Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 34 additions & 10 deletions bun.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

63 changes: 63 additions & 0 deletions docs/pr-review-workflow.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# PR Review Comment Workflow

Use this workflow when an agent is asked to handle GitHub PR review feedback.
It is intentionally generic enough to copy into other repositories.

## Safety

- Do not paste tokens, secrets, private data, or real customer data into chat, logs, commits, tests, or GitHub replies.
- Prefer repository-scoped credentials with the minimum permissions needed.
- Keep authentication local to the machine, for example through `gh`, environment variables, or ignored local files.
- Do not stage, commit, push, comment, or resolve GitHub threads without explicit user approval.

## Flow

1. Fetch all unresolved review threads first.
- Preserve thread IDs, file paths, line anchors, resolution state, and whether comments are outdated.
- Avoid relying only on flat comment lists when thread state matters.

2. Summarize the review map before editing.
- List each actionable thread.
- For each thread, state what it claims, whether it appears accurate, and the intended action.
- Separate duplicate, outdated, informational, or ambiguous comments from actionable ones.

3. Validate each comment against the code.
- Inspect the relevant code and surrounding behavior.
- Do not assume the reviewer is correct.
- If the comment is inaccurate, record the reason for the eventual reply.

4. Fix valid comments locally.
- Keep changes traceable to the review thread.
- Prefer cohesive local fixes over one commit or push per comment.
- If a comment conflicts with product intent or another comment, pause and explain the tradeoff.

5. Verify after the selected fixes.
- Run the smallest useful tests for narrow changes.
- Run broader checks for shared behavior, schema changes, auth, exports, imports, or UI flow.
- Record exactly which checks passed or could not be run.

6. Summarize local results to the user.
- List fixed threads.
- List intentionally unchanged threads and why.
- List files changed and verification commands.
- Ask before staging, committing, pushing, or posting GitHub replies.

7. Reply to GitHub threads only after approval.
- Reply after code is pushed when a code fix was made.
- Include the commit SHA or short SHA that contains the fix when one is available.
- Keep replies concise and specific: what changed, what check supports it, or why it was left unchanged.
- Leave thread resolution to the user unless they explicitly ask the agent to resolve threads.

## Reply Style

Good replies:

- `Addressed in abc1234 by moving the shared state object out of the server-action file so it only exports async functions. Verified with pnpm typecheck.`
- `Leaving this unchanged: the route intentionally returns 401 before period lookup so unauthenticated requests do not reveal period state.`
- `Partially addressed: the UI now disables the import controls for locked periods, and the server action still enforces the lock as a race-condition guard.`

Avoid:

- exposing secrets, raw financial data, or decrypted identifiers;
- vague replies like `Fixed`;
- resolving threads without the user's permission.
7 changes: 5 additions & 2 deletions env.sample
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
HASURA_GRAPHQL_ADMIN_SECRET=
NEXT_PUBLIC_API_URL=
EMAIL_REFERRALS_API_URL=
FORM_INGEST_API_KEY=
DISCORD_BOT_TOKEN=
DISCORD_CONSULTATION_CHANNEL_ID=
SENDGRID_API_KEY=
SENDGRID_FROM_EMAIL=
SENDGRID_TO_EMAILS=
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,12 @@
"@radix-ui/react-tabs": "^1.1.12",
"@radix-ui/react-toast": "^1.2.14",
"@radix-ui/react-tooltip": "^1.2.8",
"@sendgrid/mail": "^8.1.6",
"@tanstack/react-query": "^5.85.5",
"@vercel/analytics": "^2.0.1",
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"cmdk": "^1.1.1",
"fathom-client": "^3.7.2",
"graphql-request": "^7.3.2",
"lucide-react": "^0.545.0",
"next": "15.5.7",
"next-themes": "^0.4.6",
Expand Down
Binary file added public/images/ship-front-c.webp
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
7 changes: 0 additions & 7 deletions public/witch/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -171,13 +171,6 @@
(n.className += t + "touch");
})(window, document);
</script>
<!-- Fathom - beautiful, simple website analytics disable - use the fathom component instead -->
<!-- <script
src="https://cdn.usefathom.com/script.js"
data-site="ASGWDEGI"
defer
></script> -->
<!-- / Fathom -->
<link href="images/favicon.png" rel="shortcut icon" type="image/x-icon" />
<link href="images/webclip.png" rel="apple-touch-icon" />
<style>
Expand Down
84 changes: 10 additions & 74 deletions src/app/api/applications/route.ts
Original file line number Diff line number Diff line change
@@ -1,75 +1,11 @@
import { NextRequest, NextResponse } from "next/server";
import { APPLICATION_CREATE_MUTATION } from "@/lib/queries";
import client from "@/lib/gql-client";
import { applicationApiSchema } from "@/lib/validation";
import { z } from "zod";

export async function POST(request: NextRequest) {
try {
const body = await request.json();

// Validate the request body structure
const validationResult = applicationApiSchema.safeParse(body);

if (!validationResult.success) {
const errors = validationResult.error.issues.map((issue: z.ZodIssue) => ({
field: issue.path.join("."),
message: issue.message,
}));

return NextResponse.json(
{
success: false,
error: "Validation failed",
details: errors,
},
{ status: 400 }
);
}

const { applicationData } = validationResult.data;

console.log("applicationData", applicationData);

// Get the token from the request headers or body
const token =
request.headers.get("authorization")?.replace("Bearer ", "") ||
body.token;

// if (!token) {
// return NextResponse.json(
// { error: "Authentication token required" },
// { status: 401 }
// );
// }

// Create GraphQL client with token
const gqlClient = client({ token });

// Execute the mutation
const result = await gqlClient.request(APPLICATION_CREATE_MUTATION, {
application: applicationData,
});

return NextResponse.json(
{
success: true,
data: result,
message: "Application submitted successfully",
},
{ status: 200 }
);
// eslint-disable-next-line @typescript-eslint/no-explicit-any
} catch (error: any) {
console.error("Error submitting Application:", error);

return NextResponse.json(
{
success: false,
error: error.message || "Failed to submit Application",
details: error.response?.errors || error,
},
{ status: 500 }
);
}
import { NextResponse } from "next/server";

export async function POST() {
return NextResponse.json(
{
success: false,
error: "Application intake has been deprecated",
},
{ status: 410 }
);
}
Loading