ci: add PR build/typecheck/test workflow + fix latent type errors#414
Conversation
The repo had no PR CI (release.yml runs only on version tags), so type errors that tsx ignores at runtime slipped in. This adds .github/workflows/ci.yml (node build + `tsc --noEmit -p tsconfig.json` + npm test, on PRs to main and pushes to main) and fixes the 30 pre-existing type errors so the typecheck gate is green: - src/hostBridge.ts: the updateCellBatch SAVEPOINT fallback used `'updateCellBatch' in dbOps`, which narrowed dbOps so `executeQuery` failed to typecheck. Switched to a non-narrowing `typeof dbOps.updateCellBatch === 'function'` check (runtime behavior unchanged; DatabaseOperations declares executeQuery/updateCell/updateCellBatch). - 27 test/benchmark type-only fixes (mock casts, optional params, valid ModificationType values) — no assertion or logic changes. tsc --noEmit: 0 errors. npm test: 311 passing. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
📝 WalkthroughWalkthroughThis pull request introduces CI workflow automation, tightens production type-checking in ChangesTypeScript Type Safety and CI Automation
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
ESLint skipped: no ESLint configuration detected in root package.json. To enable, add Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: Build, typecheck & test | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 22 | ||
| cache: npm | ||
|
|
||
| - name: Install dependencies | ||
| run: npm ci | ||
|
|
||
| - name: Build extension, worker & WASM | ||
| run: node scripts/build.mjs | ||
|
|
||
| - name: Typecheck (src + tests) | ||
| run: npx tsc --noEmit -p tsconfig.json | ||
|
|
||
| - name: Unit tests | ||
| run: npm test |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors type checks and introduces various type assertions (mostly casting to any) across test files and src/hostBridge.ts to resolve TypeScript compilation issues. While these changes fix compiler errors, the feedback highlights several opportunities to maintain strict type safety instead of resorting to any casts. Key recommendations include using the correct establishConnection API to prevent a runtime error in benchmarks, satisfying interfaces with default properties, and using specific VS Code types or TypeScript utility types for safer assertions.
| async function runBenchmark() { | ||
| const bundle = await createNativeDatabaseConnection(vscode.Uri.file(process.cwd())); | ||
| const loadResult = await bundle.loadDatabase({ buffer: new Uint8Array() }); | ||
| const loadResult = await (bundle as any).loadDatabase({ buffer: new Uint8Array() }); |
There was a problem hiding this comment.
The createNativeDatabaseConnection function returns a connection bundle that uses establishConnection rather than loadDatabase. Calling loadDatabase here will result in a runtime TypeError because the method does not exist on the native worker bundle.
Instead of casting to any and calling loadDatabase, use establishConnection with an in-memory database URI to match the correct API.
| const loadResult = await (bundle as any).loadDatabase({ buffer: new Uint8Array() }); | |
| const loadResult = await bundle.establishConnection(vscode.Uri.file(':memory:'), 'bench_db'); |
| try { | ||
| const wasmBinary = fs.readFileSync(path.resolve(__dirname, '../../node_modules/sql.js/dist/sql-wasm.wasm')); | ||
| const engineResult = await createDatabaseEngine({ wasmBinary }); | ||
| const engineResult = await createDatabaseEngine({ wasmBinary } as any); |
There was a problem hiding this comment.
Instead of casting the configuration object to any, you can satisfy the DatabaseInitConfig interface by providing the required content and maxSize properties with safe default values. This preserves type safety and avoids bypassing compiler checks.
| const engineResult = await createDatabaseEngine({ wasmBinary } as any); | |
| const engineResult = await createDatabaseEngine({ wasmBinary, content: null, maxSize: 0 }); |
| await databaseOps.undoModification(mod as any); | ||
|
|
||
| // 2. Redo (Drops columns again) | ||
| await databaseOps.redoModification(mod); | ||
| await databaseOps.redoModification(mod as any); |
There was a problem hiding this comment.
The mod object is missing the required description property of the ModificationEntry interface, which is why the compiler complained.
Instead of casting mod as any, you can spread mod and supply a dummy description to make it a fully valid ModificationEntry in a type-safe manner.
| await databaseOps.undoModification(mod as any); | |
| // 2. Redo (Drops columns again) | |
| await databaseOps.redoModification(mod); | |
| await databaseOps.redoModification(mod as any); | |
| await databaseOps.undoModification({ ...mod, description: 'Undo column drop' }); | |
| // 2. Redo (Drops columns again) | |
| await databaseOps.redoModification({ ...mod, description: 'Redo column drop' }); |
|
|
||
| assert.strictEqual(showSaveDialogMock.mock.callCount(), 1); | ||
| const args = showSaveDialogMock.mock.calls[0].arguments[0]; | ||
| const args = showSaveDialogMock.mock.calls[0].arguments[0] as any; |
There was a problem hiding this comment.
Instead of casting args to any, you can cast it to vscode.SaveDialogOptions which is the actual type expected by showSaveDialog. This preserves type safety and auto-completion.
| const args = showSaveDialogMock.mock.calls[0].arguments[0] as any; | |
| const args = showSaveDialogMock.mock.calls[0].arguments[0] as vscode.SaveDialogOptions; |
|
|
||
| assert.strictEqual(configUpdateMock.mock.calls.length, 1); | ||
| const callArgs = configUpdateMock.mock.calls[0].arguments; | ||
| const callArgs = configUpdateMock.mock.calls[0].arguments as any[]; |
There was a problem hiding this comment.
Instead of casting callArgs to any[], you can cast it to a more specific tuple type like [string, Record<string, any>] which matches the signature of workspace.getConfiguration().update. This keeps the test type-safe.
| const callArgs = configUpdateMock.mock.calls[0].arguments as any[]; | |
| const callArgs = configUpdateMock.mock.calls[0].arguments as [string, Record<string, any>]; |
| } as unknown as Database; | ||
|
|
||
| const engine = new WasmDatabaseEngine(mockDb, 5000); | ||
| const engine = new WasmDatabaseEngine(mockDb as any, 5000); |
There was a problem hiding this comment.
Instead of casting mockDb to any, you can dynamically extract the correct type of the first parameter of the WasmDatabaseEngine constructor using Parameters<typeof WasmDatabaseEngine>[0]. This avoids using any and maintains strict type safety.
| const engine = new WasmDatabaseEngine(mockDb as any, 5000); | |
| const engine = new WasmDatabaseEngine(mockDb as unknown as Parameters<typeof WasmDatabaseEngine>[0], 5000); |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/ci.yml:
- Line 20: Replace the floating tag references to GitHub Actions with pinned
commit SHAs: locate the "uses: actions/checkout@v4" entry (and the other similar
"uses:" entry around line 22) and replace the `@v4` tag with the corresponding
full commit SHA for that action's v4 release; include a trailing comment noting
the human-readable version (e.g., v4) for future reference, and ensure both
occurrences are updated so the workflow pins to immutable commit hashes rather
than floating tags.
- Around line 1-14: The workflow "name: CI" currently relies on the default
GITHUB_TOKEN permissions; add an explicit top-level permissions block to grant
least privilege for the checkout operation (e.g., set GITHUB_TOKEN permissions
to at most contents: read) so the job only has repository read access; update
the YAML near the top-level (in the same document that contains "name: CI" and
"on:") to include the permissions mapping rather than using defaults.
In `@tests/unit/workerFactory.test.ts`:
- Around line 87-91: Replace the direct assignment and casts to readonly VS Code
API fields by defining properties via Object.defineProperty: instead of
assigning mockVscode.workspace.fs = { ... } as any, call
Object.defineProperty(mockVscode, 'workspace', { value: { fs: { readFile: async
() => new Uint8Array(), stat: async () => ({ size: 0 }) } }, writable: true,
configurable: true }) or define just the 'fs' property on mockVscode.workspace
similarly so that mockVscode.workspace.fs is writable/configurable; likewise
replace (mockVscode.Uri as any).joinPath = () => ({ scheme: 'file', fsPath:
'/test/path/assets/sqlite3.wasm' }) with Object.defineProperty(mockVscode.Uri,
'joinPath', { value: () => ({ scheme: 'file', fsPath:
'/test/path/assets/sqlite3.wasm' }), writable: true, configurable: true }) to
avoid using as any and follow readonly API testing conventions while keeping
functions names mockVscode.workspace.fs and mockVscode.Uri.joinPath as the
targets.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 0c7d09bd-75a6-48a0-b368-55b78c3ebea7
📒 Files selected for processing (13)
.github/workflows/ci.ymlsrc/hostBridge.tstests/benchmarks/native_worker_ddl_batch.tstests/performance/index_drop_benchmark.tstests/performance/native_undo_redo_benchmark.tstests/unit/hostBridge.test.tstests/unit/main.test.tstests/unit/modification_tracker_api.test.tstests/unit/sqlite-db.test.tstests/unit/tableExporter.test.tstests/unit/virtualFileSystem.test.tstests/unit/webviewMessageHandler.test.tstests/unit/workerFactory.test.ts
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Build, typecheck & test
🧰 Additional context used
📓 Path-based instructions (4)
tests/unit/*.test.ts
📄 CodeRabbit inference engine (CLAUDE.md)
tests/unit/*.test.ts: UseObject.defineProperty(obj, prop, { value, writable: true, configurable: true })for setting readonly VS Code API fields likevscode.env.uiKindin unit tests
Importtests/unit/vscode_mock_setup.tsat the beginning of unit test files to ensure VS Code mocks are initialized before running tests
Files:
tests/unit/modification_tracker_api.test.tstests/unit/webviewMessageHandler.test.tstests/unit/virtualFileSystem.test.tstests/unit/sqlite-db.test.tstests/unit/hostBridge.test.tstests/unit/workerFactory.test.tstests/unit/tableExporter.test.tstests/unit/main.test.ts
src/**/*.ts
📄 CodeRabbit inference engine (CLAUDE.md)
src/**/*.ts: Use prepared statements with?placeholders for all query parameter values to prevent SQL injection
Always useescapeIdentifier()function for table and column names in SQL queries to prevent identifier-based SQL injection
UsevalidateSqlType()for all user-provided SQL types in DDL statements to prevent type-based SQL injection
Validate PRAGMA string values with the regex/^[a-zA-Z0-9_-]+$/whitelist and check numeric PRAGMA values withNumber.isFinite()
UseescapeLikePattern()for user input in LIKE queries with theESCAPE '\\'clause to prevent LIKE wildcard injection
Use zero-copy transfer for large binary data (ArrayBuffers) in RPC communication by wrapping with theTransferwrapper
UseSAVEPOINT/RELEASE/ROLLBACK TOinstead ofBEGIN TRANSACTIONinupdateCellBatchto safely handle nested transactions
Use thesafeRollback(context)helper when handling transaction errors to log failures instead of throwing, preventing secondary rollback errors
Check for SQLitejson_patch()availability at engine construction time and use it in UPDATE statements when available, falling back to JS-sideapplyMergePatch()when unavailable
UsegetNodeFs()fromsqlite-db.tsto safely require the Node.jsfsmodule, which returnsundefinedin browser environments
Checkimport.meta.env.VSCODE_BROWSER_EXTto conditionally handle environment-specific code paths for browser vs Node.js platforms
Use the Core RPC protocol defined insrc/core/rpc.tsfor all Worker communication and when the Extension invokes Webview methods
UsebuildMethodProxy()fromsrc/core/rpc.tsto create proxy objects that automatically serialize RPC calls to workers or the webview
Record database modifications inModificationTrackerviarecordModification()before committing changes to track undo/redo history
Write all executed SQL (both read and write operations) to the 'SQLite Explorer' output channel viaGlobalOutputChannel?.appendLine()for debugging...
Files:
src/hostBridge.ts
{src/**/*.ts,core/ui/modules/*.js}
📄 CodeRabbit inference engine (CLAUDE.md)
Serialize
Uint8Arrayusing the marker format{ __type: 'Uint8Array', base64: '...' }with exactly 2 keys to prevent collisions with user data
Files:
src/hostBridge.ts
{src/hostBridge.ts,core/ui/modules/settings.js}
📄 CodeRabbit inference engine (CLAUDE.md)
Provide a UI to configure SQLite PRAGMAs via
hostBridge.setPragma()to allow users to modify settings like WAL mode and Foreign Keys directly
Files:
src/hostBridge.ts
🪛 GitHub Check: CodeQL
.github/workflows/ci.yml
[warning] 17-37: Workflow does not contain permissions
Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}
🪛 zizmor (1.25.2)
.github/workflows/ci.yml
[warning] 20-20: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
[warning] 1-38: overly broad permissions (excessive-permissions): default permissions used due to no permissions: block
(excessive-permissions)
[error] 20-20: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
[error] 22-22: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
🔇 Additional comments (11)
src/hostBridge.ts (1)
400-400: LGTM!tests/unit/hostBridge.test.ts (1)
29-29: LGTM!Also applies to: 138-138, 165-165
tests/unit/main.test.ts (1)
55-55: LGTM!Also applies to: 173-173
tests/unit/sqlite-db.test.ts (1)
247-247: LGTM!tests/unit/tableExporter.test.ts (1)
303-303: LGTM!tests/unit/virtualFileSystem.test.ts (1)
241-241: LGTM!Also applies to: 256-256
tests/unit/webviewMessageHandler.test.ts (1)
10-10: LGTM!Also applies to: 48-48, 74-74
tests/benchmarks/native_worker_ddl_batch.ts (1)
8-8: LGTM!tests/performance/index_drop_benchmark.ts (1)
37-37: LGTM!tests/performance/native_undo_redo_benchmark.ts (1)
51-54: LGTM!tests/unit/modification_tracker_api.test.ts (1)
38-38: LGTM!Also applies to: 70-70, 100-100
| name: CI | ||
|
|
||
| # Runs on every PR to main and on pushes to main, so type errors and test | ||
| # failures are caught before merge (release.yml only runs on version tags). | ||
| on: | ||
| pull_request: | ||
| branches: [main] | ||
| push: | ||
| branches: [main] | ||
|
|
||
| concurrency: | ||
| group: ci-${{ github.ref }} | ||
| cancel-in-progress: true | ||
|
|
There was a problem hiding this comment.
