feat(jobs): polish job creation wizard#207
Merged
Merged
Conversation
- Create a new script `test-step3.js` to automate the testing of the sign-in page. - Launch Chromium browser with specific arguments and set viewport size. - Navigate to the sign-in page and take a screenshot. - Log input types and placeholders for all input fields on the page. - Handle errors gracefully by logging them to the console.
|
🚅 Deployed to the reqcore-pr-207 environment in applirank
|
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughIntroduces phone requirement support throughout the stack (database, API, composables), builds a reusable application form component suite (form body, live preview, recruiter editor), integrates them into recruiter dashboard and candidate apply pages, adds a draft preview page, refactors Create Job wizard Steps 1/3/4 and dashboard layout, and hardens E2E tests with analytics consent handling and auth robustness improvements. ChangesApplication Form Builder with Phone Requirement
E2E Testing Infrastructure – Analytics Consent and Auth Hardening
Estimated code review effort🎯 4 (Complex) | ⏱️ ~80 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (4)
app/pages/dashboard/jobs/new.vue (1)
115-115: 💤 Low value
aiScoringChosenis declared but never assigned a value.This ref is persisted (line 310), restored (line 328), reset (line 361), and watched (line 380), but is never set to
trueanywhere in the component. This is dead state that adds unnecessary storage and watcher overhead.Either remove it entirely, or wire it up where scoring is actually chosen (e.g., in
useRecommendedScoringor when criteria are loaded).🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@app/pages/dashboard/jobs/new.vue` at line 115, The `aiScoringChosen` ref is declared but never assigned to `true` anywhere in the component, creating dead state with unnecessary storage and watcher overhead. Either completely remove the `aiScoringChosen` ref declaration along with all its usages in the persist call, restore logic, reset call, and watch callback, or wire it up by setting it to `true` in the appropriate location where scoring is actually chosen, such as within the `useRecommendedScoring` function or when criteria are loaded into the component.test-step3.js (3)
12-12: 💤 Low valueConsider making the base URL configurable.
The hardcoded
http://localhost:3000assumes the dev server is running on port 3000. Using an environment variable would make the script more flexible for different port configurations.📝 Optional improvement
- await page.goto('http://localhost:3000/auth/sign-in'); + const baseUrl = process.env.BASE_URL || 'http://localhost:3000'; + await page.goto(`${baseUrl}/auth/sign-in`);🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test-step3.js` at line 12, The page.goto() method call contains a hardcoded base URL of http://localhost:3000 which limits flexibility for different port configurations. Extract the base URL into an environment variable by replacing the hardcoded string with a reference to process.env (e.g., process.env.BASE_URL or similar) and provide a sensible default fallback value like http://localhost:3000 if the environment variable is not set. This will allow the script to work with different server configurations without code changes.
26-26: 💤 Low valueConsider more robust error logging.
Logging only
e.messagewill displayundefinedif the thrown error doesn't have amessageproperty. While uncommon, logging the full error provides better debugging information.🐛 Suggested improvement
-})().catch(e => { console.error(e.message); process.exit(1); }); +})().catch(e => { console.error(e instanceof Error ? e.message : String(e)); process.exit(1); });Or log the full error for debugging:
-})().catch(e => { console.error(e.message); process.exit(1); }); +})().catch(e => { console.error('Script failed:', e); process.exit(1); });🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test-step3.js` at line 26, In the .catch() error handler, replace the console.error call that logs only e.message with logging the full error object e instead. The current approach of logging e.message can result in undefined being logged if the thrown error doesn't have a message property, making debugging difficult. By logging the complete error object, you ensure all relevant error details are captured regardless of the error's structure.
14-14: ⚡ Quick winMisleading script and screenshot naming.
The filename
test-step3.jsand screenshot pathstep3-01-signin.pngsuggest this script tests Step 3 of the job wizard, but it actually debugs the sign-in page. According to the stack context, Step 3 is the candidate scoring flow, not authentication.📝 Suggested naming
Rename the file and update the screenshot path to reflect the actual purpose:
Option 1 (if this is a general debug script):
- Rename file:
test-step3.js→debug-signin-page.js- Update screenshot path:
step3-01-signin.png→debug-signin-page.pngOption 2 (if this is part of a larger e2e flow):
- Rename file:
test-step3.js→debug-e2e-flow.js- Update screenshot path:
step3-01-signin.png→e2e-01-signin.png- await page.screenshot({ path: '/tmp/step3-01-signin.png' }); + await page.screenshot({ path: '/tmp/debug-signin-page.png' });🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test-step3.js` at line 14, The file test-step3.js and the screenshot path step3-01-signin.png suggest the script tests Step 3 of a wizard (candidate scoring), but it actually debugs the sign-in page authentication flow. Rename the file from test-step3.js to a more accurate name that reflects it debugs sign-in functionality (such as debug-signin-page.js or debug-e2e-flow.js depending on its actual purpose), and update the screenshot path from /tmp/step3-01-signin.png to /tmp/debug-signin-page.png or /tmp/e2e-01-signin.png to align with the new file name and the script's actual functionality.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@app/pages/dashboard/jobs/new.vue`:
- Around line 1378-1380: The click handler in the template is setting
scoringMode to 'ai' synchronously before generateAiCriteria() completes, which
causes inconsistent UI state if the function returns early or fails. Since
generateAiCriteria() already sets scoringMode = 'ai' on line 224 after a
successful fetch, remove the redundant scoringMode = 'ai' assignment from the
`@click` handler and keep only the generateAiCriteria() call. This ensures the
state only changes when the operation actually succeeds.
