refactor(storage-sqlite): extract noteMapping helpers from SQLiteNoteRepository#282
Merged
github-actions[bot] merged 1 commit intoJun 9, 2026
Conversation
…Repository Phase 1 of the SQLiteNoteRepository split. Pure helpers come out to their own file so future sub-repos (sync, tag, archive) can reuse them without inheriting from the 1000-line class. SQLiteNoteRepository.ts: 1121 -> 1038 lines (-7%). noteMapping.ts: new (133 lines). Extracted: - NoteRow / TagRow / TagWithColorRow / BacklinkInfo — row types - rowToNote(row, tags) -> Note — pure mapper - prepareFtsQuery(input) -> string — FTS5 query escaper - archivedConditionSql(filter, alias) -> string — SQL fragment helper Call sites swapped from `this.<helper>()` to plain function imports. The public class signature is unchanged; `BacklinkInfo` is re-exported so external consumers (apps/desktop/handlers/types.ts) keep working. What this PR DELIBERATELY does NOT do: - Extract sync methods (getPendingChanges through getSyncHistory ~430 lines) into a SQLiteNoteSyncRepository. Those share state (tag queries, transactions, FTS sync triggers) with the main class in ways that need real-DB integration coverage to refactor safely. The helpers extracted here are the foundation: a follow-up PR can build the sync sub-repo on top of them without touching the helpers again. - Extract tag methods (setManualTags, renameTag, getAllTagsWithColors, etc.) for the same reason. Validates: - pnpm -r typecheck — green - pnpm test — 17/17 packages (storage-sqlite tests skipped per repo policy; helpers are pure and trivially exercised by the desktop's integration tests) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. 🗂️ Base branches to auto review (2)
Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
f8a42f0
into
feat/wire-signed-subscription-verification
5 of 6 checks passed
3 tasks
github-actions Bot
pushed a commit
that referenced
this pull request
Jun 9, 2026
## Summary
**Phase 1 of the MarkdownEditor split.** Pure theme + markdown
HighlightStyle move to their own file so further extractions (extensions
array, keymap bindings) can ride on top without merging against a
churn-prone component shell.
| Metric | Before | After |
|---|---|---|
| \`MarkdownEditor.tsx\` | 737 lines | **612 lines** (-17%) |
| \`editorTheme.ts\` | — | 139 lines (new) |
## Extracted
| Symbol | Kind |
|---|---|
| \`SCROLL_PAST_END_PADDING\` | constant |
| \`createEditorTheme(fontSize, fontFamily, lineHeight)\` | factory
returning \`EditorView.theme({...})\` |
| \`markdownHighlighting\` | \`HighlightStyle.define([...])\` with all
tag styles for markdown |
## Imports cleaned up
- Drop \`HighlightStyle\` from \`@codemirror/language\` import (no
longer referenced in this file)
- Drop \`tags\` from \`@lezer/highlight\` (moved into editorTheme.ts)
## What this PR DELIBERATELY does NOT do
- **Extract the extensions array** (~96 lines of \`createExtensions\`).
It closes over user settings (\`lineNumbersCompartment\` etc.) and mixes
context-coupled values like \`wikilinkAutocomplete\` from a hook. Safely
pulling that out requires either passing the closure context via a
builder, or moving the whole \`useMemo\` into its own hook. **Better
done under Playwright coverage (PR-E #277) so renderer regressions
surface.**
- **Extract the keymap.** Same reason — bindings reference
view-imperatives + the command-registry which are constructed inside the
React tree.
## Test plan
- [x] \`pnpm -r typecheck\` — green (renderer + e2e tsconfigs)
- [x] \`pnpm test\` — 17/17 packages
- [ ] Manual: open the editor, type in a markdown note with headings,
emphasis, lists, code blocks. The look must be identical (theme is
byte-for-byte the same; just moved).
## Stack context
Stacked on **note repo split** (#282) → PR-F3 wiring (#281) → PR-Knip-2
(#280) → PR-Knip-1 (#279) → PR-G (#278) → PR-E (#277) → ... down to PR-B
(#265). **19 PRs deep.**
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2 tasks
github-actions Bot
pushed a commit
that referenced
this pull request
Jun 9, 2026
## Summary Replaces the all-zeros placeholder from #281 with a real Ed25519 public key. The matching private key was generated in this session and is held outside the repo — see notes below. ## Public key (this PR) \`\`\` d049019b2ff05ccfd3802e0619d5897e21431a6f946af724c13ed7ecca7ec01f \`\`\` Public by design — the client needs it to verify. Safe to commit. ## Private key (NOT in this PR) Lives only on the licensing server. Tomy received it in the dev session that produced this PR and is responsible for storing it as the server's \`LICENSE_SIGNING_PRIVATE_KEY\` env var (Vercel env / Doppler / 1Password / wherever your secrets live). **This keypair was generated in a dev chat session and is considered "dev/staging-grade".** For production, rotate before the first signed envelope ships: generate a new pair on a trusted machine, push a new desktop release with the new public key here, then switch the server. The rotation procedure is documented in the constant's comment. ## Behavior change | State | Before (placeholder) | After (real key) | |---|---|---| | Cache without envelope | Warning logged, accepted (lenient) | Warning logged, accepted (lenient) | | Cache with envelope signed by matching key | Cannot occur | Silently accepted | | Cache with envelope signed by wrong key | Refused → refetch | Refused → refetch | | Cache with tampered envelope | Refused → refetch | Refused → refetch | The lenient branch (no envelope) is unchanged — existing users are unaffected. The strict branch (envelope present) now actually works: real envelopes verify, fakes get rejected. ## Test plan - [x] \`pnpm --filter @readied/desktop typecheck:main\` — green - [ ] After merge: server team uses \`signSubscriptionPayload(payload, LICENSE_SIGNING_PRIVATE_KEY)\` from \`@readied/licensing\`. Round-trip test: \`\`\`bash cd packages/licensing node -e " import('./src/validator.js').then(async ({ signSubscriptionPayload, verifySubscriptionSignature }) => { const PRIV = process.env.LICENSE_SIGNING_PRIVATE_KEY; const env = await signSubscriptionPayload({ payloadVersion: 1, subscription: { subscriptionId:'sub_test', customerId:'cus_test', email:'x@x.com', plan:'monthly', status:'active', currentPeriodStart: new Date().toISOString(), currentPeriodEnd: new Date(Date.now()+30*86400e3).toISOString(), cancelAtPeriodEnd:false }, issuedAt: new Date().toISOString(), }, PRIV); const r = await verifySubscriptionSignature(env, { publicKey: 'd049019b2ff05ccfd3802e0619d5897e21431a6f946af724c13ed7ecca7ec01f' }); console.log(r.valid ? '✅' : '❌ ' + r.error); }); " \`\`\` ## Stack context **PR-Set-Key** at the tip of the stack. Sits on top of editor split (#283) → note repo split (#282) → ... down to PR-B (#265). **20 PRs deep.** 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
github-actions Bot
pushed a commit
that referenced
this pull request
Jun 9, 2026
## Summary Promotes `develop` to `main` for **v0.15.0**. Originally opened 2026-04-24; now refreshed with the 19-PR tech-debt audit shipped via #285 plus the accumulated dependabot bumps reconciled. `semantic-release` will pick the version bump. Expected: **minor (v0.14.x → v0.15.0)** because of multiple \`feat:\` commits. ## What ships (audit highlights, from #285) ### Runtime fixes (user-facing) - **Editor no longer crashes on table-containing notes** (#266) — \`Decoration.replace\` over multi-line ranges moved from a ViewPlugin to a StateField, plus an EditorView.exceptionSink so any future plugin error no longer tears down the EditorView. - **AI keys survive sleep/wake** (#275) — \`aiKeyStorage\` stopped silently deleting the encrypted store when the keychain was temporarily locked after macOS sleep. - **Backup restore is now safe** (#271) — restored DBs go through \`PRAGMA integrity_check\` before being swapped in; corrupt backups roll back to the safety copy. - **MCP server runs without electron-builder rebuilds** (#264 → #270) — migrated from native \`better-sqlite3\` to built-in \`node:sqlite\` (Node 22.5+), updated to the new \`registerTool\` MCP SDK API. ### Security - **Typed IPC boundary** (#272 + #273 + #274) — 130+ IPC channels now validated with Zod tuples at the main↔renderer boundary. Garbage in fails fast with \`IpcValidationError\` instead of corrupting downstream code. - **Ed25519 license verification scaffolding** (#276 + #281 + #284) — \`signSubscriptionPayload\` / \`verifySubscriptionSignature\` helpers ship in \`@readied/licensing\`, wired into \`FileLicenseStorage.readSubscriptionData\` with lenient fallthrough during migration. Real public key embedded (\`d04901…\`). Server-side \`LICENSE_SIGNING_PRIVATE_KEY\` already set in Cloudflare staging + production. ### Developer experience - **Husky → Lefthook** (#267) plus lint-staged that now runs ESLint, not just Prettier. - **\`knip\` added** (#267) + 12 unused files deleted (#279) + 6 unused deps dropped (#280). - **Playwright Electron E2E scaffold** (#277) with smoke + notes-IPC specs and a Linux+xvfb CI job (\`continue-on-error: true\` while it stabilises). - **Vitest coverage baseline** (#269) — 12 packages share a coverage config; smoke tests added for \`@readied/commands\`. ### Refactor (no behavior change) - **Zustand selectors migration** (#268) — 3 components stopped destructuring entire stores. - **God-file extractions**: - \`main/index.ts\` 1065 → 950 lines (#278) — \`FileLicenseStorage\`, \`windowState\` extracted to services - \`SQLiteNoteRepository.ts\` 1121 → 1038 lines (#282) — pure helpers extracted to \`noteMapping.ts\` - \`MarkdownEditor.tsx\` 737 → 612 lines (#283) — theme + markdownHighlighting extracted to \`editorTheme.ts\` ## Deploys triggered | Workflow | Trigger | What happens | |---|---|---| | \`deploy-api.yml\` | Auto on \`push\` to main affecting \`packages/api/**\` | Tests + deploys \`@readied/api\` to Cloudflare Workers (\`readied-api-production\`). This stack only touched \`wrangler.toml\` + \`.dev.vars\` docs, no production code change. | | \`release.yml\` | Manual \`workflow_dispatch\` post-merge | \`semantic-release\` analyses conventional commits, bumps version, creates GitHub Release draft + tag | | \`build.yml\` | Auto on tag push from release.yml | mac / windows / linux parallel builds, artefacts attached to the GitHub Release | ## Pre-merge verification (local, this branch) - ✅ \`pnpm -r typecheck\` — green across 18 workspace projects - ✅ \`pnpm test\` — 17/17 packages - ✅ Merge resolved: take develop versions for 19 conflicted package.jsons (develop has equal or newer deps than main's dependabot bumps) ## Post-merge action items (operator) 1. **Deploy API to staging first** (smoke test): \`\`\` gh workflow run deploy-api.yml -f environment=staging \`\`\` 2. Confirm staging API responds correctly (subscription endpoint with new \`LICENSE_SIGNING_PRIVATE_KEY\` secret already set in CF). 3. Merge this PR → auto-deploys API to production. 4. Trigger Release workflow: GitHub → Actions → Release → "Run workflow" → main. 5. Watch Build workflow for mac/win/linux completion. 6. Confirm the release un-drafts itself. ## Known risks / follow-ups - **Pre-existing Vercel preview failure for \`apps/web\`** — marketing site, scheduled to be extracted to its own repo (P3 in the roadmap). - **\`SUBSCRIPTION_PUBLIC_KEY\` is dev-grade** — generated in a Claude session. Before the licensing server emits envelopes for real paid users, rotate the keypair from a trusted machine and ship a follow-up release. - **Branch protection should require CodeRabbit completion before automerge** — added to the roadmap as a process item; this very PR was BLOCKED correctly because of that policy gap being closed. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase 1 of the SQLiteNoteRepository split. Pure helpers come out to their own file so future sub-repositories (sync, tag, archive) can reuse them without inheriting from the 1000-line class.
Extracted
Call sites swapped from `this.()` to plain function imports. The public class signature is unchanged — `BacklinkInfo` is re-exported so external consumers (e.g. `apps/desktop/src/main/handlers/types.ts`) keep working without edits.
What this PR DELIBERATELY does NOT do
The audit aspired to a 4-way split (NoteCrudRepository + NoteTagRepository + NoteArchiveRepository + NoteSyncRepository). That remains the destination. This PR ships the foundation that makes those splits low-risk; each can ride its own PR with focused review.
Test plan
Stack context
Stacked on PR-F3 wiring (#281) → PR-Knip-2 (#280) → PR-Knip-1 (#279) → PR-G (#278) → PR-E (#277) → ... down to PR-B (#265). 18 PRs deep.
🤖 Generated with Claude Code