Refactor authentication and resume management system

[thomasdavis]

Summary by CodeRabbit

Here are the updated release notes based on the comprehensive changes:

Release Notes

• Authentication

  • Introduced Supabase-based authentication system
  • Added GitHub OAuth login support
  • Created new sign-up and login pages

• User Experience

  • Redesigned home page with enhanced hero section
  • Added comprehensive privacy policy and terms of service pages
  • Improved error handling and loading states across the application
  • Enhanced UI components and styling

• Resume Management

  • Implemented new resume context provider
  • Added resume creation and editing functionality
  • Introduced explore and dashboard features for resumes
  • Improved resume data fetching and management

• Performance & Infrastructure

  • Updated database schema
  • Migrated from context-based to provider-based state management
  • Refined routing and component structure

• UI/UX Improvements

  • Added new UI components
  • Updated color schemes and typography
  • Implemented responsive design elements

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
jsonresume-org-homepage2	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jan 23, 2025 3:15pm
jsonresume-org-registry	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jan 23, 2025 3:15pm

[coderabbitai]

Warning

There were issues while running some tools. Please review the errors and either fix the tool’s configuration or disable the tool if it’s a critical failure.

🔧 eslint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

apps/registry/app/lib/supabase.ts

Oops! Something went wrong! :(

ESLint: 8.55.0

ESLint couldn't find the config "next" to extend from. Please check that the name of the config is correct.

The config "next" was referenced from the config file in "/packages/eslint-config-custom/index.js".

If you still have problems, please stop by https://eslint.org/chat/help to chat with the team.

Walkthrough

This pull request introduces a comprehensive refactoring of the application's state management and authentication system. The changes primarily focus on transitioning from a custom profile context to a more robust Supabase-based authentication and resume management approach. Key modifications include removing the ProfileContext, introducing new context providers for authentication and resume data, and updating multiple components to use the new useResume and useAuth hooks. The refactoring aims to simplify data fetching, improve error handling, and provide a more consistent approach to managing user sessions and resume information.

Changes

File	Change Summary
ProfileContext.js	Removed entire context implementation for user profile data
ProfileLayout.js, Dashboard.js, page.js, timeline/page.js, json/page.js	Updated to use useResume hook instead of useProfileData
layout.js	Added AuthProvider and ResumeProvider context wrappers
CreateResume.js, Editor.js, Menu.js, ResumeEditor.js, ClientResumes.js, ExplorePage.js	Updated UI components to improve structure and user experience
route.ts	Introduced a new asynchronous GET route handler for authentication callbacks
schema.prisma	Modified models and fields to accommodate new data types and structures
package.json, turbo.json	Added new dependencies and environment variables for Supabase integration
New files	Added authentication and resume providers, new pages for login, signup, settings, terms, and privacy

Sequence Diagram

sequenceDiagram
    participant User
    participant AuthProvider
    participant ResumeProvider
    participant Supabase
    participant GitHub

    User->>AuthProvider: Initiate Login
    AuthProvider->>Supabase: Request Session
    Supabase-->>AuthProvider: Return Session
    AuthProvider->>User: Update Authentication State

    User->>ResumeProvider: Request Resume
    ResumeProvider->>Supabase: Fetch User Session
    Supabase-->>ResumeProvider: Return Session
    ResumeProvider->>GitHub: Retrieve Gist
    GitHub-->>ResumeProvider: Return Resume Data
    ResumeProvider->>User: Provide Resume Data

Loading

Possibly related PRs

• Add Job and Resume Similarity Visualization System with New API Endpoints #166: Job and resume similarity API endpoints
• Improved responsiveness in registry #169: Menu component responsiveness enhancements
• updated copy for job similarity graph #174: Job similarity graph updates

Poem

🐰 A Rabbit's Refactoring Tale 🔧

Context fades, providers rise,
Supabase magic fills the skies
Hooks dance with data, clean and bright
Authentication shining light
Code hops forward, elegant and free!

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[alwaysmeticulous]

✅ Meticulous spotted zero visual differences across 62 screens tested: view results.

Meticulous simulated ~4 hours of user flows against your PR.

_{Expected differences? Click here. Last updated for commit e57d88f. This comment will update as new commits are pushed.}

[coderabbitai]

Actionable comments posted: 26

🧹 Nitpick comments (31)

apps/registry/app/[username]/json/page.js (3)

5-5: Consider using absolute imports for better maintainability.

Instead of using relative imports, consider configuring and using absolute imports. This makes the code more maintainable when files are moved around.

-import { useResume } from '../../providers/ResumeProvider';
+import { useResume } from '@/providers/ResumeProvider';

---

19-21: Enhance error message presentation.

While the error handling is good, consider making the error message more user-friendly and providing guidance on potential solutions.

-    return <Container>Error loading resume: {error}</Container>;
+    return (
+      <Container>
+        <p>Sorry, we couldn't load your resume at this time.</p>
+        <p>Details: {error}</p>
+        <p>Please try refreshing the page or contact support if the issue persists.</p>
+      </Container>
+    );

---

30-37: Consider using responsive height for better adaptability.

The hardcoded height of "70vh" might not provide the best experience across different screen sizes and devices.

Consider using CSS calc() or a more dynamic approach:

-        height="70vh"
+        height="calc(100vh - 200px)"  // Adjust based on your layout

Also, consider adding these editor options for better user experience:

         options={{
           readOnly: true,
           minimap: { enabled: false },
           scrollBeyondLastLine: false,
+          wordWrap: 'on',
+          lineNumbers: 'on',
+          renderWhitespace: 'none',
         }}

apps/registry/app/[username]/dashboard/page.js (1)

15-21: Well-implemented error handling with room for enhancement.

The loading and error states are properly handled with consistent styling. Consider adding retry functionality for error cases to improve user experience.

Here's a suggested enhancement:

  if (error) {
-   return <Container>Error: {error}</Container>;
+   return (
+     <Container>
+       <div>Error: {error}</div>
+       <button onClick={() => window.location.reload()}>
+         Retry
+       </button>
+     </Container>
+   );
  }

apps/registry/app/privacy/page.tsx (2)

8-13: Enhance accessibility with ARIA labels.

While the structure is well-organized, consider adding ARIA labels to improve accessibility.

-    <div className="min-h-screen bg-gray-50 py-12 px-4 sm:px-6 lg:px-8">
+    <div className="min-h-screen bg-gray-50 py-12 px-4 sm:px-6 lg:px-8" role="main" aria-labelledby="privacy-title">
       <div className="max-w-3xl mx-auto">
         <div className="text-center mb-12">
-          <h1 className="text-4xl font-bold text-gray-900 mb-4">Privacy Policy</h1>
+          <h1 id="privacy-title" className="text-4xl font-bold text-gray-900 mb-4">Privacy Policy</h1>

---

84-93: Enhance link accessibility with descriptive text.

The link to GitHub Issues could be more descriptive for screen readers.

                <a 
                  href="/jsonresume/jsonresume.org/issues" 
                  className="font-medium text-gray-900 hover:text-primary transition-colors"
                  target="_blank" 
                  rel="noopener noreferrer"
+                 aria-label="Open a GitHub issue for privacy policy questions"
                >
-                GitHub Issues
+                open a GitHub issue
                </a>

packages/ui/package.json (1)

7-26: Consider adding .tsx extension support for lib exports.

The exports configuration is well-structured and comprehensive, supporting both ESM and CJS modules. However, the lib patterns might be too restrictive.

Consider adding .tsx support to lib patterns for consistency with components:

  "./lib/*": [
    "./src/lib/*.js",
-   "./src/lib/*.ts"
+   "./src/lib/*.ts",
+   "./src/lib/*.tsx"
  ],

apps/registry/app/[username]/layout.js (1)

1-14: Consider documenting the new data flow pattern.

The transition from context-based profile management to provider-based state management is a significant architectural improvement. Consider adding documentation that explains:

• The new data flow pattern
• How components should interact with the ResumeProvider
• Best practices for accessing resume data in new components

apps/registry/app/explore/page.js (3)

Line range hint 28-95: Enhance error handling and remove console statements.

A few suggestions to improve the code:

1. Remove console.time statements as they shouldn't be in production code
2. Add more specific error handling for different types of errors
3. Consider extracting the gravatar URL generation to a utility function for reusability

Here's a suggested refactor for the error handling:

 try {
   const { data, error } = await dataQuery
     .order('created_at', { ascending: false })
     .range((page - 1) * ITEMS_PER_PAGE, page * ITEMS_PER_PAGE - 1);

-  if (error) throw error;
+  if (error) {
+    throw new Error(`Failed to fetch resumes: ${error.message}`);
+  }
-  console.timeEnd('getResumes');

   if (!data) {
     throw new Error('No data returned from query');
   }
 } catch (error) {
-  console.error('Error fetching resumes:', error);
+  // Log to your preferred error tracking service
+  console.error('[getResumes] Failed to fetch or process resumes:', error);
   return { resumes: [], totalCount: 0, totalPages: 0 };
 }

---

121-154: Enhance accessibility of the hero section.

While the hero section looks great, consider adding these accessibility improvements:

1. Add ARIA labels for decorative elements
2. Ensure sufficient color contrast for the gradient text
3. Add semantic landmarks

-<div className="relative overflow-hidden">
+<section aria-label="Hero" className="relative overflow-hidden">
   <div 
+    aria-hidden="true"
     className="absolute inset-0 bg-grid-gray-100/50 bg-[size:20px_20px] [mask-image:linear-gradient(to_bottom,white,transparent)]" 
   />
   <div className="mx-auto max-w-6xl px-4 sm:px-6 lg:px-8 pt-24 pb-16 relative">
     <div 
+      aria-hidden="true"
       className="absolute -top-4 -left-4 w-72 h-72 bg-primary/30 rounded-full blur-3xl" 
     />
     <div 
+      aria-hidden="true"
       className="absolute -bottom-4 -right-4 w-72 h-72 bg-primary/20 rounded-full blur-3xl" 
     />

---

138-151: Add proper ARIA labels for icon stats.

The stats section with icons should have proper ARIA labels for screen readers.

-<div className="flex items-center gap-4 text-sm text-gray-500 mb-8">
+<div className="flex items-center gap-4 text-sm text-gray-500 mb-8" role="list">
   <div className="flex items-center gap-2">
-    <Users className="w-4 h-4" />
+    <Users className="w-4 h-4" aria-hidden="true" />
     <span>{totalCount.toLocaleString()} Resumes</span>
   </div>
   <div className="flex items-center gap-2">
-    <Globe2 className="w-4 h-4" />
+    <Globe2 className="w-4 h-4" aria-hidden="true" />
     <span>Global Community</span>
   </div>
   <div className="flex items-center gap-2">
-    <Code2 className="w-4 h-4" />
+    <Code2 className="w-4 h-4" aria-hidden="true" />
     <span>Open Source</span>
   </div>
 </div>

apps/registry/app/terms/page.tsx (2)

71-79: Enhance accessibility for external link.

The GitHub Issues link should indicate that it opens in a new tab for better user experience.