In `@test-step3.js`:
- Around line 4-7: The chromium.launch() call hardcodes the executablePath to a
Linux-specific path which breaks cross-platform compatibility on macOS and
Windows. Remove the hardcoded executablePath property entirely to allow
Playwright to automatically detect the installed Chrome/Chromium on any
platform, or if a specific path is required for containerized environments,
replace the hardcoded string with a reference to an environment variable that
can be configured per deployment environment.
- Around line 4-25: The browser resource acquired from chromium.launch() is not
guaranteed to be closed if an error occurs before reaching browser.close() on
line 25, causing a zombie Chrome process to persist. Refactor this code to use a
try-finally block where the browser initialization and all page interactions are
in the try block, and browser.close() is placed in the finally block to ensure
the browser is always closed regardless of whether an error occurs during
execution.
- Around line 5-6: The args array in the Playwright launch configuration
contains '--no-sandbox' and '--disable-setuid-sandbox' flags that are not
necessary for the automated test suite. Since test-step3.js is a manual debug
script, either remove these flags entirely, or make them conditional by checking
for an environment variable (such as DEBUG_SANDBOX_DISABLED) and only adding
them to the args array when that variable is set. If you choose to keep them
conditional, ensure you add a comment explaining why they might be needed in a
specific local environment.
---
Nitpick comments:
In `@app/pages/dashboard/jobs/new.vue`:
- Line 115: The `aiScoringChosen` ref is declared but never assigned to `true`
anywhere in the component, creating dead state with unnecessary storage and
watcher overhead. Either completely remove the `aiScoringChosen` ref declaration
along with all its usages in the persist call, restore logic, reset call, and
watch callback, or wire it up by setting it to `true` in the appropriate
location where scoring is actually chosen, such as within the
`useRecommendedScoring` function or when criteria are loaded into the component.
In `@test-step3.js`:
- Line 12: The page.goto() method call contains a hardcoded base URL of
http://localhost:3000 which limits flexibility for different port
configurations. Extract the base URL into an environment variable by replacing
the hardcoded string with a reference to process.env (e.g., process.env.BASE_URL
or similar) and provide a sensible default fallback value like
http://localhost:3000 if the environment variable is not set. This will allow
the script to work with different server configurations without code changes.
- Line 26: In the .catch() error handler, replace the console.error call that
logs only e.message with logging the full error object e instead. The current
approach of logging e.message can result in undefined being logged if the thrown
error doesn't have a message property, making debugging difficult. By logging
the complete error object, you ensure all relevant error details are captured
regardless of the error's structure.
- Line 14: The file test-step3.js and the screenshot path step3-01-signin.png
suggest the script tests Step 3 of a wizard (candidate scoring), but it actually
debugs the sign-in page authentication flow. Rename the file from test-step3.js
to a more accurate name that reflects it debugs sign-in functionality (such as
debug-signin-page.js or debug-e2e-flow.js depending on its actual purpose), and
update the screenshot path from /tmp/step3-01-signin.png to
/tmp/debug-signin-page.png or /tmp/e2e-01-signin.png to align with the new file
name and the script's actual functionality.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: b16e8b7f-7c2d-408e-958c-f8b862e8cd5f
📒 Files selected for processing (2)
app/pages/dashboard/jobs/new.vuetest-step3.js
JoachimLK
changed the title
… logic; add debug sign-in page script
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/e2e-tests.yml (1)
69-77:⚠️ Potential issue | 🟠 MajorPin MinIO image to a specific version instead of
latest.Line 77 uses a floating
latesttag, which breaks reproducibility and can unexpectedly change behavior or security posture between CI runs. Pin to a specific version or digest.Suggested fix
- minio/minio:latest server /data + minio/minio:REPLACE_WITH_PINNED_VERSION server /data +# or (preferred): +# minio/minio@sha256:REPLACE_WITH_DIGEST server /data🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/e2e-tests.yml around lines 69 - 77, The MinIO Docker image reference in the "Start MinIO" step uses the floating `latest` tag, which compromises reproducibility and consistency across CI runs. Replace the `minio/minio:latest` image reference with a specific version tag (such as `minio/minio:RELEASE.2024-01-15T01-26-29Z` or another stable release version) to ensure predictable and reproducible builds.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/e2e-tests.yml:
- Around line 52-57: Replace the mutable version tags in the GitHub Actions with
pinned commit SHAs for both the Checkout action (line 52-53) and the Setup
Node.js action (line 56). For the Checkout action specifically, add
`persist-credentials: false` in the with section to prevent the GITHUB_TOKEN
from being stored in git config, which reduces the risk of credential exposure
through artifact uploads in subsequent workflow steps.
In `@debug-signin-page.js`:
- Line 24: The screenshot path in the page.screenshot() call is hardcoded to
/tmp/debug-signin-page.png, which is not portable to Windows and other systems.
Replace this hardcoded path with a platform-independent solution using the os
module's tmpdir() function combined with the path module's join() function to
construct the path. This will ensure the screenshot is written to the correct
temporary directory regardless of the operating system.
---
Outside diff comments:
In @.github/workflows/e2e-tests.yml:
- Around line 69-77: The MinIO Docker image reference in the "Start MinIO" step
uses the floating `latest` tag, which compromises reproducibility and
consistency across CI runs. Replace the `minio/minio:latest` image reference
with a specific version tag (such as `minio/minio:RELEASE.2024-01-15T01-26-29Z`
or another stable release version) to ensure predictable and reproducible
builds.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 6ddd9aa1-0d71-4fd9-9a6e-c8d490b6ac24
📒 Files selected for processing (3)
.github/workflows/e2e-tests.ymlapp/pages/dashboard/jobs/new.vuedebug-signin-page.js
Comment on lines
+52
to
+57
| - name: Checkout | ||
| uses: actions/checkout@v6 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v6 | ||
| with: |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n .github/workflows/e2e-tests.yml | head -80Repository: reqcore-inc/reqcore
Length of output: 2807
🌐 Web query:
GitHub Actions security best practices pin actions by SHA persist-credentials false
💡 Result:
To harden your GitHub Actions workflows, implementing both SHA pinning and the persist-credentials: false setting are standard security best practices [1][2][3]. Pinning Actions by SHA Pinning an action to a full-length commit SHA is considered the most secure way to reference actions [1][2]. Unlike tags or branch names (e.g., v4, main), which are mutable and can be force-updated to point to malicious code by an attacker who compromises the action's repository, a commit SHA is cryptographically immutable [1][4][5]. - Implementation: Reference the action using its 40-character commit hash: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 [4][6]. - Governance: You can enforce this practice across your organization or repository using GitHub Actions policy settings, which allow administrators to mandate SHA pinning [1][7]. Using persist-credentials: false By default, the actions/checkout action stores the GITHUB_TOKEN in the local .git/config file to enable subsequent git commands [8][6]. This makes the token accessible to any step in your job, increasing the risk of credential theft if a dependency or script in your workflow is compromised [3][9][10]. - Implementation: Explicitly set persist-credentials: false in your checkout step if your workflow does not require git push or authenticated git operations [3][10][6]: yaml - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 with: persist-credentials: false - Use Case: If a job needs to perform git operations, evaluate whether you can isolate that task into a separate, restricted job or use a more granular authentication method [10][5]. Always follow the principle of least privilege by setting appropriate permissions at the workflow or job level [11][12][5].
Citations:
- 1: https://docs.github.com/en/actions/reference/security/secure-use
- 2: https://www.stepsecurity.io/blog/pinning-github-actions-for-enhanced-security-a-complete-guide
- 3: https://cheatsheetseries.owasp.org/cheatsheets/GitHub_Actions_Security_Cheat_Sheet.html
- 4: https://github.com/kubernetes/community/blob/main/github-management/github-actions-policy.md
- 5: https://caaslabs.com/resources/github-actions-security-hardening
- 6: https://adaptive-enforcement-lab.com/secure/github-actions-security/third-party-actions/common-actions/
- 7: https://github.blog/changelog/2025-08-15-github-actions-policy-now-supports-blocking-and-sha-pinning-actions/
- 8: https://github.com/actions/checkout
- 9: https://github.com/suzuki-shunsuke/ghalint/blob/main/docs/policies/013.md
- 10: Add persist-credentials: false to GitHub Actions checkout steps aquasecurity/trivy#10305
- 11: https://github.com/github/docs/blob/main/content/actions/reference/security/secure-use.md
- 12: https://devopsil.com/articles/2026-03-22-github-actions-security-hardening
🏁 Script executed:
grep -n "upload\|artifact" .github/workflows/e2e-tests.ymlRepository: reqcore-inc/reqcore
Length of output: 265
Pin GitHub Actions by commit SHA and disable credential persistence in checkout.
Lines 53 and 56 use mutable tags (@v6), and line 52 does not set persist-credentials: false. This weakens supply-chain integrity; the GITHUB_TOKEN persisted in git config is accessible to any workflow step and risks exposure through artifact uploads (lines 111, 119).
Suggested hardening diff
- name: Checkout
- uses: actions/checkout@v6
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+ with:
+ persist-credentials: false
- name: Setup Node.js
- uses: actions/setup-node@v6
+ uses: actions/setup-node@8f152de45cc393bb48ce5d6f9a02fee1e4b622f4
with:
node-version: 22.22
cache: npm📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d6f9a02fee1e4b622f4 | |
| with: | |
| node-version: 22.22 | |
| cache: npm |
🧰 Tools
🪛 zizmor (1.25.2)
[warning] 52-53: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
[error] 53-53: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
[error] 56-56: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/e2e-tests.yml around lines 52 - 57, Replace the mutable
version tags in the GitHub Actions with pinned commit SHAs for both the Checkout
action (line 52-53) and the Setup Node.js action (line 56). For the Checkout
action specifically, add `persist-credentials: false` in the with section to
prevent the GITHUB_TOKEN from being stored in git config, which reduces the risk
of credential exposure through artifact uploads in subsequent workflow steps.
Source: Linters/SAST tools
…s for candidate application preview and submission
There was a problem hiding this comment.
Actionable comments posted: 5
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@app/components/ApplicationBuilder.vue`:
- Around line 177-216: The functions moveQuestion, setRequireResume, and
setRequireCoverLetter dispatch operations without serialization, allowing rapid
clicks to send overlapping requests that can result in stale persisted state.
Implement a serialization mechanism (such as a promise queue or in-flight flag)
to ensure that only one operation executes at a time. For moveQuestion, await
the runOp call before returning. For setRequireResume and setRequireCoverLetter,
ensure the promise chain is properly queued so that subsequent calls wait for
the previous operation to complete before executing their own runOp call.
- Around line 222-237: The handleEditField function currently has no behavior
for the personal field types (name, email, phone), which causes a dead action
when users click on these fields in preview mode even though they appear
clickable. Add a new condition before the final comment to handle when the field
is one of these three personal fields, and scroll to the personal information
section using an anchor ref (similar to how documentsAnchor is used for resume
and coverLetter, and questionsAnchor is used for questions). Create or reference
a personalInfoAnchor to enable smooth scrolling to the personal fields editing
area.
