Implement payout justification publishing

[carina-akaia]

Summary by CodeRabbit

• New Features

  • Introduced a payout justification action that guides users through publishing payout details.
  • Integrated an enhanced file upload mechanism for decentralized storage.
  • Added new environment variables for improved configuration options.

• UI Improvements

  • Updated loading indicators and spinner animations for a more consistent experience.
  • Refined text labels in tables, improving clarity with singular terms.
  • Enhanced the layout of project payout information.

• Enhancements

  • Streamlined modal dialogs and navigation workflows for smoother interactions.
  • Expanded configuration options to support enhanced service integrations.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
potlock-next-app	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Feb 16, 2025 8:31am

[coderabbitai]

Walkthrough

The changes add new environment variables and update configuration settings for Pinata and IPFS. An API route for generating an authentication key is introduced alongside a new Pinata SDK integration with file upload functionality and a custom React hook. Several components and hooks across the project have been updated by renaming variables and props—for example, changing funding flags from hasProportionalFundingMechanism to hasPFMechanism—and refining type definitions. UI components also received style updates, including spinner renaming and label adjustments.

Changes

File(s)	Change Summary
.env.example, .vscode/settings.json, package.json	Added new environment variables (PINATA_JWT, NEXT_PUBLIC_IPFS_GATEWAY_URL), updated VS Code spell-check words, and introduced a new dev dependency for TypeScript definitions.
src/app/api/pinata/get-auth-key/route.ts, src/common/_config/index.ts	Introduced a new API route for generating a Pinata auth key and exported the IPFS gateway URL from the environment.
src/common/services/pinata/client.ts, src/common/services/pinata/hooks.ts, src/common/services/pinata/index.ts	Implemented Pinata SDK integration with a new file upload function, defined FileUploadParams, and added a custom hook (useFileUpload) for managing uploads.
src/common/ui/components/atoms/alert.tsx, src/common/ui/components/atoms/spinner.tsx, src/common/ui/components/atoms/splash-screen.tsx, src/common/ui/styles/theme.css	Updated component styling: renamed .loader to .spinner, adjusted rules to support both SVG and spinner elements, deprecated spinner dimension props, and updated the splash screen indicator.
src/common/contracts/core/pot/client.ts	Revised contract API functions by changing signatures (now exported) and updating parameter structures with new type definitions (ChallengePayoutsArgs, PayoutChallengeUpdateArgs).
src/entities/pot/**	Modified components and hooks (e.g., ChallengeResolveModal, PotPayoutChallenges, PotTimeline, forms, lifecycle, tags) by renaming funding flags to hasPFMechanism and streamlining prop structures.
src/entities/voting-round/**	Updated UI labels from “Projects” to “Project”, renamed funding flags to hasPFMechanism, and streamlined the results cache using a new type (VotingRoundElectionResult).
src/features/pot-application/hooks/clearance.ts	Renamed the clearance hook parameter from hasProportionalFundingMechanism to hasPFMechanism.
src/features/proportional-funding/**	Introduced a new component (PFPayoutJustificationPublicationAction), renamed configurator and payout manager components, added a new hook (usePFPayoutJustification), new types, a publishing effect (publishPayoutJustification), and a utility function for converting payout challenges to justification URLs.
src/layout/pot/**, src/pages/pot/[potId]/*	Enhanced layout components and pages by integrating proportional funding changes (e.g., using PFPayoutJustificationPublicationAction, PFConfigurator, PFPayoutManager) and consistently renaming funding flags to hasPFMechanism; also adjusted navigation and UI text.

Sequence Diagram(s)

sequenceDiagram
    participant U as User/Client
    participant R as API (get-auth-key)
    participant SDK as PinataSDK
    U->>R: Request authentication key
    R->>SDK: Generate API key (using crypto.randomUUID)
    SDK-->>R: API key response
    R-->>U: Return JSON with API key

Loading

sequenceDiagram
    participant U as User (Admin)
    participant UI as PFPayoutJustificationPublicationAction
    participant Hook as usePFPayoutJustification
    participant PIN as Pinata (Upload Service)
    participant SC as SmartContract
    U->>UI: Click "Publish"
    UI->>Hook: Trigger publish()
    Hook->>PIN: Upload payout justification JSON
    PIN-->>Hook: Return IPFS hash
    Hook->>SC: Call contract methods with IPFS hash
    SC-->>Hook: Confirmation response
    Hook-->>UI: Invoke success callback

Loading

Poem

I’m a little rabbit, hopping through the code,
New keys and hooks light up my abode.
With Pinata’s magic and funding renamed,
My joyful leaps keep the changes famed.
Bugs beware—my code now sings a vibrant ode! 🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 5

🔭 Outside diff range comments (1)

src/entities/pot/hooks/lifecycle.ts (1)

11-13: 🛠️ Refactor suggestion

Replace deprecated Date usage with Temporal API.