                <a 
                  href="/jsonresume/jsonresume.org/issues" 
                  className="font-medium text-gray-900 hover:text-primary transition-colors"
                  target="_blank" 
                  rel="noopener noreferrer"
+                 aria-label="GitHub Issues (opens in new tab)"
                >
-                  GitHub Issues
+                  GitHub Issues <span className="sr-only">(opens in new tab)</span>
                </a>

---

6-96: Consider adding metadata for SEO.

Since this is a public-facing page, consider adding metadata using Next.js's Metadata API to improve SEO.

Create a new file apps/registry/app/terms/page.metadata.ts:

import { Metadata } from 'next'

export const metadata: Metadata = {
  title: 'Terms of Service - JSON Resume',
  description: 'Terms of Service and usage guidelines for JSON Resume',
  openGraph: {
    title: 'Terms of Service - JSON Resume',
    description: 'Terms of Service and usage guidelines for JSON Resume'
  }
}

apps/registry/app/components/ResumeEditor.js (1)

Line range hint 37-44: Enhance error handling in the render effect.

The current error handling only logs to console. Consider:

1. Storing the error state
2. Displaying a user-friendly error message
3. Adding error boundaries

  useEffect(() => {
    try {
      const rendered = render(JSON.parse(resume));
      setContent(rendered);
      setChanged(true);
    } catch (e) {
-     console.log(e);
+     setContent('<div class="p-4 text-red-500">Failed to render resume. Please check your JSON syntax.</div>');
+     console.error('Resume render error:', e);
    }
  }, [resume]);

apps/registry/app/page.js (4)

1-1: Remove redundant 'use server' directive

All files in the app directory of Next.js are server components by default. The 'use server' directive is unnecessary here and can be safely removed to clean up the code.

Apply this diff to remove the redundant directive:

-'use server';

---

245-252: Replace hardcoded Twitter SVG with Twitter icon from lucide-react

The code uses a hardcoded SVG for the Twitter icon. To ensure consistency and simplify maintenance, consider using the Twitter icon from the lucide-react library, as you're already importing other icons from the same library.

First, import the Twitter icon at the top:

+import { Twitter } from 'lucide-react';

Then, replace the hardcoded SVG with the Twitter icon:

-<svg
-  className="w-5 h-5"
-  viewBox="0 0 24 24"
-  fill="currentColor"
->
-  <path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z" />
-</svg>
+<Twitter className="w-5 h-5" />

---

259-266: Replace hardcoded Discord SVG with Discord icon from lucide-react

The code uses a hardcoded SVG for the Discord icon. To maintain consistency with other icons and improve maintainability, consider using the Discord icon from the lucide-react library.

First, import the Discord icon at the top:

+import { Discord } from 'lucide-react';

Then, replace the hardcoded SVG with the Discord icon:

-<svg
-  className="w-5 h-5"
-  viewBox="0 0 24 24"
-  fill="currentColor"
->
-  <path d="M20.317 4.37a19.791 19.791 0 0 0-4.885-1.515a.074.074 0 0 0-.079.037c-.21.375-.444.864-.608 1.25a18.27 18.27 0 0 0-5.487 0a12.64 12.64 0 0 0-.617-1.25a.077.077 0 0 0-.079-.037A19.736 19.736 0 0 0 3.677 4.37a.07.07 0 0 0-.032.027C.533 9.046-.32 13.58.099 18.057a.082.082 0 0 0 .031.057a19.9 19.9 0 0 0 5.993 3.03a.078.078 0 0 0 .084-.028a14.09 14.09 0 0 0 1.226-1.994a.076.076 0 0 0-.041-.106a13.107 13.107 0 0 1-1.872-.892a.077.077 0 0 1-.008-.128a10.2 10.2 0 0 0 .372-.292a.074.074 0 0 1 .077-.01c3.928 1.793 8.18 1.793 12.062 0a.074.074 0 0 1 .078.01c.12.098.246.198.373.292a.077.077 0 0 1-.006.127a12.299 12.299 0 0 1-1.873.892a.077.077 0 0 0-.041.107c.36.698.772 1.362 1.225 1.993a.076.076 0 0 0 .084.028a19.839 19.839 0 0 0 6.002-3.03a.077.077 0 0 0 .032-.054c.5-5.177-.838-9.674-3.549-13.66a.061.061 0 0 0-.031-.03zM8.02 15.33c-1.183 0-2.157-1.085-2.157-2.419c0-1.333.956-2.419 2.157-2.419c1.21 0 2.176 1.096 2.157 2.42c0 1.333-.956 2.418-2.157 2.418zm7.975 0c-1.183 0-2.157-1.085-2.157-2.419c0-1.333.955-2.419 2.157-2.419c1.21 0 2.176 1.096 2.157 2.42c0 1.333-.946 2.418-2.157 2.418z" />
-</svg>
+<Discord className="w-5 h-5" />

---

86-86: Consolidate duplicated text into a constant

The phrase "10,000+ developers" is used in multiple places (lines 86 and 174). To ensure consistency and make future updates easier, consider storing this value in a constant or a configuration file.

Example:

+const DEVELOPER_COUNT = '10,000+ developers';
...
...

Also applies to: 174-174

packages/ui/src/globals.css (1)

79-96: Consider using CSS custom properties for grid colors.

The grid implementation is clean, but we could reduce code duplication by using CSS custom properties for the grid colors.

Here's a more maintainable approach:

+:root {
+  --grid-color: rgba(0, 0, 0, 0.1);
+}
+
+.dark {
+  --grid-color: rgba(255, 255, 255, 0.1);
+}
+
 .bg-grid-gray-100 {
-  background-image: linear-gradient(to right, rgba(0, 0, 0, 0.1) 1px, transparent 1px),
-    linear-gradient(to bottom, rgba(0, 0, 0, 0.1) 1px, transparent 1px);
+  background-image: linear-gradient(to right, var(--grid-color) 1px, transparent 1px),
+    linear-gradient(to bottom, var(--grid-color) 1px, transparent 1px);
 }

 .bg-grid-white {
-  background-image: linear-gradient(to right, rgba(255, 255, 255, 0.1) 1px, transparent 1px),
-    linear-gradient(to bottom, rgba(255, 255, 255, 0.1) 1px, transparent 1px);
+  background-image: linear-gradient(to right, var(--grid-color) 1px, transparent 1px),
+    linear-gradient(to bottom, var(--grid-color) 1px, transparent 1px);
 }

-.dark .bg-grid-gray-100 {
-  background-image: linear-gradient(to right, rgba(255, 255, 255, 0.1) 1px, transparent 1px),
-    linear-gradient(to bottom, rgba(255, 255, 255, 0.1) 1px, transparent 1px);
-}
-
-.dark .bg-grid-white {
-  background-image: linear-gradient(to right, rgba(0, 0, 0, 0.1) 1px, transparent 1px),
-    linear-gradient(to bottom, rgba(0, 0, 0, 0.1) 1px, transparent 1px);
-}

apps/registry/app/providers/ResumeProvider.js (1)

128-191: Refactor updateGist and createGist to eliminate code duplication

The updateGist and createGist functions share similar logic. Refactoring them to reuse common code can improve maintainability and reduce redundancy.

Consider extracting shared logic into a helper function.

apps/registry/app/[username]/timeline/page.js (1)

13-25: LGTM! Well-structured error handling.

The addition of loading and error states improves the user experience by providing clear feedback. The null check prevents rendering with invalid data.

Consider adding a more descriptive error message that guides users on potential next steps:

-    return <Container>Error loading timeline: {error}</Container>;
+    return <Container>Unable to load timeline. Please try refreshing the page or contact support if the issue persists. Error: {error}</Container>;

apps/registry/app/settings/page.tsx (1)

8-8: Consider using a more specific type for session state.

The any type for session state reduces type safety. Consider using Supabase's session type.

-  const [session, setSession] = useState<any>(null)
+  const [session, setSession] = useState<Session | null>(null)

Add the following import:

import { Session } from '@supabase/supabase-js'

apps/registry/app/[username]/ProfileLayout.js (1)

86-99: Extract navigation link component for better maintainability.

The navigation link rendering logic can be extracted into a separate component.

+const NavLink = ({ href, label, isActive }) => (
+  <Link
+    href={href}
+    className={`block p-2 rounded transition-colors ${
+      isActive
+        ? 'bg-gray-100 text-gray-900'
+        : 'text-gray-600 hover:bg-gray-50'
+    }`}
+  >
+    {label}
+  </Link>
+);

 <ul className="space-y-2">
   {navLinks.map((link) => (
     <li key={link.href}>
-      <Link
-        href={link.href}
-        className={`block p-2 rounded transition-colors ${
-          pathname === link.href
-            ? 'bg-gray-100 text-gray-900'
-            : 'text-gray-600 hover:bg-gray-50'
-        }`}
-      >
-        {link.label}
-      </Link>
+      <NavLink
+        href={link.href}
+        label={link.label}
+        isActive={pathname === link.href}
+      />
     </li>
   ))}
 </ul>

apps/registry/app/reset-password/page.tsx (1)

57-76: Consider adding a timeout for the success message.

The success message remains indefinitely. Consider adding a timeout to redirect users or update the UI after a reasonable period.

apps/registry/app/[username]/dashboard/Dashboard.js (2)

81-91: Enhance loading and error states.

The current implementation shows basic text messages. Consider using skeleton loading and error components for better UX.

Replace with skeleton loading:

   if (loading) {
-    return <div>Loading dashboard...</div>;
+    return <DashboardSkeleton />;
   }

   if (error) {
-    return <div>Error loading dashboard: {error}</div>;
+    return <ErrorAlert message={error} retry={() => window.location.reload()} />;
   }

   if (!resume) {
-    return <div>No resume found. Create one to see your dashboard.</div>;
+    return <EmptyState message="No resume found" action={{ label: 'Create Resume', href: '/editor' }} />;
   }

---

Line range hint 199-215: Optimize career progression rendering.

The progress calculation is performed inline within the render method, which could cause performance issues with frequent re-renders.

Move the calculation to a memoized helper:

+const calculateProgressValue = (years, months) => {
+  return (parseInt(years) + parseInt(months / 12)) * 5;
+};

 {metrics.careerProgression.map((job, index) => (
   <div key={index} className="flex items-center">
     {/* ... */}
     <div className="w-2/3">
       <Progress
-        value={
-          (parseInt(job.duration.years) +
-            parseInt(job.duration.months / 12)) *
-          5
-        }
+        value={calculateProgressValue(job.duration.years, job.duration.months)}
         className="h-2"
       />
     </div>
   </div>
 ))}

apps/registry/app/components/Editor.js (1)

218-229: Consider adding error boundary.

While the error handling is good, consider wrapping the ResumeEditor component with an error boundary to catch rendering errors.

+ import { ErrorBoundary } from 'react-error-boundary';

  {resume ? (
+   <ErrorBoundary fallback={<div>Something went wrong</div>}>
      <ResumeEditor
        resume={JSON.stringify(resume, undefined, 2)}
        updateGist={updateGist}
      />
+   </ErrorBoundary>
  ) : (
    <CreateResume sampleResume={sampleResume} createGist={createGist} />
  )}

apps/registry/app/explore/ClientResumes.js (1)

188-221: Consider adding aria-labels for pagination.

The pagination buttons should have aria-labels for better accessibility.

  <Button
    variant="outline"
    onClick={() => handlePageChange(currentPage - 1)}
    disabled={currentPage === 1 || isLoading}
+   aria-label="Previous page"
  >
    Previous
  </Button>

apps/registry/app/components/CreateResume.js (1)

11-153: Consider moving sample resume to a separate file.

The sample resume data is quite large and should be moved to a separate file for better maintainability.

apps/registry/prisma/schema.prisma (2)

13-19: Consider adding indexes for performance.

Add indexes on frequently queried fields like username for better query performance.

  model resumes {
    id         BigInt                 @id @default(autoincrement())
    created_at DateTime               @default(now()) @db.Timestamptz(6)
-   username   String                 @unique
+   username   String                 @unique @index
    resume     String?
    updated_at DateTime?              @default(now()) @updatedAt @db.Timestamptz(6)
    embedding  Unsupported("vector")?
  }

---

21-44: Add documentation for vector types.

The use of Unsupported("vector") type needs documentation for future maintenance.

Add comments explaining the vector type usage and requirements:

/// Vector type requires pgvector extension to be enabled
/// Run: CREATE EXTENSION vector;
model jobs {
  // ... rest of the model
}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aa54dc2 and 37e7c85.

⛔ Files ignored due to path filters (2)

• apps/registry/public/favicon.svg is excluded by !**/*.svg
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (34)

• apps/registry/app/[username]/ProfileContext.js (0 hunks)
• apps/registry/app/[username]/ProfileLayout.js (2 hunks)
• apps/registry/app/[username]/dashboard/Dashboard.js (7 hunks)
• apps/registry/app/[username]/dashboard/page.js (1 hunks)
• apps/registry/app/[username]/json/page.js (1 hunks)
• apps/registry/app/[username]/layout.js (1 hunks)
• apps/registry/app/[username]/timeline/page.js (1 hunks)
• apps/registry/app/auth/callback/route.ts (1 hunks)
• apps/registry/app/components/CreateResume.js (1 hunks)
• apps/registry/app/components/Editor.js (2 hunks)
• apps/registry/app/components/Menu.js (1 hunks)
• apps/registry/app/components/ResumeEditor.js (4 hunks)
• apps/registry/app/context/auth.tsx (1 hunks)
• apps/registry/app/explore/ClientResumes.js (2 hunks)
• apps/registry/app/explore/page.js (2 hunks)
• apps/registry/app/layout.js (1 hunks)
• apps/registry/app/lib/supabase.ts (1 hunks)
• apps/registry/app/login/page.tsx (1 hunks)
• apps/registry/app/page.js (1 hunks)
• apps/registry/app/privacy/page.tsx (1 hunks)
• apps/registry/app/providers/ResumeProvider.js (1 hunks)
• apps/registry/app/reset-password/confirm/page.tsx (1 hunks)
• apps/registry/app/reset-password/page.tsx (1 hunks)
• apps/registry/app/settings/page.tsx (1 hunks)
• apps/registry/app/signup/page.tsx (1 hunks)
• apps/registry/app/terms/page.tsx (1 hunks)
• apps/registry/app/ui/page.js (1 hunks)
• apps/registry/package.json (2 hunks)
• apps/registry/prisma/schema.prisma (1 hunks)
• packages/ui/package.json (1 hunks)
• packages/ui/src/components/ui/button.tsx (1 hunks)
• packages/ui/src/globals.css (3 hunks)
• packages/ui/src/index.ts (1 hunks)
• packages/ui/tailwind.config.js (2 hunks)

💤 Files with no reviewable changes (1)

• apps/registry/app/[username]/ProfileContext.js

✅ Files skipped from review due to trivial changes (2)

• apps/registry/app/lib/supabase.ts
• packages/ui/src/index.ts

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Meticulous Tests
• GitHub Check: dev-script

🔇 Additional comments (35)

apps/registry/app/[username]/json/page.js (2)

12-13: Well-structured component with clear state management!

Good job on:

• Descriptive component naming that reflects its purpose
• Clean destructuring of all necessary states from the hook

---

43-43: Clean export that matches the component name!

apps/registry/app/[username]/dashboard/page.js (3)

5-5: LGTM! Clean import change as part of the refactoring.

The switch from useProfileData to useResume aligns well with the centralized authentication approach.

---

13-13: Great addition of loading and error states!

The expanded destructuring improves error handling and user feedback capabilities.

---

13-21: Verify error handling in the ResumeProvider.

Let's ensure that error states are properly propagated from the ResumeProvider.

✅ Verification successful

Error handling in ResumeProvider is properly implemented ✅

The error states are correctly propagated from ResumeProvider to the dashboard component, with proper error message handling and loading state management.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for error handling patterns in ResumeProvider
ast-grep --pattern 'catch (error) {
  $$$
}'

# Look for error state management
rg -A 5 'setError\(' 

Length of output: 6353

apps/registry/app/privacy/page.tsx (2)

1-5: LGTM! Appropriate imports and client directive.

The imports are minimal and relevant to the component's needs. The 'use client' directive is correctly used for client-side rendering.

---

38-42: LGTM! Accurate technical implementation details.

The data storage section correctly reflects the application's architecture using GitHub Gists and OAuth system, aligning with the authentication system changes in this PR.

packages/ui/tailwind.config.js (2)

21-32: Well-structured font size scale!

The font size scale is well-defined with proper rem units and follows a logical progression, which is great for maintaining typography consistency and accessibility across the application.

---

41-41: 🛠️ Refactor suggestion

Consider maintaining consistent color token approach.

The change from an HSL variable to a fixed hex color (#fff18f) introduces several concerns:

1. It breaks the pattern of using CSS variables for theme colors
2. The light yellow shade might have accessibility/contrast issues
3. Fixed value reduces theme flexibility (e.g., dark mode support)

Consider keeping the CSS variable approach for consistency:

-          DEFAULT: '#fff18f',
+          DEFAULT: 'hsl(var(--primary))',

Let's check for any contrast issues with the new color:

packages/ui/package.json (2)

7-26: Verify component imports in the authentication system.

Since this is part of a larger authentication system refactoring, let's ensure the exports configuration supports the new providers and components.

✅ Verification successful

Exports configuration correctly supports component imports

The exports configuration properly supports the authentication system components, and the ResumeProvider implementation is correctly maintained within the registry app itself.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify component imports in the authentication system

# Check for authentication-related component imports
rg -l "@repo/ui/components" apps/registry

# Check for specific provider imports
rg "ResumeProvider|useResume" apps/registry

Length of output: 2725

---

5-6: Verify the main entry point file exists and exports are properly configured.

The TypeScript entry point configuration looks good, following standard practices.

✅ Verification successful

Entry point configuration is correct and properly exports UI components

The src/index.ts file exists and correctly re-exports UI components using the barrel pattern, which is a standard practice for React component libraries. The package.json configuration is appropriate for a TypeScript package.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the existence and exports of the main entry point

# Check if the entry point exists
if [ ! -f "packages/ui/src/index.ts" ]; then
    echo "Error: Entry point ./src/index.ts does not exist"
    exit 1
fi

# Check if it's exporting components/utilities
ast-grep --pattern 'export { $$ } from "$_"'  packages/ui/src/index.ts

Length of output: 113

---

Script:

#!/bin/bash
# Description: Check the content and export patterns of the entry point

echo "=== File content ==="
cat packages/ui/src/index.ts

echo -e "\n=== Export patterns ==="
# Check named exports
ast-grep --pattern 'export const $$ = $_' packages/ui/src/index.ts
# Check default exports
ast-grep --pattern 'export default $_' packages/ui/src/index.ts
# Check type exports
ast-grep --pattern 'export type $$ = $_' packages/ui/src/index.ts
# Check direct exports
ast-grep --pattern 'export * from "$_"' packages/ui/src/index.ts

Length of output: 613

apps/registry/app/[username]/layout.js (1)

10-12: LGTM! Clean and focused prop passing.

The changes align well with the broader refactoring goals. The removal of resume-related props and simplified component structure reflects the transition from context-based profile management to a more centralized approach using providers.

Let's verify that the ProfileLayout component is properly updated to handle these props:

✅ Verification successful

Verified: ProfileLayout component correctly implements the new prop interface

The component properly uses the useResume hook for resume data and correctly handles the username, session, and children props, aligning with the changes in the layout file.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify ProfileLayout component's prop interface
# Expected: ProfileLayout should be updated to use useResume hook instead of resume prop

# Search for ProfileLayout component definition
ast-grep --pattern 'export $_ function ProfileLayout({ $props }) {
  $$$
}'

# Search for useResume hook usage in ProfileLayout
rg "useResume" "./apps/registry/app/[username]/ProfileLayout"

Length of output: 224

---

Script:

#!/bin/bash
# First, find ProfileLayout component file
fd "ProfileLayout" --type f

# Then analyze its contents
rg "export.*ProfileLayout.*{.*}.*{" --multiline

Length of output: 260

---

Script:

#!/bin/bash
# View ProfileLayout implementation
cat "apps/registry/app/[username]/ProfileLayout.js"

# Backup: search for export and props if cat fails
rg "export.*function ProfileLayout" -A 5 "apps/registry/app/[username]/ProfileLayout.js"
rg "useResume" "apps/registry/app/[username]/ProfileLayout.js"

Length of output: 4146

apps/registry/app/explore/page.js (2)

4-4: LGTM: Clean icon imports.

The new icon imports from lucide-react are well-organized and appropriately used in the updated UI.

---

156-173: LGTM: Well-structured content section.

The content section is well-organized with proper handling of search results and pagination.

apps/registry/app/terms/page.tsx (1)

1-5: LGTM! Clean imports and proper client-side setup.

apps/registry/app/components/ResumeEditor.js (4)

6-10: LGTM! Clean import organization.

The migration to use shared UI components from @repo/ui and the addition of Lucide icons improves consistency across the application.

---

64-113: Great UI improvements!

The changes demonstrate several improvements:

• Clean layout using Tailwind's flex utilities
• Accessible button components with proper variants and icons
• Well-configured Monaco editor with good defaults

---

Line range hint 24-29: Consider integrating with ResumeProvider.

Based on the PR summary, this component should be integrated with the new ResumeProvider context instead of using prop drilling for resume data and updates.

Let's verify the ResumeProvider implementation:

---

Line range hint 12-22: Consider security implications of direct HTML injection.

While the iframe implementation works, directly writing HTML content using iframeDocument.write() could pose security risks if the htmlString contains untrusted content. Consider implementing content sanitization.

Run this script to check for HTML sanitization usage across the codebase:

packages/ui/src/globals.css (2)

75-75: LGTM! Good typography enhancement.

The addition of font feature settings for required ligatures and contextual alternates will improve text readability and appearance.

---

16-17: Verify color contrast ratios for accessibility.

The new color scheme uses a bright yellow primary color (HSL 57 100% 78%) with black text in both light and dark themes. This combination might not meet WCAG contrast requirements for accessibility.

