chore: upgrade to Storybook 10 and TypeScript 6#845
Merged
Conversation
Migrate web dashboard to Storybook 10.3.3 (from 8.6.18) and TypeScript 6.0 (from 5.9). Adopts native Storybook 10 APIs and fixes TS 6 deprecations while the codebase is still small (11 stories, skeleton stage). Storybook 10 migration: - Remove dead packages: addon-essentials, addon-interactions, @storybook/test (absorbed into core storybook in v9, removed in v10) - Add @storybook/addon-docs (separated from essentials in v9) - Migrate to defineMain/definePreview (native type-safe config APIs) - Update backgrounds API to options + initialGlobals pattern - Enable a11y.test: 'error' globally (WCAG enforcement on all stories) TypeScript 6 migration: - Remove deprecated baseUrl from tsconfig.json and tsconfig.app.json - Remove explicit esModuleInterop from tsconfig.node.json (always true) - Merge DOM.Iterable into DOM (consolidated in TS 6) - Upgrade target/lib to ES2025 (unlocks Set methods, Promise.try, etc.) Documentation: - Add post-training reference section to CLAUDE.md for TS 6 and SB 10 - Add Storybook tooling section to brand-and-ux.md design spec Closes #825 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (3)
WalkthroughThis pull request upgrades the web dashboard to Storybook v10.3.3 and TypeScript 6.0, updates Storybook config exports to 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
Contributor
There was a problem hiding this comment.
Code Review
This pull request upgrades the web dashboard's core development tools to TypeScript 6.0 and Storybook 10. Key changes include updating configuration files (tsconfig.json, main.ts, preview.tsx) to align with the new versions' APIs and deprecations, such as removing baseUrl and esModuleInterop, and adopting defineMain and definePreview. Documentation in CLAUDE.md and design guides has also been updated to reflect these toolchain changes and new accessibility enforcement rules. I have no feedback to provide.
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Snapshot WarningsEnsure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice. OpenSSF ScorecardScorecard details
Scanned Files
|
Integer overflow in libexpat doContent buffer reallocation (CVSS 7.8). Fixed in libexpat 2.7.4, but Debian Trixie ships 2.7.1-2 with no patched package available yet. Risk accepted: sandbox containers are ephemeral, network-isolated via iptables, and run as non-root (UID 10001). The local-access attack vector is inherent to the sandbox's purpose (executing untrusted code). Added to both Trivy and Grype ignore lists with 90-day audit expiry. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/.grype.yaml:
- Line 10: Update the YAML metadata so the Audit field reflects the actual
execution date (not the future date currently shown) and add a separate
Review-by field with the future deadline "2026-06-24"; specifically edit the
existing "Audit" entry to the real audit date and add a new "Review-by:
2026-06-24" key alongside it in the .github/.grype.yaml file.
In @.github/.trivyignore.yaml:
- Around line 13-22: Scope the Trivy ignore rule by adding a purls entry that
targets libexpat1 on the exact Debian distro to avoid broad suppression: for the
CVE-2026-25210 block add a purls array containing the Debian package purl for
libexpat1 with the distro qualifier (e.g., distro=debian-12.0) so Trivy only
ignores that specific Debian package/version; keep the existing expired_at and
statement but ensure the purl references libexpat1 and the precise distro string
required by Trivy.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: b1f30de9-0a27-4032-90c3-2cd6ba615008
📒 Files selected for processing (2)
.github/.grype.yaml.github/.trivyignore.yaml
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
- GitHub Check: Build Sandbox
- GitHub Check: Build Backend
- GitHub Check: Dependency Review
- GitHub Check: Analyze (python)
🧰 Additional context used
🧠 Learnings (1)
📓 Common learnings
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Applies to web/package.json : Web dashboard uses Node.js 22+. Dependencies in web/package.json: React 19, react-router, shadcn/ui, Radix UI, Tailwind CSS 4, Zustand, tanstack/react-query, xyflow/react, Recharts, Framer Motion, cmdk, Axios, Lucide React, and dev tools (Storybook, Vitest, ESLint, etc.).
