perf: qos changes

[HarshPatel5940]

What was addressed?

• url are now lowercase
• capital urls are redirected to lowercase now
• created .env.example
• Removed eval() security risk
• Fixed static element interaction warning
• Changed div → article for semantics and SEO
• added helper scripts in package.json
• updated readme

Summary by CodeRabbit

• New Features

  • Push notification support with production-only environment controls.
  • Automatic route case normalization for improved navigation consistency.

• Bug Fixes

  • Fixed route casing issues.
  • Improved analytics provider initialization with environment validation.

• Documentation

  • Comprehensive setup guides covering development environment, push notifications, VAPID keys, and pnpm package manager.
  • Enhanced contribution guidelines with detailed commit message examples.

• Chores

  • Version 1.0.0 milestone release.
  • Updated Next.js and React dependencies; enforced Node.js >=22.0.0 requirement.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[Sarveshmrao]

I have suggested few changes. Please fix those.

[Sarveshmrao]

Also, any UI changes should include an image screenshot in PR.

[HarshPatel5940]

I have suggested few changes. Please fix those.
noted

[HarshPatel5940]

UI has no change and notif env's being option in non-prod environments and handled gracefully

[JustinBenito]

LGTM @HarshPatel5940 bro
Let me run this locally and merge this asap.
Cheers :D

[nammahari]

This weekend is for you man , will check and merge !

[HarshPatel5940]

@coderabbitai help

[coderabbitai]

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

CodeRabbit commands

These commands are invoked using PR/Issue comments.

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai evaluate custom pre-merge check --instructions <custom-checks-instructions> --name <custom-checks-title> [--mode <error|warning>] to validate the custom pre-merge checks instructions. Defaults to error when --mode is omitted.
  • @coderabbitai ignore pre-merge checks to override pre-merge checks and get an approval on PR.
  • @coderabbitai run pre-merge checks to run pre-merge checks on the pull request.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve to resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai generate configuration to create a PR that adds the current resolved configuration as .coderabbit.yaml (or show it if already present).
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit configuration file (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, support, documentation and community

• Visit our status page to check the current availability of CodeRabbit.
• Create a ticket on our support page for assistance with any issues or questions.
• Visit our documentation site for detailed information on how to use CodeRabbit.
• Join our Discord community to connect with other users and get help from the community.
• Follow us on X/Twitter for updates and announcements.

[HarshPatel5940]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

Warning

Rate limit exceeded

@HarshPatel5940 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 17 minutes and 21 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

PR introduces production-only push notification functionality with environment guards across API routes and components, updates tooling from npm/yarn to pnpm, bumps version to 1.0.0, adds middleware for route normalization, extends environment variable declarations for VAPID keys and GitHub integration, and updates documentation with setup instructions.

Changes

Cohort / File(s)	Summary
Documentation & Setup Guidelines .github/CONTRIBUTING.md, README.md, docs/vapi-setup.md	Expanded contribution guidelines with event field requirements (eventDate, eventTime formats) and commit conventions; rewrote getting started steps switching from npm/yarn to pnpm; added environment setup block with VAPID key generation instructions; added Push Notifications section; expanded tech stack and project structure documentation.
Configuration & Environment env.d.ts, package.json, pnpm-workspace.yaml, tsconfig.json	Updated environment type declarations with optional push notification variables (VAPID\_, WEB\_PUSH\CONTACT, GITHUB\\*); made UMAMI\_ANALYTICS\_ID optional; refined NODE\_ENV literal type. Version bumped 0.1.0→1.0.0; added generate:vapid, validate:events, validate:communities scripts; updated Next.js/React dependencies; added packageManager and Node engines constraints; configured pnpm workspace built-in dependencies.
Push Notification Infrastructure src/app/api/save-subscription/route.ts, src/app/api/remove-subscription/route.ts, src/lib/webpush.ts	Added production environment guards returning 403 in non-production; disabled notification sending in dev environments with DEV logging; short-circuit paths for sendNotification and sendBulkNotifications outside production.
Component & Client-Side Logic src/components/PushSubscribe.tsx, src/app/layout.tsx, src/components/pages/Communities/Community.tsx, src/components/pages/home/calltoaction.tsx	Enhanced PushSubscribe with permissive VAPID default, environment-aware error handling for 403 responses, added type="button" to interactive elements; gated UmamiProvider on both IS\_PROD and webId presence; refactored Community component from div to article with safer social links mapping; corrected route casing /Communities→/communities.
Route Handling & Middleware src/middleware.ts	NEW: Added middleware for route case normalization (301 redirects for /communities and /archive) with exclusions for API, static assets, and favicon; applied via matcher pattern.
Formatting & Data src/app/Communities/page.tsx, src/data/events.json, .github/workflows/json-validation.yml	Quote style updates in Communities page; indentation adjustments in events.json; whitespace-only changes in workflow file.

