Skip to content

Claude skills walkthrough, feature-walkthrough, and before/after#6862

Open
Frooodle wants to merge 1 commit into
mainfrom
add-claude-ui-skills
Open

Claude skills walkthrough, feature-walkthrough, and before/after#6862
Frooodle wants to merge 1 commit into
mainfrom
add-claude-ui-skills

Conversation

@Frooodle

@Frooodle Frooodle commented Jul 2, 2026

Copy link
Copy Markdown
Member

Description of Changes

Add review only Claude skills

Skills (Using #6655 as example for example files)

  • /ui-walkthrough - captures every state of a feature's UI (empty/populated/dialogs, light + dark + RTL) via the stubbed Playwright harness, builds a single-image HTML report with a global light/dark slider, then runs visual-consistency + UX review passes. --fix auto-applies safe fixes and re-shoots.
    REAL-ui-walkthrough-pr6655.html

  • /feature-walkthrough — explains a branch end-to-end (Mermaid diagrams, annotated file map, before/after, "try it locally") so a reviewer with no prior context can follow it.
    REAL-feature-walkthrough-pr6655.html

  • /ui-before-after — generic branch/PR visual diff: derives the changed UI from the diff, screenshots before (base) vs after (head), pixel-diffs, auto-crops each pair to the region that actually changed (full-page only when the change is page-wide), and builds PR-ready before/after montages.
    REAL-ui-before-after-pr6655.html


Checklist

General

Documentation

Translations (if applicable)

UI Changes (if applicable)

  • Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR)

Testing (if applicable)

  • I have run task check to verify linters, typechecks, and tests pass
  • I have tested my changes locally. Refer to the Testing Guide for more details.

@stirlingbot stirlingbot Bot added the Documentation Improvements or additions to documentation label Jul 2, 2026
@stirlingbot

stirlingbot Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

🚀 V2 Auto-Deployment Complete!

Your V2 PR with embedded architecture has been deployed!

🔗 Direct Test URL (non-SSL) http://54.175.155.236:6862

🔐 Secure HTTPS URL: https://6862.ssl.stirlingpdf.cloud

This deployment will be automatically cleaned up when the PR is closed.

🔄 Auto-deployed for approved V2 contributors.

@Frooodle Frooodle marked this pull request as ready for review July 2, 2026 11:30
@dosubot dosubot Bot added size:XXL This PR changes 1000+ lines ignoring generated files. enhancement New feature or request labels Jul 2, 2026
(function(){
var D = window.__BA__ || { tabs: [] };
var root = document.getElementById("root");
function el(html){ var t=document.createElement("template"); t.innerHTML=html.trim(); return t.content.firstChild; }

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using document write methods can lead to XSS attacks - high severity
User controlled data in methods like 'innerHTML', 'outerHTML' or 'document.write' is an anti-pattern that can lead to XSS vulnerabilities.

Show fix

Remediation: Make sure you do not use user input when you are using these methods and if you do, be sure to sanitize the input.

Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AikidoSec ignore: test doc not live

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Based on your feedback, we ignored this issue because of the following reason:

test doc not live

Comment on lines +231 to +233
li.innerHTML = '<span class="sev ' + sevClass(f.severity) + '">' + (f.severity || "note") + '</span>' +
'<span><b>' + (f.title || "") + '</b> — ' + (f.detail || "") +
(f.fix ? ' <span class="fix"><b>Fix:</b> ' + f.fix + '</span>' : '') + '</span>';

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using document write methods can lead to XSS attacks - high severity
User controlled data in methods like 'innerHTML', 'outerHTML' or 'document.write' is an anti-pattern that can lead to XSS vulnerabilities.

Show fix

Remediation: Make sure you do not use user input when you are using these methods and if you do, be sure to sanitize the input.

Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AikidoSec ignore: test doc not live

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Based on your feedback, we ignored this issue because of the following reason:

test doc not live

const PAD = Number(process.env.DIFF_PAD ?? "24");
const PAGEWIDE = Number(process.env.DIFF_PAGEWIDE ?? "0.6");

const read = (p) => PNG.sync.read(fs.readFileSync(p));

@aikido-pr-checks aikido-pr-checks Bot Jul 2, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potential file inclusion attack via reading file - medium severity
If an attacker can control the input leading into the ReadFile function, they might be able to read sensitive files and launch further attacks with that information.

Suggested change
const read = (p) => PNG.sync.read(fs.readFileSync(p));
const read = (p) => { const rel = path.relative(beforeDir, p); if (rel.startsWith('..') || path.isAbsolute(rel)) throw new Error('Invalid path'); return PNG.sync.read(fs.readFileSync(p)); };

Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AikidoSec ignore: test doc not live

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Based on your feedback, we ignored this issue because of the following reason:

test doc not live

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Documentation Improvements or additions to documentation enhancement New feature or request size:XXL This PR changes 1000+ lines ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant