Integrate e2b code writing and UI enhancements

[Jackson57279]

This pull request contains changes generated by Cursor background composer.

Summary by CodeRabbit

• New Features

  • Collapsible left sidebar that expands on hover, with a “History” indicator when collapsed; expanded view shows conversations, new-chat dialog, list, timestamps, delete, and empty state.

• Improvements

  • Right panel renamed “E2B Live Preview,” widened for better visibility.
  • Preview and code blocks share unified, richer code-execution results and behavior.
  • Optional runtime handling for an auxiliary tagging tool.

• Bug Fixes

  • Preview only renders when preview mode and code are present.

• Chores

  • Removed a dev dependency and switched build/install to npm commands.

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Project	Deployment	Preview	Comments	Updated (UTC)
zapdev	✅ Ready	Preview	💬 Add feedback	Aug 12, 2025 2:48am

[coderabbitai]

Walkthrough

Adds a hover-expandable left sidebar with conversation list and deletion, renames and resizes the right preview to “E2B Live Preview” using E2BCodeExecution wired to executeCode('javascript'), makes the preview conditional on showPreview and previewCode, marks a dev dependency optional, and updates build/install commands for Vercel.

Changes

Cohort / File(s)	Summary of Changes
Chat UI (sidebar & preview) src/components/ChatInterface.tsx	Implements hover-controlled left sidebar (collapsed w-3 ↔ expanded w-80) with rotated “History” indicator, full “Conversations” header, new-chat dialog, chat list with delete and empty state; right preview renamed to “E2B Live Preview”, width increased (≈36%→45%, min-width 360→480px); preview renders only when showPreview && previewCode.
Execution integration src/components/ChatInterface.tsx	Replaces WebContainerFailsafe with E2BCodeExecution; adds onExecute handler that calls executeCode('javascript') and returns a standardized result { success, output, error, logs, artifacts, executionTime, memoryUsage }. Centralizes dynamic execution for previews and message code blocks.
Build / deployment config vercel.json	Switches Vercel static-build commands from Bun to npm: buildCommand -> "npm run build", installCommand -> "npm install --no-audit --no-fund --legacy-peer-deps"; other entries unchanged.
Dev dependency removal package.json	Removes lovable-tagger from devDependencies.
Optional runtime plugin loading vite.config.ts	Changes static import of componentTagger to an optional runtime require guarded in try/catch; introduces nullable componentTagger and guards plugin invocation to avoid calling null in non-present dependency scenarios.

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant ChatInterface
  participant E2BCodeExecution
  participant Sandbox as executeCode('javascript')

  User->>ChatInterface: Request preview or run code
  ChatInterface->>E2BCodeExecution: onExecute(code)
  E2BCodeExecution->>Sandbox: executeCode('javascript', code)
  Sandbox-->>E2BCodeExecution: {success, output, error, logs, artifacts, executionTime, memoryUsage}
  E2BCodeExecution-->>ChatInterface: standardized result
  ChatInterface-->>User: render preview / show results

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

In a warren of panes I quietly pry,
The sidebar blooms when my whiskers fly.
“E2B” I hum, code hops and runs,
Logs and artifacts sparkle like suns.
A rabbit’s tweak — small, swift, and spry. 🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch cursor/integrate-e2b-code-writing-and-ui-enhancements-f6f8

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[claude]

Claude finished @otdoges's task —— View job

---

Code Review Complete

I've thoroughly reviewed this pull request that integrates E2B code writing functionality and UI enhancements. Here's my comprehensive analysis:

Review Tasks:

• Analyze ChatInterface.tsx changes for code quality and best practices
• Review new dependencies in package-lock.json for security concerns
• Check for proper error handling and type safety
• Assess performance implications
• Evaluate security considerations
• Review test coverage implications

✅ Positive Aspects

Security Excellence

• Strong input validation with validateInput() and sanitizeText() functions (src/components/ChatInterface.tsx:76-101)
• XSS protection through comprehensive HTML entity encoding
• Input length limits enforced (10,000 chars for messages, 100 for titles)
• Malicious pattern detection for script injection attempts
• End-to-end encryption implementation with proper error handling
• E2B sandboxed execution provides secure code isolation

Code Quality & Architecture

• Excellent TypeScript usage with proper interface definitions
• Good error handling with try-catch blocks and user-friendly messages
• Proper async/await patterns throughout
• React best practices with proper hooks usage and component structure
• Clean separation of concerns between UI, business logic, and API calls

