chore(deps): bump actions/setup-java from 4 to 5#128
Open
dependabot[bot] wants to merge 33 commits intomainfrom
Open
chore(deps): bump actions/setup-java from 4 to 5#128dependabot[bot] wants to merge 33 commits intomainfrom
dependabot[bot] wants to merge 33 commits intomainfrom
Conversation
…ewModels Replaced all placeholder screens with complete implementations matching Android feature parity. Added data models, seed data, presentation helpers, and reactive ViewModels. Enhanced GlassCard with tint/frosted/ press animation. Added AppBackdrop with radial glows. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…schemas Wave 0 contract definitions for Spotify provider integration: - provider.ts: ProviderName enum, OAuth connect/callback/disconnect schemas, connection state, and typed ProviderErrorCode enum - mapping.ts: Canonical Artist/Album schemas, MappingStatus/Provenance enums, ProviderMapping, lookup and resolve request/response schemas - sync.ts: SyncType/SyncStatus enums, SyncJob with progress tracking, SyncCursor for incremental syncs, SyncListeningEvent, cancel request - compliance.ts: AttributionRequirement, ComplianceViolation/Check, DataRetentionPolicy schemas - index.ts: barrel exports for all new modules Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- APIClient with URLSession, auto Bearer token injection, 401 refresh retry - AuthManager singleton with login/signup/refresh/logout, UserDefaults persistence - SoundScoreAPI covering all backend endpoints (catalog, ratings, reviews, lists, feed, social, recaps, push, trust) - OutboxStore + SyncEngine for offline-first mutations with exponential backoff - SoundScoreRepository singleton binding SeedData defaults to live API data - AuthScreen with glass morphism login/signup form - All 5 ViewModels rewired to observe repository via Combine - ContentView gates on auth state, injects environment objects - SoundScoreApp.swift entry point and SSTypography theme definitions
…111, #123) Add full provider connection lifecycle: - Migration 003: provider_connections and oauth_states tables - ProviderAdapter interface + SpotifyAdapter (OAuth URL, token exchange, refresh) - Provider registry for multi-provider support - POST /v1/providers/:provider/connect — generate OAuth state + URL - POST /v1/providers/:provider/callback — exchange code, store tokens - GET /v1/providers/:provider/status — check connection status - POST /v1/providers/:provider/disconnect — revoke + soft-disconnect + optional purge - Token refresh utility (ensureFreshToken) with 5-minute buffer - 17 unit tests covering adapter, registry, state, and token logic - Remove phase-1 stub 501 routes from trust.ts
…t worker (#115, #119) Add canonical ID mapping (provider IDs → SoundScore canonical albums) with confidence-scored fuzzy matching, and a background sync worker that imports listening history with 10-minute-bucket deduplication and resumable cursors. New tables: canonical_artists, canonical_albums, provider_mappings, sync_cursors, sync_jobs. Adds dedup_key column to listening_events. New endpoints: GET /v1/mappings/lookup, POST /v1/mappings/resolve, POST /v1/sync/start, GET /v1/sync/status/:sync_id, POST /v1/sync/cancel. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…nd animation polish - Add AlbumDetailScreen with hero artwork, interactive rating, review button, "in your lists" section, and "also by artist" section - Add ReviewSheet with TextEditor, character count, and star rating - Add SettingsScreen with account, notifications, quiet hours, data, and about sections using glass morphism cards and toggle rows - Add SkeletonView reusable shimmer loading placeholder - Create missing SSTypography.swift (font scale) and SoundScoreApp.swift - Expand SeedData: 12 albums (was 6), 8 feed items (was 3), 5 lists (was 3), updated profile with new genres and favorite albums - Wrap app in NavigationStack with .navigationDestination for albums and settings — all album artwork/cards now navigate to detail - Add staggered entrance animations on FeedScreen and ProfileScreen - Make Album conform to Hashable for value-based navigation - All screens accept onSelectAlbum callback for navigation - Haptic feedback on all interactive tap targets
…nd hardening (#112, #116, #120, #124) - Add audit_events and dead_letter_events tables (migration 003) - Add logAuditEvent utility with PII scrubbing for sensitive fields - Wire audit events into auth (signup/login), trust (export/delete), opinions (rating/review create/update), and lists (create) - Add per-route rate limiting: auth 10/min, writes 30/min, sensitive 3/hour, reads 100/min (global default) - Add withRetry utility with exponential backoff and max cap - Add dead letter queue for failed async operations - Harden input validation: review body max 5000, list title max 200, handle max 30 alphanumeric+underscore, reaction max 50 - Add integration test covering full 14-step user journey - Add error-handling tests (invalid JSON, missing auth, 404, SQL injection, XSS, validation limits, idempotency) - Add unit tests for audit (with scrubbing) and retry utilities
# Conflicts: # backend/src/server.ts
# Conflicts: # ios/SoundScore/SoundScore.xcodeproj/project.pbxproj # ios/SoundScore/SoundScore/ContentView.swift # ios/SoundScore/SoundScore/SoundScoreApp.swift # ios/SoundScore/SoundScore/Theme/SSTypography.swift
…cross iOS and Android iOS: - Wire ReviewSheet save → repository → outbox → API pipeline - Add createReview outbox operation type - Add loading skeletons, error banners, pull-to-refresh on all screens - Wire Share via ShareLink, Export Data, Delete Account with confirmation - Wire LogScreen FAB to open album search sheet - Wire View Recap to deep link, Share recap via ShareLink - Wire SettingsScreen notification toggle persistence - Add sign out button to Settings - Fix FeedItem mapping to resolve album from activityObject ID - Add formatTimeAgo helper for human-readable timestamps - Replace hardcoded avatar colors with hash-based deterministic palette - Remove permanent "coming soon" placeholders, make sections conditional - Add empty search results state - Wire genre cards to filter search - Make list create button disabled when title is empty - Add quiet hours stepper controls Android: - Replace hardcoded avatar colors with hash-based palette selection - Remove "Popular lists", "Friends listening", "Achievements" placeholders - Add "No results found" empty state for search - Wire recent activity section in ProfileScreen from feed data - Add recentActivity to ProfileUiState with feedItems binding - Move hardcoded dev credentials to System.getenv() with fallbacks - Add TODO for FCM token replacement Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Wire repository errorMessage to SearchViewModel for consistent error state propagation across all screens. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add ErrorBanner to ListsScreen and SearchScreen (iOS) - Add errorMessage binding to ProfileViewModel and SearchViewModel - Update iOS components (ActionChip, AlbumArtwork, FloatingTabBar, etc.) with theme refinements - Update Android components (GlassCard, StarRating, AlbumArtPlaceholder) with polish - Expand Android SeedData with more albums and feed items - Update Android theme colors, typography, and navigation - Update AuthManager init to check for stored token - Backend auth module refinements Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Consistent error state display across all iOS screens. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The loading indicator was not dismissed after successful login/signup because isLoading was only reset in the error path. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Show "No results" empty state before the results section for better UX when a search yields no matches. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prevents creating empty-titled lists. Mirrors the iOS behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Support disabled state with reduced opacity for container and content. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The floating action button now opens a ModalBottomSheet with album search for quick logging, matching the iOS implementation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use max(0, ...) to prevent likes count from going below zero when toggling likes rapidly. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Documents all changes made during the autonomous improvement run: audit findings, iOS/Android fixes, architecture notes, and remaining items. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Expanded report with 8 specific issues found and fixed, verification notes for items confirmed correct, and known remaining items. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove iOS auth bypass flag (isAuthenticated default was true) - Gate Android HTTP body logging behind BuildConfig.DEBUG - Disable Android backup (allowBackup=false) to prevent credential extraction Addresses CRIT-03, HIGH-02, HIGH-06 from security review. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…heme picker ## Theme System - Replaced partial accent-only theming with full-screen theme swap - 6 renamed themes: Emerald, Bonfire, Rose, Amethyst, Midnight, Gilt - Each theme has unique dark base/surface/elevated background colors - Multi-layer radial glow backdrop with primary + secondary color wash - SSColors.darkBase/darkSurface/darkElevated are now dynamic computed properties that read from ThemeManager, so the entire UI re-themes - ContentView now observes ThemeManager via @ObservedObject, forcing the full view tree to re-render on theme change - Legacy theme rawValues (mint/sunset/coral/etc.) auto-migrate - textTertiary contrast bumped from 0.43 → 0.55 for WCAG AA compliance ## Swipeable Theme Picker (Settings) - Replaced 6 small circles with a horizontal TabView carousel - Each card shows a mini UI mockup with the theme's background gradient, accent colors, glass card, and tab bar preview - Swiping between cards shows contrast between adjacent themes - Page indicator dots below the carousel - Theme applies instantly on swipe with haptic feedback ## Spotify Album Art Integration - New