Next release

[jokob-sk]

Summary by CodeRabbit

• Improvements

  • Refreshed app-upgrade notification styling with updated icons for clearer display.
  • More robust workflow execution when referenced objects are missing, avoiding errors and logging gracefully.
  • Device page navigation and title handling improved: better cache/fallback lookup, clearer page title updates, and hiding navigation controls when a device is not found.

• Documentation

  • Updated repository badge and added an “Other Alternative Apps” entry in the README.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5d319085-9e0f-432e-83c5-88b6845a1849

📥 Commits

Reviewing files that changed from the base of the PR and between 9575692 and f428f45.

📒 Files selected for processing (2)

• README.md
• front/deviceDetails.php

✅ Files skipped from review due to trivial changes (1)

• README.md

🚧 Files skipped from review as they are similar to previous changes (1)

• front/deviceDetails.php

---

📝 Walkthrough

Walkthrough

This PR centralizes safe trigger/object handling and refactors Action.execute() to a no-argument contract with a new Action.get_object() normalizer; updates all action subclasses and ActionGroup orchestration; extracts and async-ifies device page title resolution with cache retry and REST fallback and hides navigation when missing; replaces emoji with Font Awesome icons in the upgrade notification; updates README badge repo id.

Changes

Workflow Action Execution Refactoring

Layer / File(s)	Summary
Trigger Null Safety server/workflows/triggers.py	Trigger.__init__ sets self.object = None when DB lookup returns no rows.
Action Interface and Helper server/workflows/actions.py	Added Action.get_object() to normalize trigger.object; changed abstract Action.execute(self, obj) → Action.execute(self).
Action Subclass Updates server/workflows/actions.py	UpdateFieldAction, DeleteObjectAction, RunPluginAction, SendNotificationAction use get_object(), early-return when missing, route by objectGuid/devGUID, and log unsupported formats.
ActionGroup Orchestration server/workflows/actions.py	ActionGroup.execute() now calls action.execute() without parameters and stops passing/returning the object.

Notification UI Icon Update

Layer / File(s)	Summary
Upgrade Notification Markup server/initialise.py	App-upgrade notification HTML now uses inline Font Awesome <i> icons for the rocket indicator and the release notes link label.

Device Page Title & Navigation

Layer / File(s)	Summary
Navigation Visibility front/deviceDetails.php	updateChevrons() hides #txtRecord, #btnPrevious, and #btnNext when device remains missing after re-cache and logs a warning.
DOM Helper for Page Title front/deviceDetails.php	Added applyDevicePageTitle(mac, name, owner) to centralize DOM updates for #pageTitle and #devicePageInfoPlc.
Async Device Name Resolution front/deviceDetails.php	updateDevicePageName(mac) rewritten as async: cache lookup → one forced re-cache if missing → REST fallback via getAuthContext()+fetch → apply via applyDevicePageTitle().

README Badge Update

Layer / File(s)	Summary
Badge Link/Image README.md	Trendshift badge repository id updated from 12670 to 19712 and "Domotz" added to the alternatives list.

"🐰 A rabbit hops through code with cheer,
Actions guarded from absence and fear,
Titles resolved with cache and fetch in view,
Icons now fa-solid, badges changed too,
Smooth hops, small fixes — a springtime revue."

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 13.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Next release' is vague and does not convey meaningful information about the specific changes in this pull request, which include UI updates, workflow action refactoring, trigger object handling, and documentation changes.	Replace the generic title with a more descriptive summary of the main changes, such as 'Refactor action execution interface and add device page title caching' or identify the primary change and highlight it specifically.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch next_release

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@server/workflows/actions.py`:
- Around line 105-107: When the code logs "[WF] Unsupported object format:
{obj}" it should follow the same early-return pattern used in UpdateFieldAction
and return None instead of returning the original obj; update the
function/method that contains the mylog call (the block that currently does
mylog("none", f"[WF] Unsupported object format: {obj}") followed by return obj)
to return None so callers get a clear failure signal for unsupported formats.
- Around line 70-72: The function logs unsupported object formats with mylog but
then returns the original obj, which is inconsistent with the earlier
None-return pattern; modify the branch that detects missing objectGuid and
devGUID (the unsupported-format case) to return None instead of obj so callers
receive a clear failure signal; update any docstring/comments for the enclosing
function (in server/workflows/actions.py) if present to reflect that unsupported
formats return None and run tests that call this function to ensure callers
handle None appropriately.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8e7d1402-381e-4f54-a7d8-294fa1901f80

📥 Commits

Reviewing files that changed from the base of the PR and between 190262a and 300820e.