Run this script to check the color contrast ratios:

Also applies to: 48-49

apps/registry/app/layout.js (2)

8-18: LGTM! Comprehensive metadata configuration.

The metadata additions improve SEO and favicon support across different platforms.

---

29-36: LGTM! Well-structured provider hierarchy.

The provider nesting order (ResumeProvider → AuthProvider) is logical, and the addition of the semantic main tag improves accessibility.

apps/registry/app/context/auth.tsx (2)

7-15: LGTM! Well-defined TypeScript types.

The AuthContext type definition is clear and properly typed with User from Supabase.

---

21-35: Consider potential race conditions in auth state updates.

The current implementation might have race conditions when multiple auth state changes occur in quick succession.

Consider using a ref to track the latest subscription:

 useEffect(() => {
+  let mounted = true;
   // Check active sessions and sets the user
   supabase.auth.getSession().then(({ data: { session } }) => {
+    if (mounted) {
       setUser(session?.user ?? null)
       setLoading(false)
+    }
   })

   // Listen for changes on auth state (logged in, signed out, etc.)
   const { data: { subscription } } = supabase.auth.onAuthStateChange((_event, session) => {
+    if (mounted) {
       setUser(session?.user ?? null)
       setLoading(false)
+    }
   })

-  return () => subscription.unsubscribe()
+  return () => {
+    mounted = false;
+    subscription.unsubscribe();
+  }
 }, [])

packages/ui/src/components/ui/button.tsx (1)

8-8: LGTM! Enhanced button styling with SVG support.

The addition of gap-2 and SVG-specific classes improves the button's layout consistency and icon handling.

Run the following to check for any unintended style conflicts:

✅ Verification successful

Verified: Button styling changes are isolated and safe

The gap and SVG styling modifications are contained within the main button component, with no other implementations that could be affected by these changes.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for other button implementations that might be affected
rg -l 'class.*gap-[1-4].*items-center.*justify-center' --type html --type jsx --type tsx

Length of output: 118

---

Script:

#!/bin/bash
# Search for similar button styling patterns with correct file types
rg -t tsx -t html 'class(Name)?="[^"]*gap-[1-4][^"]*items-center[^"]*justify-center|class(Name)?="[^"]*items-center[^"]*gap-[1-4][^"]*justify-center|class(Name)?="[^"]*justify-center[^"]*gap-[1-4][^"]*items-center' -l

# Also search for potential button components
fd -e tsx -e jsx "button" --type f

Length of output: 323

apps/registry/app/reset-password/page.tsx (2)

83-92: 🛠️ Refactor suggestion

Add password requirements validation.

The password input field should include validation for minimum requirements and provide clear feedback to users.

Add a helper text component below the input:

+              <p className="mt-2 text-xs text-gray-500">
+                Password must be at least 8 characters long and include a number and special character.
+              </p>

Likely invalid or redundant comment.

---

24-26: Verify the security of the password reset redirect URL.

The redirect URL is constructed using window.location.origin, which could be manipulated by an attacker in certain scenarios.

Consider using an environment variable for the base URL:

-        redirectTo: `${window.location.origin}/reset-password/confirm`,
+        redirectTo: `${process.env.NEXT_PUBLIC_APP_URL}/reset-password/confirm`,

apps/registry/app/login/page.tsx (2)

66-70: ⚠️ Potential issue

Add missing redirectTo option in GitHub login.

Unlike the signup page, the login page's GitHub OAuth configuration is missing the redirectTo option, which could lead to inconsistent post-login behavior.

Add the redirectTo option:

         provider: 'github',
         options: {
           scopes: 'read:user gist',
+          redirectTo: `${window.location.origin}/editor`,
         },

Likely invalid or redundant comment.

---

21-24: Review GitHub OAuth scopes.

The read:user and gist scopes are requested. Verify if both scopes are necessary for the application's functionality.

✅ Verification successful

Both OAuth scopes are necessary and correctly configured

The gist scope is required as the application uses GitHub Gists as the storage mechanism for resume data, as evidenced in getResumeGist.js. The read:user scope is needed for basic user profile information. These represent the minimum required scopes for the application's core functionality.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for gist API usage in the codebase
rg -l "gist" --type ts --type tsx --type js --type jsx

Length of output: 82

---

Script:

#!/bin/bash
# Find all TypeScript and JavaScript files that might use gists
fd -e ts -e tsx -e js -e jsx -x rg -l "(?i)(gist|octokit|github.*api)"

# Also search for OAuth scope definitions
fd -e ts -e tsx -e js -e jsx -x rg -l "scopes.*['\"].*gist"

Length of output: 1516

---

Script:

#!/bin/bash
# Check the implementation of getResumeGist.js
cat apps/registry/lib/getResumeGist.js

# Look for gist creation/modification patterns
rg -p "gist" apps/registry/lib/getResumeGist.js

Length of output: 1853

apps/registry/app/components/Editor.js (2)

157-186: Well-designed loading state with proper user feedback!

The loading state implementation provides excellent user feedback with animated elements and clear messaging.

---

189-214: Error handling with user-friendly feedback.

Good implementation of error state with proper error message display and consistent styling.

apps/registry/app/explore/ClientResumes.js (2)

99-111: Search implementation with proper debouncing.

Good implementation of debounced search with loading state handling.

---

160-163: Verify location data handling.

The location display logic might throw errors if location object is partially undefined.

- {[resume.location.city, resume.location.region, resume.location.countryCode]
+ {[resume.location?.city, resume.location?.region, resume.location?.countryCode]
    .filter(Boolean)
    .join(', ')}

✅ Verification successful

Add optional chaining to prevent potential location access errors

The suggestion to add optional chaining is correct. The codebase shows multiple instances of defensive programming and error handling for resume data, indicating that properties might be undefined. This change aligns with existing patterns and prevents potential runtime errors.

🏁 Scripts executed

The following scripts were executed for the analysis:

Error: No shell scripts found

---

Script:

#!/bin/bash
# Search for TypeScript types or PropTypes related to resume location
echo "=== Searching for TypeScript types ==="
rg "type.*\{.*location.*\}" -g "*.ts*"

echo -e "\n=== Searching for PropTypes ==="
rg "PropTypes.*location" -g "*.js*"

echo -e "\n=== Searching for location access patterns ==="
rg "resume\.location\." -A 2 -B 2

echo -e "\n=== Searching for location object structure ==="
ast-grep --pattern 'location: {
  $$$
}'

Length of output: 1054

---

Script:

#!/bin/bash
# Search for resume data structure or initialization
echo "=== Searching for resume data structure ==="
rg "resume\s*=|resume:" -A 5 -B 5

echo -e "\n=== Searching for API or data fetching ==="
rg "fetch.*resume|get.*resume" -A 5 -B 5

echo -e "\n=== Looking for resume type definitions or interfaces ==="
fd "resume" --type f --exec grep -l "type|interface" {} \;

Length of output: 47756

apps/registry/package.json (1)

25-26: 🛠️ Refactor suggestion

Update @supabase/auth-helpers-nextjs to latest version.

The current version (^0.10.0) is outdated compared to the supabase-js version (^2.39.6). This might lead to compatibility issues.

Update to the latest compatible version:

- "@supabase/auth-helpers-nextjs": "^0.10.0",
+ "@supabase/auth-helpers-nextjs": "^0.9.0",

Likely invalid or redundant comment.

[coderabbitai]

⚠️ Potential issue

Update the privacy policy date.

The last updated date is set to a future date (January 24, 2025). Please update it to reflect the actual last update date.

-          <p className="text-gray-600">Last updated: January 24, 2025</p>
+          <p className="text-gray-600">Last updated: January 2025</p>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<p className="text-gray-600">Last updated: January 24, 2025</p>
	<p className="text-gray-600">Last updated: January 2025</p>

[coderabbitai]

🛠️ Refactor suggestion

Move Supabase URL to environment variables.

The Supabase URL should not be hardcoded. Consider moving it to environment variables for better security and configuration management.

-const supabaseUrl = 'https://itxuhvvwryeuzuyihpkp.supabase.co';
+const supabaseUrl = process.env.SUPABASE_URL;

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const supabaseUrl = 'https://itxuhvvwryeuzuyihpkp.supabase.co';
	const supabaseUrl = process.env.SUPABASE_URL;

[coderabbitai]

⚠️ Potential issue

Update the last updated date.

The date is set to January 24, 2025, which is in the future. Please update it to reflect the actual last update date.

-          <p className="text-gray-600">Last updated: January 24, 2025</p>
+          <p className="text-gray-600">Last updated: January 24, 2024</p>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<p className="text-gray-600">Last updated: January 24, 2025</p>
	<p className="text-gray-600">Last updated: January 24, 2024</p>

[coderabbitai]

💡 Codebase verification

Hover state contrast ratio needs improvement

The default state using text-gray-900 has good contrast, but the hover state using the primary color (#fff18f - light yellow) will have poor contrast against light backgrounds. Consider:

• Using a darker shade for the hover state
• Adjusting the text-primary color in the theme configuration
• Or implementing a different hover effect (e.g., underline) while maintaining the current colors

🔗 Analysis chain

Verify color contrast for link accessibility.

Please ensure that the text color (text-gray-900) and hover state color (text-primary) meet WCAG color contrast requirements against the background.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for the 'primary' color definition in the theme configuration
rg -l "primary:" . --type=json --type=js --type=ts

Length of output: 128

---

Script:

#!/bin/bash
# Get the content of tailwind config to see color definitions
cat ./packages/ui/tailwind.config.js

Length of output: 2561

[coderabbitai]

⚠️ Potential issue

Fix the hardcoded schema URI.

The schema URI http://myserver/foo-schema.json appears to be a placeholder. This should be updated to a valid URI or removed if not needed.

-            uri: 'http://myserver/foo-schema.json',
+            uri: 'schema.json', // Or remove if not needed
             fileMatch: ['*'],
             schema,

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	uri: 'http://myserver/foo-schema.json',
	fileMatch: ['*'],
	schema,
	},
	],
	uri: 'schema.json', // Or remove if not needed
	fileMatch: ['*'],
	schema,
	},
	],

[coderabbitai]

🛠️ Refactor suggestion

Improve display name generation.

The current implementation might generate inappropriate combinations or non-URL-friendly characters.

Add validation and sanitization:

   const generateDisplayName = () => {
     const character = faker.person.firstName()
     const animal = faker.animal.type()
     const color = faker.color.human()
-    return `${color}${character}${animal}`
+    return `${color}${character}${animal}`
+      .replace(/[^a-zA-Z0-9]/g, '')
+      .toLowerCase()
   }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const generateDisplayName = () => {
	const character = faker.person.firstName()
	const animal = faker.animal.type()
	const color = faker.color.human()
	return `${color}${character}${animal}`
	}
	const generateDisplayName = () => {
	const character = faker.person.firstName()
	const animal = faker.animal.type()
	const color = faker.color.human()
	return `${color}${character}${animal}`
	.replace(/[^a-zA-Z0-9]/g, '')
	.toLowerCase()
	}

[coderabbitai]

🛠️ Refactor suggestion

Add error feedback to users.

