new post

[rachellerathbone]

What

One-sentence summary of this PR.

Why

What problem this solves.

How

Brief technical approach.

Testing

What you tested and how to verify locally.

Checklist

• Follows the 7.04 open-source readiness checklist in project instructions
• No hardcoded secrets or internal-only references in user-facing content
• Lint, typecheck, and build pass locally
• Internal links and changed pages verified

What

Brief description of changes

Why

Why this change was needed

Testing

How to verify the changes

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
multicorn-learn	Ready	Preview, Comment	Mar 19, 2026 10:06pm

[github-actions]

multicorn-ops review

Persona	Role	Primary	Status	Summary
Jordan	Security Auditor	no	Passed	No security-sensitive changes; metadata, UI logic, and blog content only.
Priya	Open Source Contributor	no	Concern	The new blog post references model names and dates that may drift quickly, and there are no tests or storybook coverage for the updated InstallBanner logic.
Marcus	Design-Conscious Developer	yes	Concern	The InstallBanner flash-of-content risk is mitigated, but there is no visible loading or transition while standaloneChecked resolves, which could cause a jarring layout shift on slow devices.
Sarah	Non-Technical Decision-Maker	yes	Concern	The new tagline 'AI agent governance for production teams' uses jargon that may not resonate with non-technical evaluators.
The Team	Acquisition Due Diligence	no	Concern	Minor tech-debt signals: useLayoutEffect in a component that could be SSR-rendered, a future-dated blog post, and deletion of the SVG OG asset without confirming all referencing paths are updated.
Alex	Accessibility Advocate	yes	Concern	The OG SVG had explicit role, title, and desc attributes for accessibility; the replacement PNG has no alt text defined at the asset level and the inline alt text is marketing copy rather than descriptive.
Yuki	International User	yes	Concern	The blog post uses several English idioms and unexplained acronyms that will be hard to follow for non-native English readers.

Concerns

Priya (Open Source Contributor)

• components/InstallBanner.tsx - The standaloneChecked / isStandalone guard is logic-bearing but has no accompanying unit or integration test; a future refactor could silently break the install-prompt suppression.
• content/blog/what-minimax-m27-actually-does.mdx - Blog post date is '2026-03-20' which is in the future relative to any realistic merge date; this will confuse contributors and RSS consumers.

Marcus (Design-Conscious Developer)

• components/InstallBanner.tsx:57 - Returning null until standaloneChecked is true prevents incorrect rendering, but on first paint the banner slot collapses with no placeholder, which can cause a measurable layout shift (CLS). Consider a zero-height placeholder or an opacity transition instead of a hard null.
• app/layout.tsx - OG image switched from SVG (scalable, text-crisp) to a PNG; ensure the PNG is optimised and sharp at 2x retina to avoid blurry link previews in Slack/Twitter.

Sarah (Non-Technical Decision-Maker)

• app/layout.tsx:33 - 'AI agent governance for production teams' — 'governance' and 'production teams' are developer terms. A CEO scanning a link preview may not understand what the product does. The previous tagline 'trusted layer between humans and AI agents' was more evocative of safety and control.
• content/blog/what-minimax-m27-actually-does.mdx - The blog post is well-written but includes terms like 'SWE-Bench', 'MLE Bench Lite', 'RL scaffold', and 'OpenClaw' without explanation. A non-technical reader following a link to this blog from the marketing site would be lost.

The Team (Acquisition Due Diligence)

• components/InstallBanner.tsx:14 - useLayoutEffect will throw a React warning in SSR/Node environments. The component is marked 'use client' which prevents SSR execution, but if that directive is ever removed or the component is imported in a server context the app will error. Prefer useEffect with a synchronous initial read or a dedicated isClient guard.
• public/images/og-card.svg - Deleted without a search for other references to '/images/og-card.svg' across the codebase. If any page, sitemap, or email template hardcodes that path it will 404 silently.
• content/blog/what-minimax-m27-actually-does.mdx:3 - Date '2026-03-20' is in the future; if the blog list sorts by date this post may be mispositioned or hidden depending on implementation.

Alex (Accessibility Advocate)

• public/images/og-card.svg - The deleted SVG had role='img', aria-labelledby, <title>, and elements making it accessible as an inline or img-embedded graphic. The replacement PNG has no equivalent intrinsic accessibility metadata; ensure all usages of the new PNG carry a descriptive alt attribute, not just the OG meta alt.
• app/layout.tsx:44 - OG image alt text 'Multicorn - AI agent governance for production teams' reads as a tagline, not an image description. Screen readers that surface OG meta (e.g. some social previews) will not convey what is visually depicted. Prefer a descriptive alt like 'Multicorn dashboard showing agent permissions and audit trail'.
• components/InstallBanner.tsx - The InstallBanner itself has no ARIA role or live-region attribute; when it appears at the bottom of the screen a screen reader user may not be notified. Confirm role='region' or aria-live='polite' is present in the rendered markup (not visible in this diff).