📒 Files selected for processing (3)

• server/initialise.py
• server/workflows/actions.py
• server/workflows/triggers.py

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

front/deviceDetails.php (1)

507-530: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Escape device metadata before writing it into the DOM.

Device names and owners are stored in the database and user-editable via the device edit form. However, when writing them to the page title and details page, this function uses .html() without escaping, creating a stored XSS sink. An attacker with device management permissions could inject markup into devName or devOwner that executes when the details page loads.

🔒 Suggested fix

 function applyDevicePageTitle(mac, name, owner) {
+  const $documentTitle = $('title');
+  const baseTitle = $documentTitle.data('baseTitle') || document.title;
+  $documentTitle.data('baseTitle', baseTitle);
   let pageTitleText;

   if (mac === "new") {
       pageTitleText = getString("Gen_create_new_device");
-      $('#pageTitle').html(
-          `<i title="${pageTitleText}" class="fa fa-square-plus"></i> ` + pageTitleText
-      );
+      $('#pageTitle')
+        .empty()
+        .append($('<i>', { title: pageTitleText, class: 'fa fa-square-plus' }))
+        .append(document.createTextNode(` ${pageTitleText}`));
       $('#devicePageInfoPlc .inner').html(
           `<i class="fa fa-circle-info"></i> ` + getString("Gen_create_new_device_info")
       );
       $('#devicePageInfoPlc').show();
   } else if (!owner || (name && name.toString().includes(owner))) {
       pageTitleText = name ?? getString("DevDetail_EveandAl_NewDevice");
-      $('#pageTitle').html(pageTitleText);
+      $('#pageTitle').text(pageTitleText);
       $('#devicePageInfoPlc').hide();
   } else {
       pageTitleText = `${name ?? getString("DevDetail_EveandAl_NewDevice")} (${owner})`;
-      $('#pageTitle').html(pageTitleText);
+      $('#pageTitle').text(pageTitleText);
       $('#devicePageInfoPlc').hide();
   }

-  $('title').html(pageTitleText + ' - ' + $('title').html());
+  document.title = `${pageTitleText} - ${baseTitle}`;
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@front/deviceDetails.php` around lines 507 - 530, The function
applyDevicePageTitle currently injects unescaped user-controlled values
(name/owner) via .html() into `#pageTitle`, `#devicePageInfoPlc` .inner and the
<title>, creating an XSS sink; fix by treating name and owner as plain text:
build the title text with safe string concatenation, use .text(pageTitleText)
when inserting pure text, and when you need icons keep them as separate DOM
nodes (e.g., create $('<i>').addClass('fa ...') and prepend/append it) instead
of interpolating into HTML; also set the browser title via document.title =
pageTitleText + ' - ' + document.title (or use $('title').text(...)) so no raw
HTML is injected. Ensure changes touch applyDevicePageTitle and the three DOM
targets: '#pageTitle', '#devicePageInfoPlc .inner', and 'title'.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@front/deviceDetails.php`:
- Around line 543-578: The current checks treat a null devOwner as "missing" and
always trigger a re-cache and REST fetch; change the conditional guards so they
only trigger when devName is null (i.e., replace occurrences of (name === null
|| owner === null) with (name === null)) so ownerless devices don't go through
cacheDevices(), showSpinner()/hideSpinner(), or the REST fallback; update both
the re-cache block (which calls cacheDevices() and getDevDataByMac()) and the
REST fallback block (which calls getAuthContext() and fetch()) while leaving
applyDevicePageTitle(mac, name, owner) behavior unchanged.

---

Outside diff comments:
In `@front/deviceDetails.php`:
- Around line 507-530: The function applyDevicePageTitle currently injects
unescaped user-controlled values (name/owner) via .html() into `#pageTitle`,
`#devicePageInfoPlc` .inner and the <title>, creating an XSS sink; fix by treating
name and owner as plain text: build the title text with safe string
concatenation, use .text(pageTitleText) when inserting pure text, and when you
need icons keep them as separate DOM nodes (e.g., create $('<i>').addClass('fa
...') and prepend/append it) instead of interpolating into HTML; also set the
browser title via document.title = pageTitleText + ' - ' + document.title (or
use $('title').text(...)) so no raw HTML is injected. Ensure changes touch
applyDevicePageTitle and the three DOM targets: '#pageTitle',
'#devicePageInfoPlc .inner', and 'title'.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: daca9f14-dec4-4bb3-aad6-43595cb403ff

📥 Commits

Reviewing files that changed from the base of the PR and between 300820e and 9575692.

📒 Files selected for processing (3)

• README.md
• front/deviceDetails.php
• server/workflows/actions.py

✅ Files skipped from review due to trivial changes (1)

• README.md

🚧 Files skipped from review as they are similar to previous changes (1)

• server/workflows/actions.py