mirror of https://github.com/codeflash-ai/codeflash-internal.git synced 2026-05-04 18:25:18 +00:00

History

Kevin Turcios 8202ea512c fix: close authorization bypass and data-integrity bugs across dashboard Security (critical): - Scope member lookups to parent resource (repository_id / organization_id) in updateRepositoryMemberRole, removeRepositoryMember, updateOrganizationMemberRole, and removeOrganizationMember to prevent cross-tenant escalation via crafted memberId - Replace unvalidated currentOrganizationId cookie reads with getAccountContext() (validates org membership) in review page and repo detail data loaders Bugs: - Add missing string-UUID branch in repository_id filter (raw SQL paths) - Pass actual username to RepoDetailClient instead of empty string - Remove misleading React.cache() on getAllOptimizationEventsImpl (object arg means reference equality never hits) - Use create() result directly in addOrganizationMember to avoid NPE from unnecessary re-fetch - Separate null-session redirect from null-event 404 in profiler page Tests: - Rewrite action.test.ts: org payload for Prisma findMany path, proper $queryRaw tagged-template mock for raw SQL path, verify repository_id filter is actually applied		2026-04-13 14:56:12 -05:00
..
cf-api	fix: cf-api deploy broken by pnpm workspace migration	2026-04-13 11:58:37 -05:00
cf-webapp	fix: close authorization bypass and data-integrity bugs across dashboard	2026-04-13 14:56:12 -05:00
common	perf: fix CI build + lazy-load heavy libs + parallelize DB queries (#2601 )	2026-04-13 11:03:05 -05:00
VSC-Extension	feat: Add Line Profiler visualization to webapp (#2268 )	2026-01-28 08:36:54 -08:00
.npmrc	perf: fix CI build + lazy-load heavy libs + parallelize DB queries (#2601 )	2026-04-13 11:03:05 -05:00
CLAUDE.md	perf: fix CI build + lazy-load heavy libs + parallelize DB queries (#2601 )	2026-04-13 11:03:05 -05:00
package.json	perf: fix CI build + lazy-load heavy libs + parallelize DB queries (#2601 )	2026-04-13 11:03:05 -05:00
pnpm-lock.yaml	fix: align TypeScript versions to deduplicate @prisma/client in pnpm	2026-04-13 12:10:16 -05:00
pnpm-workspace.yaml	perf: fix CI build + lazy-load heavy libs + parallelize DB queries (#2601 )	2026-04-13 11:03:05 -05:00
README.md	perf: fix CI build + lazy-load heavy libs + parallelize DB queries (#2601 )	2026-04-13 11:03:05 -05:00

README.md

CodeFlash AI

Overview

CodeFlash AI is a JavaScript/TypeScript monorepo that provides a scalable and modular architecture for web applications, focusing on efficient code sharing and robust development practices.

Project Structure

js/
├── common/           # Shared code and database schema
├── cf-api/           # Backend API service
├── cf-webapp/        # Next.js web application
├── VSC-Extension/    # VS Code extension
└── pnpm-workspace.yaml

Prerequisites

Node.js (v20+)
pnpm (v10+): npm install -g pnpm
Prisma CLI (installed as devDependency)

Setup

1. Clone the Repository

git clone https://github.com/your-org/codeflash-ai.git
cd codeflash-ai/js

2. Install Dependencies

# Install all workspace dependencies from js/
pnpm install

3. Database Configuration

# Generate Prisma client and run migrations
cd common
pnpm prisma generate
pnpm prisma migrate dev

Development Workflow

Start Development Servers

# From js/ workspace root:
pnpm --filter cf-api dev
pnpm --filter cf-webapp dev

Build

# Build individual packages
pnpm --filter cf-webapp build
pnpm --filter cf-api build
pnpm --filter @codeflash-ai/common build

Key Components

Common Package (`@codeflash-ai/common`)

Shared TypeScript utilities
Prisma database schema
Reusable functions across projects
Referenced as "workspace:*" by cf-api and cf-webapp

Usage Example

import { createOrUpdateUser } from "@codeflash-ai/common"

Best Practices

Always install from the workspace root (js/)
Keep shared logic in the common package
Use TypeScript for type safety
Follow existing code structure
Never commit sensitive data or build artifacts

Publishing common Package

cd common
pnpm build
pnpm publish