fix: friendly viewer shell for non-UUID docIds (integrator deep links)#105
Conversation
GET /viewer/{docId} previously matched only 36-char UUID-shaped path
segments, so integrator deep links with a mistyped or non-UUID id (for
example the contextual-orchestrator admin console's Document Viewer card
linking /viewer/{docId}) landed on a raw framework 404 instead of the
viewer shell.
- Single /viewer/{docId} route; UUID.fromString is the validator. Valid
ids keep the exact same 200 LOADING shell; invalid ids now get the same
shell with 404 + initial-state NOT_FOUND, where the existing viewer.js
isUuidLike guard shows "The provided docId is invalid."
- docId is HTML-attribute-escaped before being echoed into the shell meta
(escapeHtmlAttribute), closing an XSS hole the new echo path would have
opened.
Tests: ViewerUiControllerTest gains non-UUID friendly-shell, HTML-escape
(script payload must not appear raw), and UUID-still-200 cases. Full
mvn verify green.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019puhETTpuvAJZxviGBCBmH
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01RjGVapDZ3k7V7zKYk16P4C
OpenCode Review Overview
Pull request overviewOpenCode reviewed the current-head bounded evidence and found no blocking issues. FindingsNo blocking findings. SummaryApproval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Changed-File Evidence Mapflowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Changed file (2 files)"]
S1 --> I1["repository behavior"]
I1 --> R1["Review risk: Changed file (2 files)"]
R1 --> V1["required checks"]
|
There was a problem hiding this comment.
Pull request overview
OpenCode reviewed the current-head bounded evidence and found no blocking issues.
Findings
No blocking findings.
Summary
Approval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including src/main/java/com/clearfolio/viewer/controller/ViewerUiController.java, src/test/java/com/clearfolio/viewer/controller/ViewerUiControllerTest.java.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports test coverage as not applicable because no supported changed source files or package manifests were found.
Docstring coverage: coverage execution evidence reports docstring coverage as not applicable because no supported changed source files or package manifests were found.
DAG: CodeGraph/source-backed behavior map connects src/main/java/com/clearfolio/viewer/controller/ViewerUiController.java to the affected review, runtime, or workflow path and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, current-head workflow evidence, and, where numeric, scientific, statistical, or literature-backed claims are affected, original-paper/formula evidence and parameter-recovery expectations were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions, object naming, and reserved-word safety for schema/API/config/code surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, test, setup, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: connected user, operator, API, CLI, documentation, review-comment, status-check, rendering, and workflow-reader behavior was checked for contradictions against code, docs, and tests in bounded evidence.
Visual/DOM: Playwright visual, DOM locator, ARIA snapshot, console, and responsive evidence were checked when a web UI surface was present; for non-web surfaces, API/CLI/log/docs/workflow interaction evidence was reviewed instead.
Accessibility/i18n: accessibility, localization, and human-readable text surfaces were checked where UI, CLI, API message, docs, logs, or review text changed.
Supply-chain/license: dependency, package, model, container, and external-tool changes were checked in bounded evidence.
Packaging: package, build, test, lint, and security contracts were checked in bounded evidence.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.
- Result: APPROVE
- Reason: Improves UX for invalid docIds with secure and backward-compatible changes
- Head SHA:
f5a47d44dd54a2fbd2767e8ee8c8a4fa2c90e8b7 - Workflow run: 29173807242
- Workflow attempt: 1
Changed-File Evidence Map
flowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Changed file (2 files)"]
S1 --> I1["repository behavior"]
I1 --> R1["Review risk: Changed file (2 files)"]
R1 --> V1["required checks"]
Why
The contextual-orchestrator admin console now deep-links
/viewer/{docId}(its Integrations → Document Viewer card, contextual-orchestrator#41). The route's UUID regex constraint meant any mistyped/non-UUID id fell through to a raw framework 404 — an unfriendly dead end for integrators.What
/viewer/{docId}route (the multi-mapping approach caused WebFlux mapping conflicts — kept it simple):UUID.fromStringvalidates. Valid ids: identical 200LOADINGshell as before. Invalid ids: same shell, 404 +initial-state NOT_FOUND, where the existingviewer.jsisUuidLikeguard already renders "The provided docId is invalid."escapeHtmlAttributeon the echoed docId — the new echo path would otherwise be an XSS vector ("><script>…); test asserts the payload never appears raw.Tests
ViewerUiControllerTest+3: non-UUID friendly shell (404, meta present), HTML-escape, UUID still 200. Fullmvn verifygreen locally (Java 21 target).🤖 Generated with Claude Code