Fix 28 verified code-review bugs (for v1.0.2)#22
Merged
Conversation
…ate crashes - #8 ResumePdfGenerator: BuildHeader was never attached, so resumes had no name/email/phone. Render it once at the top of the content. - #7 linkedin-easy-apply.json: key was "urlMatch"; the loader expects "url_match" (JsonPropertyName), so the template never matched a URL. - #9 CloudLLMProvider: Gemini model listing filtered the model NAME for "generateContent" (which lives in supportedGenerationMethods), so it always returned zero models. Filter on that array instead. - #10 SafetyService: normalize null Skills/Experience/Education/Bullets from LLM JSON before the checks (STJ can overwrite the = new() initializers with null). - #11 SafetyService: guard .Max() over an experience entry with zero bullets. - #13(cloud) CloudLLMProvider: dispose the 5 HttpResponseMessage in the availability/model-list probes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…s-save UX - #1 CdpBrowserService.Dispose: run the async path via Task.Run so DisposeAsync continuations don't marshal back to a blocked WPF UI thread at shutdown. - #3 CdpBrowserService: serialize concurrent SendAsync with a SemaphoreSlim (ClientWebSocket.SendAsync is not thread-safe; the singleton is shared by discovery and apply). - #20 EnvoySettings.Encrypt: rethrow on DPAPI failure instead of returning null so a lost key surfaces as a failed save; FindJobsView guards the Brave-key set. - #23 DashboardView: re-enable BtnLaunchChrome in the catch (was stuck disabled after a launch error). - #25 LLMSettingsView: ActivateProvider and Model_Click now check Save() and warn when settings.json can't be written instead of reporting success. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ATS DI - #14 OllamaProvider: reuse one OllamaApiClient (built in ctor) instead of a new client with its own HttpClient per completion. - #13 OllamaProvider: dispose the /api/tags probe responses. - #34 GreenhouseSource: use first_published for PostedAtUtc (fall back to updated_at) so posting-age and repost signals see the real age. - #28 AtsCrossCheckSignal, #29/#30 JobDiscoveryService: honor caller cancellation (rethrow) instead of reporting it as "ATS unreachable"/board/search failure. - #6 GhostDetection ServiceRegistration: constrain the AddHttpClient reflection to the single-generic-arg overload so MakeGenericMethod can't throw. - #31 AtsCrossCheck HttpClient: send a User-Agent and Accept header. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ll fixes - #18 New ResumeFilePath helper shared by ApplicationOrchestrator (writer) and TemplateEngine (upload reader) so the sanitized paths always match; closes the unsanitized/traversal read path and the silent upload-skip on a name mismatch. - #16/#17 HardwareProfiler: dispose the WMI ManagementObject collection + each object, and the GPU-probe Process handles. - #27 MainWindow.NavigateTo: drop rapid nav clicks during the fade to stop overlapping animations leaving a half-faded view. - #26 ApplyView: friendly "select a profile first" message when none is chosen. - #21 DomScorer: weight fields are static readonly (were mutable public static). - #35 install.ps1: derive version from Directory.Build.props (was hardcoded). - #36 FileLogger.Log: guard the formatter/write path so logging never throws. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Singleton views held repositories that captured a root-scoped EnvoyDbContext for the app lifetime: the change tracker grew unbounded and a dashboard refresh overlapping an apply run could throw "a second operation was started on this context". Switch to AddDbContextFactory and have each repository, TailoringEngine, and DatabaseInitializer create a short-lived context per operation. The repos now hold only the (thread-safe) factory, so the captive-lifetime concern is gone with no change to view lifetimes. 135/135 tests pass, including container resolution. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes the 28 real bugs from the code-review triage (23 confirmed + 5 partial). The 9 findings that turned out to be false positives were verified and left alone. Every change built clean and the full suite (135 tests, including container resolution) is green. These are headed into the held v1.0.2; the build itself is still on hold.
High-severity
BuildHeader(name/email/phone) existed but was never attached to the page. Now rendered at the top.supportedGenerationMethods. Filters on that array now.EnvoyDbContextfor the app lifetime (unbounded change tracker, concurrent-access crash). Switched toAddDbContextFactorywith a short-lived context per repository operation.Also fixed
urlMatchtourl_match); signal: PERM Filing Cross-Check #1 CDP dispose sync-over-async deadlock; signal: Posting Age #3 serialize concurrent WebSocket sends; Redesign README into an inviting product page (+ accuracy fixes) #18 shared, sanitized resume-path helper so the writer and the upload reader always match; Fix 25 verified LOW code-review findings (for v1.0.2) #23 re-enable the launch button after a failure; README screenshots: real app captures replace the placeholders #26 friendly message when no profile is selected; Beta testers wanted (everyone gets credited) #27 nav re-entrancy guard.first_publishedfor the post date; #31 send a User-Agent/Accept header; signal: Scam Pattern #6 constrain the AddHttpClient reflection so it can't pick the wrong overload.Verified NOT bugs (skipped)
#2 (overlapping receive loops), #5 (unsafe cast), #12 (repo null NRE), #15 (cancel token to CloseAsync), #19 (Tesseract command injection: it uses
UseShellExecute=false, so no shell), #22 (startup DB init deadlock), #24 (MainWindow cast), #32 (location filter is intentional), #33 (duplicate ATS keys). Each was refuted with specific evidence.The 67 LOW findings are not in this PR; they get a separate lighter pass.
🤖 Generated with Claude Code