Sequence Diagram(s)

sequenceDiagram
    participant Client as Client (Browser)
    participant PSub as PushSubscribe<br/>Component
    participant SW as Service Worker
    participant API as API Routes<br/>(save/remove)
    participant WebPush as web-push<br/>Library
    participant VAPID as Push Service

    rect rgba(100, 150, 200, 0.5)
    Note over Client,VAPID: Push Subscription Flow (Production Only)
    
    Client->>PSub: User enables notifications
    PSub->>SW: navigator.serviceWorker.ready
    SW-->>PSub: ServiceWorkerRegistration
    PSub->>API: POST /save-subscription<br/>(subscription object)
    
    rect rgba(220, 100, 100, 0.5)
    Note over API: Environment Guard
    alt NODE_ENV !== 'production'
        API-->>PSub: 403 Forbidden<br/>(dev warning logged)
        PSub->>Client: Log warning, show user message
    else NODE_ENV === 'production'
        API->>WebPush: setVapidDetails()
        API->>WebPush: saveSubscription(db)
        WebPush-->>API: ✓ Saved
        API-->>PSub: 200 OK
        PSub->>Client: Notify success
    end
    end
    end

    rect rgba(100, 200, 150, 0.5)
    Note over Client,VAPID: Notification Send Flow (Production Only)
    
    Client->>WebPush: sendNotification()<br/>(subscription, payload)
    
    alt NODE_ENV !== 'production'
        WebPush-->>Client: false (dev message)
    else NODE_ENV === 'production'
        WebPush->>VAPID: Web Push Protocol
        VAPID-->>SW: Push Event
        SW->>Client: Display Notification
        VAPID-->>WebPush: ✓ Delivered
    end
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~40 minutes

Poem

🐰 With VAPID keys now in the air,
And pnpm with utmost care,
Notifications dance in production's light,
While dev stays safe from push tonight!
Version one-oh-oh, we've arrived,
Our little web-push app has thrived! 🚀

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'perf: qos changes' uses vague conventional commit terminology without clarifying the specific improvements or changes, making it difficult for reviewers to understand the main intent.	Replace with a more descriptive title that clarifies the actual changes, such as 'chore: setup push notifications and improve code security' or 'chore: add environment setup and fix security issues'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/components/pages/Communities/Community.tsx (1)

145-178: Include reddit in the divider condition

Line 145–153: Since reddit is now supported in socialLinks, the divider should also consider it; otherwise communities with only a Reddit link won’t show the separator.

💡 Proposed fix

-          {(twitter ||
-            linkedin ||
-            github ||
-            discord ||
-            instagram ||
-            bluesky ||
-            mastodon ||
-            telegram ||
-            youtube) && <div className='mt-4 flex-shrink-0 border-t border-gray-100' />}
+          {(twitter ||
+            linkedin ||
+            github ||
+            discord ||
+            instagram ||
+            bluesky ||
+            mastodon ||
+            telegram ||
+            youtube ||
+            reddit) && <div className='mt-4 flex-shrink-0 border-t border-gray-100' />}

🤖 Fix all issues with AI agents

In `@package.json`:
- Around line 16-17: The npm scripts "validate:events" and
"validate:communities" use require(), which fails under ESM; update both scripts
to read and parse the JSON using an ESM-compatible approach (e.g., use
fs.readFileSync + JSON.parse in the node -e string or use dynamic import()
inside an async script) so they no longer call require(), and keep the same
success log that prints the parsed array length for events and communities.

In `@pnpm-workspace.yaml`:
- Around line 1-3: pnpm-workspace.yaml is missing the required packages field
causing pnpm to fail; add a top-level packages entry (for a single-package repo
use packages: ['.']) to the file alongside the existing onlyBuiltDependencies
list so pnpm recognizes the workspace—update the file that currently contains
onlyBuiltDependencies, sharp, and unrs-resolver to include the new packages
field.