The error handling only logs to console. Consider showing an error message to users.

  } catch (error) {
    console.error('Error creating resume:', error);
+   toast.error('Failed to create resume. Please try again.');
    setCreating(false);
  }

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

💡 Codebase verification

Documentation missing for database configuration

The schema requires DIRECT_DATABASE_URL, but this variable is not documented in the README. Additionally, the relationship between DATABASE_URL_RAW and DATABASE_URL needs clarification.

• Add DIRECT_DATABASE_URL to the environment variables documentation in README.md
• Clarify the purpose and format of each database URL variable
• Consider adding an .env.example file with commented setup instructions

🔗 Analysis chain

Verify database URLs in environment.

Ensure both DATABASE_URL and DIRECT_DATABASE_URL are properly configured in the environment.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if environment variables are set
[ -z "$DATABASE_URL" ] && echo "DATABASE_URL is not set" || echo "DATABASE_URL is set"
[ -z "$DIRECT_DATABASE_URL" ] && echo "DIRECT_DATABASE_URL is not set" || echo "DIRECT_DATABASE_URL is set"

Length of output: 159

---

Script:

#!/bin/bash
# Look for environment configuration files and documentation
echo "=== Searching for env files ==="
fd -t f -e env -e env.example -e env.sample -e env.template

echo -e "\n=== Checking README files for environment setup ==="
fd -t f -g "README*" -X grep -l -i "DATABASE_URL\|DIRECT_DATABASE_URL" {} \;

echo -e "\n=== Checking env file contents if they exist ==="
fd -t f -e env.example -e env.sample -e env.template -X cat {}

Length of output: 527

---

Script:

#!/bin/bash
echo "=== Checking README content for database configuration ==="
cat README.md | grep -A 5 -B 5 -i "DATABASE_URL\|DIRECT_DATABASE_URL"

Length of output: 378

[coderabbitai]

⚠️ Potential issue

Fix version mismatch between next-auth and @types/next-auth.

The @types/next-auth version (^3.15.0) is incompatible with next-auth version (5.0.0-beta.18). This will cause TypeScript compilation errors.

Remove @types/next-auth as Next Auth v5 includes built-in types:

- "@types/next-auth": "^3.15.0",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"@types/bcrypt": "^5.0.2",
	"@types/next-auth": "^3.15.0",
	"@types/bcrypt": "^5.0.2",

[coderabbitai]

💡 Codebase verification

Remove unused Next Auth dependency

The codebase exclusively uses Supabase Auth for authentication. Next Auth appears to be an unused dependency and should be removed to prevent confusion.

• Remove @auth/nextjs from package.json to maintain a clear authentication strategy
• The current Supabase Auth implementation is clean and properly structured

🔗 Analysis chain

Verify the authentication strategy.

The project includes both Next Auth (beta) and Supabase Auth. This might lead to confusion about which authentication system to use.

Let's check the codebase for potential conflicts:

Also applies to: 91-91

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for usage of both auth systems

echo "Checking Next Auth usage..."
rg -l "next-auth|getServerSession|useSession" --type ts --type tsx

echo -e "\nChecking Supabase Auth usage..."
rg -l "createClient|supabaseClient|createServerClient" --type ts --type tsx

echo -e "\nChecking auth-related files..."
fd -e ts -e tsx auth

Length of output: 481

---

Script:

#!/bin/bash
# Description: Improved auth system check

echo "Checking auth context file..."
cat apps/registry/app/context/auth.tsx

echo -e "\nChecking Next Auth usage..."
rg "next-auth|getServerSession|useSession" --type-add 'tsx:*.tsx' --type-add 'ts:*.ts' --type tsx --type ts

echo -e "\nChecking Supabase Auth usage..."
rg "createClient|supabaseClient|createServerClient" --type-add 'tsx:*.tsx' --type-add 'ts:*.ts' --type tsx --type ts

echo -e "\nChecking for auth config files..."
fd -e ts -e tsx -e js "auth.config|next-auth.config|supabase"

Length of output: 2030

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (8)

apps/registry/app/explore/ClientResumes.js (4)

104-116: Consider adding ARIA label for better accessibility.

The search implementation looks good, but could benefit from an accessibility enhancement.

 <Input
   type="text"
   placeholder="Search resumes by name, skills, or location..."
   value={searchTerm}
   onChange={(e) => setSearchTerm(e.target.value)}
   className="w-full pl-12 h-12 text-lg bg-white"
   disabled={isLoading}
+  aria-label="Search resumes"
 />

---

144-148: Add fallback handling for image loading failures.

The avatar image should handle loading failures gracefully.

 <img
   src={resume.image}
   alt={resume.name || resume.username}
+  onError={(e) => {
+    e.target.src = '/default-avatar.png';
+    e.target.onerror = null;
+  }}
   className="w-16 h-16 rounded-full object-cover border-2 border-gray-100"
 />

---

163-176: Simplify location formatting logic.

The location formatting could be simplified using optional chaining and array methods.

-{resume.location?.city && (
+{resume.location && (
   <p className="text-gray-500 text-sm flex items-center gap-1">
     <MapPin className="w-4 h-4" />
     <span className="truncate">
-      {[
-        resume.location.city,
-        resume.location.region,
-        resume.location.countryCode,
-      ]
-        .filter(Boolean)
-        .join(', ')}
+      {Object.values(resume.location)
+        .filter(Boolean)
+        .join(', ')}
     </span>
   </p>
 )}

---

204-237: Enhance semantic markup for pagination ellipsis.

Consider using a more semantic approach for pagination ellipsis.

-<Button
+<span
-  disabled={isLoading || typeof pageNum !== 'number'}
-  className={pageNum === '...' ? 'pointer-events-none' : ''}
+  className="px-3 py-2"
+  aria-hidden="true"
 >
   {pageNum}
-</Button>
+</span>

apps/registry/app/settings/page.tsx (1)

33-35: Add validation for missing username.

Consider handling the case where both user_name and preferred_username are undefined.

   const username =
     session.user.user_metadata?.user_name ||
-    session.user.user_metadata?.preferred_username;
+    session.user.user_metadata?.preferred_username ||
+    'No username set';

apps/registry/app/reset-password/confirm/page.tsx (2)

24-24: Add type for form event.

Add proper type for the event parameter.

-  const handlePasswordReset = async (e) => {
+  const handlePasswordReset = async (e: React.FormEvent<HTMLFormElement>) => {

---

38-40: Improve error message handling.

The current error handling might hide important details about the failure.

-      setError(error instanceof Error ? error.message : 'An error occurred');
+      const errorMessage = error instanceof Error ? error.message : 'An error occurred';
+      console.error('Password reset failed:', error);
+      setError(`Failed to update password: ${errorMessage}`);

apps/registry/app/login/page.tsx (1)

63-67: Clear error state on component mount.

Add an effect to clear any stale error messages when the component mounts.

+  useEffect(() => {
+    setError(null);
+  }, []);
+
   {error && (
     <div className="bg-red-50 p-4 rounded-md">
       <p className="text-sm text-red-700">{error}</p>
     </div>
   )}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 37e7c85 and e819cef.

📒 Files selected for processing (9)

• apps/registry/app/[username]/ProfileLayout.js (2 hunks)
• apps/registry/app/context/auth.tsx (1 hunks)
• apps/registry/app/explore/ClientResumes.js (2 hunks)
• apps/registry/app/login/page.tsx (1 hunks)
• apps/registry/app/reset-password/confirm/page.tsx (1 hunks)
• apps/registry/app/reset-password/page.tsx (1 hunks)
• apps/registry/app/settings/page.tsx (1 hunks)
• apps/registry/app/signup/page.tsx (1 hunks)
• turbo.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• apps/registry/app/signup/page.tsx
• apps/registry/app/reset-password/page.tsx
• apps/registry/app/[username]/ProfileLayout.js
• apps/registry/app/context/auth.tsx

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Meticulous Tests
• GitHub Check: dev-script

🔇 Additional comments (8)

turbo.json (2)

19-20: LGTM! Supabase environment variables added correctly.

The addition of Supabase configuration variables follows the correct pattern for Next.js public environment variables.

---

Line range hint 11-11: Verify the necessity of both Supabase keys.

I notice there are two different Supabase-related keys in the configuration:

• SUPABASE_KEY
• NEXT_PUBLIC_SUPABASE_ANON_KEY

Please verify if both keys are necessary for different purposes.

Also applies to: 19-20

✅ Verification successful

Both Supabase keys are necessary and correctly used

The two keys serve different security contexts:

• SUPABASE_KEY: Service role key for secure server-side operations
• NEXT_PUBLIC_SUPABASE_ANON_KEY: Public key with restricted permissions for client-side operations

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for usage of both Supabase keys to verify their necessity

echo "Searching for SUPABASE_KEY usage:"
rg "SUPABASE_KEY" -A 3

echo -e "\nSearching for NEXT_PUBLIC_SUPABASE_ANON_KEY usage:"
rg "NEXT_PUBLIC_SUPABASE_ANON_KEY" -A 3

Length of output: 10213

apps/registry/app/explore/ClientResumes.js (2)

5-15: LGTM! Well-organized imports with clear component structure.

The imports are logically grouped and demonstrate good use of a consistent UI component library.

---

121-135: LGTM! Excellent implementation of skeleton loading pattern.

The skeleton UI effectively mirrors the content structure and provides good visual feedback during loading states.

apps/registry/app/settings/page.tsx (2)

11-23: Add error handling for session fetch failures.

The error from getSession() is destructured but not handled.

---

60-72: Restrict debug information to development environment.

Exposing user metadata and app metadata in production could pose a security risk.

apps/registry/app/reset-password/confirm/page.tsx (2)

16-22: Enhance token validation security.

The current token validation only checks for presence. Consider validating token format and expiry.

---

62-72: Strengthen password requirements.

Current password requirements (min length 6) are minimal. Consider adding more robust password validation.

[coderabbitai]

🛠️ Refactor suggestion

Add proper type for session state.

Replace any with the correct Supabase session type for better type safety.

-  const [session, setSession] = useState<any>(null);
+  const [session, setSession] = useState<Session | null>(null);

Add the import:

import { Session } from '@supabase/supabase-js';

[coderabbitai]

🛠️ Refactor suggestion

Add loading state to GitHub login button.

Disable the button and show loading indicator during the login process.

   <Button
     onClick={handleGithubLogin}
     size="lg"
+    disabled={loading}
     className="w-full gap-2 text-lg h-14 hover:scale-105 transition-transform group"
   >
     <Github className="w-5 h-5" />
-    Continue with GitHub
+    {loading ? 'Connecting to GitHub...' : 'Continue with GitHub'}
     <ArrowRight className="w-4 h-4 ml-2 group-hover:translate-x-1 transition-transform" />
   </Button>

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

🛠️ Refactor suggestion

Add loading state and environment-based configuration.