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T18:17:43.675Z
Learning: Applies to web/** : Web dashboard: Node.js 20+, dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, fast-check, ESLint, vue-tsc).
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-14T15:43:05.601Z
Learning: Applies to web/package.json : Web dashboard Node.js 20+; dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, ESLint, vue-tsc)
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Applies to web/src/**/*.{ts,tsx} : React 19 dashboard with react-router config and auth/setup guards. Uses Zustand stores for state (auth, WebSocket, domain shells). Uses tanstack/react-query for data fetching.
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Applies to web/src/components/**/*.{ts,tsx} : React components use shadcn/ui + Tailwind CSS 4. Component organization: ui/ (shadcn primitives + SynthOrg core), layout/ (app shell, sidebar, status bar), feature dirs added as pages built.
- Triage CVE-2025-69720 (ncurses infocmp -i stack overflow) in both Grype and Trivy configs -- 4 affected packages (libncursesw6, libtinfo6, ncurses-base, ncurses-bin). Verified locally: Grype exits 0 with updated config. - Fix Grype audit date format: use actual audit date (2026-03-26) with separate Review-by deadline (CodeRabbit feedback) - Add purls entry to Trivy CVE-2026-25210 ignore for precise distro scoping (pkg:deb/debian/libexpat1?distro=debian-13) - Add Grype table diagnostic step to all 3 Docker image jobs -- runs on failure only, shows CVE details in CI logs for future triage - Fix brand-and-ux.md decorator description: add missing p-4 class Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Pass steps.scan-ref.outputs.ref via IMAGE_REF env var instead of
inline ${{ }} template expansion in run blocks. Fixes zizmor
template-injection findings (low confidence, but clean is clean).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SHA 1af58845 is tagged v5.5.3, not v5. Fixes zizmor ref-version-mismatch finding. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/design/brand-and-ux.md`:
- Line 187: The phrasing implies initialGlobals directly keys to the CSS token
--so-bg-base; instead update the sentence to explain that
initialGlobals.backgrounds.value selects the background option (e.g., 'dark')
and that the actual token linkage comes from backgrounds.options.dark.value
which points to our --so-bg-base token—e.g., reword to: "Backgrounds: set via
the dark background option in initialGlobals (initialGlobals.backgrounds.value =
'dark'), which references our --so-bg-base token through
backgrounds.options.dark.value."
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 73068d44-435e-4b44-a385-44f0129b5a5f
📒 Files selected for processing (4)
.github/.grype.yaml.github/.trivyignore.yaml.github/workflows/docker.ymldocs/design/brand-and-ux.md
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
- GitHub Check: Build Backend
- GitHub Check: Build Web
- GitHub Check: Dependency Review
- GitHub Check: Analyze (python)
🧰 Additional context used
📓 Path-based instructions (2)
docs/**/*.md
📄 CodeRabbit inference engine (CLAUDE.md)
Docs built with Zensical (Markdown). Config: mkdocs.yml. Design spec: docs/design/ (10 pages). Architecture: docs/architecture/. Roadmap: docs/roadmap/. Generate OpenAPI reference: scripts/export_openapi.py.
Files:
docs/design/brand-and-ux.md
.github/workflows/*.yml
📄 CodeRabbit inference engine (CLAUDE.md)
.github/workflows/*.yml: CI path filtering with dorny/paths-filter -- jobs only run when domain affected. CLI has its own workflow (cli.yml).
Docker image tags: version from pyproject.toml (semver, SHA), plus dev tags (v0.4.7-dev.3, dev rolling) for dev channel.
Files:
.github/workflows/docker.yml
🧠 Learnings (16)
📓 Common learnings
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Dependabot: daily updates (uv, github-actions, npm, pre-commit, docker, gomod), grouped minor/patch, no auto-merge. Use `/review-dep-pr` before merging.
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/*.yml : Dependabot: daily updates for uv + github-actions + npm + pre-commit + docker + gomod, grouped minor/patch, no auto-merge. Use `/review-dep-pr` to review Dependabot PRs before merging.
