Added flows and deployment guides along with fixes for broken links#2177
Open
himeshsiriwardana wants to merge 2 commits intoasgardeo:mainfrom
Open
Added flows and deployment guides along with fixes for broken links#2177himeshsiriwardana wants to merge 2 commits intoasgardeo:mainfrom
himeshsiriwardana wants to merge 2 commits intoasgardeo:mainfrom
Conversation
📝 WalkthroughWalkthroughThis PR restructures the documentation site, implements a persona-based filtering system (IAM/App/DevOps), adds comprehensive deployment guides, creates a new Flow documentation hierarchy, and updates navigation links throughout. It includes new Docusaurus plugins and React components for persona selection and filtering. Changes
Sequence Diagram(s)sequenceDiagram
participant App as App Mount
participant Root as Root.tsx
participant Storage as localStorage
participant HTML as HTML Element
participant User as User Interaction
participant Dropdown as PersonaDropdown
participant CSS as CSS Rules
participant Sidebar as Sidebar Visibility
App->>Root: Component mounts
Root->>Storage: Read 'thunder-docs-persona'
Storage-->>Root: Return saved persona
Root->>Root: Validate persona
Root->>HTML: applyPersona() sets data-persona attr
HTML-->>CSS: Attribute applied
CSS-->>Sidebar: Filter items based on selector
User->>Dropdown: Click persona option
Dropdown->>Storage: Save selection
Dropdown->>HTML: Update data-persona attribute
HTML-->>CSS: Attribute updated
CSS-->>Sidebar: Re-filter visibility
Dropdown->>Dropdown: Close menu
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 1 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
himeshsiriwardana
changed the title
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2177 +/- ##
==========================================
- Coverage 90.11% 89.84% -0.27%
==========================================
Files 874 898 +24
Lines 56495 58951 +2456
==========================================
+ Hits 50908 52964 +2056
- Misses 4071 4421 +350
- Partials 1516 1566 +50
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 15
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (7)
docs/content/guides/guides/integrations.mdx (1)
8-8:⚠️ Potential issue | 🟠 MajorFix heading casing to satisfy Vale.
Line 8 is not in Title Case and is currently failing the markdown lint pipeline.
Suggested fix
-## This page is under construction. Please check back later. +## This Page Is Under Construction. Please Check Back Later.As per coding guidelines, use Title Case for all headings.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/content/guides/guides/integrations.mdx` at line 8, The heading "This page is under construction. Please check back later." is not Title Case; update that Markdown heading to Title Case (e.g., "This Page Is Under Construction; Please Check Back Later") so it satisfies Vale and the markdown lint pipeline, ensuring the exact heading string in the file is replaced with the Title Case variant used across docs.docs/content/guides/getting-started/get-thunder.mdx (1)
17-17:⚠️ Potential issue | 🟠 MajorAdjust heading title casing to satisfy Vale.
Line 17 is failing
WSO2-IAM.TitleCaseTitlesand should be normalized.Suggested fix
-## Download From Release +## Download from Release🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/content/guides/getting-started/get-thunder.mdx` at line 17, Change the heading "## Download From Release" to use proper title-casing per Vale by lowercasing the short/preposition word: update the heading text to "## Download from Release" (replace the original "Download From Release" heading).docs/content/guides/quick-start/connect-your-application/nextjs.mdx (1)
8-8:⚠️ Potential issue | 🟠 MajorFix heading casing to unblock Vale.
Line 8 fails
WSO2-IAM.TitleCaseTitles, which will block CI.Suggested fix
-## This page is under construction. Please check back later. +## This Page Is Under Construction +Please check back later.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/content/guides/quick-start/connect-your-application/nextjs.mdx` at line 8, The heading "This page is under construction. Please check back later." fails TitleCase linting; update that heading to Title Case (e.g., "This Page Is Under Construction. Please Check Back Later.") so it satisfies WSO2-IAM.TitleCaseTitles; locate and replace the exact heading text in the nextjs.mdx file.docs/content/sdks/react/guides/protecting-routes/overview.mdx (1)
30-40:⚠️ Potential issue | 🟠 MajorDo not change route casing—suppress Vale on URL tokens instead.
Lines 30 and 40 are failing
Vale.Termsbecause the URL contains/sdks/. Changing URL casing would risk broken links; suppress the rule for this JSX block to keep routes correct and pass CI.Suggested fix
+<!-- vale off --> <Grid container spacing={3} sx={{mb: 4}}> <Grid size={{xs: 12, sm: 6}}> <SDKCard @@ href="/docs/next/sdks/react/guides/protecting-routes/tanstack-router" /> </Grid> </Grid> +<!-- vale on -->🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/content/sdks/react/guides/protecting-routes/overview.mdx` around lines 30 - 40, Wrap the JSX block containing the Grid/SDKCard entries (the block with SDKCard, TanStackLogo and the hrefs "/docs/next/sdks/...") with Vale suppression for the Terms rule so the `/sdks/` URL tokens aren't rewritten; specifically add a Vale disable for Terms before the block and re-enable after it to silence Vale.Terms without changing route casing.docs/content/guides/quick-start/connect-your-application/react.mdx (2)
282-294:⚠️ Potential issue | 🟠 MajorSuppress style lint for command literals to unblock CI.
Lines 284/288/292 are valid commands (
npm run dev,yarn dev,pnpm run dev), but Vale flagsdevas informal language. This is a docs-lint blocker and should be scoped out for the code block.Suggested fix
+<!-- vale off --> <CodeGroup> <CodeBlock lang="bash" label="npm"> npm run dev </CodeBlock> <CodeBlock lang="bash" label="Yarn"> yarn dev </CodeBlock> <CodeBlock lang="bash" label="pnpm"> pnpm run dev </CodeBlock> </CodeGroup> +<!-- vale on -->🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/content/guides/quick-start/connect-your-application/react.mdx` around lines 282 - 294, Wrap the bash command code blocks with Vale suppression comments to skip linting for the informal token "dev": add an opening <!-- vale off --> immediately before the <CodeBlock lang="bash" label="npm"> (and likewise before the Yarn and pnpm CodeBlock entries) and a closing <!-- vale on --> immediately after each block (or around the entire <CodeGroup>) so the three commands (`npm run dev`, `yarn dev`, `pnpm run dev`) are not flagged; target the CodeBlock entries labeled "npm", "Yarn", and "pnpm" to apply the suppression.
177-177:⚠️ Potential issue | 🟠 MajorHeading casing needs a Vale-compliant form.
Line 177 is failing
WSO2-IAM.TitleCaseTitlesand will block lint.Suggested fix
-## Add Sign-In and Sign-Out +## Add Sign-in and Sign-out🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/content/guides/quick-start/connect-your-application/react.mdx` at line 177, The heading "Add Sign-In and Sign-Out" fails the WSO2-IAM.TitleCaseTitles check; update this heading in react.mdx to a Vale-compliant Title Case form (replace hyphenated tokens with Title Case words), e.g., change "Add Sign-In and Sign-Out" to "Add Sign In and Sign Out" so it matches the project's Title Case rule.docs/content/community/contributing/overview.mdx (1)
83-83:⚠️ Potential issue | 🟡 MinorAddress Vale lint error: Use 'repository' instead of 'repo'.
The pipeline flagged an informal abbreviation that should be corrected.
📝 Proposed fix
-1. Fork the repo and make changes +1. Fork the repository and make changes🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/content/community/contributing/overview.mdx` at line 83, Replace the informal abbreviation "repo" with "repository" in the contributing step text—update the line that currently reads "2. Fork the repo and make changes" to "2. Fork the repository and make changes" so it satisfies Vale linting; ensure any other occurrences of "repo" in the same document are similarly replaced.
🧹 Nitpick comments (10)
.vale/styles/config/vocabularies/vocab/accept.txt (3)
7-8: Remove redundantIAMentry on line 7.Line 7 has the literal
IAMwhile line 8 has the case-insensitive regex pattern[Ii][Aa][Mm]. The regex pattern already matches all case variations including uppercaseIAM, making line 7 redundant.♻️ Suggested fix
-IAM [Ii][Aa][Mm]🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.vale/styles/config/vocabularies/vocab/accept.txt around lines 7 - 8, Remove the redundant literal "IAM" entry because the case-insensitive regex "[Ii][Aa][Mm]" already matches all case variations; keep the regex line and delete the standalone "IAM" line so only the regex remains in the vocabulary file.
35-35: Remove duplicateSDKsentry.
SDKsappears on both line 35 and line 38.♻️ Suggested fix
Remove the duplicate entry on line 38:
Entra -SDKs URIsAlso applies to: 38-38
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.vale/styles/config/vocabularies/vocab/accept.txt at line 35, The file contains a duplicated vocabulary entry "SDKs"; remove the redundant "SDKs" occurrence so that only one "SDKs" entry remains (locate the duplicate "SDKs" string in the vocab file and delete the extra line).
26-26: Remove duplicateJWTsentry.
JWTsappears on both line 26 and line 42. This duplication is likely a leftover from the merge conflict resolution mentioned in the AI summary.♻️ Suggested fix
Remove the duplicate entry on line 42:
[Oo]nboarding -JWTs [Uu]nexportedAlso applies to: 42-42
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.vale/styles/config/vocabularies/vocab/accept.txt at line 26, Remove the duplicate vocabulary entry "JWTs" so the file contains only one "JWTs" occurrence; locate the second "JWTs" token in the vocab list and delete that duplicate, then scan the rest of the vocab file for any other repeated "JWTs" entries to ensure uniqueness.docs/content/guides/quick-start/connect-your-application/react.mdx (1)
67-67: Prefer a less wordy opener.Line 67 triggers
WSO2-IAM.TooWordy; replacing “Alternatively” keeps the sentence cleaner.Suggested wording
-Alternatively, you can create an application using the Thunder API. First, [obtain a system API token](/docs/next/guides/getting-started/get-thunder#obtain-system-api-token), then: +You can also create an application using the Thunder API. First, [obtain a system API token](/docs/next/guides/getting-started/get-thunder#obtain-system-api-token), then:🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/content/guides/quick-start/connect-your-application/react.mdx` at line 67, Replace the wordy opener "Alternatively, you can create an application using the Thunder API." with a more concise phrase such as "You can also create an application using the Thunder API." so the sentence reads: "You can also create an application using the Thunder API. First, [obtain a system API token]..., then:"; update the exact sentence that begins with "Alternatively" to use the new opener.docs/src/theme/Root.tsx (1)
25-25: Consider importing the storage key constant to avoid duplication.
PERSONA_STORAGE_KEYduplicatesSTORAGE_KEYfromPersonaDropdown.tsx. If either constant is changed independently, the persona restoration will silently break.♻️ Suggested approach
Export
STORAGE_KEYfromPersonaDropdown.tsxand import it here:-import {applyPersona, type Persona} from './NavbarItem/PersonaDropdown'; - -const PERSONA_STORAGE_KEY = 'thunder-docs-persona'; +import {applyPersona, type Persona, STORAGE_KEY as PERSONA_STORAGE_KEY} from './NavbarItem/PersonaDropdown';This ensures both files always use the same key.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/src/theme/Root.tsx` at line 25, PERSONA_STORAGE_KEY in Root.tsx duplicates STORAGE_KEY used in the persona dropdown; export the existing STORAGE_KEY constant from the PersonaDropdown component and replace the local PERSONA_STORAGE_KEY usage by importing STORAGE_KEY into Root.tsx so both modules share the single exported constant (update the export in PersonaDropdown and the import + variable usage in Root.tsx).docs/plugins/personaPlugin.ts (1)
39-46: Update JSDoc to include all supported persona values.The comment states values are
"app"or"iam", but thePersonatype inPersonaDropdown.tsxalso includes"devops". The CSS rules confirmdevopsis a valid persona for sidebar filtering.Suggested doc update
* The map key is the doc ID (e.g. "guides/guides/flows/build-a-flow") and the - * value is the persona string ("app" or "iam"). Pages without a `persona` + * value is the persona string ("app", "iam", or "devops"). Pages without a `persona` * field are omitted — they are always visible regardless of the selected persona.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/plugins/personaPlugin.ts` around lines 39 - 46, The JSDoc for the persona plugin incorrectly lists supported persona values as only "app" or "iam"; update the comment above the personaMap description (the plugin that populates personaMap: Record<string, string>) to include all supported persona values—add "devops" alongside "app" and "iam" (matching the Persona type used in PersonaDropdown and the CSS rules used for sidebar filtering) so documentation and code agree.docs/content/guides/guides/flows/what-is-flows.mdx (1)
10-10: Consider splitting the long sentence for readability.Vale flagged this sentence as exceeding 30 words. While not blocking, splitting it could improve scannability.
Suggested rewrite
-A flow in Thunder defines the step-by-step journey a user takes during a specific interaction with your application, such as signing in or self-registering. You build flows visually using the **Flow Builder** in the Thunder Console, a canvas-based editor where you drag, connect, and configure nodes to design the exact experience you want. +A flow in Thunder defines the step-by-step journey a user takes during a specific interaction with your application — such as signing in or self-registering. + +You build flows visually using the **Flow Builder** in the Thunder Console. This canvas-based editor lets you drag, connect, and configure nodes to design the exact experience you want.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/content/guides/guides/flows/what-is-flows.mdx` at line 10, Split the long opening sentence into two for readability: keep the first sentence describing what a flow is and its purpose (mention "A flow in Thunder defines the step-by-step journey a user takes during a specific interaction with your application, such as signing in or self-registering.") and make a second sentence about how you build flows visually using the Flow Builder in the Thunder Console (mentioning the canvas-based editor and drag/connect/configure nodes to design the experience). Update the paragraph containing "Flow Builder" so each sentence is under 30 words and preserves the original terms "Flow Builder" and "Thunder Console."docs/content/guides/guides/flows/build-a-flow.mdx (1)
19-87: Include explicit verification + troubleshootingPlease add a short “Verify the flow works” section and a “Troubleshooting” section (for missing node connections, unassigned flow, and executor config errors).