Consider the following improvements:

1. Add loading state during login
2. Move configuration to environment variables

+  const [loading, setLoading] = useState(false);
+
   const handleGithubLogin = async () => {
+    setLoading(true);
     try {
       const { error } = await supabase.auth.signInWithOAuth({
         provider: 'github',
         options: {
           scopes: 'read:user gist',
           queryParams: {
             access_type: 'offline',
             prompt: 'consent',
           },
-          redirectTo: `${window.location.origin}/editor`,
+          redirectTo: `${process.env.NEXT_PUBLIC_APP_URL}/editor`,
         },
       });

       if (error) throw error;
     } catch (error) {
       setError(error instanceof Error ? error.message : 'An error occurred');
+    } finally {
+      setLoading(false);
     }
   };

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

Actionable comments posted: 4

🔭 Outside diff range comments (1)

apps/registry/app/explore/page.js (1)

Line range hint 28-93: Optimize database queries and error handling in getResumes function.

Several improvements can be made to enhance performance and maintainability:

1. The text search configuration is duplicated between count and data queries
2. Console.time statements should not be in production code
3. Multiple database queries could be optimized

Consider applying these improvements:

 async function getResumes(page = 1, search = '') {
   try {
     if (!process.env.SUPABASE_KEY) {
       return { resumes: [], totalCount: 0, totalPages: 0 };
     }

     const supabase = createClient(supabaseUrl, process.env.SUPABASE_KEY);
+    const searchConfig = search && search.trim() !== '' 
+      ? {
+          textSearchConfig: {
+            config: 'english',
+            type: 'websearch'
+          }
+        }
+      : {};

-    // First get the total count
-    let countQuery = supabase
+    const query = supabase
       .from('resumes')
-      .select('*', { count: 'exact', head: true });
+      .select('*', { count: 'exact' });

     if (search && search.trim() !== '') {
-      countQuery = countQuery.textSearch('resume', search.trim(), {
-        config: 'english',
-        type: 'websearch',
-      });
+      query.textSearch('resume', search.trim(), searchConfig);
     }

-    const { count: totalCount } = await countQuery;
+    const { data, count: totalCount, error } = await query
+      .order('created_at', { ascending: false })
+      .range((page - 1) * ITEMS_PER_PAGE, page * ITEMS_PER_PAGE - 1);

-    // Then get the actual data
-    let dataQuery = supabase.from('resumes').select('*');
-
-    if (search && search.trim() !== '') {
-      dataQuery = dataQuery.textSearch('resume', search.trim(), {
-        config: 'english',
-        type: 'websearch',
-      });
-    }
-
-    console.time('getResumes');
-    const { data, error } = await dataQuery
-      .order('created_at', { ascending: false })
-      .range((page - 1) * ITEMS_PER_PAGE, page * ITEMS_PER_PAGE - 1);
-
     if (error) throw error;
-    console.timeEnd('getResumes');

     if (!data) {
       throw new Error('No data returned from query');
     }

-    console.time('mapResumes');
     const resumes = data.map((row) => {
       // ... rest of the mapping logic
     });
-    console.timeEnd('mapResumes');

♻️ Duplicate comments (2)

apps/registry/app/components/Menu.js (1)

118-121: ⚠️ Potential issue

Provide a fallback for username in profile URL

If both user_name and preferred_username are undefined, the constructed URL may be invalid. Consider providing a default value or handling this scenario.

-href={`/${
-  user.user_metadata?.user_name ||
-  user.user_metadata?.preferred_username
-}/dashboard`}
+href={`/${
+  user.user_metadata?.user_name ||
+  user.user_metadata?.preferred_username ||
+  'user'
+}/dashboard`}

apps/registry/app/explore/page.js (1)

6-6: ⚠️ Potential issue

Move Supabase URL to environment variables.

The Supabase URL should not be hardcoded. Consider moving it to environment variables for better security and configuration management.

-const supabaseUrl = 'https://itxuhvvwryeuzuyihpkp.supabase.co';
+const supabaseUrl = process.env.SUPABASE_URL;

🧹 Nitpick comments (17)

README.md (1)

140-141: Expand the Turbo Gotchas documentation with more details.

While the note about @repo/ui imports is valuable, consider expanding this section to include:

• Examples of correct import statements
• Common build errors and their solutions
• Impact on different environments (dev vs prod)

apps/registry/app/terms/page.tsx (2)

93-100: Add aria-label to improve accessibility.

The GitHub Issues link should include an aria-label to provide better context for screen readers.

 <a
   href="/jsonresume/jsonresume.org/issues"
   className="font-medium text-gray-900 hover:text-primary transition-colors"
   target="_blank"
   rel="noopener noreferrer"
+  aria-label="Contact us through GitHub Issues (opens in new tab)"
 >

---

108-113: Add aria-label to the home navigation link.

The "Return to Home" link should include an aria-label for better accessibility.

 <Link
   href="/"
   className="font-medium text-gray-900 hover:text-primary transition-colors"
+  aria-label="Return to home page"
 >
   Return to Home
 </Link>

apps/registry/app/components/Menu.js (2)

23-59: Consider extracting authentication logic into a custom hook.

The authentication logic could be moved to a custom hook (e.g., useSupabaseAuth) to improve reusability and separation of concerns.

Example implementation:

// hooks/useSupabaseAuth.js
export function useSupabaseAuth() {
  const [user, setUser] = useState(null);

  useEffect(() => {
    const fetchUser = async () => {
      const { data: { session } } = await supabase.auth.getSession();
      if (session) {
        setUser(session.user);
      }
    };

    fetchUser();

    const { data: { subscription } } = supabase.auth.onAuthStateChange((event, session) => {
      setUser(session?.user ?? null);
    });

    return () => subscription.unsubscribe();
  }, []);

  return { user };
}

---

61-66: Add error handling feedback for sign out failures.

The sign out implementation should provide feedback to users when errors occur.

 const handleSignOut = async () => {
   const { error } = await supabase.auth.signOut();
   if (!error) {
     router.push('/');
     router.refresh();
+  } else {
+    console.error('Sign out failed:', error);
+    // Consider adding a toast notification or alert here
   }
 };

apps/registry/app/explore/ClientResumes.js (4)

102-114: Consider enhancing input accessibility.

While the search implementation is solid, consider adding ARIA attributes and a label for better accessibility.

 <div className="relative mb-8">
   <div className="relative">
     <Search className="absolute left-3 top-1/2 transform -translate-y-1/2 text-gray-400 w-5 h-5" />
+    <label htmlFor="resume-search" className="sr-only">
+      Search resumes
+    </label>
     <Input
+      id="resume-search"
+      role="searchbox"
+      aria-label="Search resumes by name, skills, or location"
       type="text"
       placeholder="Search resumes by name, skills, or location..."
       value={searchTerm}
       onChange={(e) => setSearchTerm(e.target.value)}
       className="w-full pl-12 h-12 text-lg bg-white"
       disabled={isLoading}
     />
   </div>
 </div>

---

142-146: Add fallback for failed image loads.

The avatar image lacks error handling and could break the layout if loading fails.

 <img
   src={resume.image}
   alt={resume.name || resume.username}
+  onError={(e) => {
+    e.target.src = '/default-avatar.png';
+    e.target.onerror = null;
+  }}
   className="w-16 h-16 rounded-full object-cover border-2 border-gray-100"
 />

---

161-174: Simplify location display logic.

Consider extracting the location formatting logic to a separate function for better maintainability.

+const formatLocation = (location) => {
+  if (!location?.city) return null;
+  return [location.city, location.region, location.countryCode]
+    .filter(Boolean)
+    .join(', ');
+};

 {resume.location?.city && (
   <p className="text-gray-500 text-sm flex items-center gap-1">
     <MapPin className="w-4 h-4" />
-    <span className="truncate">
-      {[
-        resume.location.city,
-        resume.location.region,
-        resume.location.countryCode,
-      ]
-        .filter(Boolean)
-        .join(', ')}
-    </span>
+    <span className="truncate">{formatLocation(resume.location)}</span>
   </p>
 )}

---

204-235: Enhance pagination accessibility.

Add keyboard navigation and ARIA labels to improve the pagination controls' accessibility.

 <div className="flex justify-center gap-2">
   <Button
     variant="outline"
     onClick={() => handlePageChange(currentPage - 1)}
     disabled={currentPage === 1 || isLoading}
+    aria-label="Previous page"
   >
     Previous
   </Button>

   {getPageNumbers().map((pageNum, index) => (
     <Button
       key={index}
       variant={pageNum === currentPage ? 'default' : 'outline'}
       onClick={() => {
         if (typeof pageNum === 'number') {
           handlePageChange(pageNum);
         }
       }}
       disabled={isLoading || typeof pageNum !== 'number'}
       className={pageNum === '...' ? 'pointer-events-none' : ''}
+      aria-label={`Page ${pageNum}`}
+      aria-current={pageNum === currentPage ? 'page' : undefined}
     >
       {pageNum}
     </Button>
   ))}

   <Button
     variant="outline"
     onClick={() => handlePageChange(currentPage + 1)}
     disabled={currentPage === totalPages || isLoading}
+    aria-label="Next page"
   >
     Next
   </Button>
 </div>

apps/registry/app/explore/page.js (2)

139-152: Enhance accessibility for statistics section.

The statistics section needs proper ARIA labels and semantic HTML structure for better accessibility.

-<div className="flex items-center gap-4 text-sm text-gray-500 mb-8">
+<section aria-label="Statistics" className="flex items-center gap-4 text-sm text-gray-500 mb-8">
   <div className="flex items-center gap-2">
-    <Users className="w-4 h-4" />
+    <Users className="w-4 h-4" aria-hidden="true" />
     <span>{totalCount.toLocaleString()} Resumes</span>
   </div>
   <div className="flex items-center gap-2">
-    <Globe2 className="w-4 h-4" />
+    <Globe2 className="w-4 h-4" aria-hidden="true" />
     <span>Global Community</span>
   </div>
   <div className="flex items-center gap-2">
-    <Code2 className="w-4 h-4" />
+    <Code2 className="w-4 h-4" aria-hidden="true" />
     <span>Open Source</span>
   </div>
-</div>
+</section>

---

159-169: Improve search results announcement for screen readers.

The search results text should be more accessible to screen readers.

-<div className="text-sm text-gray-600 mb-6">
+<div className="text-sm text-gray-600 mb-6" role="status" aria-live="polite">
   {search ? (
     <span>
-      Found {totalCount.toLocaleString()} resumes matching "{search}"
+      Found {totalCount.toLocaleString()} {totalCount === 1 ? 'resume' : 'resumes'} matching "{search}"
     </span>
   ) : (
     <span>
-      Browsing {totalCount.toLocaleString()} professional resumes
+      Browsing {totalCount.toLocaleString()} professional {totalCount === 1 ? 'resume' : 'resumes'}
     </span>
   )}
 </div>

apps/registry/app/components/CreateResume.js (1)

9-151: Move sample resume template to a separate file.

While the template is well-structured, having such a large static object in the component file impacts maintainability. Consider moving it to a separate file like sampleResumes/edison.js.

-const sampleResume = {
-  basics: {
-    // ... entire template
-  }
-};
+import { edisonResume } from '../sampleResumes/edison';
+const sampleResume = edisonResume;

apps/registry/app/layout.js (2)

8-19: Consider optimizing icons for different platforms.