Performance Optimizations

• React.useMemo for expensive operations (src/components/ChatInterface.tsx:188-190)
• React.useCallback for event handlers to prevent unnecessary re-renders
• Proper useEffect dependencies to avoid infinite loops
• Content length limits (50k chars for AI responses) to prevent memory issues
• Pagination/limiting of search results and code blocks

⚠️ Areas for Improvement

1. Code Execution Security ⚠️

// Line 303: Code block limit could be bypassed
while ((match = codeBlockRegex.exec(content)) !== null && count < 10)

Issue: The regex execution loop could potentially be exploited with crafted input.
Recommendation: Add timeout protection and validate regex patterns more strictly.

2. Memory Management

// Line 527: Potential memory leak with streaming
for await (const delta of streamResult.textStream) {
  assistantContent += delta;
  if (assistantContent.length > 50000) break; // Good limit but...
}

Issue: String concatenation in a loop can cause performance issues.
Recommendation: Use StringBuilder pattern or chunked processing.

3. Error Message Information Disclosure

// Line 268: Potentially sensitive error information
console.warn(`Failed to decrypt message ${message._id} - integrity check failed`);

Issue: Logging message IDs could aid in cryptographic attacks.
Recommendation: Use generic error messages without specific IDs in production.

4. Rate Limiting Concerns

The code lacks rate limiting for:

• AI API calls
• Search requests
• Code execution requests

5. Dependency Security

The @e2b/code-interpreter@^1.5.1 dependency is relatively new. Consider:

• Regular security audits
• Pinning to specific versions
• Monitoring for vulnerabilities

🔧 Recommended Changes

High Priority

1. Add rate limiting for API calls and code execution
2. Implement request timeouts for all external API calls
3. Add input sanitization for search queries and URLs
4. Improve error logging to avoid information disclosure

Medium Priority

1. Add unit tests for security-critical functions (validateInput, sanitizeText)
2. Implement retry logic with exponential backoff
3. Add performance monitoring for code execution times
4. Consider caching for frequently accessed data

Code Examples for Fixes

// Add timeout protection for regex operations
const executeWithTimeout = (fn: () => any, timeout: number) => {
  return Promise.race([
    fn(),
    new Promise((_, reject) => 
      setTimeout(() => reject(new Error('Operation timeout')), timeout)
    )
  ]);
};

// Improve string building for large content
const chunks: string[] = [];
for await (const delta of streamResult.textStream) {
  chunks.push(delta);
  const totalLength = chunks.join('').length;
  if (totalLength > 50000) break;
}
const assistantContent = chunks.join('');

📊 Test Coverage Assessment

• Missing: Unit tests for security functions
• Missing: Integration tests for E2B execution
• Missing: Error boundary tests
• Needed: Security-focused test scenarios

🎯 Overall Assessment

This is a well-architected and security-conscious implementation. The code demonstrates:

• Strong security practices with input validation and sanitization
• Good performance considerations
• Proper error handling
• Modern React patterns

The integration of E2B for code execution is implemented safely with proper sandboxing. The encryption implementation is particularly noteworthy for its attention to security details.

Recommendation: APPROVE with minor improvements - The suggested changes are optimizations rather than blocking issues.

---

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (7)

src/components/ChatInterface.tsx (7)

52-52: Remove empty line

This empty line is unnecessary and should be removed to maintain consistent code formatting.

-
-
 const { logger } = Sentry;

---

210-211: Remove unnecessary empty lines

Multiple consecutive empty lines should be reduced to a single line for better code readability.

   }, []);
 
-
-
   // Initialize message encryption when user is available

---

1171-1173: Consider debouncing hover state changes

The sidebar expansion/collapse on hover may trigger too frequently, especially if the user accidentally hovers near the boundary. Consider adding a debounce delay to improve UX.

+  const [hoverTimeout, setHoverTimeout] = useState<NodeJS.Timeout | null>(null);
+  
   onMouseEnter={() => setSidebarExpanded(true)}
   onMouseLeave={() => setSidebarExpanded(false)}
+  // Alternative with debounce:
+  // onMouseEnter={() => {
+  //   if (hoverTimeout) clearTimeout(hoverTimeout);
+  //   const timeout = setTimeout(() => setSidebarExpanded(true), 300);
+  //   setHoverTimeout(timeout);
+  // }}
+  // onMouseLeave={() => {
+  //   if (hoverTimeout) clearTimeout(hoverTimeout);
+  //   const timeout = setTimeout(() => setSidebarExpanded(false), 200);
+  //   setHoverTimeout(timeout);
+  // }}

---

1262-1263: Improve accessibility for rotated text

The rotated "History" text may not be accessible to screen readers and could be difficult to read. Consider using an icon or providing proper ARIA labels.

