feat: add Capacitor mobile app scaffold #132
Conversation
Add apps/mobile with Capacitor setup for iOS and Android: - WebView loads pagespace.ai (same pattern as Electron desktop app) - Auth bridge mirroring window.electron API (window.mobile) - Secure storage for JWT tokens using iOS Keychain/Android Keystore - Deep link support for pagespace:// URLs - Keyboard and status bar plugins configured
📝 WalkthroughWalkthroughThis pull request introduces a complete native mobile application setup using Capacitor, including Android Gradle configuration, iOS Xcode project setup, TypeScript bridge implementation for native API access, deep linking support, and comprehensive documentation. No existing functionality is modified. Changes
Sequence Diagram(s)sequenceDiagram
participant App as Web App (Capacitor WebView)
participant Bridge as Mobile Bridge
participant Capacitor as Capacitor Platform
participant Plugins as Native Plugins
participant Device as Native Device
App->>Bridge: initializeMobileBridge()
activate Bridge
Bridge->>Capacitor: Initialize Capacitor
Bridge->>Plugins: Configure StatusBar & Keyboard
Bridge->>Capacitor: Register deep link handler
Bridge->>Bridge: Generate/retrieve device ID
Bridge->>App: Expose window.mobile API
deactivate Bridge
Note over App,Bridge: Deep Link Flow
Device->>Capacitor: pagespace://dashboard
Capacitor->>Bridge: App.addListener('appUrlOpen')
Bridge->>App: onDeepLink callback(url)
Note over App,Bridge: Auth Flow
App->>Bridge: window.mobile.auth.storeSession(session)
Bridge->>Plugins: SecureStorage.set('auth_session')
Plugins->>Device: Encrypted Storage
App->>Bridge: window.mobile.auth.getJWT()
Bridge->>Plugins: SecureStorage.get('auth_session')
Plugins->>Device: Retrieve from Encrypted Storage
Bridge->>App: return accessToken
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes The diff spans 40+ files with heterogeneous types—Gradle build configurations, iOS project files, Android resources, TypeScript logic, and documentation. While many files are generated boilerplate or standard templates (lessening review burden), the variety of platforms and the substantive bridge implementation in Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| // @aparajita/capacitor-secure-storage uses simpler API: get(key) | ||
| const value = await SecureStorage.get(AUTH_SESSION_KEY); | ||
| if (!value) return null; | ||
| // The plugin auto-parses JSON, but we stored as string | ||
| if (typeof value === 'string') { | ||
| return JSON.parse(value) as StoredAuthSession; |
There was a problem hiding this comment.
The bridge calls SecureStorage.get(AUTH_SESSION_KEY) and assumes it returns a raw string (and later uses set/remove with just the key), but the Capacitor secure-storage plugin expects an options object { key, value } and its get result wraps the value in a { value } payload. With the current calls, the plugin either rejects the arguments or returns { value: "..." }, so getSession will never deserialize a valid StoredAuthSession and auth.getJWT() will always yield null. This breaks token persistence on devices.
Useful? React with 👍 / 👎.
| "scripts": { | ||
| "build": "echo 'No build needed - loads remote URL'", | ||
| "sync": "cap sync", |
There was a problem hiding this comment.
The mobile package’s build pipeline is a no-op ("build": "echo 'No build needed - loads remote URL'") and www/index.html contains no script tags, so src/index.ts/initializeMobileBridge is never compiled or loaded into the WebView. With server.url pointing at the remote site, the app runs the pagespace.ai page without ever defining window.mobile, meaning all mobile auth/deep-link/keyboard APIs are unavailable at runtime.
Useful? React with 👍 / 👎.
| <intent-filter> | ||
| <action android:name="android.intent.action.MAIN" /> | ||
| <category android:name="android.intent.category.LAUNCHER" /> | ||
| </intent-filter> |
There was a problem hiding this comment.
The Android manifest only declares the MAIN/LAUNCHER intent filter and never registers a <data> entry for the pagespace:// (or HTTPS) scheme. Without a deep-link intent filter, the OS will not dispatch incoming URLs to the app, so App.addListener('appUrlOpen', ...) in the bridge never fires and deep links described in README (pagespace://page/...) cannot open the app.
Useful? React with 👍 / 👎.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 14
🧹 Nitpick comments (10)
apps/mobile/android/.gitignore (1)
65-65: Consider uncommenting google-services.json to prevent credential exposure.The
google-services.jsonfile contains Firebase API keys and project identifiers. While these are considered "public" by Firebase's security model, uncommenting this line follows security best practices and prevents accidental exposure of project configuration.🔎 Proposed fix
# Google Services (e.g. APIs or Firebase) -# google-services.json +google-services.jsonapps/mobile/android/app/src/test/java/com/getcapacitor/myapp/ExampleUnitTest.java (1)
1-1: Consider updating the package name to reflect PageSpace branding.The package name
com.getcapacitor.myappappears to be a generic Capacitor template placeholder. For consistency and clarity, consider updating it to match your actual app package identifier (e.g.,com.pagespace.mobileor similar).apps/mobile/ios/App/App/Info.plist (1)
29-32: Update device capability from armv7 to arm64.The
armv7requirement (line 31) is outdated. Apple has required 64-bit support since iOS 11, and armv7 (32-bit) is no longer supported. Consider updating to:<key>UIRequiredDeviceCapabilities</key> <array> <string>arm64</string> </array>apps/mobile/android/app/src/androidTest/java/com/getcapacitor/myapp/ExampleInstrumentedTest.java (1)
1-1: Update package name to match PageSpace branding.Similar to the unit test, the package name
com.getcapacitor.myappis a generic template placeholder. Consider updating it to match your actual app package identifier for consistency.apps/mobile/android/build.gradle (1)
27-29: Replace deprecatedrootProject.buildDirwithlayout.buildDirectory.The
buildDirproperty was deprecated in Gradle 7.0+ in favor of thelayout.buildDirectoryproperty for better Gradle configuration cache compatibility.🔎 Proposed fix
task clean(type: Delete) { - delete rootProject.buildDir + delete rootProject.layout.buildDirectory.get().asFile }apps/mobile/android/app/build.gradle (1)
19-24: Consider enabling minification for release builds.The release build type has
minifyEnabled false. For production releases, it's recommended to enable minification and obfuscation to reduce APK size and improve security.🔎 Proposed adjustment for production releases
buildTypes { release { - minifyEnabled false + minifyEnabled true proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' } }Note: Enabling minification requires thorough testing and may require ProGuard/R8 rule adjustments.
apps/mobile/android/app/src/main/AndroidManifest.xml (1)
4-6: Consider disablingallowBackupfor apps storing sensitive auth tokens.With
android:allowBackup="true", app data (including preferences) may be included in device backups. While JWT tokens are stored via SecureStorage (Keystore), the device-id in Preferences could leak. For sensitive apps, consider settingandroid:allowBackup="false"or configuringandroid:fullBackupContentto exclude sensitive data.apps/mobile/src/bridge.ts (3)
70-70: Use the declared Window augmentation instead ofanycast.The file already declares
Window.mobilein the global augmentation (lines 284-288). Use the proper type instead of casting toany.🔎 Proposed fix
- (window as any).mobile = { + const mobileAPI: MobileAPI = { // Platform information platform: Capacitor.getPlatform() as 'ios' | 'android' | 'web', // ... rest of implementation }; + window.mobile = mobileAPI;Based on coding guidelines: "Never use
anytypes".
161-170: Event listeners are added but never removed; potential memory leak.The
onStateChangeandonBackButtonmethods add listeners without returning a cleanup function. Callers cannot unsubscribe, which may cause memory leaks or stale callbacks.🔎 Proposed fix - return cleanup handles
onStateChange: (callback: (state: { isActive: boolean }) => void) => { - App.addListener('appStateChange', callback); + const handle = App.addListener('appStateChange', callback); + return () => handle.then(h => h.remove()); }, onBackButton: (callback: () => void) => { - App.addListener('backButton', callback); + const handle = App.addListener('backButton', callback); + return () => handle.then(h => h.remove()); },Update the
MobileAPIinterface accordingly to return cleanup functions.
185-194: Keyboard listeners also lack cleanup mechanism.Similar to app lifecycle listeners, keyboard event handlers should return a way to unsubscribe.
📜 Review details
Configuration used: defaults
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (32)
apps/mobile/android/app/src/main/res/drawable-land-hdpi/splash.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/drawable-land-mdpi/splash.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/drawable-land-xhdpi/splash.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/drawable-land-xxhdpi/splash.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/drawable-land-xxxhdpi/splash.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/drawable-port-hdpi/splash.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/drawable-port-mdpi/splash.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/drawable-port-xhdpi/splash.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/drawable-port-xxhdpi/splash.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/drawable-port-xxxhdpi/splash.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/drawable/splash.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-hdpi/ic_launcher.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-hdpi/ic_launcher_foreground.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-hdpi/ic_launcher_round.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-mdpi/ic_launcher.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-mdpi/ic_launcher_foreground.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-mdpi/ic_launcher_round.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-xhdpi/ic_launcher.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-xhdpi/ic_launcher_foreground.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-xhdpi/ic_launcher_round.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-xxhdpi/ic_launcher.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-xxhdpi/ic_launcher_foreground.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-xxxhdpi/ic_launcher.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-xxxhdpi/ic_launcher_foreground.pngis excluded by!**/*.pngapps/mobile/android/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.pngis excluded by!**/*.pngapps/mobile/android/gradle/wrapper/gradle-wrapper.jaris excluded by!**/*.jarapps/mobile/ios/App/App/Assets.xcassets/AppIcon.appiconset/AppIcon-512@2x.pngis excluded by!**/*.pngapps/mobile/ios/App/App/Assets.xcassets/Splash.imageset/splash-2732x2732-1.pngis excluded by!**/*.pngapps/mobile/ios/App/App/Assets.xcassets/Splash.imageset/splash-2732x2732-2.pngis excluded by!**/*.pngapps/mobile/ios/App/App/Assets.xcassets/Splash.imageset/splash-2732x2732.pngis excluded by!**/*.pngpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (45)
apps/mobile/.gitignoreapps/mobile/README.mdapps/mobile/android/.gitignoreapps/mobile/android/app/.gitignoreapps/mobile/android/app/build.gradleapps/mobile/android/app/capacitor.build.gradleapps/mobile/android/app/proguard-rules.proapps/mobile/android/app/src/androidTest/java/com/getcapacitor/myapp/ExampleInstrumentedTest.javaapps/mobile/android/app/src/main/AndroidManifest.xmlapps/mobile/android/app/src/main/java/com/pagespace/app/MainActivity.javaapps/mobile/android/app/src/main/res/drawable-v24/ic_launcher_foreground.xmlapps/mobile/android/app/src/main/res/drawable/ic_launcher_background.xmlapps/mobile/android/app/src/main/res/layout/activity_main.xmlapps/mobile/android/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xmlapps/mobile/android/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xmlapps/mobile/android/app/src/main/res/values/ic_launcher_background.xmlapps/mobile/android/app/src/main/res/values/strings.xmlapps/mobile/android/app/src/main/res/values/styles.xmlapps/mobile/android/app/src/main/res/xml/file_paths.xmlapps/mobile/android/app/src/test/java/com/getcapacitor/myapp/ExampleUnitTest.javaapps/mobile/android/build.gradleapps/mobile/android/capacitor.settings.gradleapps/mobile/android/gradle.propertiesapps/mobile/android/gradle/wrapper/gradle-wrapper.propertiesapps/mobile/android/gradlewapps/mobile/android/gradlew.batapps/mobile/android/settings.gradleapps/mobile/android/variables.gradleapps/mobile/capacitor.config.tsapps/mobile/ios/.gitignoreapps/mobile/ios/App/App.xcodeproj/project.pbxprojapps/mobile/ios/App/App.xcworkspace/xcshareddata/IDEWorkspaceChecks.plistapps/mobile/ios/App/App/AppDelegate.swiftapps/mobile/ios/App/App/Assets.xcassets/AppIcon.appiconset/Contents.jsonapps/mobile/ios/App/App/Assets.xcassets/Contents.jsonapps/mobile/ios/App/App/Assets.xcassets/Splash.imageset/Contents.jsonapps/mobile/ios/App/App/Base.lproj/LaunchScreen.storyboardapps/mobile/ios/App/App/Base.lproj/Main.storyboardapps/mobile/ios/App/App/Info.plistapps/mobile/ios/App/Podfileapps/mobile/package.jsonapps/mobile/src/bridge.tsapps/mobile/src/index.tsapps/mobile/tsconfig.jsonapps/mobile/www/index.html
🧰 Additional context used
📓 Path-based instructions (3)
**/*.{ts,tsx,js,jsx,json}
📄 CodeRabbit inference engine (AGENTS.md)
Format code with Prettier
Files:
apps/mobile/ios/App/App/Assets.xcassets/AppIcon.appiconset/Contents.jsonapps/mobile/src/index.tsapps/mobile/package.jsonapps/mobile/ios/App/App/Assets.xcassets/Splash.imageset/Contents.jsonapps/mobile/tsconfig.jsonapps/mobile/ios/App/App/Assets.xcassets/Contents.jsonapps/mobile/src/bridge.tsapps/mobile/capacitor.config.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx}: Never useanytypes - always use proper TypeScript types
Use camelCase for variable and function names
Use UPPER_SNAKE_CASE for constants
Use PascalCase for type and enum names
Use kebab-case for filenames, except React hooks (camelCase withuseprefix), Zustand stores (camelCase withuseprefix), and React components (PascalCase)
Lint with Next/ESLint as configured inapps/web/eslint.config.mjs
Message content should always use the message parts structure with{ parts: [{ type: 'text', text: '...' }] }
Use centralized permission functions from@pagespace/lib/permissions(e.g.,getUserAccessLevel,canUserEditPage) instead of implementing permission logic locally
Always use Drizzle client from@pagespace/dbpackage for database access
Use ESM modules throughout the codebase
**/*.{ts,tsx}: Never useanytypes - always use proper TypeScript types
Write code that is explicit over implicit and self-documenting
Files:
apps/mobile/src/index.tsapps/mobile/src/bridge.tsapps/mobile/capacitor.config.ts
**/*.ts
📄 CodeRabbit inference engine (AGENTS.md)
**/*.ts: React hook files should use camelCase matching the exported hook name (e.g.,useAuth.ts)
Zustand store files should use camelCase withuseprefix (e.g.,useAuthStore.ts)
Files:
apps/mobile/src/index.tsapps/mobile/src/bridge.tsapps/mobile/capacitor.config.ts
🧠 Learnings (16)
📚 Learning: 2025-12-14T14:54:45.713Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-14T14:54:45.713Z
Learning: PageSpace has 17 specialized domain expert agents covering authentication, database, permissions, real-time collaboration, monitoring, AI systems, content management, file processing, search, frontend architecture, editors, canvas, API routes, and MCP integration
Applied to files:
apps/mobile/www/index.html
📚 Learning: 2025-12-14T14:54:45.713Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-14T14:54:45.713Z
Learning: This is a monorepo using pnpm workspaces with structure: `apps/web` (Next.js frontend/backend), `apps/realtime` (Socket.IO service), `apps/processor` (Express file/OCR pipeline), `packages/db` (Drizzle ORM), `packages/lib` (shared utilities)
Applied to files:
apps/mobile/.gitignoreapps/mobile/README.md
📚 Learning: 2025-12-14T14:54:45.713Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-14T14:54:45.713Z
Learning: Applies to **/*.{ts,tsx} : Keep commits and diffs minimal and focused on specific changes
Applied to files:
apps/mobile/ios/.gitignoreapps/mobile/android/app/.gitignoreapps/mobile/tsconfig.json
📚 Learning: 2025-12-22T20:04:40.892Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-22T20:04:40.892Z
Learning: Run `pnpm build`, `pnpm typecheck`, and relevant `db:*` tasks before opening a pull request
Applied to files:
apps/mobile/android/app/.gitignore
📚 Learning: 2025-12-14T14:54:38.009Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-14T14:54:38.009Z
Learning: Applies to **/__tests__/**/*.test.ts : Unit tests should be placed next to source files or in `__tests__/` directories with `*.test.ts` extension. Add a `test` script to the package and run with `pnpm --filter <pkg> test`
Applied to files:
apps/mobile/android/app/.gitignore
📚 Learning: 2025-12-22T20:04:40.892Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-22T20:04:40.892Z
Learning: Applies to **/*.{ts,tsx} : Lint with Next/ESLint as configured in `apps/web/eslint.config.mjs`
Applied to files:
apps/mobile/android/app/.gitignoreapps/mobile/tsconfig.json
📚 Learning: 2025-12-14T14:54:38.009Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-14T14:54:38.009Z
Learning: Applies to **/*.{ts,tsx} : Use ESM modules and enforce TypeScript strict mode
Applied to files:
apps/mobile/tsconfig.json
📚 Learning: 2025-12-14T14:54:38.009Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-14T14:54:38.009Z
Learning: Applies to apps/web/{app,components,lib,src}/**/*.{ts,tsx,js,jsx} : Code must be formatted with Prettier and linted with Next/ESLint as configured in `apps/web/eslint.config.mjs`
Applied to files:
apps/mobile/tsconfig.json
📚 Learning: 2025-12-22T20:04:40.892Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-22T20:04:40.892Z
Learning: Applies to **/*.{ts,tsx} : Use ESM modules throughout the codebase
Applied to files:
apps/mobile/tsconfig.json
📚 Learning: 2025-12-14T14:54:45.713Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-14T14:54:45.713Z
Learning: Applies to **/*.{ts,tsx} : Format code with Prettier and lint with Next/ESLint (lint config at `apps/web/eslint.config.mjs`)