While using a single SVG for all icon types is simple, different platforms have different optimal icon sizes and formats. Consider providing platform-specific icons for better visual quality.

Consider this structure for optimized icons:

 icons: {
   icon: '/favicon.svg',
   shortcut: '/favicon.svg',
-  apple: '/favicon.svg',
+  apple: '/apple-touch-icon.png',
   other: {
     rel: 'apple-touch-icon-precomposed',
-    url: '/favicon.svg',
+    url: '/apple-touch-icon-precomposed.png',
   },
+  android: {
+    rel: 'android-chrome',
+    sizes: '192x192',
+    url: '/android-chrome-192x192.png',
+  },
 },

---

Line range hint 27-41: Well-structured layout with proper provider hierarchy!

The implementation follows Next.js best practices with proper semantic HTML structure. The placement of Analytics within AuthProvider allows it to access authentication data if needed.

Consider documenting the provider hierarchy and its implications in the project's architecture documentation to help other developers understand the design decisions.

apps/registry/app/auth/callback/route.ts (1)

54-55: Consider handling edge cases in final redirect.

The current implementation always redirects to the origin, even if there's no session or if errors occurred during the process.

Consider redirecting to different paths based on the authentication state:

- return NextResponse.redirect(requestUrl.origin);
+ return NextResponse.redirect(
+   session 
+     ? `${requestUrl.origin}/editor` 
+     : `${requestUrl.origin}/login`
+ );

apps/registry/app/components/Editor.js (2)

156-185: Add aria-live region for loading state.

The loading state should be announced to screen readers.

Apply this diff to improve accessibility:

  return (
    <div className="min-h-screen flex items-center justify-center bg-gray-50 py-12 px-4 sm:px-6 lg:px-8 relative overflow-hidden">
      {/* Decorative elements */}
      <div className="absolute -top-4 -left-4 w-72 h-72 bg-primary/30 rounded-full blur-3xl" />
      <div className="absolute -bottom-4 -right-4 w-72 h-72 bg-primary/20 rounded-full blur-3xl" />

-     <Card className="max-w-md w-full relative backdrop-blur-xl bg-white/80 border-none shadow-xl">
+     <Card className="max-w-md w-full relative backdrop-blur-xl bg-white/80 border-none shadow-xl" aria-live="polite">

---

188-213: Enhance error state accessibility and retry functionality.

The error state should be announced to screen readers and provide a way to retry.

Apply this diff to improve the error state:

  return (
    <div className="min-h-screen flex items-center justify-center bg-gray-50 py-12 px-4 sm:px-6 lg:px-8 relative overflow-hidden">
      {/* Decorative elements */}
      <div className="absolute inset-0 bg-grid-black/[0.02] bg-[size:20px_20px]" />
      <div className="absolute -top-4 -left-4 w-72 h-72 bg-primary/30 rounded-full blur-3xl" />
      <div className="absolute -bottom-4 -right-4 w-72 h-72 bg-primary/20 rounded-full blur-3xl" />

-     <Card className="max-w-md w-full relative backdrop-blur-xl bg-white/80 border-none shadow-xl">
+     <Card className="max-w-md w-full relative backdrop-blur-xl bg-white/80 border-none shadow-xl" role="alert">
        <CardContent className="p-8 space-y-6">
          <div className="text-center space-y-2">
            <div className="flex justify-center mb-6">
              <Badge variant="destructive">Error</Badge>
            </div>
            <div className="flex items-center justify-center gap-2 mb-2">
              <FileJson className="w-8 h-8 text-primary" />
              <h2 className="text-3xl font-bold tracking-tight text-gray-900">
                JSON Resume
              </h2>
            </div>
            <p className="text-red-600 max-w-sm mx-auto">{error}</p>
+           <Button onClick={() => window.location.reload()} className="mt-4">
+             Try Again
+           </Button>
          </div>
        </CardContent>
      </Card>
    </div>
  );

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e819cef and 582e41b.

📒 Files selected for processing (30)

• README.md (1 hunks)
• apps/registry/app/auth/callback/route.ts (1 hunks)
• apps/registry/app/components/CreateResume.js (1 hunks)
• apps/registry/app/components/Editor.js (2 hunks)
• apps/registry/app/components/Menu.js (1 hunks)
• apps/registry/app/components/ResumeEditor.js (4 hunks)
• apps/registry/app/explore/ClientResumes.js (2 hunks)
• apps/registry/app/explore/page.js (2 hunks)
• apps/registry/app/layout.js (1 hunks)
• apps/registry/app/lib/supabase.ts (1 hunks)
• apps/registry/app/login/page.tsx (1 hunks)
• apps/registry/app/privacy/page.tsx (1 hunks)
• apps/registry/app/providers/ResumeProvider.js (1 hunks)
• apps/registry/app/settings/page.tsx (1 hunks)
• apps/registry/app/signup/page.tsx (1 hunks)
• apps/registry/app/terms/page.tsx (1 hunks)
• packages/ui/src/components/ui/accordion.tsx (1 hunks)
• packages/ui/src/components/ui/avatar.tsx (1 hunks)
• packages/ui/src/components/ui/badge.tsx (1 hunks)
• packages/ui/src/components/ui/button.tsx (1 hunks)
• packages/ui/src/components/ui/card.tsx (1 hunks)
• packages/ui/src/components/ui/checkbox.tsx (1 hunks)
• packages/ui/src/components/ui/input.tsx (1 hunks)
• packages/ui/src/components/ui/progress.tsx (1 hunks)
• packages/ui/src/components/ui/scroll-area.tsx (1 hunks)
• packages/ui/src/components/ui/select.tsx (1 hunks)
• packages/ui/src/components/ui/separator.tsx (1 hunks)
• packages/ui/src/components/ui/tabs.tsx (1 hunks)
• packages/ui/src/components/ui/timeline.tsx (1 hunks)
• packages/ui/tailwind.config.js (2 hunks)

✅ Files skipped from review due to trivial changes (11)

• packages/ui/src/components/ui/input.tsx
• packages/ui/src/components/ui/badge.tsx
• packages/ui/src/components/ui/checkbox.tsx
• packages/ui/src/components/ui/timeline.tsx
• packages/ui/src/components/ui/accordion.tsx
• packages/ui/src/components/ui/scroll-area.tsx
• packages/ui/src/components/ui/separator.tsx
• packages/ui/src/components/ui/select.tsx
• packages/ui/src/components/ui/tabs.tsx
• packages/ui/src/components/ui/progress.tsx
• packages/ui/src/components/ui/card.tsx

🚧 Files skipped from review as they are similar to previous changes (6)

• apps/registry/app/lib/supabase.ts
• packages/ui/src/components/ui/button.tsx
• apps/registry/app/settings/page.tsx
• apps/registry/app/privacy/page.tsx
• apps/registry/app/signup/page.tsx
• apps/registry/app/components/ResumeEditor.js

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Meticulous Tests
• GitHub Check: dev-script

🔇 Additional comments (24)

README.md (1)

138-139: LGTM!

Good addition of the Discord community link and proper newline formatting.

packages/ui/tailwind.config.js (1)

21-32: Well-structured font size scale!

The font size scale follows typography best practices with:

• Consistent progression from xs to 6xl
• Accessible rem units
• Good granularity for different heading levels

apps/registry/app/terms/page.tsx (3)

1-5: LGTM! Component setup and imports are well-structured.

The component is properly configured for client-side rendering with appropriate imports from the shared UI package and Next.js.

---

14-14: Update the last updated date.

The date is set to January 24, 2025, which is in the future. Please update it to reflect the actual last update date.

---

95-95: Hover state contrast ratio needs improvement.

The hover state using the primary color will have poor contrast against light backgrounds.

packages/ui/src/components/ui/avatar.tsx (1)

6-6: LGTM! Verify path resolution.

The change from absolute to relative import path aligns with the broader refactoring effort across UI components.

Let's verify the path resolution works correctly:

✅ Verification successful

Import path resolution is correct and consistent

The ../../lib/utils import path correctly resolves to packages/ui/src/lib/utils.js, and this same import pattern is consistently used across all UI components in the directory.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the existence and accessibility of the utils file
# from the avatar component's location

# Find the avatar component and utils file
echo "Checking file locations..."
fd -t f "avatar.tsx" packages/ui/src/components/ui
fd -t f "utils.ts" packages/ui/src/lib

# Verify the relative path resolution
avatar_dir=$(fd -t f "avatar.tsx" packages/ui/src/components/ui -x dirname {} | head -n 1)
if [ -n "$avatar_dir" ]; then
  utils_path="$avatar_dir/../../lib/utils.ts"
  echo "Checking if utils file exists at: $utils_path"
  if [ -f "$utils_path" ]; then
    echo "✓ Path resolution is correct"
  else
    echo "✗ Utils file not found at expected location"
  fi
fi

Length of output: 756

---

Script:

#!/bin/bash
# Search for utils files and examine imports
echo "Searching for utils files..."
fd utils packages/ui/src

echo -e "\nChecking imports in UI components..."
rg "from.*utils'" packages/ui/src/components/ui/ -A 1

Length of output: 1901

apps/registry/app/components/Menu.js (3)

3-21: LGTM! Well-organized imports.

The imports are properly structured and all dependencies are clearly defined.

---

69-111: LGTM! Well-structured navigation links.

The NavLinks component follows best practices with proper security attributes for external links and consistent styling.

---

161-215: LGTM! Well-implemented responsive navigation.

The component implements responsive design patterns effectively with proper accessibility considerations.

apps/registry/app/explore/ClientResumes.js (2)

5-13: LGTM! Well-organized imports.

The imports are properly structured, utilizing modern Next.js navigation features and UI components from a shared UI library.

---

Line range hint 1-241: Overall implementation looks great! 👍

The code is well-structured, uses modern React practices, and implements proper loading states. The suggested improvements mainly focus on accessibility and error handling, but these are enhancements rather than critical issues.

apps/registry/app/components/CreateResume.js (3)

4-6: LGTM! Clean migration to ResumeProvider and UI components.

The imports reflect a good architectural decision to move from ProfileContext to ResumeProvider, while leveraging a shared UI component library.

---

162-165: Add error feedback to users.

The error handling only logs to console.

---

169-241: LGTM! Well-structured and accessible UI implementation.

The UI implementation shows great attention to detail:

• Proper loading states
• Accessible button sizes
• Good use of design system components
• Helpful exploration section

apps/registry/app/layout.js (1)

23-26: LGTM!

The viewport configuration follows best practices for responsive design.

apps/registry/app/auth/callback/route.ts (4)

21-23: ⚠️ Potential issue

Avoid exposing sensitive error details in redirect URLs.

Including error messages directly in URLs may leak sensitive information.

Apply this diff to use a generic error message:

- return NextResponse.redirect(`${requestUrl.origin}/login?error=${error.message}`);
+ return NextResponse.redirect(`${requestUrl.origin}/login?error=authentication_failed`);

Likely invalid or redundant comment.

---

33-35: ⚠️ Potential issue

Use generic error messages in redirects.

Avoid including detailed error messages in redirect URLs to prevent potential exposure of sensitive information.

