Revert recent GitHub App installation access changes#146
Closed
Revert recent GitHub App installation access changes#146
Conversation
Integrate ultracite as the Biome configuration preset across the monorepo, replacing manual biome.json configs with extends-based biome.jsonc files. Set up husky pre-commit hook with lint-staged to auto-fix staged files on commit.
- Create @quickhub/icons package wrapping @hugeicons/react with stable aliases - Add horizontal topbar with user avatar dropdown, nav tabs, and theme switcher - Establish layout shell: muted background surface with rounded content card - Add surface tokens (surface-0/1/2) for layered background levels - Tune typography: 13px body at weight 450, 500 for interactive elements - Configure dark mode with inverted surface hierarchy and elevated popovers - Update button, dropdown, and select components for consistent radius and transitions - Move dashboard route from /dashboard to / with protected layout wrapper
* Share local D1 state across worktrees * Only share local D1 state in worktrees
* Redesign overview page with metric cards and PR comment preview Rebuild the overview page with a contained max-w-3xl layout featuring Luma-style metric cards (open PRs, issues, review requests), a recent pull requests list with state-colored icons and inline comment preview, and a shared GitHub Flavored Markdown renderer in the UI package. * Extract PullRequestRow component and add custom scrollbar Move PullRequestRow into #/components/pulls/ for feature-based organization. Add custom scrollbar styles with stable gutter, thumb-only rendering, and auto-hide on inactivity. Add welcome header to overview. * Fix markdown images breaking inline flow in table cells
Build detail pages at /$owner/$repo/pull/$id and /$owner/$repo/issues/$id with two-column layout: content on the left (header, description, activity timeline with comments, comment box) and metadata sidebar on the right (reviewers, participants, assignees, milestones, details). PR view includes merge status card with CI checks, review state, branch status, and update branch action. Stacked participant avatars with tooltips. Smaller tooltip styling globally. Issue rows now link internally instead of to GitHub.
* Improve dashboard caching and preloading * Refine dashboard detail route loading
Configure remote D1 deployment
… polish (#24) - Add shiki-based syntax highlighting to markdown code blocks with custom Vercel light/dark themes, copy button, and React Suspense for flash-free rendering - Move issue labels to sidebar with theme-aware label pill styling - Add icons to PR detail sidebar rows (calendar, clock, message, file, commit) - Restructure PR header layout with copyable branch badges - Add diff boxes visualization to PR stats bar - Darken green-500 in light mode, switch to Geist Mono variable font
* Add PR review page with diff viewer, inline comments, and file tree Introduces a dedicated code review page at /$owner/$repo/review/$pullId powered by @pierre/diffs for syntax-highlighted diffs with multi-line comment support via gutter drag selection. Includes resizable file tree sidebar, review submission (Comment/Approve/Request Changes), and proper dark/light theme integration. * Fix CF Workers deployment: exclude shiki from server bundle Shiki's bundled language grammars (~1.5 MB) were being included in the server bundle via @pierre/diffs and markdown.tsx, pushing the worker over the 3 MiB free plan limit. - Add Vite plugin to stub shiki in SSR environment - Lazy-load PatchDiff component to avoid SSR import chain to shiki - Guard shiki highlighter initialization to client-only in markdown.tsx
…112) * Add comment reply action, thread rendering, and fix timeline date sorting - Add inline reply form for issue/PR comments with quoted parent context - Detect and render comment threads via blockquote pattern matching - Fix reviewed events missing timestamps by reading submitted_at fallback * Simplify CI to single pull_request trigger with no conditional guards * Deduplicate check runs by name in merge status card When a workflow re-runs, GitHub creates new check run entries with the same name but a new id. Keep only the latest run (highest id) per name so the checks list doesn't show stale skipped/cancelled duplicates.
Co-authored-by: Prem Sathisha Etagi <premsathisha@users.noreply.github.com>
* Refine PR merge and branch update permissions * show/hide bypass check based on met criterias --------- Co-authored-by: Alan Daniel <stylesshjs@gmail.com>
* fix: hide merge section for users without merge permissions * feat: merge commit form, close/reopen PR, and reviewers empty state - Add inline commit message form when merging (title + extended description, pre-filled from first commit) - Add close/reopen PR button next to send in comment box - Add updatePullState server function - Pass commitTitle and commitMessage through to GitHub merge API - Add empty state in reviews section when no reviewers added - Style commit form with surface background to match other sections * fix: simplify merge bypass to rely on server-provided status Remove client-side guesswork from bypass logic. Now only uses server-derived isMergeBlocked, canBypassProtections, and hasConflicts. No auto-bypass — user must explicitly opt in. Bypass hidden for conflicts since GitHub rejects those regardless of permissions.
