Add Vercel React best practices skill with 45 optimization rules#225
Open
cseagraves wants to merge 154 commits intovercel-labs:mainfrom
Open
Add Vercel React best practices skill with 45 optimization rules#225cseagraves wants to merge 154 commits intovercel-labs:mainfrom
cseagraves wants to merge 154 commits intovercel-labs:mainfrom
Conversation
This commit adds extensive Claude Code setup including commands, skills, reference documentation, and project-specific instructions to enhance AI-assisted development capabilities. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Expand GitHub OAuth affiliation to include collaborator and organization_member repos - Hide GitHub stars button and Deploy Your Own button from UI - Hide mobile footer with template branding Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Hide buttons in repo-layout.tsx - Hide buttons in repo-page-client.tsx - Hide buttons in task-page-client.tsx (2 instances) - Hide buttons in tasks-list-client.tsx - Hide buttons in task-page-header.tsx All template branding now hidden site-wide while preserving code. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Analyzed GitHub authentication and identified root causes for two issues: 1. Private repositories not visible after OAuth login 2. Push operations failing with permission errors Root causes identified: - Organization OAuth app approval required - SAML SSO authorization needed - Repository-level write permissions - OAuth scope verification during authorization Created comprehensive documentation: - GITHUB_AUTH_TROUBLESHOOTING.md: Complete diagnosis and solutions - github-oauth-docs-2026.md: Latest GitHub OAuth documentation (2026) Key findings: - Codebase implementation is correct (no bugs found) - Issues are GitHub configuration and permission-related - OAuth scope 'repo' is correctly requested - User must approve app for organizations and authorize SSO Solutions provided for: - End users (reconnect GitHub, approve org access, authorize SSO) - Application administrators (permission validation, better error messages) - Optional code improvements for better UX Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changed tagline from "Multi-agent AI coding platform powered by Vercel Sandbox and AI Gateway" to "Multi-agent AI coding platform powered by Agentic Assets" with link to https://www.agenticassets.ai Modified file: - components/task-form.tsx (lines 393-403) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added helpful text to explain how to add authentication headers (like Authorization with Bearer tokens) using environment variables in the MCP server configuration dialog.
- Created OrbisIcon component from SVG logo - Added Orbis to PRESETS array with remote type - Configured Authorization environment variable requirement - Added icon detection for Orbis in all relevant UI sections - Users can now easily add Orbis MCP with their Bearer token
- Updated page title in app/layout.tsx - Updated main heading in task form
Displays the Agentic Assets SVG logo above the "AI Coding Agent" heading with responsive sizing (240px mobile, 320px tablet, 400px desktop) and priority loading for optimal performance. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: admin <admin@agenticassets.ai>
- Add AI Gateway authentication method to Claude agent documentation - Document alternative models available via AI Gateway (GLM-4.7, Gemini 3, GPT-5) - Update API key sections to explain dual authentication support - Add model selection logic and priority documentation - Update AI_MODELS_AND_KEYS.md with comprehensive Claude section Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…n-72cb Agent run limits admin
…-gateway 2026 1 15 cns claude code ai gateway
- Add dark:invert to logo for automatic color inversion in dark mode - Reduce logo size by 20%: 192px mobile, 256px tablet, 320px desktop - Update Next.js Image dimensions to match (320x37) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Remove standalone logo above heading - Place logo inline after "powered by" text - Replace "Agentic Assets" text with logo image - Logo sized at 18px height to match text-lg font size (158px width for 8.79:1 aspect ratio) - Maintain dark:invert for theme toggle - Logo is now a clickable hyperlink to https://www.agenticassets.ai Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…uCooYvpq3t There's there's an issue with the API keys window that pops up when i clik the user icon inthe top right corner and then click the API keys button. when i click it, i see htis ""API Keys Configure your own API keys. System defaults will be used if not pro
