Resolve issues with structutal crashes in Bevel, add colinear metadata to generators, and ensure boolean identity tradeoffs #2068

[afrdbaig7]

This fixes several issues with structural instabilities in regards to maintaining vector identities and incorrect assumptions in indices throughout the node stack. The changes resolve fatal crashes in the shape manipulation pipeline and bring our colinear handling into line with disjoint and implicitly merged paths.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on enhancing the stability and correctness of vector-based operations within the Graphite editor. It resolves crashes, improves the handling of colinear points, and addresses issues with pointer lock functionality in the NumberInput component, ultimately leading to a more robust and predictable user experience.

Highlights

• Structural Stability: Addresses structural instabilities in vector identities and index assumptions within the node stack, resolving fatal crashes in shape manipulation.
• Colinear Handling: Improves colinear handling to align with disjoint and implicitly merged paths, ensuring consistency.
• Pointer Lock: Fixes issues with pointer lock in the NumberInput component, addressing inaccurate movement values reported by Chrome and Firefox.

Ignored Files

• Ignored by pattern: .github/workflows/** (3)
  • .github/workflows/build.yml
  • .github/workflows/ci.yml
  • .github/workflows/release.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request includes several changes related to vector graphics and number input components. The NumberInput.svelte component now imports types from @graphite/messages instead of @graphite/../wasm/pkg/graphite_wasm. Additionally, the code now clamps large movementX values during drag start in the NumberInput component to address issues with inaccurate pointer movement data in Chrome and Firefox. The isInteger check was removed from the combineSnapped calculation. A detect_colinear_manipulators function was added to the Vector struct, and it is called in the boolean_operation_on_vector_table function. A set_ellipse_colinear_manipulators function was added, and the colinear_manipulators field is cleared in the spline function. The bevel algorithm was updated to improve segment sorting and handle colinear manipulators.

[cubic-dev-ai]

3 issues found across 8 files

Confidence score: 3/5

• There is a concrete security-risk regression in .github/workflows/ci.yml: switching to secrets: inherit broadens secret exposure compared with the prior explicit Cloudflare-only injection, which weakens least-privilege controls.
• .github/workflows/build.yml may fail deploys on workflow_dispatch/workflow_call because wrangler pages deploy always consumes cf_project, while that output appears to be set only for push runs; confidence is low here, so this is a moderate uncertainty rather than a confirmed blocker.
• This looks mergeable with caution, but the combination of a medium-high security concern and CI parity drift in .github/workflows/ci.yml (merge-queue skip gating no longer equivalent) creates non-trivial regression risk.
• Pay close attention to .github/workflows/ci.yml, .github/workflows/build.yml - secret scope and conditional project-name wiring can change CI/deploy behavior and security posture.

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".github/workflows/build.yml">

<violation number="1" location=".github/workflows/build.yml:129">
P2: `cf_project` is only set on push runs, but `wrangler pages deploy` always uses it. On workflow_dispatch/workflow_call runs the output is empty, so deploy will receive an empty `--project-name` and fail. Either set a default for non-push runs or guard the deploy step.</violation>
</file>

<file name=".github/workflows/ci.yml">

<violation number="1" location=".github/workflows/ci.yml:13">
P2: Reusable `build.yml` call dropped previous merge-queue skip gating for the web build path, so CI behavior is not parity-equivalent after migration.</violation>

<violation number="2" location=".github/workflows/ci.yml:14">
P1: `secrets: inherit` unnecessarily broadens secret scope for this reusable-workflow call, regressing least-privilege versus the prior explicit Cloudflare-only secret injection.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: secrets: inherit unnecessarily broadens secret scope for this reusable-workflow call, regressing least-privilege versus the prior explicit Cloudflare-only secret injection.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/ci.yml, line 14:

<comment>`secrets: inherit` unnecessarily broadens secret scope for this reusable-workflow call, regressing least-privilege versus the prior explicit Cloudflare-only secret injection.</comment>

<file context>
@@ -8,78 +8,12 @@ env:
-          cd frontend
-          npm run check
+    uses: ./.github/workflows/build.yml
+    secrets: inherit
+    with:
+      web: true
</file context>

[cubic-dev-ai]

P2: cf_project is only set on push runs, but wrangler pages deploy always uses it. On workflow_dispatch/workflow_call runs the output is empty, so deploy will receive an empty --project-name and fail. Either set a default for non-push runs or guard the deploy step.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/build.yml, line 129:

<comment>`cf_project` is only set on push runs, but `wrangler pages deploy` always uses it. On workflow_dispatch/workflow_call runs the output is empty, so deploy will receive an empty `--project-name` and fail. Either set a default for non-push runs or guard the deploy step.</comment>

<file context>
@@ -105,11 +118,15 @@ jobs:
           for ATTEMPT in $(seq 1 $MAX_ATTEMPTS); do
             echo "Attempt $ATTEMPT of $MAX_ATTEMPTS..."
-            if OUTPUT=$(npx wrangler@3 pages deploy "frontend/dist" --project-name="graphite-dev" --commit-dirty=true 2>&1); then
+            if OUTPUT=$(npx wrangler@3 pages deploy "frontend/dist" --project-name="${{ steps.production-env.outputs.cf_project }}" --commit-dirty=true 2>&1); then
               URL=$(echo "$OUTPUT" | grep -oP 'https://[^\s]+\.pages\.dev' | head -1)
               echo "url=$URL" >> "$GITHUB_OUTPUT"
</file context>

[cubic-dev-ai]

P2: Reusable build.yml call dropped previous merge-queue skip gating for the web build path, so CI behavior is not parity-equivalent after migration.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/ci.yml, line 13:

<comment>Reusable `build.yml` call dropped previous merge-queue skip gating for the web build path, so CI behavior is not parity-equivalent after migration.</comment>

<file context>
@@ -8,78 +8,12 @@ env:
-        run: |
-          cd frontend
-          npm run check
+    uses: ./.github/workflows/build.yml
+    secrets: inherit
+    with:
</file context>