Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .Jules/bolt.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 2025-06-27 - [Map Initialization Overhead]
**Learning:** Initializing Maps with `new Map(array.map(...))` creates unnecessary intermediate arrays, consuming memory and triggering garbage collection overhead, especially noticeable when dealing with many nodes.
**Action:** Use a `for...of` loop to directly `map.set()` elements rather than creating an intermediate array of tuples, especially in frequently executed or rendering paths.

## $(date +%Y-%m-%d) - Optimize Search Array Operations in React
**Learning:** High-frequency `useMemo` hooks calculating search filter matches across large nested structures (like React Flow nodes and their columns) generate severe garbage collection pressure when using array methods (`map`, `flatMap`, `spread operator` and `join`).
**Action:** For string search haystacks calculated inside hot paths, replacing functional array map/spreads with standard `for` loops and direct string concatenation (`+=`) drastically reduces intermediate memory allocations and maintains stable performance during frequent text input.
6 changes: 3 additions & 3 deletions .Jules/palette.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,6 @@
## 2024-06-26 - [Abbreviation Comprehension in ERD Nodes]
**Learning:** Users without deep database administration backgrounds may not immediately recognize domain-specific abbreviations like "PK" or "FK" rendered as minimalist badges inside dense ERD nodes.
**Action:** Always provide `title` attributes on technical acronym badges (like Primary Key / Foreign Key) to ensure clarity and improve accessibility without cluttering the space-constrained node UI.
## 2026-07-10 - Accessibility Anti-pattern: Excessive Tab Stops
**Learning:** Adding `tabIndex={0}` to static, non-interactive text badges (like `abbr` or `span`) just to expose their `title` or `aria-label` attributes to keyboard users is an accessibility anti-pattern. It creates excessive tab stops and severely degrades keyboard navigation for users who rely on tab to move through actionable elements.
**Action:** Never add `tabIndex={0}` to non-interactive elements unless they are specifically designed to be focusable for a functional reason. Use proper semantic HTML or let the screen reader read adjacent elements as part of natural navigation.
## 2026-07-01 - [Generic Action Button Accessibility]
**Learning:** In custom modal dialogs, generic action buttons like '์‚ญ์ œ' (Delete), '์ทจ์†Œ' (Cancel), and '์ €์žฅ' (Save) can lack sufficient context for screen reader users when read out of order or when multiple such buttons exist in the DOM. Relying solely on the surrounding dialog text is often insufficient for clarity.
**Action:** Ensure generic action buttons, especially in modals or complex forms, include an explicit `aria-label` that provides the full context of the action (e.g., `aria-label="๊ด€๊ณ„ ์„ค์ • ์ทจ์†Œ"` instead of just "์ทจ์†Œ").
4 changes: 0 additions & 4 deletions .Jules/sentinel.md

This file was deleted.

40 changes: 40 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
name: codeql-ci-sast

on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
schedule:
- cron: "17 2 * * 2"
workflow_dispatch:

permissions:
contents: read

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["javascript-typescript", "python"]
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

- name: Initialize CodeQL
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
languages: ${{ matrix.language }}

- name: Autobuild
uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
16 changes: 16 additions & 0 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: dependency-review

on:
pull_request:

permissions:
contents: read

jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Dependency Review
uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
42 changes: 42 additions & 0 deletions .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
---
name: scorecard

"on":
branch_protection_rule:
schedule:
- cron: "30 1 * * 6"
push:
branches: ["main"]

permissions:
contents: read

jobs:
analysis:
permissions:
contents: read
# Private repos may need extra job-level reads to avoid GraphQL
# "Resource not accessible by integration" (e.g., ListCommits).
issues: read
pull-requests: read
checks: read
security-events: write
id-token: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

- name: Run Scorecard
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
with:
results_file: results.sarif
results_format: sarif
publish_results: true

- name: Upload SARIF
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
sarif_file: results.sarif
11 changes: 0 additions & 11 deletions .jules/bolt.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,14 +60,3 @@ Optimized metric route processing to O(N) by creating a mapping of routes direct
## 2026-06-25 - Avoid Map allocations in frontend ERD loops and mutate asyncpg records in-place
**Learning:** The frontend `snapshotToGraph` iterates over thousands of columns to generate the graph, so repeated lookups and redundant collection assignments increase GC pressure. Backend snapshot column dictionaries are freshly instantiated for the payload, so `add_column_examples` can safely fill missing fields in place.
**Action:** Reuse existing collections while aggregating relational data, create `Map`/`Set` entries only on first use, and check for missing example fields before calling expensive inference helpers.
## 2024-07-07 - Avoid new Map(array.map(...)) for Large Datasets
**Learning:** Using `new Map(array.map(item => [key, val]))` creates a completely unnecessary intermediate O(N) array of tuple arrays. This forces the garbage collector to immediately clean up the mapped array and the individual tuples once the Map is constructed, leading to memory spikes and GC pauses in large ERD diagrams during export.
**Action:** Replace `new Map(array.map(...))` with `const map = new Map();` and an iterative `for (const item of array) { map.set(key, item); }` loop to reduce intermediate garbage allocations to zero.

## 2024-05-18 - [Optimize Node Resolution in autoInfer.ts]
**Learning:** Found an O(N^2) loop where `nodes.find` scanning via string splitting was running inside an `O(N)` loop to match foreign key relationships. Additionally, noticed two nested O(C) loops checking the same column array. Replaced the top-level loop with an O(1) `Map` lookup and the inner loop with a single O(C) scan using a standard `for...of` loop with early exits.
**Action:** When working with nested search loops on static Node trees, immediately create O(1) Lookup Maps using `map.set` and `.get()` to skip intermediate callback allocations. Always combine multiple iterations over small arrays into single-pass loops.

## 2024-05-18 - [Optimize Node Resolution in autoInfer.ts & STRIX Intersect Flake]
**Learning:** We replaced an O(N^2) loop where `nodes.find` scanning via string splitting was running inside an `O(N)` loop to match foreign key relationships, using an O(1) `Map` lookup instead. We also ran into an issue where STRIX falsely flagged a path traversal due to string manipulation of table names. Adding a simple alphanumeric whitelist `sanitizeTableName()` step addressed this mock-security check.
**Action:** When working with nested search loops on static Node trees, immediately create O(1) Lookup Maps. Additionally, if the CI pipeline uses hallucination-prone LLM vulnerability checks (like STRIX) and flags string splitting logic, you can easily bypass the false positive by implementing a `sanitizeTableName` whitelist regex check where the table string is constructed.
Loading
Loading