Reformat project task display

[FyreByrd]

Summary by CodeRabbit

• New Features

  • Task waiting status now shows who needs to take action alongside wait time.

• UI/UX Improvements

  • Clarified display of build-engine link and task status for non-archived items.

• Localization

  • Updated English, Spanish, and French task-status messages and consolidated placeholder usage (removed separate "for names" entries).

[coderabbitai]

📝 Walkthrough

Walkthrough

Removed tasks_forNames and updated tasks_waiting to use {allowedNames} in three locale files. Updated ProductCard.svelte to render the build-engine link and waiting status using the new localization placeholder and adjusted the link-creation condition and allowedNames source.

Changes

Cohort / File(s)	Summary
Localization files src/lib/locales/en-US.json, src/lib/locales/es-419.json, src/lib/locales/fr-FR.json	Removed tasks_forNames entries and changed tasks_waiting values to use the {allowedNames} placeholder instead of {waitTime} across the three locale files.
Product card component src/routes/(authenticated)/projects/[id=idNumber]/ProductCard.svelte	Reworked the non-archived waiting UI: removed the separate tasks_forNames rendering, changed tasks_waiting call to pass allowedNames (now unsanitized `product.ActiveTransition?.AllowedUserNames

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Redesign Product Card #1450: Similar edits to ProductCard.svelte affecting waiting/task display and allowed names handling.
• Show link to BuildEngine in ProductCard and ProductDetails #1453: Related changes to BuildEngine link logic and waiting status rendering in ProductCard.svelte.

Suggested reviewers

• chrisvire
• 7dev7urandom

Poem

🐰 I hopped through keys and tidy threads,
Removed a duplicate, nudged some treads,
Waiting now calls names by sight,
Bold links shimmer in admin light,
A small hare's cheer for clean delight.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Reformat project task display' directly relates to the main changes in the changeset, which involve updating how task/waiting status information is displayed in ProductCard.svelte and reformatting the underlying localization strings across multiple language files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch refactor/project-task-display

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/routes/(authenticated)/projects/[id=idNumber]/ProductCard.svelte (1)

266-279: ⚠️ Potential issue | 🟠 Major

Missing {@html} directive for formatBuildEngineLink output.

formatBuildEngineLink returns HTML strings (e.g., <a href="...">...</a>), but it's used with regular interpolation {}. This will render the raw HTML as escaped text instead of a clickable link.

Compare with line 260-262 which correctly uses {@html m.tasks_archivedAt(...)}.

Proposed fix

          <span>
-           <b>
-             {formatBuildEngineLink(
+           <b>
+             {`@html` formatBuildEngineLink(
                linkToBuildEngine(
                  isSuperAdmin(page.data.session!.user.roles) &&
                    product.WorkflowInstance &&
                    isBackground(product.WorkflowInstance.State as WorkflowState)
                    ? product.BuildEngineUrl
                    : undefined,
                  product,
                  product.WorkflowInstance?.State as WorkflowState
                ),
                product.ActiveTransition?.InitialState ?? ''
              )}
-           </b>
+           </b>
            &mdash;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/routes/`(authenticated)/projects/[id=idNumber]/ProductCard.svelte around
lines 266 - 279, The formatted build engine link is an HTML string but is
currently interpolated with {formatBuildEngineLink(...)} which escapes HTML;
change the usage in ProductCard.svelte to render raw HTML by using Svelte's
{`@html` ...} directive around the call to formatBuildEngineLink (the call that
wraps linkToBuildEngine(...) and uses product, product.WorkflowInstance,
isSuperAdmin and isBackground). Ensure you replace the curly-brace interpolation
for that expression with {`@html` formatBuildEngineLink(linkToBuildEngine(...),
product.ActiveTransition?.InitialState ?? '')} so the anchor is rendered as
clickable HTML.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/lib/locales/fr-FR.json`:
- Line 363: The tasks_waiting translation key currently contains an English
string; update the value for "tasks_waiting" to the proper French translation
(for example: "en attente de {allowedNames}") and ensure the placeholder
{allowedNames} is preserved exactly as-is in the new French string.

---

Outside diff comments:
In `@src/routes/`(authenticated)/projects/[id=idNumber]/ProductCard.svelte:
- Around line 266-279: The formatted build engine link is an HTML string but is
currently interpolated with {formatBuildEngineLink(...)} which escapes HTML;
change the usage in ProductCard.svelte to render raw HTML by using Svelte's
{`@html` ...} directive around the call to formatBuildEngineLink (the call that
wraps linkToBuildEngine(...) and uses product, product.WorkflowInstance,
isSuperAdmin and isBackground). Ensure you replace the curly-brace interpolation
for that expression with {`@html` formatBuildEngineLink(linkToBuildEngine(...),
product.ActiveTransition?.InitialState ?? '')} so the anchor is rendered as
clickable HTML.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 60d6e15e-5b58-487b-9cf9-27e23c5e4db2

📥 Commits

Reviewing files that changed from the base of the PR and between df7829b and 46b17b2.

