Conversation
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request initiates a Proof of Concept (POC) for a new React-based Policy Studio within the Gravitee Gamma application. The primary objective is to validate a modern architecture for complex user interfaces, focusing on drag-and-drop interactions, dynamic form generation from JSON schemas, and efficient state management. The implementation includes foundational UI components, a robust API client with development-friendly features like mock and chaos modes, and comprehensive documentation to guide future development and evaluation. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces the Policy Studio React POC, including comprehensive coding guidelines, architectural documentation, and implementation details for state management, data fetching, and UI components. The new CODING_GUIDELINES.md, POLICY_STUDIO_ARCHITECTURE.md, and POLICY_STUDIO_POC.md files are exceptionally well-written, providing clear and detailed information that will be invaluable for future development and understanding of the project. The implementation demonstrates a strong adherence to modern React and TypeScript best practices, including immutable state updates, robust error handling, and thoughtful consideration for accessibility and anti-happy-path scenarios. The use of safeFlows and safeStep functions to handle potentially corrupted API data is particularly commendable, directly addressing a key anti-happy-path constraint. Overall, the changes are of high quality and lay a solid foundation for the Policy Studio.
| No flows yet. Click + to create one. | ||
| </div> | ||
| )} | ||
| {flows.map((flow, index) => ( |
There was a problem hiding this comment.
Using index as a key for list items is generally discouraged in React, especially when items can be added, removed, or reordered, as it can lead to subtle bugs and performance issues due to incorrect component reconciliation. While FlowListItems are not directly sortable, flows can be added or removed, which changes the indices of subsequent items.
Consider adding a unique id property to the Flow interface and using flow.id as the key. This ensures stable component identities across list changes.
| readonly saveApi: (api: ApiV4) => Promise<void>; | ||
| } | ||
|
|
||
| export function useApi(apiId: string): UseApiResult { |
There was a problem hiding this comment.
The apiId parameter is typed as string, but useParams can return undefined. The calling component (PolicyStudioPage.tsx) uses apiId ?? '' to handle this, which is a valid workaround.
However, for clearer API contract and to allow the hook to explicitly handle the undefined case (e.g., by not fetching if apiId is undefined), consider typing apiId as string | undefined.
| export function useApi(apiId: string): UseApiResult { | |
| export function useApi(apiId: string | undefined): UseApiResult { |
| @@ -0,0 +1,79 @@ | |||
| import type { Flow, Step, Phase, HttpMethod, PolicyPlugin } from './types'; | |||
|
|
|||
| let nextStepId = 1; | |||
There was a problem hiding this comment.
The nextStepId variable is a global mutable state used for generating unique step IDs. While this works for a POC, it could lead to issues in a larger application, especially with hot module replacement or if multiple instances of the application were to run in different contexts.
For a more robust solution, consider using a UUID generation library (e.g., uuid) to ensure globally unique IDs, or encapsulate the ID generation logic within a context or a more controlled scope if nextStepId needs to be sequential and resetable.
gcusnieux
force-pushed
the
poc-gamma-react-policy-studio
branch
from
cb851b3 to
c84b6cf
Compare
gcusnieux
force-pushed
the
poc-gamma-react-policy-studio
branch
from
b5b8175 to
0c4f0de
Compare
gcusnieux
force-pushed
the
poc-gamma-react-policy-studio
branch
from
0c4f0de to
8d93be5
Compare
| "@rjsf/utils": "^6.4.1", | ||
| "@rjsf/validator-ajv8": "^6.4.1", | ||
| "@scalar/openapi-parser": "0.11.1", | ||
| "@toast-ui/editor": "3.2.2", |
There was a problem hiding this comment.
⚠️ Aqua detected vulnerability in your code
Vulnerability ID: CVE-2025-26791
Check Name: dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling
Severity: MEDIUM
Fixed Version: 3.2.4
Reachable Path(s) Found: No
Description: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).
(This package is used under: @toast-ui/editor@3.2.2->dompurify@2.5.9)
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/nvd/cve-2025-26791
2 participants
Issue
https://gravitee.atlassian.net/browse/APIM-XXX
Description
A small description of what you did in that PR.
Additional context