   <div className="flex-1 flex items-center justify-center">
-    <div className="-rotate-90 text-[10px] tracking-widest text-gray-500">History</div>
+    <div className="-rotate-90 text-[10px] tracking-widest text-gray-500" aria-label="Conversation History" role="navigation">History</div>
   </div>

---

1631-1631: Responsive breakpoint may be too restrictive

The live preview panel is hidden on xl screens and below (hidden xl:flex). This might be too restrictive - consider showing it on lg screens as well for better visibility on standard laptop displays.

-  <div className="hidden xl:flex w-[45%] min-w-[480px] max-w-[780px] border-l border-gray-800/60 bg-[#111] flex-col">
+  <div className="hidden lg:flex w-[45%] min-w-[480px] max-w-[780px] border-l border-gray-800/60 bg-[#111] flex-col">

---

1173-1173: Consider using CSS classes for dynamic width

Using template literals for dynamic classes can be less performant and harder to maintain. Consider using conditional classes or CSS variables.

-  className={`${sidebarExpanded ? 'w-80' : 'w-3'} border-r border-gray-800/60 bg-[#1A1A1A]/90 backdrop-blur-xl flex flex-col transition-[width] duration-300`}
+  className={`border-r border-gray-800/60 bg-[#1A1A1A]/90 backdrop-blur-xl flex flex-col transition-[width] duration-300 ${sidebarExpanded ? 'w-80' : 'w-3'}`}

---

153-153: Consider persisting sidebar state

The sidebar expansion state resets on every component mount. Consider persisting this preference in localStorage for better UX across sessions.

-  const [sidebarExpanded, setSidebarExpanded] = useState<boolean>(false);
+  const [sidebarExpanded, setSidebarExpanded] = useState<boolean>(() => {
+    const saved = localStorage.getItem('sidebarExpanded');
+    return saved ? JSON.parse(saved) : false;
+  });
+  
+  // Add useEffect to save preference
+  useEffect(() => {
+    localStorage.setItem('sidebarExpanded', JSON.stringify(sidebarExpanded));
+  }, [sidebarExpanded]);

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7a9615a and 15b2c53.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• src/components/ChatInterface.tsx (5 hunks)

🧰 Additional context used

📓 Path-based instructions (7)

**/*.{ts,tsx}

📄 CodeRabbit Inference Engine (CLAUDE.md)

**/*.{ts,tsx}: Strict type safety enforced: no any types and strict null checks enabled in TypeScript
Input validation using Zod schemas

**/*.{ts,tsx}: All Convex queries and mutations MUST use proper authentication. Never accept user IDs from client parameters.
Always verify user owns the data before allowing access.
Use the authenticated user's identity.subject for user references.
Implement proper error messages that don't leak information.
Authentication verification in every function.
Authorization checks for data ownership.
Input validation and sanitization.
Error handling without information leakage.

**/*.{ts,tsx}: Use Sonner for toast notifications to provide consistent user feedback, including success, error, and loading states.
Always handle errors gracefully using try-catch blocks in asynchronous functions, providing user feedback and logging errors.
Provide specific, actionable error messages for form validation errors using toast notifications.
Handle common network error scenarios in catch blocks, providing appropriate toast messages for network errors, authentication errors, and unexpected errors.

If using TypeScript, use an enum to store flag names.

Strict TypeScript must be used with no 'any' types allowed

**/*.{ts,tsx}: NEVER use any type - use proper TypeScript types
Use unknown for truly unknown data types
Implement proper interface definitions
Do not use empty interfaces; use a type alias instead (e.g., type InputProps = ... instead of interface InputProps {})
All function parameters must be typed
All return types should be explicit for public APIs
Use proper generic constraints
Implement discriminated unions for state management
Use proper interface definitions for error handling types (e.g., interface ValidationResult { isValid: boolean; error?: string; })

**/*.{ts,tsx}: Always sanitize user input before storing or displaying using a sanitization function like sanitizeText.
Implement comprehensive input validation...