Applied to files:
apps/mobile/tsconfig.json
📚 Learning: 2025-12-23T18:49:41.955Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-23T18:49:41.955Z
Learning: Applies to apps/web/src/**/*.{ts,tsx} : Use Next.js 15 App Router and TypeScript for all routes and components
Applied to files:
apps/mobile/tsconfig.json
📚 Learning: 2025-12-14T14:54:45.713Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-14T14:54:45.713Z
Learning: Use TypeScript strict mode and ESM modules throughout the codebase
Applied to files:
apps/mobile/tsconfig.json
📚 Learning: 2025-12-23T18:49:41.955Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-23T18:49:41.955Z
Learning: Applies to apps/web/src/**/*.{ts,tsx} : Use message parts structure for message content: `{ parts: [{ type: 'text', text: '...' }] }`
Applied to files:
apps/mobile/tsconfig.json
📚 Learning: 2025-12-22T20:04:40.892Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-22T20:04:40.892Z
Learning: Applies to **/*ai*.{ts,tsx} : Use Vercel AI SDK for AI integrations
Applied to files:
apps/mobile/tsconfig.json
📚 Learning: 2025-12-22T20:04:40.892Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-22T20:04:40.892Z
Learning: Applies to **/*.{ts,tsx,js,jsx,json} : Format code with Prettier
Applied to files:
apps/mobile/tsconfig.json
📚 Learning: 2025-12-22T20:04:40.892Z
Learnt from: CR
Repo: 2witstudios/PageSpace PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-22T20:04:40.892Z
Learning: Applies to **/*.{tsx,css} : Use Tailwind CSS and shadcn/ui components for styling and UI
Applied to files:
apps/mobile/tsconfig.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Unit Tests
🔇 Additional comments (35)
apps/mobile/android/app/.gitignore (1)
1-2: LGTM!Standard Android build output ignore pattern that correctly excludes generated artifacts while preserving the directory structure marker.
apps/mobile/ios/App/App/Assets.xcassets/Contents.json (1)
1-6: LGTM!Standard Xcode-generated asset catalog metadata with correct structure.
apps/mobile/ios/App/App.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist (1)
1-8: LGTM!Standard Xcode workspace configuration that suppresses 32-bit architecture warnings.
apps/mobile/.gitignore (1)
1-28: LGTM!Comprehensive and well-organized mobile project ignore patterns covering all necessary build artifacts, IDE files, and platform-specific directories.
apps/mobile/ios/App/App/Assets.xcassets/AppIcon.appiconset/Contents.json (1)
1-14: LGTM!Standard iOS app icon asset catalog with correct universal configuration and proper 1024x1024 size specification.
apps/mobile/android/gradlew.bat (1)
1-94: LGTM!Standard Gradle wrapper script for Windows with proper Apache 2.0 licensing. This is generated by Gradle and should not be modified manually.
apps/mobile/ios/App/App/Assets.xcassets/Splash.imageset/Contents.json (1)
1-23: LGTM!Standard iOS splash screen asset catalog with proper scale variants (1x, 2x, 3x) for different device resolutions.
apps/mobile/android/app/capacitor.build.gradle (2)
10-23: LGTM!Standard Capacitor plugin dependencies and build configuration. The postBuildExtras hook allows for optional custom build logic if needed.
3-8: Java 21 is fully supported by your Android Gradle Plugin 8.7.2 and Gradle 8.11.1, so no compatibility issues exist with this configuration. Since this file is auto-generated by Capacitor, manual modifications should be avoided unless you need to adjust the Java version requirement.apps/mobile/ios/App/App/AppDelegate.swift (1)
1-49: LGTM!The AppDelegate correctly integrates Capacitor's URL handling for deep links and universal links. The implementation follows Capacitor's standard pattern and properly delegates to
ApplicationDelegateProxy.apps/mobile/README.md (1)
1-81: LGTM!The documentation is comprehensive and well-structured. It clearly covers:
- Quick start steps for both platforms
- Development workflow with local testing
- Architecture overview with API parity table
- Release build instructions
- Deep link handling
The instructions align with the Capacitor setup and match the PR objectives.
apps/mobile/ios/App/Podfile (2)
1-19: Verify the hardcoded pnpm paths are maintained by Capacitor tooling.The Podfile contains hardcoded paths to pnpm's
.pnpmdirectory with specific version numbers (e.g.,@capacitor+ios@7.4.4_@capacitor+core@7.4.4). These paths will break if:
- Dependencies are updated to new versions
- pnpm cache structure changes
- The lockfile is regenerated
Ensure these paths are automatically regenerated by Capacitor's sync command (
pnpm sync) and document this requirement if manual updates are ever needed.
3-3: Consider whether iOS 14.0 minimum is appropriate.The minimum iOS version is set to 14.0 (released September 2020). Depending on your target audience:
- iOS 15.0+ covers ~95% of active devices (as of late 2024)
- iOS 14.0 support may limit access to newer APIs
Verify this aligns with your support requirements.
apps/mobile/android/gradlew (1)
1-252: LGTM!This is the standard Gradle wrapper script generated by Gradle. Ensure the file has executable permissions:
chmod +x apps/mobile/android/gradlewapps/mobile/android/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml (1)
1-5: LGTM!The adaptive icon configuration is correctly structured for Android API 26+, with proper resource references to the background color and foreground drawable.
apps/mobile/android/app/src/main/res/values/strings.xml (1)
1-7: LGTM!String resources are correctly defined with consistent values matching the app identity and package structure.
apps/mobile/android/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml (1)
1-5: LGTM!The round launcher icon configuration correctly mirrors the standard launcher icon structure, which is the expected pattern for Android adaptive icons.