2026 1 20 fix GitHub issues
This commit merges approved optimizations from: - cursor/AGENTIC-18-request-waterfalls-agent-c76b - cursor/AGENTIC-19-editor-re-render-optimization-537c Changes include: **API Route Optimizations (Branch 18):** - Use Promise.all for parallel fetching of user data in tasks/route.ts - Use Promise.all for parallel fetching in continue/route.ts - Extract getMcpServersForUser helper for cleaner code **Page-Level Optimizations (Branch 18):** - Parallel fetch session and GitHub stars in app/page.tsx - Parallel fetch in app/[owner]/[repo]/page.tsx - Parallel fetch in app/new/[owner]/[repo]/page.tsx - Parallel fetch in app/tasks/page.tsx - Parallel fetch in app/repos/[owner]/[repo]/layout.tsx **React Component Optimizations (Branch 19):** - Wrap FileDiffViewer with memo() for render optimization - Hoist constants (DIFF_VIEW_MODE, IMAGE_MIME_TYPES) outside component - Add memoized derived state (isFilesMode, isChangesMode, diffViewTheme) - Memoize editor options, language, and theme in FileEditor - Use static strings in console.error calls per security guidelines Rejected patterns (per code review): - NDJSON streaming (adds complexity without real benefit) - startTransition (minimal benefit for sync state updates) - Nested callback ref patterns (creates stale closure risk)
- Create docs/MCP_GUIDE.md (199 lines) with getting started guide - Cover: authentication setup, tool overview, prompting tips, common workflows - Include configuration for Claude Desktop, Cursor, and Windsurf - Add best practices and troubleshooting sections - Update README.md to cross-reference both MCP docs
…zations ## Security Hardening (8 Critical Fixes) - Remove dynamic values from all log statements per CLAUDE.md security policy - Fix logging in: migrate-production.ts, user.ts, claude.ts, github callback - All console.log/error now use static strings only ## Database Performance - Add migration 0025_add_rate_limit_indexes.sql with 4 new indexes: - idx_tasks_user_id_created_at (rate limit task counting) - idx_tasks_user_id_deleted_at (soft delete filtering) - idx_task_messages_task_id (join performance) - idx_task_messages_created_at (date filtering) ## React/Next.js Performance - Add optimizePackageImports for lucide-react (bundle size reduction) - Dynamic import Monaco editor (~2.5MB bundle reduction) - Promise.all() for parallel data fetching in task creation (~30-50% latency reduction) ## Documentation - Update CLAUDE.md with Recent Improvements section - Update AGENTS.md with security enforcement emphasis https://claude.ai/code/session_01FzPwR717TdRQmN6pAhCjB5
…nt-bFgxr Comprehensive code review: security, performance, and database optimi…
…7okD Add user-friendly MCP guide documentation
…-render-optimization-537c Editor re-render optimization
Conflicts resolved in 3 files: - app/api/tasks/route.ts: Keep Promise.all() with getMcpServersForUser helper for parallel data fetching (better performance and DRY principles) - components/file-diff-viewer.tsx: Use React 19 startTransition for state updates, cachedDiffData memoization for proper deps, static logging - components/file-editor.tsx: Add startTransition import, remove duplicate editorLanguage/editorTheme/editorOptions declarations Merged features from main: - MCP guide documentation - Rate limit indexes migration - Code review improvements - Editor re-render optimizations https://claude.ai/code/session_01LAxLpTMGTZrU4sqvwxRkK3
…cts-Mb97M Claude/resolve merge conflicts mb97 m
- Add absolute maximum timeout (maxDuration + 15 min hard cap) - Limit heartbeat extensions to 3 per task - Add 10MB output size limit for Claude agent - Explicit sandbox.stop() call for cost control - Auto-cleanup keepAlive sandboxes after 30min idle - Database migration for heartbeat extension tracking - Enhanced warning logs for approaching limits Addresses: infinite loop prevention, token exhaustion, zombie sandbox cleanup, and cost attack mitigation. https://claude.ai/code/session_01ENgSpXnDaFaK5wrZ2rycgt