Add explicit permissions block to follow least privilege.
The workflow inherits default GITHUB_TOKEN permissions, which are overly broad. This workflow only needs read access to check out the repository.
🔒 Proposed fix to add minimal permissions
name: CI
+permissions:
+ contents: read
+
# Runs on every PR to main and on pushes to main, so type errors and test
# failures are caught before merge (release.yml only runs on version tags).📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| name: CI | |
| # Runs on every PR to main and on pushes to main, so type errors and test | |
| # failures are caught before merge (release.yml only runs on version tags). | |
| on: | |
| pull_request: | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| name: CI | |
| permissions: | |
| contents: read | |
| # Runs on every PR to main and on pushes to main, so type errors and test | |
| # failures are caught before merge (release.yml only runs on version tags). | |
| on: | |
| pull_request: | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true |
🧰 Tools
🪛 zizmor (1.25.2)
[warning] 1-38: overly broad permissions (excessive-permissions): default permissions used due to no permissions: block
(excessive-permissions)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/ci.yml around lines 1 - 14, The workflow "name: CI"
currently relies on the default GITHUB_TOKEN permissions; add an explicit
top-level permissions block to grant least privilege for the checkout operation
(e.g., set GITHUB_TOKEN permissions to at most contents: read) so the job only
has repository read access; update the YAML near the top-level (in the same
document that contains "name: CI" and "on:") to include the permissions mapping
rather than using defaults.
| name: Build, typecheck & test | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 |
There was a problem hiding this comment.
Pin actions to commit hashes per security policy.
The workflow uses version tags (@v4) instead of commit hashes. Static analysis flags this as required by policy to prevent supply chain attacks if the action repositories are compromised.
🔒 Guidance for pinning to commit hashes
Replace version tags with full commit SHA hashes. For example:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@<commit-sha> # v4.x.x
- - uses: actions/setup-node@v4
+ - uses: actions/setup-node@<commit-sha> # v4.x.xLook up the latest commit hashes for the v4 releases of these actions in their respective repositories, and add a comment with the version number for future reference.
Also applies to: 22-22
🧰 Tools
🪛 zizmor (1.25.2)
[warning] 20-20: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
[error] 20-20: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/ci.yml at line 20, Replace the floating tag references to
GitHub Actions with pinned commit SHAs: locate the "uses: actions/checkout@v4"
entry (and the other similar "uses:" entry around line 22) and replace the `@v4`
tag with the corresponding full commit SHA for that action's v4 release; include
a trailing comment noting the human-readable version (e.g., v4) for future
reference, and ensure both occurrences are updated so the workflow pins to
immutable commit hashes rather than floating tags.
| mockVscode.workspace.fs = { | ||
| readFile: async () => new Uint8Array(), | ||
| stat: async () => ({ size: 0 }) | ||
| }; | ||
| mockVscode.Uri.joinPath = () => ({ scheme: 'file', fsPath: '/test/path/assets/sqlite3.wasm' }); | ||
| } as any; | ||
| (mockVscode.Uri as any).joinPath = () => ({ scheme: 'file', fsPath: '/test/path/assets/sqlite3.wasm' }); |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial | 💤 Low value
Consider using Object.defineProperty for readonly VS Code API fields.
The coding guidelines recommend using Object.defineProperty(obj, prop, { value, writable: true, configurable: true }) for setting readonly VS Code API fields in unit tests, rather than as any casts. This provides better consistency and clarity when working with readonly properties like workspace.fs.
As per coding guidelines, "Use Object.defineProperty(obj, prop, { value, writable: true, configurable: true }) for setting readonly VS Code API fields like vscode.env.uiKind in unit tests".