apps/mobile/android/app/src/main/java/com/pagespace/app/MainActivity.java (1)
1-5: LGTM!The minimal MainActivity extending Capacitor's BridgeActivity is the standard pattern for Capacitor apps. The framework handles WebView initialization and plugin management automatically.
apps/mobile/tsconfig.json (1)
1-18: LGTM!The TypeScript configuration correctly implements the required standards: ESM modules (
module: "ESNext"), strict mode enabled, and proper compiler options for the mobile app build. The configuration aligns with the project's TypeScript conventions.Based on learnings, ESM modules and strict mode are enforced.
apps/mobile/android/app/src/main/res/values/ic_launcher_background.xml (1)
1-4: LGTM!The launcher background color resource is correctly defined and properly referenced by the adaptive icon configurations.
apps/mobile/android/app/src/main/res/layout/activity_main.xml (1)
9-11: The WebView layout follows Capacitor's expected pattern.Capacitor's
BridgeActivityautomatically discovers and manages the WebView programmatically, so theandroid:idattribute is not required. The current layout withmatch_parentdimensions for width and height aligns with Capacitor's Android best practices.apps/mobile/ios/App/App/Base.lproj/Main.storyboard (1)
1-19: LGTM!The storyboard configuration correctly uses
CAPBridgeViewControllerfrom the Capacitor module, which is the standard setup for Capacitor iOS apps.apps/mobile/ios/.gitignore (1)
1-13: LGTM!The ignore patterns comprehensively cover iOS build artifacts, CocoaPods dependencies, and Capacitor-generated files, which is appropriate for this mobile app setup.
apps/mobile/android/gradle.properties (1)
1-22: LGTM!The Gradle properties are appropriately configured with reasonable JVM memory settings and AndroidX support enabled, which is standard for modern Android projects.
apps/mobile/src/index.ts (1)
1-17: LGTM!The initialization logic correctly handles both scenarios: DOM still loading and DOM already loaded. This ensures the mobile bridge initializes exactly once when the DOM is ready, avoiding race conditions. The code follows TypeScript best practices and coding guidelines.
apps/mobile/android/app/src/androidTest/java/com/getcapacitor/myapp/ExampleInstrumentedTest.java (1)
24-24: Fix package name mismatch in test assertion.The test asserts the package name is
"com.getcapacitor.app", but the test class itself is in packagecom.getcapacitor.myapp(line 1). This mismatch will cause the test to fail. Ensure both the package declaration and the assertion use the same package identifier that matches your actual app configuration.🔎 Verification script to find the actual app package name
#!/bin/bash # Find the actual package name configured in the app echo "=== Checking AndroidManifest.xml for package name ===" rg -n "package=" apps/mobile/android/app/src/main/AndroidManifest.xml echo -e "\n=== Checking build.gradle for applicationId ===" rg -n "applicationId" apps/mobile/android/app/build.gradle⛔ Skipped due to learnings
Learnt from: CR Repo: 2witstudios/PageSpace PR: 0 File: AGENTS.md:0-0 Timestamp: 2025-12-14T14:54:38.009Z Learning: Applies to **/__tests__/**/*.test.ts : Unit tests should be placed next to source files or in `__tests__/` directories with `*.test.ts` extension. Add a `test` script to the package and run with `pnpm --filter <pkg> test`apps/mobile/android/app/proguard-rules.pro (1)
8-13: The commented ProGuard template is not applicable to this project. The app uses the Capacitor framework, which provides a built-in WebView bridge, rather than implementing a custom JavaScript interface. Additionally, ProGuard/R8 obfuscation is disabled in the build configuration (minifyEnabled false), making these preservation rules inactive in release builds. No additional ProGuard configuration is needed for JavaScript bridge functionality.Likely an incorrect or invalid review comment.
apps/mobile/ios/App/App/Base.lproj/LaunchScreen.storyboard (1)
1-32: LGTM!The launch screen storyboard configuration is standard and properly references the Splash image asset. The layout uses safe areas and modern iOS practices.
apps/mobile/android/capacitor.settings.gradle (1)
1-18: LGTM! This is a generated file.This file is correctly marked as auto-generated by Capacitor and should not be manually edited. The hardcoded pnpm paths with version hashes are expected for generated Gradle module mappings.
apps/mobile/android/settings.gradle (1)
1-5: LGTM!The settings configuration correctly includes the app module and Capacitor plugins, and properly applies the generated capacitor.settings.gradle file.
apps/mobile/android/app/build.gradle (1)
47-54: LGTM! Good pattern for conditional plugin application.The try-catch block for conditionally applying the Google Services plugin is well-implemented, providing clear feedback when the configuration file is missing while preventing build failures.
apps/mobile/capacitor.config.ts (1)
1-65: AddPAGESPACE_URLto.env.examplefor clarity.The
process.env.PAGESPACE_URLaccess is evaluated at build time whencap syncruns (Capacitor CLI reads and processes the TypeScript config in Node), not at app runtime, so it's available as expected. However,PAGESPACE_URLis missing from.env.example, which should document this required/optional environment variable for developers setting up the mobile build.Likely an incorrect or invalid review comment.
apps/mobile/ios/App/App.xcodeproj/project.pbxproj (1)
1-408: Standard Capacitor-generated Xcode project configuration.This is boilerplate configuration generated by Capacitor. iOS 14.0 deployment target and Swift 5.0 are appropriate choices. The CocoaPods integration and build phases are correctly configured.
apps/mobile/src/bridge.ts (2)
42-48: Deep link listener setup looks correct.The
appUrlOpenlistener is properly awaited during initialization and delegates to the registered callback.
229-244: Device ID generation and persistence is well-implemented.Uses
crypto.randomUUID()with proper fallback, and persists to Preferences for consistency across sessions.
| #*.jks | ||
| #*.keystore |
There was a problem hiding this comment.
Uncomment keystore ignore rules to prevent credential leaks.
Keystore files contain signing credentials and should never be committed to version control. Uncommenting these lines is essential for security.
