feat(shared): preview validation flags missing epds_handle_login_url

[aspiers]

Summary

• /preview/validate now emits a handle-login-url row covering epds_handle_login_url in client metadata
• Missing → warn (field is optional; absence means the "Or sign in with ATProto/Bluesky" button just isn't rendered)
• Present + http(s):// → ok (mirrors the real isSafeHttpUrl gate in auth-service/src/routes/login-page.ts, so localhost dev clients still pass)
• Present but javascript:, file:, unparseable → error (the login page silently refuses to render the button; validator now points it out instead of letting OAuth round-trips fail visibly)

Why

Up until now /preview/validate covered tos_uri, policy_uri, brand_color, branding.css, redirect_uris, etc. — but not epds_handle_login_url, which is the gate for the multi-PDS hand-off path on the login page. Adding it puts that field on the same pre-flight checklist client devs already use.

Test plan

• pnpm test packages/shared/src/__tests__/preview-validation.test.ts — 13 passed (3 new cases for ok/error/error)
• pnpm test — 1024 passed (no regressions)
• pnpm format:check — clean
• pnpm lint — clean
• pnpm typecheck — clean
• pnpm test:coverage — preview-validation.ts at 96%, new code covered
• Visual check of the rendered /preview/validate page against a metadata declaring + omitting epds_handle_login_url (left for human reviewer)

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes

• New Features
  • The preview validation now checks the ATProto/Bluesky hand-off URL configuration. Valid http(s) URLs pass validation, invalid schemes are flagged as errors, and missing values generate warnings.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
epds-demo	Ready	Preview, Comment	May 18, 2026 1:49pm

[changeset-bot]

🦋 Changeset detected

Latest commit: 1f54b7f

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[railway-app]

🚅 Deployed to the ePDS-pr-176 environment in ePDS

Service	Status	Web	Updated (UTC)
@certified-app/pds-core	✅ Success (View Logs)	Web	May 18, 2026 at 1:48 pm
@certified-app/auth-service	✅ Success (View Logs)	Web	May 18, 2026 at 1:46 pm
@certified-app/demo untrusted	✅ Success (View Logs)	Web	May 18, 2026 at 1:03 pm
@certified-app/demo	✅ Success (View Logs)	Web	May 18, 2026 at 1:01 pm

[coderabbitai]

Warning

Rate limit exceeded

@aspiers has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 10 minutes and 32 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4ac31d9c-73d2-415e-aa40-fc53a6465041

📥 Commits

Reviewing files that changed from the base of the PR and between 46227be and 1f54b7f.

📒 Files selected for processing (2)

• .changeset/preview-validate-handle-login-url.md
• packages/shared/src/client-metadata.ts

📝 Walkthrough

Walkthrough

This PR adds validation for the epds_handle_login_url client metadata field in the preview validation endpoint. The change includes a new validation check that warns when the field is missing, returns ok for valid http(s) URLs, and errors for invalid schemes or unparseable values, with corresponding test coverage and changelog documentation.

Changes

Handle login URL validation for ATProto/Bluesky integration

Layer / File(s)	Summary
Handle login URL validation implementation packages/shared/src/preview-validation.ts	Introduced checkHandleLoginUrl function to validate epds_handle_login_url in client metadata, returning warn for missing/empty, error for non-http(s) or unparseable values, and ok for valid http(s) URLs. Integrated into validateClientMetadataForPreview validation pipeline.
Test coverage for handle login URL validation packages/shared/src/__tests__/preview-validation.test.ts	Extended well-formed metadata fixture with epds_handle_login_url and updated existing tests to assert ok/warn outcomes. Added new test cases validating acceptance of http:// and https:// URLs, and rejection of non-http(s) schemes (javascript:) and unparseable values.
Changeset documentation .changeset/preview-validate-handle-login-url.md	Documented the new /preview/validate check for handle-login-url with behavior descriptions for all three severity outcomes (warn, ok, error).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• hypercerts-org/ePDS#115: Complements this PR by wiring the ATProto/Bluesky login button on the login page to the same epds_handle_login_url metadata field.

Suggested reviewers

• s-adamantine

Poem

🐰 A URL hops into the validation field,
Checking http and https with Bluesky zeal,
No javascript: schemes shall break the seal—
Safe hand-offs to ATProto, warmly revealed! 🔗

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a preview validation check for the epds_handle_login_url field with appropriate error/warning/ok handling.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch preview-validate-handle-login-url

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coveralls-official]

Coverage Report for CI Build 26037634100

Coverage increased (+0.2%) to 56.07%

Details

• Coverage increased (+0.2%) from the base build.
• Patch coverage: 11 of 11 lines across 1 file are fully covered (100%).
• No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.

---

Coverage Stats

Relevant Lines:	2951
Covered Lines:	1648
Line Coverage:	55.85%
Relevant Branches:	1818
Covered Branches:	1026
Branch Coverage:	56.44%
Branches in Coverage %:	Yes
Coverage Strength:	5.88 hits per line

---

💛 - Coveralls

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/shared/src/__tests__/preview-validation.test.ts (1)

149-193: ⚡ Quick win

Add a direct test for epds_handle_login_url: '' → warn.