…ce bundle size Performance optimizations: - Parallelize 3 independent user data fetches in start-sandbox route (~1200ms savings) - Parallelize 5 sequential pkill commands in sandbox shutdown (~1000ms savings) - Parallelize file existence checks and git config in sandbox creation (~600ms savings) - Parallelize GitHub stars fetch with session in task page (~300ms savings) - Run port detection in parallel with branch name polling in process-task (~400ms savings) - Parallelize Claude CLI version/help diagnostic checks (~200ms) - Parallelize sequential logger status/progress updates Bundle size optimizations: - Convert 10 client component value imports to `import type` for db/schema types, preventing potential leakage of drizzle-orm/pg-core into client bundle - Dynamically import 5 heavy components in task-details.tsx (FileBrowser 1879 lines, TaskChat 1258 lines, FileDiffViewer 410 lines + @git-diff-view, CreatePRDialog, MergePRDialog) to reduce initial JS bundle - Replace unused @radix-ui/react-icons with sonner and jotai in optimizePackageImports https://claude.ai/code/session_01UHwJudy8YT9Ad258tFTkcv
CRITICAL - Waterfalls & Bundle: - Parallelize 8 additional API route async operations (Promise.all) - Defer Vercel Analytics/SpeedInsights after hydration (dynamic import) HIGH - Server-Side Performance: - Add React.cache() to 4 data fetching modules (user-token, client, user-keys, settings) - Move sandbox cleanup and OAuth revocation to after() for non-blocking responses - Add LRU cache for GitHub token validation (5min TTL, 100 entries) MEDIUM-HIGH - Client-Side Data Fetching: - Add passive flag to scroll event listeners (logs-pane, task-chat) - Version localStorage keys with app:v1: prefix for migration support - Centralize window resize listener into useWindowResize hook (5 components) MEDIUM - Re-render Optimization: - Remove useMemo for trivial ternary expression (file-editor theme) - Fix useEffect dependency on repos array (task-form) - Consolidate 4 duplicate effects into 1 (task-chat) - Add startTransition for non-urgent auto-refresh updates - Replace JSON.stringify dependency with ref-based array comparison MEDIUM - Rendering Performance: - Add content-visibility: auto for logs, task list, and file tree - Wrap animated SVG icons in div wrappers (sub-agent-indicator) LOW-MEDIUM - JavaScript Performance: - Hoist 9 regex patterns to module level in logging utility LOW - Advanced Patterns: - Create useLatest hook for stable callback refs - Stabilize keyboard and resize event handlers with useLatest https://claude.ai/code/session_01UHwJudy8YT9Ad258tFTkcv
…-review-03b2 Deployment readiness review
…estration-9hnBH Claude/optimize nextjs orchestration 9hn bh
- Add 14 @radix-ui packages to optimizePackageImports (bundle-barrel-imports) - Defer Analytics/SpeedInsights via next/dynamic (bundle-defer-third-party) - Wrap getGitHubStars in React.cache() for per-request dedup (server-cache-react) - Hoist 4 default state objects to module constants in task-details (rerender-memo-with-default-value) - Add { passive: true } to resize event listener (client-passive-event-listeners) - Cache connectors filter with useMemo in task-form (js-combine-iterations) https://claude.ai/code/session_015fSVBtppffeJSuTcWD3U3Z
HIGH priority: - Install SWR and create shared fetcher utility (client-swr-dedup) - Refactor useTask hook to SWR with smart polling (stops on terminal status) - Create shared useCheckRuns hook eliminating duplicate check-runs requests - Create useTaskMessages hook with SWR (auto-pause when tab hidden) - Refactor session-provider to SWR (eliminates manual interval + focus listener) - Refactor pr-check-status to shared useCheckRuns hook - Refactor task-chat check-runs and message polling to SWR hooks - Parallelize org-check in GitHub repos route (async-parallel) - Wrap getMaxSandboxDuration in React.cache() (server-cache-react) MEDIUM priority: - Replace 7 manual loading states with useTransition in file-browser (rendering-usetransition-loading) - Replace 3 manual loading states with useTransition in task-sidebar - Convert Set dependency to primitive string in file-browser (rerender-dependencies) https://claude.ai/code/session_015fSVBtppffeJSuTcWD3U3Z
Contributor
|
@claude is attempting to deploy a commit to the Vercel Labs Team on Vercel. A member of the Team first needs to authorize it. |
There was a problem hiding this comment.
Pull request overview
This PR introduces a new “Vercel React best practices” skill (with multiple rule files) and expands the repo’s Claude Code documentation/command ecosystem with additional guides, commands, and agent definitions.
Changes:
- Added a Vercel-oriented React/Next.js performance optimization skill with multiple rule documents.
- Added numerous Claude Code slash commands and agent definitions to standardize workflows (review, deploy, Supabase, etc.).
- Added multiple documentation guides/audit outputs to improve project context and onboarding.