The code is still using the deprecated Date API despite the comment indicating that Temporal API should be used instead.

Consider refactoring to use the Temporal API:

-const date = new Date();
-const now = date.getTime();
+const now = Temporal.Now.instant().epochMilliseconds;

Also applies to: 20-21

🧹 Nitpick comments (20)

src/app/api/pinata/get-auth-key/route.ts (1)

5-5: Consider adding rate limiting.

Since this is a public API endpoint that creates API keys, consider adding rate limiting to prevent abuse.

You can use packages like @upstash/ratelimit or implement a custom solution using Redis.

src/common/services/pinata/client.ts (1)

17-23: Simplify promise chain and improve error handling.

The promise chain can be simplified using async/await, and error handling can be more specific.

-export const upload = ({ file }: FileUploadParams): Promise<PinResponse> =>
-  fetch("/api/pinata/get-auth-key")
-    .then((response) => response.json())
-    .then(({ JWT }: KeyResponse) => sdk.upload.file(file).key(JWT).then(identity()))
-    .catch((error) => {
-      throw new Error(error.message || "Unable to retrieve Pinata auth key");
-    });
+export const upload = async ({ file }: FileUploadParams): Promise<PinResponse> => {
+  try {
+    const response = await fetch("/api/pinata/get-auth-key");
+    if (!response.ok) {
+      throw new Error(`Failed to get auth key: ${response.statusText}`);
+    }
+    const { JWT } = (await response.json()) as KeyResponse;
+    return await sdk.upload.file(file).key(JWT);
+  } catch (error) {
+    throw error instanceof Error
+      ? error
+      : new Error("Failed to upload file to IPFS");
+  }
+};

src/common/services/pinata/hooks.ts (2)

9-9: Address the TODO comment about IPFS URL conversion.

The comment indicates a missing feature for converting IPFS hashes to gateway URLs.

Would you like me to help implement the IPFS URL conversion functionality?

---

28-30: Add file validation and cleanup.

Consider adding file validation and cleanup to improve the hook's robustness.

 const handleFileInputChange = useCallback((e: React.ChangeEvent<HTMLInputElement>) => {
+  const selectedFile = e.target?.files?.[0];
+  if (selectedFile && selectedFile.size > 10 * 1024 * 1024) {
+    setError(new Error("File size exceeds 10MB limit"));
+    return;
+  }
-  setFile(e.target?.files?.[0]);
+  setFile(selectedFile);
 }, []);

+// Add cleanup
+useEffect(() => {
+  return () => {
+    setFile(undefined);
+    setResponse(null);
+    setError(null);
+  };
+}, []);

.env.example (1)

3-3: Consider making the IPFS gateway URL configurable.

The hardcoded value might not be suitable for all deployment environments.

Add documentation about alternative gateways:

+# IPFS Gateway URL for content retrieval
+# Default: potlock.mypinata.cloud
+# Alternative public gateways: ipfs.io, gateway.pinata.cloud
 NEXT_PUBLIC_IPFS_GATEWAY_URL=potlock.mypinata.cloud

package.json (1)

127-127: Consider pinning the exact version of @types/formidable.

Using caret (^) allows minor version updates which could introduce breaking changes in type definitions.

Pin the exact version:

-    "@types/formidable": "^3.4.5",
+    "@types/formidable": "3.4.5",

src/features/proportional-funding/hooks/payout-justification.ts (3)

37-37: Address the TODO comment on user privileges.
The inline TODO indicates a plan to restrict publishing to users with admin or greater privileges. Currently, the logic to allow publishing resides in the returned object’s publish property. If you need a stricter check or plan to expand the conditions, consider implementing additional checks where the payout justification logic is invoked.

Need help refactoring to explicitly validate privileges before continuing with the rest of the flow?

---

43-52: Handle potential fetch errors for the justification document.
When using useSWR, consider capturing errors if the fetch fails, for instance via an error field from SWR or a .catch() in the fetch. This prevents silent failures and allows for better user feedback.

 const {
-  isLoading: isDocumentLoading, 
-  data: document 
+  isLoading: isDocumentLoading, 
+  data: document,
+  error: documentError
 } = useSWR(
   ["payout-justification", documentUrl],
   ...
 );

 // Then handle the error or pass it upstream:
 if (documentError) {
   // e.g., show toast, log, or re-throw
 }

---

56-74: Ensure comprehensive error logging in the publishing workflow.
console.error provides minimal console logging. If relevant, passing the full Error object to a monitoring service (e.g., Sentry) or logging it in a more structured manner might help with debugging.

src/features/proportional-funding/utils/converters.ts (1)

7-9: Enhance URL validation.

The current URL validation could be improved to handle malformed URLs more gracefully.

