feat(BlueprintLibrary): add ability to search by description - AB-852

[as-flow]

Summary by CodeRabbit

• New Features
  • Enhanced search functionality in the toolkit to match queries against both tool names and descriptions (case-insensitive). Users can now discover tools based on description matches in addition to name matches, improving overall discoverability across the toolkit and shared blueprints. Existing query handling and sorting behavior remains unchanged.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

The search functionality in BuilderSidebarToolkit.vue has been enhanced to filter tools by both name and description (case-insensitive) rather than name alone. This applies to both the Shared Blueprints branch and general toolkit branch, preserving existing query handling and sorting behavior.

Changes

Cohort / File(s)	Summary
Search Filtering Enhancement src/ui/src/builder/sidebar/BuilderSidebarToolkit.vue	Expanded search matching logic to include tool descriptions in addition to tool names, applying case-insensitive filtering across both Shared Blueprints and toolkit branches.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Suggested reviewers

• madeindjs
• UladzislauK-Writer

Poem

🐰 A search that hops through names and tales,
Now descriptions paint the search details,
Case-insensitive whispers find,
More treasures hidden deep inside,
The toolkit blooms with wider sight! ✨

Pre-merge checks

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: adding search capability by description in the BlueprintLibrary, which directly aligns with the PR's primary objective.
Linked Issues check	✅ Passed	The code changes implement the requirement from AB-852 to enable searching shared blueprints by description as well as by name, extending search filtering to match on both fields.
Out of Scope Changes check	✅ Passed	All changes are directly related to the linked issue AB-852, focusing solely on extending search functionality to include description matching without introducing unrelated modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 7a9e941 and 207c545.

📒 Files selected for processing (1)

• src/ui/src/builder/sidebar/BuilderSidebarToolkit.vue

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: build (3.12)
• GitHub Check: build (3.10)
• GitHub Check: build (3.13)
• GitHub Check: build (3.11)
• GitHub Check: build (3.9)
• GitHub Check: tests (firefox)
• GitHub Check: tests (chromium)
• GitHub Check: tests (webkit)

🔇 Additional comments (1)

src/ui/src/builder/sidebar/BuilderSidebarToolkit.vue (1)

274-279: LGTM! Search by description implemented correctly for Shared Blueprints.

The filter logic correctly matches both name and description with case-insensitive comparison. The description fallback at line 263 ensures no undefined values.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash

echo "=== Searching for getComponentDefinition implementation ==="
rg -n "getComponentDefinition" -A 8 -B 2 | head -100

echo ""
echo "=== Searching for component definition types ==="
rg -n "ComponentDefinition|interface.*Component|type.*Component" -A 5 | head -150

Repository: writer/writer-framework

Length of output: 16981

---

🏁 Script executed:

#!/bin/bash

echo "=== Reading BuilderSidebarToolkit.vue around lines 300-320 ==="
sed -n '300,320p' src/ui/src/builder/sidebar/BuilderSidebarToolkit.vue

echo ""
echo "=== Searching for getComponentDefinition implementation in writer framework ==="
rg -n "getComponentDefinition.*=" -A 15 | grep -v ".spec" | head -150

echo ""
echo "=== Checking ComponentDefinition TypeScript type ==="
fd -e "ts" -e "tsx" -e "d.ts" | xargs rg -l "interface.*ComponentDefinition|type.*ComponentDefinition" | head -5

Repository: writer/writer-framework

Length of output: 7301

---

🏁 Script executed:

#!/bin/bash

echo "=== Reading more of BuilderSidebarToolkit.vue to see typeList source ==="
sed -n '275,320p' src/ui/src/builder/sidebar/BuilderSidebarToolkit.vue

echo ""
echo "=== Searching for wf.getComponentDefinition implementation ==="
fd -e ts -e tsx | xargs rg -l "export.*getComponentDefinition|getComponentDefinition\s*=" | grep -v spec | grep -v node_modules

echo ""
echo "=== Looking at the wf object initialization ==="
rg -n "getComponentDefinition" src/ui/src/main.ts -A 2 -B 2

Repository: writer/writer-framework

Length of output: 1657

---

🏁 Script executed:

#!/bin/bash

echo "=== Searching for getComponentDefinition in templateMap.ts ==="
cat src/ui/src/core/templateMap.ts

echo ""
echo "=== Searching for getSupportedComponentTypes definition ==="
rg -n "getSupportedComponentTypes" -A 5 -B 2 | head -50

echo ""
echo "=== Checking writerTypes.ts for ComponentDefinition interface ==="
rg -n "interface.*ComponentDefinition|type.*ComponentDefinition" -A 20 src/ui/src/writerTypes.ts

Repository: writer/writer-framework

Length of output: 15309

---

Address TypeScript type safety and add defensive checks for description property.

