Promote post-release stability fixes to production#76
Conversation
Limit GitHub Actions to the read-only repository access required by build and test jobs. Prevent checkout credentials from persisting beyond each checkout step. - grant contents read at workflow scope - disable credential persistence for both jobs
Avoid marking unrelated code as Java when common words merely contain a Java keyword. Model Java identifier-part semantics so Unicode and ignorable characters cannot split false keyword tokens. - tokenize unmarked code blocks before keyword lookup - cover substring and identifier-ignorable regressions
Satisfy the canonical font-family syntax while shrinking the touched global stylesheet below its repository size ceiling. Remove animation definitions with no consumers instead of relocating dead styles. - unquote the Fraunces family name - delete two unused keyframe rules
Prevent guided chat failures from exposing internal exception class names to clients. Preserve retry metadata and structured server diagnostics for operators. - emit a fixed user-facing stream error contract - assert exception types and secret messages remain server-side
The lesson back control hid its only visible label at the mobile breakpoint, leaving screen readers with an unnamed button. - retain an All Lessons accessible name at every viewport - cover the responsive control with a role-and-name regression test
Earlier stream status events could override the backend's terminal retry decision, causing recoverable failures to stop or fatal failures to retry. - give explicit terminal retry metadata precedence - retain signature-based recovery for unstructured failures - cover retryable and fatal terminal overrides
Model responses can place enrichment syntax inside code spans or emit invented Java examples, producing broken instructional output. Define marker and fenced-code boundaries in the canonical system prompt and bind the regression test to those owner-defined clauses. - require enrichment markers on prose-only lines - require fenced Java examples to use real compilable APIs
|
Warning Review limit reached
Next review available in: 55 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (21)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR promotes a set of post-release stability fixes to production across backend streaming/SSE behavior, system prompt guardrails, frontend stream recovery and Java code detection, accessibility labeling, and CI hardening.
Changes:
- Backend: publish replayable “provider change” SSE events during pre-text provider fallback and tighten guided-stream client error messaging.
- Frontend: make stream retry decisions respect terminal backend retry metadata; improve Java keyword boundary detection; add mobile back-button accessibility labeling.
- Ops/CI: restrict GitHub Actions workflow permissions and disable persisted checkout credentials.
Reviewed changes
Copilot reviewed 21 out of 21 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/test/java/com/williamcallahan/javachat/web/StreamingProviderFallbackSseEventTest.java | Adds regression coverage ensuring provider fallback + notice signals precede fallback text in SSE streams. |
| src/test/java/com/williamcallahan/javachat/web/GuidedSseCitationEventTest.java | Updates test construction for the expanded StreamingResult shape. |
| src/test/java/com/williamcallahan/javachat/web/GuidedLearningControllerStreamingFailureTest.java | Strengthens assertions that client-visible errors don’t leak exception types/messages. |
| src/test/java/com/williamcallahan/javachat/web/ChatControllerStreamingFailureTest.java | Updates test construction for the expanded StreamingResult shape. |
| src/test/java/com/williamcallahan/javachat/service/StreamingAttemptContextTest.java | Updates attempt-context creation to include provider-change signaling. |
| src/test/java/com/williamcallahan/javachat/service/OpenAIStreamingServiceTest.java | Verifies provider-change and fallback notice signals are emitted and replayable. |
| src/test/java/com/williamcallahan/javachat/config/SystemPromptConfigTest.java | Adds regression coverage for system-prompt clauses protecting markers and Java fences. |
| src/main/java/com/williamcallahan/javachat/web/GuidedLearningController.java | Emits provider-change SSE events and standardizes guided stream error payload text. |
| src/main/java/com/williamcallahan/javachat/web/ChatController.java | Emits provider-change SSE events alongside notices/data/heartbeats. |
| src/main/java/com/williamcallahan/javachat/service/StreamingResult.java | Extends streaming result contract to include provider-change signals. |
| src/main/java/com/williamcallahan/javachat/service/StreamingAttemptContext.java | Carries a provider-change sink through bounded streaming attempts. |
| src/main/java/com/williamcallahan/javachat/service/OpenAIStreamingService.java | Makes fallback signals replayable and emits provider-change metadata on pre-text retry. |
| src/main/java/com/williamcallahan/javachat/config/SystemPromptConfig.java | Adds explicit marker/code-boundary and “valid Java fence” clauses to the core prompt template. |
| frontend/src/styles/global.css | Minor font-family tweak; removes unused keyframes. |
| frontend/src/lib/services/streamRecovery.ts | Gives terminal stream error metadata precedence for retry decisions. |
| frontend/src/lib/services/streamRecovery.test.ts | Adds coverage for terminal retryable/fatal override behavior. |
| frontend/src/lib/services/markdown.test.ts | Updates tests to validate Java keyword boundary detection and avoid substring false positives. |
| frontend/src/lib/services/javaLanguageDetection.ts | Implements boundary-aware Java keyword detection logic. |
| frontend/src/lib/components/LearnView.test.ts | Adds test coverage for accessible “All Lessons” back control naming on mobile. |
| frontend/src/lib/components/LearnView.svelte | Adds aria-label to the back button for assistive technologies. |
| .github/workflows/build.yml | Restricts workflow permissions and disables persisted checkout credentials. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f3fb8ddeb4
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Summary
Verification
Deployment validation
After merge, confirm Coolify deploys the exact main SHA, then rerun health/readiness, normal chat, guided learning, citations, console, and mobile accessibility checks on https://javachat.ai.