* feat: add inbox page for GitHub notifications Adds a split-view inbox page (Linear-style) with notification list sidebar and content preview pane that renders actual PR/Issue detail pages. - Notification list with unread/all filter, mark as read/done, archive actions - Avatar stack showing all participants (author, assignees, reviewers, commenters) - Subject state-aware icons and colors (open/closed/merged) - Prefetch next notification's data on selection for instant navigation - Fix closed PR merge status display in detail header and activity feed - Repo name in preview header links to repo overview - Hoisted regexes and memoized components for performance * fix: use typed route params for repo link in inbox preview header * feat: add unread notification dot to inbox tab and polish inbox list - Show blue dot on Inbox nav tab when unread notifications exist - Remove bottom border from last inbox list item
Render RepoActivityCards (Pull Requests, Issues, Discussions) into the SidePanelPortal on the pulls and issues list pages, matching the repo overview layout. Also ensure the "View all" link always appears in activity cards even when there are no open items.
- Add "Browser extension" card in settings that detects whether the DiffKit extension is installed and prompts to install if not - Guard dashboard-presence.js with an origin check so it only sets data-diffkit-extension on DiffKit origins (fixes Firefox injecting the script on all sites when broader host permissions are granted) - Update Firefox extension store URL to canonical /addon/diffkit/ path
* feat: add test script and CI check for pull requests Wire up `pnpm test` via Turborepo to run Vitest across all workspace packages, and add a required Test job to the PR checks workflow. https://claude.ai/code/session_01Tw4Aikrys2TqqyAmC9AEXe * fix: align github.server and github-cache tests with refactored source - Mock `@tanstack/react-start/server` in github-cache tests to avoid slow dynamic import that caused a timeout on the first test - Add `Octokit.defaults` to the octokit mock so installation client tests can call the static method - Mock `configureGitHubRequestPolicies` and update assertions to match the refactored code that delegates request policies instead of configuring throttle/retry inline https://claude.ai/code/session_01Tw4Aikrys2TqqyAmC9AEXe * chore: rename test CI check to "Test Suite" https://claude.ai/code/session_01Tw4Aikrys2TqqyAmC9AEXe --------- Co-authored-by: Claude <noreply@anthropic.com>
* Fix shortcut hints * Polish shortcut navigation * Remove PR screenshot assets --------- Co-authored-by: Prem Sathisha Etagi <premsathisha@users.noreply.github.com>
* feat: add drag-to-reorder tabs and "close merged" context menu option - Add native HTML drag-and-drop to reorder dashboard tabs, persisted to localStorage - Add "Close merged" context menu option with purple PR icon to bulk-close merged PR/review tabs - Track merged state on tabs via explicit `merged` field with iconColor fallback for existing tabs * fix: add merged field to useRegisterTab type signature
…lob/tree routes * feat: add file explorer with tree sidebar, syntax highlighting, and blob/tree routes Add a split-panel code explorer accessible from the repo overview file tree. Clicking any file or folder navigates to tree/blob routes matching GitHub's URL convention. The explorer features: - Resizable left sidebar with recursive file tree (lazy-loaded directories) - Folder view with commit messages and timestamps in the right pane - Shiki syntax-highlighted code viewer with line numbers, copy, and raw download - File-specific latest commit bar (fetches last commit affecting that file) - Progressive BFS prefetching of all tree nodes to eliminate loading spinners - Mobile drawer pattern for file tree (matches review page) - Ref parsing from splat URLs with longest-branch-match strategy * feat: shared file search, per-entry commits, image preview, and UI polish - Extract file search card into shared component for reuse across repo sidebar and PR review page - Add fuzzy file search library (fuzzy-file-search.ts) - Fetch per-entry last commit data in folder view and file tree (commit message + relative time) - Render image files (png, jpg, gif, etc.) as media preview instead of blob content - Add preview/code toggle for SVG files - Fix long-line background rendering by moving overflow to outer wrapper with sticky line numbers - Split directory node click: arrow toggles expand, name navigates to folder - Center README content with max-w-3xl and increased vertical padding - Use bg-surface-1 for latest commit bar - Align search card top padding with content pane - Add F shortcut to focus search in PR review page * perf: optimize re-renders and batch commit queries - Batch per-entry commit messages into a single GraphQL query with aliased history fields instead of N separate REST calls - Add explorer-path-store (useSyncExternalStore) so tree nodes subscribe to derived isActive booleans — only 2 nodes re-render on navigation - Memoize scope objects in route components to stop busting memo on every child - Prevent same-URL navigation on already-active tree nodes - Stabilize callbacks in RepoExplorerLayout (useCallback + imperative reads from store) - Isolate pathname subscription in dashboard-tabs via ScrollActiveTabIntoView renderless component - Fix branch switch in blob view navigating to tree route - Add light-mode border to branch selector button
