces
Desktop · Light
filter ignored — full list

2 of 1598
Desktop · Dark
filter ignored — full list

2 of 1598

…tcuts (JSONbored#3975)

The nav mega-menu links to `/surfaces?public_safe=1`, `?auth=required`, and
`?rate_limited=1`, but `surfaces.tsx` validated against the shared
`tableSearchSchema` (which has none of those params) and its filter predicate
never read them — so all three shortcuts silently rendered the unfiltered list.

Add a surfaces-local `surfacesSearchSchema` that extends the shared schema with
the three params (kept off `tableSearchSchema` so the sibling /subnets route
stays lean), and move the row predicate into a pure, unit-tested
`matchesSurfaceFilters`: `public_safe` → `s.public_safe`, `auth` →
`s.auth_required` (required/none), `rate_limited` → the per-row
`rate_limit_notes`. The reset action and active-filter indicator now account
for the three params too.

Closes JSONbored#3975
@rust-toml rust-toml requested a review from JSONbored as a code owner July 12, 2026 12:24
@superagent-security

Copy link
Copy Markdown

Superagent didn't find any vulnerabilities or security issues in this PR.

@codecov

codecov Bot commented Jul 12, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.93%. Comparing base (7f90522) to head (9cfcf5f).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #4950   +/-   ##
=======================================
  Coverage   97.93%   97.93%           
=======================================
  Files         163      163           
  Lines       19389    19389           
  Branches     7364     7364           
=======================================
  Hits        18989    18989           
  Misses         53       53           
  Partials      347      347           
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@loopover-orb loopover-orb Bot added the gittensor:bug Gittensor-scored bug fix or unsolicited PR — scores a 0.05x multiplier. label Jul 12, 2026
@loopover-orb

loopover-orb Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Warning

🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

⏸️ Gittensory review result - manual review recommended

Review updated: 2026-07-13 00:34:02 UTC

4 files · 1 AI reviewer · no blockers · readiness 100/100 · CI green · clean

⏸️ Suggested Action - Manual Review

  • Touches a guarded path — held for manual review: This PR changes guardrail-protected path(s): apps/ui/src/lib/metagraphed/surface-filters.test.ts (matched apps/ui/**), apps/ui/src/lib/metagraphed/surface-filters.ts (matched apps/ui/**), apps/ui/src/lib/metagraphed/types.ts (matched apps/ui/**), apps/ui/src/routes/surfaces.tsx (matched apps/ui/**).

Review summary
This PR wires three previously-dead query params (public_safe, auth, rate_limited) into /surfaces filtering by extending the route's search schema and extracting the row predicate into a pure, unit-tested matchesSurfaceFilters function. The logic is correct: public_safe checks s.public_safe truthiness, auth=required/none checks s.auth_required, and rate_limited checks presence of the new rate_limit_notes field, with reset/active-filter indicators updated to match. The change is scoped, tested (8 new unit tests covering every branch), and keeps the sibling /subnets schema untouched as claimed.

Nits — 6 non-blocking
  • types.ts adds rate_limit_notes as a new optional Surface field without evidence it's actually returned by the API — confirm the backend/schema source populates this field, otherwise the rate_limited filter will always evaluate false.
  • surfacesSearchSchema uses free-form z.string() for public_safe/auth/rate_limited rather than a stricter enum/literal union, so e.g. auth=bogus silently falls through to 'no filter applied' instead of being rejected or surfaced as invalid.
  • Consider a z.enum(['required','none','']) for `auth` to make invalid query values fail closed/visible rather than silently no-op.
  • surface-filters.ts could re-export SurfacesSearch from a shared location if /subnets later needs similar shortcuts, though current single-file placement is appropriate for now.
  • apps/ui/src/lib/metagraphed/surface-filters.ts:13 accepts any non-empty public_safe or rate_limited value, so ?public_safe=0 and ?rate_limited=0 still enable those filters; consider narrowing these shortcut params to the documented "1" value.
  • Touches a guarded path — held for manual review — A maintainer must review and merge this change.
Signal Result Evidence
Code review ✅ No blockers 1 reviewer
Linked issue ✅ Linked #3975
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (1 linked issue).
Validation posture ✅ 25/25 PR body includes validation/test evidence.
Contributor workload ✅ 10/10 Author activity: 17 registered-repo PR(s), 8 merged, 5 issue(s).
Contributor context ✅ Confirmed Gittensor contributor rust-toml; Gittensor profile; 17 PR(s), 5 issue(s).
Gate result ⚠️ Not blocking Advisory; not blocking this PR.
Review context
  • Author: rust-toml
  • Role context: outside_contributor
  • Public audience mode: oss maintainer
  • Lane context: Repository is configured for direct PR review.
  • Public profile languages: not available
  • Official Gittensor activity: 17 PR(s), 5 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Keep the PR focused and include validation evidence before maintainer review.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.
[BETA] Chat with Gittensory

Ask Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.

  • @gittensory ask <question> answers contribution-quality Q&A with source citations and freshness.
  • @gittensory chat <question> answers in natural prose from cached decision-pack facts via local inference (maintainer/collaborator; read-only).
  • A plain-language @gittensory mention with a real question is routed to the closest matching read-only command automatically -- no exact syntax required.

Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands

Visual preview
Route Viewport Before (production) After (this PR's preview) Diff
/surfaces desktop before /surfaces after /surfaces
/surfaces mobile before /surfaces (mobile) after /surfaces (mobile)

Click any thumbnail to open the full-size screenshot. Before = production · After = this PR's preview deploy.

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@JSONbored JSONbored merged commit 7aaccfe into JSONbored:main Jul 13, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix or unsolicited PR — scores a 0.05x multiplier. manual-review Gittensor contributor context

Projects

Development

Successfully merging this pull request may close these issues.

Mega-menu Surfaces "filters" section (public_safe/auth/rate_limited) is entirely unimplemented

2 participants