🔎 Proposed fix
# Keystore files
# Uncomment the following lines if you do not want to check your keystore files in.
-#*.jks
-#*.keystore
+*.jks
+*.keystore🤖 Prompt for AI Agents
In apps/mobile/android/.gitignore around lines 57 to 58, the keystore ignore
rules are commented out which risks committing signing credentials; uncomment
the lines so the file ignores *.jks and *.keystore, then if any keystore files
were already tracked remove them from git tracking (git rm --cached <file>) and
commit the updated .gitignore to ensure keystore files are no longer stored in
the repo.
| <intent-filter> | ||
| <action android:name="android.intent.action.MAIN" /> | ||
| <category android:name="android.intent.category.LAUNCHER" /> | ||
| </intent-filter> | ||
|
|
There was a problem hiding this comment.
Missing deep link intent-filter for pagespace:// URLs.
The PR description mentions deep link support for pagespace:// URLs, but the manifest only has the MAIN/LAUNCHER intent-filter. Add a VIEW intent-filter to handle deep links.
🔎 Proposed fix to add deep link handling
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
+
+ <intent-filter>
+ <action android:name="android.intent.action.VIEW" />
+ <category android:name="android.intent.category.DEFAULT" />
+ <category android:name="android.intent.category.BROWSABLE" />
+ <data android:scheme="pagespace" />
+ </intent-filter>🤖 Prompt for AI Agents
In apps/mobile/android/app/src/main/AndroidManifest.xml around lines 20-24, the
activity only has the MAIN/LAUNCHER intent-filter and is missing a VIEW
intent-filter to handle pagespace:// deep links; add a new intent-filter with
action android.intent.action.VIEW, categories android.intent.category.DEFAULT
and android.intent.category.BROWSABLE, and a <data> element specifying
android:scheme="pagespace" (optionally include host and path/pathPrefix if you
need specific routes) so the app will receive pagespace:// URLs.
| <!-- Base application theme. --> | ||
| <style name="AppTheme" parent="Theme.AppCompat.Light.DarkActionBar"> | ||
| <!-- Customize your theme here. --> | ||
| <item name="colorPrimary">@color/colorPrimary</item> | ||
| <item name="colorPrimaryDark">@color/colorPrimaryDark</item> | ||
| <item name="colorAccent">@color/colorAccent</item> | ||
| </style> | ||
|
|
||
| <style name="AppTheme.NoActionBar" parent="Theme.AppCompat.DayNight.NoActionBar"> | ||
| <item name="windowActionBar">false</item> | ||
| <item name="windowNoTitle">true</item> | ||
| <item name="android:background">@null</item> | ||
| </style> | ||
|
|
||
|
|
||
| <style name="AppTheme.NoActionBarLaunch" parent="Theme.SplashScreen"> | ||
| <item name="android:background">@drawable/splash</item> | ||
| </style> |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify color resources exist
echo "=== Checking for color resources ==="
find apps/mobile/android/app/src/main/res/values* -name "colors.xml" -o -name "color.xml" 2>/dev/null | head -5
echo -e "\n=== Content of color resource files ==="
find apps/mobile/android/app/src/main/res/values* -name "colors.xml" -o -name "color.xml" 2>/dev/null -exec cat {} \;
echo -e "\n=== Checking for splash drawable ==="
find apps/mobile/android/app/src/main/res/drawable* -name "*splash*" 2>/dev/null
echo -e "\n=== Checking for SplashScreen dependency in gradle files ==="
find apps/mobile/android -name "*.gradle" -o -name "*.toml" 2>/dev/null | xargs grep -l "core-splashscreen\|SplashScreen" 2>/dev/null | head -5
echo -e "\n=== Content of build.gradle files ==="
find apps/mobile/android/app -name "build.gradle*" 2>/dev/null -exec echo "File: {}" \; -exec cat {} \;Repository: 2witstudios/PageSpace
Length of output: 3263
Define missing color resources to avoid build failure.
The styles.xml file references three color resources that are not defined:
@color/colorPrimary@color/colorPrimaryDark@color/colorAccent
Create a colors.xml file in apps/mobile/android/app/src/main/res/values/ with these color definitions. Without these, the build will fail when the styles are applied.
The splash drawable and SplashScreen dependency are correctly in place.
🤖 Prompt for AI Agents
In apps/mobile/android/app/src/main/res/values/styles.xml around lines 4 to 21,
styles reference @color/colorPrimary, @color/colorPrimaryDark and
@color/colorAccent which are missing; create a new file
apps/mobile/android/app/src/main/res/values/colors.xml and add definitions for
these three color resources (e.g. hex values of your design system or temporary
placeholders) so the resources resolve and the build no longer fails when
applying the theme.
| <external-path name="my_images" path="." /> | ||
| <cache-path name="my_cache_images" path="." /> |
There was a problem hiding this comment.
Overly permissive FileProvider paths pose a security risk.
Both external-path and cache-path use path=".", which grants access to the entire external storage root and cache directory respectively. This violates the principle of least privilege and could expose sensitive files or allow unintended file access.
Consider restricting paths to specific subdirectories needed by the app, for example:
- <external-path name="my_images" path="." />
- <cache-path name="my_cache_images" path="." />
+ <external-path name="my_images" path="Pictures/" />
+ <cache-path name="my_cache_images" path="images/" />📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| <external-path name="my_images" path="." /> | |
| <cache-path name="my_cache_images" path="." /> | |
| <external-path name="my_images" path="Pictures/" /> | |
| <cache-path name="my_cache_images" path="images/" /> |
| classpath 'com.android.tools.build:gradle:8.7.2' | ||
| classpath 'com.google.gms:google-services:4.4.2' |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
Android Gradle Plugin 8.7.2 latest version December 2025 security advisories
💡 Result:
Short answer: I found no public security advisories specifically affecting Android Gradle Plugin (AGP) 8.7.2 as of December 28, 2025. AGP 8.7.2 was distributed with Android Studio Ladybug Patch 2 (release notes list AGP 8.7.2 and the fixed issues), and there are no AGP-specific CVE/security advisories listed on the Android Studio/AGP release pages. [1][2]
Sources:
- Android Studio — fixed-bugs / Ladybug (lists AGP 8.7.2 release). [1]
- Android Developers — Android Gradle plugin version/Gradle mapping and release listings. [2]
If you want, I can:
- search CVE databases (NVD, GitHub Security Advisories) for any AGP-related CVEs and report results, or
- monitor and notify you if a new advisory appears.