* feat: filter private repos by GitHub App installation access Build a cached installation access index that tracks which repos/owners the GitHub App is installed for. Private repos are only shown if the owning account has an "all" installation or the specific repo is in the "selected" set. Public repos always pass through. - Add `installationAccess` signal key and cache policy (30 min stale) - Webhook events (installation, installation_repositories, github_app_authorization) invalidate the index immediately - `getInstallationAccessIndex` fetches installations and paginates selected repos, cached via getOrRevalidateGitHubResource - `isRepoVisibleWithInstallationAccess` filter utility (fail-open when no app is configured) - Apply filter in `getUserRepos` (parallel fetch with repo list) - Expose `getInstallationAccess` server function for other consumers - 7 new tests covering all filter scenarios * feat: extend installation access filtering to all GitHub data flows Add isPrivate to RepositoryRef and all GraphQL repository fragments so the installation access filter can be applied everywhere, not just getUserRepos. - Add isPrivate to RepositoryRef type and GitHubGraphQLRepositoryRef - Update buildRepositoryRef, parseRepositoryRef, mapGraphQLRepositoryRef - Add isPrivate to GraphQL fragments for pull search, issue search, pull detail, and issue detail queries - Add generic filterItemsByInstallationAccess helper and specialized filterMyPullsResult / filterMyIssuesResult wrappers - Apply filter in getMyPulls, getMyIssues (parallel fetch with result) - Apply filter in searchCommandPaletteGitHub (parallel with search) - Apply filter in getNotifications (parallel with notification fetch) - Apply filter in getUserPinnedRepos * chore: add debug logs throughout installation access filtering Add debug() calls so the access index building and filtering behavior is fully observable in local dev: - Log when fetching the index (cache miss vs resolved from cache) - Log each installation's access mode (all/selected/suspended) - Log the full built index (owners, repos, counts) - Log whenever items are filtered out, with repo names and counts (getUserRepos, getMyPulls, getMyIssues, command palette, notifications, pinned repos) * feat: refresh installation access cache when returning from GitHub Add visibilitychange listener to /setup page and access dialog that busts the server-side installation access cache and invalidates all GitHub queries when the user returns from configuring permissions. * fix: address review feedback on installation access filtering - Paginate GET /user/installations (handles >100 installations) - Let transient API errors propagate instead of silently failing open - Use app-user client (not OAuth) for listInstallationReposForAuthenticatedUser - Default unknown repo visibility to null instead of false (public), so REST search results are checked against the access index - Wrap refreshInstallationAccess in try/finally so client-side cache invalidation runs even if the server call fails
…elect * feat: add open current page on github shortcut and command to cmd+k select * chore: reconsidered ui change * feat: Do not apply extension redirects for certain referers.
* feat: persist selected clone protocol in code explorer * apply suggestion
…nges Subscribe pulls/issues mine and repos.list caches to installationAccess signals, bust installation access row on refresh, so setup changes reflect immediately instead of waiting for unrelated cache TTLs.
* feat(comments): R2 media uploads and composer improvements Add Cloudflare R2-backed image/video upload for issue/PR comments (multipart route, finalize HTML embeds). Integrate react-dropzone with inline uploading placeholders, scroll-to-actions when needed, and remote R2 binding for local dev. Extend MarkdownEditor with field-sizing, non-blocking uploads, replaceUploadPlaceholder, and conditional scroll behavior. Document optional R2_PUBLIC_BASE_URL in .dev.vars.example. * fix(ci): disable Cloudflare remote bindings during Vitest Wrangler remote mode (R2 remote: true) requires wrangler login; GitHub Actions has no session, so Vitest failed at Vite startup. Set @cloudflare/vite-plugin remoteBindings to false when CI or VITEST is set so tests use local Miniflare only.
* Fix navbar avatar fallback * Delay avatar fallback to prevent initials flash on refresh * Render avatar fallback immediately when image is missing --------- Co-authored-by: Prem Sathisha Etagi <premsathisha@users.noreply.github.com>
…cess changes" This reverts commit 4f54751.
This reverts commit 96314e9.
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (9)
💤 Files with no reviewable changes (8)
📝 WalkthroughWalkthroughThis PR removes the GitHub App "installation access" feature, including the Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
diffkit | 31bf18c | Apr 17 2026, 05:28 AM |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Rolls back the two recent installation-access / cache commits while #144 is investigated:
4f54751— fix(dashboard): revalidate GitHub caches when installation access changes96314e9— feat: filter private repos by GitHub App installation accessRefs #144.
Caveat
The error reported in #144 is
GitHub App user token request failed: The refresh token passed is invalid or expired, thrown atapps/dashboard/src/lib/github-app.server.ts:168. The reverted commits do not touch refresh-token handling (last modified in #81), so this rollback alone is unlikely to resolve #144. The underlying cause is more likely a GitHub App config change on github.com (rotated client secret or modified OAuth scopes), which invalidates stored refresh tokens and requires affected users to re-authorize.Test plan
https://claude.ai/code/session_0164JeZoFFZeeksCUR3vo4RF
Summary by CodeRabbit
Release Notes