-    if ("PayoutJustification" in data) {
-      return new URL(data.PayoutJustification as string).toString();
-    } else return null;
+    if ("PayoutJustification" in data) {
+      try {
+        const url = new URL(data.PayoutJustification as string);
+        // Optionally validate required URL properties
+        if (!url.protocol || !url.host) return null;
+        return url.toString();
+      } catch {
+        console.error("PayoutJustification contains an invalid URL");
+        return null;
+      }
+    }
+    return null;

src/features/proportional-funding/components/configurator.tsx (1)

28-36: Remove commented-out code.

The commented-out CardHeader section should either be removed or uncommented if it's needed.

src/entities/pot/hooks/forms.ts (1)

23-31: Make error handling consistent across hooks.

The error handling in useChallengeForm uses try-catch while useChallengeResolveForm uses promise chaining. Consider using promise chaining in both hooks for consistency.

-      try {
-        await potContractClient.challenge_payouts({
-          potId: potDetail.account,
-          args: { reason: formData.data.message },
-        });
-      } catch (e) {
-        console.error(e);
-        setInProgress(false);
-      }
+      potContractClient
+        .challenge_payouts({
+          potId: potDetail.account,
+          args: { reason: formData.data.message },
+        })
+        .catch((error) => {
+          console.error(error);
+        })
+        .finally(() => {
+          setInProgress(false);
+        });

Also applies to: 67-74

src/features/proportional-funding/components/actions.tsx (1)

30-40: Consider enhancing error handling.

The error handler could benefit from more specific error messages based on different error types.

   const onPublishError = useCallback(
-    (message: string) => {
+    (error: unknown) => {
+      let message = "An unexpected error occurred.";
+      
+      if (error instanceof Error) {
+        message = error.message;
+      } else if (typeof error === "string") {
+        message = error;
+      }
+      
       toast({
         title: "Unable to publish payout justification",
         description: message,
         variant: "destructive",
       });
     },
     [toast],
   );

src/features/proportional-funding/model/effects.ts (1)

64-64: Optimize deposit calculations.

The deposit calculations could be optimized by calculating them once and reusing the results.

Consider refactoring:

+    const challengePayoutsDeposit = parseNearAmount(calculateDepositByDataSize(args.challenge_payouts)) ?? "0";
+    const updateChallengeDeposit = parseNearAmount(calculateDepositByDataSize(args.admin_update_payouts_challenge)) ?? "0";

     return potContractClient.contractApi(potId).callMultiple([
       {
         method: "challenge_payouts",
         args: args.challenge_payouts,
         gas: FULL_TGAS,
-        deposit: parseNearAmount(calculateDepositByDataSize(args.challenge_payouts)) ?? "0",
+        deposit: challengePayoutsDeposit,
       } as Transaction<potContractClient.ChallengePayoutsArgs>,

       {
         method: "admin_update_payouts_challenge",
         args: args.admin_update_payouts_challenge,
         gas: FULL_TGAS,
-        deposit:
-          parseNearAmount(calculateDepositByDataSize(args.admin_update_payouts_challenge)) ??
-          "0",
+        deposit: updateChallengeDeposit,
       } as Transaction<potContractClient.PayoutChallengeUpdateArgs>,
     ] as Transaction<object>[]);

Also applies to: 73-74

src/features/pot-application/hooks/clearance.ts (1)

15-15: Address the TODO comment for V2 milestone.

The TODO comment indicates a need to support multi-mechanism in V2. This should be tracked and addressed.

Would you like me to create an issue to track this enhancement for the V2 milestone?

src/features/proportional-funding/components/payout-manager.tsx (1)

59-61: Address TODO comment regarding callback prop.

Consider adding a separate callback prop for handling payout initiation success to improve component flexibility.

+export type PFPayoutManagerProps = ByPotId & {
+  onSubmitSuccess: VoidFunction;
+  onPayoutsInitiated?: VoidFunction;
+};

 const onInitiatePayoutProcessingClick = useCallback(() => {
   initiatePayoutProcessing({ potId })
     .then((_payouts) => {
       toast({
         title: "Payout processing has been successfully initiated",
       });

-      // TODO: ( non-critical ) Use a separate callback prop for onPayoutsInitiated
-      onSubmitSuccess();
+      onPayoutsInitiated?.();
     })

src/common/contracts/core/pot/client.ts (2)

124-127: Document the deposit calculation logic.

The deposit calculation uses a fallback mechanism based on string length, but the rationale for using 0.00003 NEAR per character is not documented. Consider adding a comment explaining this calculation.

---

163-166: Consider standardizing deposit calculation.

The deposit calculation logic is duplicated across multiple functions with the same fallback value. Consider extracting this into a shared utility function to maintain consistency.

+const calculateDepositFromStringLength = (str?: string | null) =>
+  parseNearAmount(`${(str?.length ?? 1) * 0.00003}`) ?? "0";

 export const admin_update_payouts_challenge = ({
   potId,
   args,
 }: ByPotId & { args: PayoutChallengeUpdateArgs }) =>
   contractApi(potId).call<typeof args, void>("admin_update_payouts_challenge", {
     args,
-    deposit:
-      parseNearAmount(calculateDepositByDataSize(args)) ??
-      parseNearAmount(`${(args.notes?.length ?? 1) * 0.00003}`) ??
-      "0",
+    deposit: parseNearAmount(calculateDepositByDataSize(args)) ?? calculateDepositFromStringLength(args.notes),
     gas: FULL_TGAS,
   });

src/layout/pot/components/layout-hero.tsx (1)

225-233: Simplify the fragment structure.

The fragment is unnecessary as it contains only one conditional expression.

Apply this diff to simplify the code:

-              <>
-                {hasPFMechanism &&
-                !pfPayoutJustification.isLoading &&
-                pfPayoutJustification.data === undefined ? null : (
-                  <Button onClick={onChallengePayoutsClick}>
-                    {activeChallenge === undefined ? "Challenge Payouts" : "Update Challenge"}
-                  </Button>
-                )}
-              </>
+              {(!hasPFMechanism ||
+                pfPayoutJustification.isLoading ||
+                pfPayoutJustification.data !== undefined) && (
+                <Button onClick={onChallengePayoutsClick}>
+                  {activeChallenge === undefined ? "Challenge Payouts" : "Update Challenge"}
+                </Button>
+              )}

🧰 Tools

🪛 Biome (1.9.4)

[error] 225-233: Avoid using unnecessary Fragment.

A fragment is redundant if it contains only one child, or if it is the child of a html element, and is not a keyed fragment.
Unsafe fix: Remove the Fragment

(lint/complexity/noUselessFragments)

src/pages/pot/[potId]/payouts.tsx (1)

212-228: Simplify the fragment structure.

The fragment can be simplified by combining the conditional rendering.

Apply this diff to simplify the code:

-            <>
-              <PFPayoutJustificationPublicationAction {...{ potId }} />
-
-              <Alert variant="neutral">
-                <MdOutlineInfo className="color-neutral-400 h-6 w-6" />
-                <AlertTitle>{"Justification For Payout Changes"}</AlertTitle>
-
-                <AlertDescription className="flex flex-col gap-4">
-                  <span>
-                    {(payouts?.length ?? 0) > 0
-                      ? "These payouts have been set on the contract but have not been paid out yet."
-                      : "These payouts are estimated amounts only and have not been set on the contract yet."}
-                  </span>
-                </AlertDescription>
-              </Alert>
-            </>
+            <div className="flex flex-col gap-6">
+              <PFPayoutJustificationPublicationAction {...{ potId }} />
+              <Alert variant="neutral">
+                <MdOutlineInfo className="color-neutral-400 h-6 w-6" />
+                <AlertTitle>{"Justification For Payout Changes"}</AlertTitle>
+                <AlertDescription className="flex flex-col gap-4">
+                  <span>
+                    {(payouts?.length ?? 0) > 0
+                      ? "These payouts have been set on the contract but have not been paid out yet."
+                      : "These payouts are estimated amounts only and have not been set on the contract yet."}
+                  </span>
+                </AlertDescription>
+              </Alert>
+            </div>

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between de9312f and c613a94.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (40)

• .env.example (1 hunks)
• .vscode/settings.json (2 hunks)
• package.json (1 hunks)
• src/app/api/pinata/get-auth-key/route.ts (1 hunks)
• src/common/_config/index.ts (1 hunks)
• src/common/contracts/core/pot/client.ts (4 hunks)
• src/common/services/pinata/client.ts (1 hunks)
• src/common/services/pinata/hooks.ts (1 hunks)
• src/common/services/pinata/index.ts (1 hunks)
• src/common/ui/components/atoms/alert.tsx (2 hunks)
• src/common/ui/components/atoms/spinner.tsx (1 hunks)
• src/common/ui/components/atoms/splash-screen.tsx (1 hunks)
• src/common/ui/styles/theme.css (2 hunks)
• src/entities/pot/components/ChallengeResolveModal.tsx (2 hunks)
• src/entities/pot/components/PotPayoutChallenges.tsx (4 hunks)
• src/entities/pot/components/PotTimeline.tsx (1 hunks)
• src/entities/pot/hooks/feature-flags.ts (1 hunks)
• src/entities/pot/hooks/forms.ts (2 hunks)
• src/entities/pot/hooks/lifecycle.ts (3 hunks)
• src/entities/pot/hooks/tags.ts (3 hunks)
• src/entities/voting-round/components/CandidateTable.tsx (1 hunks)
• src/entities/voting-round/components/ResultsTable.tsx (1 hunks)
• src/entities/voting-round/hooks/results.ts (3 hunks)
• src/entities/voting-round/model/results.ts (2 hunks)
• src/entities/voting-round/model/types.ts (1 hunks)
• src/features/pot-application/hooks/clearance.ts (3 hunks)
• src/features/proportional-funding/components/actions.tsx (1 hunks)
• src/features/proportional-funding/components/configurator.tsx (2 hunks)
• src/features/proportional-funding/components/payout-manager.tsx (1 hunks)
• src/features/proportional-funding/hooks/payout-justification.ts (1 hunks)
• src/features/proportional-funding/index.ts (1 hunks)
• src/features/proportional-funding/model/effects.ts (2 hunks)
• src/features/proportional-funding/model/types.ts (1 hunks)
• src/features/proportional-funding/utils/converters.ts (1 hunks)
• src/layout/pot/components/layout-hero.tsx (8 hunks)
• src/layout/pot/components/layout.tsx (2 hunks)
• src/layout/pot/components/payout-manager.tsx (1 hunks)
• src/layout/pot/hooks/tab-navigation.ts (7 hunks)
• src/pages/pot/[potId]/payouts.tsx (4 hunks)
• src/pages/pot/[potId]/settings.tsx (1 hunks)

✅ Files skipped from review due to trivial changes (4)

• src/entities/voting-round/components/ResultsTable.tsx
• src/common/ui/components/atoms/splash-screen.tsx
• src/entities/voting-round/components/CandidateTable.tsx
• src/entities/pot/hooks/feature-flags.ts

🧰 Additional context used

🪛 Biome (1.9.4)

src/layout/pot/components/layout-hero.tsx

[error] 225-233: Avoid using unnecessary Fragment.

A fragment is redundant if it contains only one child, or if it is the child of a html element, and is not a keyed fragment.
Unsafe fix: Remove the Fragment

(lint/complexity/noUselessFragments)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Fleek - broad-haze-5260
• GitHub Check: Fleek - broad-haze-5260

🔇 Additional comments (33)

src/common/services/pinata/index.ts (1)

1-6: LGTM!

The barrel file is well-organized and follows good practices for module re-exports.

src/common/services/pinata/client.ts (1)

8-11: Verify required environment variables.

The SDK initialization requires environment variables. Add runtime checks to ensure they are set.

+if (!process.env.PINATA_JWT) {
+  throw new Error("PINATA_JWT environment variable is not set");
+}
+
 export const sdk = new PinataSDK({
   pinataJwt: process.env.PINATA_JWT,
   pinataGateway: IPFS_GATEWAY_URL,
 });

.vscode/settings.json (1)

47-47: Verify the removal of "=createproject" from spell check words.

This change appears unrelated to the PR objectives of implementing payout justification publishing.

Please confirm if this removal is intentional or if it should be maintained.

src/features/proportional-funding/hooks/payout-justification.ts (2)

1-5: Looks good – succinct and clear imports.
No further concerns with these initial imports.

---

85-101: Clear conditional logic – confirm future re-publication requirements.
Currently, publish is only exposed if there's no existing document. If the use case includes re-publishing or editing previously published justifications, you might need additional logic. Otherwise, this looks aligned with your design.

src/features/proportional-funding/index.ts (1)

1-5: New export is consistent with the updated hook.
Exporting payout-justification aligns with the rest of your module’s organization.

src/features/proportional-funding/model/types.ts (2)

5-8: Type definition is coherent and supports the publishing flow.
PFPayoutJustificationInputs neatly composes votingRoundResult and challengerAccountId with the pot identifier. This provides clear type boundaries for the publish operation.

---

10-10: Type alias keeps the codebase clean.
Using PFPayoutJustificationV1 as a direct alias for VotingRoundElectionResult makes the domain concept explicit while avoiding duplication.

src/entities/voting-round/model/types.ts (1)

11-14: LGTM! Well-structured type definition.

The new VotingRoundElectionResult type is well-designed, extending VotingRoundParticipants and adding clear, descriptive properties for vote count and token metadata.

src/common/ui/components/atoms/spinner.tsx (1)

20-20:

❓ Verification inconclusive

Verify the class name change impact.

The class name has been changed from "loader" to "spinner". Please ensure that corresponding CSS styles have been updated in src/common/ui/styles/theme.css and that all component usages have been updated.

---

🏁 Script executed:

#!/bin/bash
# Description: Check for any remaining usages of the old "loader" class.