🌐 Web query:
com.google.gms google-services 4.4.2 latest version December 2025 security vulnerabilities
💡 Result:
Short answer: com.google.gms:google-services 4.4.2 (released May 30, 2024) has known dependency CVEs reported by Maven listings; Google’s docs show newer plugin versions (4.4.4). You should upgrade to the latest google-services plugin (4.4.4) and follow Android security bulletins for platform fixes. (mvnrepository.com)
Details (concise):
- Version 4.4.2 metadata (May 30, 2024) lists vulnerabilities in its dependencies (examples shown: CVE-2023-2976, CVE-2022-25647, CVE-2020-8908). (mvnrepository.com)
- Google’s official Google Services Gradle Plugin docs reference a newer plugin (example doc shows classpath 'com.google.gms:google-services:4.4.4'). Upgrade there. (developers.google.com)
- No dedicated Google security advisory specifically naming 4.4.2 was found; for platform/Android-level critical issues see the December 2025 Android Security Bulletin (for device/platform vulnerabilities). (source.android.com)
Recommended action:
- Upgrade your project to the latest google-services plugin (4.4.4) and rebuild. Verify transitive dependency CVEs (use your SBOM/owasp-dependency-check or SCA tool) and apply fixes. (developers.google.com)
If you want, I can:
- check the exact release notes/changelog for 4.4.4 and any CVE fixes, or
- run an SCA (dependency scan) on your build.gradle to list transitive vulnerable artifacts. Which would you prefer?
Citations:
- 1: https://mvnrepository.com/artifact/com.google.gms/google-services/4.4.2?utm_source=openai
- 2: https://mvnrepository.com/artifact/com.google.gms/google-services/4.4.2?utm_source=openai
- 3: https://developers.google.com/android/guides/google-services-plugin?utm_source=openai
- 4: https://source.android.com/docs/security/bulletin/2025-12-01?utm_source=openai
- 5: https://developers.google.com/android/guides/google-services-plugin?utm_source=openai
Upgrade google-services plugin to 4.4.4 to address outdated dependencies with known CVEs.
Android Gradle Plugin 8.7.2 is current and has no known security advisories. However, Google Services plugin 4.4.2 (released May 30, 2024) is outdated and contains transitive dependencies with known CVEs (CVE-2023-2976, CVE-2022-25647, CVE-2020-8908). Upgrade to com.google.gms:google-services:4.4.4, which is the current recommended version per official Google documentation.
🤖 Prompt for AI Agents
In apps/mobile/android/build.gradle around lines 10 to 11, the Google Services
Gradle plugin is pinned to com.google.gms:google-services:4.4.2 which contains
transitive dependencies with known CVEs; update this dependency to
com.google.gms:google-services:4.4.4 to resolve those vulnerabilities, run a
Gradle sync/build to verify compatibility, and commit the version bump.
| "dependencies": { | ||
| "@capacitor/android": "^7.0.0", | ||
| "@capacitor/app": "^7.0.0", | ||
| "@capacitor/core": "^7.0.0", | ||
| "@capacitor/ios": "^7.0.0", | ||
| "@capacitor/keyboard": "^7.0.0", | ||
| "@capacitor/preferences": "^7.0.0", | ||
| "@capacitor/status-bar": "^7.0.0", | ||
| "@aparajita/capacitor-secure-storage": "^6.0.0" | ||
| }, |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
@aparajita/capacitor-secure-storage npm compatibility with Capacitor 7
💡 Result:
Yes — @aparajita/capacitor-secure-storage is a Capacitor 7+ plugin. The package README and npm listing state it targets Capacitor 7 (current releases are 7.x). Note the plugin's breaking-change requirements: minimum iOS 14.0 and minimum Android API 23. [1][2]
Sources:
- GitHub README (capacitor-secure-storage — "This plugin for Capacitor 7"). [1]
- npm package page (version 7.x; package description). [2]
Update @aparajita/capacitor-secure-storage to version 7.x for consistency with Capacitor 7.
The plugin is available in version 7.x, which aligns with the Capacitor 7 ecosystem. Consider updating from ^6.0.0 to ^7.0.0 to maintain consistency across dependencies.
🤖 Prompt for AI Agents
In apps/mobile/package.json around lines 22 to 31, the
@aparajita/capacitor-secure-storage dependency is pinned to ^6.0.0 while the
rest of Capacitor packages are at 7.x; update the dependency version to ^7.0.0
to align with Capacitor 7. Ensure package.json dependency entry for
@aparajita/capacitor-secure-storage is changed from ^6.0.0 to ^7.0.0 and run npm
install (or yarn) and verify build/compatibility after the upgrade.
| // Configure keyboard behavior | ||
| if (Capacitor.isNativePlatform()) { | ||
| try { | ||
| await Keyboard.setResizeMode({ mode: 'body' as any }); |
There was a problem hiding this comment.
Avoid any type cast; use proper Capacitor keyboard resize mode.
Per coding guidelines, any types should not be used. The Capacitor Keyboard plugin's KeyboardResize enum should be used instead.
🔎 Proposed fix
+import { Keyboard, KeyboardResize } from '@capacitor/keyboard';
-import { Keyboard } from '@capacitor/keyboard';- await Keyboard.setResizeMode({ mode: 'body' as any });
+ await Keyboard.setResizeMode({ mode: KeyboardResize.Body });Based on coding guidelines: "Never use any types - always use proper TypeScript types".
