docs: add structured docs/ directory for contributor onboarding#20
docs: add structured docs/ directory for contributor onboarding#20samalbishnupriya06-stack wants to merge 6 commits into
Conversation
… API, contribution, deployment and folder-structure guides
|
@samalbishnupriya06-stack is attempting to deploy a commit to the Harsh Yadav's projects Team on Vercel. A member of the Team first needs to authorize it. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
📝 WalkthroughWalkthroughThis PR adds a complete documentation suite under ChangesProject Documentation Suite
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
🎉 Thank you @samalbishnupriya06-stack for your first PR to Gsecure!
We really appreciate your contribution 🙌
What happens next:
- 🔍 Maintainers will review your PR
- 🧪 Automated checks will run
- ✨ Feedback may be shared if needed
Please confirm your PR includes:
- ✔️ Clear summary of changes
- ✔️ Linked issue (e.g., Fixes #123)
- ✔️ Steps to test
- ✔️ Screenshots (for UI changes)
📘 Contribution Standards:
👉 https://github.com/HarshYadav152/Gsecure/blob/main/CONTRIBUTING.md
💬 Stay Connected with Our Community
💚 WhatsApp (Friendly Community)
For informal chats, quick help, and building friendships with contributors:
👉 https://chat.whatsapp.com/I8GYXd3mHlDCC2iXhNGeqV
🌟 Our Philosophy: We value both professional collaboration (Discord) and personal connections (WhatsApp). Join both to get the complete SS-Capture community experience!
Thanks for helping improve Gsecure 🚀
Let's build something amazing together! 💪
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 9
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
docs/deployment.md (1)
72-74:⚠️ Potential issue | 🟠 Major | ⚡ Quick winComplete the MongoDB Atlas instructions (section currently ends mid-step).
The section ends with a trailing colon and no example/value format, so production DB setup is incomplete. Add a concrete Atlas URI example and where to place it (e.g., Vercel env dashboard / server env file).
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/deployment.md` around lines 72 - 74, The MongoDB Atlas section is incomplete: finish the step by showing a concrete example value for the MONGODB_URI environment variable and where to set it; update the paragraph that references `MONGODB_URI` to include a redacted Atlas connection string example (e.g., mongodb+srv://<username>:<password>`@cluster0.mongodb.net/`<dbname>?retryWrites=true&w=majority) and add instructions to paste this into your deployment platform's environment settings (e.g., Vercel Dashboard -> Environment Variables) or your server .env file, and mention replacing <username>, <password>, and <dbname> with real values; keep the note to never commit credentials.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/api.md`:
- Line 3: The docs incorrectly state that protected API routes use the
Authorization header; update the docs to reflect the runtime contract:
authentication is performed via the authToken cookie (see gsecure/proxy.js) and
frontend requests use credentials: 'include' (see gsecure/app/vault/page.js),
remove or replace references to the Authorization header, and adjust any other
mentions (e.g., the content around lines referencing 52-53) to describe
cookie-based JWT transmission and how to include credentials in fetch calls.
- Around line 47-48: The heading uses setext/underlined style which violates
MD003; replace the underlined heading near the text "G-Secure supports OAuth via
NextAuth.js. Redirect the user to:" with an ATX-style heading (e.g. prefix the
line with one or more # characters) or convert it to a plain paragraph so the
section uses consistent Markdown heading syntax.
- Around line 56-63: The example request body in docs/api.md is out of sync with
the client payload sent from gsecure/app/vault/add/page.js; update the JSON
example to match the actual fields the client sends: replace "site" with
"website", include the encrypted "username" and "password" (indicate they are
encrypted in the example or use the same field names the client uses), and add
the "keyword" and "notes" properties so the example mirrors the real payload
shape used by the add vault page.
In `@docs/architecture.md`:
- Around line 21-23: The doc currently says the JWT is "stored client-side" but
the implementation reads the authToken from cookies (see gsecure/proxy.js and
the authToken cookie), so update the architecture text to explicitly state that
the JWT is stored in an HTTP cookie named authToken and sent automatically on
requests; mention that route protection reads authToken from cookies (not
localStorage/sessionStorage) and include any cookie attributes used (e.g.,
HttpOnly/Secure/SameSite) so clients integrate correctly with the cookie-based
auth flow.
- Around line 27-30: Update the docs to weaken the absolute "Zero Knowledge"
claim: replace the headline "Zero Knowledge Architecture" with a more accurate
phrase like "Client-side encryption with minimized server access" and change the
sentence "The server never has access to plaintext passwords — Zero Knowledge
Architecture." to a qualified statement noting that encryption/decryption is
performed client-side where possible but that certain values (e.g., the keyword
sent from gsecure/app/vault/add/page.js) are transmitted to the backend for
vault operations and therefore the server may see or process those tokens;
reference the keyword transmission in gsecure/app/vault/add/page.js to make
clear the current limitation and avoid overstating guarantees.
In `@docs/contribution-guide.md`:
- Line 49: Remove the outdated API path reference and keep the repo's active
layout: replace the line that mentions "gsecure/pages/api/" so the document only
references "gsecure/app/api/"; update anywhere in the contribution guide that
points to "gsecure/pages/api/" to use "gsecure/app/api/" to avoid confusing
contributors.