Based on learnings: Task-based documentation must clearly include confirmation of outcome and troubleshooting common issues.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/content/guides/guides/flows/build-a-flow.mdx` around lines 19 - 87, Add a new "Verify the flow works" subsection after "Assign to an Application" that gives concise verification steps: sign in to the Thunder Console, run the flow from the Flow Builder or assigned application, exercise both success and failure paths (submit forms, trigger executors), confirm the flow reaches the END node and increments version under "Save and Manage Versions", and check server logs/console for executor errors; then add a "Troubleshooting" subsection that lists common fixes for missing node connections (inspect canvas wiring between View → Executor and ensure Executor success/failure ports are connected), unassigned flow issues (confirm the flow is selected under the application's Flows tab and saved), and executor configuration errors (verify executor settings such as OTP length, social credentials, attribute mappings in the node settings), referencing the "Create a Flow", "Build the Canvas", "Configure Node Settings", "Save and Manage Versions", and "Assign to an Application" sections so readers can locate related steps.docs/content/guides/deployment-patterns/openchoreo.mdx (1)
12-284: Add a short troubleshooting sectionThis guide is strong on prerequisites and steps, but it should also include common failure cases (e.g., CRD missing, DB auth/SSL mismatch, Helm value-path mistakes) and quick fixes.
Based on learnings: Task-based documentation must include troubleshooting common issues.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/content/guides/deployment-patterns/openchoreo.mdx` around lines 12 - 284, Add a short "Troubleshooting" section to the OpenChoreo deployment guide (near the end under "Next Steps" or immediately after "Database Setup"/"Install Thunder") that lists common failure cases and concise remediation steps; include entries for (1) missing CRDs: symptom ("kubectl get crd | grep openchoreo" returns nothing) and quick fix (reinstall OpenChoreo control plane or apply CRD manifest), (2) DB authentication/SSL mismatch: symptom (connection refused/auth failed) and fixes (verify DB_HOST/DB_USER/DB_PASS, confirm sslmode values in the Helm values or --set flags and match server config), (3) Helm value-path mistakes: symptom (values not applied or pods error on startup) and fix (show correct value paths used in examples like database.identity.username / database.runtime.password and recommend using -f custom-values.yaml plus helm get values to validate), plus one general tip to check pod logs (kubectl logs) and CR status (kubectl get components,workloads -n identity-platform) for debugging.docs/src/theme/NavbarItem/PersonaDropdown.tsx (1)
96-156: Add Escape-key handling for dropdown dismissalFor keyboard users, add
Escapesupport to close the menu when it is open.Suggested change
<button type="button" @@ className="persona-dropdown__trigger" onClick={() => setIsOpen(prev => !prev)} + onKeyDown={(e) => { + if (e.key === 'Escape') { + setIsOpen(false); + } + }} > @@ - <ul className="persona-dropdown__menu" role="listbox" aria-label="Select your role"> + <ul + className="persona-dropdown__menu" + role="listbox" + aria-label="Select your role" + onKeyDown={(e) => { + if (e.key === 'Escape') { + setIsOpen(false); + } + }} + >🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/src/theme/NavbarItem/PersonaDropdown.tsx` around lines 96 - 156, The dropdown lacks Escape-key handling: when isOpen is true add a keyboard handler that closes the menu on Escape. Implement a useEffect inside the PersonaDropdown component that adds a document keydown listener which checks for event.key === 'Escape' (or 'Esc' fallback) and calls setIsOpen(false) (and optionally stops propagation), and remove the listener in the cleanup; ensure this effect depends on isOpen so it only listens while the menu is open and keep existing handlers like handleSelect unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.vale.ini:
- Line 12: The BlockIgnores regex `(?s)^---.*?---` in the .vale.ini settings
(the BlockIgnores key) is anchoring to any line start and thus matches
mid-document `---` separators; update the value to use `\A` instead of `^`
(e.g., `(?s)\A---.*?---`) so it only matches frontmatter at the start of the
file, and apply this change for both BlockIgnores entries under the [*.md] and
[*.mdx] sections (the same key name BlockIgnores).
In @.vale/styles/config/vocabularies/vocab/accept.txt:
- Line 8: Remove the duplicate case-insensitive regex pattern `[Ii][Aa][Mm]` so
it only appears once in the vocabulary list; locate the second occurrence of the
token `[Ii][Aa][Mm] in the accept vocabulary and delete that duplicate entry,
leaving the original entry intact.
In
`@docs/content/community/contributing/contributing-code/documentation-development/development-pipeline.mdx`:
- Line 13: The MDX file uses a relative internal link
("../prerequisites#development-tools") which violates the repository convention
of using canonical absolute paths; update the link in development-pipeline.mdx
to the canonical absolute form (e.g., "/docs/prerequisites#development-tools")
so internal docs under docs/content/**/*.mdx consistently use /docs/... paths;
locate the link by searching for the text "Prerequisites - Development Tools" or
the fragment "#development-tools" and replace the href accordingly.
In `@docs/content/community/overview.mdx`:
- Line 45: The link text "Contributor Covenant Code of Conduct" currently points
to the CONTRIBUTING.md URL; update the link to reference the actual Code of
Conduct (e.g., replace the href
`https://github.com/asgardeo/thunder/blob/main/CONTRIBUTING.md` with the real
CODE_OF_CONDUCT.md URL such as
`https://github.com/asgardeo/thunder/blob/main/CODE_OF_CONDUCT.md`), or create a
CODE_OF_CONDUCT.md in the repo and then update the link in the "Contributor
Covenant Code of Conduct" anchor so it points to that new file.
In `@docs/content/guides/deployment-patterns/docker.mdx`:
- Around line 41-57: Update the two example docker run commands so the setup
container and the server container mount the same persistent volume for
/opt/thunder/repository; specifically modify the setup invocation that runs
./setup.sh and the server start command (the ghcr.io/asgardeo/thunder:latest
run) to include a -v host_path:/opt/thunder/repository (or named volume) so the
data created by ./setup.sh is persisted and available when the server container
starts.
- Around line 101-131: The docs start a PostgreSQL container but omit
configuring Thunder to use it; add a step that tells users to create a
deployment.yaml containing database sections (database.config, database.runtime,
database.user) with type: postgres and the credentials hostname: postgres, port:
5432, username: asgthunder, password: asgthunder, sslmode: disable, then show
how to mount that file into the Thunder container (e.g., -v
$(pwd)/deployment.yaml:/opt/thunder/repository/conf/deployment.yaml) when
running the ghcr.io/asgardeo/thunder:latest image so Thunder uses the external
Postgres instead of SQLite.
In `@docs/content/guides/deployment-patterns/kubernetes.mdx`:
- Line 33: The Vale spelling CI flag is triggered by the term "kubectl" in the
docs table; fix it by adding "kubectl" to the project's Vale vocabulary (e.g.,
add it to the Spellings/WordList used by Vale or the "Words" section in
.vale.ini) so the linter recognizes it as an allowed term, then commit the
updated Vale config. Ensure the exact token "kubectl" is added (lowercase) to
avoid further flags.
- Line 77: Update the access URL from "http://thunder.local" to
"https://thunder.local" in the documentation where the string
"http://thunder.local" appears (line that currently reads "Open Thunder at
`http://thunder.local`") so it matches the Helm chart ingress defaults (TLS/SSL
redirect and backend-protocol HTTPS) and avoids misleading readers about
expected redirects.
- Around line 88-91: The helm quick-install command only sets SQLite for
configuration and runtime DBs (flags: --set configuration.database.config.type
and --set configuration.database.runtime.type) but omits the user DB, which
still defaults to postgres; update the helm install command used for the
single-command dev install (the "helm install thunder ..." invocation) to also
set the user DB type to sqlite by adding the corresponding flag --set
configuration.database.user.type=sqlite so all three database sections (config,
runtime, user) use SQLite.