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| await Keyboard.setResizeMode({ mode: 'body' as any }); | |
| await Keyboard.setResizeMode({ mode: KeyboardResize.Body }); |
🤖 Prompt for AI Agents
In apps/mobile/src/bridge.ts around line 63, the call awaits
Keyboard.setResizeMode({ mode: 'body' as any }) uses an any cast; replace it
with the proper Capacitor enum by importing KeyboardResize from
@capacitor/keyboard and pass KeyboardResize.Body (i.e. await
Keyboard.setResizeMode({ mode: KeyboardResize.Body })); add the KeyboardResize
import at the top of the file and remove the any cast.
| getSession: async (): Promise<StoredAuthSession | null> => { | ||
| try { | ||
| // @aparajita/capacitor-secure-storage uses simpler API: get(key) | ||
| const value = await SecureStorage.get(AUTH_SESSION_KEY); | ||
| if (!value) return null; | ||
| // The plugin auto-parses JSON, but we stored as string | ||
| if (typeof value === 'string') { | ||
| return JSON.parse(value) as StoredAuthSession; | ||
| } | ||
| return value as StoredAuthSession; | ||
| } catch (e) { | ||
| console.error('Failed to get session:', e); | ||
| return null; | ||
| } | ||
| }, |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# Find the mobile package.json to check dependency version
find apps/mobile -name "package.json" -type f -exec cat {} \;Repository: 2witstudios/PageSpace
Length of output: 1048
🏁 Script executed:
# Examine the actual bridge.ts file to see full context
cat -n apps/mobile/src/bridge.ts | head -130Repository: 2witstudios/PageSpace
Length of output: 4837
🌐 Web query:
@aparajita/capacitor-secure-storage version 6 documentation get method return type
💡 Result:
The get method (v6) returns a Promise of the stored DataType — i.e. Promise<DataType | null>, where DataType is string | number | boolean | Object | any[] | Date | null (the plugin returns null for a missing key). [1][2]
Sources:
- README / API (aparajita/capacitor-secure-storage). [1]
- Changelog showing behavior (returns null for missing items since v3; v6 is an update to Capacitor 6). [2]
The comment on line 104 mischaracterizes the plugin behavior.
The @aparajita/capacitor-secure-storage v6 plugin does not auto-parse JSON—it returns the stored value as-is. Since the code stores as a JSON string (JSON.stringify on line 121), the retrieved value should always be a string (or null). The code correctly handles this with the typeof value === 'string' check on line 105. However, line 108's type assertion return value as StoredAuthSession lacks validation for cases where value is not a string—consider adding proper type guarding or removing the unsafe cast if it's unreachable.
| /** | ||
| * Helper to get mobile auth API | ||
| */ | ||
| function getMobileAuth() { | ||
| return (window as any).mobile?.auth; | ||
| } |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
getMobileAuth() returns any; circular reference is fragile.
This function accesses window.mobile.auth which creates a circular dependency during initialization. Additionally, it returns any violating type guidelines. The function is only called from getJWT() which could directly access SecureStorage.
🔎 Proposed fix - inline the session retrieval
getJWT: async (): Promise<string | null> => {
try {
- const session = await getMobileAuth().getSession();
- return session?.accessToken ?? null;
+ const value = await SecureStorage.get(AUTH_SESSION_KEY);
+ if (!value) return null;
+ const session = typeof value === 'string'
+ ? JSON.parse(value) as StoredAuthSession
+ : value as StoredAuthSession;
+ return session?.accessToken ?? null;
} catch (e) {
console.error('Failed to get JWT:', e);
return null;
}
},Then remove getMobileAuth() entirely (lines 246-251).
🤖 Prompt for AI Agents
In apps/mobile/src/bridge.ts around lines 246 to 251, remove the fragile
getMobileAuth() helper that returns any and creates a circular init dependency;
instead inline the session retrieval where getMobileAuth() is used (specifically
inside getJWT()), directly import/use SecureStorage with proper types to fetch
the session/token, update getJWT() to call SecureStorage.getItem or the
appropriate typed API and handle null/undefined cases, and then delete the
getMobileAuth() function declaration and any lingering any typings.
| @@ -0,0 +1 @@ | |||
| <\!DOCTYPE html><html><head><meta charset="utf-8"><title>PageSpace</title></head><body>Loading...</body></html> | |||
There was a problem hiding this comment.
Add script tag to initialize the mobile bridge and viewport meta tag.
The HTML file is missing critical elements:
-
Script tag to load the bridge: According to the PR summary,
src/bridge.tsandsrc/index.tsimplement the mobile bridge that exposeswindow.mobile. This needs to be loaded in the HTML. -
Viewport meta tag: Essential for proper mobile rendering.
🔎 Proposed fix
-<!DOCTYPE html><html><head><meta charset="utf-8"><title>PageSpace</title></head><body>Loading...</body></html>
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
+ <title>PageSpace</title>
+</head>
+<body>
+ <div id="root">Loading...</div>
+ <script type="module" src="../src/index.ts"></script>
+</body>
+</html>📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| <\!DOCTYPE html><html><head><meta charset="utf-8"><title>PageSpace</title></head><body>Loading...</body></html> | |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover"> | |
| <title>PageSpace</title> | |
| </head> | |
| <body> | |
| <div id="root">Loading...</div> | |
| <script type="module" src="../src/index.ts"></script> | |
| </body> | |
| </html> |
🤖 Prompt for AI Agents
In apps/mobile/www/index.html around line 1, the HTML is missing a viewport meta
tag and a script tag that loads the mobile bridge bundle which exposes
window.mobile; add a <meta name="viewport" content="width=device-width,
initial-scale=1"> inside the <head> and add a script tag just before </body>
that loads the compiled web bundle that registers the bridge (point it to your
build output that includes src/index.ts / src/bridge.ts, e.g. /assets/index.js)
— use type="module" if the bundle is an ES module.
Add apps/mobile with Capacitor setup for iOS and Android:
Summary by CodeRabbit
New Features
Chores
✏️ Tip: You can customize this high-level summary in your review settings.