# Search for "loader" class usages
rg -i 'className=.*loader' --type tsx --type ts

# Search for "loader" class in CSS files
rg -i '\.loader' --type css

Length of output: 107

---

Below is a revised verification script to re-run your check with proper file-type recognition for TSX files. You can use it to confirm that no lingering references to the old "loader" class remain in your TS/TSX components or CSS files:

---

Action: Verify Removal of "loader" References

The class name was updated from "loader" to "spinner" in src/common/ui/components/atoms/spinner.tsx (line 20). Please ensure that:

• All occurrences of the "loader" class in TS/TSX files have been replaced or removed.
• Any CSS styles in src/common/ui/styles/theme.css that target .loader have been updated accordingly.

Run the above script (or verify manually) to check for any remaining references. Once you've confirmed that no usages of the old "loader" class remain, you can safely disregard this review comment.

---

🏁 Script executed:

[run_scripts]
#!/bin/bash
# Description: Re-run search for old "loader" class usages with proper TSX file recognition.

# Add TSX file type support and search TS/TSX files
rg --type-add 'tsx:*.tsx' -i 'className=.*loader' .

# Search CSS files for references to the old "loader" class
rg -i '\.loader' --type css .

Length of output: 207

---

Manual Verification Required: Confirm Removal of Legacy "loader" References

The class name in src/common/ui/components/atoms/spinner.tsx has been updated from "loader" to "spinner". However, the automated check using the grep command did not return any results partly due to a scripting error with the `` directive.

Please verify the following manually:

• Component Update: Ensure that all TS/TSX files no longer reference the "loader" class (the intended change is to use "spinner").
• Style Update: Confirm that CSS styles in src/common/ui/styles/theme.css targeting .loader are updated appropriately for .spinner.
• Verification Script: Re-run the grep commands (without the `` header) in your terminal to double-check there are no lingering "loader" references.

Once manual verification confirms these points, this review comment can be disregarded.

---

Action: Manually Verify Removal of "loader" References

The class name in src/common/ui/components/atoms/spinner.tsx was successfully updated from "loader" to "spinner", and we need to ensure that there are no lingering references to "loader" in both TS/TSX files and CSS files (specifically in src/common/ui/styles/theme.css).

Since the automated verification script did not produce useful output due to directive issues, please run the following commands manually in your terminal to confirm that no references to "loader" remain:

# Search TS and TSX files for the old "loader" class usage
rg --type-add 'tsx:*.tsx' -i 'className=.*loader' .

# Search CSS files for references to the ".loader" class
rg -i '\.loader' --type css .

If these commands return no results, then the changes are correct. Otherwise, please update the remaining references accordingly.

src/features/proportional-funding/utils/converters.ts (1)

10-16: LGTM! Good error handling practices.

The error handling is well-structured with clear error messages for different failure cases.

src/layout/pot/components/payout-manager.tsx (1)

3-3:

❓ Verification inconclusive

LGTM! Consistent renaming changes.

The renaming from ProportionalFundingPayoutManager to PFPayoutManager and hasProportionalFundingMechanism to hasPFMechanism is consistent with the broader changes.

Also applies to: 11-11, 17-18

---

🏁 Script executed:

#!/bin/bash
# Description: Verify that all references have been updated consistently.

# Search for any remaining occurrences of the old names
rg -i 'ProportionalFundingPayoutManager'
rg -i 'hasProportionalFundingMechanism'

Length of output: 80

---

LGTM – Renaming verified with minor manual check recommended.
The renaming from ProportionalFundingPayoutManager to PFPayoutManager and from hasProportionalFundingMechanism to hasPFMechanism appears consistent. A grep search for the old names in the codebase returned no matches, and the changes in the specified locations (lines 3, 11, and 17-18) align with the broader update.
Please verify manually if needed to ensure that no stray references remain.

src/pages/pot/[potId]/settings.tsx (1)

7-7: LGTM! Consistent renaming improves code readability.

The changes make the code more concise by shortening the component and variable names while maintaining their semantic meaning.

Also applies to: 13-13, 17-18

src/features/proportional-funding/components/configurator.tsx (1)

12-12: LGTM! Consistent renaming improves code readability.

The changes make the code more concise by shortening the type, component, and variable names while maintaining their semantic meaning.

Also applies to: 17-17, 22-22

src/entities/pot/hooks/forms.ts (1)

24-27: LGTM! Improved type safety with object parameters.

The changes enhance type safety by passing parameters as objects.

src/features/proportional-funding/components/actions.tsx (1)

18-73: LGTM! Well-structured component with comprehensive feedback.

The component effectively handles both link and button variants, providing clear user feedback through toast notifications.

src/common/ui/components/atoms/alert.tsx (2)

11-13: LGTM! Well-structured spinner styling integration.

The spinner styling rules are cleanly integrated alongside existing SVG rules, maintaining consistent positioning and spacing.

---

25-25: LGTM! Consistent styling for destructive variant.

The destructive variant styling is properly updated to include spinner text color, maintaining visual consistency.

src/features/pot-application/hooks/clearance.ts (1)

20-23: LGTM! Improved parameter naming.

