Skip to content

🎨 Palette: Add ARIA error states to BrutalistInput #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
daggerstuff wants to merge 5 commits into from
Closed

🎨 Palette: Add ARIA error states to BrutalistInput #186

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
eebd4f7
🎨 Palette: Add ARIA error states to BrutalistInput
google-labs-jules[bot] Mar 21, 2026
537514d
🎨 Palette: Switch to aria-live="polite" and fix CI builds
google-labs-jules[bot] Mar 27, 2026
793d1ce
🎨 Palette: Fix Action versions and ThemeToggle Astro component
google-labs-jules[bot] Mar 27, 2026
5440719
fix: Apply suggestions from code review (PR #186)
Mar 27, 2026
523c54c
fix: Apply suggestions from code review (PR #186)
Mar 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions .github/codeql/codeql-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
name: 'Pixelated Empathy Security Analysis'

# Keep default queries enabled
disable-default-queries: false

# Define query filters to focus on security and quality
query-filters:
- include:
Expand All @@ -11,13 +9,11 @@ query-filters:
- path-problem
- exclude:
tags contain: experimental

# Specify which paths to analyze
paths:
- src
- ai
- scripts

# Exclude generated code, dependencies, and test files
paths-ignore:
- '**/node_modules'
Expand All @@ -41,7 +37,6 @@ paths-ignore:
- '**/*.pyc'
- '**/playwright-report'
- '**/test-results'

# Include custom queries for HIPAA/FHIR/EHR security
queries:
- name: FHIR Security Checks
Expand Down
3 changes: 0 additions & 3 deletions .github/codeql/custom-queries/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,8 @@ groups:
- fhir
- ehr
- healthcare

dependencies:
codeql/javascript-all: '*'
codeql/javascript-queries: '*'

# Extend the JavaScript query pack
extractor: javascript

3 changes: 0 additions & 3 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
# Dependabot configuration for security updates and version management
# Documentation: https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

version: 2
updates:
# GitHub Actions - Check for security updates weekly
Expand All @@ -22,7 +21,6 @@ updates:
labels:
- 'dependencies'
- 'github-actions'

# NPM/Node.js - Aggressive security update schedule
- package-ecosystem: 'npm'
directory: '/'
Expand Down Expand Up @@ -63,7 +61,6 @@ updates:
major-updates:
update-types:
- 'major'

# Python - Daily security updates
# Uses requirements.txt generated by uv (uv pip compile)
- package-ecosystem: 'pip'
Expand Down
82 changes: 24 additions & 58 deletions .github/workflows/ai-validation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,11 @@
name: AI Model Validation Pipeline

permissions:
contents: read
actions: read
checks: read
pull-requests: read
security-events: write
issues: write

on:
schedule:
- cron: 0 0 * * *
Expand All @@ -17,23 +15,19 @@ on:
description: "Environment name (staging, production, etc)"
required: false
default: "staging"

jobs:
validate-ai-models:
name: AI Model Validation
runs-on: ubuntu-latest
env:
ENV_NAME: ${{ inputs.ENV_NAME || 'staging' }}

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4.4.0
with:
node-version: 24.14.0
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Restore with: before action input keys

This step is now syntactically invalid YAML because node-version is indented under the scalar uses value instead of a with: mapping. I verified the changed workflow files with a YAML parser, and this pattern throws mapping values are not allowed here, which means GitHub Actions cannot load the workflow at all (the same regression appears in multiple edited workflows in this commit).

Useful? React with 👍 / 👎.

Copy link
Copy Markdown
Owner Author

@daggerstuff daggerstuff Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Agent Fix Applied

I have automatically applied a fix for this comment:

P1 Badge Restore with: before action input keys

This step is now syntactically invalid YAML because node-version is indented under the scalar uses value instead of a with: mapping. I verified the changed workflow files with a YAML parser, and this pattern throws mapping values are not allowed here, which means GitHub Actions cannot load the workflow at all (the same regression appears in multiple edited workflows in this commit).