Files:

• src/components/ChatInterface.tsx

src/**/*.tsx

📄 CodeRabbit Inference Engine (CLAUDE.md)

src/**/*.tsx: XSS protection with input sanitization
Proper error handling with typed error boundaries

Files:

• src/components/ChatInterface.tsx

**/{pages,components}/**/*.tsx

📄 CodeRabbit Inference Engine (.cursor/rules/authentication-patterns.mdc)

Handle all authentication states in components by showing a loading spinner when loading, a sign-in prompt when unauthenticated, and protected content when authenticated.

Files:

• src/components/ChatInterface.tsx

**/*ChatInterface*.tsx

📄 CodeRabbit Inference Engine (.cursor/rules/chat-ui-patterns.mdc)

Chat interfaces should follow the specified component structure: state management for selectedChatId, input, isTyping; useQuery for chats and messages; layout with ChatSidebar and ChatArea components.

Files:

• src/components/ChatInterface.tsx

**/*.tsx

📄 CodeRabbit Inference Engine (.cursor/rules/error-handling.mdc)

**/*.tsx: Always provide loading feedback to users during asynchronous operations.
Use proper error boundaries to handle component crashes and display user-friendly error UI.

Use proper React component typing (e.g., const MyComponent: React.FC<Props> = ...)

**/*.tsx: Use the SafeText React component for all user-generated content to ensure safe text display.
NEVER use dangerouslySetInnerHTML with user content.
NEVER use direct string interpolation in HTML with user content.

Files:

• src/components/ChatInterface.tsx

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit Inference Engine (.cursor/rules/posthog-integration.mdc)

**/*.{js,jsx,ts,tsx}: Use a consistent naming convention for this storage. enum/const object members should be written UPPERCASE_WITH_UNDERSCORE.
If a custom property for a person or event is at any point referenced in two or more files or two or more callsites in the same file, use an enum or const object, as above in feature flags.

Files:

• src/components/ChatInterface.tsx

src/components/**/*.tsx

📄 CodeRabbit Inference Engine (.cursor/rules/project-overview.mdc)

Input sanitization and validation must be implemented throughout the codebase to provide XSS protection

Files:

• src/components/ChatInterface.tsx

🧠 Learnings (5)

📚 Learning: 2025-08-09T23:03:01.775Z

Learnt from: CR
PR: otdoges/zapdev#0
File: .cursor/rules/chat-ui-patterns.mdc:0-0
Timestamp: 2025-08-09T23:03:01.775Z
Learning: Applies to **/*ChatInterface*.tsx : Chat interfaces should follow the specified component structure: state management for selectedChatId, input, isTyping; useQuery for chats and messages; layout with ChatSidebar and ChatArea components.

Applied to files:

• src/components/ChatInterface.tsx

📚 Learning: 2025-08-09T23:03:01.775Z

Learnt from: CR
PR: otdoges/zapdev#0
File: .cursor/rules/chat-ui-patterns.mdc:0-0
Timestamp: 2025-08-09T23:03:01.775Z
Learning: Applies to **/*.{tsx} : Implement auto-scroll to bottom on new messages in chat interfaces.

Applied to files:

• src/components/ChatInterface.tsx

📚 Learning: 2025-08-09T23:03:01.775Z

Learnt from: CR
PR: otdoges/zapdev#0
File: .cursor/rules/chat-ui-patterns.mdc:0-0
Timestamp: 2025-08-09T23:03:01.775Z
Learning: Applies to **/*.{tsx} : Ensure proper keyboard navigation throughout the chat interface for accessibility.

Applied to files:

• src/components/ChatInterface.tsx

📚 Learning: 2025-08-09T23:03:01.775Z

Learnt from: CR
PR: otdoges/zapdev#0
File: .cursor/rules/chat-ui-patterns.mdc:0-0
Timestamp: 2025-08-09T23:03:01.775Z
Learning: Applies to **/*Sidebar*.tsx : Sidebar should collapse on mobile devices for responsive design.

Applied to files:

• src/components/ChatInterface.tsx

📚 Learning: 2025-08-09T23:03:01.775Z

Learnt from: CR
PR: otdoges/zapdev#0
File: .cursor/rules/chat-ui-patterns.mdc:0-0
Timestamp: 2025-08-09T23:03:01.775Z
Learning: Applies to **/*.{tsx} : Use Framer Motion's <AnimatePresence> and <motion.div> for animating message appearance and disappearance in chat UIs.