Reviewed changes
Copilot reviewed 109 out of 851 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| .claude/documents/guides-dec-2025/claude_code_context_engineering_concise_field_guide_dec_2025.md | Adds a concise field guide for context engineering patterns and file taxonomy. |
| .claude/commands/update-claude-md.md | Adds a workflow command doc for keeping CLAUDE.md files updated. |
| .claude/commands/supabase/writing-supabase-edge-functions.md | Adds Supabase Edge Function authoring guidance and templates. |
| .claude/commands/supabase/setup-supabase-auth.md | Adds a step-by-step Supabase Auth setup command guide for Next.js. |
| .claude/commands/supabase/postgres-sql-style-guide.md | Adds a PostgreSQL style guide for consistent SQL authoring. |
| .claude/commands/supabase/create-rls-policies.md | Adds an RLS policy-generation command doc with rules and examples. |
| .claude/commands/supabase/create-migration.md | Adds a migration creation guide with naming and SQL guidelines. |
| .claude/commands/supabase/create-db-functions.md | Adds a guide for authoring PostgreSQL functions with Supabase best practices. |
| .claude/commands/search-papers.md | Adds a command doc for paper search + citation integration. |
| .claude/commands/review/type-check.md | Adds a “type-check” workflow doc for TypeScript issue remediation. |
| .claude/commands/review/fix-vercel-build.md | Adds a workflow doc for diagnosing/fixing Vercel build failures. |
| .claude/commands/review/fix-react-hooks.md | Adds a workflow doc for React hooks dependency/loop issues. |
| .claude/commands/review/fix-citations.md | Adds a workflow doc for fixing citation feature issues. |
| .claude/commands/review/code_review_command.md | Adds an “expert code review” command template with focus areas and formatting. |
| .claude/commands/review-auth-middleware.md | Adds a command doc for auditing auth/middleware/Supabase client usage. |
| .claude/commands/review-app-icons.md | Adds a command doc for auditing/fixing PWA/app icon branding. |
| .claude/commands/pre-deploy.md | Adds a pre-deploy checklist command doc. |
| .claude/commands/performance_optimizer.md | Adds a performance analysis/optimization command doc with checklists and tools. |
| .claude/commands/git-push.md | Adds a “git push” workflow doc with commit message guidance. |
| .claude/commands/fullstack-architect.md | Adds a role prompt for architecture planning in this repo’s stack. |
| .claude/commands/create/create-feature.md | Adds a feature implementation workflow prompt with phases. |
| .claude/commands/codebase_context_proj.md | Adds a codebase context loader command with architecture references. |
| .claude/commands/begin.md | Adds a “Begin Session” command to inject orchestration guidance. |
| .claude/commands/ai/ai_tool_builder.md | Adds a tool development workflow doc for AI tool creation/integration. |
| .claude/commands/ai/ai_expert_context.md | Adds an “AI engineering expert mode” context prompt. |
| .claude/audit-app-documentation.md | Adds an audit report for app/ documentation coverage and validation. |
| .claude/ai-tools-expert.md | Adds an AI tools expert agent definition. |
| .claude/agents/ui-engineer.md | Adds a UI engineer agent definition. |
| .claude/agents/tailwind-expert.md | Adds a Tailwind specialist agent definition with repo constraints. |
| .claude/agents/supabase-expert.md | Adds a Supabase/Postgres/Drizzle specialist agent definition. |
| .claude/agents/senior-code-reviewer.md | Adds a senior code reviewer agent definition. |
| .claude/agents/security-expert.md | Adds a security specialist agent definition. |
| .claude/agents/research-search-expert.md | Adds a research/citation agent definition with source requirements. |
| .claude/agents/react-expert.md | Adds a React specialist agent definition with repo invariants. |
| .claude/agents/nextjs-16/nextjs-16-expert.md | Adds a Next.js 16 specialist agent definition. |
| .claude/agents/nextjs-16/nextjs-16-cache-expert.md | Adds a Next.js 16 caching specialist agent definition. |
| .claude/agents/docs-maintainer.md | Adds a docs maintainer agent definition with standards and process. |
| .claude/agents/api-route-architect.md | Adds an API route architect agent definition with security constraints. |
| .claude/agents/agent-expert.md | Adds an agent design specialist definition. |
| .claude/agent-rewrite-summary.md | Adds a summary doc describing agent rewrites and removed contamination. |
| .claude/QUICK_START_WEB.md | Adds quick-start documentation for Claude Code web environment setup. |
| .claude/ENV_SETUP_WEB.md | Adds environment variable setup documentation for Claude Code web. |
| .claude/DOCUMENTATION_CROSS_REFERENCES.md | Adds documentation cross-reference validation results. |
| .claude/AUDIT_SUMMARY.md | Adds an executive summary for the app/ documentation audit. |
| .agent/skills/web-design-guidelines/SKILL.md | Adds a skill definition for Web Interface Guidelines compliance reviews. |
| .agent/skills/vercel-react-best-practices/SKILL.md | Adds the top-level skill definition and index for Vercel React best practices. |
| .agent/skills/vercel-react-best-practices/rules/server-serialization.md | Adds a rule doc about minimizing RSC boundary serialization. |
| .agent/skills/vercel-react-best-practices/rules/server-parallel-fetching.md | Adds a rule doc about parallelizing RSC fetches via composition. |
| .agent/skills/vercel-react-best-practices/rules/server-cache-react.md | Adds a rule doc about per-request deduplication with React.cache(). |
| .agent/skills/vercel-react-best-practices/rules/server-cache-lru.md | Adds a rule doc about cross-request LRU caching. |
| .agent/skills/vercel-react-best-practices/rules/server-after-nonblocking.md | Adds a rule doc about using Next.js after() for non-blocking work. |
| .agent/skills/vercel-react-best-practices/rules/client-swr-dedup.md | Adds a rule doc about SWR request deduplication. |
| .agent/skills/vercel-react-best-practices/rules/client-event-listeners.md | Adds a rule doc about deduplicating global event listeners. |
| .agent/skills/vercel-react-best-practices/rules/rerender-transitions.md | Adds a rule doc about startTransition for non-urgent updates. |
| .agent/skills/vercel-react-best-practices/rules/rerender-memo.md | Adds a rule doc about extracting work into memoized components. |
| .agent/skills/vercel-react-best-practices/rules/rerender-lazy-state-init.md | Adds a rule doc about lazy state initialization for expensive initial values. |
| .agent/skills/vercel-react-best-practices/rules/rerender-functional-setstate.md | Adds a rule doc about functional setState to avoid stale closures. |
| .agent/skills/vercel-react-best-practices/rules/rerender-derived-state.md | Adds a rule doc about subscribing to derived booleans rather than continuous values. |
| .agent/skills/vercel-react-best-practices/rules/rerender-dependencies.md | Adds a rule doc about narrowing effect dependencies. |
| .agent/skills/vercel-react-best-practices/rules/rerender-defer-reads.md | Adds a rule doc about deferring state reads to the usage point. |
| .agent/skills/vercel-react-best-practices/rules/rendering-svg-precision.md | Adds a rule doc about reducing SVG coordinate precision. |
| .agent/skills/vercel-react-best-practices/rules/rendering-hydration-no-flicker.md | Adds a rule doc about avoiding hydration mismatch/flicker for client-only data. |
| .agent/skills/vercel-react-best-practices/rules/rendering-hoist-jsx.md | Adds a rule doc about hoisting static JSX. |
| .agent/skills/vercel-react-best-practices/rules/rendering-content-visibility.md | Adds a rule doc about using content-visibility for long lists. |
| .agent/skills/vercel-react-best-practices/rules/rendering-conditional-render.md | Adds a rule doc about ternary vs && for numeric/falsy conditions. |
| .agent/skills/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md | Adds a rule doc about animating an SVG wrapper for better acceleration. |
| .agent/skills/vercel-react-best-practices/rules/rendering-activity.md | Adds a rule doc about using an Activity component to preserve state/DOM. |
| .agent/skills/vercel-react-best-practices/rules/js-tosorted-immutable.md | Adds a rule doc about using toSorted() for immutability. |
| .agent/skills/vercel-react-best-practices/rules/js-set-map-lookups.md | Adds a rule doc about Set/Map for O(1) lookups. |
| .agent/skills/vercel-react-best-practices/rules/js-min-max-loop.md | Adds a rule doc about using a loop for min/max vs sorting. |
| .agent/skills/vercel-react-best-practices/rules/js-length-check-first.md | Adds a rule doc about early length checks before expensive array comparisons. |
| .agent/skills/vercel-react-best-practices/rules/js-index-maps.md | Adds a rule doc about building index maps for repeated lookups. |
| .agent/skills/vercel-react-best-practices/rules/js-hoist-regexp.md | Adds a rule doc about hoisting/memoizing RegExp creation. |
| .agent/skills/vercel-react-best-practices/rules/js-early-exit.md | Adds a rule doc about early returns to skip unnecessary processing. |
| .agent/skills/vercel-react-best-practices/rules/js-combine-iterations.md | Adds a rule doc about combining multiple iterations into one loop. |
| .agent/skills/vercel-react-best-practices/rules/js-cache-storage.md | Adds a rule doc about caching Storage API reads. |
| .agent/skills/vercel-react-best-practices/rules/js-cache-property-access.md | Adds a rule doc about caching property accesses in hot loops. |
| .agent/skills/vercel-react-best-practices/rules/js-cache-function-results.md | Adds a rule doc about caching repeated function computations. |
| .agent/skills/vercel-react-best-practices/rules/js-batch-dom-css.md | Adds a rule doc about batching DOM style updates. |
| .agent/skills/vercel-react-best-practices/rules/bundle-preload.md | Adds a rule doc about intent-based preloading. |
| .agent/skills/vercel-react-best-practices/rules/bundle-dynamic-imports.md | Adds a rule doc about next/dynamic for large components. |
| .agent/skills/vercel-react-best-practices/rules/bundle-defer-third-party.md | Adds a rule doc about deferring third-party libs until after hydration. |
| .agent/skills/vercel-react-best-practices/rules/bundle-conditional.md | Adds a rule doc about conditional module/data loading. |
| .agent/skills/vercel-react-best-practices/rules/bundle-barrel-imports.md | Adds a rule doc about avoiding barrel imports/using optimizePackageImports. |
| .agent/skills/vercel-react-best-practices/rules/async-suspense-boundaries.md | Adds a rule doc about strategic Suspense boundaries for streaming. |
| .agent/skills/vercel-react-best-practices/rules/async-parallel.md | Adds a rule doc about Promise.all for parallelizing independent async work. |
| .agent/skills/vercel-react-best-practices/rules/async-dependencies.md | Adds a rule doc about dependency-based parallelization with better-all. |
| .agent/skills/vercel-react-best-practices/rules/async-defer-await.md | Adds a rule doc about deferring awaits until needed. |
| .agent/skills/vercel-react-best-practices/rules/async-api-routes.md | Adds a rule doc about avoiding waterfalls in API routes/server actions. |
| .agent/skills/vercel-react-best-practices/rules/advanced-use-latest.md | Adds a rule doc about a useLatest ref pattern for stable callbacks. |
| .agent/skills/vercel-react-best-practices/rules/advanced-event-handler-refs.md | Adds a rule doc about storing event handlers in refs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| 1. Try to use Web APIs and Deno’s core APIs instead of external dependencies (eg: use fetch instead of Axios, use WebSockets API instead of node-ws) | ||
| 2. If you are reusing utility methods between Edge Functions, add them to `supabase/functions/_shared` and import using a relative path. Do NOT have cross dependencies between Edge Functions. | ||
| 3. Do NOT use bare specifiers when importing dependecnies. If you need to use an external dependency, make sure it's prefixed with either `npm:` or `jsr:`. For example, `@supabase/supabase-js` should be written as `npm:@supabase/supabase-js`. |
There was a problem hiding this comment.
Typo: 'dependecnies' should be 'dependencies'.
Suggested change
| 3. Do NOT use bare specifiers when importing dependecnies. If you need to use an external dependency, make sure it's prefixed with either `npm:` or `jsr:`. For example, `@supabase/supabase-js` should be written as `npm:@supabase/supabase-js`. | |
| 3. Do NOT use bare specifiers when importing dependencies. If you need to use an external dependency, make sure it's prefixed with either `npm:` or `jsr:`. For example, `@supabase/supabase-js` should be written as `npm:@supabase/supabase-js`. |
Comment on lines
+17
to
+18
| 5. For external dependencies, importing via `npm:` and `jsr:` is preferred. Minimize the use of imports from @`deno.land/x` , `esm.sh` and @`unpkg.com` . If you have a package from one of those CDNs, you can replace the CDN hostname with `npm:` specifier. | ||
| 6. You can also use Node built-in APIs. You will need to import them using `node:` specifier. For example, to import Node process: `import process from "node:process". Use Node APIs when you find gaps in Deno APIs. |
There was a problem hiding this comment.
There are a couple of formatting/accuracy issues here: (1) the stray @ before deno.land/x and unpkg.com is confusing, and (2) the Node import process... example is missing a closing backtick and quote, which makes the example invalid. Clean up the inline code formatting so readers can copy/paste the import.