In `@app/components/ApplicationBuilderPreview.vue`:
- Around line 142-144: The v-for loop in ApplicationBuilderPreview.vue that
iterates over metadata is using item.label as the key, which is not guaranteed
to be unique since different metadata items can have the same label (like
"Remote" for both location and remote status). Replace the :key binding from
item.label with a unique identifier that combines the index and label, or use a
truly unique property from the item object if available, to ensure stable list
patching and prevent rendering issues.
In `@app/pages/dashboard/jobs/`[id]/application-form.vue:
- Around line 58-71: The `BuilderQuestion` type definition does not match the
`ApplicationBuilder` component's contract. Update the type definition to change
the `type` field from `string` to `QuestionType` to match the expected enum
type. Additionally, make the optional fields `description` and `options`
required fields that accept null values by removing the optional `?` operator
and keeping the `| null` part, so they become `description: string | null` and
`options: string[] | null` respectively. This ensures the `builderModel` shape
aligns with what the `ApplicationBuilder` component expects when the model is
bound to it.
In `@e2e/critical-flows/job-creation.spec.ts`:
- Around line 23-24: The test function verifies the public candidate application
form using the authenticatedPage context which represents a recruiter session.
This can mask candidate-specific rendering differences and produce false
positives. Replace the authenticatedPage usage in the assertions around lines
126-132 that verify the public /apply form with an unauthenticated page context.
Create a new unauthenticated context (typically available in the test framework
for accessing pages without authentication) and use it specifically for those
public form assertions to accurately test how a candidate would experience the
application form.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: b565d911-777e-41a6-ae7b-bc15c6be05f3
📒 Files selected for processing (13)
app/components/ApplicationBuilder.vueapp/components/ApplicationBuilderPreview.vueapp/components/ApplicationFormBody.vueapp/components/JobQuestions.vueapp/layouts/dashboard.vueapp/pages/dashboard/jobs/[id]/application-form.vueapp/pages/dashboard/jobs/new.vueapp/pages/jobs/[slug]/apply.vuee2e/critical-flows/candidate-application.spec.tse2e/critical-flows/job-creation.spec.tse2e/critical-flows/resume-upload.spec.tse2e/critical-flows/source-tracking.spec.tse2e/fixtures.ts
💤 Files with no reviewable changes (1)
- app/components/JobQuestions.vue
Comment on lines
+177
to
+216
| function moveQuestion(index: number, direction: 'up' | 'down') { | ||
| const list = model.value.questions | ||
| const target = direction === 'up' ? index - 1 : index + 1 | ||
| if (target < 0 || target >= list.length) return | ||
| if (props.operations) { | ||
| // Compute the post-swap order and persist; the parent syncs the model back. | ||
| const reordered = [...list] | ||
| ;[reordered[index], reordered[target]] = [reordered[target]!, reordered[index]!] | ||
| const order = reordered.map((q, i) => ({ id: q.id, displayOrder: i })) | ||
| runOp(() => props.operations!.reorderQuestions(order)) | ||
| return | ||
| } | ||
| ;[list[index], list[target]] = [list[target]!, list[index]!] | ||
| } | ||
|
|
||
| function setRequireResume(value: boolean) { | ||
| if (model.value.requireResume === value) return | ||
| if (props.operations) { | ||
| const prev = model.value.requireResume | ||
| model.value.requireResume = value | ||
| runOp(() => props.operations!.setRequireResume(value)).then((ok) => { | ||
| if (!ok) model.value.requireResume = prev | ||
| }) | ||
| return | ||
| } | ||
| model.value.requireResume = value | ||
| } | ||
|
|
||
| function setRequireCoverLetter(value: boolean) { | ||
| if (model.value.requireCoverLetter === value) return | ||
| if (props.operations) { | ||
| const prev = model.value.requireCoverLetter | ||
| model.value.requireCoverLetter = value | ||
| runOp(() => props.operations!.setRequireCoverLetter(value)).then((ok) => { | ||
| if (!ok) model.value.requireCoverLetter = prev | ||
| }) | ||
| return | ||
| } | ||
| model.value.requireCoverLetter = value | ||
| } |
There was a problem hiding this comment.
Serialize mutation ops to prevent out-of-order persisted state.
Line 177 onward dispatches reorder/toggle writes without an in-flight guard, and moveQuestion does not await runOp. Rapid clicks can send overlapping requests and leave persisted order/requirements in a stale state.
Suggested fix
-function moveQuestion(index: number, direction: 'up' | 'down') {
+async function moveQuestion(index: number, direction: 'up' | 'down') {
+ if (busy.value) return
const list = model.value.questions
const target = direction === 'up' ? index - 1 : index + 1
if (target < 0 || target >= list.length) return
if (props.operations) {
// Compute the post-swap order and persist; the parent syncs the model back.
const reordered = [...list]
;[reordered[index], reordered[target]] = [reordered[target]!, reordered[index]!]
const order = reordered.map((q, i) => ({ id: q.id, displayOrder: i }))
- runOp(() => props.operations!.reorderQuestions(order))
+ await runOp(() => props.operations!.reorderQuestions(order))
return
}
;[list[index], list[target]] = [list[target]!, list[index]!]