Yuki (International User)

• content/blog/what-minimax-m27-actually-does.mdx:8 - 'the discourse immediately split into two camps' — idiom. Non-native readers may not parse 'camps' as meaning groups of opinion. Prefer: 'reactions fell into two groups'.
• content/blog/what-minimax-m27-actually-does.mdx:8 - 'Chinese AI hype' — culturally loaded phrase that may read as dismissive or confusing to readers in China or Asia. Consider 'overstated claims' instead.
• content/blog/what-minimax-m27-actually-does.mdx:28 - 'OpenClaw' is used without definition or a link. Readers unfamiliar with this tool have no way to look it up from context. Add a brief parenthetical or link on first use.
• content/blog/what-minimax-m27-actually-does.mdx:49 - 'technically passes evals but feels wrong for the product' — 'feels wrong' is vague and idiomatic. Prefer: 'passes automated checks but does not match product requirements'.

Open-Source Readiness Checklist

Code Quality

• All functions have clear, descriptive names — sync, handleBeforeInstall and other identifiers are reasonably descriptive for their scope.
• No hardcoded secrets, API keys, internal URLs, or employee names in code or comments — An author name 'Rachelle Rathbone' is hardcoded in the blog post frontmatter. This may be an employee or real person's name embedded in content/code.
• No // TODO without a public issue reference — No TODO comments found in the diff.
• No commented-out code blocks — No commented-out code blocks detected.
• No debug logging (console.log, println) left in — No debug logging statements found.
• All any types eliminated (TypeScript) — The only 'any'-adjacent pattern is the explicit navigator cast with an intersection type, which is intentional and typed.
• Error handling is complete — no swallowed exceptions, no empty catch blocks — No catch blocks introduced; prompt() call in InstallBanner is fire-and-forget but consistent with existing pattern.
• No Atlassian-internal references, no proprietary patterns or terminology — No Atlassian-internal references detected.

Testing

• All new code has tests — The useLayoutEffect standalone-detection logic in InstallBanner.tsx and the new blog post content have no accompanying test files in the diff.
• [~] Coverage meets or exceeds repo minimum — Coverage reports are not available in the diff.
• [~] Tests pass locally and in CI — CI results are not visible in the diff.
• Edge cases and error paths are tested — No tests for the new standalone detection branch (e.g. SSR/non-browser environments where window is undefined, or matchMedia not available).
• [~] No flaky tests — Cannot assess flakiness from the diff alone.

Security

• No secrets in code, comments, config files, or git history — No secrets or keys detected.
• [~] All user input is validated — No user input handling introduced in this diff.
• [~] Dependencies audited — no known vulnerabilities — No dependency changes in the diff.
• HTTPS enforced for all external communication — All URLs reference https://multicorn.ai and external links in the blog post use HTTPS.
• API keys/tokens never logged — No logging of tokens or keys.

Documentation

• [~] README.md is accurate and up to date — README.md not included in the diff; cannot verify.
• [~] CONTRIBUTING.md is accurate and up to date — CONTRIBUTING.md not included in the diff.
• CHANGELOG.md updated with this change — No CHANGELOG.md update present in the diff.
• [~] New public APIs have JSDoc/KDoc with examples — No new public APIs introduced.
• [~] Any new config options are documented — No new config options introduced.
• [~] Architecture decisions documented in ADR if significant — Changes are minor UI/metadata updates; no ADR required.

Open Source Hygiene

• [~] Licence header present in source files (if required by licence) — Cannot determine if licence headers are required without the project licence file.
• [~] CODE_OF_CONDUCT.md present — Not verifiable from the diff alone.
• [~] Issue templates are current — Not verifiable from the diff alone.
• [~] PR template is current — Not verifiable from the diff alone.
• No internal company references or links — The blog post references 'Sonnet 4.6' and 'OpenClaw' which appear to be product names; 'OpenClaw' is not a well-known public tool and may be an internal or proprietary reference.
• [~] Package name and description are correct in package.json — package.json not included in the diff.
• [~] Repository topics/tags are set on GitHub — Cannot verify from the diff.

UX & Accessibility

• [~] Works at 375px viewport width (mobile) — Cannot verify responsiveness from the diff alone; InstallBanner uses full-width fixed positioning which should adapt, but no visual test provided.
• [~] Keyboard navigable — No changes to interactive focus/keyboard handling visible in this diff.
• [~] Colour contrast meets WCAG AA — No colour changes in this diff.
• [~] Loading states for async operations — The standaloneChecked gate prevents rendering before check completes, which is appropriate, but no explicit loading UI is added.
• [~] Error states are user-friendly (not raw error messages) — No error state changes in this diff.
• [~] Animations respect prefers-reduced-motion — No animation changes introduced.

---

Advisory only. Does not block merge. Actions logged to Shield as pr_review and oss_check.