In `@docs/content/guides/deployment-patterns/openchoreo.mdx`:
- Line 27: The Vale warning is caused by the term "kubectl" in openchoreo.mdx
being flagged as a spelling/style issue; fix it by adding "kubectl" as an
accepted term in the project's Vale vocabulary (the project's Glossary/terms
file used by Vale) or, if project policy prefers, suppress Vale for that single
occurrence using the project's approved inline suppression mechanism; update the
Vale glossary entry to include the lowercase "kubectl" so the term is
recognized, or apply the approved inline comment around the table cell
containing `kubectl` in openchoreo.mdx.
In `@docs/content/guides/guides/flows/build-a-flow.mdx`:
- Line 25: Replace the sentence fragment describing the starter flow with a
complete sentence; update the line mentioning "Sign In View node", "Identifier +
Password" executor, "Auth Assertion Generator" executor, and "END node" into a
single grammatical sentence (for example: "The Flow Builder opens with a default
starter flow on the canvas: a Sign In View node wired through an Identifier +
Password executor and an Auth Assertion Generator executor to an END node.") so
the description is a full, readable sentence.
In `@docs/content/guides/guides/flows/flow-concepts.mdx`:
- Line 86: The bullet "**Executor incomplete (yellow dot)**" ends with an
incomplete/awkward sentence; revise it so the final clause reads fluently and
completes the thought—for example: "Only those that can request additional
input, such as Attribute Collector, Provisioning, and OU Creation, expose this
path." Update the sentence in the bullet so it references the executor types
(Attribute Collector, Provisioning, OU Creation) and clearly states that only
those executors expose the incomplete path.
In `@docs/content/guides/guides/users/manage-groups.mdx`:
- Line 58: Restore a clickable "Roles" link by replacing the plain text sentence
"To assign a role to a group, see the Roles guide." with a descriptive markdown
link to the canonical path (e.g., "Roles guide" -> /docs/guides/roles or the
repo's canonical /docs/... path), and update the relative links on the following
block (the links on lines referencing 62-64) to use the absolute /docs/...
format and descriptive link text so all internal doc links in this MDX file
follow the repository's canonical absolute path convention.
In `@docs/scripts/generate-changelog.mjs`:
- Line 55: fetchReleases() currently throws but generate() catches errors and
only logs them (see generate()), which allows CI to continue silently; modify
generate() to propagate failures after logging by either re-throwing the caught
error or calling process.exit(1) so the script exits with failure, and ensure
fetchReleases() error flows through; reference the fetchReleases() and
generate() functions and update the catch block to re-throw or exit rather than
swallowing the error (or alternatively add explicit documented
graceful-degradation behavior if you intentionally want to keep the file on
failure).
In `@docs/src/theme/Root.tsx`:
- Around line 41-47: The useEffect restoring persona reads localStorage but only
validates 'app'|'iam', so saved 'devops' won't be restored; update the
validation in the Root component's useEffect (the block reading
PERSONA_STORAGE_KEY and calling applyPersona) to accept 'devops' as well or
better import the PERSONAS array or a validation helper from PersonaDropdown.tsx
and use PERSONAS.some(p => p.value === saved) to validate before calling
applyPersona(saved).
---
Outside diff comments:
In `@docs/content/community/contributing/overview.mdx`:
- Line 83: Replace the informal abbreviation "repo" with "repository" in the
contributing step text—update the line that currently reads "2. Fork the repo
and make changes" to "2. Fork the repository and make changes" so it satisfies
Vale linting; ensure any other occurrences of "repo" in the same document are
similarly replaced.
In `@docs/content/guides/getting-started/get-thunder.mdx`:
- Line 17: Change the heading "## Download From Release" to use proper
title-casing per Vale by lowercasing the short/preposition word: update the
heading text to "## Download from Release" (replace the original "Download From
Release" heading).
In `@docs/content/guides/guides/integrations.mdx`:
- Line 8: The heading "This page is under construction. Please check back
later." is not Title Case; update that Markdown heading to Title Case (e.g.,
"This Page Is Under Construction; Please Check Back Later") so it satisfies Vale
and the markdown lint pipeline, ensuring the exact heading string in the file is
replaced with the Title Case variant used across docs.
In `@docs/content/guides/quick-start/connect-your-application/nextjs.mdx`:
- Line 8: The heading "This page is under construction. Please check back
later." fails TitleCase linting; update that heading to Title Case (e.g., "This
Page Is Under Construction. Please Check Back Later.") so it satisfies
WSO2-IAM.TitleCaseTitles; locate and replace the exact heading text in the
nextjs.mdx file.
In `@docs/content/guides/quick-start/connect-your-application/react.mdx`:
- Around line 282-294: Wrap the bash command code blocks with Vale suppression
comments to skip linting for the informal token "dev": add an opening <!-- vale
off --> immediately before the <CodeBlock lang="bash" label="npm"> (and likewise
before the Yarn and pnpm CodeBlock entries) and a closing <!-- vale on -->
immediately after each block (or around the entire <CodeGroup>) so the three
commands (`npm run dev`, `yarn dev`, `pnpm run dev`) are not flagged; target the
CodeBlock entries labeled "npm", "Yarn", and "pnpm" to apply the suppression.
- Line 177: The heading "Add Sign-In and Sign-Out" fails the
WSO2-IAM.TitleCaseTitles check; update this heading in react.mdx to a
Vale-compliant Title Case form (replace hyphenated tokens with Title Case
words), e.g., change "Add Sign-In and Sign-Out" to "Add Sign In and Sign Out" so
it matches the project's Title Case rule.
In `@docs/content/sdks/react/guides/protecting-routes/overview.mdx`:
- Around line 30-40: Wrap the JSX block containing the Grid/SDKCard entries (the
block with SDKCard, TanStackLogo and the hrefs "/docs/next/sdks/...") with Vale
suppression for the Terms rule so the `/sdks/` URL tokens aren't rewritten;
specifically add a Vale disable for Terms before the block and re-enable after
it to silence Vale.Terms without changing route casing.
---
Nitpick comments:
In @.vale/styles/config/vocabularies/vocab/accept.txt:
- Around line 7-8: Remove the redundant literal "IAM" entry because the
case-insensitive regex "[Ii][Aa][Mm]" already matches all case variations; keep
the regex line and delete the standalone "IAM" line so only the regex remains in
the vocabulary file.
- Line 35: The file contains a duplicated vocabulary entry "SDKs"; remove the
redundant "SDKs" occurrence so that only one "SDKs" entry remains (locate the
duplicate "SDKs" string in the vocab file and delete the extra line).
- Line 26: Remove the duplicate vocabulary entry "JWTs" so the file contains
only one "JWTs" occurrence; locate the second "JWTs" token in the vocab list and
delete that duplicate, then scan the rest of the vocab file for any other
repeated "JWTs" entries to ensure uniqueness.