In `@src/app/Communities/page.tsx`:
- Around line 1-7: The import for Community in the Communities component uses
the wrong casing; update the import string in the Communities function from
'@/components/pages/communities/Community' to match the actual directory name
(e.g. '@/components/pages/Communities/Community') or rename the directory to
lowercase so the import and filesystem casing match; ensure the import of
Community and the exported Communities component remain unchanged.

In `@src/middleware.ts`:
- Around line 7-19: The current redirects map only handles two hardcoded
casings; update the logic in the middleware to normalize mixed-case variants by
comparing pathname.toLowerCase() against the set of allowed lowercased routes
(e.g., '/communities', '/archive') and only redirect when pathname !==
lowercased value. Replace the hardcoded redirects usage with a check like: const
lower = pathname.toLowerCase(); if (allowedRoutes.has(lower) && pathname !==
lower) { const url = request.nextUrl.clone(); url.pathname = lower; return
NextResponse.redirect(url, 301); } — reference symbols: pathname,
request.nextUrl.clone(), NextResponse.redirect, and the current redirects map
(remove or repurpose it).

🧹 Nitpick comments (4)

src/app/api/remove-subscription/route.ts (1)

17-23: Guard may still allow preview/staging when NODE_ENV=production.

On many platforms, preview/staging deployments set NODE_ENV to "production", so this won’t actually disable push outside real prod. Consider gating on an explicit env flag (e.g., PUSH_NOTIFICATIONS_ENABLED) or another environment selector you control.

💡 Example adjustment

-  if (process.env.NODE_ENV !== 'production') {
+  const pushEnabled =
+    process.env.NODE_ENV === 'production' &&
+    process.env.PUSH_NOTIFICATIONS_ENABLED === 'true';
+  if (!pushEnabled) {
     return NextResponse.json(
       { error: 'Push notifications are disabled in non-production environments' },
       { status: 403 }
     );
   }

src/app/api/save-subscription/route.ts (1)

31-37: NODE_ENV alone may not enforce “non-production” blocking.

If preview/staging also use NODE_ENV="production", this check won’t prevent pushes there. Consider an explicit flag (e.g., PUSH_NOTIFICATIONS_ENABLED) or another environment selector to make the intent reliable.

💡 Example adjustment

-  if (process.env.NODE_ENV !== 'production') {
+  const pushEnabled =
+    process.env.NODE_ENV === 'production' &&
+    process.env.PUSH_NOTIFICATIONS_ENABLED === 'true';
+  if (!pushEnabled) {
     return NextResponse.json(
       { error: 'Push notifications are disabled in non-production environments' },
       { status: 403 }
     );
   }

src/lib/webpush.ts (1)

45-49: Consider returning true instead of false in dev mode.

Returning false indicates failure, but in dev mode the notification wasn't actually "failed" — it was intentionally skipped. This could confuse callers or affect metrics if sendBulkNotifications counts this as a failure.

Alternative: return true to indicate "handled successfully (skipped)"

   if (!isProduction) {
     console.log('[DEV] Notification disabled in non-production environment:', payload);
-    return false;
+    return true; // Treated as success (intentionally skipped)
   }

Alternatively, document that false is expected in non-production environments.

src/components/PushSubscribe.tsx (1)

163-166: Non-production 403 handling doesn't prevent error state on other failures.

The unsubscribeFromNotifications function handles 403 gracefully in dev, but other non-OK responses are silently ignored. Consider logging or handling other error statuses.

Optional: log other error responses

           // Handle non-production environment gracefully
           if (!response.ok && response.status === 403 && !isProduction) {
             console.warn('[DEV] Push notifications disabled in non-production environment');
+          } else if (!response.ok) {
+            console.warn('Failed to remove subscription from server:', response.status);
           }

[JustinBenito]

@HarshPatel5940 finally reviewed it XD
Please make these changes and lets merge it asap!

[JustinBenito]

hmmmmmmmmmm

[JustinBenito]

This weekend is for you man , will check and merge !

2 weekends are gone man XD

[HarshPatel5940]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[HarshPatel5940]

@JustinBenito gm bro