Useful? React with 👍 / 👎.

Please review the changes.


- name: Generate validation token
id: generate-token
run: |
Expand All @@ -50,76 +44,64 @@ jobs:
echo "token=${VALIDATION_TOKEN}" >> $GITHUB_OUTPUT
env:
AI_VALIDATION_SECRET: ${{ secrets.AI_VALIDATION_SECRET }}

- name: Enable Corepack
run: corepack enable

- name: Setup pnpm
uses: pnpm/action-setup@v4.1.0
uses: pnpm/action-setup@v4
with:
version: 10.32.1
run_install: false

- name: Get pnpm store directory
id: pnpm-cache
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_OUTPUT

- name: Setup pnpm cache
uses: actions/cache@v4.2.3
with:
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-

- name: Install dependencies
run: pnpm install --no-frozen-lockfile

- name: Install system tools (jq, bc)
run: |
sudo apt-get update
# Ensure TLS root certs and openssl are present for curl/openssl diagnostics
sudo apt-get install -y jq bc ca-certificates openssl
sudo update-ca-certificates || true

- name: Set environment variables
run: |
# Default environment if not provided
if [[ -z "${ENV_NAME}" ]]; then
echo "ENV_NAME=staging" >> $GITHUB_ENV
fi

APP_URL="${{ secrets.APP_URL }}"
if [[ -z "${APP_URL}" ]]; then
APP_URL="https://pixelatedempathy.com"
echo "::notice::APP_URL not configured; defaulting to ${APP_URL}"
fi
echo "APP_URL=${APP_URL}" >> $GITHUB_ENV

- name: Run model validation
id: validation
run: |
# Generate webhook validation token
WEBHOOK_TOKEN=$(openssl rand -base64 32)
echo "WEBHOOK_TOKEN=${WEBHOOK_TOKEN}" >> $GITHUB_ENV

# Trigger validation via webhook
echo "Triggering validation via webhook..."
# Disable 'exit on error' just for this call to capture curl failures without aborting the step
set +e
STATUS_CODE=$(
curl --http1.1 -4 --tlsv1.2 --retry 3 --retry-all-errors --max-time 30 -sS \
-o response.json -w "%{http_code}" \
-X POST "${APP_URL}/api/ai/validation/webhook" \
-H "Content-Type: application/json" \
-H "x-github-event: workflow_dispatch" \
-H "x-hub-signature-256: ${WEBHOOK_TOKEN}" \
-d '{"action":"validate","environment":"'"${ENV_NAME}"'"}')
STATUS_CODE=$( curl --http1.1 -4 --tlsv1.2 --retry 3 --retry-all-errors --max-time 30 -sS \
-o response.json -w "%{http_code}" \
-X POST "${APP_URL}/api/ai/validation/webhook" \
-H "Content-Type: application/json" \
-H "x-github-event: workflow_dispatch" \
-H "x-hub-signature-256: ${WEBHOOK_TOKEN}" \
-d '{"action":"validate","environment":"'"${ENV_NAME}"'"}')
CURL_EXIT=$?
set -e

if [[ ${CURL_EXIT} -ne 0 ]]; then
echo "success=false" >> "$GITHUB_OUTPUT"
echo "Validation trigger request failed (curl exit ${CURL_EXIT})."
Expand Down Expand Up @@ -150,28 +132,24 @@ jobs:
cat response.json
# Continue the workflow anyway, don't fail the build
fi

- name: Wait for validation to complete
if: steps.validation.outputs.success == 'true'
run: |
echo "Waiting for validation to complete (120 seconds)..."
sleep 120

- name: Fetch validation results
if: steps.validation.outputs.success == 'true'
id: results
run: |
# Use the generated token from previous step
VALIDATION_TOKEN="${{ steps.generate-token.outputs.token }}"

