feat: invite codes

[Pertempto]

No description provided.

[supabase]

Updates to Preview Branch (add-invite-codes) ↗︎

Deployments	Status	Updated
Database	✅	Fri, 21 Nov 2025 12:18:34 UTC
Services	✅	Fri, 21 Nov 2025 12:18:34 UTC
APIs	✅	Fri, 21 Nov 2025 12:18:34 UTC

Tasks are run on every commit but only new migration files are pushed.
Close and reopen this PR if you want to apply changes from existing seed or migration files.

Tasks	Status	Updated
Configurations	✅	Fri, 21 Nov 2025 12:18:34 UTC
Migrations	❌	Fri, 21 Nov 2025 12:18:34 UTC
Seeding	⏸️	Fri, 21 Nov 2025 12:18:30 UTC
Edge Functions	⏸️	Fri, 21 Nov 2025 12:18:30 UTC

---

❌ Branch Error • Fri, 21 Nov 2025 12:18:35 UTC

Remote migration versions not found in local migrations directory.

---

View logs for this Workflow Run ↗︎.
Learn more about Supabase for Git ↗︎.

[github-actions]

File: src/components/react/InviteManager.tsx

• Use functional state updates to avoid stale closures when updating invites from async handlers. Replace setInvites([newInvite, ...invites]) with setInvites(prev => [newInvite, ...prev]), and similarly for the revokeInvite mapping: setInvites(prev => prev.map(inv => inv.id === updatedInvite.id ? updatedInvite : inv)).
• navigator.clipboard.writeText returns a Promise and can fail (permissions). Await it and handle rejection instead of calling it without awaiting. Example: try { await navigator.clipboard.writeText(code); toast('Copied'); } catch (e) { alert('Copy failed'); }.
• Minor: consider disabling the "Create Invite" button while creating and/or when server enforces rate-limit to avoid double clicks (you already set disabled={loading}; keep using functional state update to ensure correctness).

[github-actions]

Changes Requested

Please address the following high-impact items before merging:

• Client: src/components/react/InviteManager.tsx

  • Use functional updates when mutating invites from async handlers (e.g. setInvites(prev => [newInvite, ...prev])) and when mapping updates for revoke.
  • Don’t sort pastInvites in-place; use a copied-and-sorted array for rendering to avoid mutating derived data.
  • Sync invites state when the initialInvites prop changes (add useEffect(() => setInvites(initialInvites), [initialInvites])).
  • Replace blocking confirm()/alert() with non-blocking UI (toast/modal). If you must keep simple UX, at minimum avoid alert() in error paths and use inline error state.
  • Make copyCode async and await navigator.clipboard.writeText(code) inside try/catch and show a user-facing fallback when clipboard fails.

• Server: src/pages/api/invites/create.ts & src/pages/api/invites/revoke.ts

  • create.ts: Do not rely only on insertError.code. Fallback to inspecting insertError?.message for uniqueness, log errors, and prefer DB-side INSERT ... ON CONFLICT DO NOTHING RETURNING * (or equivalent upsert) to avoid race-condition retries.
  • create.ts: Use server-side time for rate-limit checks (e.g. created_at >= now() - interval '24 hours') instead of building an ISO string on the server.
  • revoke.ts: Validate await request.json() in try/catch and return 400 for parse errors. If no row was updated/returned, return 404 (not found / not owned) instead of 200. Use 500 for unexpected DB/server errors.

• Auth helper: src/lib/auth.ts

  • Remove the any usage in the Supabase client config; tighten the function signature so authHeader is optional and callers don’t need to pass undefined explicitly. Consider a small helper to extract the Authorization header value and normalize it before calling createSupabaseServerClient.

Summary of Changes

• Added invite management UI: src/components/react/InviteManager.tsx and page src/pages/invites.astro.
• Server endpoints: src/pages/api/invites/create.ts, src/pages/api/invites/revoke.ts.
• New reusable Astro components/layouts: src/components/astro/Breadcrumbs.astro, src/components/astro/PageHeader.astro, src/layouts/PageLayoutWithBreadcrumbs.astro.
• Added typed DB schema: src/lib/database.types.ts.
• Modified auth helper: src/lib/auth.ts (adds auth header handling and currently uses any).
• Minor CI/workflow and seed updates.

Overall Feedback

• Main issues: The client has several state/UX edge-cases (stale state updates, in-place sorting, blocking dialogs, unawaited clipboard) that can cause user-visible bugs. The server endpoints need more robust error handling and should rely less on client-side constructs for rate-limiting and uniqueness to avoid races.

• Positive: The feature is well structured and typed. I like the separation between UI, API, and layout code, and the new reusable Astro components make the pages easier to maintain. The DB typing (database.types.ts) is thorough and will help catch regressions. Nice work — once the items above are addressed this is close to merge-ready. ✅

@Pertempto — ping me when you push fixes and I’ll re-check quickly.

