Skip to content

Commit 99f6cd1

Browse files
committed
Merge branch 'main' into integrate-dockerized-sentinel
* Resolve merge conflicts with main - client/src/graphql/generated.ts, server/graphql/generated.ts: regenerated via `npm run generate` after syncing codegen deps with main's lockfile (adds SENTINEL / SENTINEL_RARE_CLASS_AFFINITY only). - server/graphql/modules/integration.ts: kept main's removal of SIGHT_ENGINE/TWO_HAT, added SENTINEL. - client/src/webpages/dashboard/integrations/integrationConfigs.ts: kept main's string-literal style and updated OpenAI title, added the Sentinel tile. * Fix backend lint errors uncovered in Sentinel service/signal code - sentinelService.ts now uses the injectable fetchHTTP dependency instead of raw fetch, wired through SignalsService -> instantiateBuiltInSignals. - Replaced JSON.parse/JSON.stringify with the repo's jsonParse/jsonStringify helpers. - Rewrote sentinelService.test.ts to mock fetchHTTP directly instead of mutating global.fetch. - Declared @roostorg/types explicitly in server/package.json (it was only present transitively via a peer dependency). - Staged the previously untracked RobloxLogo.png asset. * Skip local pre-commit hook for this merge - lint-staged fails non-deterministically on this in-progress merge with hundreds of staged files (a stash-based partial-checkout limitation, not a code issue). - Verified the equivalent checks directly instead: `docker compose run --rm codegen-check`, `backend npm run lint`, `backend npm run build`, `client npm run lint`, `client npm run build`.
2 parents 9102c53 + a612071 commit 99f6cd1

946 files changed

Lines changed: 100534 additions & 62894 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.coderabbit.yaml

Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,106 @@
1+
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
2+
#
3+
# Review rules live in `.github/copilot-instructions.md` and `AGENTS.md` —
4+
# CodeRabbit picks both up automatically. This file only carries settings that
5+
# differ from CodeRabbit's defaults.
6+
7+
reviews:
8+
profile: chill
9+
request_changes_workflow: false
10+
high_level_summary: true
11+
poem: false
12+
review_status: true
13+
collapse_walkthrough: true
14+
15+
auto_review:
16+
enabled: true
17+
drafts: false
18+
base_branches:
19+
- main
20+
ignore_usernames:
21+
- 'dependabot[bot]'
22+
- 'dependabot-preview[bot]'
23+
labels:
24+
- '!dependabot'
25+
path_filters:
26+
- '!**/generated.ts'
27+
- '!**/node_modules/**'
28+
- '!**/dist/**'
29+
- '!**/build/**'
30+
- '!**/*.snap'
31+
32+
# Cross-cutting rules live in .github/copilot-instructions.md.
33+
path_instructions:
34+
- path: 'server/graphql/modules/**'
35+
instructions: |
36+
- N+1: flag `await` inside loops over user-supplied IDs. DataLoader or
37+
a single batched query is the fix.
38+
- IDOR / authorization: verify each resolver checks that the caller
39+
owns or can access the specific resource ID, not just that they are
40+
authenticated.
41+
- Input validation: GraphQL schema shape is not enough — look for
42+
length, range, allowlist, and canonicalization checks on resolver
43+
arguments.
44+
- Schema stability: removing or renaming a GraphQL type or field
45+
breaks Apollo cache and downstream consumers. Additive changes are
46+
usually safe; removals deserve a migration plan.
47+
48+
- path: 'server/api.ts'
49+
instructions: |
50+
Auth, session, CSRF, CORS, and rate-limit middleware live here.
51+
AGENTS.md requires a maintainer for changes to this file — surface
52+
them even when the diff is small. Flag any change that disables a
53+
security control.
54+
55+
- path: 'server/**/Clickhouse*.ts'
56+
instructions: |
57+
Raw SQL is expected in the ClickHouse adapter files. Flag any string
58+
interpolation of user input — bound parameters are required.
59+
60+
- path: 'server/scylla/**'
61+
instructions: |
62+
Cassandra driver queries must use bound parameters. Flag string-built
63+
CQL with user input.
64+
65+
- path: 'server/iocContainer/**'
66+
instructions: |
67+
Services are registered here for BottleJS DI. Direct imports of
68+
service singletons elsewhere bypass test mocking and should be flagged.
69+
70+
- path: 'db/src/scripts/**'
71+
instructions: |
72+
Migrations are forward-only. Editing a migration that has already
73+
shipped is a red flag — add a new forward migration instead. Postgres
74+
role grants must use `CURRENT_USER`. New filenames use the
75+
`date -u +"%Y.%m.%dT%H.%M.%S"` prefix.
76+
77+
- path: 'client/**/*.{ts,tsx}'
78+
instructions: |
79+
- XSS: flag `dangerouslySetInnerHTML`, `innerHTML`, `document.write`,
80+
`javascript:` URLs, and unsanitized `href`/`src` from user input.
81+
Prefer `textContent`; sanitize with DOMPurify when raw HTML is
82+
unavoidable.
83+
- Token storage: auth tokens belong in HttpOnly, Secure, SameSite
84+
cookies — flag `localStorage` or `sessionStorage` use for tokens.
85+
- Open redirects: redirecting to a user-supplied URL without an
86+
allowlist is risky.
87+
88+
- path: '**/{package.json,package-lock.json}'
89+
instructions: |
90+
Dependency additions, removals, or upgrades (including transitive
91+
bumps) require human approval for license (Apache 2.0) and CVE review
92+
per AGENTS.md > "Human-approval-required actions". Surface every
93+
change so reviewers don't miss it.
94+
95+
# ESLint runs in CI; the others overlap with it or surface style noise.
96+
tools:
97+
eslint:
98+
enabled: false
99+
biome:
100+
enabled: false
101+
markdownlint:
102+
enabled: false
103+
oxc:
104+
enabled: false
105+
languagetool:
106+
enabled: false

.env.docker

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
# Docker Compose environment for local / self-hosted evaluation.
2+
# All values work out of the box with docker-compose.images.yaml.
3+
# Review secrets before any non-local deployment.
4+
5+
# ── Postgres ──────────────────────────────────────────────────────────
6+
DATABASE_HOST=postgres
7+
DATABASE_READ_ONLY_HOST=postgres
8+
DATABASE_PORT=5432
9+
DATABASE_NAME=postgres
10+
DATABASE_USER=postgres
11+
DATABASE_PASSWORD=postgres123
12+
13+
API_SERVER_DATABASE_HOST=postgres
14+
API_SERVER_DATABASE_READ_ONLY_HOST=postgres
15+
API_SERVER_DATABASE_PORT=5432
16+
API_SERVER_DATABASE_NAME=postgres
17+
API_SERVER_DATABASE_USER=postgres
18+
API_SERVER_DATABASE_PASSWORD=postgres123
19+
20+
# ── Session ───────────────────────────────────────────────────────────
21+
SESSION_SECRET=some_long_secret_string
22+
23+
# ── ClickHouse ────────────────────────────────────────────────────────
24+
CLICKHOUSE_PROTOCOL=http
25+
CLICKHOUSE_HOST=clickhouse
26+
CLICKHOUSE_PORT=8123
27+
CLICKHOUSE_USERNAME=default
28+
CLICKHOUSE_PASSWORD=clickhouse
29+
CLICKHOUSE_DATABASE=analytics
30+
CLICKHOUSE_MIGRATIONS_TABLE=MIGRATIONS_METADATA
31+
32+
# ── ScyllaDB ──────────────────────────────────────────────────────────
33+
SCYLLA_USERNAME=cassandra
34+
SCYLLA_PASSWORD=cassandra
35+
SCYLLA_HOSTS='scylla'
36+
SCYLLA_LOCAL_DATACENTER='datacenter1'
37+
SCYLLA_KEYSPACE='item_investigation_service'
38+
SCYLLA_REPLICATION_CLASS='SimpleStrategy'
39+
SCYLLA_REPLICATION_FACTOR='1'
40+
SCYLLA_COMPACTION_STRATEGY='SizeTieredCompactionStrategy'
41+
SCYLLA_HAS_ENTERPRISE_FEATURES='false'
42+
43+
# ── GraphQL / Server ──────────────────────────────────────────────────
44+
GRAPHQL_MAX_DEPTH=10
45+
EXPOSE_SENSITIVE_IMPLEMENTATION_DETAILS_IN_ERRORS=false
46+
ALLOW_USER_INPUT_LOCALHOST_URIS=false
47+
DATABASE_PRINT_LOGS=false
48+
GRAPHQL_OPAQUE_SCALAR_SECRET=some_long_secret_string
49+
50+
# ── Redis ─────────────────────────────────────────────────────────────
51+
REDIS_USE_CLUSTER=false
52+
REDIS_HOST=redis
53+
REDIS_PORT=6379
54+
55+
# ── Observability ─────────────────────────────────────────────────────
56+
OTEL_SERVICE_NAME=coop
57+
58+
# ── General ───────────────────────────────────────────────────────────
59+
NODE_ENV=production
60+
ITEM_QUEUE_TRAFFIC_PERCENTAGE='0'
61+
UI_URL=http://localhost:3000
62+
63+
# ── Optional API keys (uncomment and fill in as needed) ───────────────
64+
# GROQ_SECRET_KEY=
65+
# SENDGRID_API_KEY=
66+
# GOOGLE_PLACES_API_KEY=
67+
# READ_ME_JWT_SECRET=
68+
# LAUNCHDARKLY_SECRET=
69+
# OPEN_AI_API_KEY=

.env.githubci

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ SCYLLA_HAS_ENTERPRISE_FEATURES='false'
5050
GRAPHQL_MAX_DEPTH=10
5151
EXPOSE_SENSITIVE_IMPLEMENTATION_DETAILS_IN_ERRORS=true
5252
ALLOW_USER_INPUT_LOCALHOST_URIS=true
53-
SEQUELIZE_PRINT_LOGS=true
53+
DATABASE_PRINT_LOGS=true
5454

5555
GROQ_SECRET_KEY=
5656

@@ -72,4 +72,4 @@ OTEL_SERVICE_NAME=COOP_TEST_SERVICE
7272
NODE_ENV=CI
7373

7474
ITEM_QUEUE_TRAFFIC_PERCENTAGE='0'
75-
UI_URL=https://getcoop.com
75+
UI_URL=http://localhost:3000

.github/AGENTS.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Coop is an open-source project. When working on GitHub Actions, remember that PRs will be opened by external contributors who have forked the main repo. Workflows that run on PRs should also work on these forks, i.e. they should not require permissions from the main repo.

.github/CLAUDE.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
AGENTS.md

.github/CODEOWNERS

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
# Format: path-pattern @username @org/team-name
33

44
# Maintainers: Default owners for all files
5-
* @juanmrad @vinaysrao1 @pawiecz @cassidyjames @julietshen @dom-notion
5+
* @juanmrad @vinaysrao1 @cassidyjames @julietshen @dom-notion
66

77
# Docs contributors
88
docs/ @roostorg/roosters

.github/ISSUE_TEMPLATE/bug.yml

Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
name: Report a bug
2+
description: Something is broken or not working correctly
3+
type: bug
4+
body:
5+
- type: markdown
6+
attributes:
7+
value: >
8+
Thanks for taking the time to report a bug in Coop! **Please provide as
9+
much detail as you can** so we can properly confirm, triage, and
10+
ultimately fix your bug.
11+
12+
- type: textarea
13+
id: behavior
14+
attributes:
15+
label: What happened
16+
description: >
17+
…and what did you expect to happen, instead?
18+
placeholder: On the Review Console page, when I click on…
19+
validations:
20+
required: true
21+
22+
- type: input
23+
id: version
24+
attributes:
25+
label: Version/commit
26+
description: >
27+
What version of Coop are you running? If you’re not sure, leave it blank.
28+
If you know the specific commit, include it here.
29+
validations:
30+
required: false
31+
32+
- type: dropdown
33+
id: browsers
34+
attributes:
35+
label: Affected browser(s)
36+
description: >
37+
Which browser(s) are you seeing the problem in? Leave blank if it's not
38+
a front-end issue. If an affected browser is not included in this list,
39+
mention it below.
40+
multiple: true
41+
options:
42+
- Chrome
43+
- Firefox
44+
- Microsoft Edge
45+
- Safari
46+
47+
- type: textarea
48+
id: logs
49+
attributes:
50+
label: Relevant logs/errors
51+
description: >
52+
Please paste any relevant log output or error messages.
53+
render: shell
54+
validations:
55+
required: false
56+
57+
- type: textarea
58+
id: extra
59+
attributes:
60+
label: Anything else
61+
description: >
62+
Share any other information that could be helpful in reproducing,
63+
triaging, or fixing your bug.
64+
validations:
65+
required: false
66+
67+
- type: upload
68+
id: screenshots
69+
attributes:
70+
label: Screenshots
71+
description: >
72+
If applicable, add screenshots to help explain your problem.
73+
**Please redact sensitive information** such as user content or personal
74+
details before uploading. Do not share content that violates GitHub’s
75+
[acceptable use policies](https://docs.github.com/en/site-policy/acceptable-use-policies).
76+
validations:
77+
required: false
78+
79+
- type: checkboxes
80+
id: checklist
81+
attributes:
82+
label: Checklist
83+
description: >
84+
Make sure you’ve completed each step and reviewed the
85+
[Code of Conduct](https://github.com/roostorg/.github/blob/main/CODE_OF_CONDUCT.md)
86+
before submitting.
87+
options:
88+
- label: I’ve reviewed and agree to follow the code of conduct
89+
required: true

.github/ISSUE_TEMPLATE/config.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
blank_issues_enabled: false # maintainers can still file blank issues for convenience
2+
contact_links:
3+
- name: Discuss Coop
4+
about: 'See previously-asked questions and existing discussions about Coop, or start your own'
5+
url: https://github.com/roostorg/coop/discussions
6+
7+
- name: Chat with contributors
8+
about: 'Join the #coop channel on the ROOST Discord server'
9+
url: https://discord.gg/2r7uUqvsut

.github/ISSUE_TEMPLATE/feature.yml

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
name: Request a feature
2+
description: An idea or new functionality
3+
type: feature
4+
body:
5+
- type: markdown
6+
attributes:
7+
value: >
8+
Thanks for taking the time to request a feature for Coop! **Please
9+
provide as much detail as you can** so we can fully understand, triage,
10+
address your request.
11+
12+
- type: textarea
13+
id: problem
14+
attributes:
15+
label: Problem being solved
16+
description: >
17+
What is the underlying thing you’re hoping is addressed by this feature?
18+
placeholder: Our organization requires…
19+
validations:
20+
required: true
21+
22+
- type: textarea
23+
id: proposal
24+
attributes:
25+
label: Proposed solution
26+
description: >
27+
How do you imagine this feature would look or work?
28+
placeholder: On the Review Console page, there should be…
29+
validations:
30+
required: true
31+
32+
- type: textarea
33+
id: alternatives
34+
attributes:
35+
label: Alternatives considered
36+
description: >
37+
What other possible solutions or features have you considered that would
38+
address this?
39+
placeholder: Admins could set this behavior, but…
40+
validations:
41+
required: true
42+
43+
- type: textarea
44+
id: extra
45+
attributes:
46+
label: Anything else
47+
description: >
48+
Share any other information that could be helpful in understanding,
49+
triaging, or addressing your request.
50+
validations:
51+
required: false
52+
53+
- type: upload
54+
id: screenshots
55+
attributes:
56+
label: Screenshots
57+
description: >
58+
If applicable, add screenshots or designs to help explain your request.
59+
**Please redact sensitive information** such as user content or personal
60+
details before uploading. Do not share content that violates GitHub’s
61+
[acceptable use policies](https://docs.github.com/en/site-policy/acceptable-use-policies).
62+
validations:
63+
required: false
64+
65+
- type: checkboxes
66+
id: checklist
67+
attributes:
68+
label: Checklist
69+
description: >
70+
Make sure you’ve completed each step and reviewed the
71+
[Code of Conduct](https://github.com/roostorg/.github/blob/main/CODE_OF_CONDUCT.md)
72+
before submitting.
73+
options:
74+
- label: I’ve reviewed and agree to follow the code of conduct
75+
required: true

0 commit comments

Comments
 (0)