# Get validation history and results
set +e
STATUS_CODE=$(curl --http1.1 -4 --tlsv1.2 --retry 3 --retry-all-errors --max-time 30 -sS -o validation_history.json -w "%{http_code}" \
"${APP_URL}/api/ai/validation/history?limit=1" \
-H "Authorization: Bearer ${VALIDATION_TOKEN}")
CURL_EXIT=$?
set -e

if [[ ${CURL_EXIT} -ne 0 ]]; then
echo "success=false" >> "$GITHUB_OUTPUT"
echo "Failed to fetch validation results (curl exit ${CURL_EXIT})"
Expand All @@ -189,12 +167,10 @@ jobs:
RUN_ID=$(jq -r '.history[0].runId' validation_history.json)
RUN_SUCCESS=$(jq -r '.history[0].success' validation_history.json)
echo "Last validation run: ${RUN_ID}, Success: ${RUN_SUCCESS}, Pass rate: ${PASS_RATE}%"

# Store metrics for the summary
echo "PASS_RATE=${PASS_RATE}" >> $GITHUB_ENV
echo "RUN_ID=${RUN_ID}" >> $GITHUB_ENV
echo "RUN_SUCCESS=${RUN_SUCCESS}" >> $GITHUB_ENV

# Check if pass rate is below threshold for alerting
if (( $(echo "${PASS_RATE} < 85" | bc -l) )); then
echo "needs_alert=true" >> "$GITHUB_OUTPUT"
Expand All @@ -206,12 +182,10 @@ jobs:
echo "needs_alert=false" >> "$GITHUB_OUTPUT"
echo "Failed to fetch validation results (HTTP ${STATUS_CODE})"
fi

- name: Create summary
run: |
echo "# AI Model Validation Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY

if [[ "${{ steps.validation.outputs.success }}" == "true" && "${{ steps.results.outputs.success }}" == "true" ]]; then
echo "✅ **Validation completed successfully**" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
Expand All @@ -226,30 +200,22 @@ jobs:
echo "Please check the validation pipeline manually to verify model accuracy." >> $GITHUB_STEP_SUMMARY
echo "[AI Validation Dashboard](${APP_URL}/admin/ai/validation-pipeline)" >> $GITHUB_STEP_SUMMARY
fi

- name: Send notification on validation issues
if: ${{ steps.results.outputs.needs_alert == 'true' }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { repo, owner } = context.repo;
github.rest.issues.create({
owner,
repo,
title: `⚠️ AI Model Validation Alert: ${process.env.PASS_RATE}% success rate`,
body: `
# AI Model Validation Alert

A recent validation run found potential issues with AI model accuracy.

- **Environment:** ${process.env.ENV_NAME}
- **Run ID:** ${process.env.RUN_ID}
- **Success Rate:** ${process.env.PASS_RATE}%
- **Threshold:** 85%

Please investigate this issue by checking the [AI Validation Dashboard](${process.env.APP_URL}/admin/ai/validation-pipeline).

This issue was automatically created by the AI validation pipeline.
`
});
github-token: ${{ secrets.GITHUB_TOKEN }}
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai bot Mar 27, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: github-script inputs are no longer under with:, which makes this workflow step invalid and breaks the workflow.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/ai-validation.yml, line 206:

<comment>`github-script` inputs are no longer under `with:`, which makes this workflow step invalid and breaks the workflow.</comment>

<file context>
@@ -226,30 +200,22 @@ jobs:
-              This issue was automatically created by the AI validation pipeline.
-              `
-            });
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        script: |
+          const { repo, owner } = context.repo;
</file context>
Fix with Cubic

script: |
const { repo, owner } = context.repo;
github.rest.issues.create({
owner,
repo,
title: `⚠️ AI Model Validation Alert: ${process.env.PASS_RATE}% success rate`,
body: ` # AI Model Validation Alert
A recent validation run found potential issues with AI model accuracy.
- **Environment:** ${process.env.ENV_NAME}
- **Run ID:** ${process.env.RUN_ID}
- **Success Rate:** ${process.env.PASS_RATE}%
- **Threshold:** 85%
Please investigate this issue by checking the [AI Validation Dashboard](${process.env.APP_URL}/admin/ai/validation-pipeline).
This issue was automatically created by the AI validation pipeline.
`);
Comment on lines 203 to +221
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Critical YAML syntax error: Missing with: keyword and malformed template literal.

