Open
Conversation
Upgrade ESLint to v10 and adapt the repo to the new flat config: remove incompatible eslint-config-next imports and replace with a minimal flat configuration. Add developer artifacts and reports (.copilot-tracking analysis and DEV_SERVER_VERIFICATION_REPORT.md), update .gitignore to ignore *.py, and refresh lint/type error outputs. Also include miscellaneous updates across package.json, lockfile, and several src files (services, pages, and integration handlers) to align with the linting/config changes and dependency updates.
syed-reza98
added
enhancement
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Add a new prompt file (.github/prompts/plan-storefrontThemePicker.prompt.md) containing a multi-phase implementation plan to: make store resolution consistent and safer, apply saved theme and custom CSS globally across all live /store/[slug] routes, introduce industry/category theme packs and update the Theme Marketplace UI, and align storefront theme APIs/types/validation. The plan lists concrete file changes (server resolver, layout/theme injection, shared theme utilities, new templates, marketplace filters, and API cleanup), verification steps, and key decisions for preserving preview parity and multi-tenant safety.
Rename internal instruction docs, add planning prompts and QA report, and introduce a large suite of storefront/theme features and assets. Key changes: move .github instructions to .github/instructions-later; add two planning prompts for storefront themes and WYSIWYG parity; add BROWSER_TESTING_SUMMARY.md and TypeScript/TSC artifacts; add multiple storefront images and thumbnails. Implement storefront/theme foundations: new lib files (currency, theme-catalog, theme-constants, theme-css, theme-templates, theme-templates updates, defaults, validation, types, resolve-storefront-store), preview bridge updates, product quick-view modal, many storefront blocks/components, and server API route for newsletter. Type fixes and dev tooling updates: add ambient types for @tabler/icons-react, bump @tabler/icons-react in lockfile, update eslint.config.mjs and .gitignore to ignore prebuilt theme assets, and update lint/errors and typescript error outputs. This commit wires up theme tokens, preview parity, and numerous UI components to support new theme workflows and developer QA artifacts.
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
Add a detailed prompt describing a phased migration to split the app into two Next.js 16 zones (storefront + dashboard). The plan covers decisions and safety rails, migrating middleware→proxy, monorepo and shared packages setup, scaffolding the storefront app, multi-zone rewrites, tenant isolation hardening, Vercel multi-project deployment, relevant files, verification steps, and further considerations for performance and long-term isolation.
Add a new prompt (.github/prompts/plan-tenantIsolationRiskRegister.prompt.md) that documents a file-by-file tenant isolation risk register. It defines tenant isolation invariants and alignment decisions, enumerates P0–P3 findings (with affected files and recommended mitigations), and provides a phased execution and verification plan to harden store-scoping, middleware, header usage, and migration strategy for the upcoming multi-zone split.
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request implements a comprehensive architecture refactoring focused on ESLint 10 migration, enhanced security for payment webhooks and API calls, improved storefront theming infrastructure, and performance optimizations. The changes span multiple layers including configuration, security, UI/UX, and database schema.
Changes:
- ESLint 10 migration with flat config and removal of incompatible
eslint-config-nextimports - Security enhancements including constant-time signature verification and
credentials: 'include'across 50+ fetch calls - Storefront architecture improvements with centralized store resolution, theme CSS generation, currency formatting, and newsletter subscription support
- Performance optimizations via dynamic imports for Facebook integration dashboards and product forms
- Accessibility enhancements with autoComplete/inputMode attributes and ARIA labels
- Database schema addition for newsletter subscribers and inventory service batch optimization
Reviewed changes
Copilot reviewed 130 out of 163 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| eslint.config.mjs | ESLint 10 flat config migration removing incompatible imports |
| src/app/api/webhook/payment/route.ts | Constant-time signature comparison for timing attack prevention |
| src/lib/storefront/server/resolve-storefront-store.ts | Centralized store resolution with header trust boundary validation |
| src/lib/storefront/theme-css.ts | Server-safe theme CSS generation with dark mode support |
| src/lib/storefront/currency.ts | Centralized currency formatting utilities |
| src/components/storefront/store-url-provider.tsx | Enhanced provider with currency formatting and footer config |
| prisma/schema.prisma | NewsletterSubscriber model addition |
| src/lib/services/inventory.service.ts | Batch insert optimization for inventory logs |
| Multiple fetch calls | Added credentials: 'include' for cookie-based auth |
| Multiple dynamic imports | Performance optimization for Facebook dashboards |
Add a new Next.js storefront app (apps/storefront) including components, hooks, lib, public assets, routes, and config. Introduce shared packages (packages/shared, storefront-engine, ui) and TypeScript configs. Add extensive Next.js best-practices skill docs across agent folders (.agent, .agents, .claude, .qwen, .vibe) and a skills-lock.json. Update workspace configs and tooling files (.gitignore, eslint.config.mjs, next.config.ts, package.json, package-lock.json, tsconfig.json, vercel.json), rename middleware.ts to proxy.ts, and remove AGENT.md.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several improvements and fixes across the codebase, focusing on ESLint 10 compatibility, enhanced security for payment webhooks, UI accessibility enhancements, and performance optimizations for the Facebook integrations dashboard. It also adds comprehensive dev server verification documentation. Below are the most important changes:
ESLint 10 Migration and Linting Configuration:
eslint.config.mjsto remove incompatibleeslint-config-nextimports and switch to a minimal custom ruleset, ensuring compatibility with ESLint 10 flat config. Updated ignore patterns to excludedocs/**andcoverage/**directories. [1] [2] [3]eslint-config-nextdependencies inpackage.jsonto versions compatible with ESLint 10.lint-errors.jsonto reflect new linting output and error handling due to config changes.Performance and User Experience:
Security Improvements:
crypto.timingSafeEqual, reducing the risk of timing attacks.Accessibility and Form Enhancements:
autoCompleteandinputModeattributes to business name and phone number fields. [1] [2]Documentation and Verification:
DEV_SERVER_VERIFICATION_REPORT.mddetailing automated browser tests, accessibility checks, performance metrics, and deployment readiness, confirming the application is stable and ready for further development or deployment.Upgrade ESLint to v10 and adapt the repo to the new flat config: remove incompatible eslint-config-next imports and replace with a minimal flat configuration. Add developer artifacts and reports (.copilot-tracking analysis and DEV_SERVER_VERIFICATION_REPORT.md), update .gitignore to ignore *.py, and refresh lint/type error outputs. Also include miscellaneous updates across package.json, lockfile, and several src files (services, pages, and integration handlers) to align with the linting/config changes and dependency updates.