The code accesses tool.description at line 314 without verifying it exists. While getComponentDefinition() is typed to return a WriterComponentDefinition with a required description: string, the actual implementation can return undefined due to optional chaining (getTemplate(type)?.writer). This type mismatch creates a maintenance risk.

Add optional chaining or a null check when destructuring the definition at line 305:

const { name, description = "", category } = getComponentDefinition(type) ?? {};

Or check whether getComponentDefinition result exists before destructuring properties, matching the defensive pattern already used elsewhere in the codebase (e.g., useFieldsErrors.ts line 37).

🤖 Prompt for AI Agents

In src/ui/src/builder/sidebar/BuilderSidebarToolkit.vue around lines 305 to 315,
the code destructures getComponentDefinition(type) without guarding for
undefined and then accesses tool.description in the filter, which can be
undefined; update the destructuring to safely handle a missing definition (e.g.,
assign from getComponentDefinition(type) ?? {} and default description to an
empty string or perform an explicit null check before destructuring) so that
description is always a string when used in the .filter and avoid runtime
errors.

[pullrequest]

HackerOne Code Security Review

🟢 Scan Complete: 1 Issue(s)

Here's how the code changes were interpreted and info about the tools used for scanning.

📖 Summary of Changes

The modification enhances search functionality within the BuilderSidebarToolkit component, extending filtering capabilities to include tool descriptions. This update enables more comprehensive search results across different blueprint categories, potentially improving user experience by allowing more nuanced and detailed component discovery.

File	Summary
src/ui/src/builder/sidebar/BuilderSidebarToolkit.vue	The changes include expanding search filtering to include tool descriptions in both Shared Blueprints and other categories, allowing more comprehensive search results across component names and descriptions.

ℹ️ Issues Detected

NOTE: These may not require action!

Below are unvalidated results from the Analysis Tools that ran during the latest scan for transparency. We investigate each of these for accuracy and relevance before surfacing them as a potential problem.

How will I know if something is a problem?
When validation completes, any concerns that warrant attention prior to merge will be posted as inline comments. These will show up in 2 ways:

• Expert review (most cases): Issues will be posted by experts who manually reviewed and validated them. These are real HackerOne engineers (not bots) reviewing through an integrated IDE-like tool. You can communicate with them like any other reviewer. They'll stay assigned and get notified with commit & comment updates.
• Automatically: In cases where our validation checks have highest confidence the problem is legitimate and urgent. These will include a description of contextual reasoning why & actionable next steps.

File & Line	Issue
src/ui/src/builder/sidebar/BuilderSidebarToolkit.vue Line 278	The search functionality has been expanded to include searching through description text, which could potentially lead to XSS vulnerabilities if the description contains malicious content that gets rendered in the UI. The description field is used in tooltips (line 47) and could contain unsanitized user input from shared blueprints (line 263).

🧰 Analysis tools

• [ ✅ ] HackerOne AI Code Analysis
• [ ✅ ] HackerOne AI Code Validation
• [ ✅ ] semgrep
• [ ✅ ] bandit

⏱️ Latest scan covered changes up to commit 207c545 (latest)

[pullrequest]

✅ Graham C reviewed all the included code changes and associated automation findings and determined that there were no immediately actionable security flaws. Note that they will continue to be notified of any new commits or comments and follow up as needed throughout the duration of this pull request's lifecycle.

Graham C

---

Reviewed with ❤️ by PullRequest

[pullrequest]

Due to inactivity, PullRequest has cancelled this review job. You can reactivate the code review job from the PullRequest dashboard.