In `@docs/content/guides/deployment-patterns/openchoreo.mdx`:
- Around line 12-284: Add a short "Troubleshooting" section to the OpenChoreo
deployment guide (near the end under "Next Steps" or immediately after "Database
Setup"/"Install Thunder") that lists common failure cases and concise
remediation steps; include entries for (1) missing CRDs: symptom ("kubectl get
crd | grep openchoreo" returns nothing) and quick fix (reinstall OpenChoreo
control plane or apply CRD manifest), (2) DB authentication/SSL mismatch:
symptom (connection refused/auth failed) and fixes (verify
DB_HOST/DB_USER/DB_PASS, confirm sslmode values in the Helm values or --set
flags and match server config), (3) Helm value-path mistakes: symptom (values
not applied or pods error on startup) and fix (show correct value paths used in
examples like database.identity.username / database.runtime.password and
recommend using -f custom-values.yaml plus helm get values to validate), plus
one general tip to check pod logs (kubectl logs) and CR status (kubectl get
components,workloads -n identity-platform) for debugging.
In `@docs/content/guides/guides/flows/build-a-flow.mdx`:
- Around line 19-87: Add a new "Verify the flow works" subsection after "Assign
to an Application" that gives concise verification steps: sign in to the Thunder
Console, run the flow from the Flow Builder or assigned application, exercise
both success and failure paths (submit forms, trigger executors), confirm the
flow reaches the END node and increments version under "Save and Manage
Versions", and check server logs/console for executor errors; then add a
"Troubleshooting" subsection that lists common fixes for missing node
connections (inspect canvas wiring between View → Executor and ensure Executor
success/failure ports are connected), unassigned flow issues (confirm the flow
is selected under the application's Flows tab and saved), and executor
configuration errors (verify executor settings such as OTP length, social
credentials, attribute mappings in the node settings), referencing the "Create a
Flow", "Build the Canvas", "Configure Node Settings", "Save and Manage
Versions", and "Assign to an Application" sections so readers can locate related
steps.
In `@docs/content/guides/guides/flows/what-is-flows.mdx`:
- Line 10: Split the long opening sentence into two for readability: keep the
first sentence describing what a flow is and its purpose (mention "A flow in
Thunder defines the step-by-step journey a user takes during a specific
interaction with your application, such as signing in or self-registering.") and
make a second sentence about how you build flows visually using the Flow Builder
in the Thunder Console (mentioning the canvas-based editor and
drag/connect/configure nodes to design the experience). Update the paragraph
containing "Flow Builder" so each sentence is under 30 words and preserves the
original terms "Flow Builder" and "Thunder Console."
In `@docs/content/guides/quick-start/connect-your-application/react.mdx`:
- Line 67: Replace the wordy opener "Alternatively, you can create an
application using the Thunder API." with a more concise phrase such as "You can
also create an application using the Thunder API." so the sentence reads: "You
can also create an application using the Thunder API. First, [obtain a system
API token]..., then:"; update the exact sentence that begins with
"Alternatively" to use the new opener.
In `@docs/plugins/personaPlugin.ts`:
- Around line 39-46: The JSDoc for the persona plugin incorrectly lists
supported persona values as only "app" or "iam"; update the comment above the
personaMap description (the plugin that populates personaMap: Record<string,
string>) to include all supported persona values—add "devops" alongside "app"
and "iam" (matching the Persona type used in PersonaDropdown and the CSS rules
used for sidebar filtering) so documentation and code agree.
In `@docs/src/theme/NavbarItem/PersonaDropdown.tsx`:
- Around line 96-156: The dropdown lacks Escape-key handling: when isOpen is
true add a keyboard handler that closes the menu on Escape. Implement a
useEffect inside the PersonaDropdown component that adds a document keydown
listener which checks for event.key === 'Escape' (or 'Esc' fallback) and calls
setIsOpen(false) (and optionally stops propagation), and remove the listener in
the cleanup; ensure this effect depends on isOpen so it only listens while the
menu is open and keep existing handlers like handleSelect unchanged.
In `@docs/src/theme/Root.tsx`:
- Line 25: PERSONA_STORAGE_KEY in Root.tsx duplicates STORAGE_KEY used in the
persona dropdown; export the existing STORAGE_KEY constant from the
PersonaDropdown component and replace the local PERSONA_STORAGE_KEY usage by
importing STORAGE_KEY into Root.tsx so both modules share the single exported
constant (update the export in PersonaDropdown and the import + variable usage
in Root.tsx).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: a19da064-74df-4c86-967f-d603b4e5f47f
⛔ Files ignored due to path filters (1)
docs/static/assets/images/thunder-kubernetes-diagram.pngis excluded by!**/*.png
📒 Files selected for processing (52)
.vale.ini.vale/styles/config/vocabularies/vocab/accept.txtdocs/content/community/contributing/contributing-code/backend-development/observability.mddocs/content/community/contributing/contributing-code/documentation-development/development-pipeline.mdxdocs/content/community/contributing/overview.mdxdocs/content/community/contributing/proposing-features.mdxdocs/content/community/contributing/sharing-ideas.mdxdocs/content/community/overview.mdxdocs/content/guides/deployment-patterns/docker.mdxdocs/content/guides/deployment-patterns/index.mdxdocs/content/guides/deployment-patterns/kubernetes.mdxdocs/content/guides/deployment-patterns/openchoreo.mdxdocs/content/guides/getting-started/get-thunder.mdxdocs/content/guides/guides/applications.mdxdocs/content/guides/guides/applications/application-settings.mdxdocs/content/guides/guides/applications/manage-applications.mdxdocs/content/guides/guides/flows.mdxdocs/content/guides/guides/flows/_category_.jsondocs/content/guides/guides/flows/build-a-flow.mdxdocs/content/guides/guides/flows/flow-concepts.mdxdocs/content/guides/guides/flows/flow-reference.mdxdocs/content/guides/guides/flows/what-is-flows.mdxdocs/content/guides/guides/integrations.mdxdocs/content/guides/guides/organization-units.mdxdocs/content/guides/guides/users/groups.mdxdocs/content/guides/guides/users/manage-groups.mdxdocs/content/guides/guides/users/manage-users.mdxdocs/content/guides/guides/users/user-schema-reference.mdxdocs/content/guides/guides/users/user-types.mdxdocs/content/guides/quick-start/connect-your-application/nextjs.mdxdocs/content/guides/quick-start/connect-your-application/react.mdxdocs/content/guides/quick-start/quickstart.mdxdocs/content/guides/working-with-ai/mcp-server.mdxdocs/content/sdks/react/guides/protecting-routes/overview.mdxdocs/content/sdks/react/overview.mdxdocs/content/use-cases/ai-agents/agent-authentication.mdxdocs/content/use-cases/overview.mdxdocs/docusaurus.config.tsdocs/plugins/personaPlugin.tsdocs/scripts/generate-changelog.mjsdocs/sidebars.tsdocs/src/components/Footer.tsxdocs/src/components/HomePage/APIReferenceSection.tsxdocs/src/components/HomePage/CTASection.tsxdocs/src/components/HomePage/GetStartedSection.tsxdocs/src/components/HomePage/HeroSection.tsxdocs/src/css/custom.cssdocs/src/theme/DocSidebarItem/Link/index.tsxdocs/src/theme/NavbarItem/ComponentTypes.tsxdocs/src/theme/NavbarItem/PersonaDropdown.tsxdocs/src/theme/NavbarItem/index.tsxdocs/src/theme/Root.tsx
💤 Files with no reviewable changes (2)
- docs/content/guides/guides/flows.mdx
- docs/content/guides/guides/users/groups.mdx
| spelling = yes | ||
| Vale.Spelling = warning | ||
|
|
||
| BlockIgnores = (?s)^---.*?--- |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Find .md and .mdx files with multiple --- occurrences
echo "Files with multiple --- occurrences:"
fd -e md -e mdx --type f . docs/content --exec bash -c '
count=$(grep -c "^---$" "$1" 2>/dev/null || echo 0)
if [ "$count" -gt 2 ]; then
echo "$1: $count occurrences"
echo " Line numbers:"
grep -n "^---$" "$1" | head -20
echo ""
fi
' _ {} \;Repository: asgardeo/thunder
Length of output: 693
🏁 Script executed:
cat -n .vale.ini | head -30Repository: asgardeo/thunder
Length of output: 1005
🏁 Script executed:
#!/bin/bash
# Test the regex pattern behavior with actual content
# Create a test file similar to overview.mdx
cat > /tmp/test_md.txt << 'EOF'
---
title: Test
description: Test doc
---
Some intro content.