Static analysis correctly identified a YAML parsing error. The github-token and script inputs need to be under a with: block. Additionally, the body template literal has formatting issues that will cause parsing failures.

🐛 Proposed fix 
       - name: Send notification on validation issues
         if: ${{ steps.results.outputs.needs_alert == 'true' }}
         uses: actions/github-script@v7
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        script: |
-          const { repo, owner } = context.repo;
-          github.rest.issues.create({
-            owner,
-            repo,
-            title: `⚠️ AI Model Validation Alert: ${process.env.PASS_RATE}% success rate`,
-            body: ` # AI Model Validation Alert
-A recent validation run found potential issues with AI model accuracy.
-- **Environment:** ${process.env.ENV_NAME}
-- **Run ID:** ${process.env.RUN_ID}
-- **Success Rate:** ${process.env.PASS_RATE}%
-- **Threshold:** 85%
-Please investigate this issue by checking the [AI Validation Dashboard](${process.env.APP_URL}/admin/ai/validation-pipeline).
-This issue was automatically created by the AI validation pipeline.
-`});
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const { repo, owner } = context.repo;
+            await github.rest.issues.create({
+              owner,
+              repo,
+              title: `⚠️ AI Model Validation Alert: ${process.env.PASS_RATE}% success rate`,
+              body: `# AI Model Validation Alert
+
+            A recent validation run found potential issues with AI model accuracy.
+
+            - **Environment:** ${process.env.ENV_NAME}
+            - **Run ID:** ${process.env.RUN_ID}
+            - **Success Rate:** ${process.env.PASS_RATE}%
+            - **Threshold:** 85%
+
+            Please investigate this issue by checking the [AI Validation Dashboard](${process.env.APP_URL}/admin/ai/validation-pipeline).
+
+            This issue was automatically created by the AI validation pipeline.`
+            });
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Send notification on validation issues
if: ${{ steps.results.outputs.needs_alert == 'true' }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { repo, owner } = context.repo;
github.rest.issues.create({
owner,
repo,
title: `⚠️ AI Model Validation Alert: ${process.env.PASS_RATE}% success rate`,
body: `
# AI Model Validation Alert
A recent validation run found potential issues with AI model accuracy.
- **Environment:** ${process.env.ENV_NAME}
- **Run ID:** ${process.env.RUN_ID}
- **Success Rate:** ${process.env.PASS_RATE}%
- **Threshold:** 85%
Please investigate this issue by checking the [AI Validation Dashboard](${process.env.APP_URL}/admin/ai/validation-pipeline).
This issue was automatically created by the AI validation pipeline.
`
});
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { repo, owner } = context.repo;
github.rest.issues.create({
owner,
repo,
title: `⚠️ AI Model Validation Alert: ${process.env.PASS_RATE}% success rate`,
body: ` # AI Model Validation Alert
A recent validation run found potential issues with AI model accuracy.
- **Environment:** ${process.env.ENV_NAME}
- **Run ID:** ${process.env.RUN_ID}
- **Success Rate:** ${process.env.PASS_RATE}%
- **Threshold:** 85%
Please investigate this issue by checking the [AI Validation Dashboard](${process.env.APP_URL}/admin/ai/validation-pipeline).
This issue was automatically created by the AI validation pipeline.
`);
- name: Send notification on validation issues
if: ${{ steps.results.outputs.needs_alert == 'true' }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { repo, owner } = context.repo;
await github.rest.issues.create({
owner,
repo,
title: `⚠️ AI Model Validation Alert: ${process.env.PASS_RATE}% success rate`,
body: `# AI Model Validation Alert
A recent validation run found potential issues with AI model accuracy.
- **Environment:** ${process.env.ENV_NAME}
- **Run ID:** ${process.env.RUN_ID}
- **Success Rate:** ${process.env.PASS_RATE}%
- **Threshold:** 85%
Please investigate this issue by checking the [AI Validation Dashboard](${process.env.APP_URL}/admin/ai/validation-pipeline).
This issue was automatically created by the AI validation pipeline.`
});
🧰 Tools
🪛 actionlint (1.7.11)