Suggested change
| 5. For external dependencies, importing via `npm:` and `jsr:` is preferred. Minimize the use of imports from @`deno.land/x` , `esm.sh` and @`unpkg.com` . If you have a package from one of those CDNs, you can replace the CDN hostname with `npm:` specifier. | |
| 6. You can also use Node built-in APIs. You will need to import them using `node:` specifier. For example, to import Node process: `import process from "node:process". Use Node APIs when you find gaps in Deno APIs. | |
| 5. For external dependencies, importing via `npm:` and `jsr:` is preferred. Minimize the use of imports from `deno.land/x`, `esm.sh` and `unpkg.com`. If you have a package from one of those CDNs, you can replace the CDN hostname with `npm:` specifier. | |
| 6. You can also use Node built-in APIs. You will need to import them using `node:` specifier. For example, to import Node process: `import process from "node:process"`. Use Node APIs when you find gaps in Deno APIs. |
| ```bash | ||
| # Test auth pages load without errors | ||
| curl -I http://localhost:3000/auth/login | ||
| curl -I http://localhost:3000/auth/signup |
There was a problem hiding this comment.
The verification curl uses /auth/signup, but earlier the generated route is consistently documented as /auth/sign-up (with a hyphen). This will cause the verification step to fail for readers following the rest of the guide. Update the curl example to the correct route.
Suggested change
| curl -I http://localhost:3000/auth/signup | |
| curl -I http://localhost:3000/auth/sign-up |
|
|
||
| Given the context of the user's message, create a database migration file inside the folder `supabase/migrations/`. | ||
|
|
||
| The file MUST following this naming convention: |
There was a problem hiding this comment.
Grammar: 'MUST following' should be 'MUST follow'.
Suggested change
| The file MUST following this naming convention: | |
| The file MUST follow this naming convention: |
| The output should look like this: | ||
|
|
||
| ```sql | ||
| CREATE POLICY "My descriptive policy." ON books FOR INSERT to authenticated USING ( (select auth.uid()) = author_id ) WITH ( true ); |
There was a problem hiding this comment.
This example SQL is not valid Postgres RLS syntax and also contradicts the rules stated above in the same document: INSERT policies should use WITH CHECK (not WITH) and should not include USING. Update the sample to valid Postgres syntax and make it consistent with the earlier policy rules.
Suggested change
| CREATE POLICY "My descriptive policy." ON books FOR INSERT to authenticated USING ( (select auth.uid()) = author_id ) WITH ( true ); | |
| CREATE POLICY "My descriptive policy." ON books | |
| FOR INSERT TO authenticated | |
| WITH CHECK ( auth.uid() = author_id ); |
|
|
||
| ## What it does | ||
| 1. **TypeScript Compilation**: Run `tsc --noEmit` to catch type errors | ||
| 2. **Linting**: Execute ESLint and Biome with auto-fixes |
There was a problem hiding this comment.
This conflicts with other added docs that state the repo uses Biome (and not ESLint). If ESLint is not actually part of the toolchain, this instruction will mislead and waste time. Align the pre-deploy doc with the repo’s real lint/format tooling (e.g., Biome-only), or explicitly document when both are expected.
| @@ -0,0 +1,102 @@ | |||
| --- | |||
| name: ai-tools-expert | |||
| description: Use when implementing or modifying Orbis chat tools (AI SDK 6 tool() + factory pattern), tool registration in app/(chat)/api/chat/route.ts, dataStream UI events, or tool display components. Focuses on tool logic, external APIs (FRED/Perplexity), and unified UI display components. Not for route-level pipeline fixes (use ai-sdk-6-migration). | |||
There was a problem hiding this comment.
This agent description references 'AI SDK 6' and an 'ai-sdk-6-migration', while multiple other docs added in this PR reference AI SDK 5 patterns. This mismatch will cause incorrect guidance when the agent is invoked. Update the agent to match the actual AI SDK major version and migration workflow used in this repo, or clearly mark it as version-specific/experimental.