♻️ Proposed refactor using Object.defineProperty
- mockVscode.workspace.fs = {
- readFile: async () => new Uint8Array(),
- stat: async () => ({ size: 0 })
- } as any;
- (mockVscode.Uri as any).joinPath = () => ({ scheme: 'file', fsPath: '/test/path/assets/sqlite3.wasm' });
+ Object.defineProperty(mockVscode.workspace, 'fs', {
+ value: {
+ readFile: async () => new Uint8Array(),
+ stat: async () => ({ size: 0 })
+ },
+ writable: true,
+ configurable: true
+ });
+ Object.defineProperty(mockVscode.Uri, 'joinPath', {
+ value: () => ({ scheme: 'file', fsPath: '/test/path/assets/sqlite3.wasm' }),
+ writable: true,
+ configurable: true
+ });📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| mockVscode.workspace.fs = { | |
| readFile: async () => new Uint8Array(), | |
| stat: async () => ({ size: 0 }) | |
| }; | |
| mockVscode.Uri.joinPath = () => ({ scheme: 'file', fsPath: '/test/path/assets/sqlite3.wasm' }); | |
| } as any; | |
| (mockVscode.Uri as any).joinPath = () => ({ scheme: 'file', fsPath: '/test/path/assets/sqlite3.wasm' }); | |
| Object.defineProperty(mockVscode.workspace, 'fs', { | |
| value: { | |
| readFile: async () => new Uint8Array(), | |
| stat: async () => ({ size: 0 }) | |
| }, | |
| writable: true, | |
| configurable: true | |
| }); | |
| Object.defineProperty(mockVscode.Uri, 'joinPath', { | |
| value: () => ({ scheme: 'file', fsPath: '/test/path/assets/sqlite3.wasm' }), | |
| writable: true, | |
| configurable: true | |
| }); |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@tests/unit/workerFactory.test.ts` around lines 87 - 91, Replace the direct
assignment and casts to readonly VS Code API fields by defining properties via
Object.defineProperty: instead of assigning mockVscode.workspace.fs = { ... } as
any, call Object.defineProperty(mockVscode, 'workspace', { value: { fs: {
readFile: async () => new Uint8Array(), stat: async () => ({ size: 0 }) } },
writable: true, configurable: true }) or define just the 'fs' property on
mockVscode.workspace similarly so that mockVscode.workspace.fs is
writable/configurable; likewise replace (mockVscode.Uri as any).joinPath = () =>
({ scheme: 'file', fsPath: '/test/path/assets/sqlite3.wasm' }) with
Object.defineProperty(mockVscode.Uri, 'joinPath', { value: () => ({ scheme:
'file', fsPath: '/test/path/assets/sqlite3.wasm' }), writable: true,
configurable: true }) to avoid using as any and follow readonly API testing
conventions while keeping functions names mockVscode.workspace.fs and
mockVscode.Uri.joinPath as the targets.
- ci.yml: pin actions/checkout & actions/setup-node to commit SHAs and add a least-privilege `permissions: contents: read` block (CodeRabbit / SEAL). - workerFactory.test.ts: use Object.defineProperty for readonly VS Code mock fields instead of `as any` (the project's documented convention). - native_worker_ddl_batch.ts: use the real `bundle.establishConnection(...)` API (the benchmark called a non-existent `loadDatabase` masked by `as any`). - globals.css: fix the self-referential `@theme` font variables (via `--font-*-stack`) and move `:root`/`.dark` + base styles out of `@layer utilities` into the correct layers (Gemini). Verified: extension build OK; `tsc --noEmit` 0 errors; `npm test` 311 pass; website `next build` compiles. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2 participants
What
Adds the first PR-triggered CI (
.github/workflows/ci.yml): build →tsc --noEmit→npm teston PRs tomainand pushes tomain. Previously the only workflow (release.yml) ran only on version tags, so type errors thattsxstrips at runtime slipped in unnoticed.To make the typecheck gate green, this also fixes the 30 pre-existing type errors:
src/hostBridge.ts— theupdateCellBatchSAVEPOINT fallback's'updateCellBatch' in dbOpsguard narroweddbOpsso theexecuteQuerycalls failed to typecheck. Switched to a non-narrowingtypeof … === 'function'check; runtime behavior unchanged.ModificationTypevalues. No assertion or logic changes.Verification
npx tsc --noEmit -p tsconfig.json→ 0 errorsnpm test→ 311 passing, 0 failing🤖 Generated with Claude Code
Summary by CodeRabbit
Chores