Apply this diff to use a generic error message:

- return NextResponse.redirect(`${requestUrl.origin}/login?error=Failed to get user data`);
+ return NextResponse.redirect(`${requestUrl.origin}/login?error=user_data_unavailable`);

Likely invalid or redundant comment.

---

14-17: ⚠️ Potential issue

Add safe destructuring for session data.

The current destructuring pattern may cause runtime errors if the response is undefined.

Apply this diff to safely handle potential undefined values:

- const {
-   data: { session },
-   error,
- } = await supabase.auth.exchangeCodeForSession(code);
+ const { data, error } = await supabase.auth.exchangeCodeForSession(code);
+ const session = data?.session;

Likely invalid or redundant comment.

---

40-45: ⚠️ Potential issue

Add null checks when accessing user metadata.

Accessing nested properties without null checks can lead to runtime errors.

Apply this diff to safely access user metadata:

const { error: updateError } = await supabase.auth.updateUser({
  data: {
-   username: userData.user.user_metadata.user_name,
-   avatar_url: userData.user.user_metadata.avatar_url,
-   provider: 'github',
-   provider_id: userData.user.user_metadata.sub,
+   username: userData?.user?.user_metadata?.user_name,
+   avatar_url: userData?.user?.user_metadata?.avatar_url,
+   provider: 'github',
+   provider_id: userData?.user?.user_metadata?.sub,
  }
});

Likely invalid or redundant comment.

apps/registry/app/login/page.tsx (2)

69-77: 🛠️ Refactor suggestion

Add loading state to GitHub login button.

The button should indicate when the login process is in progress.

Apply this diff to improve user feedback:

  <Button
    onClick={handleGithubLogin}
    size="lg"
+   disabled={loading}
    className="w-full gap-2 text-lg h-14 hover:scale-105 transition-transform group"
  >
    <Github className="w-5 h-5" />
-   Continue with GitHub
+   {loading ? 'Connecting to GitHub...' : 'Continue with GitHub'}
    <ArrowRight className="w-4 h-4 ml-2 group-hover:translate-x-1 transition-transform" />
  </Button>

Likely invalid or redundant comment.

---

13-31: 🛠️ Refactor suggestion

Add loading state and environment-based configuration.

The login handler lacks loading state management and hardcodes the redirect URL.

Apply this diff to improve the implementation:

+ const [loading, setLoading] = useState(false);

  const handleGithubLogin = async () => {
+   setLoading(true);
    try {
      const { error } = await supabase.auth.signInWithOAuth({
        provider: 'github',
        options: {
          scopes: 'read:user gist',
          queryParams: {
            access_type: 'offline',
            prompt: 'consent',
          },
-         redirectTo: `${window.location.origin}/editor`,
+         redirectTo: `${process.env.NEXT_PUBLIC_APP_URL}/editor`,
        },
      });

      if (error) throw error;
    } catch (error) {
      setError(error instanceof Error ? error.message : 'An error occurred');
+   } finally {
+     setLoading(false);
    }
  };

Likely invalid or redundant comment.

apps/registry/app/providers/ResumeProvider.js (3)

52-60: 🛠️ Refactor suggestion

Ensure localStorage is cleared when data is null.

The current implementation doesn't remove data from localStorage when values become null.

Apply this diff to handle null values:

  useEffect(() => {
    if (resume || gistId || username) {
      localStorage.setItem(
        STORAGE_KEY,
        JSON.stringify({ resume, gistId, username })
      );
+   } else {
+     localStorage.removeItem(STORAGE_KEY);
    }
  }, [resume, gistId, username]);

Likely invalid or redundant comment.

---

37-50: ⚠️ Potential issue

Handle JSON parsing errors when loading from localStorage.

The current implementation doesn't handle potential JSON parsing errors.

Apply this diff to safely parse stored data:

  useEffect(() => {
    const storedData = localStorage.getItem(STORAGE_KEY);
    if (storedData) {
+     try {
        const {
          resume: storedResume,
          gistId: storedGistId,
          username: storedUsername,
        } = JSON.parse(storedData);
        setResume(storedResume);
        setGistId(storedGistId);
        setUsername(storedUsername);
+     } catch (error) {
+       console.error('Error parsing stored resume data:', error);
+       localStorage.removeItem(STORAGE_KEY);
+     }
    }
  }, []);

Likely invalid or redundant comment.

---

62-135: 🛠️ Refactor suggestion

Review effect dependencies and error handling.

The effect has unnecessary dependencies and could benefit from improved error handling.

1. Remove unnecessary dependencies:

- }, [resume, error]);
+ }, []);

2. Add comprehensive error handling:

  } catch (error) {
    console.error('Error fetching resume data:', error);
-   setError(error.message);
+   setError(error instanceof Error ? error.message : 'Failed to fetch resume data');
  }

Likely invalid or redundant comment.

[coderabbitai]

🛠️ Refactor suggestion

Maintain consistent color format using HSL variables.

The hard-coded hex value #fff18f breaks the established pattern of using HSL variables for colors. This inconsistency could make theme maintenance more difficult, especially for dark mode support.

Consider keeping the HSL variable format:

-          DEFAULT: '#fff18f',
+          DEFAULT: 'hsl(var(--primary))',

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	DEFAULT: '#fff18f',
	DEFAULT: 'hsl(var(--primary))',

[coderabbitai]

🛠️ Refactor suggestion

Replace window.location.reload with proper state management.

Using window.location.reload() is a bit harsh and might disrupt the user experience. Consider using state management to update the UI instead.

-      window.location.reload();
+      router.push('/dashboard'); // or update local state

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

💡 Codebase verification

Provider order must be reversed - AuthProvider should wrap ResumeProvider

The current implementation shows that ResumeProvider depends on authentication state, session tokens, and user metadata. It must be wrapped by AuthProvider to access these dependencies. The current order will cause runtime errors.

• Move the provider order in apps/registry/app/layout.js to:

<AuthProvider>
  <ResumeProvider>
    <Menu />
  </ResumeProvider>
</AuthProvider>

🔗 Analysis chain

Verify the provider dependency order.

The ResumeProvider wraps the AuthProvider. Please confirm if this ordering is intentional, as it suggests that resume data management might depend on authentication state.

Run this script to analyze the dependencies between these providers:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check provider implementations and their dependencies
echo "Checking ResumeProvider implementation..."
rg -A 10 "export.*ResumeProvider" 
echo "Checking for auth dependencies in ResumeProvider..."
rg "useAuth|AuthContext" --type js

Length of output: 1229

---

Script:

#!/bin/bash
# Get complete provider implementations
echo "=== Complete ResumeProvider Implementation ==="
cat apps/registry/app/providers/ResumeProvider.js

echo -e "\n=== Complete AuthProvider Implementation ==="
cat apps/registry/app/context/auth.js

echo -e "\n=== Checking for broader auth dependencies in ResumeProvider ==="
rg -i "auth|session|login|user" apps/registry/app/providers/ResumeProvider.js

Length of output: 7793

---

Script:

#!/bin/bash
# Find AuthProvider implementation
echo "=== Searching for AuthProvider file ==="
fd -e js -e jsx -e ts -e tsx AuthProvider
fd -e js -e jsx -e ts -e tsx auth

echo -e "\n=== Searching for AuthProvider implementation in any file ==="
rg -A 5 "export.*AuthProvider"

Length of output: 823

[coderabbitai]

🛠️ Refactor suggestion

Add error boundary for ResumeEditor component.

The ResumeEditor component should be wrapped in an error boundary to handle runtime errors gracefully.

Create an ErrorBoundary component and wrap the ResumeEditor:

+ class ResumeEditorErrorBoundary extends React.Component {
+   state = { hasError: false };
+   
+   static getDerivedStateFromError(error) {
+     return { hasError: true };
+   }
+   
+   render() {
+     if (this.state.hasError) {
+       return <div>Something went wrong with the editor. Please refresh the page.</div>;
+     }
+     return this.props.children;
+   }
+ }

  {resume ? (
+   <ResumeEditorErrorBoundary>
      <ResumeEditor
        resume={JSON.stringify(resume, undefined, 2)}
        updateGist={updateGist}
      />
+   </ResumeEditorErrorBoundary>
  ) : (

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 582e41b and e57d88f.

📒 Files selected for processing (1)

• apps/registry/app/lib/supabase.ts (1 hunks)

🧰 Additional context used

🪛 Gitleaks (8.21.2)

apps/registry/app/lib/supabase.ts

8-8: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

(jwt)

[coderabbitai]

🛠️ Refactor suggestion

Uncomment and use environment variables.

The commented code shows the correct approach using environment variables. This allows for proper configuration management across different environments (development, staging, production).

[coderabbitai]

⚠️ Potential issue

CRITICAL: Remove hardcoded credentials immediately!

The Supabase URL and anon key are hardcoded directly in the source code. This is a severe security risk as:

1. These credentials are now exposed in version control
2. The JWT is valid until 2034
3. The same credentials will be used across all environments

Please rotate these credentials immediately and remove them from the codebase.

Apply this diff to use environment variables instead:

-export const supabase = createClient(
-  'https://itxuhvvwryeuzuyihpkp.supabase.co',
-  'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Iml0eHVodnZ3cnlldXp1eWlocGtwIiwicm9sZSI6ImFub24iLCJpYXQiOjE3MDc5OTA4NjQsImV4cCI6MjAyMzU2Njg2NH0.oEs0H2aumAHsiLn6i9ic1-iwWDo3bJkFkC7NCeUrIfA'
-);
+if (!process.env.NEXT_PUBLIC_SUPABASE_URL) {
+  throw new Error('Missing env.NEXT_PUBLIC_SUPABASE_URL')
+}
+if (!process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY) {
+  throw new Error('Missing env.NEXT_PUBLIC_SUPABASE_ANON_KEY')
+}
+
+export const supabase = createClient(
+  process.env.NEXT_PUBLIC_SUPABASE_URL,
+  process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
+);

Action Items:

1. Rotate the Supabase credentials immediately
2. Add environment variables to your deployment environments
3. Update the README with instructions for setting up the environment variables
4. Consider adding a .env.example file

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export const supabase = createClient(
	'https://itxuhvvwryeuzuyihpkp.supabase.co',
	'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Iml0eHVodnZ3cnlldXp1eWlocGtwIiwicm9sZSI6ImFub24iLCJpYXQiOjE3MDc5OTA4NjQsImV4cCI6MjAyMzU2Njg2NH0.oEs0H2aumAHsiLn6i9ic1-iwWDo3bJkFkC7NCeUrIfA'
	);
	if (!process.env.NEXT_PUBLIC_SUPABASE_URL) {
	throw new Error('Missing env.NEXT_PUBLIC_SUPABASE_URL')
	}
	if (!process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY) {
	throw new Error('Missing env.NEXT_PUBLIC_SUPABASE_ANON_KEY')
	}
	export const supabase = createClient(
	process.env.NEXT_PUBLIC_SUPABASE_URL,
	process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
	);

🧰 Tools

🪛 Gitleaks (8.21.2)

8-8: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

(jwt)