Applied to files:

• src/components/ChatInterface.tsx

🧬 Code Graph Analysis (1)

src/components/ChatInterface.tsx (7)

src/components/ui/dialog.tsx (5)

• Dialog (120-120)
• DialogTrigger (124-124)
• DialogContent (125-125)
• DialogHeader (126-126)
• DialogTitle (128-128)

src/components/ui/button.tsx (1)

• Button (56-56)

src/components/ui/scroll-area.tsx (1)

• ScrollArea (46-46)

src/components/ui/SafeText.tsx (1)

• SafeText (13-37)

src/components/E2BCodeExecution.tsx (1)

• E2BCodeExecution (51-427)

src/lib/sandbox.ts (1)

• executeCode (85-151)

src/lib/e2b-service.ts (1)

• executeCode (73-171)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: claude-review

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (3)

vite.config.ts (3)

4-10: If you must keep a suppression, use @ts-expect-error with a reason (but prefer removing it entirely)

Using @ts-ignore violates our lint rule and can mask unrelated errors. With the async loader above you can remove the suppression entirely. If you temporarily keep a suppression, use @ts-expect-error and include a short justification.

Example (not recommended if you adopt the async loader):

// @ts-expect-error: lovable-tagger has no types; plugin is optional in dev

---

4-10: Replace require + @ts-ignore + any with typed async dynamic import

This block violates multiple org rules and ESLint checks: usage of any, @ts-ignore, and require() in ESM. Prefer a typed dynamic import with no ts- directives.

Apply this diff to replace the top-level shim with a typed loader helper:

-let componentTagger: (() => any) | null = null;
-try {
-  // @ts-ignore - optional dev-only dependency
-  componentTagger = require("lovable-tagger").componentTagger;
-} catch (_err) {
-  componentTagger = null;
-}
+type ComponentTagger = () => import('vite').PluginOption;
+const loadComponentTagger = async (): Promise<ComponentTagger | null> => {
+  try {
+    const mod = await import('lovable-tagger');
+    return typeof mod.componentTagger === 'function' ? (mod.componentTagger as ComponentTagger) : null;
+  } catch {
+    // Optional dependency missing in non-dev/CI: omit plugin gracefully.
+    return null;
+  }
+};

Then make the config async and load conditionally (changes outside the selected lines shown below):

// change this:
export default defineConfig(({ mode }) => {
// to this:
export default defineConfig(async ({ mode }) => {
  const tagger = mode === 'development' ? await loadComponentTagger() : null;
  return {
    // ...
    plugins: [
      react(),
      tagger ? tagger() : null,
      VitePWA(/* ... */),
    ].filter(Boolean),
    // ...
  };
});

---

4-10: Eliminate the any type

The declared type (() => any) | null violates strict TS. The proposed approach removes any. If you need a quick interim fix, narrow it to the Vite Plugin type.

Interim minimal alternative (if not adopting the async loader yet):

type ComponentTagger = () => import('vite').PluginOption;
let componentTagger: ComponentTagger | null = null;

🧹 Nitpick comments (1)

vite.config.ts (1)

91-94: Ensure alias '@/’ exists as per repo standard

Guideline requires the '@/’ path alias to map to src/. You currently only define '@'. Keep '@' for backward compatibility, but add '@/’ to comply and avoid breaking imports that use '@/…'.

Outside the selected range, add:

resolve: {
  alias: {
    '@': path.resolve(__dirname, './src'),
    '@/': path.resolve(__dirname, './src'),
  },
},

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 15b2c53 and 918a3ed.

📒 Files selected for processing (3)

• package.json (0 hunks)
• vercel.json (1 hunks)
• vite.config.ts (2 hunks)

💤 Files with no reviewable changes (1)

• package.json

🧰 Additional context used

📓 Path-based instructions (4)

**/*.{ts,tsx}

📄 CodeRabbit Inference Engine (CLAUDE.md)

**/*.{ts,tsx}: Strict type safety enforced: no any types and strict null checks enabled in TypeScript
Input validation using Zod schemas

**/*.{ts,tsx}: All Convex queries and mutations MUST use proper authentication. Never accept user IDs from client parameters.
Always verify user owns the data before allowing access.
Use the authenticated user's identity.subject for user references.
Implement proper error messages that don't leak information.
Authentication verification in every function.
Authorization checks for data ownership.
Input validation and sanitization.
Error handling without information leakage.