[github-actions]

src/components/react/InviteManager.tsx — high-impact fixes needed:

• Use functional state updates to avoid stale closures: replace setInvites([newInvite, ...invites]) with setInvites(prev => [newInvite, ...prev]), and replace setInvites(invites.map(...)) with setInvites(prev => prev.map(...)).
• Stop using blocking confirm()/alert(). Show a non-blocking confirmation modal or toast and only call the revoke handler after the user confirms.
• Make copyCode async and await navigator.clipboard.writeText(code) inside a try/catch and show a toast/fallback UI on failure (permissions or unsupported browsers).
• Avoid mutating derived arrays: pastInvites.sort(...) mutates pastInvites. Use const sortedPast = [...pastInvites].sort(...).
• Sync invites state when initialInvites prop changes (useEffect -> useEffect(() => setInvites(initialInvites), [initialInvites])) so client state reflects any server-rendered changes.

These changes reduce UX surprises and prevent stale state/edge-case failures. @Pertempto

[Pertempto]

/opencode

Please fix the styling in the invite manager. The Active Invites and History sections should have consistent border and padding

[opencode-agent]

Summary

• Wrapped the History block in the same bg-surface-elevated border border-surface-border rounded-xl p-6 container used by Active Invites so both sections share consistent padding and framing (src/components/react/InviteManager.tsx:178).
• Added an inner bordered table wrapper to preserve the previous table styling while aligning the outer border treatment with the Active Invites card (src/components/react/InviteManager.tsx:186).

No automated tests were run (UI-only styling change). Let me know if you’d like me to run any checks.

opencode session  |  github run

[Pertempto]

/opencode move breadcrumbs component in src/pages/invites.astro to re-usable component that we could use from other pages in the future. Add a new Layout that includes this component and use it for the invite page.

[opencode-agent]

ProviderInitError

opencode session  |  github run

[opencode-agent]

To https://github.com/kwila-cloud/market
! [rejected] add-invite-codes -> add-invite-codes (fetch first)
error: failed to push some refs to 'https://github.com/kwila-cloud/market'
hint: Updates were rejected because the remote contains work that you do not
hint: have locally. This is usually caused by another repository pushing to
hint: the same ref. If you want to integrate the remote changes, use
hint: 'git pull' before pushing again.
hint: See the 'Note about fast-forwards' in 'git push --help' for details.

opencode session  |  github run

[opencode-agent]

APIError:

opencode session  |  github run

[Pertempto]

/opencode move breadcrumbs component in src/pages/invites.astro to re-usable component that we could use from other pages in the future. Add a new Layout that includes this component and use it for the invite page.

[opencode-agent]

Summary

• Added a reusable Breadcrumbs.astro component so breadcrumb markup lives in one place (src/components/astro/Breadcrumbs.astro).
• Introduced PageLayoutWithBreadcrumbs.astro, extending the base layout to render breadcrumbs plus a named heading slot (src/layouts/PageLayoutWithBreadcrumbs.astro).
• Updated src/pages/invites.astro to use the new layout and component, keeping the existing heading copy, and ensuring InviteManager continues to receive invite data.

Let me know if you’d like this layout applied to other pages or want tests run.

opencode session  |  github run

[github-actions]

File: src/pages/api/invites/revoke.ts

• Validate request JSON earlier and return 400 for parse errors. Wrap await request.json() in try/catch and return a descriptive error when parsing fails.
• Return 404 if the update affected no rows (i.e., invite not found or not owned by user) instead of returning 200 with null. After .update(...).select().maybeSingle() check if data is null and return 404.
• Avoid catching all errors and returning 400 for unexpected server errors. Use 500 for server/database errors and 400 only for client mistakes.

This will make client-side error handling more reliable and distinguish auth/ownership issues from server failures.

[Pertempto]

/opencode

Refactor the header/caption/optional right-side button from the invite page and dashboard page to a new re-usable component.

This is a basic dashboard for authenticated users. More features will be added as development progresses.

Remove this from the bottom of the dashboard and use similar wording for the caption on the dashboard page.

[opencode-agent]

ProviderInitError

opencode session  |  github run

[opencode-agent]

ProviderInitError

opencode session  |  github run

[opencode-agent]

Summary

• Added a reusable PageHeader component at src/components/astro/PageHeader.astro to encapsulate the shared title, caption, and optional action button pattern.
• Updated src/pages/invites.astro to render the new header component within PageLayoutWithBreadcrumbs, keeping the invite guidance copy consistent.
• Refreshed src/pages/dashboard.astro to use PageHeader with the logout button in the action slot and revised the caption to “Your account overview. We'll keep adding tools as the marketplace grows.”, removing the old footer note.

Next Steps

• Let me know if you’d like this header applied to other pages or if you want me to run tests.

opencode session  |  github run

[github-actions]

File: src/pages/api/invites/create.ts

• Unique-violation handling: rely on insertError.code is fragile across DB clients. Check insertError?.code === '23505' conservatively and, if unavailable, inspect insertError?.message for "unique" substring before retrying. Log the error when skipping retry so we can debug persistent failures.
• Consider using a database-side INSERT ... ON CONFLICT DO NOTHING RETURNING * pattern (or upsert) to avoid client-side retry loops and race conditions.
• Rate-limit logic: .gte('created_at', oneDayAgo) assumes created_at uses timezone-aware values — consider using server-side function now() - interval '24 hours' to be robust.

These changes will reduce spurious 500s and make collision handling more robust.