Fix: Update Electron & Remote debugging fix

[nytamin]

About the Contributor

This pull request is posted on behalf of the NRK

Type of Contribution

This is a:

Bug fix / Code improvement

Current Behavior

New Behavior

• Updates Electron to latest
• Exposes a debug web page at /debug/remote-debug for remote debugging

Status

• PR is ready to be reviewed.
• The functionality has been tested by the author.
• Relevant unit tests has been added / updated.
• Relevant documentation (code comments, system documentation) has been added / updated.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9be2cf92-365c-4b06-a9b4-6887109c673f

📥 Commits

Reviewing files that changed from the base of the PR and between a62db0b and 59e86cf.

📒 Files selected for processing (2)

• src/helpers/APIHelper.ts
• src/helpers/ConfigHelper.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• src/helpers/APIHelper.ts

---

Walkthrough

Adds a pinned Yarn binary and updates Electron tooling, introduces a /debug/remote-debug HTTP endpoint that proxies Chrome DevTools targets using a --remote-debugging-port arg, and adds a canSpanMultipleDisplays window config with conditional bounds application in window update logic.

Changes

Cohort / File(s)	Summary
Tooling & Root Metadata \.yarnrc.yml, package.json	Removed plugin-version entry and added yarnPath pointing to .yarn/releases/yarn-4.13.0.cjs; updated package.json packageManager and bumped devDependencies (electron, electron-builder).
Remote Debug Endpoint src/helpers/APIHelper.ts	Added GET /debug/remote-debug route: reads --remote-debugging-port from process args, fetches http://localhost:PORT/json/list, returns an HTML page of target links; handles missing port and fetch/parse errors with 500 responses and logs.
Window Display Behavior src/lib/config.ts, src/helpers/WindowHelper.ts, src/helpers/ConfigHelper.ts	Added canSpanMultipleDisplays: boolean to ConfigWindow defaulting to false; ensureCompatibility sets default when absent. WindowHelper._updateWindow now applies bounds directly when canSpanMultipleDisplays is true, otherwise uses prior per-display clamping logic.

Sequence Diagram

sequenceDiagram
    participant Client as Client
    participant API as API Helper
    participant Proc as Process Args
    participant CDP as Remote Debug Service\r\n(localhost:PORT)

    Client->>API: GET /debug/remote-debug
    API->>Proc: Read --remote-debugging-port
    alt port provided
        API->>CDP: GET /json/list
        CDP-->>API: JSON targets
        API->>API: Build HTML with target links
        API-->>Client: 200 OK (HTML)
    else port missing
        API-->>Client: 500 (missing port guidance)
    end
    alt fetch/parse error
        API->>API: Log error
        API-->>Client: 500 (error message)
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐇 I nibble yarn and stitch the build bright,
I peek at ports where Chrome-lights ignite,
Windows stretch across displays at will,
Debug links bloom — the rabbit's cup is full! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title mentions Electron updates and remote debugging, which are the main changes in the PR, though it is somewhat vague with the word 'Fix' at the start.
Description check	✅ Passed	The description is directly related to the changeset, covering the Electron update and the new remote debugging feature that are present in the code changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/remote-debugging

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/helpers/APIHelper.ts`:
- Around line 161-217: The new route handler defined in
router.get('/debug/remote-debug', async (ctx) => { ... }) has
Prettier/formatting violations; fix by running the project's Prettier formatter
(or applying the project's ESLint --fix) on src/helpers/APIHelper.ts and adjust
the block so spacing, indentation, quotes and template-literal indentation match
project style (including the JSON.stringify(list) insertion inside the template
literal and consistent semicolons/commas), then ensure the catch block logging
(this.logger.error(...)) and ctx.body lines are formatted consistently; re-run
CI formatting checks to confirm the route compiles with Prettier.
- Around line 194-205: The debug page currently injects untrusted values
(page.title, page.url, page.webSocketDebuggerUrl) into a script and uses
innerHTML, enabling XSS; modify the rendering in APIHelper so you do not embed
raw JSON into a script or use innerHTML: instead build the DOM purely with
document.createElement, set element.textContent for visible strings, set
anchor.href by safely constructing the URL using encodeURIComponent for
components and by parsing/validating page.webSocketDebuggerUrl (from list)
before use, and avoid injecting raw HTML; update the code block that sets
ctx.body (and the script that iterates over list) to create anchors via
createElement('a') with a safe href and appendNodes rather than using innerHTML
or raw script-embedded data.
- Line 191: The fetch to `http://localhost:${remoteDebuggingPort}/json/list`
must be hardened: wrap the request in an AbortController with a short
configurable timeout, use that controller's signal in the fetch call, and clear
the timeout on completion; after fetch returns check `response.ok` and throw a
descriptive error (including status) if false, then parse JSON inside a
try/catch to surface parsing errors. Locate the expression containing
`fetch(\`http://localhost:${remoteDebuggingPort}/json/list\`)` and replace it
with the timed/abortable fetch + response.ok check and proper error handling so
the call cannot hang and failures are explicit.

In `@src/lib/config.ts`:
- Around line 25-26: Legacy persisted ConfigWindow objects may lack the new
canSpanMultipleDisplays field causing runtime shape mismatch; update the config
migration/normalization in src/helpers/ConfigHelper.ts to detect ConfigWindow
entries missing canSpanMultipleDisplays and backfill a sensible default (e.g.,
false) before returning or storing the config. Locate the code paths that
construct/normalize ConfigWindow (reference ConfigWindow and any
migration/normalize function in ConfigHelper) and add logic to set
window.canSpanMultipleDisplays = false when undefined so all loaded configs
conform to the ConfigWindow interface.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cb922b44-0c57-4282-8400-ba812d032dd8

📥 Commits

Reviewing files that changed from the base of the PR and between 45b6a83 and a62db0b.

⛔ Files ignored due to path filters (3)

• .yarn/plugins/@yarnpkg/plugin-version.cjs is excluded by !**/.yarn/**
• .yarn/releases/yarn-4.13.0.cjs is excluded by !**/.yarn/**
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (5)

• .yarnrc.yml
• package.json
• src/helpers/APIHelper.ts
• src/helpers/WindowHelper.ts
• src/lib/config.ts

[jstarpl]

I think it would be nice to fix the linting issues before merging.