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Applies to web/package.json : Web dashboard uses Node.js 22+. Dependencies in web/package.json: React 19, react-router, shadcn/ui, Radix UI, Tailwind CSS 4, Zustand, tanstack/react-query, xyflow/react, Recharts, Framer Motion, cmdk, Axios, Lucide React, and dev tools (Storybook, Vitest, ESLint, etc.).
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T18:17:43.675Z
Learning: Applies to web/** : Web dashboard: Node.js 20+, dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, fast-check, ESLint, vue-tsc).
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-14T15:43:05.601Z
Learning: Applies to web/package.json : Web dashboard Node.js 20+; dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, ESLint, vue-tsc)
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Applies to web/src/**/*.{ts,tsx} : React 19 dashboard with react-router config and auth/setup guards. Uses Zustand stores for state (auth, WebSocket, domain shells). Uses tanstack/react-query for data fetching.
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Applies to web/src/components/**/*.{ts,tsx} : React components use shadcn/ui + Tailwind CSS 4. Component organization: ui/ (shadcn primitives + SynthOrg core), layout/ (app shell, sidebar, status bar), feature dirs added as pages built.
📚 Learning: 2026-03-26T15:16:19.520Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Applies to docs/**/*.md : Docs built with Zensical (Markdown). Config: mkdocs.yml. Design spec: docs/design/ (10 pages). Architecture: docs/architecture/. Roadmap: docs/roadmap/. Generate OpenAPI reference: scripts/export_openapi.py.
Applied to files:
docs/design/brand-and-ux.md
📚 Learning: 2026-03-26T15:16:19.520Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Applies to web/src/components/**/*.{ts,tsx} : React components use shadcn/ui + Tailwind CSS 4. Component organization: ui/ (shadcn primitives + SynthOrg core), layout/ (app shell, sidebar, status bar), feature dirs added as pages built.
Applied to files:
docs/design/brand-and-ux.md
📚 Learning: 2026-03-26T15:16:19.520Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Applies to web/src/styles/**/*.css : React design tokens stored in web/src/styles/ as --so-* CSS custom properties (single source of truth) with Tailwind theme bridge.
Applied to files:
docs/design/brand-and-ux.md
📚 Learning: 2026-03-26T15:16:19.520Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Applies to web/package.json : Web dashboard uses Node.js 22+. Dependencies in web/package.json: React 19, react-router, shadcn/ui, Radix UI, Tailwind CSS 4, Zustand, tanstack/react-query, xyflow/react, Recharts, Framer Motion, cmdk, Axios, Lucide React, and dev tools (Storybook, Vitest, ESLint, etc.).
Applied to files:
docs/design/brand-and-ux.md
📚 Learning: 2026-03-15T18:17:43.675Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T18:17:43.675Z
Learning: Applies to web/** : Web dashboard: Node.js 20+, dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, fast-check, ESLint, vue-tsc).
Applied to files:
docs/design/brand-and-ux.md
📚 Learning: 2026-03-26T15:16:19.520Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Security scanning: zizmor (workflow analysis), OSSF Scorecard (weekly), Socket.dev (PR supply chain), ZAP DAST (weekly + manual, rules: .github/zap-rules.tsv).
Applied to files:
.github/.grype.yaml.github/workflows/docker.yml
📚 Learning: 2026-03-15T21:32:02.880Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/docker.yml : Docker workflow: builds backend + web + sandbox images, pushes to GHCR, signs with cosign. SLSA L3 provenance attestations via actions/attest-build-provenance. Scans: Trivy (CRITICAL = hard fail, HIGH = warn) + Grype (critical cutoff) + CIS Docker Benchmark v1.6.0 compliance (informational). CVE triage via .github/.trivyignore.yaml and .github/.grype.yaml. Images only pushed after scans pass. Triggers on push to main and version tags (v*).
Applied to files:
.github/workflows/docker.yml
📚 Learning: 2026-03-15T12:00:18.113Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T12:00:18.113Z
Learning: Applies to .github/workflows/docker.yml : CI Docker: build → scan → push to GHCR + cosign sign + SLSA L3 provenance via attest-build-provenance (images only pushed after Trivy/Grype scans pass).
Applied to files:
.github/workflows/docker.yml
📚 Learning: 2026-03-15T18:17:43.675Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T18:17:43.675Z
Learning: Applies to .github/workflows/**/*.yml : Path filtering: dorny/paths-filter detects Python/dashboard/docker changes; jobs only run when their domain is affected. CLI has its own workflow (cli.yml).
Applied to files:
.github/workflows/docker.yml
📚 Learning: 2026-03-15T21:32:02.880Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/*.yml : Dependabot: daily updates for uv + github-actions + npm + pre-commit + docker + gomod, grouped minor/patch, no auto-merge. Use `/review-dep-pr` to review Dependabot PRs before merging.
Applied to files:
.github/workflows/docker.yml
📚 Learning: 2026-03-26T15:16:19.520Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Applies to .github/workflows/*.yml : CI path filtering with dorny/paths-filter -- jobs only run when domain affected. CLI has its own workflow (cli.yml).
Applied to files:
.github/workflows/docker.yml
📚 Learning: 2026-03-26T15:16:19.520Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-26T15:16:19.520Z
Learning: Applies to .github/workflows/*.yml : Docker image tags: version from pyproject.toml (semver, SHA), plus dev tags (v0.4.7-dev.3, dev rolling) for dev channel.
Applied to files:
.github/workflows/docker.yml
📚 Learning: 2026-03-19T11:19:40.044Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-19T11:19:40.044Z
Learning: CLI workflow (`.github/workflows/cli.yml`) runs Go lint (golangci-lint + go vet) + test (race, coverage) + build (cross-compile matrix) + vulnerability check (govulncheck) + fuzz testing. Cross-compiles for linux/darwin/windows × amd64/arm64. GoReleaser release on v* tags with cosign keyless signing and SLSA L3 attestations.
Applied to files:
.github/workflows/docker.yml
📚 Learning: 2026-03-15T21:32:02.880Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/cli.yml : CLI workflow: Go lint (golangci-lint + go vet) + test (-race -coverprofile) + build (cross-compile: linux/darwin/windows × amd64/arm64) + govulncheck + fuzz testing (main-only, 30s/target, continue-on-error, matrix over 4 packages). cli-pass gate includes fuzz as informational. GoReleaser release on v* tags. Cosign keyless signing of checksums.txt. SLSA L3 provenance attestations. Sigstore bundle (.sigstore.json) attached. Post-release appends checksums/verification/provenance to draft release notes.
Applied to files:
.github/workflows/docker.yml
📚 Learning: 2026-03-19T07:12:14.508Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-19T07:12:14.508Z
Learning: Applies to docker/Dockerfile.sandbox : Docker sandbox: `synthorg-sandbox` — Python 3.14 + Node.js + git, non-root (UID 10001), agent code execution sandbox
Applied to files:
.github/workflows/docker.yml
🪛 GitHub Actions: Workflow Security
.github/workflows/docker.yml
[warning] 182-182: zizmor info[template-injection]: code injection via template expansion in run block; command grype "${{ steps.scan-ref.outputs.ref }}" may expand into attacker-controllable code.
[warning] 378-378: zizmor info[template-injection]: code injection via template expansion in run block; command grype "${{ steps.scan-ref.outputs.ref }}" may expand into attacker-controllable code.
[warning] 571-571: zizmor info[template-injection]: code injection via template expansion in run block; command grype "${{ steps.scan-ref.outputs.ref }}" may expand into attacker-controllable code.
🔇 Additional comments (5)
docs/design/brand-and-ux.md (1)
179-180: Accurate a11y enforcement note (LGTM).This matches the actual preview config and clearly documents fail-fast accessibility checks for stories.
.github/.trivyignore.yaml (1)
13-24: Scoped Trivy ignores look correct and well-contained.Good update: both exceptions are constrained with package purls + distro qualifiers and have clear expiry/risk rationale.
Also applies to: 25-38
.github/.grype.yaml (1)
10-12: Grype ignore entries are properly scoped and documented.Nice fix on audit traceability and package-level scoping for the new CVE exceptions.
Also applies to: 23-50
.github/workflows/docker.yml (2)
171-172: Good use of step IDs for conditional diagnostics.Adding explicit Grype step IDs makes failure-path diagnostics deterministic and easier to maintain.
Also applies to: 367-368, 560-561
179-184: This issue has already been resolved. All three flagged locations (lines 179–184, 378–380, and 574–579) properly move template interpolation to theenvblock and reference it as a shell variable in therunblock. No direct${{ }}interpolation remains insiderunblocks.> Likely an incorrect or invalid review comment.
Reword to explain that initialGlobals selects the background option
('dark'), which then references the --so-bg-base token value through
backgrounds.options.dark.value -- not directly via initialGlobals.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Aureliolo
added a commit
that referenced
this pull request
Mar 30, 2026
🤖 I have created a release *beep* *boop* --- #MAJOR CHANGES; We got a somewhat working webui :) ## [0.5.0](v0.4.9...v0.5.0) (2026-03-30) ### Features * add analytics trends and budget forecast API endpoints ([#798](#798)) ([16b61f5](16b61f5)) * add department policies to default templates ([#852](#852)) ([7a41548](7a41548)) * add remaining activity event types (task_started, tool_used, delegation, cost_incurred) ([#832](#832)) ([4252fac](4252fac)) * agent performance, activity, and history API endpoints ([#811](#811)) ([9b75c1d](9b75c1d)) * Agent Profiles and Detail pages (biography, career, performance) ([#874](#874)) ([62d7880](62d7880)) * app shell, Storybook, and CI/CD pipeline ([#819](#819)) ([d4dde90](d4dde90)) * Approvals page with risk grouping, urgency indicators, batch actions ([#889](#889)) ([4e9673d](4e9673d)) * Budget Panel page (P&L dashboard, breakdown charts, forecast) ([#890](#890)) ([b63b0f1](b63b0f1)) * build infrastructure layer (API client, auth, WebSocket) ([#815](#815)) ([9f01d3e](9f01d3e)) * CLI global options infrastructure, UI modes, exit codes, env vars ([#891](#891)) ([fef4fc5](fef4fc5)) * CodeMirror editor and theme preferences toggle ([#905](#905), [#807](#807)) ([#909](#909)) ([41fbedc](41fbedc)) * Company page (department/agent management) ([#888](#888)) ([cfb88b0](cfb88b0)) * comprehensive hint coverage across all CLI commands ([#900](#900)) ([937974e](937974e)) * config system extensions, per-command flags for init/start/stop/status/logs ([#895](#895)) ([32f83fe](32f83fe)) * configurable currency system replacing hardcoded USD ([#854](#854)) ([b372551](b372551)) * Dashboard page (metric cards, activity feed, budget burn) ([#861](#861)) ([7d519d5](7d519d5)) * department health, provider status, and activity feed endpoints ([#818](#818)) ([6d5f196](6d5f196)) * design tokens and core UI components ([#833](#833)) ([ed887f2](ed887f2)) * extend approval, meeting, and budget API responses ([#834](#834)) ([31472bf](31472bf)) * frontend polish -- real-time UX, accessibility, responsive, performance ([#790](#790), [#792](#792), [#791](#791), [#793](#793)) ([#917](#917)) ([f04a537](f04a537)) * implement human roles and access control levels ([#856](#856)) ([d6d8a06](d6d8a06)) * implement semantic conflict detection in workspace merge ([#860](#860)) ([d97283b](d97283b)) * interaction components and animation patterns ([#853](#853)) ([82d4b01](82d4b01)) * Login page + first-run bootstrap + Company page ([#789](#789), [#888](#888)) ([#896](#896)) ([8758e8d](8758e8d)) * Meetings page with timeline viz, token bars, contribution formatting ([#788](#788)) ([#904](#904)) ([b207f46](b207f46)) * Messages page with threading, channel badges, sender indicators ([#787](#787)) ([#903](#903)) ([28293ad](28293ad)) * Org Chart force-directed view and drag-drop reassignment ([#872](#872), [#873](#873)) ([#912](#912)) ([a68a938](a68a938)) * Org Chart page (living nodes, status, CRUD, department health) ([#870](#870)) ([0acbdae](0acbdae)) * per-command flags for remaining commands, auto-behavior wiring, help/discoverability ([#897](#897)) ([3f7afa2](3f7afa2)) * Providers page with backend rework -- health, CRUD, subscription auth ([#893](#893)) ([9f8dd98](9f8dd98)) * scaffold React + Vite + TypeScript + Tailwind project ([#799](#799)) ([bd151aa](bd151aa)) * Settings page with search, dependency indicators, grouped rendering ([#784](#784)) ([#902](#902)) ([a7b9870](a7b9870)) * Setup Wizard rebuild with template comparison, cost estimator, theme customization ([#879](#879)) ([ae8b50b](ae8b50b)) * setup wizard UX -- template filters, card metadata, provider form reuse ([#910](#910)) ([7f04676](7f04676)) * setup wizard UX overhaul -- mode choice, step reorder, provider fixes ([#907](#907)) ([ee964c4](ee964c4)) * structured ModelRequirement in template agent configs ([#795](#795)) ([7433548](7433548)) * Task Board page (rich Kanban, filtering, dependency viz) ([#871](#871)) ([04a19b0](04a19b0)) ### Bug Fixes * align frontend types with backend and debounce WS refetches ([#916](#916)) ([134c11b](134c11b)) * auto-cleanup targets newly pulled images instead of old ones ([#884](#884)) ([50e6591](50e6591)) * correct wipe backup-skip flow and harden error handling ([#808](#808)) ([c05860f](c05860f)) * improve provider setup in wizard, subscription auth, dashboard bugs ([#914](#914)) ([87bf8e6](87bf8e6)) * improve update channel detection and add config get command ([#814](#814)) ([6b137f0](6b137f0)) * resolve all ESLint warnings, add zero-warnings enforcement ([#899](#899)) ([079b46a](079b46a)) * subscription auth uses api_key, base URL optional for cloud providers ([#915](#915)) ([f0098dd](f0098dd)) ### Refactoring * semantic analyzer cleanup -- shared filtering, concurrency, extraction ([#908](#908)) ([81372bf](81372bf)) ### Documentation * brand identity and UX design system from [#765](#765) exploration ([#804](#804)) ([389a9f4](389a9f4)) * page structure and information architecture for v0.5.0 dashboard ([#809](#809)) ([f8d6d4a](f8d6d4a)) * write UX design guidelines with WCAG-verified color system ([#816](#816)) ([4a4594e](4a4594e)) ### Tests * add unit tests for agent hooks and page components ([#875](#875)) ([#901](#901)) ([1d81546](1d81546)) ### CI/CD * bump actions/deploy-pages from 4.0.5 to 5.0.0 in the major group ([#831](#831)) ([01c19de](01c19de)) * bump astral-sh/setup-uv from 7.6.0 to 8.0.0 in /.github/actions/setup-python-uv in the all group ([#920](#920)) ([5f6ba54](5f6ba54)) * bump codecov/codecov-action from 5.5.3 to 6.0.0 in the major group ([#868](#868)) ([f22a181](f22a181)) * bump github/codeql-action from 4.34.1 to 4.35.0 in the all group ([#883](#883)) ([87a4890](87a4890)) * bump sigstore/cosign-installer from 4.1.0 to 4.1.1 in the minor-and-patch group ([#830](#830)) ([7a69050](7a69050)) * bump the all group with 3 updates ([#923](#923)) ([ff27c8e](ff27c8e)) * bump wrangler from 4.76.0 to 4.77.0 in /.github in the minor-and-patch group ([#822](#822)) ([07d43eb](07d43eb)) * bump wrangler from 4.77.0 to 4.78.0 in /.github in the all group ([#882](#882)) ([f84118d](f84118d)) ### Maintenance * add design system enforcement hook and component inventory ([#846](#846)) ([15abc43](15abc43)) * add dev-only auth bypass for frontend testing ([#885](#885)) ([6cdcd8a](6cdcd8a)) * add pre-push rebase check hook ([#855](#855)) ([b637a04](b637a04)) * backend hardening -- eviction/size-caps and model validation ([#911](#911)) ([81253d9](81253d9)) * bump axios from 1.13.6 to 1.14.0 in /web in the all group across 1 directory ([#922](#922)) ([b1b0232](b1b0232)) * bump brace-expansion from 5.0.4 to 5.0.5 in /web ([#862](#862)) ([ba4a565](ba4a565)) * bump eslint-plugin-react-refresh from 0.4.26 to 0.5.2 in /web ([#801](#801)) ([7574bb5](7574bb5)) * bump faker from 40.11.0 to 40.11.1 in the minor-and-patch group ([#803](#803)) ([14d322e](14d322e)) * bump https://github.com/astral-sh/ruff-pre-commit from v0.15.7 to 0.15.8 ([#864](#864)) ([f52901e](f52901e)) * bump nginxinc/nginx-unprivileged from `6582a34` to `f99cc61` in /docker/web in the all group ([#919](#919)) ([df85e4f](df85e4f)) * bump nginxinc/nginx-unprivileged from `ccbac1a` to `6582a34` in /docker/web ([#800](#800)) ([f4e9450](f4e9450)) * bump node from `44bcbf4` to `71be405` in /docker/sandbox ([#827](#827)) ([91bec67](91bec67)) * bump node from `5209bca` to `cf38e1f` in /docker/web ([#863](#863)) ([66d6043](66d6043)) * bump picomatch in /site ([#842](#842)) ([5f20bcc](5f20bcc)) * bump recharts 2->3 and @types/node 22->25 in /web ([#802](#802)) ([a908800](a908800)) * Bump requests from 2.32.5 to 2.33.0 ([#843](#843)) ([41daf69](41daf69)) * bump smol-toml from 1.6.0 to 1.6.1 in /site ([#826](#826)) ([3e5dbe4](3e5dbe4)) * bump the all group with 3 updates ([#921](#921)) ([7bace0b](7bace0b)) * bump the minor-and-patch group across 1 directory with 2 updates ([#829](#829)) ([93e611f](93e611f)) * bump the minor-and-patch group across 1 directory with 3 updates ([#841](#841)) ([7010c8e](7010c8e)) * bump the minor-and-patch group across 1 directory with 3 updates ([#869](#869)) ([548cee5](548cee5)) * bump the minor-and-patch group in /site with 2 updates ([#865](#865)) ([9558101](9558101)) * bump the minor-and-patch group with 2 updates ([#867](#867)) ([4830706](4830706)) * consolidate Dependabot groups to 1 PR per ecosystem ([06d2556](06d2556)) * consolidate Dependabot groups to 1 PR per ecosystem ([#881](#881)) ([06d2556](06d2556)) * improve worktree skill with full dep sync and status enhancements ([#906](#906)) ([772c625](772c625)) * remove Vue remnants and document framework decision ([#851](#851)) ([bf2adf6](bf2adf6)) * update web dependencies and fix brace-expansion CVE ([#880](#880)) ([a7a0ed6](a7a0ed6)) * upgrade to Storybook 10 and TypeScript 6 ([#845](#845)) ([52d95f2](52d95f2)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
defineMain/definePreviewAPIs, remove dead packages (addon-essentials, addon-interactions, @storybook/test), add addon-docs, migrate backgrounds API, enable global a11y enforcement (a11y.test: 'error')baseUrl, remove explicitesModuleInterop, mergeDOM.IterableintoDOM, upgrade target/lib to ES2025docs/design/brand-and-ux.mdSupersedes #825 (Dependabot partial bump that caused version mismatch CI failures).
Test plan
npm --prefix web run type-check-- clean (no baseUrl deprecation errors)npm --prefix web run build-- Vite production build succeedsnpm --prefix web run storybook:build-- Storybook build succeeds (no version mismatch)npm --prefix web run lint-- ESLint cleannpm --prefix web run test-- 330/330 tests passCloses #825
🤖 Generated with Claude Code