feat: add about, terms, and feedback pages#70
Conversation
|
Warning Review limit reached
More reviews will be available in 46 minutes and 59 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Repository: alphaonelabs/coderabbit/.coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (5)
WalkthroughThree new static HTML pages are added ( ChangesNew Pages, Feedback API, and Navigation Wiring
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 11
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@public/about.html`:
- Around line 11-13: The script tag loading from cdn.tailwindcss.com and the
link tag loading from cdnjs.cloudflare.com do not include integrity attributes
for Subresource Integrity (SRI) protection. Add the integrity attribute with the
appropriate SRI hash value to both the Tailwind CSS script tag and the Font
Awesome stylesheet link tag. You can generate the SRI hashes by computing the
base64-encoded SHA-384 hash of the respective files or by using an online SRI
hash generator tool with the CDN URLs.
- Around line 66-69: The decorative hero icons (fa-microscope, fa-robot,
fa-wrench, and fa-graduation-cap) are not hidden from screen readers, causing
assistive technology to announce non-informational visual elements. Add
aria-hidden="true" attribute to each of the four icon wrapper divs (or directly
to the i elements) to prevent screen readers from announcing this decorative
content, improving accessibility for users relying on assistive technology.
In `@public/feedback.html`:
- Line 149: The reset CTA button with onclick="resetForm()" is missing an
explicit type attribute, which could cause it to default to type="submit" if the
HTML structure changes, leading to accidental form submissions. Add the
`type="button"` attribute to the button element to explicitly define its
behavior and prevent any unintended form-submit behavior regardless of future
markup reorganization.
- Around line 168-208: The form labels for the Name, Email, and Feedback fields
are not programmatically associated with their corresponding input controls. Add
the for attribute to each label element to match the id attributes of their
associated form controls: add for="feedback-name" to the label preceding the
input with id="feedback-name", add for="feedback-email" to the label preceding
the input with id="feedback-email", and add for="feedback-description" to the
label preceding the textarea with id="feedback-description". This establishes
the proper programmatic relationship required for accessibility and screen
reader navigation.
In `@public/partials/navbar.html`:
- Around line 145-147: The anchor element with the "Status" link in the navbar
contains a placeholder href="#" that points to nowhere, creating a dead-end menu
item. Replace the href="#" with the actual route path where the Status page will
be located (for example, href="/status" or whatever the real endpoint is), or
alternatively, remove the entire anchor element and its containing list item if
the Status page does not exist yet and should not be exposed to users until it
is ready.
In `@public/terms.html`:
- Around line 386-392: In the IntersectionObserver callback, when toggling the
'active' class on tocLinks, also set the aria-current attribute for
accessibility. When a link receives the 'active' class (when
entry.isIntersecting is true), set aria-current="location" on that link. When
removing the 'active' class from other links via classList.toggle, also remove
the aria-current attribute by using removeAttribute. This ensures screen reader
users receive equivalent navigation context alongside the visual CSS indication.
- Line 90: The table of contents has a numbering inconsistency where the TOC
link with href="`#ip-rights`" and the corresponding section header jump from
subsection 6.2 directly to 6.4, skipping 6.3 entirely. Fix this by either adding
the missing subsection 6.3 between the 6.2 and 6.4 entries in both the TOC link
and the actual section header in the document, or by renumbering the 6.4
reference to 6.3 to maintain sequential numbering consistency throughout the
terms document.
In `@src/worker.py`:
- Around line 2723-2726: The try-except block around json.loads is catching
Exception which is too broad and masks internal errors as 400 responses. Replace
the generic Exception handler with a specific exception type for JSON parsing
failures (json.JSONDecodeError in Python 3.5+, or ValueError for compatibility).
This allows unexpected runtime errors to propagate through normal error handling
while still catching legitimate JSON parsing failures and returning the 400
status code appropriately.
- Around line 2756-2767: The bare except Exception pass statement in the Slack
webhook delivery block silently swallows all failures including non-2xx
responses, making operational issues unobservable. Replace the except Exception
pass with proper error logging that captures exception details. Additionally,
capture the response object returned from js.fetch(slack_url, options), check
its status property, and log a warning if the status indicates failure (not in
the 2xx range), including both the status code and response body in the log
message so Slack delivery issues are properly tracked and debuggable.
- Around line 2723-2729: After successfully parsing the JSON with json.loads in
the try block, add a validation check to ensure that the parsed body variable is
a dictionary before attempting to call the .get() method on it. If body is not a
dictionary (for example, if it's a list or string), return the same "Invalid
JSON" error with a 400 status code immediately. This prevents AttributeError
exceptions when .get("description") is called on non-dict objects, which would
otherwise result in an unhandled 500 error.
- Around line 2741-2748: The variables name, email, and description are being
directly interpolated into the HTML email template without escaping, creating an
XSS vulnerability where users could inject malicious HTML or scripts. Import
html.escape from the standard library and apply it to each of these three
variables (name, email, description) before they are interpolated into the
f-string to properly sanitize user-supplied input and prevent HTML injection
attacks.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: alphaonelabs/coderabbit/.coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 7aa767a7-80d4-483c-bf16-5a65d728ba3e
📒 Files selected for processing (6)
public/about.htmlpublic/feedback.htmlpublic/partials/footer.htmlpublic/partials/navbar.htmlpublic/terms.htmlsrc/worker.py
Implements the About, Terms, and Feedback pages for Alpha One Labs and wires them into the site navigation.
About Page
Terms Page
Feedback Page
Backend
Added:
POST /api/feedbackFeatures:
Mailgun email notifications
Optional Slack notifications
Environment variable support for:
ADMIN_EMAILSLACK_WEBHOOK_URLNavigation Updates
Updated navbar and footer links to point to:
/about.html/terms.html/feedback.htmlTesting
Verified:
Screencast.from.2026-06-21.11-49-39.mp4
Overview
This PR introduces three new public-facing pages (About, Terms, and Feedback) to the Alpha One Labs website, along with a corresponding backend API endpoint to handle feedback submissions. Navigation components have been updated to link to these new pages.
Frontend Changes
New Pages:
public/about.html): A 340-line responsive page featuring an organization timeline (2009–2025), platform statistics via stat cards, mission statement, three core values cards, and call-to-action sections linking to the dashboard and teaching platform.public/terms.html): A 400-line comprehensive terms and privacy policy document with a sticky table-of-contents sidebar. Includes scroll-based IntersectionObserver to highlight active sections as users navigate, with anchor links to subsections including privacy, refunds, and platform policies.public/feedback.html): A 315-line user feedback form with optional name and email fields, a required feedback textarea (max 5000 characters), live character counter, and client-side validation. Features a success state with ability to reset and submit additional feedback. Includes a sidebar with community links (Slack, GitHub, Twitter/X).Navigation Updates:
public/partials/navbar.html: Updated the ABOUT dropdown menu to link "Our Mission" and "Terms" to their respective dedicated pages.public/partials/footer.html: Updated footer links to point to/about.html,/terms.html,/terms.html#privacy, and/feedback.html, replacing placeholder links.Styling & Functionality:
Backend Changes
New API Endpoint (
src/worker.py):POST /api/feedbackendpoint that:name(optional),email(optional), anddescription(required, max 5000 characters)ADMIN_EMAILorEMAIL_FROMenv variable)SLACK_WEBHOOK_URLis configuredImpact