Skip to content

fix(examples): harden runnable example flows#770

Merged
cssbruno merged 1 commit into
mainfrom
codex/example-hardening
Jun 27, 2026
Merged

fix(examples): harden runnable example flows#770
cssbruno merged 1 commit into
mainfrom
codex/example-hardening

Conversation

@cssbruno

@cssbruno cssbruno commented Jun 27, 2026
edited
Loading

Copy link
Copy Markdown
Owner

Summary

Fixes #765.
Fixes #766.
Fixes #767.
Fixes #768.
Fixes #769.

This updates the runnable examples so copied example code does not carry unsafe auth defaults, points the examples inventory at real runnable sources, and makes the parser fuzz smoke deterministic enough for CI.

Changes

  • Require GOWDK_FLAGSHIP_SECRET for flagship session signing and fail closed when it is missing.
  • Require GOWDK_FLAGSHIP_PASSWORD instead of accepting a hardcoded demo password fallback.
  • Remove the prefilled flagship password input while keeping demo credentials in the README.
  • Update the flagship README, Makefile serve target, and native learning path so the documented serve commands include the required flagship secret and password values.
  • Normalize the flagship example config and Makefile around the example project root so cd examples/flagship && make build works.
  • Update the flagship generated-app hook to import the current runtime rate limiter package.
  • Add focused flagship login tests for missing secret, missing password, and successful signed-session creation.
  • Simplify the i18n example completeness check to key-only references instead of hand-maintained file/line metadata.
  • Split CSS, Tailwind, and SEO example inventory rows so Tailwind and SEO point at their runnable .gwdk pages, keep the Tailwind example config project-relative, and document that Tailwind build requires the external tailwindcss executable.
  • Change the parser fuzz smoke from a short wall-clock deadline to GOWDK_FUZZTIME=1000x, avoiding intermittent context deadline exceeded failures while still exercising FuzzParseSyntax.

Validation

  • scripts/test-parser-fuzz.sh
  • go test ./examples/flagship/src/app
  • go test ./examples/i18n
  • go test ./runtime/ratelimit
  • cd examples/flagship && make clean && make build
  • go run ./cmd/gowdk build --config examples/i18n/gowdk.config.go --out /tmp/gowdk-i18n-build-pr2 examples/i18n/*.gwdk
  • go run ./cmd/gowdk build --config examples/seo/gowdk.config.go --out /tmp/gowdk-seo-build-pr2 examples/seo/*.gwdk
  • go run ./cmd/gowdk check --config examples/tailwind/gowdk.config.go examples/tailwind/site.page.gwdk
  • scripts/check-docs-style.sh
  • scripts/check-docs-links.sh

Note: the full Tailwind build still requires the external tailwindcss CLI on PATH; the source check passes without that optional tool.

@github-actions github-actions Bot added the examples Examples and sample applications label Jun 27, 2026
@cssbruno cssbruno changed the title [codex] Fix example auth and smoke paths fix(examples): harden auth and smoke paths Jun 27, 2026
@cssbruno cssbruno force-pushed the codex/example-hardening branch from ade4ab6 to d7932fc Compare June 27, 2026 11:10
@cssbruno cssbruno marked this pull request as ready for review June 27, 2026 11:12
@cssbruno cssbruno force-pushed the codex/example-hardening branch from d7932fc to 52d4de9 Compare June 27, 2026 11:16
@github-actions github-actions Bot added ops Operations, release, deployment, and CI hardening docs Documentation work labels Jun 27, 2026
@cssbruno cssbruno changed the title fix(examples): harden auth and smoke paths fix: harden examples and stabilize fuzz smoke Jun 27, 2026
@cssbruno cssbruno marked this pull request as draft June 27, 2026 11:17
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 27, 2026
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d7932fc945

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread examples/flagship/src/app/app.go
Comment on lines +27 to +28
if len(sessionSecret()) == 0 {
return response.RedirectTo("/?login=failed"), nil

@chatgpt-codex-connector chatgpt-codex-connector Bot Jun 27, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep the learning-path serve command valid

With this new secret requirement, the run command still shown in docs/learning/native.md:184 starts the flagship binary with only GOWDK_CSRF_SECRET. Following that documented path leaves GOWDK_FLAGSHIP_SECRET empty, so every login redirects to /?login=failed and readers cannot exercise the protected dashboard; please update that command to include the new required flagship secret/password values or reuse the README command.

Useful? React with 👍 / 👎.

@cssbruno cssbruno marked this pull request as ready for review June 27, 2026 11:40
@cssbruno cssbruno force-pushed the codex/example-hardening branch from 52d4de9 to 78c2756 Compare June 27, 2026 11:46
@cssbruno cssbruno changed the title fix: harden examples and stabilize fuzz smoke fix(examples): harden runnable example flows Jun 27, 2026
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 27, 2026
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 52d4de9753

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread examples/README.md
| Contracts and realtime | `examples/contracts/` | `go run ./cmd/gowdk build --config examples/contracts/gowdk.config.go --out /tmp/gowdk-contracts-build --app /tmp/gowdk-contracts-app --bin /tmp/gowdk-contracts-site examples/contracts/patients.page.gwdk` |
| CSS and Tailwind | `examples/css/`, `examples/tailwind/` | `go run ./cmd/gowdk build --config examples/css/gowdk.config.go --out /tmp/gowdk-css-build examples/css/styled.page.gwdk` |
| CSS | `examples/css/` | `go run ./cmd/gowdk build --config examples/css/gowdk.config.go --out /tmp/gowdk-css-build examples/css/styled.page.gwdk` |
| Tailwind | `examples/tailwind/` | `go run ./cmd/gowdk build --config examples/tailwind/gowdk.config.go --out /tmp/gowdk-tailwind-build examples/tailwind/site.page.gwdk` |

@chatgpt-codex-connector chatgpt-codex-connector Bot Jun 27, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Fix the Tailwind example build command

When a reader has tailwindcss installed and runs this newly documented root command, the project helper executes the build from examples/tailwind, while the config still sets the Tailwind input to examples/tailwind/app.css. The generated Tailwind input therefore imports examples/tailwind/examples/tailwind/app.css, which does not exist, so the build fails before producing the example output; either make the config input project-relative or document a command that matches the existing config.

Useful? React with 👍 / 👎.

@cssbruno cssbruno force-pushed the codex/example-hardening branch from 78c2756 to 6fa6c99 Compare June 27, 2026 11:57
@cssbruno cssbruno merged commit d3b8c78 into main Jun 27, 2026
41 checks passed
@cssbruno cssbruno deleted the codex/example-hardening branch June 27, 2026 12:19
@cssbruno cssbruno mentioned this pull request Jun 27, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

docs Documentation work examples Examples and sample applications ops Operations, release, deployment, and CI hardening

Projects

None yet

Milestone

No milestone

1 participant

@cssbruno