[error] 214-214: could not parse as YAML: could not find expected ':'

(syntax-check)

🪛 YAMLlint (1.38.0)

[error] 215-215: syntax error: could not find expected ':'

(syntax)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ai-validation.yml around lines 203 - 221, The "Send
notification on validation issues" step is malformed: move the github-token and
script entries under a with: block (i.e. add a with: key and indent github-token
and script beneath it) so inputs are valid for uses: actions/github-script@v7,
and fix the JS call/template literal closure inside the script (ensure the
github.rest.issues.create call ends with }); and that both title and body
template literals are properly opened/closed and do not break YAML quoting);
reference the step name "Send notification on validation issues", the action
"actions/github-script@v7", and the env vars used in the template
(process.env.PASS_RATE, process.env.ENV_NAME, process.env.RUN_ID,
process.env.APP_URL) to locate and correct the fields.

Comment on lines +206 to +221
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai bot Mar 27, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: The github-token and script inputs are missing the required with: parent key for the actions/github-script action. Additionally, the completely unindented lines inside the block scalar (script: |) will cause a YAML parsing error because they are less indented than the block's base indentation. To fix both issues, place the inputs under with: and indent the template literal to match the base indentation (YAML automatically strips the base indentation, so the markdown will still be unindented in the final JS string).

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/ai-validation.yml, line 206:

<comment>The `github-token` and `script` inputs are missing the required `with:` parent key for the `actions/github-script` action. Additionally, the completely unindented lines inside the block scalar (`script: |`) will cause a YAML parsing error because they are less indented than the block's base indentation. To fix both issues, place the inputs under `with:` and indent the template literal to match the base indentation (YAML automatically strips the base indentation, so the markdown will still be unindented in the final JS string).</comment>

<file context>
@@ -199,21 +203,19 @@ jobs:
-              This issue was automatically created by the AI validation pipeline.
-              `
-            });
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        script: |
+          const { repo, owner } = context.repo;
</file context>
Suggested change
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { repo, owner } = context.repo;
github.rest.issues.create({
owner,
repo,
title: `⚠️ AI Model Validation Alert: ${process.env.PASS_RATE}% success rate`,
body: ` # AI Model Validation Alert
A recent validation run found potential issues with AI model accuracy.
- **Environment:** ${process.env.ENV_NAME}
- **Run ID:** ${process.env.RUN_ID}
- **Success Rate:** ${process.env.PASS_RATE}%
- **Threshold:** 85%
Please investigate this issue by checking the [AI Validation Dashboard](${process.env.APP_URL}/admin/ai/validation-pipeline).
This issue was automatically created by the AI validation pipeline.
`);
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { repo, owner } = context.repo;
github.rest.issues.create({
owner,
repo,
title: `⚠️ AI Model Validation Alert: ${process.env.PASS_RATE}% success rate`,
body: ` # AI Model Validation Alert
A recent validation run found potential issues with AI model accuracy.
- **Environment:** ${process.env.ENV_NAME}
- **Run ID:** ${process.env.RUN_ID}
- **Success Rate:** ${process.env.PASS_RATE}%
- **Threshold:** 85%
Please investigate this issue by checking the [AI Validation Dashboard](${process.env.APP_URL}/admin/ai/validation-pipeline).
This issue was automatically created by the AI validation pipeline.
`);
Fix with Cubic

Loading