Merge branch 'main' of https://github.com/isaaclins/excalidraw into dev

isaaclins · isaaclins · commit 9daf5b44a7bf · 2025-10-21T09:46:28.000+02:00
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -240,3 +240,213 @@ LOG_LEVEL=info                   # debug | info | warn | error
 ### App
 
 No `.env` file - configuration via connection dialog on first launch.
+
+## CI/CD and Automation
+
+### GitHub Actions Workflows
+
+The project has automated testing and release workflows:
+
+**tests.yml** - Runs on push to `dev` and `main` branches:
+- **Server tests**: Go linting (golangci-lint) + `make test`
+- **Client tests**: ESLint + Vitest tests on Linux, macOS, and Windows
+- All tests must pass before merge
+
+**release.yml** - Runs on push to `releases` branch:
+- Builds production binaries for all platforms
+- Creates artifacts: `.deb`, `.AppImage`, `.dmg`, `.app`, `.msi`, `.exe`
+- Server binary built with Go
+
+### Pre-commit Checklist
+
+Before committing code changes:
+1. Run linters: `npm run lint:fix` (app) or `make lint-fix` (server)
+2. Run tests: `npm test` (app) or `make test` (server)
+3. Verify builds: `npm run build` (app) or `go build` (server)
+4. Test changes manually if UI-related
+
+### Adding New Tests
+
+- **App Tests**: Add `.test.ts` or `.test.tsx` files next to components/modules
+- **Server Tests**: Add `*_test.go` files in same package as code under test
+- Use existing test patterns (see `reconciliation.test.ts` for comprehensive examples)
+- Mock external dependencies (Socket.IO, database, file system)
+
+## Dependency Management
+
+### Adding Dependencies
+
+**App (npm)**:
+```bash
+cd excalidraw-app
+npm install <package>          # Production dependency
+npm install -D <package>       # Dev dependency
+```
+- Check package is maintained and has TypeScript types
+- Prefer packages with no/minimal transitive dependencies
+- Update `package.json` and commit `package-lock.json`
+
+**Server (Go)**:
+```bash
+cd excalidraw-server
+go get <package>               # Adds to go.mod
+go mod tidy                    # Cleans up unused deps
+```
+- Use semantic versioning in go.mod
+- Prefer stdlib over third-party when possible
+- Run `make test` after adding dependencies
+
+### Updating Dependencies
+
+**App**:
+```bash
+cd excalidraw-app
+npm update                     # Update within semver ranges
+npm outdated                   # Check for newer versions
+```
+
+**Server**:
+```bash
+cd excalidraw-server
+go get -u ./...               # Update all dependencies
+go mod tidy
+```
+
+**Security updates**: Renovate bot automatically creates PRs for dependency updates.
+
+## Security Best Practices
+
+### Code Security
+
+- **No hardcoded secrets**: Use environment variables for sensitive data
+- **Validate input**: All user input (room IDs, drawing data) must be validated
+- **Sanitize errors**: Don't expose internal paths or stack traces to clients
+- **Use prepared statements**: SQLite queries use parameterized statements (already implemented)
+
+### Collaboration Security
+
+- **Room isolation**: Ensure room IDs properly isolate user sessions
+- **Data validation**: Validate all WebSocket messages before processing
+- **Rate limiting**: Consider adding rate limits for production deployments
+- **CORS policy**: Server configured for localhost only; adjust for production
+
+### Deployment Security
+
+- **Use HTTPS**: Always use TLS in production (reverse proxy recommended)
+- **Update dependencies**: Keep Go, Node, Rust, and packages up to date
+- **Minimal permissions**: Run server with non-root user
+- **Database backups**: Regularly backup SQLite databases
+
+## Debugging Strategies
+
+### App Debugging
+
+**Browser DevTools**:
+- Open DevTools (F12) to see React errors, console logs, network requests
+- Check Application tab → Local Storage for saved config
+- Check Network tab → WS for WebSocket messages
+
+**Tauri DevTools**:
+```bash
+cd excalidraw-app
+RUST_LOG=debug npm run tauri dev
+```
+- Rust logs appear in terminal
+- Frontend logs in browser console
+
+**Common Issues**:
+- **Blank screen**: Check browser console for errors
+- **WebSocket fails**: Verify server URL in localStorage
+- **Drawings not saving**: Check Tauri command errors in terminal
+
+### Server Debugging
+
+**Enable debug logging**:
+```bash
+cd excalidraw-server
+./excalidraw-server --loglevel debug
+```
+or set `LOG_LEVEL=debug` in `.env`
+
+**Monitor WebSocket events**:
+```go
+// Add to handlers/websocket/collab.go
+log.WithField("event", eventName).Debug("Received event")
+```
+
+**Database inspection** (SQLite):
+```bash
+sqlite3 excalidraw.db
+.schema                        # Show table structure
+SELECT * FROM documents;       # View all documents
+```
+
+**Common Issues**:
+- **Port already in use**: `lsof -i :3002` to find process
+- **Database locked**: Check for multiple server instances
+- **CORS errors**: Verify client origin in main.go CORS config
+
+## Code Review Guidelines
+
+### What to Look For
+
+**Type Safety**:
+- TypeScript: No `any` types without explicit reason
+- Go: No unchecked type assertions
+- Rust: Avoid unwrap() in favor of proper error handling
+
+**Error Handling**:
+- Always handle errors gracefully
+- Log errors with context (use `logrus.WithField()` in Go)
+- Show user-friendly messages to frontend
+
+**Performance**:
+- Debounce/throttle frequent operations (auto-save, broadcasts)
+- Avoid N+1 queries in database operations
+- Use indexes for frequently queried fields
+
+**Testing**:
+- Add tests for new features (especially reconciliation logic)
+- Update tests when changing existing behavior
+- Ensure tests are deterministic (no random failures)
+
+### Code Style
+
+**TypeScript/React**:
+- Use functional components with hooks
+- Prefer `const` over `let`
+- Use destructuring for props
+- Follow existing ESLint rules
+
+**Go**:
+- Follow standard Go formatting (gofmt)
+- Use meaningful variable names
+- Keep functions small and focused
+- Document exported functions
+
+**Rust**:
+- Use `Result<T, E>` for error handling
+- Follow Clippy suggestions
+- Use `#[tauri::command]` for all commands
+- Keep commands simple, move logic to separate modules
+
+## Contributing Workflow
+
+### Making Changes
+
+1. **Create feature branch**: `git checkout -b feature/your-feature`
+2. **Make changes**: Follow code style and patterns
+3. **Test locally**: Run linters, tests, and manual testing
+4. **Commit**: Use clear, descriptive commit messages
+5. **Push**: `git push origin feature/your-feature`
+6. **Open PR**: GitHub Actions will run tests automatically
+
+### Pull Request Checklist
+
+- [ ] Code follows existing patterns and style
+- [ ] Linters pass (`npm run lint` / `make lint`)
+- [ ] Tests pass (`npm test` / `make test`)
+- [ ] New tests added for new functionality
+- [ ] Documentation updated if needed
+- [ ] No hardcoded credentials or secrets
+- [ ] Works on dev/main branch (check for conflicts)