You cover undefined (missing) and invalid/non-http(s), but not the explicit empty-string branch in the validator. Adding this avoids regressions on that specific path.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/shared/src/__tests__/preview-validation.test.ts` around lines 149 -
193, Add a test case that explicitly covers epds_handle_login_url set to the
empty string and asserts the validator returns a "warn" severity; specifically,
in packages/shared/src/__tests__/preview-validation.test.ts add a new it(...)
(or extend the existing cases) that calls mockFetchOnce with
epds_handle_login_url: '' for a sample client_id/redirect_uris, invokes
validateClientMetadataForPreview(url, null), finds the check with id
'handle-login-url', and expects check?.severity toBe('warn') so the empty-string
branch in the validator is exercised.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.changeset/preview-validate-handle-login-url.md:
- Line 7: Update the changeset's Affects line to list audiences in the mandated
order: "End users, Client app developers, Operators" (replace the current
"**Affects:** Client app developers" with the full ordered list) so the file
.changeset/preview-validate-handle-login-url.md conforms to the required
audience ordering.

---

Nitpick comments:
In `@packages/shared/src/__tests__/preview-validation.test.ts`:
- Around line 149-193: Add a test case that explicitly covers
epds_handle_login_url set to the empty string and asserts the validator returns
a "warn" severity; specifically, in
packages/shared/src/__tests__/preview-validation.test.ts add a new it(...) (or
extend the existing cases) that calls mockFetchOnce with epds_handle_login_url:
'' for a sample client_id/redirect_uris, invokes
validateClientMetadataForPreview(url, null), finds the check with id
'handle-login-url', and expects check?.severity toBe('warn') so the empty-string
branch in the validator is exercised.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 64118063-2cf0-46eb-883b-b9289cd85b7d

📥 Commits

Reviewing files that changed from the base of the PR and between 15505ce and 46227be.

📒 Files selected for processing (3)

• .changeset/preview-validate-handle-login-url.md
• packages/shared/src/__tests__/preview-validation.test.ts
• packages/shared/src/preview-validation.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Fix Affects to use the required ordered audience list.

Please update the line to include audiences in the mandated order.

Suggested patch

-**Affects:** Client app developers
+**Affects:** End users, Client app developers, Operators

As per coding guidelines, "Every changeset must include a Affects: line listing audiences (End users, Client app developers, Operators in that order)".

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	**Affects:** Client app developers
	**Affects:** End users, Client app developers, Operators

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.changeset/preview-validate-handle-login-url.md at line 7, Update the
changeset's Affects line to list audiences in the mandated order: "End users,
Client app developers, Operators" (replace the current "**Affects:** Client app
developers" with the full ordered list) so the file
.changeset/preview-validate-handle-login-url.md conforms to the required
audience ordering.

[aspiers]

Pushing back: the writing-changesets skill (.agents/skills/writing-changesets/SKILL.md) says "List only the audiences that actually need to adapt or will notice the change. Omit audiences that are not affected." This change only affects client app developers consuming /preview/validate — end users never see it, and operators have nothing to configure. Keeping **Affects:** Client app developers as-is.

[coderabbitai]

@aspiers, that's a fair correction — I misread the guideline as requiring all three audiences to always be listed, when in fact .agents/skills/writing-changesets/SKILL.md explicitly says to omit unaffected audiences. Since /preview/validate is a developer-facing tool that end users never see and operators have nothing to configure for, **Affects:** Client app developers alone is the right call. Sorry for the noise.

(ᵔ◡ᵔ)🐇

---

✏️ Learnings added

Learnt from: aspiers
Repo: hypercerts-org/ePDS PR: 176
File: .changeset/preview-validate-handle-login-url.md:7-7
Timestamp: 2026-05-18T13:44:58.247Z
Learning: In the ePDS repository, the writing-changesets skill (`.agents/skills/writing-changesets/SKILL.md`) requires listing only the audiences that actually need to adapt or will notice the change in the `**Affects:**` line of a changeset file. Audiences that are not affected should be omitted — do NOT default to listing all three audiences (End users, Client app developers, Operators) when some are not relevant to the change.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[Copilot]

Pull request overview

This PR extends the shared /preview/validate client-metadata preflight validator to include a new row (handle-login-url) that validates epds_handle_login_url, matching the auth-service login-page gate (http/https allowed; anything else errors; missing warns).

Changes:

• Add checkHandleLoginUrl() to validate epds_handle_login_url and include it in validateClientMetadataForPreview() output.
• Add unit tests covering epds_handle_login_url ok/warn/error cases.
• Add a changeset describing the additional /preview/validate row and its semantics.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
packages/shared/src/preview-validation.ts	Implements the new epds_handle_login_url validation check and wires it into the preview validation pipeline.
packages/shared/src/tests/preview-validation.test.ts	Adds coverage for the new check (ok for http/https, error for invalid/unparseable, warn when missing).
.changeset/preview-validate-handle-login-url.md	Documents the new /preview/validate output row and expected severities.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.