---
Section 1 with content that should be checked.
---
Section 2 with more content.
---
Final section.
---
EOF
# Test the current pattern
echo "Testing pattern: (?s)^---.*?---"
python3 << 'PYTHON'
import re
with open('/tmp/test_md.txt', 'r') as f:
content = f.read()
# Current pattern
pattern1 = r'(?s)^---.*?---'
# Proposed pattern
pattern2 = r'(?s)\A---.*?---'
print("=== Current Pattern: (?s)^---.*?--- ===")
matches1 = list(re.finditer(pattern1, content, re.MULTILINE))
for i, match in enumerate(matches1, 1):
print(f"Match {i}: lines {content[:match.start()].count(chr(10))+1}-{content[:match.end()].count(chr(10))+1}")
print(f" Content: {repr(match.group()[:50])}")
print(f"\nTotal matches with current pattern: {len(matches1)}")
print("\n=== Proposed Pattern: (?s)\\A---.*?--- ===")
matches2 = list(re.finditer(pattern2, content))
for i, match in enumerate(matches2, 1):
print(f"Match {i}: lines {content[:match.start()].count(chr(10))+1}-{content[:match.end()].count(chr(10))+1}")
print(f" Content: {repr(match.group()[:50])}")
print(f"\nTotal matches with proposed pattern: {len(matches2)}")
PYTHONRepository: asgardeo/thunder
Length of output: 556
Fix BlockIgnores regex pattern to match only frontmatter, not mid-document rules.
The pattern (?s)^---.*?--- uses ^ which in multiline mode matches the start of any line, not the file start. Combined with DOTALL mode (?s), it matches from any --- separator to the next one, incorrectly excluding mid-document content from Vale checks.
Testing confirms the pattern matches multiple times in files with horizontal rules: in a sample with three --- pairs, it produces three matches instead of one. Files like docs/content/community/contributing/overview.mdx (14 occurrences) and docs/content/community/contributing/contributing-code/documentation-development/writing-documentation.mdx (20 occurrences) would have significant content sections incorrectly ignored.
Replace ^ with \A on lines 12 and 26 to anchor only to the file start:
Recommended fix
-BlockIgnores = (?s)^---.*?---
+BlockIgnores = (?s)\A---.*?---Apply to both [*.md] (line 12) and [*.mdx] (line 26) sections.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| BlockIgnores = (?s)^---.*?--- | |
| BlockIgnores = (?s)\A---.*?--- |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.vale.ini at line 12, The BlockIgnores regex `(?s)^---.*?---` in the
.vale.ini settings (the BlockIgnores key) is anchoring to any line start and
thus matches mid-document `---` separators; update the value to use `\A` instead
of `^` (e.g., `(?s)\A---.*?---`) so it only matches frontmatter at the start of
the file, and apply this change for both BlockIgnores entries under the [*.md]
and [*.mdx] sections (the same key name BlockIgnores).
| OAuth2 | ||
| OpenID | ||
| IAM | ||
| [Ii][Aa][Mm] |
There was a problem hiding this comment.
Remove duplicate [Ii][Aa][Mm] pattern.
The case-insensitive regex pattern [Ii][Aa][Mm] appears on both line 8 and line 50. This duplication was introduced in the current changes.
🔧 Suggested fix
Remove the duplicate entry on line 50:
templated
-[Ii][Aa][Mm]
OTPsAlso applies to: 50-50
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.vale/styles/config/vocabularies/vocab/accept.txt at line 8, Remove the
duplicate case-insensitive regex pattern `[Ii][Aa][Mm]` so it only appears once
in the vocabulary list; locate the second occurrence of the token `[Ii][Aa][Mm]
in the accept vocabulary and delete that duplicate entry, leaving the original
entry intact.
| Before working with the documentation, ensure you have the required development tools installed and configured. | ||
|
|
||
| **See**: [Prerequisites - Development Tools](/thunder/docs/community/contributing/contributing-code/prerequisites#development-tools) for complete setup instructions. | ||
| **See**: [Prerequisites - Development Tools](../prerequisites#development-tools) for complete setup instructions. |
There was a problem hiding this comment.
Keep internal links in canonical absolute /docs/... form.
Line 13 switches to a relative link. In this repo, internal docs links in MDX are expected to use absolute /docs/... paths for consistency and stable navigation.
Based on learnings: in docs/content/**/*.mdx, internal doc links consistently use absolute /docs/... paths rather than relative file paths.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@docs/content/community/contributing/contributing-code/documentation-development/development-pipeline.mdx`
at line 13, The MDX file uses a relative internal link
("../prerequisites#development-tools") which violates the repository convention
of using canonical absolute paths; update the link in development-pipeline.mdx
to the canonical absolute form (e.g., "/docs/prerequisites#development-tools")
so internal docs under docs/content/**/*.mdx consistently use /docs/... paths;
locate the link by searching for the text "Prerequisites - Development Tools" or
the fragment "#development-tools" and replace the href accordingly.
|
|
||
| ## Code of Conduct | ||
|
|
||
| Thunder follows the [Contributor Covenant Code of Conduct](https://github.com/asgardeo/thunder/blob/main/CONTRIBUTING.md). By participating, you are expected to uphold this code. |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check if CODE_OF_CONDUCT.md exists and what CONTRIBUTING.md contains
echo "=== Checking for CODE_OF_CONDUCT.md ==="
fd -t f "CODE_OF_CONDUCT.md"
echo -e "\n=== Checking CONTRIBUTING.md for Code of Conduct reference ==="
if [ -f "CONTRIBUTING.md" ]; then
head -50 CONTRIBUTING.md | grep -i "code of conduct" || echo "No 'code of conduct' mention in first 50 lines"
fiRepository: asgardeo/thunder
Length of output: 210
🏁 Script executed:
#!/bin/bash
# Check full CONTRIBUTING.md for Code of Conduct content
echo "=== Full CONTRIBUTING.md content ==="
if [ -f "CONTRIBUTING.md" ]; then
wc -l CONTRIBUTING.md
cat -n CONTRIBUTING.md | grep -i "covenant\|code of conduct" || echo "No Code of Conduct match found"
echo -e "\n=== Last 50 lines of CONTRIBUTING.md ==="
tail -50 CONTRIBUTING.md
else
echo "CONTRIBUTING.md not found"
fi
# Search entire repo for Contributor Covenant or Code of Conduct
echo -e "\n=== Searching for 'Contributor Covenant' in repo ==="
rg -i "contributor covenant" --type md --type mdx
echo -e "\n=== Searching for 'code of conduct' in repo ==="
rg -i "code of conduct" --type md --type mdxRepository: asgardeo/thunder
Length of output: 535
🏁 Script executed:
#!/bin/bash
# View the specific file around line 45
echo "=== docs/content/community/overview.mdx around line 45 ==="
if [ -f "docs/content/community/overview.mdx" ]; then
sed -n '40,50p' docs/content/community/overview.mdx
else
echo "File not found, searching for overview files:"
fd -t f "overview.mdx"
fiRepository: asgardeo/thunder
Length of output: 611
Fix incorrect Code of Conduct link.