In `@docs/deployment.md`:
- Around line 20-29: Update the "Required Environment Variables on Vercel" list
in docs/deployment.md to exactly match the canonical runtime env contract in
gsecure/.env.local.example: replace NEXTAUTH_URL with NEXT_PUBLIC_API_HOST,
ensure MONGODB_URI, JWT_SECRET, ENCRYPTION_KEY, GOOGLE_CLIENT_ID,
GOOGLE_CLIENT_SECRET, GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET appear as in the
example and add the missing token/SMTP vars (e.g., MAILER_USER/MAILER_PASSWORD
or SMTP_HOST/SMTP_PORT/TOKEN names shown in .env.local.example) so the docs
mirror the repo's actual environment variables.
In `@docs/folder-structure.md`:
- Line 15: The folder-structure doc lists the repository license as "LICENCE"
which is inconsistent with README.md's "LICENSE"; update the entry in
docs/folder-structure.md by renaming the listing symbol "LICENCE" to "LICENSE"
so the docs and repo use the same filename reference.
In `@README.md`:
- Line 80: Remove the duplicate "## 🧑💻 Contributing" heading in README.md by
deleting the redundant heading occurrence (the second "## 🧑💻 Contributing"
shown in the diff) so only the original contributing section remains; ensure
surrounding content stays intact and that any links or references still point to
the single remaining "Contributing" header.
---
Outside diff comments:
In `@docs/deployment.md`:
- Around line 72-74: The MongoDB Atlas section is incomplete: finish the step by
showing a concrete example value for the MONGODB_URI environment variable and
where to set it; update the paragraph that references `MONGODB_URI` to include a
redacted Atlas connection string example (e.g.,
mongodb+srv://<username>:<password>`@cluster0.mongodb.net/`<dbname>?retryWrites=true&w=majority)
and add instructions to paste this into your deployment platform's environment
settings (e.g., Vercel Dashboard -> Environment Variables) or your server .env
file, and mention replacing <username>, <password>, and <dbname> with real
values; keep the note to never commit credentials.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 246b387b-29fc-46d2-89a6-2f4fa62ec2f7
📒 Files selected for processing (7)
README.mddocs/api.mddocs/architecture.mddocs/contribution-guide.mddocs/deployment.mddocs/folder-structure.mddocs/installation.md
|
@maintainers i had fixed all the faults that occur during reviews nd updated it. please check it once again |
There was a problem hiding this comment.
@samalbishnupriya06-stack Add some more details like about delete-entry and expose-entry in docs/api.md
and keep update your branch
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
docs/api.md (1)
52-55: ⚡ Quick winProvide a concrete authenticated fetch example.
credentials: "include"alone is easy to misapply. Add a minimalfetchsnippet (method + endpoint + credentials) so the cookie-auth contract is actionable.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/api.md` around lines 52 - 55, Add a concrete authenticated fetch example under the "Add a new entry" section showing how to include cookies; specifically insert a minimal snippet that uses fetch with a method (e.g., POST to the vault endpoint used by the docs such as "/api/vault/entries"), includes headers for JSON, a JSON body, and credentials: "include" so the cookie-auth contract is actionable; reference the fetch call and the credentials: "include" token in the example so readers can copy-paste a working authenticated request.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/api.md`:
- Around line 47-48: Finish the OAuth redirect instruction under "G-Secure
supports OAuth via NextAuth.js" by adding the actual redirect endpoint and an
example URL or call; e.g., instruct contributors to redirect users to NextAuth's
sign-in route (use the /api/auth/signin endpoint or the client
signIn('provider') flow) and include an example with a provider name and
optional callbackUrl so readers can follow the full flow.
---
Nitpick comments:
In `@docs/api.md`:
- Around line 52-55: Add a concrete authenticated fetch example under the "Add a
new entry" section showing how to include cookies; specifically insert a minimal
snippet that uses fetch with a method (e.g., POST to the vault endpoint used by
the docs such as "/api/vault/entries"), includes headers for JSON, a JSON body,
and credentials: "include" so the cookie-auth contract is actionable; reference
the fetch call and the credentials: "include" token in the example so readers
can copy-paste a working authenticated request.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: ef64d089-aeaa-4439-95c7-fc0487c6f731
📒 Files selected for processing (6)
README.mddocs/api.mddocs/architecture.mddocs/contribution-guide.mddocs/deployment.mddocs/folder-structure.md
💤 Files with no reviewable changes (1)
- README.md
✅ Files skipped from review due to trivial changes (4)
- docs/contribution-guide.md
- docs/folder-structure.md
- docs/architecture.md
- docs/deployment.md
|
@HarshYadav152 Done! Added delete-entry and expose-entry details in docs/api.md and updated the branch. |
HarshYadav152
left a comment
HarshYadav152
left a comment
There was a problem hiding this comment.
@samalbishnupriya06-stack Do these changes.
- Gsecure doesnot support OAuth remove this
- Also your api.md doesnot demonstrate real body object or response for endpoints.
- Kindly check these body and responses once by running locally
i have already done these things |
Not done yet. See this image |
Kindly check these also your
|
HarshYadav152
added
ELUSOC
|
@HarshYadav152 Done! Removed the OAuth section from docs/api.md and synced the branch with main. Please re-review. |
HarshYadav152
left a comment
HarshYadav152
left a comment
There was a problem hiding this comment.
@samalbishnupriya06-stack All done but your docs/add-documentation branch is 2 commits behind main.
Update it.
@samalbishnupriya06-stack Update it. |
2 participants
Closes #18
What this PR does
Files added
Summary by CodeRabbit