You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .jules/bolt.md
+5Lines changed: 5 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,3 +7,8 @@
7
7
8
8
**Learning:** Independent DB queries in Server Components often default to serial execution (waterfall). Always wrap independent queries in `Promise.all`. Fetching large datasets just to count them (e.g. `array.length`) is an anti-pattern; use `count()` in SQL instead.
9
9
**Action:** Audit page loaders for serial `await` calls on independent data and replace array-based counting with SQL aggregation.
10
+
11
+
## 2025-02-14 - Composite Index Optimization
12
+
13
+
**Learning:** Replacing an index on `(A)` with `(A, B)` is a safe optimization when queries filter by `A` and sort by `B`. It allows the DB to fetch pre-sorted data, avoiding a sort operation, while still supporting lookups on `A`.
14
+
**Action:** Always check if a frequently sorted column can be added to an existing filter index to create a composite index.
Copy file name to clipboardExpand all lines: .jules/palette.md
+5Lines changed: 5 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,3 +17,8 @@
17
17
18
18
**Learning:** When placing interactive elements (like `Select` or `Button`) inside data tables, relying solely on column headers is insufficient for screen reader users navigating by control. A simple "Edit" or "Select" announcement lacks context.
19
19
**Action:** Pass the row entity's name (e.g., user name) to the interactive component and use it in a dynamic `aria-label` (e.g., "Change role for John Doe").
20
+
21
+
## 2025-05-21 - [Dynamic Accessible Names for Select Triggers]
22
+
23
+
**Learning:** Shadcn UI `SelectTrigger` with a static `aria-label` overrides the screen reader announcement of the selected value. This leaves users knowing "Select Status" but not the _current_ status.
24
+
**Action:** Use a dynamic `aria-label` that includes the current value (e.g., `aria-label={\`Status: ${valueLabel}\`}`) to provide full context.
Copy file name to clipboardExpand all lines: .jules/sentinel.md
+6Lines changed: 6 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,3 +29,9 @@
29
29
**Vulnerability:** Found `TestAdminButton` containing hardcoded test credentials was statically imported into the login form, including the credentials in the production JavaScript bundle.
30
30
**Learning:** Static imports of development-only components include their code (and secrets) in production bundles unless tree-shaken, which is unreliable for side-effect imports or complex components.
31
31
**Prevention:** Use `next/dynamic` to lazily load development-only components, ensuring their code is split into a separate chunk that is never requested in production unless the component is rendered.
32
+
33
+
## 2026-01-25 - Sensitive Information Exposure in User Invitation
34
+
35
+
**Vulnerability:** Admin invitation actions (`inviteUser`, `resendInvite`) were throwing raw error messages (including potential SMTP error details) which were then displayed to the user via toast notifications.
36
+
**Learning:** Even admin-only actions must be secure against information disclosure. Relying on `throw new Error(details)` in Server Actions often propagates the details to the client unless intercepted.
37
+
**Prevention:** Always wrap external service calls (like Email, DB) in `try/catch` blocks in Server Actions. Log the full error securely on the server, and throw a generic, sanitized error message to the client.
0 commit comments