}
-function setRequireResume(value: boolean) {
+async function setRequireResume(value: boolean) {
+ if (busy.value) return
if (model.value.requireResume === value) return
if (props.operations) {
const prev = model.value.requireResume
model.value.requireResume = value
- runOp(() => props.operations!.setRequireResume(value)).then((ok) => {
- if (!ok) model.value.requireResume = prev
- })
+ const ok = await runOp(() => props.operations!.setRequireResume(value))
+ if (!ok) model.value.requireResume = prev
return
}
model.value.requireResume = value
}
-function setRequireCoverLetter(value: boolean) {
+async function setRequireCoverLetter(value: boolean) {
+ if (busy.value) return
if (model.value.requireCoverLetter === value) return
if (props.operations) {
const prev = model.value.requireCoverLetter
model.value.requireCoverLetter = value
- runOp(() => props.operations!.setRequireCoverLetter(value)).then((ok) => {
- if (!ok) model.value.requireCoverLetter = prev
- })
+ const ok = await runOp(() => props.operations!.setRequireCoverLetter(value))
+ if (!ok) model.value.requireCoverLetter = prev
return
}
model.value.requireCoverLetter = value
}🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@app/components/ApplicationBuilder.vue` around lines 177 - 216, The functions
moveQuestion, setRequireResume, and setRequireCoverLetter dispatch operations
without serialization, allowing rapid clicks to send overlapping requests that
can result in stale persisted state. Implement a serialization mechanism (such
as a promise queue or in-flight flag) to ensure that only one operation executes
at a time. For moveQuestion, await the runOp call before returning. For
setRequireResume and setRequireCoverLetter, ensure the promise chain is properly
queued so that subsequent calls wait for the previous operation to complete
before executing their own runOp call.
Comment on lines
+222
to
+237
| function handleEditField(field: string) { | ||
| if (field === 'resume' || field === 'coverLetter') { | ||
| documentsAnchor.value?.scrollIntoView({ behavior: 'smooth', block: 'center' }) | ||
| return | ||
| } | ||
| if (field.startsWith('question:')) { | ||
| const id = field.slice('question:'.length) | ||
| const q = model.value.questions.find((qq) => qq.id === id) | ||
| if (q) { | ||
| startEdit(q) | ||
| nextTick(() => questionsAnchor.value?.scrollIntoView({ behavior: 'smooth', block: 'center' })) | ||
| } | ||
| return | ||
| } | ||
| // name / email / phone are mandatory, fixed fields — nothing to edit. | ||
| } |
There was a problem hiding this comment.
Preview clicks for personal fields currently lead to a dead action.
ApplicationFormBody emits edit-field for name, email, and phone in preview mode, but this handler intentionally no-ops for those values. The preview still shows clickable affordance, so this feels broken to users.
Suggested fix (scroll to personal info section)
const questionsAnchor = ref<HTMLElement | null>(null)
const documentsAnchor = ref<HTMLElement | null>(null)
+const personalInfoAnchor = ref<HTMLElement | null>(null)
/** Clicking a field in the preview jumps to (and opens) its editor on the left. */
function handleEditField(field: string) {
+ if (field === 'name' || field === 'email' || field === 'phone') {
+ personalInfoAnchor.value?.scrollIntoView({ behavior: 'smooth', block: 'center' })
+ return
+ }
if (field === 'resume' || field === 'coverLetter') {
documentsAnchor.value?.scrollIntoView({ behavior: 'smooth', block: 'center' })
return
}
if (field.startsWith('question:')) {
@@
- // name / email / phone are mandatory, fixed fields — nothing to edit.
}- <div>
+ <div ref="personalInfoAnchor">
<h2 class="text-base font-semibold text-surface-900 dark:text-surface-100 pb-3 border-b border-surface-100 dark:border-surface-800">Personal information</h2>📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| function handleEditField(field: string) { | |
| if (field === 'resume' || field === 'coverLetter') { | |
| documentsAnchor.value?.scrollIntoView({ behavior: 'smooth', block: 'center' }) | |
| return | |
| } | |
| if (field.startsWith('question:')) { | |
| const id = field.slice('question:'.length) | |
| const q = model.value.questions.find((qq) => qq.id === id) | |
| if (q) { | |
| startEdit(q) | |
| nextTick(() => questionsAnchor.value?.scrollIntoView({ behavior: 'smooth', block: 'center' })) | |
| } | |
| return | |
| } | |
| // name / email / phone are mandatory, fixed fields — nothing to edit. | |
| } | |
| function handleEditField(field: string) { | |
| if (field === 'name' || field === 'email' || field === 'phone') { | |
| personalInfoAnchor.value?.scrollIntoView({ behavior: 'smooth', block: 'center' }) | |
| return | |
| } | |
| if (field === 'resume' || field === 'coverLetter') { | |
| documentsAnchor.value?.scrollIntoView({ behavior: 'smooth', block: 'center' }) | |
| return | |
| } | |
| if (field.startsWith('question:')) { | |
| const id = field.slice('question:'.length) | |
| const q = model.value.questions.find((qq) => qq.id === id) | |
| if (q) { | |
| startEdit(q) | |
| nextTick(() => questionsAnchor.value?.scrollIntoView({ behavior: 'smooth', block: 'center' })) | |
| } | |
| return | |
| } | |
| } |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@app/components/ApplicationBuilder.vue` around lines 222 - 237, The
handleEditField function currently has no behavior for the personal field types
(name, email, phone), which causes a dead action when users click on these
fields in preview mode even though they appear clickable. Add a new condition
before the final comment to handle when the field is one of these three personal
fields, and scroll to the personal information section using an anchor ref
(similar to how documentsAnchor is used for resume and coverLetter, and
questionsAnchor is used for questions). Create or reference a personalInfoAnchor
to enable smooth scrolling to the personal fields editing area.