The parameter rename from hasProportionalFundingMechanism to hasPFMechanism improves code readability while maintaining functionality.

src/entities/pot/hooks/lifecycle.ts (1)

15-17: LGTM! Consistent parameter renaming and improved labeling.

The changes maintain consistency with other files:

• Type and parameter renamed from hasProportionalFundingMechanism to hasPFMechanism
• Label text dynamically changes based on the mechanism type

Also applies to: 47-47

src/entities/pot/components/ChallengeResolveModal.tsx (1)

20-25: LGTM! Props type refactoring improves type safety.

The change from a simple Props type to ChallengeResolveModalProps extending ByPotId with a structured challenger object improves type safety and maintainability.

src/entities/pot/hooks/tags.ts (1)

14-14: LGTM! Variable renaming improves readability.

The change from hasProportionalFundingMechanism to hasPFMechanism makes the code more concise while maintaining clarity. The renaming is consistently applied across the component.

Also applies to: 57-57, 99-99

src/features/proportional-funding/components/payout-manager.tsx (1)

16-18: LGTM! Component renaming improves consistency.

The renaming from ProportionalFundingPayoutManager to PFPayoutManager aligns with the new naming convention while maintaining functionality.

Also applies to: 20-20

src/entities/pot/components/PotTimeline.tsx (1)

71-71: LGTM! Consistent prop renaming.

The renaming from hasProportionalFundingMechanism to hasPFMechanism is consistently applied across the component and its usage.

Also applies to: 78-78, 81-81

src/layout/pot/components/layout.tsx (1)

101-110: LGTM! Well-structured conditional rendering.

The new PFPayoutJustificationPublicationAction component is correctly integrated into the layout with appropriate conditional rendering based on the active tab.

src/entities/voting-round/hooks/results.ts (1)

24-24: LGTM! Consistent variable renaming.

The variable renaming from hasProportionalFundingMechanism to hasPFMechanism improves code readability while maintaining functionality.

Also applies to: 39-39, 75-75

src/layout/pot/hooks/tab-navigation.ts (1)

32-38: LGTM! Clean and consistent variable renaming.

The interface property and method signature updates maintain type safety while improving code readability. The tab visibility logic correctly uses the renamed variable.

Also applies to: 47-61, 67-89

src/entities/pot/components/PotPayoutChallenges.tsx (2)

25-29: LGTM! Improved account handling.

The new implementation elegantly handles both DAO representative and regular account scenarios, enhancing the flexibility of the component.

---

172-172: LGTM! Enhanced type safety.

The change to pass challenger as an object improves type safety and makes the prop structure more maintainable.

src/entities/voting-round/model/results.ts (1)

23-23: LGTM! Improved type organization.

The consolidation of related properties into VotingRoundElectionResult enhances code maintainability and type safety.

src/pages/pot/[potId]/payouts.tsx (1)

240-244: LGTM! Improved visual hierarchy.

The styling changes enhance readability by using neutral colors and proper text alignment.

src/common/ui/styles/theme.css (2)

111-120: Updated Spinner Class Styling.
The new .spinner class is well defined with appropriate dimensions, border properties, and a smooth rotation animation. The use of border-bottom-color: transparent; effectively creates the desired visual effect.

---

122-125: Dark Mode Spinner Styling Update.
The dark mode variant correctly adjusts the spinner's border color to white, ensuring adequate contrast in dark themes. The consistent application of design principles is maintained.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

src/app/api/pinata/get-auth-key/route.ts (2)

7-9: Enhance the documentation with more details.

While the link to Pinata's docs is helpful, consider adding more descriptive comments about:

• The purpose of this endpoint
• The structure of the response
• Any rate limiting considerations

 /**
+ * Generates a single-use Pinata API key with minimal permissions for pinning files to IPFS.
+ * 
+ * @returns {Promise<Object>} keyData - Contains the generated API key and token
+ * @throws {Error} When key creation fails
  * @link https://docs.pinata.cloud/frameworks/next-js-ipfs#create-api-route-2
  */

---

10-25:

❓ Verification inconclusive

Consider additional security measures.

While the implementation is secure with single-use keys and minimal permissions, consider these enhancements:

1. Filter sensitive information from the keyData response
2. Implement rate limiting to prevent abuse

Let's check if the keyData response contains sensitive information:

Also, verify if rate limiting middleware is available:

---

🏁 Script executed:

#!/bin/bash
# Description: Check Pinata's API documentation for keyData response structure

curl -s "https://docs.pinata.cloud/api-reference/endpoints/keys#response" | jq

Length of output: 143

---

🌐 Web query:

What rate limiting middleware is available for Next.js API routes?