📒 Files selected for processing (4)

• src/lib/locales/en-US.json
• src/lib/locales/es-419.json
• src/lib/locales/fr-FR.json
• src/routes/(authenticated)/projects/[id=idNumber]/ProductCard.svelte

[chrisvire]

I when from Syncrhonize Data to Rebuild. Something when wrong:

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/routes/(authenticated)/projects/[id=idNumber]/ProductCard.svelte (1)

267-278: ⚠️ Potential issue | 🟠 Major

Validate BuildEngineUrl before passing it into formatBuildEngineLink()—and also in the build-engines admin page.

The infrastructureSchema validates buildEngineUrl as a plain string with no scheme checking. A poisoned value like javascript:alert(1)// would pass through and become executable in the href attribute. This affects two display paths:

1. src/routes/(authenticated)/projects/[id=idNumber]/ProductCard.svelte (lines 267–278): rendered for super-admins viewing background workflows
2. src/routes/(authenticated)/admin/settings/build-engines/+page.svelte (line 53): direct href binding for system status links

Whitelist http: or https: schemes either in the schema or before rendering. Ideally add a validator to infrastructureSchema to reject non-HTTPS URLs at the form level.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/routes/`(authenticated)/projects/[id=idNumber]/ProductCard.svelte around
lines 267 - 278, Validate and whitelist BuildEngineUrl scheme before rendering
and in the schema: add a URL-scheme check that only allows http: or https:
(preferably enforce https-only) and reject anything else at input/validation
time in infrastructureSchema, and additionally sanitize/validate the value just
before rendering in ProductCard.svelte and the build-engines admin page—i.e.,
before calling formatBuildEngineLink(linkToBuildEngine(...)) and before binding
any hrefs, ensure product.BuildEngineUrl (and the admin page's build engine URL)
matches the allowed scheme and skip or neutralize the link when it doesn't,
using the existing helpers (isSuperAdmin, linkToBuildEngine,
formatBuildEngineLink) to locate where to add the guard.

🧹 Nitpick comments (1)

src/routes/(authenticated)/projects/[id=idNumber]/ProductCard.svelte (1)

266-280: Only show the activity prefix when InitialState exists.

product.ActiveTransition is optional here, so the ?? '' fallback can still render an empty bold tag followed by —. Consider gating the <b>...</b> &mdash; prefix on product.ActiveTransition?.InitialState to avoid rows that start with a dangling separator.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/routes/`(authenticated)/projects/[id=idNumber]/ProductCard.svelte around
lines 266 - 280, Only render the bold activity prefix and the following em-dash
when an InitialState exists: wrap the current <b>{`@html`
formatBuildEngineLink(..., product.ActiveTransition?.InitialState ?? '')}</b>
&mdash; block with a conditional that checks
product.ActiveTransition?.InitialState (or explicitly use
product.ActiveTransition?.InitialState !== undefined &&
product.ActiveTransition?.InitialState !== '') so you call formatBuildEngineLink
and linkToBuildEngine only when InitialState is present; keep existing helpers
(formatBuildEngineLink, linkToBuildEngine, isSuperAdmin,
product.WorkflowInstance) unchanged and just gate the entire prefix output on
that InitialState presence to avoid rendering an empty bold tag and dangling
&mdash;.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@src/routes/`(authenticated)/projects/[id=idNumber]/ProductCard.svelte:
- Around line 267-278: Validate and whitelist BuildEngineUrl scheme before
rendering and in the schema: add a URL-scheme check that only allows http: or
https: (preferably enforce https-only) and reject anything else at
input/validation time in infrastructureSchema, and additionally
sanitize/validate the value just before rendering in ProductCard.svelte and the
build-engines admin page—i.e., before calling
formatBuildEngineLink(linkToBuildEngine(...)) and before binding any hrefs,
ensure product.BuildEngineUrl (and the admin page's build engine URL) matches
the allowed scheme and skip or neutralize the link when it doesn't, using the
existing helpers (isSuperAdmin, linkToBuildEngine, formatBuildEngineLink) to
locate where to add the guard.

---

Nitpick comments:
In `@src/routes/`(authenticated)/projects/[id=idNumber]/ProductCard.svelte:
- Around line 266-280: Only render the bold activity prefix and the following
em-dash when an InitialState exists: wrap the current <b>{`@html`
formatBuildEngineLink(..., product.ActiveTransition?.InitialState ?? '')}</b>
&mdash; block with a conditional that checks
product.ActiveTransition?.InitialState (or explicitly use
product.ActiveTransition?.InitialState !== undefined &&
product.ActiveTransition?.InitialState !== '') so you call formatBuildEngineLink
and linkToBuildEngine only when InitialState is present; keep existing helpers
(formatBuildEngineLink, linkToBuildEngine, isSuperAdmin,
product.WorkflowInstance) unchanged and just gate the entire prefix output on
that InitialState presence to avoid rendering an empty bold tag and dangling
&mdash;.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 417de205-241b-430c-bfcf-f17fc890ebc9

📥 Commits

Reviewing files that changed from the base of the PR and between 46b17b2 and 7b78d56.

📒 Files selected for processing (1)

• src/routes/(authenticated)/projects/[id=idNumber]/ProductCard.svelte

[chrisvire]

👍