The text references the "Contributor Covenant Code of Conduct" but links to CONTRIBUTING.md, which contains only a reference to the Contributing Guide and does not include the Code of Conduct. Either the link should point to where the Code of Conduct actually resides, or a separate CODE_OF_CONDUCT.md file should be created and linked.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/content/community/overview.mdx` at line 45, The link text "Contributor
Covenant Code of Conduct" currently points to the CONTRIBUTING.md URL; update
the link to reference the actual Code of Conduct (e.g., replace the href
`https://github.com/asgardeo/thunder/blob/main/CONTRIBUTING.md` with the real
CODE_OF_CONDUCT.md URL such as
`https://github.com/asgardeo/thunder/blob/main/CODE_OF_CONDUCT.md`), or create a
CODE_OF_CONDUCT.md in the repo and then update the link in the "Contributor
Covenant Code of Conduct" anchor so it points to that new file.
Comment on lines
+41
to
+57
| Run the one-time setup script before starting Thunder for the first time. The setup initializes the configuration and database: | ||
|
|
||
| ```bash | ||
| docker run -it --rm \ | ||
| ghcr.io/asgardeo/thunder:latest \ | ||
| ./setup.sh | ||
| ``` | ||
|
|
||
| The container exits after setup completes. If you are using SQLite as the database, mount a volume to persist the database file so the setup data is available when you start the server. | ||
|
|
||
| ### Step 3: Start the Server | ||
|
|
||
| ```bash | ||
| docker run --rm \ | ||
| -p 8090:8090 \ | ||
| ghcr.io/asgardeo/thunder:latest | ||
| ``` |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# First, let's understand the repository structure
find . -type f -name "Dockerfile*" -o -name "setup.sh" | head -20Repository: asgardeo/thunder
Length of output: 83
🏁 Script executed:
# Look for any configuration or entrypoint files
fd -t f "setup\|docker\|config" -e sh -e yaml -e yml | grep -E "(setup|docker|config)" | head -20Repository: asgardeo/thunder
Length of output: 42
🏁 Script executed:
# Check the documentation file in question
cat docs/content/guides/deployment-patterns/docker.mdxRepository: asgardeo/thunder
Length of output: 3941
🏁 Script executed:
cat -n DockerfileRepository: asgardeo/thunder
Length of output: 5102
🏁 Script executed:
cat -n setup.shRepository: asgardeo/thunder
Length of output: 19102
🏁 Script executed:
# Check if there are any volume or workdir specifications in Dockerfile
grep -n "VOLUME\|WORKDIR\|ENV.*PATH\|/opt/thunder" DockerfileRepository: asgardeo/thunder
Length of output: 195
🏁 Script executed:
# Check for any references to database paths or repository in the actual code
rg "repository\|database\|sqlite" --type go -A 2 -B 2 | head -50Repository: asgardeo/thunder
Length of output: 42
🏁 Script executed:
# Look for any environment variable or configuration related to data storage
grep -r "THUNDER_HOME\|DATABASE\|REPOSITORY" . --include="*.yaml" --include="*.yml" --include="*.go" 2>/dev/null | head -20Repository: asgardeo/thunder
Length of output: 1551
🏁 Script executed:
# Check the deployment.yaml to understand the data storage paths
find . -name "deployment.yaml" -exec cat {} \;Repository: asgardeo/thunder
Length of output: 8605
🏁 Script executed:
# Check if setup.sh and start.sh are different scripts
diff setup.sh start.shRepository: asgardeo/thunder
Length of output: 17618
🏁 Script executed:
# Look for any volume declarations in Dockerfile or docker-compose examples
grep -r "volume" . --include="Dockerfile*" --include="docker-compose*" --include="*.yml" --include="*.yaml" 2>/dev/null | grep -i thunderRepository: asgardeo/thunder
Length of output: 726
🏁 Script executed:
# Check if there's a docker-compose file that might show the intended pattern
find . -name "docker-compose*" -type f | head -5Repository: asgardeo/thunder
Length of output: 147
🏁 Script executed:
cat ./install/local-development/docker-compose.ymlRepository: asgardeo/thunder
Length of output: 756
🏁 Script executed:
cat ./install/quick-start/docker-compose.ymlRepository: asgardeo/thunder
Length of output: 1554
Add volume mounts to persist setup data between containers
The setup and server commands run in separate containers. Without mounting the same volume, setup data (databases and configuration) created by ./setup.sh are discarded when that container exits with --rm.
Mount /opt/thunder/repository in both commands to persist data:
Corrected commands
+docker volume create thunder-data
+
docker run -it --rm \
+ -v thunder-data:/opt/thunder/repository \
ghcr.io/asgardeo/thunder:latest \
./setup.sh
docker run --rm \
-p 8090:8090 \
+ -v thunder-data:/opt/thunder/repository \
ghcr.io/asgardeo/thunder:latest🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/content/guides/deployment-patterns/docker.mdx` around lines 41 - 57,
Update the two example docker run commands so the setup container and the server
container mount the same persistent volume for /opt/thunder/repository;
specifically modify the setup invocation that runs ./setup.sh and the server
start command (the ghcr.io/asgardeo/thunder:latest run) to include a -v
host_path:/opt/thunder/repository (or named volume) so the data created by
./setup.sh is persisted and available when the server container starts.
| 2. Click **+ Create New Flow** in the top-right corner. | ||
| 3. Enter a name for the flow in the left panel. | ||
|
|
||
| The Flow Builder opens with a default starter flow on the canvas. A **Sign In** View node wired through an **Identifier + Password** executor and an **Auth Assertion Generator** executor to an **END** node. |
There was a problem hiding this comment.
Fix sentence fragment for clarity
Line 25 reads as a fragment. Convert it to a complete sentence to improve readability.
Suggested text
-The Flow Builder opens with a default starter flow on the canvas. A **Sign In** View node wired through an **Identifier + Password** executor and an **Auth Assertion Generator** executor to an **END** node.
+The Flow Builder opens with a default starter flow on the canvas: a **Sign In** View node wired through an **Identifier + Password** executor and an **Auth Assertion Generator** executor to an **END** node.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| The Flow Builder opens with a default starter flow on the canvas. A **Sign In** View node wired through an **Identifier + Password** executor and an **Auth Assertion Generator** executor to an **END** node. | |
| The Flow Builder opens with a default starter flow on the canvas: a **Sign In** View node wired through an **Identifier + Password** executor and an **Auth Assertion Generator** executor to an **END** node. |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/content/guides/guides/flows/build-a-flow.mdx` at line 25, Replace the
sentence fragment describing the starter flow with a complete sentence; update
the line mentioning "Sign In View node", "Identifier + Password" executor, "Auth
Assertion Generator" executor, and "END node" into a single grammatical sentence
(for example: "The Flow Builder opens with a default starter flow on the canvas:
a Sign In View node wired through an Identifier + Password executor and an Auth
Assertion Generator executor to an END node.") so the description is a full,
readable sentence.
| - **View to Executor** - the user clicks a button in the View, which triggers the connected Executor. | ||
| - **Executor success (green dot)** - connects to the next node when the operation succeeds. | ||
| - **Executor failure (red dot)** - connects to a fallback View (error screen or retry step) when the operation fails. | ||
| - **Executor incomplete (yellow dot)** - connects back to a View node when the executor needs more input from the user. The target must be a View node. Not all executors expose this path. Only those that can request additional input, such as Attribute Collector, Provisioning, and OU Creation. |
There was a problem hiding this comment.
Complete the final sentence in the incomplete-path bullet
The last sentence on Line 86 is incomplete and reads awkwardly.
Suggested text
-- **Executor incomplete (yellow dot)** - connects back to a View node when the executor needs more input from the user. The target must be a View node. Not all executors expose this path. Only those that can request additional input, such as Attribute Collector, Provisioning, and OU Creation.
+- **Executor incomplete (yellow dot)** - connects back to a View node when the executor needs more input from the user. The target must be a View node. Not all executors expose this path—only those that can request additional input, such as Attribute Collector, Provisioning, and OU Creation.🧰 Tools
🪛 LanguageTool
[style] ~86-~86: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...try step) when the operation fails. - Executor incomplete (yellow dot) - connects ba...
(ENGLISH_WORD_REPEAT_BEGINNING_RULE)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/content/guides/guides/flows/flow-concepts.mdx` at line 86, The bullet
"**Executor incomplete (yellow dot)**" ends with an incomplete/awkward sentence;
revise it so the final clause reads fluently and completes the thought—for
example: "Only those that can request additional input, such as Attribute
Collector, Provisioning, and OU Creation, expose this path." Update the sentence
in the bullet so it references the executor types (Attribute Collector,
Provisioning, OU Creation) and clearly states that only those executors expose
the incomplete path.
| Roles assigned to a group apply to all members of that group. This is the recommended way to grant permissions to a set of users instead of assigning roles individually. | ||
|
|
||
| To assign a role to a group, see [Roles](/guides/guides/roles). | ||
| To assign a role to a group, see the Roles guide. |
There was a problem hiding this comment.
Restore a clickable Roles link and keep internal links in canonical format.
Line 58 references the Roles guide without a hyperlink, and Lines 62-64 use relative links instead of the repo’s standard absolute /docs/... format.
Based on learnings: internal doc links in docs/content/**/*.mdx use absolute /docs/... paths, and links should use descriptive text.
Also applies to: 62-64
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/content/guides/guides/users/manage-groups.mdx` at line 58, Restore a
clickable "Roles" link by replacing the plain text sentence "To assign a role to
a group, see the Roles guide." with a descriptive markdown link to the canonical
path (e.g., "Roles guide" -> /docs/guides/roles or the repo's canonical
/docs/... path), and update the relative links on the following block (the links
on lines referencing 62-64) to use the absolute /docs/... format and descriptive
link text so all internal doc links in this MDX file follow the repository's
canonical absolute path convention.
| } catch (error) { | ||
| logger.error('Error fetching releases:', error); | ||
| return []; | ||
| throw error; |
There was a problem hiding this comment.
Inconsistent error handling may cause silent CI failures.
fetchReleases() now throws errors (line 55), but generate() catches them and only logs without re-throwing or exiting (lines 297-299). This means fetch failures are silently swallowed — the changelog file is kept as-is and the build continues as if successful.
Given that prebuild.mjs expects script failures to propagate (it calls process.exit(1) on caught errors), the current approach will mask API failures in CI.
Proposed fix to propagate failures
Either re-throw after logging:
} catch (error) {
logger.error('❌ Failed to generate changelog — keeping existing file:', error);
+ throw error;
}Or, if graceful degradation is intentional (keeping the existing file on failure), document this behavior clearly and consider whether CI should treat it as a warning rather than silent success.
Also applies to: 297-299
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/scripts/generate-changelog.mjs` at line 55, fetchReleases() currently
throws but generate() catches errors and only logs them (see generate()), which
allows CI to continue silently; modify generate() to propagate failures after
logging by either re-throwing the caught error or calling process.exit(1) so the
script exits with failure, and ensure fetchReleases() error flows through;
reference the fetchReleases() and generate() functions and update the catch
block to re-throw or exit rather than swallowing the error (or alternatively add
explicit documented graceful-degradation behavior if you intentionally want to
keep the file on failure).
Comment on lines
+41
to
+47
| // Restore persona selection from localStorage before first paint. | ||
| useEffect(() => { | ||
| const saved = localStorage.getItem(PERSONA_STORAGE_KEY) as Persona | null; | ||
| if (saved && (saved === 'app' || saved === 'iam')) { | ||
| applyPersona(saved); | ||
| } | ||
| }, []); |
There was a problem hiding this comment.
Missing 'devops' persona in validation causes restoration failure.
The validation only accepts 'app' or 'iam', but the Persona type (defined in PersonaDropdown.tsx) also includes 'devops'. If a user selects the DevOps Engineer persona, it gets saved to localStorage but won't be restored on page reload.
🐛 Proposed fix
// Restore persona selection from localStorage before first paint.
useEffect(() => {
const saved = localStorage.getItem(PERSONA_STORAGE_KEY) as Persona | null;
- if (saved && (saved === 'app' || saved === 'iam')) {
+ if (saved && (saved === 'app' || saved === 'iam' || saved === 'devops')) {
applyPersona(saved);
}
}, []);Alternatively, consider importing the PERSONAS array or a validation helper from PersonaDropdown.tsx to avoid duplicating the list of valid values (similar to how PersonaDropdown validates with PERSONAS.some(p => p.value === saved)).
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| // Restore persona selection from localStorage before first paint. | |
| useEffect(() => { | |
| const saved = localStorage.getItem(PERSONA_STORAGE_KEY) as Persona | null; | |
| if (saved && (saved === 'app' || saved === 'iam')) { | |
| applyPersona(saved); | |
| } | |
| }, []); | |
| // Restore persona selection from localStorage before first paint. | |
| useEffect(() => { | |
| const saved = localStorage.getItem(PERSONA_STORAGE_KEY) as Persona | null; | |
| if (saved && (saved === 'app' || saved === 'iam' || saved === 'devops')) { | |
| applyPersona(saved); | |
| } | |
| }, []); |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/src/theme/Root.tsx` around lines 41 - 47, The useEffect restoring
persona reads localStorage but only validates 'app'|'iam', so saved 'devops'
won't be restored; update the validation in the Root component's useEffect (the
block reading PERSONA_STORAGE_KEY and calling applyPersona) to accept 'devops'
as well or better import the PERSONAS array or a validation helper from
PersonaDropdown.tsx and use PERSONAS.some(p => p.value === saved) to validate
before calling applyPersona(saved).
brionmario
approved these changes
Apr 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
#subject
🔧 Summary of Breaking Changes
Describe what is changing
💥 Impact
What will break? Who is affected?
🔄 Migration Guide
How should users update their code/configuration to adapt to the breaking changes? Include examples if helpful
-->
Approach
Related Issues
Related PRs
Checklist
breaking changelabel added.Security checks
Summary by CodeRabbit
New Features
Documentation
Bug Fixes