💡 Result:

Next.js API routes can be effectively protected with several rate-limiting middleware solutions, each offering different approaches depending on your infrastructure needs:

---

1. express-rate-limit

A battle-tested Express middleware adapted for Next.js:

import rateLimit from 'express-rate-limit';

const apiLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100, // Limit per IP
  message: 'Too many requests',
});

export default function handler(req, res) {
  apiLimiter(req, res, () => {
    res.status(200).json({ data: 'Rate-limited route' });
  });
}

• Use Case: Simple setups needing basic IP-based throttling[4].
• Note: Requires manual IP configuration (e.g., req.ip or x-forwarded-for headers).

---

2. @upstash/ratelimit

Next.js-recommended solution for serverless/Vercel deployments:

import { Ratelimit } from '@upstash/ratelimit';
import { kv } from '@vercel/kv';

const rateLimit = new Ratelimit({
  redis: kv,
  limiter: Ratelimit.slidingWindow(5, '10 s'), // 5 req/10s
});

export default async function handler(req, res) {
  const { success } = await rateLimit.limit(req.ip);
  if (!success) return res.status(429).json('Too many requests');
  res.status(200).json({ message: 'Success' });
}

• Integration: Pairs with Vercel KV (Redis-like storage)[2][5].
• Edge Support: Works in Vercel Edge Middleware[9].

---

3. Redis Custom Implementation

For high-traffic apps needing granular control:

import Redis from 'ioredis';
const redis = new Redis();

export default async function handler(req, res) {
  const ip = req.headers['x-forwarded-for'];
  const key = `rate-limit:${ip}`;
  const current = await redis.incr(key);
  
  if (current > 5) return res.status(429).json('Blocked');
  if (current === 1) await redis.expire(key, 60); // Reset after 60s
  
  res.status(200).json({ message: 'Allowed' });
}

• Advantage: Scalable for distributed systems[3].

---

4. next-api-rate-limit

Hybrid solution combining LRU cache + Redis:

import { withRateLimit } from 'next-api-rate-limit';

const handler = (req, res) => res.status(200).json({ success: true });

export default withRateLimit(handler, {
  timeframe: 3600,
  requestsLimit: 100,
  provider: 'upstash', // or 'vercelKV'
});

• Optimization: Reduces Redis calls via local caching[3].

---

Comparison Table

Solution	Best For	Key Feature
express-rate-limit	Simple Node.js servers	Easy Express-like setup
@upstash/ratelimit	Vercel/serverless	Native Next.js integration
Custom Redis	High-traffic apps	Full control over logic
next-api-rate-limit	Cost-sensitive projects	Hybrid caching + Redis

---

For Vercel-hosted apps, combining @upstash/ratelimit with Edge Middleware offers the lowest latency[5]. Traditional Node.js deployments benefit from express-rate-limit, while large-scale systems should consider Redis-based implementations[2][7]. Always validate IP addresses to avoid misconfigured rate limits across shared IPs[7].

Citations:

• 1: https://dev.to/ethanleetech/4-best-rate-limiting-solutions-for-nextjs-apps-2024-3ljj
• 2: https://peerlist.io/blog/engineering/how-to-implement-rate-limiting-in-nextjs
• 3: https://github.com/woywro/next-api-rate-limit
• 4: https://dev.to/itselftools/implementing-rate-limiting-in-api-routes-with-express-and-nextjs-4ffl
• 5: https://www.youtube.com/watch?v=Zl7ExJuaJqw
• 6: https://blog.tericcabrel.com/protect-your-api-routes-in-next-js-with-middleware/
• 7: https://kittygiraudel.com/2022/05/16/rate-limit-nextjs-api-routes/
• 8: https://nextjs-rate-limit.vercel.app
• 9: https://reetesh.in/blog/rate-limiter-for-next.js-api-routes-explained
• 10: https://vercel.com/guides/add-rate-limiting-vercel

---

Security Enhancements Recommendation

• Sensitive Data Check: The current implementation returns the complete keyData from the Pinata API without filtering. Since our attempt to automatically verify the keyData structure via the documentation endpoint was inconclusive, please manually confirm that no sensitive fields (e.g., private keys or secrets) are being exposed. If any sensitive information is present, filter or transform the response accordingly.
• Rate Limiting: As an added safeguard, consider integrating rate limiting on this endpoint. For example, if deployed on Vercel or in a serverless environment, you might adopt solutions like @upstash/ratelimit. Alternatively, for traditional Node.js setups, express-rate-limit or a custom Redis-based implementation could be suitable.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c613a94 and 0140b9d.

📒 Files selected for processing (1)

• src/app/api/pinata/get-auth-key/route.ts (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Fleek - broad-haze-5260

🔇 Additional comments (1)

src/app/api/pinata/get-auth-key/route.ts (1)

1-5: LGTM! Imports and configuration are well-structured.

The imports are appropriate, and the dynamic = "force-dynamic" configuration ensures fresh API keys by disabling caching.