Comment on lines
+142
to
+144
| v-for="item in metadata" | ||
| :key="item.label" | ||
| class="inline-flex items-center gap-1.5 rounded-full border border-surface-200 bg-surface-50 px-2.5 py-1 text-xs font-medium text-surface-600 dark:border-surface-700 dark:bg-surface-800 dark:text-surface-300" |
There was a problem hiding this comment.
Use a unique key for metadata pills.
item.label is not guaranteed unique (for example, location and remote status can both render "Remote"), which can cause unstable list patching.
Suggested fix
- <span
- v-for="item in metadata"
- :key="item.label"
+ <span
+ v-for="(item, index) in metadata"
+ :key="`${index}-${item.label}`"
class="inline-flex items-center gap-1.5 rounded-full border border-surface-200 bg-surface-50 px-2.5 py-1 text-xs font-medium text-surface-600 dark:border-surface-700 dark:bg-surface-800 dark:text-surface-300"
>📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| v-for="item in metadata" | |
| :key="item.label" | |
| class="inline-flex items-center gap-1.5 rounded-full border border-surface-200 bg-surface-50 px-2.5 py-1 text-xs font-medium text-surface-600 dark:border-surface-700 dark:bg-surface-800 dark:text-surface-300" | |
| v-for="(item, index) in metadata" | |
| :key="`${index}-${item.label}`" | |
| class="inline-flex items-center gap-1.5 rounded-full border border-surface-200 bg-surface-50 px-2.5 py-1 text-xs font-medium text-surface-600 dark:border-surface-700 dark:bg-surface-800 dark:text-surface-300" |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@app/components/ApplicationBuilderPreview.vue` around lines 142 - 144, The
v-for loop in ApplicationBuilderPreview.vue that iterates over metadata is using
item.label as the key, which is not guaranteed to be unique since different
metadata items can have the same label (like "Remote" for both location and
remote status). Replace the :key binding from item.label with a unique
identifier that combines the index and label, or use a truly unique property
from the item object if available, to ensure stable list patching and prevent
rendering issues.
Comment on lines
+58
to
+71
| type BuilderQuestion = { | ||
| id: string | ||
| label: string | ||
| type: string | ||
| description?: string | null | ||
| required: boolean | ||
| options?: string[] | null | ||
| } | ||
|
|
||
| // Sync with fetched job data | ||
| const builderModel = ref<{ | ||
| requireResume: boolean | ||
| requireCoverLetter: boolean | ||
| questions: BuilderQuestion[] | ||
| }>({ requireResume: false, requireCoverLetter: false, questions: [] }) |
There was a problem hiding this comment.
Align builderModel with ApplicationBuilder's ApplicationForm contract.
Type checking fails at Line 259 because the bound model shape is looser than the child component contract. builderModel uses type: string but ApplicationBuilder expects type: QuestionType; optional fields must be required with null fallback.
Suggested fix
type BuilderQuestion = {
id: string
label: string
- type: string
- description?: string | null
+ type: QuestionType
+ description: string | null
required: boolean
- options?: string[] | null
+ options: string[] | null
}
-const builderModel = ref<{
- requireResume: boolean
- requireCoverLetter: boolean
- questions: BuilderQuestion[]
-}>({ requireResume: false, requireCoverLetter: false, questions: [] })
+const builderModel = ref<ApplicationForm>({
+ requireResume: false,
+ requireCoverLetter: false,
+ questions: [],
+})
watch(jobQuestions, (qs) => {
- builderModel.value.questions = (qs ?? []).map((q: any) => ({
+ builderModel.value.questions = (qs ?? []).map((q) => ({
id: q.id,
label: q.label,
- type: q.type,
+ type: q.type as QuestionType,
description: q.description ?? null,
required: q.required,
options: q.options ?? null,
}))
}, { immediate: true })📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| type BuilderQuestion = { | |
| id: string | |
| label: string | |
| type: string | |
| description?: string | null | |
| required: boolean | |
| options?: string[] | null | |
| } | |
| // Sync with fetched job data | |
| const builderModel = ref<{ | |
| requireResume: boolean | |
| requireCoverLetter: boolean | |
| questions: BuilderQuestion[] | |
| }>({ requireResume: false, requireCoverLetter: false, questions: [] }) | |
| type BuilderQuestion = { | |
| id: string | |
| label: string | |
| type: QuestionType | |
| description: string | null | |
| required: boolean | |
| options: string[] | null | |
| } | |
| const builderModel = ref<ApplicationForm>({ | |
| requireResume: false, | |
| requireCoverLetter: false, | |
| questions: [], | |
| }) | |
| watch(jobQuestions, (qs) => { | |
| builderModel.value.questions = (qs ?? []).map((q) => ({ | |
| id: q.id, | |
| label: q.label, | |
| type: q.type as QuestionType, | |
| description: q.description ?? null, | |
| required: q.required, | |
| options: q.options ?? null, | |
| })) | |
| }, { immediate: true }) |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@app/pages/dashboard/jobs/`[id]/application-form.vue around lines 58 - 71, The
`BuilderQuestion` type definition does not match the `ApplicationBuilder`
component's contract. Update the type definition to change the `type` field from
`string` to `QuestionType` to match the expected enum type. Additionally, make
the optional fields `description` and `options` required fields that accept null
values by removing the optional `?` operator and keeping the `| null` part, so
they become `description: string | null` and `options: string[] | null`
respectively. This ensures the `builderModel` shape aligns with what the
`ApplicationBuilder` component expects when the model is bound to it.
Comment on lines
+23
to
24
| test('recruiter can configure the application form and publish a job', async ({ authenticatedPage }) => { | ||
| const page = authenticatedPage |
There was a problem hiding this comment.
Use an unauthenticated context for the published /apply assertions.