Suggested change
| description: Use when implementing or modifying Orbis chat tools (AI SDK 6 tool() + factory pattern), tool registration in app/(chat)/api/chat/route.ts, dataStream UI events, or tool display components. Focuses on tool logic, external APIs (FRED/Perplexity), and unified UI display components. Not for route-level pipeline fixes (use ai-sdk-6-migration). | |
| description: Use when implementing or modifying Orbis chat tools (AI SDK 5 tool() + factory pattern), tool registration in app/(chat)/api/chat/route.ts, dataStream UI events, or tool display components. Focuses on tool logic, external APIs (FRED/Perplexity), and unified UI display components. Not for route-level pipeline fixes (use ai-sdk-5-migration). |
Comment on lines
+15
to
+23
| import { Activity } from 'react' | ||
|
|
||
| function Dropdown({ isOpen }: Props) { | ||
| return ( | ||
| <Activity mode={isOpen ? 'visible' : 'hidden'}> | ||
| <ExpensiveMenu /> | ||
| </Activity> | ||
| ) | ||
| } |
There was a problem hiding this comment.
The example uses Activity from react, which is not a commonly available/stable React API and may not exist in many React/Next.js setups, making the rule’s example fail to compile for consumers. Consider replacing this with a broadly supported pattern (e.g., keep the component mounted and toggle hidden/CSS visibility, or explicitly label it as React experimental and provide an alternative).
Comment on lines
+38
to
+41
| import { useImmutableSWR } from '@/lib/swr' | ||
|
|
||
| function StaticContent() { | ||
| const { data } = useImmutableSWR('/api/config', fetcher) |
There was a problem hiding this comment.
This skill rule is positioned as generally applicable guidance, but it references a project-local helper (@/lib/swr) that likely won’t exist in other repos. Prefer documenting canonical SWR usage (e.g., useSWRImmutable from swr/immutable, or useSWR with immutable config) so the rule is portable and unambiguous.
Suggested change
| import { useImmutableSWR } from '@/lib/swr' | |
| function StaticContent() { | |
| const { data } = useImmutableSWR('/api/config', fetcher) | |
| import useSWRImmutable from 'swr/immutable' | |
| function StaticContent() { | |
| const { data } = useSWRImmutable('/api/config', fetcher) |
Comment on lines
+47
to
+48
|
|
||
| logUserAction({ sessionCookie, userAgent }) |
There was a problem hiding this comment.
Inside the after(async () => { ... }) callback, logUserAction(...) is called without await/return/void. If it returns a promise, this can create an unhandled rejection and makes failure handling unclear. Either await logUserAction(...) (and handle errors) or explicitly void logUserAction(...).catch(...) to make the intention clear.
Suggested change
| logUserAction({ sessionCookie, userAgent }) | |
| try { | |
| await logUserAction({ sessionCookie, userAgent }) | |
| } catch (error) { | |
| console.error('Failed to log user action', error) | |
| } |
![vercel[bot]](https://avatars.githubusercontent.com/in/8329?s=60&v=4){kind=small}
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 25e362651a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
+29
to
+33
| const decryptedKeys = userKeys | ||
| .map((key) => { | ||
| const decryptedValue = decrypt(key.value) | ||
| if (decryptedValue === null) return null | ||
| return { ...key, value: decryptedValue } |
There was a problem hiding this comment.
AGENTS.md (repo root) explicitly says “Never expose these … to the client: … Any user‑provided API keys.” This handler now decrypts stored keys and returns the plaintext value in the JSON response, which pushes secrets into the browser (and makes them accessible to XSS, extensions, or leaked sessions). Consider returning only metadata (provider/createdAt) or a masked indicator, and only showing full keys at creation time.
Useful? React with 👍 / 👎.
Comment on lines
+134
to
+136
| const logEntry = createSubAgentLog( | ||
| `Sub-agent started: ${name}${description ? ` - ${description}` : ''}`, | ||
| name, |
There was a problem hiding this comment.
AGENTS.md (repo root) requires “All log statements MUST use static strings only.” This log entry embeds ${name} and ${description} directly into user-facing task logs, which can include repo names, file paths, or other sensitive context. Use a static message (e.g., “Sub-agent started”) and store the dynamic details in non-log fields if needed.
Useful? React with 👍 / 👎.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds a comprehensive React and Next.js performance optimization skill to the agent system. The skill contains 45 rules across 8 categories, organized by impact level and designed to guide automated code refactoring and generation.
Key Changes
Added SKILL.md: Main skill definition with overview of all 45 rules organized into 8 priority categories:
Added 45 individual rule files in
rules/directory, each containing:Added AGENTS.md: Compiled full guide with all rules expanded for comprehensive reference
Notable Implementation Details
async-,bundle-,server-) for easy identification.toSorted(),Promise.all(), dynamic imports)Use Cases
This skill enables:
https://claude.ai/code/session_015fSVBtppffeJSuTcWD3U3Z