**/*.{ts,tsx}: Use Sonner for toast notifications to provide consistent user feedback, including success, error, and loading states.
Always handle errors gracefully using try-catch blocks in asynchronous functions, providing user feedback and logging errors.
Provide specific, actionable error messages for form validation errors using toast notifications.
Handle common network error scenarios in catch blocks, providing appropriate toast messages for network errors, authentication errors, and unexpected errors.

If using TypeScript, use an enum to store flag names.

Strict TypeScript must be used with no 'any' types allowed

**/*.{ts,tsx}: NEVER use any type - use proper TypeScript types
Use unknown for truly unknown data types
Implement proper interface definitions
Do not use empty interfaces; use a type alias instead (e.g., type InputProps = ... instead of interface InputProps {})
All function parameters must be typed
All return types should be explicit for public APIs
Use proper generic constraints
Implement discriminated unions for state management
Use proper interface definitions for error handling types (e.g., interface ValidationResult { isValid: boolean; error?: string; })

**/*.{ts,tsx}: Always sanitize user input before storing or displaying using a sanitization function like sanitizeText.
Implement comprehensive input validation...

Files:

• vite.config.ts

{tsconfig.json,vite.config.{js,ts}}

📄 CodeRabbit Inference Engine (CLAUDE.md)

Path alias @/ points to src/

Files:

• vite.config.ts

vite.config.{js,ts}

📄 CodeRabbit Inference Engine (CLAUDE.md)

Vite runs on port 8080

Files:

• vite.config.ts

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit Inference Engine (.cursor/rules/posthog-integration.mdc)

**/*.{js,jsx,ts,tsx}: Use a consistent naming convention for this storage. enum/const object members should be written UPPERCASE_WITH_UNDERSCORE.
If a custom property for a person or event is at any point referenced in two or more files or two or more callsites in the same file, use an enum or const object, as above in feature flags.

Files:

• vite.config.ts

🧠 Learnings (6)

📚 Learning: 2025-08-09T23:03:40.158Z

Learnt from: CR
PR: otdoges/zapdev#0
File: .cursor/rules/typescript-standards.mdc:0-0
Timestamp: 2025-08-09T23:03:40.158Z
Learning: Applies to **/*.{ts,tsx} : NEVER use `any` type - use proper TypeScript types

Applied to files:

• vite.config.ts

📚 Learning: 2025-08-09T23:03:33.406Z

Learnt from: CR
PR: otdoges/zapdev#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-08-09T23:03:33.406Z
Learning: Applies to **/*.{ts,tsx} : Strict TypeScript must be used with no 'any' types allowed

Applied to files:

• vite.config.ts

📚 Learning: 2025-08-09T23:03:07.588Z

Learnt from: CR
PR: otdoges/zapdev#0
File: .cursor/rules/convex-security.mdc:0-0
Timestamp: 2025-08-09T23:03:07.588Z
Learning: Applies to **/*.{ts,tsx} : Implement proper error messages that don't leak information.

Applied to files:

• vite.config.ts

📚 Learning: 2025-08-09T23:02:41.801Z

Learnt from: CR
PR: otdoges/zapdev#0
File: CLAUDE.md:0-0
Timestamp: 2025-08-09T23:02:41.801Z
Learning: Applies to **/*.{ts,tsx} : Strict type safety enforced: no `any` types and strict null checks enabled in TypeScript

Applied to files:

• vite.config.ts

📚 Learning: 2025-08-09T23:03:07.588Z

Learnt from: CR
PR: otdoges/zapdev#0
File: .cursor/rules/convex-security.mdc:0-0
Timestamp: 2025-08-09T23:03:07.588Z
Learning: Applies to **/*.{ts,tsx} : Error handling without information leakage.

Applied to files:

• vite.config.ts

📚 Learning: 2025-08-09T23:02:41.801Z

Learnt from: CR
PR: otdoges/zapdev#0
File: CLAUDE.md:0-0
Timestamp: 2025-08-09T23:02:41.801Z
Learning: Applies to **/*.{ts,tsx} : Input validation using Zod schemas

Applied to files:

• vite.config.ts

🪛 GitHub Check: ESLint

vite.config.ts

[failure] 4-4: Disallow the any type
Unexpected any. Specify a different type.

---

[failure] 6-6: Disallow @ts-<directive> comments or require descriptions after directives
Use "@ts-expect-error" instead of "@ts-ignore", as "@ts-ignore" will do nothing if the following line is error-free.

---

[failure] 7-7: Disallow invocation of require()
A require() style import is forbidden.