SpotifyService.swift using Client Credentials OAuth flow - On app launch, automatically enriches all seed albums missing artwork by searching Spotify's catalog (rate-limited to avoid throttling) - SearchViewModel now queries Spotify remotely in addition to local data, merging results with deduplication - All 12 seed albums now display real cover art instead of gradient placeholders ## Production Readiness - Spotify API credentials extracted to Config/Secrets.swift (gitignored) - Secrets.swift.template committed with placeholder values for onboarding - .gitignore updated to exclude Secrets.swift globally - Screenshots of Emerald, Midnight, and Amethyst themes added to docs/ ## Files Changed (16 files, +490 -70) - ThemeManager.swift — full rewrite: ThemeColorScheme, 6 themes, legacy migration - SSColors.swift — darkBase/darkSurface/darkElevated now dynamic - AppBackdrop.swift — multi-layer glow with @ObservedObject ThemeManager - ContentView.swift — added @ObservedObject themeManager for tree-wide reactivity - SettingsScreen.swift — swipeable TabView theme picker + ThemePreviewCard - SpotifyService.swift — new: Client Credentials auth, album search, art cache - SoundScoreRepository.swift — auto-enriches albums with Spotify artwork - SearchViewModel.swift — async Spotify search merged with local results - FeedItem.swift — album property made mutable for artwork enrichment - Secrets.swift.template — placeholder config for Spotify API credentials - project.pbxproj — added SpotifyService, Config group, Secrets references
Security: session expiry (24h TTL), CORS allowlist, helmet headers, HTML sanitization for user content, env var validation with Zod. Infrastructure: Dockerfile with multi-stage build, prod docker-compose, graceful shutdown handler, real health check with DB/Redis probes. Performance: cursor-based pagination on feed/search/recently-played, missing DB indexes (ratings, reviews, activity_events), full-text search with tsvector/GIN index on albums. API: correct 201 status codes on creation, structured JSON logging with request IDs, OpenAPI/Swagger docs at /docs. DevOps: npm audit in CI, engines field in package.json, Dependabot config, migration naming conflicts fixed (003_ duplicates). Tests updated for new status codes + production readiness test suite. https://claude.ai/code/session_01HXWnSTisXW9rizJZW4mV7X
- Env validation: restore dev defaults for DATABASE_URL/REDIS_URL so tests work without running services; enforce explicit values in prod - DB client: add connection timeout (5s), Redis retry limit (3 attempts), robust close() that handles disconnected state - Server: clean up DB on migration failure to prevent orphaned connections - Pagination: guard against undefined cursor on empty result sets, validate cursor length (max 128 chars) - Sanitize: encode remaining HTML entities after tag stripping - Migration: add COALESCE for null-safe tsvector generation - Tests: fix setup() to close app on failure (prevents ioredis retry loops hanging the process), tighten status code assertions (201 exact) https://claude.ai/code/session_01HXWnSTisXW9rizJZW4mV7X
… 6-star system ## Splash + Auth - Animated splash screen with waveform logo (scale + fade → auth/main) - Dev auth bypass via devLogin() for rapid testing (signup skips API) - Real auth restored for production use ## 6-Star Rating System - All rating schemas bumped from max(5) → max(6) across contracts, backend, iOS - StarRating component: dynamic animateScale array, default maxStars=6 - All callsites (Feed, Log, AlbumDetail, ReviewSheet) inherit 6 stars automatically ## Per-Track Data + Ratings - Backend: 004_tracks_and_track_ratings.sql migration (PostgreSQL) - Contracts: TrackSchema, TrackRatingSchema, CreateTrackRatingRequestSchema - iOS: Track model, TrackDto/TrackRatingDto, 3 new API endpoints - OutboxStore: .rateTrack operation type - Repository: tracksByAlbum, trackRatings dictionaries, fetchTracks(), updateTrackRating() - Spotify track fetching: fetchAlbumTracks() via Client Credentials - Seed data: sample tracks for CHROMAKOPIA, GNX, Short n' Sweet ## AlbumDetail Screen Redesign - Fixed: rating text vertical layout → .lineLimit(1).fixedSize() - Fixed: waveform icon → music.note.list - Fixed: share button double .ultraThinMaterial overlay → SSColors.darkElevated.opacity(0.8) - Fixed: year "2,024" comma formatting → String(album.year) across all screens - Album/Songs segmented tab: glass-style toggle between album rating and tracklist views - Song rating modal: tap track → .medium sheet with large 6-star rating + note field - Album rating modal: tap rating card → .medium/.large sheet with artwork, rating, review editor - Tracklist: alternating row backgrounds, rating badges, tappable rows - Songs breakdown card: avg rating, highest/lowest rated track stats - Softened rate/review tint, renamed to "Your Album Rating" - Lists section: violet tint for themed consistency - Taller hero (340pt), larger "Also by Artist" cards (120×120) ## AI Music Agent — Cadence (Gemini 2.5 Flash) - Replaced broken OpenAI OAuth flow with direct Gemini API key (Secrets.swift) - Model: gemini-2.5-flash via REST API with systemInstruction - Agentic system prompt: Cadence gets full album catalog with IDs, user's ratings, genres, and is instructed to output [RATE:id:title:score] and [REVIEW:id:title:text] action tags that get parsed into interactive UI cards ### Agentic Action Cards - CadenceReviewCard: album artwork, editable review draft, star rating, Send/Edit/Discard buttons, animated confirmation on save - CadenceBatchRatingCard: multi-album rating list with staggered checkmark animation on "Apply All", haptic feedback per album - CadenceQuickRateCard: single album mini-card with artwork, stars, Confirm pill - All cards collapse into green confirmation banners after execution - Actions execute real mutations: updateRating(), saveReview() via outbox ### Smart Suggestion Chips - Context-aware: "Draft a review for [top album]", "Rate my unrated albums", "Roast my taste", "Deep cuts from [top artist]" - Follow-up suggestions regenerate after each response - Gradient-bordered capsules with themed styling, staggered entrance animation ### Cadence Character - SwiftUI-drawn: rounded body, dot eyes, arc headphones - Three animated states: idle (gentle bob), thinking (bounce + eyes up), happy (bounce + smile) - 80pt in AI buddy screen, themed primary color ## Feed Improvements - Trending cards: 220×280, rank badge pill (#1, #2), colored shadow glow, colored inner border stroke, dramatic gradient overlay - Collections section: horizontal scroll of CompactListCards between trending and activity - ListCards extracted to Components/ListCards.swift (FeaturedListHero, CompactListCard) ## Tab Restructuring - Replaced .lists tab with .aiBuddy (icon: sparkles, label: "Cadence") - FloatingTabBar auto-updates via Tab.allCases - ListsScreen preserved but moved to Feed's Collections section ## Log/Diary Simplification - Replaced GlassCard stats bar with single-line summary text ## Profile Screen Redesign - Hero banner (280pt): blurred 2×2 composite of favorite album artworks, dark gradient overlay, 96pt avatar with primary-color ring + glow shadow - Stats row: 4 glass stat cards (Albums, Lists, Following, Followers) - Action bar: Edit Profile capsule, Share link, Settings gear - Favorites: 140×180 horizontal carousel with gradient overlay + staggered animation - Taste DNA: gradient genre cards with AlbumColors palettes - Weekly Recap: tinted GlassCard with Share Recap button - Recent Activity: colored left borders matching album art gradients ## Album Artwork - All 12 seed albums now have hardcoded Spotify artwork URLs (no enrichment delay) - Covers load immediately on app launch ## New Files (14) - backend/src/db/schema/004_tracks_and_track_ratings.sql - ios/.../Models/Track.swift - ios/.../Screens/SplashScreen.swift - ios/.../Screens/AIBuddyScreen.swift - ios/.../Components/CadenceCharacter.swift - ios/.../Components/CadenceActionCards.swift - ios/.../Components/ListCards.swift - ios/.../Components/SongRatingSheet.swift - ios/.../Components/AlbumRatingSheet.swift - ios/.../Services/AIBuddyService.swift - ios/.../ViewModels/AIBuddyViewModel.swift - ios/.../ViewModels/AlbumDetailViewModel.swift Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Merges claude/audit-production-readiness-Uc304 into main. No conflicts — PR changes are backend-only, our recent commit was iOS + contracts. PR contents: - Helmet security headers, CORS allowlist, request ID tracking - Enhanced /health endpoint with DB + Redis probes (503 on degraded) - Fastify Swagger for OpenAPI 3.1.0 docs at /docs - Cursor-based pagination on /v1/search, /v1/feed, /v1/log/recently-played - HTML sanitization (stripHtml) on reviews and list descriptions - Migration 006: session expiry, full-text search vectors, performance indexes - Zod-validated env config (enforces explicit URLs in production) - Multi-stage Dockerfile + docker-compose.prod.yml with resource limits - Production-readiness test suite - 201 Created status codes for POST endpoints - Dependabot config for automated dependency updates Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4 to 5. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v4...v5) --- updated-dependencies: - dependency-name: actions/setup-java dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
madhavcodez
force-pushed
the
main
branch
2 times, most recently
from
2a4794b to
7780298
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/setup-java from 4 to 5.
Release notes
Sourced from actions/setup-java's releases.
... (truncated)
Commits
be666c2Chore: Version Update and Checkout Update to v6 (#973)f7a6fefBump actions/checkout from 5 to 6 (#961)d81c4e4Upgrade@actions/cacheto v5 (#968)1b1bbe1readme update (#972)5d7b214Retry on HTTP 522 Connection timed out (#964)f2beeb2Bump actions/publish-action from 0.3.0 to 0.4.0 (#912)4e7e684feat: Add support for.sdkmanrcfile injava-version-fileparameter (#736)46c56d6Add GitHub Token Support for GraalVM and Refactor Code (#849)66b9457Update SapMachine URLs (#955)6ba5449Enhance error logging for network failures to include endpoint/IP details, ad...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)