Line 126 currently verifies the public candidate form using authenticatedPage (recruiter session). That can hide candidate-only rendering differences and produce a false green.
Suggested adjustment
-test('recruiter can configure the application form and publish a job', async ({ authenticatedPage }) => {
+test('recruiter can configure the application form and publish a job', async ({ authenticatedPage, browser }) => {
const page = authenticatedPage
...
- await page.goto(`/jobs/${jobSlug}/apply`)
- await expect(page.getByLabel('Cover Letter')).toBeVisible()
- await expect(page.getByText('Resume / CV', { exact: false })).toHaveCount(0)
- const publishedQuestion = page.getByLabel(UPDATED_QUESTION_LABEL)
+ const candidateContext = await browser.newContext()
+ const candidatePage = await candidateContext.newPage()
+ await candidatePage.goto(`/jobs/${jobSlug}/apply`)
+ await expect(candidatePage.getByLabel('Cover Letter')).toBeVisible()
+ await expect(candidatePage.getByText('Resume / CV', { exact: false })).toHaveCount(0)
+ const publishedQuestion = candidatePage.getByLabel(UPDATED_QUESTION_LABEL)
await expect(publishedQuestion).toBeVisible()
await expect(publishedQuestion.getByRole('option', { name: 'Playwright' })).toHaveCount(1)
await expect(publishedQuestion.getByRole('option', { name: 'Cypress' })).toHaveCount(1)
+ await candidateContext.close()Also applies to: 126-132
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@e2e/critical-flows/job-creation.spec.ts` around lines 23 - 24, The test
function verifies the public candidate application form using the
authenticatedPage context which represents a recruiter session. This can mask
candidate-specific rendering differences and produce false positives. Replace
the authenticatedPage usage in the assertions around lines 126-132 that verify
the public /apply form with an unauthenticated page context. Create a new
unauthenticated context (typically available in the test framework for accessing
pages without authentication) and use it specifically for those public form
assertions to accurately test how a candidate would experience the application
form.
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
server/database/migrations/0029_wakeful_secret_warriors.sql (1)
1-1: ⚡ Quick winEnforce
phone_requirementdomain at the database layer.Right now this column accepts any text value. Adding a
CHECKconstraint keeps DB state aligned with the app/API enum contract.Proposed migration adjustment
-ALTER TABLE "job" ADD COLUMN "phone_requirement" text DEFAULT 'optional' NOT NULL; +ALTER TABLE "job" + ADD COLUMN "phone_requirement" text DEFAULT 'optional' NOT NULL, + ADD CONSTRAINT "job_phone_requirement_check" + CHECK ("phone_requirement" IN ('hidden', 'optional', 'required'));🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@server/database/migrations/0029_wakeful_secret_warriors.sql` at line 1, The migration adding the `phone_requirement` column to the `job` table lacks a CHECK constraint to enforce valid domain values at the database layer. Modify the ALTER TABLE statement to include a CHECK constraint on the `phone_requirement` column that restricts values to the valid enum options that match your app/API contract (for example, valid values like 'required', 'optional', 'preferred', etc.). This ensures the database enforces data integrity by rejecting invalid values rather than allowing any arbitrary text.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@app/pages/dashboard/jobs/preview.vue`:
- Around line 92-94: The closePreview function relies solely on window.close()
which can fail silently when the page is opened directly or blocked by browser
policy, leaving users stuck. Modify the closePreview function to add a fallback
mechanism: after calling window.close(), use router.back() or history.back() as
a fallback to navigate the user back to the previous page if the window close
operation fails to perform any navigation action. This ensures users can always
navigate away from the preview page regardless of how it was opened or browser
restrictions.
In `@server/database/schema/app.ts`:
- Line 67: The phoneRequirement column uses a text column with TypeScript-level
type enforcement via $type, which does not enforce the allowed values at the
database level in PostgreSQL. Replace the text column with a proper PostgreSQL
enum type by first creating an enum definition for the three allowed values
(hidden, optional, required) and then using that enum type for the
phoneRequirement column instead of text. This ensures that invalid values cannot
be inserted into the database, preventing the API/UI contract violations that
can occur when applying validation behavior in routes like
server/api/public/jobs/[slug]/apply.post.ts.
---
Nitpick comments:
In `@server/database/migrations/0029_wakeful_secret_warriors.sql`:
- Line 1: The migration adding the `phone_requirement` column to the `job` table
lacks a CHECK constraint to enforce valid domain values at the database layer.
Modify the ALTER TABLE statement to include a CHECK constraint on the
`phone_requirement` column that restricts values to the valid enum options that
match your app/API contract (for example, valid values like 'required',
'optional', 'preferred', etc.). This ensures the database enforces data
integrity by rejecting invalid values rather than allowing any arbitrary text.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 40682315-0db1-4536-bcbb-c3dde0297c67
📒 Files selected for processing (23)
app/components/ApplicationBuilder.vueapp/components/ApplicationBuilderPreview.vueapp/components/ApplicationFormBody.vueapp/components/PublicJobApplicationHeader.vueapp/composables/useJob.tsapp/composables/useJobs.tsapp/pages/dashboard/jobs/[id]/application-form.vueapp/pages/dashboard/jobs/new.vueapp/pages/dashboard/jobs/preview.vueapp/pages/jobs/[slug]/apply.vuee2e/critical-flows/job-creation.spec.tsi18n/i18n.config.tspackage.jsonserver/api/jobs/[id].get.tsserver/api/jobs/[id].patch.tsserver/api/jobs/index.post.tsserver/api/public/jobs/[slug].get.tsserver/api/public/jobs/[slug]/apply.post.tsserver/database/migrations/0029_wakeful_secret_warriors.sqlserver/database/migrations/meta/0029_snapshot.jsonserver/database/migrations/meta/_journal.jsonserver/database/schema/app.tsserver/utils/schemas/job.ts
✅ Files skipped from review due to trivial changes (2)
- i18n/i18n.config.ts
- app/composables/useJob.ts
🚧 Files skipped from review as they are similar to previous changes (4)
- app/pages/dashboard/jobs/[id]/application-form.vue
- app/components/ApplicationBuilderPreview.vue
- app/components/ApplicationFormBody.vue
- e2e/critical-flows/job-creation.spec.ts
Comment on lines
+92
to
+94
| function closePreview() { | ||
| window.close() | ||
| } |
There was a problem hiding this comment.
