Skip to content

fix: code review follow-ups - flush() race + extension/dashboard hardening#24

Merged
BODMAT merged 9 commits into
developmentfrom
fix/code-review-improvements
Jun 2, 2026
Merged

fix: code review follow-ups - flush() race + extension/dashboard hardening#24
BODMAT merged 9 commits into
developmentfrom
fix/code-review-improvements

Conversation

@BODMAT

@BODMAT BODMAT commented Jun 2, 2026

Copy link
Copy Markdown
Owner

What

Addresses code review findings across the extension and dashboard: one real concurrency bug (duplicate events on sync) plus a set of small robustness/UX fixes. Also ships two UX additions: a clickable popup title and a dashboard footer linking to GitHub releases.

Changes

Code

  • extension/src/background/sync.ts — re-entry guard in flush() (the alarm and the inline SESSION_STOP flush can no longer run concurrently) + re-read of the queue before slicing so events appended by content scripts during an await aren't dropped. Eliminates duplicate events in the DB.
  • extension/src/background/index.ts — single decodeJwtPayload() (one atob parse instead of two); ensureDbSession() now logs failures instead of a silent void; extracted isTrackBlocked() (removed duplicated blocklist check in two places); exhaustiveness guard (never) on the message-type dispatcher.
  • extension/src/popup/index.html + popup.css — the WORKTRACE title is now a link to worktrace-ecru.vercel.app.
  • dashboard/app/dashboard/reports/report-form.tsx — localStorage QuotaExceededError is no longer swallowed: it surfaces as a toast.
  • dashboard/app/dashboard/reports/api-key-modal.tsx — validate the Groq key by its gsk_ prefix + inline hint, instead of a length-only check.
  • dashboard/app/dashboard/layout.tsx — footer with a link to GitHub releases (styled like the header: bg-bg/95 backdrop-blur).

Tooling / config

  • None.

Docs / plan

  • n/a — code review follow-ups, no dedicated plan file.

Design decisions

  • Re-entry guard via a module-level flushing boolean. The service worker is single-threaded, so a synchronous check before the first await is enough to serialise — no need for a persistent lock in storage.
  • Re-read pendingEvents before slice. Sent events are always at the head of the queue; new ones are appended to the tail by content scripts writing directly to storage, so we only drop sentCount from the fresh state.
  • Exhaustiveness guard (never) on message types — a new message type now triggers a compile error instead of being silently ignored.
  • Client-side gsk_ validation — reject an invalid key early, before encryption/storage; the backend remains the source of truth (Groq auth error).

Verification

  • npm run typecheck (extension) — clean (npx tsc --noEmit)
  • npm run lint (dashboard) — clean (lint-staged on commit)

Out of scope (future PRs)

  • .max() limits on event content/tags + a cap on the number of events in report-context.
  • Inconsistent malformed-JSON handling (500 instead of 400) in the events/tracks routes.
  • CORS headers on thrown errors in withCors.

Closes

  • n/a — repo-meta / code-review follow-up with no dedicated AC.

@vercel

vercel Bot commented Jun 2, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
worktrace Ready Ready Preview, Comment Jun 2, 2026 6:07pm

@BODMAT BODMAT merged commit a5c0c49 into development Jun 2, 2026
4 checks passed
@BODMAT BODMAT deleted the fix/code-review-improvements branch June 2, 2026 18:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant