fix: Modify tiny-engine-designer path

[xuanlid]

Summary by CodeRabbit

• New Features

  • Added an Application Playground page at /tiny-engine-playground.
  • Editor now directs external users to the playground page.
  • Embedded view can open apps in a new browser tab via messages.
  • Embedded view will load the designer view when a specific hash/id is present.

• Bug Fixes / UI

  • Header now automatically hides on both visit and playground pages.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@xuanlid has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 13 minutes and 22 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Walkthrough

Header visibility now hides for both applicationVisit and the new applicationPlayground route. A designer URL constant was added. ApplicationVisit selects iframe URL by route, updates iframe on mount when URL hash has an id, and listens for window messages to open apps in a new tab. A /tiny-engine-playground route was added.

Changes

Cohort / File(s)	Summary
Routing & Header packages/tiny-engine-portal/src/App.vue, packages/tiny-engine-portal/src/router/index.js	Header hidden for both applicationVisit and applicationPlayground; new route /tiny-engine-playground (name applicationPlayground) added using ApplicationVisit component.
Designer URL & ApplicationVisit packages/tiny-engine-portal/src/controller/utils.js, packages/tiny-engine-portal/src/application/ApplicationVisit.vue	Added export TINY_ENGINE_DESIGNER_URL; ApplicationVisit now derives tinyEngineUrl by route, updates iframe src on mount when hash contains an id, registers a window "message" listener to handle openAppNewTab and opens a composed designer URL in a new tab.
Editor Navigation packages/tiny-engine-portal/src/utils/editor.js	openEditor now navigates to route name applicationPlayground (was applicationVisit) when not internal.

Sequence Diagram(s)

mermaid
sequenceDiagram
rect rgba(200, 230, 255, 0.5)
participant User
participant Router
participant App as "App.vue"
end
rect rgba(220, 255, 220, 0.5)
participant Visit as "ApplicationVisit (iframe)"
participant Window as "window (parent)"
participant NewTab as "Designer (new tab)"
end

User->>Router: navigate to /tiny-engine-playground
Router->>App: route.name = applicationPlayground
App->>Visit: render (header hidden)
Visit->>Visit: onMounted -> set iframe src (designer URL if hash/id)
Window->>Visit: postMessage {type: "openAppNewTab", id, env}
Visit->>NewTab: window.open(composedDesignerURL)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I hopped to a playground bright and new,
The header hides where the routes say true,
I listen to windows and open a tab,
Designer doors swing — click, go grab! 🥕✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: Modify tiny-engine-designer path' directly relates to the main changes, which involve updating the tiny-engine-designer URL endpoint and routing logic to use it in the applicationPlayground route.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch lx/fix-tiny-engine-editor-replace

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@packages/tiny-engine-portal/src/application/ApplicationVisit.vue`:
- Around line 5-12: tinyEngineUrl is assigned once in setup() and won't update
when route.name changes; make it a reactive computed property so the iframe
updates when the route switches. Import computed from 'vue', call useRoute() as
before, then replace the plain tinyEngineUrl value with computed(() =>
route.name === 'applicationVisit' ? TINY_ENGINE_DEFAULT_URL :
TINY_ENGINE_DESIGNER_URL) so the value re-evaluates on route changes; keep the
returned property name tinyEngineUrl so existing template bindings remain valid.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@packages/tiny-engine-portal/src/application/ApplicationVisit.vue`:
- Around line 23-29: The onMounted block currently assumes
url.hash.split('?')[1] and document.querySelector('iframe') are always present;
guard both by first checking url.hash contains '?' (or that split returned a
defined second element) before building the type string and only query/set
iframe.src if the iframe element is non-null; update the onMounted logic
(references: onMounted, url, type, iframe, TINY_ENGINE_DESIGNER_URL) to compute
type defensively and to test iframe !== null (or use optional chaining) before
assigning src so you never append "undefined" or dereference null.
- Around line 14-21: The openAppNewTab handler currently trusts any postMessage
and directly calls window.open; update the function to validate event.origin
against an allowlist (or at minimum check it matches expected origin(s)),
validate event.data is an object with type === 'openAppNewTab' and a safe URL
string before using it, construct the final URL carefully (e.g., parse and
recompose search params instead of string concatenation), and call window.open
with safe options (target '_blank' and features 'noopener,noreferrer') or
immediately set newWindow.opener = null to mitigate reverse-tabnabbing;
reference the openAppNewTab function and the window.open usage when making these
changes.

♻️ Duplicate comments (1)

packages/tiny-engine-portal/src/application/ApplicationVisit.vue (1)

11-12: tinyEngineUrl won’t update when this component is reused for another route.
Same concern as before: route.name is read once, so the iframe won’t react when the route switches between applicationVisit and applicationPlayground. Please make it reactive (e.g., computed).