Line 93: window.close() can silently fail and leave the user stuck.
When this page is opened directly (or browser policy blocks close), the “Back to editor” action does nothing. Add a history/router fallback.
Proposed fix
function closePreview() {
- window.close()
+ if (window.opener && !window.opener.closed) {
+ window.close()
+ return
+ }
+ if (window.history.length > 1) {
+ window.history.back()
+ return
+ }
+ void navigateTo('/dashboard/jobs')
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| function closePreview() { | |
| window.close() | |
| } | |
| function closePreview() { | |
| if (window.opener && !window.opener.closed) { | |
| window.close() | |
| return | |
| } | |
| if (window.history.length > 1) { | |
| window.history.back() | |
| return | |
| } | |
| void navigateTo('/dashboard/jobs') | |
| } |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@app/pages/dashboard/jobs/preview.vue` around lines 92 - 94, The closePreview
function relies solely on window.close() which can fail silently when the page
is opened directly or blocked by browser policy, leaving users stuck. Modify the
closePreview function to add a fallback mechanism: after calling window.close(),
use router.back() or history.back() as a fallback to navigate the user back to
the previous page if the window close operation fails to perform any navigation
action. This ensures users can always navigate away from the preview page
regardless of how it was opened or browser restrictions.
| /** Experience level required for this role */ | ||
| experienceLevel: experienceLevelEnum('experience_level'), | ||
| // ── Application form settings ── | ||
| phoneRequirement: text('phone_requirement').$type<'hidden' | 'optional' | 'required'>().notNull().default('optional'), |
There was a problem hiding this comment.
Enforce phoneRequirement at the database level, not only TypeScript.
Line 67 uses a text column with $type<...>, which is compile-time only and does not enforce the allowed values in PostgreSQL. That can let invalid values persist and break the API/UI contract that assumes only hidden | optional | required (for example, apply validation behavior in server/api/public/jobs/[slug]/apply.post.ts).
Suggested direction
+export const phoneRequirementEnum = pgEnum('phone_requirement', ['hidden', 'optional', 'required'])
...
- phoneRequirement: text('phone_requirement').$type<'hidden' | 'optional' | 'required'>().notNull().default('optional'),
+ phoneRequirement: phoneRequirementEnum('phone_requirement').notNull().default('optional'),🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@server/database/schema/app.ts` at line 67, The phoneRequirement column uses a
text column with TypeScript-level type enforcement via $type, which does not
enforce the allowed values at the database level in PostgreSQL. Replace the text
column with a proper PostgreSQL enum type by first creating an enum definition
for the three allowed values (hidden, optional, required) and then using that
enum type for the phoneRequirement column instead of text. This ensures that
invalid values cannot be inserted into the database, preventing the API/UI
contract violations that can occur when applying validation behavior in routes
like server/api/public/jobs/[slug]/apply.post.ts.
… limit questions and criteria
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@e2e/critical-flows/job-creation.spec.ts`:
- Around line 62-66: The request listener is registered after the button click
on "Save as draft", causing the first POST request to /api/jobs to be missed and
not counted. Move the page.on('request') listener setup that checks for POST
requests to /api/jobs before the click action on the "Save as draft" button to
ensure all relevant requests are captured and counted.
In `@server/utils/schemas/jobQuestion.ts`:
- Around line 43-49: The updateQuestionSchema allows invalid state where
select-type questions can have null options during PATCH operations. Add
superRefine validation to updateQuestionSchema to enforce the same select-type
invariants that exist in createQuestionSchema, ensuring that when type is set to
a select variant (single_select, multi_select, etc.), the options field must
contain at least one unique option rather than being null or empty.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 3505cc37-9820-42aa-bd72-e2d21cbe2f4e
📒 Files selected for processing (11)
app/components/ApplicationBuilder.vueapp/components/ApplicationBuilderPreview.vueapp/components/QuestionForm.vueapp/composables/useJobs.tsapp/pages/dashboard/jobs/new.vuee2e/critical-flows/job-creation.spec.tsserver/api/jobs/index.post.tsserver/utils/schemas/job.tsserver/utils/schemas/jobQuestion.tsserver/utils/schemas/scoring.tstests/unit/job-creation-schema.test.ts
💤 Files with no reviewable changes (1)
- app/components/ApplicationBuilderPreview.vue
🚧 Files skipped from review as they are similar to previous changes (2)
- app/composables/useJobs.ts
- app/components/ApplicationBuilder.vue
Signed-off-by: Joachim LK <joachim.l.kolle.pers@gmail.com> # Conflicts: # package-lock.json # package.json
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…n state validation and tests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
test-step3.jsto automate the testing of the sign-in page.Summary
Type of change
Validation
DCO
Signed-off-by) viagit commit -sSummary by CodeRabbit
Release Notes
New Features
UX Improvements
Testing / DevOps