Find and fix a bug

[unnita1235]

Removed 'as any' type assertion that was bypassing TypeScript type safety in createUserProfile call. Also removed invalid properties (email, onboardingCompleted) that don't exist in the Profile type definition.

The function accepts Partial, so passing only valid fields like 'name' is sufficient and type-safe.

Summary by Sourcery

Bug Fixes:

• Remove an unsafe type assertion and invalid properties from the createUserProfile call to restore proper TypeScript type checking during signup.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
match-link	Ready	Preview, Comment	Jan 9, 2026 5:08am

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR tightens TypeScript type safety on the signup flow by removing an unsafe as any assertion and invalid profile fields in the createUserProfile call, so it now passes only valid, type-checked properties to match Partial<Profile>.

File-Level Changes

Change	Details	Files
Make the createUserProfile call type-safe by aligning its arguments with the Profile type.	Removed the unsafe as any type assertion from the object passed to createUserProfile. Stopped passing non-existent Profile properties (email, onboardingCompleted) to createUserProfile. Kept only valid Profile fields (currently just name) when constructing the Partial payload.	src/app/(auth)/signup/page.tsx

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Refactor

  • Signup now sends only the user's name as the initial profile payload.

• New Features

  • Global toast notifications are now always rendered.

• Style

  • Replaced custom web fonts with a system sans-serif font stack.

• Chores

  • Next.js dependency version constraint updated.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

Removed custom Google fonts and simplified typography, added a persistent Toaster to the root layout, adjusted Tailwind font stacks to system fonts, and changed signup profile creation to send only the user's name to createUserProfile.

Changes

Cohort / File(s)	Summary
Root layout & UI behavior src/app/layout.tsx	Removed Google font imports and font-variable usage; simplified body className to static font-sans antialiased; added <Toaster /> rendering inside RootLayout (inside AuthProvider) alongside {children}.
Signup profile creation src/app/(auth)/signup/page.tsx	Simplified createUserProfile payload to pass only { name }; removed email and onboardingCompleted fields and eliminated the (as any) assertion.
Tailwind font configuration tailwind.config.ts	Replaced CSS-variable font families with a system-ui / sans-serif stack for body and headline fontFamily entries.
Dependency update package.json	Updated Next.js dependency from 15.4.0 to ^15.5.9 (version constraint broadened).

Sequence Diagram(s)

(omitted — changes do not introduce a new multi-component control flow requiring visualization)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nudged the fonts and left one name,
A toaster hums where layouts came.
Fields trimmed light, the root sings true,
Small hops of code — a brighter view. 🥕

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Find and fix a bug' is vague and generic, using non-descriptive language that doesn't convey specific information about which bug or what changes were made.	Replace with a more specific title describing the actual fix, such as 'Remove unsafe type assertion and invalid properties from createUserProfile call' or 'Fix TypeScript type safety in signup profile creation'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description is well-related to the changeset, clearly explaining the TypeScript type safety issue, invalid properties removed, and the rationale for the fix in the signup flow.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch claude/find-fix-bug-mk6bkrm5po3p98na-XseCd

---

📜 Recent review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Cache: Disabled due to Reviews > Disable Cache setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 933c0de and 7fb7b52.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

🧰 Additional context used

🪛 GitHub Check: Codacy Static Code Analysis

package.json

[warning] 50-50: package.json#L50
Package dependencies with variant versions may lead to dependency hijack and confusion attacks.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Sourcery review
• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (1)

package.json (1)

50-50: Approve: This is a critical security update and the semver strategy is consistent with project policy.

Next.js 15.4.0 is vulnerable to high-severity security issues (CVE-2025-55182, CVE-2025-55184, CVE-2025-67779) affecting React Server Components, including denial-of-service and source code exposure attacks. Version 15.5.9 is the confirmed patched release for these vulnerabilities.

The caret range (^15.5.9) aligns with the project's existing dependency policy—other dependencies like firebase, genkit, and dotenv already use caret ranges. Build reproducibility is ensured by the lock file, which pins the exact version (15.5.9) during installation. This patch is a security backport with no new breaking changes specific to 15.5.9.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Add validation for the name field Add validation to the handleSignup function to ensure the name field is not empty before creating a user, showing an error toast if it is. src/app/(auth)/signup/page.tsx [23-34] const handleSignup = async (e: React.FormEvent) => { e.preventDefault(); + + if (!name.trim()) { + toast({ + title: "Name is required", + description: "Please enter your name to sign up.", + variant: "destructive", + }); + return; + } + setLoading(true); try { const userCredential = await createUserWithEmailAndPassword(auth, email, password); // Create initial profile in Firestore await createUserProfile(userCredential.user.uid, { name: name, // Add default values or initial setup here }); [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies a missing input validation for the name field, which could lead to creating profiles with empty names, impacting data integrity.	Low
Update

[codacy-production]

Codacy's Analysis Summary

2 new issues (≤ 0 issue)
1 new security issue
0 complexity
0 duplications

Review Pull Request in Codacy →

✨ AI Reviewer available: add the codacy-review label to get contextual insights without leaving GitHub.

[sourcery-ai]

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[codacy-production]

Codacy found an issue: 'React' must be in scope when using JSX

[codacy-production]

Codacy found an issue: Package dependencies with variant versions may lead to dependency hijack and confusion attacks.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud